Can anyone comment on that ?<div><br></div><div>We might be doing something wrong while settings our ACLs, but looking with wireshark at how cyradm I think we're fine and that there's really a bug in here.</div><div>
<br></div><div>Thomas,</div><div>Blue Mind.</div><div><br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Nov 19, 2012 at 8:39 PM, Thomas Cataldo <span dir="ltr"><<a href="mailto:tcataldo@gmail.com" target="_blank">tcataldo@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<div><br></div><div>I did some more research on my problem and tracked the problem down to this test in append.c (cyrus 2.4) :</div>
<div><br></div><div><div> else if (!strcmp(flag[i], "\\flagged")) {</div>
<div> if (as->myrights & ACL_WRITE) { // this test fails when mailbox is a.b@domain</div><div> message_index.system_flags |= FLAG_FLAGGED;</div><div> }</div><div> }</div>
</div><div><br></div><div>My problem is probably related to unixhierarchysep settings and the way ACLs are set, but the following patch fixes it :</div><div><br></div><div><div>diff --git a/imap/append.c b/imap/append.c</div>
<div>index d3c2bd4..b622dd1 100644</div><div>--- a/imap/append.c</div><div>+++ b/imap/append.c</div><div>@@ -160,12 +160,25 @@ int append_setup(struct appendstate *as, const char *name,</div><div> {</div><div> int r;</div>
<div> struct quota q;</div><div>+ unsigned int pos;</div><div>+ size_t at_char;</div><div>+ char* fixed_acls;</div><div> </div><div> as->mailbox = NULL;</div><div> r = mailbox_open_iwl(name, &as->mailbox);</div>
<div> if (r) return r;</div><div> </div><div>- as->myrights = cyrus_acl_myrights(auth_state, as->mailbox->acl);</div><div>+ fixed_acls = strdup(as->mailbox->acl);</div><div>+ syslog(LOG_ERR, "before acls tweaks: %s\n", fixed_acls);</div>
<div>+ at_char = strcspn(fixed_acls, "@");</div><div>+ for (pos=0; pos < at_char; pos++) {</div><div>+ if (fixed_acls[pos] == '.') {</div><div>+ fixed_acls[pos] = '^';</div><div>
+ }</div><div>+ }</div><div>+ syslog(LOG_ERR, "after acls tweaks: %s\n", fixed_acls);</div><div>+</div><div>+ as->myrights = cyrus_acl_myrights(auth_state, fixed_acls);</div><div> </div><div> if ((as->myrights & aclcheck) != aclcheck) {</div>
<div> r = (as->myrights & ACL_LOOKUP) ?</div></div><div><br></div><div><br></div><div>The two logs I added give the following output :</div><div><br></div><div><div>Nov 19 20:37:00 ppday cyrus/lmtp[42207]: before acls tweaks: a.b@buffy.vmw#011lrswipkxtecda#011admin0#011lrswipkxtecda#011admin@buffy.vmw#011lrsp#011</div>
<div>Nov 19 20:37:00 ppday cyrus/lmtp[42207]: after acls tweaks: a^b@buffy.vmw#011lrswipkxtecda#011admin0#011lrswipkxtecda#011admin@buffy.vmw#011lrsp#011</div></div><div><br></div><div>I hope this "test" patch might help figure out what is wrong. My acls setup or a bug.</div>
<div><br></div><div>Regards,</div><div>Thomas Cataldo,</div><div>Blue Mind.</div><div class="HOEnZb"><div class="h5"><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div class="gmail_extra"><br>
<br><div class="gmail_quote">On Wed, Nov 14, 2012 at 10:40 AM, Thomas Cataldo <span dir="ltr"><<a href="mailto:tcataldo@gmail.com" target="_blank">tcataldo@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello,<div><br></div><div>Consider the following sieve setup :</div><div><br></div><div><div>root@ppday:/var/spool/sieve# cat global/buffy.vmw.sieve.script </div>
<div>require ["body", "copy", "fileinto", "imapflags" ];</div>
<div><br></div><div># filters</div><div>if allof ( address :contains "from" "admin") {</div><div><span style="white-space:pre-wrap"> </span>setflag "\\Flagged";</div><div>}</div><div><br>
</div><div># END</div><div><br></div><div>root@ppday:/var/spool/sieve# cat domain/b/buffy.vmw/a/a^b/bm-user5.sieve.script </div><div>require ["body", "copy", "fileinto", "imapflags", "vacation", "include" ];</div>
<div><br></div><div>include :global "buffy.vmw.sieve";</div><div><br></div><div># END</div><div><br></div><div><br></div><div>root@ppday:/var/spool/sieve# cat domain/b/buffy.vmw/s/sp/bm-user6.sieve.script </div>
<div>require ["body", "copy", "fileinto", "imapflags", "vacation", "include" ];</div><div><br></div><div>include :global "buffy.vmw.sieve";</div><div>
<br>
</div><div><br></div><div># END</div></div><div><br></div><div>When admin@buffy.vmw sends an email to a.b@buffy.vmw and sp@buffy.vmw, the following happens :</div><div> - the mail is correctly flagged for sp</div><div> - no flagging for a.b</div>
<div><br></div><div>Nothing interesting in my logs when the mail is delivered :</div><div><br></div><div><br></div><div><div>Nov 14 10:17:20 ppday cyrus/master[19560]: about to exec /usr/lib/cyrus/bin/lmtpd</div><div>Nov 14 10:17:20 ppday cyrus/lmtp[19560]: executed</div>
<div>Nov 14 10:17:20 ppday cyrus/lmtp[19560]: skiplist: checkpointed /var/lib/cyrus/statuscache.db (0 records, 144 bytes) in 0 seconds</div><div>Nov 14 10:17:21 ppday cyrus/lmtp[19560]: accepted connection</div><div>Nov 14 10:17:21 ppday cyrus/lmtp[19560]: connection from ppday.buffy.vmw [172.16.78.128] preauth'd as postman</div>
<div>Nov 14 10:17:21 ppday cyrus/lmtp[19560]: Delivered: <1c42d02ef8953cb9521bbbb9dafbaa21@buffy.vmw> to mailbox: buffy.vmw!user.a^b</div><div>Nov 14 10:17:21 ppday cyrus/lmtp[19560]: USAGE a^b user: 0.004000 sys: 0.008000</div>
<div>Nov 14 10:17:21 ppday cyrus/lmtp[19560]: Delivered: <1c42d02ef8953cb9521bbbb9dafbaa21@buffy.vmw> to mailbox: buffy.vmw!user.admin</div><div>Nov 14 10:17:21 ppday cyrus/lmtp[19560]: USAGE admin user: 0.000000 sys: 0.004000</div>
<div>Nov 14 10:17:21 ppday cyrus/lmtp[19560]: Delivered: <1c42d02ef8953cb9521bbbb9dafbaa21@buffy.vmw> to mailbox: buffy.vmw!user.sp</div><div>Nov 14 10:17:21 ppday cyrus/lmtp[19560]: USAGE sp user: 0.000000 sys: 0.000000</div>
<div>Nov 14 10:17:21 ppday postfix/lmtp[19551]: 5DA0A21E37: to=<a.b@buffy.vmw>, relay=172.16.78.128[172.16.78.128]:2400, delay=0.93, delays=0.07/0.03/0.03/0.79, dsn=2.1.5, status=sent (250 2.1.5 Delivery OK)</div><div>
Nov 14 10:17:21 ppday postfix/lmtp[19551]: 5DA0A21E37: to=<admin@buffy.vmw>, relay=172.16.78.128[172.16.78.128]:2400, delay=0.93, delays=0.07/0.03/0.03/0.79, dsn=2.1.5, status=sent (250 2.1.5 Delivery OK)</div><div>
Nov 14 10:17:21 ppday postfix/lmtp[19551]: 5DA0A21E37: to=<sp@buffy.vmw>, relay=172.16.78.128[172.16.78.128]:2400, delay=0.93, delays=0.07/0.03/0.03/0.79, dsn=2.1.5, status=sent (250 2.1.5 Delivery OK)</div><div>Nov 14 10:17:21 ppday postfix/qmgr[20160]: 5DA0A21E37: removed</div>
</div><div><br></div><div>Any know bugs with global sieve vs mailboxes with "dot" in them ?</div><div>Can I enable more verbose sieve execution logs ?</div><div><br></div><div><br></div><div>Regards,</div><div>
Thomas Cataldo,</div>
<div>Blue Mind</div><div><br></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>