No access to moved Public Mailbox

SimonSlaytor · May 6, 2025, 9:08am

NethServer Version: 8
Module: MAIL

Hi Folks,

Long time Neth user who recently moved to 8, new install/mail migration.

I have a number of ‘Public’ mailboxes setup that are shared between my users. Unfortunately one of my users in Thunderbird dragged one of the public mailbox folders into another mailboxes folder i.e.:

Layout used to be:
→ Public/Family
→ Public/Pets

New layout:
→ Public/Family/Pets

Unfortunately simply dragging the ‘Pets’ folder back to the ‘Public’ root folder in Thunderbird doesn’t work.

I thought I’d restore or worst case delete the folder using the web gui, nope the Pets folder public mailbox is no longer listed.

Previously I’d logon to the Neth server and use doveadm to find and remove the folder but in this brave new container world I’m not sure how to do this anymore.

Please help!

mrmarkuz · May 6, 2025, 10:12am

To run doveadm in the container you could use following one liner:

runagent -m mail1 podman exec -ti dovecot doveadm

or enter the dovecot container…

runagent -m mail1 podman exec -ti dovecot sh

…and run doveadm there:

/var/lib/vmail # doveadm

SimonSlaytor · May 6, 2025, 10:36am

PERFECT! Thank you!

I’d been beavering away and had discovered podman, then come up with the following to delete my errant folder:

sudo -u mail1 podman exec -ti dovecot doveadmin delete …

Is there a reason to use ‘runagent’ over ’ sudo -u’

Many thanks for the prompt reply, very much appreciated.

mrmarkuz · May 6, 2025, 10:44am

Yes, it cares about right environment and additional options, see also ns8-core/core/imageroot/usr/local/bin/runagent at fb962ea09159577273ebf2cbd412193c933f844a · NethServer/ns8-core · GitHub or Rootless vs Rootfull | NS8 dev manual

I found that ssh or sudo are not working in any case.

SimonSlaytor · May 6, 2025, 12:19pm

Many thanks, the sudo did work for me although I had to go through some additional steps to fully resolve my issue, I’m guessing ‘runagent’ would have perhaps prevented the need for these.

Step1 - doveadmin delete of ‘Family/Pets’
Step2 - doveadmin create of ‘Pets’
Step3 - Pets now visible via GUI, delete it
Step4- re-create Pets using the GUI

I found if I didn’t do step 2 and tried to jump to re-creating the mailbox I received and error from the GUI.

I’m going to build a test box so I can safely play with runagent.

Again thank you for your help.

SimonSlaytor · August 18, 2025, 9:34am

OLD Thread reboot, sorry!

So my family can’t be trusted and have repeated the ‘move’.

@mrmarkuz as you suggest I’m now trying to use:

runagent -m mail1 podman exec -ti devoecot sh

However both this and my previous sudo -u approach now return:

Error: crun: setns(pid=1781, CLONE_NEWUSER): Operation not permitted: OCI permission denied

A quick Google doesn’t really shed any light, for me at least, any pointers on how to get past this error?

mrmarkuz · August 18, 2025, 12:12pm

Running following command as root should enter the dovecot container:

[root@node ~]# runagent -m mail1 podman exec -ti dovecot sh
/var/lib/vmail #

SimonSlaytor · August 18, 2025, 12:27pm

Thanks, running as root or a mail1 gives the same error sadly.

mrmarkuz · August 18, 2025, 12:40pm

Please check if the mail containers like dovecot are running:

runagent -m mail1 podman ps

Does it help to restart dovecot?

runagent -m mail1 systemctl --user restart dovecot

SimonSlaytor · August 19, 2025, 7:48am

Apologies for the delay:

root@mail:~# runagent -m mail1 podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d4bf6d359b67 Package mail-dovecot · GitHub 22 hours ago Up 22 hours ago dovecot
38c1866b0c19 Package mail-clamav · GitHub 22 hours ago Up 22 hours ago clamav
4a469c23db18 Package mail-postfix · GitHub 22 hours ago Up 22 hours ago postfix
d593e589fe9e Package mail-rspamd · GitHub 22 hours ago Up 22 hours ago rspamd

root@mail:~# runagent -m mail1 systemctl --user restart dovecot
root@mail:~#

Now for something odd, running

runagent -m mail1 podman exec -ti dovecot sh

Gets me:

/var/lib/vmail

Hurrah!

Not sure why this is now working, perhaps the restart, although I did restart the entire server several times.

In answer to my original problem the simple solution is to change to the following directory:

/home/mail1/.local/share/containers/storage/volumes/dovecot-data/_data/vmail/Maildir

Here you will see a directory structure representing the ‘Public’ IMAP folders e.g.

.Accounts
.Orders
.Invoices

Where Account / Orders / Invoices are the root public mailboxes.

When my ‘family’ moves a folder in their IMAP client, say Orders → Accounts the folder structure becomes:

.Accounts.Orders

To rectify simply move things back:

mv .Accounts.Orders .Orders

Thanks again for your assistance, very much appreciated.

mrmarkuz · August 19, 2025, 7:52am

Maybe it helps to set the permissions of the public mailboxes to “read & write” instead of “full control”, so the users are not allowed to move the folder.

SimonSlaytor · August 19, 2025, 8:38am

That would make sense, sadly things are never that simple. What we actually have is a number of ‘Sub’ IMAP folders e.g.

Pets/Dog
Pets/Cat
Pets/Goldfish
…

So pets@… arrives in the root folder, my wife then ‘moves’ completed/replied etc e-mails from the root folder into various sub folders, this simple action requires ‘Full Control’ to complete.