Setting up a public read-only mailing list archive
This HOWTO:
- applies only to v1.1. With some changes it should work for v1.0 too, but some features will be missing and there may be some other minor problems.
- assumes using mbox files, because mailing lists are usually stored as a single mbox file.
assumes everything is under /var/home and chroots there.
uses Squat full text search to improve search performance.
Settings
The important settings:
valid_chroot_dirs = /var/home
mail_location = mbox:~/mail:INDEX=~/index:CONTROL=~/control
mbox_very_dirty_syncs = yes
mail_plugins = fts fts_squat acl
# Show remote IP in log lines, because %u will always be just "anonymous"
mail_log_prefix = %Us(%r):
auth default {
mechanisms = plain anonymous
user = nobody
passdb passwd-file {
args = /etc/anon.passwd
}
userdb passwd-file {
args = /etc/anon.passwd
}
}
plugin {
acl = vfile
fts = squat
fts_squat = full=12
}
User database
/etc/anon.passwd uses UID 501 and GID 501, chroots user to /var/home and allows logins for anonymous with any password:
anonymous:{PLAIN}:501:501::/var/home/./anonymous::nopassword=1
Filesystem
UID 501 is "anondove".
/var/home/anonymous# ls -la drwxr-xr-x 5 anondove root 4096 Mar 20 15:02 ./ drwxr-xr-x 3 root root 4096 May 25 15:43 control/ drwxr-xr-x 3 anondove root 4096 Oct 7 2006 index/ dr-xr-xr-x 2 anondove root 4096 Oct 6 2006 mail/
Control directory
/var/home/anonymous/control# ls -la drwxr-xr-x 3 root root 4096 May 25 15:43 ./ drwxr-xr-x 3 anondove root 4096 Mar 20 14:39 .imap/ -rw-r--r-- 1 root root 33 May 25 15:43 .subscriptions
Create the .subscriptions file manually to contain all the mailboxes you. Note that the control directory isn't writable by anondove, so that the subscriptions can't be changed.
The .imap/ directory is for ACLs. If you want to use the same read-only ACLs for all mailboxes, symlinks can be used:
/var/home/anonymous/control/.imap# ls -l drwxr-xr-x 2 anondove root 4096 Mar 20 14:38 dovecot/ lrwxrwxrwx 1 root root 7 Mar 20 14:38 dovecot-cvs -> dovecot/ lrwxrwxrwx 1 root root 7 Mar 20 14:39 dovecot-news -> dovecot/
/var/home/anonymous/control/.imap# cat dovecot/dovecot-acl owner rl
Mail directory
/var/home/anonymous/mail# ls -la dr-xr-xr-x 2 anondove root 4096 May 25 15:49 ./ lrwxrwxrwx 1 anondove root 40 May 20 2007 dovecot -> ../../archives/dovecot.mbox/dovecot.mbox lrwxrwxrwx 1 anondove root 48 May 20 2007 dovecot-cvs -> ../../archives/dovecot-cvs.mbox/dovecot-cvs.mbox lrwxrwxrwx 1 anondove root 50 May 20 2007 dovecot-news -> ../../archives/dovecot-news.mbox/dovecot-news.mbox -r--r--r-- 1 anondove root 0 Oct 6 2006 inbox
- INBOX must always exists even if it's empty. Make sure it's not writable.
- Make sure the mail directory isn't writable so users can't create new mailboxes.
The mboxes can be placed in the directory itself, or symlinks can be used. Above you'll see that mailman places all Dovecot archives under /var/home/archives. Make sure none of these files are writable by anondove.
Initial index fills
To make sure the first user using your archive gets good performance, log in via IMAP and execute the following commands for each mailbox:
# telnet localhost 143 1 login anonymous pass 2 select mailinglist 3a fetch 1:* (bodystructure envelope rfc822.size internaldate) 3b fetch 1:* (bodystructure envelope rfc822.size internaldate) 4a thread references us-ascii all 4b thread references us-ascii all 5 search text blahblah
The FETCH and THREAD commands are executed twice to make sure Dovecot's caching decisions stick.