[Dovecot] Dovecot namespace solved while writing; preparing to refilter

miro.rovis at croatiafidelis.hr miro.rovis at croatiafidelis.hr
Wed Oct 2 17:55:23 EEST 2013


My plea to readers:
Pls., people who only want strictly technical issues to read, and frown 
at any
broader context regardless how intrinsically related, but not strictly
technically related, it might be, skip all the way, all the way to, 
search for
exact words: "strictly technical" or visually, find two lines of sole 
characters.  Thank you!

Upon umptieth failure, and having cloned the system onto another same 
much more: same MBO-model box (cloning and restoring clean is my 
defence to get
the system into as clean a state as can be, after any longer time 
online --I
had had systems comprimised, and now I am a little paranoid)...

So, after weeks of some failures in some phases of installations of 
dovecot and
friends (as explained further in this text), I cloned the same system, 
but from
previously taken clean backup, used it some time, and now I want to 
update the
mailbox back because now the first system is in clean state, having I
restored from clean backup...

This is a Debian weekly testing install, which I clone btwn two same 
boxes to keep it as clean as a non-expert user like me can have it... 
To a
large extent I do trust installing and update/upgrading my systems from 
weekly builds (but hey, why don't they PGP-sign those as kernel 
tarballs and as
Grsecurity or Tor-browser tarballs are signed? any Debian developer 
this, why not?)... because I can check with some trust the weekly 
builds' sums
for integrity, but how and why could or would I trust simply installing
anything straight from the internet?

By cloning (I used to dd disk dump when cloning, but nowadays it seems 
and reliable enough with Sysresccd's fsarchiver, so I dd just the small 
partition), by cloning I keep the system as close to clean as those
non-pgp-signed weekly builds allow...

Now add to that that the real FFmpeg is not allowed into Debian, and I 
am a fan
of it (I very much use it, it's running almost all the time, on some or 
of my systems), but you have to get it through deb-multimedia.org if 
you want
it on Debian (what freedom is that, banning programs from official
repositories?!)...  and add to that that I want Grsecurity/Pax at all 
cost, in
my system, and not:


which I don't want in my system, at all cost, but to which the Debian 
leadership seems to be total-blind-fidelity bound to...

Add those and you get pretty much all the basic ingredients of my fight 
freedom and true privacy which are layed siege onto in the GNU/Linux 
System and the few related other free OS's, in most of its flavors and 
and deployments of the day, from the outside and also from the inside.

Because even with the long-delayed-in-updating gNewSense, for 
developer power (I mean: too few), probably, what's the use of the fine
deblobbed kernel if they put SELinux into it? Where's freedom with what 
suspect can not be other than fake security with surreptitious 

(BTW, go and ask people, but not loudly, who compile their Gentoo's 
--there' a
link to my short post on forums.gentoo.org a few lines below-- like I 
(on other systems of mine), only a minority of very uninformed or some 
entities' aficionados use anything other than Grsecurity on their 
Gentoos --and Gentoo is unquestionably the leader in hardening-- it's 
not just
me, it's only that I am loud about it)...

But I also tried to call this issue to GNU-freedom seeking people's 
such as here:

and entire thread: Grsecurity on gNewSense, but for real?

I didn't mean to dwell on these issues here, and it is not the reason I 
my messege to dovecot-mailing list, but this is the broad perspective 
of my,
and I am sure not only my case, of my deployment of dovecot and broadly 
are the reasons why I deploy it on my system.

No, this broader picture I don't think is not off-topic. I did think 
hard about
it...  No, I believe it is good to mention these issues in this 
era when the scale and scope of total surveillance can not be 
sneered and scoffed at and dismissed, like some "exceptional" (Obama 
talking to
the U.S. of A. nation in September 2013, in his quest for support, 
lacking, of then being planned Iraq-2003-like-in-pretence-and-lies 
on Syria)... like some "exceptional" people would want it (that's the 
Forum's link mentioned above)...

A case of actual protection of my Gentoo box by Grsecurity

At least these issues should not be anymore successfully sneered and 
scoffed at
and dismissed, but we're all less and less free as mankind...

And, since I don't connect to my SOHO network the box which I open to 
internet, I have mails to refilter into the very probably clean cloned 
And I need to refilter using dovecot (which I finally got to work)...

These lines, all the dozen or so paragraphs from the beginning up unto 
here, do
appear first for reading, but are written just about all the very last, 
the rest of the text below has already been written, except the final
proofreading notes intersparsed).

Now nearly only strictly technical I go, for the sake of people who 
prefer so.

That maildir mailbox being all poorly sorted (I must have made other 
I am just still new and generally lack expertise in all these true 
tools; but very impressed I am with them! thanks Sirainen, thanks 
thanks MuttDude, thanks Venema, and all, I admire you people!), so I 
the old Maildir and I made this scriptlet:

This is my configuration:

me at mybox:# dovecot -n
# 2.1.17: /etc/dovecot/dovecot.conf
# OS: Linux 3.10.9-grsec-130827 x86_64 Debian jessie/sid
auth_debug = yes
mail_debug = yes
mail_location = maildir:~/Maildir:LAYOUT=fs
mail_plugins = acl quota
mail_privileged_group = mail
namespace {
   hidden = yes
   inbox = yes
   list = no
   location = mbox:~/mail:INBOX=/var/mail/%u
   prefix = "#mbox/"
   separator = /
namespace {
   location = maildir:~/Maildir
   prefix =
   separator = /
passdb {
   args = dovecot
   driver = pam
protocols = " imap"
ssl_cert = </etc/dovecot/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.pem
userdb {
   driver = passwd
protocol imap {
   mail_plugins = acl quota imap_acl imap_quota mail_log notify
me at mybox:#

cd ~
maildirmake  Maildir
maildirmake -f Drafts Maildir/
maildirmake -f Sent Maildir/
maildirmake -f someFolder1 Maildir/
maildirmake -f someFolder2 Maildir/
maildirmake -f someFolder2.Facebk Maildir/

One note: pls. don't get me wrong, I hate Stasibook (Facebk above is 
typing, but it's for Facebook mail), I just would like to learn enough 
to teach
and get at least some of my friends who "socialize" there out of reach 
of those
stasi-like entities that Zuck and his Gang serve all the "socializing" 
data to, which is so hard a task for me to do, but which desire keeps 
me moving
in this steep-learning-curve quest of mine that got me this far where I 
am now,
with dovecot and other tools. That is the reason I am still subscribed 
to be able to follow what my people do, occasionally. I'm not logging 
into that
walled-off sewage-like stasi hole featuring as virtual garden!

I saved that scriplet as maildirmake_00.sh, then

$ chmod 755 maildirmake_00.sh

and ran it.

me at mybox:~$ ./maildirmake_00.sh

And I have, I guess so far, all correct:

me at mybox:~$ ls -la Maildir/
total 40
drwx------ 10 mr mr 4096 Oct  1 23:06 .
drwxr-xr-x 33 mr mr 4096 Oct  1 23:06 ..
drwx------  2 mr mr 4096 Oct  1 23:06 cur
drwx------  5 mr mr 4096 Oct  1 23:06 .Drafts
drwx------  5 mr mr 4096 Oct  1 23:06 .someFolder1
drwx------  5 mr mr 4096 Oct  1 23:06 .someFolder2
drwx------  5 mr mr 4096 Oct  1 23:06 .someFolder2.Facebk
drwx------  2 mr mr 4096 Oct  1 23:06 new
drwx------  5 mr mr 4096 Oct  1 23:06 .Sent
drwx------  2 mr mr 4096 Oct  1 23:06 tmp
me at mybox:~$

I really hope no mistake I made so far.

someFolder1 and someFolder2 are for two different servers I get my mail 
Will probably need to tell some more about them later if the thread 
when the problems I have are more fully explained/solved/expanded.

Now the dovecot. It has, in Debian, and I'm on weekly testing branch, 
up to date, actually last week's, that's just a little behind...  It 
15-mailboxes.conf like this (only pasting non-commented lines),


namespace inbox {
   mailbox Drafts {
     special_use = \Drafts
   mailbox Junk {
     special_use = \Junk
   mailbox Trash {
     special_use = \Trash
   mailbox Sent {
     special_use = \Sent

[ here is a time lapse of cca 5-10 hours ]

Well, since I began writing, I realized that I can get the namespace to 
properly, but exactly only without the above:
(I mean with all the lines above commented out)

It kept telling me this (in the logs I find):

Error: user me: Initialization failed: namespace configuration error: 
namespace prefix

Let me first say that it's I finally got closer to solution, and saw
directories with mutt as ~/Maildir/this/that instead of what maildirs 
~/Maildir/.this.that only after getting the following in the 


mail_location = maildir:~/Maildir:LAYOUT=fs
mail_plugins = acl quota

namespace {
   separator = /
   location = mbox:~/mail:INBOX=/var/mail/%u
   inbox = yes
   hidden = yes
   list = no
namespace {
   separator = /
   prefix =
   location = maildir:~/Maildir

It's what is recommended in <Namespaces.txt> on the wiki and maybe 
other places.
But only after the 15-mailboxes.conf was completely commented out.

Now I can view my mailbox from anywhere on my network, I guess (tried 
from the other
box and from the same box with mutt, it works!).

So namespace is solved I guess.

However, for my mail system to completely function in the right 
GNU/Linux way,
I have to get more GNU good things together in harmony. Naming some of 
other dovecot friends:

*getmail*, which hands on to *maildrop* for delivery...

And *postfix* with TLS for sending mail, via 465 port, *stunnel*... 
That bit feels
daunting to me, really...

This namespace thing also cost me a few ounces of raw nerves and some
occasional darkness in feelings...

The worse is still before my mind constantly: still not being able to 
send mail
the normal way, since the normal way is simply not in cleartext 
anymore... I
probably could just fine sent to port 25, but after all the political
persecution and censorship that as homeland-living dissident I suffered 
still suffer, I don't see that as a solution at all...

The obscured morale that I was upon me for a while is due to that 
connection not being yet set up... So, sending this from the web yet, I 
(prepared upfront, jealous of my time fixing systems that suffer from 
behavior or break whenever I'm longer online)...

However, since I have been writing this not really hoping to get the 
working in the process (quite a few days I spent on it, and weeks on 
system altogether, I can only hope to get the stunnel right if I really 
it as if attending university classes, I'm afraid, just like the 
hurdles that I
went finally past cost me real studying your manuals, my GNU freedom 

...And this message I having had started some five or ten hours ago [ 
the final broader picture paragraphs that are all in the beginning part 
of the
message; this very note is at the time of the very last proofreading ], 
now I
see that I went different direction before discovering the setup for 
that worked for me.

How I used maildirmake (it's the maildrop's not the dovecot's one) I 
but now see doesn't probably have much to do with the solution for 
namespace I

I leave it there though, because I need to fix the mailbox by 
refiltering it,
with the aid of the dovecot server, similar to how it is explained in:


Because I got some syntax wrong in ~/.mailfiler for the maildrop MDA, 
and then
I got some of those wrongly named (numbered, no a-z, only 0-9 digits in 
fake mailing-list folders that can be seen in my post on mutt 

(the .muttrc however is completely different now, sure, than in that 

I hope the main, the namespace dovecot part of this message may elicit
someone's advice, if they got past that phase with the 
15-mailboxes.conf at its
default. Or it is explained in the manuals I need to give a second or a 
read to understand them...

And I'll be back to report if I made ordered mails in my Maildir right 
with the
refiltering. Just pls. allow time, I'm a late adopter, I'm 56 years of 
can't make these things as quick as you youngsters do it.

Thanks for the fine Dovecot mail server!

Miroslav Rovis
Zagreb, Croatia

More information about the dovecot mailing list