{"id":32,"date":"2012-11-06T01:32:04","date_gmt":"2012-11-06T09:32:04","guid":{"rendered":"http:\/\/blog.ls-al.com\/?p=32"},"modified":"2012-11-06T01:32:04","modified_gmt":"2012-11-06T09:32:04","slug":"using-imap-shared-folders","status":"publish","type":"post","link":"https:\/\/blog.ls-al.com\/using-imap-shared-folders\/","title":{"rendered":"Using IMAP “Shared Folders”"},"content":{"rendered":"

Or one could also call it a poor man's MS Exchange Public Folders<\/strong> solution. There are several solutions that might work for this but none will probably be as easy to administer as Exchange Public Folders. However this solution does work with Outlook 2007 and 2010 clients.<\/p>\n

Operating System<\/strong>
\nVanilla Debian Wheezy 64bit
\n** Pick SSH Server, Standard system utilities<\/p>\n

Delete my user since we will use winbind users.<\/strong><\/p>\n

# deluser rrosso<\/pre>\n
Install Dovecot server.<\/strong><\/p>\n
# apt-get install dovecot-imapd<\/pre>\n
Setup Active Directory Authentication.<\/strong><\/p>\n
# apt-get install krb5-config krb5-user libkrb5-3 libpam-krb5 samba-common samba winbind smbclient \r\n\r\n# cat \/etc\/krb5.conf \r\n[libdefaults] \r\n\tdefault_realm = DOMAIN.COM \r\n\tdns_lookup_realm = true \r\n\tdns_lookup_kdc = true \r\n\r\n[realms] \r\n\tDOMAIN.COM = { \r\n\t\tkdc = ad1.domain.com \r\n\t\tadmin_server = ad1.domain.com \r\n\t} \r\n\r\n# kinit administrator \r\nPassword for administrator@DOMAIN.COM: \r\n# klist \r\nTicket cache: FILE:\/tmp\/krb5cc_0 \r\nDefault principal: administrator@DOMAIN.COM \r\n\r\nValid starting    Expires           Service principal \r\n30\/04\/2012 10:39  30\/04\/2012 20:40  krbtgt\/DOMAIN.COM@DOMAIN.COM \r\n\trenew until 01\/05\/2012 10:39 \r\n\r\nIn \/etc\/samba dir:\r\n# cat smb.conf \r\n[global] \r\n\tworkgroup = DOMAIN\r\n\trealm = DOMAIN.COM \r\n\tsecurity = ADS \r\n\tserver string = MAIL ARCHIVE SERVER \r\n\tload printers = no \r\n\tpassword server = ad1 \r\n\tpassword level = 8 \r\n\tusername level = 8 \r\n\tlocal master = no \r\n\tdomain master = no \r\n\tpreferred master = no \r\n\tencrypt passwords = yes \r\n\tnetbios name = usmailarchserver \r\n\tclient signing = yes \r\n\tdns proxy = no \r\n\tsocket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY \r\n\twins support = No \r\n\tveto files = \/*.eml\/*.nws\/riched20.dll\/*.{*}\/ \r\n\tidmap uid = 10000-20000 \r\n\tidmap gid = 10000-20000 \r\n\ttemplate shell = \/bin\/bash \r\n\ttemplate homedir = \/home\/%D\/%U \r\n\twinbind separator = + \r\n\twinbind enum users = Yes \r\n\twinbind enum groups = Yes \r\n\twinbind use default domain = Yes \r\n\tauth methods = winbind \r\n[IPC$] \r\n        hosts allow = 127.0.0.1,172.20.0.0\/16 \r\n        hosts deny = 0.0.0.0\/0 \r\n\r\n# \/etc\/init.d\/winbind restart \r\nStopping the Winbind daemon: winbind. \r\nStarting the Winbind daemon: winbind. \r\n\r\n# net ads join -U administrator \r\nEnter administrator's password: \r\nUsing short domain name -- DOMAIN \r\nJoined 'USMAILARCHSERVER' to realm 'domain.com' \r\n\r\n# \/etc\/init.d\/winbind restart \r\nStopping the Winbind daemon: winbind. \r\nStarting the Winbind daemon: winbind. \r\n\r\n# wbinfo -u | grep -i rrosso \r\nrrosso \r\n\r\n# wbinfo -g | grep -i Infrastructure \r\nit infrastructure \r\n...snip\r\n\r\n# grep winbind \/etc\/nsswitch.conf \r\npasswd:         compat winbind\t \r\ngroup:          compat winbind \r\n\r\nrrosso@jamaica:~$ ssh usmailarchserver\r\n\r\nCreating directory '\/home\/DOMAIN\/rrosso'. \r\nLinux usmailarchserver 3.2.0-2-amd64 #1 SMP Sun Apr 15 16:47:38 UTC 2012 x86_64<\/pre>\n
Dovecot Setup<\/strong><\/p>\n
In \/etc\/dovecot\/conf.d folder:\r\n# grep location * \r\n10-mail.conf:mail_location = maildir:~\/Maildir \r\n\r\n# grep winbind * \r\n10-auth.conf:auth_winbind_helper_path = \/usr\/bin\/ntlm_auth \r\n\r\n# vi 10-mail.conf \r\n# When creating any namespaces, you must also have a private namespace: \r\nnamespace { \r\n  type = private \r\n  separator = \/ \r\n  prefix = \r\n  #location defaults to mail_location. \r\n  inbox = yes \r\n} \r\nnamespace { \r\n  type = public \r\n  separator = \/ \r\n  prefix = Public\/ \r\n  location = maildir:\/PublicFolders \r\n  subscriptions = no \r\n} \r\n\r\n# \/etc\/init.d\/dovecot restart \r\nRestarting IMAP\/POP3 mail server: dovecot.<\/pre>\n
Exim4 Setup<\/strong><\/p>\n
dpkg-reconfigure exim4-config \r\n** Pick mail sent by smarthost; received via SMTP or fetchmail \r\n** Accept from all hosts by deleting 127.0.0.1 entry\r\n** Maildir format in home directory \r\n\r\nIn \/etc\/exim4 folder:\r\n# vi exim4.conf.template \r\nbegin routers \r\n\r\n# This router handles special mail addresses to be \r\n...snip\r\nshared_folders: \r\n  debug_print = \"R: shared_folders for $local_part@$domain\" \r\n  local_parts = \"hostmaster:ITAlerts\" \r\n  driver = accept \r\n  transport = maildir_shared_folder \r\n\r\nbegin transports \r\n...snip \r\nmaildir_shared_folder: \r\n  driver = appendfile \r\n  maildir_format = true \r\n  directory = \/PublicFolders\/.IT.${local_part}\/ \r\n  create_directory = false \r\n  check_string = \"\" \r\n  escape_string = \"\" \r\n  delivery_date_add \r\n  envelope_to_add \r\n  return_path_add \r\n  mode = 0777 \r\n  no_mode_fail_narrower \r\n  user = mail \r\n  group = 10000 \r\n\r\n# ps -ef | grep exim \r\n101      14450     1  0 14:29 ?        00:00:00 \/usr\/sbin\/exim4 -bd -q30m \r\n\r\n** We are trying to accept hostmaster@ email straight into Maildir so disable system alias for this user. \r\n# grep hostmaster \/etc\/aliases \r\n#hostmaster: root \r\n\r\n# newaliases \r\n\r\n# exim4 -bt hostmaster@usmailarchserver.domain.com \r\nR: system_aliases for hostmaster@usmailarchserver.domain.com \r\nR: shared_folders for hostmaster@usmailarchserver.domain.com \r\nhostmaster@usmailarchserver.domain.com \r\n  router = shared_folders, transport = maildir_shared_folder \r\n\r\n# exim4 -bt ITAlerts@usmailarchserver.domain.com \r\nR: system_aliases for italerts@usmailarchserver.domain.com \r\nR: shared_folders for italerts@usmailarchserver.domain.com \r\nITAlerts@usmailarchserver.domain.com \r\n  router = shared_folders, transport = maildir_shared_folder \r\n\r\n# tail -f \/var\/log\/exim4\/mainlog \r\n2012-05-04 15:06:21 End queue run: pid=16475 \r\n2012-05-04 15:14:31 1SQQl9-0004IN-J6  italerts  R=shared_folders T=maildir_shared_folder \r\n2012-05-04 15:14:31 1SQQl9-0004IN-J6 Completed \r\n2012-05-04 15:17:51 1SQQou-0004JG-IE  hostmaster  R=shared_folders T=maildir_shared_folder \r\n2012-05-04 15:17:51 1SQQou-0004JG-IE Completed \r\n...snip<\/pre>\n
Add a new e-mail address to drop e-mail into Maildir Folder.<\/strong><\/p>\n
In \/etc\/exim4 folder:\r\n# grep hostmaster exim4.conf.template \r\n  local_parts = \"hostmaster:ITAlerts:backupnotifications:busapps\" \r\n\r\n# grep hostmaster \/PublicFolders\/mailEnabledList \r\nhostmaster:.IT.hostmaster \r\n\r\n# \/etc\/init.d\/exim4 reload<\/pre>\n
TODO:<\/strong> Documentation that I have collected and need to publish here.<\/p>\n
    \n
  • Permissions for the mailer to drop mail into the Public Folders.<\/li>\n
  • Change to exim lookup rules for dropping off mail.<\/li>\n
  • Provisioning a new user to access the folders still need a home dir to be created. Document how to create and setup MailDir for a new user.<\/li>\n
  • SSL Certificate for Outlook prompts http:\/\/paulschreiber.com\/blog\/2008\/08\/01\/how-to-create-a-self-signed-ssl-certificate-for-dovecot-on-debian\/<\/li>\n
  • Ensure enough Inodes for archive disk<\/li>\n
  • Careful of where Outlook cache folders. I had to move my Data File in outlook for this account to a large enough disk.<\/li>\n
  • Disable Outlook IMAP Attachment Downloads<\/li>\n
  • How to troubleshoot auth_userdb_permission issues<\/li>\n
  • Enable Dovecot debugging<\/li>\n
  • Howto rsync folders for backups<\/li>\n<\/ul>\n
    Some useful links I encountered:<\/strong>
    \nhttp:\/\/www.debian-administration.org\/articles\/275
    \nhttp:\/\/wiki.dovecot.org\/HowTo\/ActiveDirectoryNtlm
    \nhttp:\/\/www.flatmtn.com\/article\/setting-exim#Exim4-6.1<\/p>\n","protected":false},"excerpt":{"rendered":"
    Or one could also call it a poor man’s MS Exchange Public Folders solution. There are several solutions that might<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[],"class_list":["post-32","post","type-post","status-publish","format-standard","hentry","category-imap"],"_links":{"self":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts\/32","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/comments?post=32"}],"version-history":[{"count":0,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts\/32\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/media?parent=32"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/categories?post=32"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/tags?post=32"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}