[Dovecot] Dovecot namespace solved while writing; preparing to refilter

[miro.rovis at croatiafidelis.hr]

Hi!

My plea to readers:
===================
Pls., people who only want strictly technical issues to read, and frown 
at any
broader context regardless how intrinsically related, but not strictly
technically related, it might be, skip all the way, all the way to, 
search for
exact words: "strictly technical" or visually, find two lines of sole 
"==="
characters.  Thank you!

Upon umptieth failure, and having cloned the system onto another same 
arch,
much more: same MBO-model box (cloning and restoring clean is my 
defence to get
the system into as clean a state as can be, after any longer time 
online --I
had had systems comprimised, and now I am a little paranoid)...

So, after weeks of some failures in some phases of installations of 
dovecot and
friends (as explained further in this text), I cloned the same system, 
but from
previously taken clean backup, used it some time, and now I want to 
update the
mailbox back because now the first system is in clean state, having I
restored from clean backup...

This is a Debian weekly testing install, which I clone btwn two same 
MBO-model
boxes to keep it as clean as a non-expert user like me can have it... 
To a
large extent I do trust installing and update/upgrading my systems from 
the
weekly builds (but hey, why don't they PGP-sign those as kernel 
tarballs and as
Grsecurity or Tor-browser tarballs are signed? any Debian developer 
reading
this, why not?)... because I can check with some trust the weekly 
builds' sums
for integrity, but how and why could or would I trust simply installing
anything straight from the internet?

By cloning (I used to dd disk dump when cloning, but nowadays it seems 
faster
and reliable enough with Sysresccd's fsarchiver, so I dd just the small 
boot
partition), by cloning I keep the system as close to clean as those
non-pgp-signed weekly builds allow...

Now add to that that the real FFmpeg is not allowed into Debian, and I 
am a fan
of it (I very much use it, it's running almost all the time, on some or 
other
of my systems), but you have to get it through deb-multimedia.org if 
you want
it on Debian (what freedom is that, banning programs from official
repositories?!)...  and add to that that I want Grsecurity/Pax at all 
cost, in
my system, and not:

http://www.nsa.gov/research/selinux/

which I don't want in my system, at all cost, but to which the Debian 
current
leadership seems to be total-blind-fidelity bound to...

Add those and you get pretty much all the basic ingredients of my fight 
for
freedom and true privacy which are layed siege onto in the GNU/Linux 
Operating
System and the few related other free OS's, in most of its flavors and 
branches
and deployments of the day, from the outside and also from the inside.

Because even with the long-delayed-in-updating gNewSense, for 
insufficient
developer power (I mean: too few), probably, what's the use of the fine
deblobbed kernel if they put SELinux into it? Where's freedom with what 
I
suspect can not be other than fake security with surreptitious 
surveillance?

(BTW, go and ask people, but not loudly, who compile their Gentoo's 
--there' a
link to my short post on forums.gentoo.org a few lines below-- like I 
compile
(on other systems of mine), only a minority of very uninformed or some 
special
entities' aficionados use anything other than Grsecurity on their 
Hardened
Gentoos --and Gentoo is unquestionably the leader in hardening-- it's 
not just
me, it's only that I am loud about it)...

But I also tried to call this issue to GNU-freedom seeking people's 
attention
such as here:

https://lists.nongnu.org/archive/html/gnewsense-users/2013-09/msg00001.html
and entire thread: Grsecurity on gNewSense, but for real?

I didn't mean to dwell on these issues here, and it is not the reason I 
write
my messege to dovecot-mailing list, but this is the broad perspective 
of my,
and I am sure not only my case, of my deployment of dovecot and broadly 
these
are the reasons why I deploy it on my system.

No, this broader picture I don't think is not off-topic. I did think 
hard about
it...  No, I believe it is good to mention these issues in this 
post-Snowden
era when the scale and scope of total surveillance can not be 
successfully
sneered and scoffed at and dismissed, like some "exceptional" (Obama 
talking to
the U.S. of A. nation in September 2013, in his quest for support, 
thankfully
lacking, of then being planned Iraq-2003-like-in-pretence-and-lies 
attack-to-be
on Syria)... like some "exceptional" people would want it (that's the 
Gentoo
Forum's link mentioned above)...

http://forums.gentoo.org/viewtopic-t-967806.html
A case of actual protection of my Gentoo box by Grsecurity

At least these issues should not be anymore successfully sneered and 
scoffed at
and dismissed, but we're all less and less free as mankind...

And, since I don't connect to my SOHO network the box which I open to 
the
internet, I have mails to refilter into the very probably clean cloned 
box...
And I need to refilter using dovecot (which I finally got to work)...

These lines, all the dozen or so paragraphs from the beginning up unto 
here, do
appear first for reading, but are written just about all the very last, 
after
the rest of the text below has already been written, except the final
proofreading notes intersparsed).

=============================================================================
=============================================================================
Now nearly only strictly technical I go, for the sake of people who 
prefer so.

That maildir mailbox being all poorly sorted (I must have made other 
mistakes,
I am just still new and generally lack expertise in all these true 
mailer
tools; but very impressed I am with them! thanks Sirainen, thanks 
Varshavchik,
thanks MuttDude, thanks Venema, and all, I admire you people!), so I 
removed
the old Maildir and I made this scriptlet:

This is my configuration:

me at mybox:# dovecot -n
# 2.1.17: /etc/dovecot/dovecot.conf
# OS: Linux 3.10.9-grsec-130827 x86_64 Debian jessie/sid
auth_debug = yes
mail_debug = yes
mail_location = maildir:~/Maildir:LAYOUT=fs
mail_plugins = acl quota
mail_privileged_group = mail
namespace {
   hidden = yes
   inbox = yes
   list = no
   location = mbox:~/mail:INBOX=/var/mail/%u
   prefix = "#mbox/"
   separator = /
}
namespace {
   location = maildir:~/Maildir
   prefix =
   separator = /
}
passdb {
   args = dovecot
   driver = pam
}
protocols = " imap"
ssl_cert = </etc/dovecot/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.pem
userdb {
   driver = passwd
}
protocol imap {
   mail_plugins = acl quota imap_acl imap_quota mail_log notify
}
me at mybox:#

cd ~
maildirmake  Maildir
maildirmake -f Drafts Maildir/
maildirmake -f Sent Maildir/
maildirmake -f someFolder1 Maildir/
maildirmake -f someFolder2 Maildir/
maildirmake -f someFolder2.Facebk Maildir/

One note: pls. don't get me wrong, I hate Stasibook (Facebk above is 
less
typing, but it's for Facebook mail), I just would like to learn enough 
to teach
and get at least some of my friends who "socialize" there out of reach 
of those
stasi-like entities that Zuck and his Gang serve all the "socializing" 
users'
data to, which is so hard a task for me to do, but which desire keeps 
me moving
in this steep-learning-curve quest of mine that got me this far where I 
am now,
with dovecot and other tools. That is the reason I am still subscribed 
there,
to be able to follow what my people do, occasionally. I'm not logging 
into that
walled-off sewage-like stasi hole featuring as virtual garden!

I saved that scriplet as maildirmake_00.sh, then

$ chmod 755 maildirmake_00.sh

and ran it.

me at mybox:~$ ./maildirmake_00.sh

And I have, I guess so far, all correct:

me at mybox:~$ ls -la Maildir/
total 40
drwx------ 10 mr mr 4096 Oct  1 23:06 .
drwxr-xr-x 33 mr mr 4096 Oct  1 23:06 ..
drwx------  2 mr mr 4096 Oct  1 23:06 cur
drwx------  5 mr mr 4096 Oct  1 23:06 .Drafts
drwx------  5 mr mr 4096 Oct  1 23:06 .someFolder1
drwx------  5 mr mr 4096 Oct  1 23:06 .someFolder2
drwx------  5 mr mr 4096 Oct  1 23:06 .someFolder2.Facebk
drwx------  2 mr mr 4096 Oct  1 23:06 new
drwx------  5 mr mr 4096 Oct  1 23:06 .Sent
drwx------  2 mr mr 4096 Oct  1 23:06 tmp
me at mybox:~$

I really hope no mistake I made so far.

someFolder1 and someFolder2 are for two different servers I get my mail 
from.
Will probably need to tell some more about them later if the thread 
develops,
when the problems I have are more fully explained/solved/expanded.

Now the dovecot. It has, in Debian, and I'm on weekly testing branch, 
currently
up to date, actually last week's, that's just a little behind...  It 
has
15-mailboxes.conf like this (only pasting non-commented lines),

/etc/dovecot/conf.d/15-mailboxes.conf

namespace inbox {
   mailbox Drafts {
     special_use = \Drafts
   }
   mailbox Junk {
     special_use = \Junk
   }
   mailbox Trash {
     special_use = \Trash
   }
   mailbox Sent {
     special_use = \Sent
   }
}

[ here is a time lapse of cca 5-10 hours ]

Well, since I began writing, I realized that I can get the namespace to 
work
properly, but exactly only without the above:
/etc/dovecot/conf.d/15-mailboxes.conf
(I mean with all the lines above commented out)

It kept telling me this (in the logs I find):

Error: user me: Initialization failed: namespace configuration error: 
Duplicate
namespace prefix

Let me first say that it's I finally got closer to solution, and saw
directories with mutt as ~/Maildir/this/that instead of what maildirs 
are:
~/Maildir/.this.that only after getting the following in the 
10-mail.conf

/etc/dovecot/conf.d/10-mail.conf:

mail_location = maildir:~/Maildir:LAYOUT=fs
mail_plugins = acl quota

namespace {
   separator = /
   location = mbox:~/mail:INBOX=/var/mail/%u
   inbox = yes
   hidden = yes
   list = no
}
namespace {
   separator = /
   prefix =
   location = maildir:~/Maildir
}

It's what is recommended in <Namespaces.txt> on the wiki and maybe 
other places.
But only after the 15-mailboxes.conf was completely commented out.

Now I can view my mailbox from anywhere on my network, I guess (tried 
from the other
box and from the same box with mutt, it works!).

So namespace is solved I guess.

However, for my mail system to completely function in the right 
GNU/Linux way,
I have to get more GNU good things together in harmony. Naming some of 
the
other dovecot friends:

*getmail*, which hands on to *maildrop* for delivery...

And *postfix* with TLS for sending mail, via 465 port, *stunnel*... 
That bit feels
daunting to me, really...

This namespace thing also cost me a few ounces of raw nerves and some
occasional darkness in feelings...

The worse is still before my mind constantly: still not being able to 
send mail
the normal way, since the normal way is simply not in cleartext 
anymore... I
probably could just fine sent to port 25, but after all the political
persecution and censorship that as homeland-living dissident I suffered 
and
still suffer, I don't see that as a solution at all...

The obscured morale that I was upon me for a while is due to that 
stunnel
connection not being yet set up... So, sending this from the web yet, I 
guess
(prepared upfront, jealous of my time fixing systems that suffer from 
strange
behavior or break whenever I'm longer online)...

However, since I have been writing this not really hoping to get the 
namespace
working in the process (quite a few days I spent on it, and weeks on 
mail
system altogether, I can only hope to get the stunnel right if I really 
study
it as if attending university classes, I'm afraid, just like the 
hurdles that I
went finally past cost me real studying your manuals, my GNU freedom 
heros!)...

...And this message I having had started some five or ten hours ago [ 
before
the final broader picture paragraphs that are all in the beginning part 
of the
message; this very note is at the time of the very last proofreading ], 
now I
see that I went different direction before discovering the setup for 
namespace
that worked for me.

How I used maildirmake (it's the maildrop's not the dovecot's one) I 
thought
but now see doesn't probably have much to do with the solution for 
namespace I
found.

I leave it there though, because I need to fix the mailbox by 
refiltering it,
with the aid of the dovecot server, similar to how it is explained in:

http://wiki.dovecot.org/HowTo/RefilterMail

Because I got some syntax wrong in ~/.mailfiler for the maildrop MDA, 
and then
I got some of those wrongly named (numbered, no a-z, only 0-9 digits in 
names)
fake mailing-list folders that can be seen in my post on mutt 
mailing-list:

http://marc.info/?l=mutt-users&m=138021971816188&w=2
(the .muttrc however is completely different now, sure, than in that 
link)

I hope the main, the namespace dovecot part of this message may elicit
someone's advice, if they got past that phase with the 
15-mailboxes.conf at its
default. Or it is explained in the manuals I need to give a second or a 
third
read to understand them...

And I'll be back to report if I made ordered mails in my Maildir right 
with the
refiltering. Just pls. allow time, I'm a late adopter, I'm 56 years of 
age,
can't make these things as quick as you youngsters do it.

Thanks for the fine Dovecot mail server!

Miroslav Rovis
Zagreb, Croatia