On 2009-10-01 at 13:07 +0100, Charles Dand wrote:
> I've been looking at delivery of incoming emails directly to a Cyrus
> IMAP shared folder. Quite simply I'd like to know if this is possible?
Yes. I do it.
> I have a shared folder on Cyrus like this
> share/pfstaff
And if you use an admin principal to authenticate to IMAP and use
GETACL, you can confirm that "anyone" has "p" permission? Ideally also
on the "share/" hierarchy, so that it's also inherited by newly created
folders?
a5>> GETACL "spodhuis"
>>> a5 GETACL "spodhuis"
<<< * ACL spodhuis anyone p [...censored...] <<< a5 OK Completed
> Currently Exim will deliver directly to the user mailboxes using the
> following router and transport
>
> cyrus_vdom: driver = accept domains = +cyrus_domains transport =
> cyrus_ltcp no_more ... cyrus_ltcp: driver = smtp protocol = lmtp
> hosts = 127.0.0.1 allow_localhost
>
> in /etc/cyrus.conf I have the following. lmtp cmd="lmtpd -a"
> listen="lmtp" prefork=0 thus I know that Exim is delivering to Cyrus
> via unauthenticated LMTP.
FWIW, I like to have my mail-client show the length of an email, so I
also have on the transport: headers_remove = "lines" headers_add =
"Lines: $body_linecount"
If you also add "rcpt_include_affixes" then you can use sub-addressing
filters in your Cyrus sieve filters.
> If an email is sent to pfstaff I get and error reporting "550-Mailbox
> unknown. Either there is no mailbox associated with this\n550-name or
> you do not have authorization to see it.\n550 5.1.1 User unknown"
>
> I've tried different combinations in /etc/mail/aliases of
> "share.pfstaff", "pfstaff.share" "share+pfstaff" to no avail. Still the
> same "550 5.1.1 User unknown"
>
> I'd like to know if it is possible for Exim to deliver directly to the
> mailbox share/pfstaff? and if so can someone suggest how this is
> achieved? There are a number of discussions about this but I can't tell
> from them if the final result I'm looking for has ever been achieved.
Look in your imapd.conf for a definition of "postuser"; the
imapd.conf(5) documentation notes:
----------------------------8< cut here >8------------------------------
postuser: <empty string>
Userid used to deliver messages to shared folders. For example,
if set to "bb", email sent to "bb+shared.blah" would be delivered
to the "shared.blah" folder. By default, an email address of
"+shared.blah" would be used.
----------------------------8< cut here >8------------------------------
So if you're not setting "postuser" in imapd.conf, and since you appear
to have set unixhierarchysep true, then you want an Exim redirect router
which redirects to: +share/pfstaff
To avoid accepting email for all addresses, you'll want some way to
verify the address, either with an LMTP callout or some other way.
Myself, the exim runtime user is in the "cyrus" group and so can see the
folder hierarchy and I use require_files to check.
----------------------------8< cut here >8------------------------------
imap_shared_folder_map:
driver = redirect
domains = +imap_core_shareable
redirect_router = imap_shared_accept
qualify_preserve_domain
local_part_suffix = +*
local_part_suffix_optional
# note that the cyrus user definition doesn't get applied during verification
require_files = cyrus:IMAP_MAIL_BASE/${length_1::$local_part}/${lookup{$domain}cdb{CDBMAILTABLES/imap_shared_name.cdb}}/${tr{$local_part}{.}{^}}
data = ${quote_local_part:+${lookup{$domain}cdb{CDBMAILTABLES/imap_shared_name.cdb}}/$local_part}
----------------------------8< cut here >8------------------------------
where CDBMAILTABLES/imap_shared_name.cdb will map "spodhuis.org" ->
"spodhuis", so that I can map domains to folders and can accept mail for
a new domain into a new hierarchy with just a couple of updates. Note
the embedded knowledge of the encoding of names into the file-system --
I am violating the API and I'm probably missing some special cases in
doing so.
So, because I don't set postuser, mail to exim-users@??? gets
redirected to "+spodhuis/exim-users@???".
Then this is accepted with the "imap_shared_accept" router, which is
jumped to via redirect_router, which says:
----------------------------8< cut here >8------------------------------
imap_shared_accept:
driver = accept
local_parts = ^\\+[^/]+/.+
transport = imap_inject
cannot_route_message = unknown user
----------------------------8< cut here >8------------------------------
This comes after the normal final router, so that it's only reached via
the redirect_router jumps.
The transport you have should be fine.
Regards,
-Phil
