summaryrefslogtreecommitdiffstats
path: root/doc/wiki/SharedMailboxes.Public.txt
blob: e958f193ac0543f8ddad63a6a781470820e8e45c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
Contents


 1. Public Mailboxes

     1. Per-user \Seen flag (v2.2+)

     2. Maildir: Per-user \Seen flag

         1. Maildir: Keyword sharing

     3. Subscriptions

     4. Read-only mailboxes

         1. Read-only mboxes

         2. Read-only Maildirs

     5. Example: Public mailboxes with ACLs

Public Mailboxes
================

Public mailboxes are typically mailboxes that are visible to all users or to
large user groups. They are created by defining a public namespace, under which
all the shared mailboxes are. See <SharedMailboxes.Permissions.txt> for issues
related to filesystem permissions. See <Namespaces.txt> for details of how
namespaces are configured.

For example to create a public Maildir mailboxes, use:

---%<-------------------------------------------------------------------------
# User's private mail location
mail_location = maildir:~/Maildir

# When creating any namespaces, you must also have a private namespace:
namespace {
  type = private
  separator = /
  prefix =
  #location defaults to mail_location.
  inbox = yes
}

namespace {
  type = public
  separator = /
  prefix = Public/
  location = maildir:/var/mail/public
  subscriptions = no
}
---%<-------------------------------------------------------------------------

In the above example, you would then create Maildir mailboxes under the
'/var/mail/public/' directory. For example:

---%<-------------------------------------------------------------------------
# ls -la /var/mail/public/
drwxr-s--- 1 root mail 0 2007-03-19 03:12 .
drwxrws--- 1 root mail 0 2007-03-19 03:12 .lkml
drwxrws--- 1 root mail 0 2007-03-19 03:12 .bugtraq
-rw-rw---- 1 root mail 0 2007-03-19 03:12 dovecot-shared
---%<-------------------------------------------------------------------------

Note that there are no 'cur/', 'new/' or 'tmp/' directories directly under the
'/var/mail/public/', because the Public/ namespace isn't a mailbox itself. (If
you create them manually, it does become a selectable mailbox. )

The 'dovecot-shared' file isn't directly used for either lkml or bugtraq
mailboxes, but if you create a new public mailbox via Dovecot it's
automatically copied there.

Note that Dovecot uses Maildir++ layout by default for folders, where the
folder names must begin with a "." or Dovecot will ignore them. You can also
optionally use the <"fs" layout> [MailboxFormat.Maildir.txt] if you want the
directory structure to look like:

 * '/var/mail/public/' (root dir)
 * '/var/mail/public/info/' (maildir folder)
 * '/var/mail/public/company/' (maildir folder)

Per-user \Seen flag (v2.2+)
---------------------------

Since v2.2 the recommended way to enable private flags for shared mailboxes is
to create private indexes with :INDEXPVT=<path>. This creates
dovecot.index.pvt[.log] files, which contain only the message UIDs and the
private flags. Currently the list of private flags is hardcoded only to the
\Seen flag.

Example:

---%<-------------------------------------------------------------------------
namespace {
  type = public
  separator = /
  prefix = Public/
  location = maildir:/var/mail/public:INDEXPVT=~/Maildir/public
  subscriptions = no
}
---%<-------------------------------------------------------------------------

Maildir: Per-user \Seen flag
----------------------------

(With v2.2+ you should instead use the INDEXPVT as described above.)

With Maildir a 'dovecot-shared' file controls if the \Seen flags are shared or
private. The file must be created separately inside each Maildir, although if
the file already exists in the Maildir root it's automatically copied for newly
created mailboxes. If 'dovecot-shared' file doesn't exist in Maildir, the \Seen
flags are shared. If it exists, the \Seen flag state is stored only in the
user's index files. By making each user have their own private index files, you
can make the \Seen flag private for the users. For example:

---%<-------------------------------------------------------------------------
namespace {
  type = public
  separator = /
  prefix = Public/
  location = maildir:/var/mail/public:INDEX=~/Maildir/public
  subscriptions = no
}
---%<-------------------------------------------------------------------------

Now when accessing e.g. "Public/lkml" mailbox, Dovecot keeps its index files in
'~/Maildir/public/.lkml/' directory. If it ever gets deleted, the \Seen flags
are lost.

If you want to change what flags are shared when 'dovecot-shared' file exists,
currently you'll have to modify the source
code:'src/lib-storage/index/maildir/maildir-storage.c' maildir_open() has
'mbox->ibox.box.private_flags_mask = MAIL_SEEN;' Change the 'MAIL_SEEN' to any
flag combination you want. See 'src/lib-mail/mail-types.h' for list of valid
flags.

Maildir: Keyword sharing
------------------------

Make sure you don't try to use per-user CONTROL directory. Otherwise
'dovecot-keywords' file doesn't get shared and keyword mapping breaks.

Subscriptions
-------------

Typically you want each user to have control over their own subscriptions for
mailboxes in public namespaces. This is why you should set 'subscriptions=no'
to the namespace. Dovecot will then use the parent namespace's subscriptions
file. Note that this practically means you must have a namespace with empty
prefix, otherwise there is no "parent namespace".

Read-only mailboxes
-------------------

Read-only mboxes
----------------

If you have a read-only directory structure containing mbox files, you'll need
to store index files elsewhere:

---%<-------------------------------------------------------------------------
namespace {
  type = public
  prefix = Public/
  location = mbox:/var/mail/public/:INDEX=/var/indexes/public
  subscriptions = no
}
---%<-------------------------------------------------------------------------

In the above example all the users would still be sharing the index files, so
you might have problems with filesystem permissions. Alternatively you could
place the index files under user's home directory.

Read-only Maildirs
------------------

If your Maildir is read-only, the control and index files still need to be
created somewhere. You can specify the path for these by appending
':CONTROL=<path>:INDEX=<path>' to mail location. The path may point to a
directory that is shared among all users, or to a per-user path. Note that if
the Maildir has any keywords, the per-user control directory breaks the
keywords since there is no 'dovecot-keywords' file.

When configuring multiple namespaces, the CONTROL/INDEX path must be different
for each namespace. Otherwise if namespaces have identically named mailboxes
their control/index directories will conflict and cause all kinds of problems.

If you put the control files to a per-user directory, you must also put the
index files to a per-user directory, otherwise you'll get errors. It is however
possible to use shared control files but per-user index files, assuming you've
set up permissions properly.

---%<-------------------------------------------------------------------------
namespace {
  type = public
  separator = /
  prefix = Public/
  location =
maildir:/var/mail/public:CONTROL=~/Maildir/public:INDEX=~/Maildir/public
  subscriptions = no
}
namespace {
  type = public
  separator = /
  prefix = Team/
  location = maildir:/var/mail/team:CONTROL=~/Maildir/team:INDEX=~/Maildir/team
  subscriptions = no
}
---%<-------------------------------------------------------------------------

Example: Public mailboxes with ACLs
-----------------------------------

See <ACL.txt> for more information about ACLs.

---%<-------------------------------------------------------------------------
namespace {
  type = public
  separator = .
  prefix = public.
  location = maildir:/var/mail/public
  subscriptions = no
  list = children
}

plugin {
  acl = vfile
}
---%<-------------------------------------------------------------------------

It's important that the namespace type is "public" regardless of whether you
set the namespace prefix to "shared." or something else.

After this you have to place 'dovecot-acl' files in every mailbox/folder below
'/var/mail/public' with rights for that folder (e.g. 'user=someone lr').

'acl_shared_dict' setting is not relevant for public mailboxes (only for
shared).

(This file was created from the wiki on 2019-06-19 12:42)