Re: [exim] Exim and delivery to Cyrus IMAP shared folder

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Charles Dand
CC: exim-users
Subject: Re: [exim] Exim and delivery to Cyrus IMAP shared folder
On 2009-10-01 at 13:07 +0100, Charles Dand wrote:
> I've been looking at delivery of incoming emails directly to a Cyrus
> IMAP shared folder. Quite simply I'd like to know if this is possible?


Yes. I do it.

> I have a shared folder on Cyrus like this
> share/pfstaff


And if you use an admin principal to authenticate to IMAP and use
GETACL, you can confirm that "anyone" has "p" permission? Ideally also
on the "share/" hierarchy, so that it's also inherited by newly created
folders?

a5>> GETACL "spodhuis"
>>> a5 GETACL "spodhuis"

<<< * ACL spodhuis anyone p [...censored...] <<< a5 OK Completed

> Currently Exim will deliver directly to the user mailboxes using the
> following router and transport
>
> cyrus_vdom: driver = accept domains = +cyrus_domains transport =
> cyrus_ltcp no_more ... cyrus_ltcp: driver = smtp protocol = lmtp
> hosts = 127.0.0.1 allow_localhost
>
> in /etc/cyrus.conf I have the following.  lmtp          cmd="lmtpd -a"
> listen="lmtp" prefork=0 thus I know that Exim is delivering to Cyrus
> via unauthenticated LMTP.


FWIW, I like to have my mail-client show the length of an email, so I
also have on the transport: headers_remove = "lines" headers_add =
"Lines: $body_linecount"

If you also add "rcpt_include_affixes" then you can use sub-addressing
filters in your Cyrus sieve filters.

> If an email is sent to pfstaff I get and error reporting "550-Mailbox
> unknown. Either there is no mailbox associated with this\n550-name or
> you do not have authorization to see it.\n550 5.1.1 User unknown"
>
> I've tried different combinations in /etc/mail/aliases of
> "share.pfstaff", "pfstaff.share" "share+pfstaff" to no avail. Still the
> same "550 5.1.1 User unknown"
>
> I'd like to know if it is possible for Exim to deliver directly to the
> mailbox share/pfstaff? and if so can someone suggest how this is
> achieved? There are a number of discussions about this but I can't tell
> from them if the final result I'm looking for has ever been achieved.


Look in your imapd.conf for a definition of "postuser"; the
imapd.conf(5) documentation notes:
----------------------------8< cut here >8------------------------------
  postuser: <empty string>
      Userid  used  to deliver messages to shared folders.  For example,
      if set to "bb", email sent to "bb+shared.blah" would be  delivered
      to  the  "shared.blah"  folder.   By  default, an email address of
      "+shared.blah" would be used.
----------------------------8< cut here >8------------------------------


So if you're not setting "postuser" in imapd.conf, and since you appear
to have set unixhierarchysep true, then you want an Exim redirect router
which redirects to: +share/pfstaff

To avoid accepting email for all addresses, you'll want some way to
verify the address, either with an LMTP callout or some other way.
Myself, the exim runtime user is in the "cyrus" group and so can see the
folder hierarchy and I use require_files to check.

----------------------------8< cut here >8------------------------------
imap_shared_folder_map:
  driver                = redirect
  domains               = +imap_core_shareable
  redirect_router       = imap_shared_accept
  qualify_preserve_domain
  local_part_suffix = +*
  local_part_suffix_optional
# note that the cyrus user definition doesn't get applied during verification
  require_files = cyrus:IMAP_MAIL_BASE/${length_1::$local_part}/${lookup{$domain}cdb{CDBMAILTABLES/imap_shared_name.cdb}}/${tr{$local_part}{.}{^}}
  data = ${quote_local_part:+${lookup{$domain}cdb{CDBMAILTABLES/imap_shared_name.cdb}}/$local_part}
----------------------------8< cut here >8------------------------------


where CDBMAILTABLES/imap_shared_name.cdb will map "spodhuis.org" ->
"spodhuis", so that I can map domains to folders and can accept mail for
a new domain into a new hierarchy with just a couple of updates. Note
the embedded knowledge of the encoding of names into the file-system --
I am violating the API and I'm probably missing some special cases in
doing so.

So, because I don't set postuser, mail to exim-users@??? gets
redirected to "+spodhuis/exim-users@???".

Then this is accepted with the "imap_shared_accept" router, which is
jumped to via redirect_router, which says:

----------------------------8< cut here >8------------------------------
imap_shared_accept:
  driver        = accept
  local_parts   = ^\\+[^/]+/.+
  transport     = imap_inject
  cannot_route_message = unknown user
----------------------------8< cut here >8------------------------------


This comes after the normal final router, so that it's only reached via
the redirect_router jumps.

The transport you have should be fine.

Regards,
-Phil