https://stefanorivera.com/enContents © 2026 <a href="mailto:stefano@rivera.za.net">Stefano Rivera</a> <a rel="license" href="https://creativecommons.org/licenses/by-sa/4.0/"> <img alt="Creative Commons License BY-SA" class="cc-license-button" src="/assets/img/cc-by-sa-4.0.svg"></a>Fri, 01 May 2026 14:29:42 GMTNikola (getnikola.com)http://blogs.law.harvard.edu/tech/rsshttps://stefanorivera.com/posts/2007/10/03/dovecot-shared-mailboxes-correct-way/Stefano Rivera<p>I've just implemented shared mailboxes in <a href="https://www.dovecot.org/">dovecot</a> (which rocks, btw). It isn't difficult, but I don't think it's very <a href="https://wiki.dovecot.org/SharedMailboxes">well documented</a>...</p> <p>The preferred way to do this is with IMAP <a href="https://wiki.dovecot.org/Namespaces">Namespaces</a>. My natural approach would be to create something like a Maildir tree <code>/srv/mail/shared</code>, and make this the "public" namespace. Then set filesystem permissions on subtrees of that, to define who can see what. Unfortunately, dovecot uses strict Maildir++, and won't let you create mailboxes inside each other (on the filesystem) <code>/Foo/Bar</code> is stored as a Maildir called <code>.Foo.Bar</code>, so subtrees don't exist, so this isn't an option. The up-comming <a href="https://wiki.dovecot.org/MailboxFormat/dbox">dbox</a> format should allow something like this, but it isn't usable yet.</p> <p>My solution was to create multiple namespaces. One for each shared mailbox. Users are given permission to use them via file-system permissions (i.e. group membership), example:</p> <div class="code"><pre class="code literal-block">#<span class="w"> </span><span class="nv">Default</span><span class="w"> </span><span class="nv">namespace</span>,<span class="w"> </span><span class="nv">needed</span><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="nv">you</span><span class="w"> </span><span class="nv">add</span><span class="w"> </span><span class="nv">namespaces</span> <span class="nv">namespace</span><span class="w"> </span><span class="nv">private</span><span class="w"> </span>{ <span class="w"> </span><span class="nv">prefix</span><span class="w"> </span><span class="o">=</span> <span class="w"> </span><span class="nv">separator</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="o">/</span> <span class="w"> </span><span class="nv">index</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">yes</span> } #<span class="w"> </span><span class="nv">Office</span><span class="w"> </span><span class="nv">inbox</span>,<span class="w"> </span><span class="nv">available</span><span class="w"> </span><span class="nv">to</span><span class="w"> </span><span class="nv">receptionists</span>,<span class="w"> </span><span class="nv">office</span><span class="w"> </span><span class="nv">managers</span>,<span class="w"> </span><span class="nv">and</span><span class="w"> </span><span class="nv">directors</span>: <span class="nv">namespace</span><span class="w"> </span><span class="nv">public</span><span class="w"> </span>{ <span class="w"> </span><span class="nv">prefix</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">office</span><span class="o">/</span> <span class="w"> </span><span class="nv">separator</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="o">/</span> <span class="w"> </span><span class="nv">location</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">maildir</span>:<span class="o">/</span><span class="nv">srv</span><span class="o">/</span><span class="nv">mail</span><span class="o">/</span><span class="nv">office</span><span class="o">/</span>.<span class="nv">Maildir</span>:<span class="nv">CONTROL</span><span class="o">=~/</span>.<span class="nv">Maildir</span><span class="o">/</span><span class="nv">control</span><span class="o">/</span><span class="nv">office</span>:<span class="nv">INDEX</span><span class="o">=~/</span>.<span class="nv">Maildir</span><span class="o">/</span><span class="nv">index</span><span class="o">/</span><span class="nv">office</span> <span class="w"> </span><span class="nv">hidden</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">no</span> } #<span class="w"> </span><span class="nv">Umask</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="nv">shared</span><span class="w"> </span><span class="nv">folders</span> <span class="nv">umask</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">0007</span> </pre></div> <p>Setting <code>CONTROL</code> and <code>INDEX</code> mean that dovecot's metadata is stored in the user's personal Maildir, so users who don't have permission to see the shared mailbox don't get errors.</p> <p>The permissions of the mailbox should be done as follows:</p> <div class="code"><pre class="code literal-block"><span class="err">#</span><span class="w"> </span><span class="nx">touch</span><span class="w"> </span><span class="o">/</span><span class="nx">srv</span><span class="o">/</span><span class="nx">mail</span><span class="o">/</span><span class="nx">office</span><span class="o">/</span><span class="nx">dovecot</span><span class="o">-</span><span class="nx">shared</span> <span class="err">#</span><span class="w"> </span><span class="nx">chown</span><span class="w"> </span><span class="o">-</span><span class="nx">R</span><span class="w"> </span><span class="nx">mail</span><span class="p">.</span><span class="nx">office</span><span class="o">-</span><span class="nx">mailbox</span><span class="w"> </span><span class="o">/</span><span class="nx">srv</span><span class="o">/</span><span class="nx">mail</span><span class="o">/</span><span class="nx">office</span> <span class="err">#</span><span class="w"> </span><span class="nx">find</span><span class="w"> </span><span class="o">/</span><span class="nx">srv</span><span class="o">/</span><span class="nx">mail</span><span class="o">/</span><span class="nx">office</span><span class="w"> </span><span class="o">-</span><span class="k">type</span><span class="w"> </span><span class="nx">d</span><span class="w"> </span><span class="o">-</span><span class="nx">print0</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">xargs</span><span class="w"> </span><span class="o">-</span><span class="mi">0</span><span class="w"> </span><span class="nx">chmod</span><span class="w"> </span><span class="mi">2770</span><span class="w"> </span> <span class="err">#</span><span class="w"> </span><span class="nx">find</span><span class="w"> </span><span class="o">/</span><span class="nx">srv</span><span class="o">/</span><span class="nx">mail</span><span class="o">/</span><span class="nx">office</span><span class="w"> </span><span class="o">-</span><span class="k">type</span><span class="w"> </span><span class="nx">f</span><span class="w"> </span><span class="o">-</span><span class="nx">print0</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">xargs</span><span class="w"> </span><span class="o">-</span><span class="mi">0</span><span class="w"> </span><span class="nx">chmod</span><span class="w"> </span><span class="mi">660</span> </pre></div> <p>If you want a common subscription list, you have to manually symlink:</p> <div class="code"><pre class="code literal-block"># ln -s /srv/mail/office/subscriptions ~luser/.Maildir/control/office/ </pre></div> <p>Seems to work well. (at least with thunderbird)</p>debiandovecotimapimap-namespacelinuxshared-mailboxsysadminubuntuhttp://tumbleweed.org.za/2007/10/03/dovecot-shared-mailboxes-correct-wayWed, 03 Oct 2007 20:39:30 GMT