Error on Sogo when accessing parent of shared mailboxes

No you can’t, since “Public” is like a namespace and it doesn’t contain real mail.
Even TB raises an error if you select the “Public”.

IIMHO, I don’t see this a bug.

They have no acls and just work but this is not possible for the root folder “Public”.
By default the Public folder has lookup right for authenticated users. If you add the “read” right, there’s no error anymore in SOGo.

doveadm acl set -u markus@cmb.local Public authenticated lookup read

That’s right. In TB it’s not working even when you set all rights for Public. As you wrote, it seems TB expects a mailbox and not a namespace. But at least for SOGo it could be fixed.

I wouldn’t change the server behavior for a client misbehavior :slight_smile:

Please imagine somebody we in Germany call a DAU. DAU means “Dümmster anzunehmender User” or in English “Presumably most stupid user”. …

Please consider the fact that most of my users do not even understand the difference between server and client. For them, SOGo is not a client provided by a sever, it is service they use … OK and a ‘service’ has got something to do with server. Consequently, SOGo is a server … Oh… and my Admin is responsible for the server … He needs to take care of “that I do not even see an error or he has done bad job I need to complain about with my boss …”

In short words: Form nethservers users (and some admin) point of view, this is a servers misbehavior :slight_smile:

1 Like

Well, I think it is a bit of both or at least a mismatch between dovecot and SOGo.

Looking at this thread and similar problems @redmail and @mailcow the root cause seems we have to configure SOGo to find the incoming-mail in the root of a user folder. As a consequence SOGo does this for namespaces too, it still expects - wrongly - items in the root of namespace.

Will try to find out if this is true…

Unfortunately did not find a solution. EDIT other than @mrmarkuz found (see below)


doveadm acl set -A Public authenticated lookup read

does solve the SOGo error.

SOGo expects “read” right and dovecot doesn’t provide it so it’s really hard to say if it’s server or client misbehavior. For TB it’s definitely a clients misbehavior.

But changing rights on the server may affect other clients. Maybe another client uses the “read” right for making folders visible which may not be wanted.

1 Like

You mean that the same error would be eliminated within Thunderbird, too? Cool! :innocent::nerd_face:

1 Like

Users NOT assigned to this shared Mailbox Do see the “Shared Mailbox Parent folder” as well as the the “shared foldests” itself, however such users can not access any of them.

To recap: some clients misbehave when trying to access the “Public” namespace and raise an error like “Mailbox doesn’t exists Public/Public” (on TB).

A possible solution from @mrmarkuz is to set the following acl:

doveadm acl set -A Public authenticated lookup read

I don’t know if such modification can break something else.
Calling the experts now: @davidep @filippo_carletti do you think this is a good workaround?

1 Like

Hi @giacomo,

here is the error message from TB, sorry for german.


Translation (approximately):
The current step “Public” failed. The server of account “thorsten@…” responded: [NOPERM]: Permission denied.


I used the above command to add the read acl but thunderbird still shows the warning message.

It works for sogo but doesn’t work for TB. :disappointed:

So the behavior truly depends on on the client implementation.
I would not change anything on the server.

1 Like

Again: I do have a different opinion. All clients do show the error, consequently it is something about the server. Additionally it is not a problem of SoGo as an Web-based IMAP client. Derived from this it is a config problem on dovecot. Dovecot needs to be considered as the root cause as other clients (TB, SoGo) collect data from there. I consider Dovecot as an integral part / installatin of Nethserver mail module. In case the change is easy - why not go for it?

TIA for considering.

Don’t know if it helps but you can try the IMAP-ACL-Extansion for Thunderbird.
How to use it you can see at the following link (Sorry for the others, it’s only German):

and the extension:

PS: If it works, we could try to translate the howto to English.

The change is not easy since it will affect all existing installations and we don’t know how all clients will behave with it (Outlook, Evolution, Apple mail, etc.).

Since it’s related to SOGo, my advise is to document the command inside the SOGo manual page.

1 Like


seems to be straigth forward within thunderbird, however I do not have access to alter ACLs. Do you by change know which (dovecot) account I need to set up within thunderbird to take over rights to edit ACLs?


I think root, but I don’t know.

What do you think?

I’d try it with root too. You are able to set rights for a specific user with doveadm.

1 Like

Did someone we ever try out to alter Dovecot ACL? Besides the fact I am not experienced on that - I would like to try - can somebody tell me what to do?