Shared folders

former03 | Baltasar Cevc baltasar.cevc at former03.de
Tue Aug 15 06:04:27 EDT 2006 

Hi Rudy, hi list,


On 14.08.2006, at 23:18, Rudy Gevaert wrote:
> former03 | Baltasar Cevc wrote:
> I don't fully understand the above.
>
> Say I want the following shared folders: support at mydomain.com, 
> admins at mydomain.com
Just to make that clear to everyone because it is not very obvious 
using virtual domain support.
In case you use the normal namespace (in contract to altnamespace, see 
http://cyrusimap.web.cmu.edu/imapd/altnamespace.html for details): the 
email address support at example.com corresponds to the folder 
user/support at example.com if you use unixhierarchysep, to 
user.support at example.com otherwise. The folder namespaces for different 
domains are completely separated, and the "@example.com" in cyradm's 
output denotes which domain they belong to. However, the domain _is 
not_ part of the folder name (as you can see from the logfiles, cyrus 
uses a different notation internally (which is more like 
example.com!folder).

> I would create those mailboxes with cyradm:
> cm "support at mydomain.com"
> cm "admins at mydomain.com"
> sam "support at mydomain.com" ?? p
> sam "admins at mydomain.com ?? p
>
> I've tried user cyrus but that doesn't work.  Lmtp says:
> Aug 14 23:09:26 oeral mail2/lmtp[10712]: 
> verify_user(mydomain.com!support) failed: Mailbox does not exist
> Setting 'p' for 'anyone', works.  But I wonder if that is safe enough?
>
That sounds like a typical permission problem (granted, the message 
given does not tell it - somewhere I've seen a message 'mailbox does 
not exist or you don't have permission to see it' which would be more 
appropriate.

The user depends on your setup - I think it's postman or something 
similar if you use preauthed LMTP, however, I have the impression that 
preauthed LMTP won't require any special permissions to post to any 
folder. If you have your MTA authenticate you may specify any user (I 
did that on some system and it worked fine using Postfix), but as far 
as I remember I had to fiddle around for some time to get it working.

The 'p' for 'anyone' depends on your environment, I'd say. We've 
granted quite a lot of rights to anyone as all of the persons that have 
an email account in our domain should have access, however in bigger 
environments that's probably not what you want.

> In your case you would make a mailbox 'shared at mydomain.com', right?  
> At let the users mail to 'shared+subfolder at domain.com".  Correct?
If you use this address, it won't be a real shared folder but a shared 
personal folder (you would grant your folks the permission to access 
the mailbox of the user 'shared'). Which is perfectly legitimate - e.g. 
you could use sieve scripts here which is something you can't directly 
do for a real shared folder.
A real shared folder would look like "+shared/subfolder at example.com" 
respectively "+shared.subfolder at example.com" depending on thich 
hierarchy separator you use.
The difference in the folder hierarchy looks like that

Domain 1 (that's the top level of the email acount) => real shared 
folders
  + INBOX
    + my personal subfolder
  + Hosting (shared folder) - access using +Hosting at example.com
    + SubFolter -  using +Hosting at example.com
  + Spam (shared folder)
  + Some other shared folder
    + with another subfolder

Domain 2 (top level of the account) => shared user folders
  + INBOX
    + Virus
    + Spam
  + user
    + administratoren (the shared postbox) (deliver as 
administratoren at example.net)
    + buero (dito, deliver as buero at example.net)

You can combine both variants as you like. For example I have a user 
"hosting at example.com" with a sieve script that delivers spam into the 
shared mailbox spam and everything else to hosting, while some systems 
directly send mail to "+Hosting/Subfolder at example.com".

Don't confuse this with altnamespace 
(http://cyrusimap.web.cmu.edu/imapd/altnamespace.html), which is user 
specific), the things I described here look like this for any user on 
the domain, while in altnamespace the folders on that level would be 
strictly personal:
TOP
  + INBOX
  + my other personal folder
  + Shared Folders
    + Shared folder 1
(I never tried this, probably delivery is somewhat different here, too).

Baltasar

--
Baltasar Cevc

_____ former 03 gmbh
_____ infanteriestraße 19 haus 6 eg
_____ D-80797 muenchen

_____ http://www.former03.de

More information about the Info-cyrus mailing list