Difference between revisions of "Dovecot-extras"

From SME Server
Jump to navigationJump to search
 
(17 intermediate revisions by 5 users not shown)
Line 1: Line 1:
{{Languages|minilist}}
+
{{Warning box|will be deprecated for SME11, as moved to smeserver-dovecot in core}}{{Languages}}
  
 
== dovecot-extras for SME Server ==
 
== dovecot-extras for SME Server ==
Line 6: Line 6:
 
=== Maintainer ===
 
=== Maintainer ===
 
[mailto:daniel@firewall-services.com[[User:VIP-ire|Daniel B.]]] from [http://www.firewall-services.com Firewall Services]
 
[mailto:daniel@firewall-services.com[[User:VIP-ire|Daniel B.]]] from [http://www.firewall-services.com Firewall Services]
 +
{{ #smeversion: smeserver-dovecot-extras }}
  
 
=== Description ===
 
=== Description ===
Line 14: Line 15:
  
 
=== Requirements ===
 
=== Requirements ===
You need the [[Fws|firewall-services]] repo to install this contribs
+
Only available for sme9
  
=== Installation 9.x Only===
+
===Installation===
This contrib is currently held in the fws repository, so the following commands will install on your smeserver.
+
<tabs container><tab name="For SME 10">
 
+
yum install --enablerepo=smecontribs smeserver-dovecot-extras
  yum install --enablerepo=fws smeserver-dovecot-extras
+
</tab><tab name="For SME 9">
 +
  yum install --enablerepo=smecontribs smeserver-dovecot-extras
  
 
You will then need to activate the database changes etc.
 
You will then need to activate the database changes etc.
Line 29: Line 31:
  
 
  signal-event email-update
 
  signal-event email-update
 +
</tab>
 +
</tabs>
  
 
=== Configuration ===
 
=== Configuration ===
Line 39: Line 43:
 
     access=private
 
     access=private
 
     status=enabled
 
     status=enabled
for example
+
for example if you want a SSL protected port
  config setprop sieve TCPORT 5190
+
  config setprop sieve TCPPort 5190
 
  signal-event email-update
 
  signal-event email-update
  
Line 46: Line 50:
 
you can change the IP listening (default localhost)
 
you can change the IP listening (default localhost)
 
  config setprop sieve Listen xxx.xxx.xxx.xxx
 
  config setprop sieve Listen xxx.xxx.xxx.xxx
 +
or
 +
config setprop sieve Listen "xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy localhost"
 +
 
  signal-event email-update
 
  signal-event email-update
 +
 +
====Dovecot====
 +
Additional DB keys to configure dovecot (based on the original documentation [https://wikit.firewall-services.com/doku.php/smedev/dovecot here]):
 +
 +
* '''AdminIsMaster'''  (enabled|disabled, default is disabled): if enabled, the admin user will be a [http://wiki2.dovecot.org/Authentication/MasterUsers master user], and will be able to login as any user. To do so use ''user1'''*'''admin''  as login and the admin password to log in as user1. If you are using the [[Sogo]] groupware contrib this property has to be enabled.
 +
 +
* '''FullTextIndexing'''  (enabled|disabled, default is disabled): will turn on or off the full text indexing. When this option is enabled, a first search in an IMAP folder will trigger indexation. Next searches will be much faster. Read [http://wiki2.dovecot.org/Plugins/FTS/Squat this page] before enabling this option
 +
 +
* '''LogActions'''  (enabled|disabled, default is disabled): will turn on or off extra logging (flag change, move, copy etc…). **!! Warning !!**: enabling this can generate a huge amount of logs
 +
 +
* '''Quotas'''  (enabled|disabled, default is enabled): will report the actual used space and the remaining one if the user has a quota limit
 +
 +
* '''SharedMailbox'''  (enabled|disabled, default is disabled): will turn on or off shared mailbox and IMAP ACL support
 +
 +
After you've configured the prop like you want, for example by
 +
 +
config setprop dovecot AdminIsMaster enabled
 +
 +
run
 +
signal-event email-update
 +
to activate the changes to the configuration database.
  
 
* Sieve and dovecot-lda
 
* Sieve and dovecot-lda
Line 56: Line 84:
  
 
This will let qmail handle mail delivery for this user.
 
This will let qmail handle mail delivery for this user.
 +
 +
* Sieve and existing procmail / maildrop rules
 +
 +
If [[Mailsorting|smeserver-mailsorting]] is installed in addition to this contrib, filter rules defined in a user's ~/.procmailrc or ~/.mailfilter file are applied prior to the mail getting passed to dovecot-lda and Sieve.
  
 
====Shared Mailboxes====
 
====Shared Mailboxes====
  
ShareMailbox is an important feature.
+
SharedMailbox is an important feature.
  
 
To enable it:
 
To enable it:
Line 73: Line 105:
 
This special group is empty (no member), so this has limited impact on the security of the server. Just be sure to never add any user in this group. (It's a system group, and won't appear in the server-manager, so you cannot add members easily).
 
This special group is empty (no member), so this has limited impact on the security of the server. Just be sure to never add any user in this group. (It's a system group, and won't appear in the server-manager, so you cannot add members easily).
  
When a user access its mailbox through the IMAP server, dovecot spawn a new process with the standard user privileges, plus the sharedmailbox group. So basically a user is member of this special group only through dovecot. This configuration allows shared mailbox at the filesystem level. Effective permissions between differents users are enforced by IMAP ACL extension. You need a client which support this (tested with SOGo and Thunderbird using this extension ).
+
When a user access its mailbox through the IMAP server, dovecot spawn a new process with the standard user privileges, plus the sharedmailbox group. So basically a user is member of this special group only through dovecot. This configuration allows shared mailbox at the filesystem level. Effective permissions between differents users are enforced by IMAP ACL extension. You need a client which support this (tested with SOGo and Thunderbird using [https://addons.mozilla.org/fr/thunderbird/addon/imap-acl-extension/ this extension] ).
  
 
Once enabled, you can grant different access level (read, post, delete, change flags, create sub folders etc.) to other users, or group of users on your IMAP folders.
 
Once enabled, you can grant different access level (read, post, delete, change flags, create sub folders etc.) to other users, or group of users on your IMAP folders.
 +
 +
=== Backup and Restore ===
 +
The standard backup process should backup all your shared emails. If you have to restore the data to another server, you'll have to re-install the contrib. Once everything is restored, you'll have to turn off then back on the SharedMailbox feature, because permissions on shared emails uses extended ACL which are not backed up with most tools:
 +
db configuration setprop dovecot SharedMailbox disabled; signal-event email-update
 +
db configuration setprop dovecot SharedMailbox enabled; signal-event email-update
  
 
=== Uninstall ===
 
=== Uninstall ===
Line 81: Line 118:
 
  signal-event post-upgrade;  signal-event reboot
 
  signal-event post-upgrade;  signal-event reboot
 
=== Bugs ===
 
=== Bugs ===
Sources for this contribs can be found in Firewall Service's repository [http://gitweb.firewall-services.com/?p=smeserver-dovecot-extras;a=summary]
+
Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla]
 +
and select the smeserver-php-scl component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-dovecot-extras|title=this link}}.
 +
{{#bugzilla:columns=id,product,version,status,summary |sort=id|order=desc |component=smeserver-dovecot-extras|noresultsmessage="No open bugs found."}}
 
[[Category: Contrib]]
 
[[Category: Contrib]]

Latest revision as of 04:54, 12 September 2024

Warning.png Warning:
will be deprecated for SME11, as moved to smeserver-dovecot in core



dovecot-extras for SME Server

PythonIcon.png Skill level: easy
The instructions on this page can be followed by a beginner.


Maintainer

Daniel B. from Firewall Services

Contrib 10:
Contrib 9:
smeserver-dovecot-extras
The latest version of smeserver-dovecot-extras is available in the SME repository, click on the version number(s) for more information.


Description

dovecot-extras is a contrib to bring 'sieve' support and IMAP acl (sharedmailbox) to dovecot, the imap server

  • Shared Mailboxes and IMAP ACL: this feature enables sharing of mail folders between users using IMAP ACL. See http://wiki2.dovecot.org/ACL and http://wiki2.dovecot.org/SharedMailboxes
  • Sieve scripts and manage sieve daemon: this feature adds sieve scripts support. Sieve is a script language for server side mail processing when mails arrive in your mailbox. With this, you can create filters, reject mails with a custom message, configure a vacation message, forward some mails etc…. These features are often also available on mail clients (Outlook, Thunderbird, Evolution etc…) but the advantage of using sieve is that everything is processed on server side, as soon as the mail arrive in your INBOX, which means everything will work even if your client is not running. See http://wiki2.dovecot.org/Pigeonhole

Requirements

Only available for sme9

Installation

yum install --enablerepo=smecontribs smeserver-dovecot-extras
yum install --enablerepo=smecontribs smeserver-dovecot-extras

You will then need to activate the database changes etc. The 'official' way is to perform

signal-event post-upgrade;  signal-event reboot

or if you do not want to restart your computer

signal-event email-update

Configuration

Sieve

There is no panel in the server-manager, You have to use the db command

[root@sme9 ~]# config show sieve 
 sieve=service
   TCPPort=4190
   access=private
   status=enabled

for example if you want a SSL protected port

config setprop sieve TCPPort 5190
signal-event email-update
  • IP listening

you can change the IP listening (default localhost)

config setprop sieve Listen xxx.xxx.xxx.xxx

or

config setprop sieve Listen "xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy localhost"
signal-event email-update

Dovecot

Additional DB keys to configure dovecot (based on the original documentation here):

  • AdminIsMaster (enabled|disabled, default is disabled): if enabled, the admin user will be a master user, and will be able to login as any user. To do so use user1*admin as login and the admin password to log in as user1. If you are using the Sogo groupware contrib this property has to be enabled.
  • FullTextIndexing (enabled|disabled, default is disabled): will turn on or off the full text indexing. When this option is enabled, a first search in an IMAP folder will trigger indexation. Next searches will be much faster. Read this page before enabling this option
  • LogActions (enabled|disabled, default is disabled): will turn on or off extra logging (flag change, move, copy etc…). **!! Warning !!**: enabling this can generate a huge amount of logs
  • Quotas (enabled|disabled, default is enabled): will report the actual used space and the remaining one if the user has a quota limit
  • SharedMailbox (enabled|disabled, default is disabled): will turn on or off shared mailbox and IMAP ACL support

After you've configured the prop like you want, for example by

config setprop dovecot AdminIsMaster enabled

run

signal-event email-update

to activate the changes to the configuration database.

  • Sieve and dovecot-lda

When Sieve is enabled, dovecot-lda is used to deliver mail in mailboxes (so it can apply sieve scripts) instead of qmail. Dovecot-lda is more ressources intensives than qmail, so you may have performance penalty when users receive a lot of mails (for example, when you use the Bcc qpsmtpd's plugin to copy every mail in one mailbox). You can selectivly disable dovecot-lda for some users, for example, to disable dovecot-lda for user maillog:

db accounts setprop maillog Sieve disabled
signal-event email-update

This will let qmail handle mail delivery for this user.

  • Sieve and existing procmail / maildrop rules

If smeserver-mailsorting is installed in addition to this contrib, filter rules defined in a user's ~/.procmailrc or ~/.mailfilter file are applied prior to the mail getting passed to dovecot-lda and Sieve.

Shared Mailboxes

SharedMailbox is an important feature.

To enable it:

db configuration setprop dovecot SharedMailbox enabled
signal-event email-update

When this feature is enabled, a special group named sharedmailbox (automatically created during install) will have:

  • x permission on each user home (/home/e-smith/files/users/username) in order to access the Maildir folder (but it won't have any permission to read something else, like the home sub-folder)
  • Full read / write access to the Maildir for everyone

This special group is empty (no member), so this has limited impact on the security of the server. Just be sure to never add any user in this group. (It's a system group, and won't appear in the server-manager, so you cannot add members easily).

When a user access its mailbox through the IMAP server, dovecot spawn a new process with the standard user privileges, plus the sharedmailbox group. So basically a user is member of this special group only through dovecot. This configuration allows shared mailbox at the filesystem level. Effective permissions between differents users are enforced by IMAP ACL extension. You need a client which support this (tested with SOGo and Thunderbird using this extension ).

Once enabled, you can grant different access level (read, post, delete, change flags, create sub folders etc.) to other users, or group of users on your IMAP folders.

Backup and Restore

The standard backup process should backup all your shared emails. If you have to restore the data to another server, you'll have to re-install the contrib. Once everything is restored, you'll have to turn off then back on the SharedMailbox feature, because permissions on shared emails uses extended ACL which are not backed up with most tools:

db configuration setprop dovecot SharedMailbox disabled; signal-event email-update
db configuration setprop dovecot SharedMailbox enabled; signal-event email-update

Uninstall

yum remove smeserver-dovecot-extras
signal-event post-upgrade;  signal-event reboot

Bugs

Please raise bugs under the SME-Contribs section in bugzilla and select the smeserver-php-scl component or use this link .

"No open bugs found."