mail skill: add Cyrus admin, subscriptions, Roundcube notes

- cyradm via admin user 'cyrus' (PLAIN auth) - Internal mailbox naming with ^ escape for . in usernames - IMAP admin proxy via SASL authzid for cross-user operations - .sub subscription files (not auto-updated on renm) - Roundcube SPECIAL-USE folders, legacy ACL on domain migration - autocreate triggers ONLY on INBOX creation Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

mail skill: add Cyrus admin, subscriptions, Roundcube notes
588ca4fd · Vitaly Lipatov · d3f7ab04 · 588ca4fd
Commit 588ca4fd authored May 13, 2026 by Vitaly Lipatov
Hide whitespace changes
Inline Side-by-side

Showing with 25 additions and 1 deletion

SKILL.md .claude/skills/mail/SKILL.md +25 -1

No files found.
--- a/.claude/skills/mail/SKILL.md
+++ b/.claude/skills/mail/SKILL.md
@@ -38,7 +38,31 @@ mysql --skip-ssl -h mysql.auth.dmz.etersoft.ru -u mail -p'VaQLNsXnyp3KVK4e' mail
 Tables: `accountuser` (auth), `virtual` (aliases), `domain` (domains)

 ## Cyrus autocreate
-`autocreate_inbox_folders: Drafts|Junk|Sent|Trash` (separator is `|`, NOT space!)
+`autocreate_inbox_folders: Archive|Drafts|Junk|Sent|Trash` (separator is `|`, NOT space!)
+- Triggers ONLY on INBOX creation (new users). Existing users do NOT get new folders on next login — must create manually.
+
+## Cyrus admin (cyradm)
+- Admin user is `cyrus` (no `@domain`). Password lives in `accountuser` table as `cyrus@mail.etersoft.ru`.
+- `cyradm --user cyrus --auth PLAIN --password '...' localhost` — admin sees all mailboxes.
+- Authenticating as `cyrus@mail.etersoft.ru` works for SASL but is NOT in `admins:` list → no admin rights, `lm` returns nothing.
+- Path syntax: `unixhierarchysep: 1` + `altnamespace: 1` → use `/` separator and `@domain` suffix: `user/NAME/FOLDER@office.etersoft.ru`.
+- Internal mailbox naming uses `.` separator with `^` as escape for `.` in usernames: e.g. user `artem.asb` → internal `user.artem^asb` (FS path `.../user/artem^asb/`). cyradm uses `user/artem.asb/` (with the `.`).
+- `dm` may fail with `SPECIAL-USE flag conflict` (folder has `\Junk` flag) or `Permission denied` (admin not in ACL). Workaround: `sam <mbox> cyrus all` first, then `dm`.
+- `cm` inherits parent's ACL — for shared/admin-managed mailboxes (e.g. `wine-devel`), the new subfolder won't have the user in ACL. Set ACL after `cm`.
+
+## IMAP admin proxy (act as user)
+SASL PLAIN with authzid: `\0<user>@<domain>\0cyrus\0<password>`. Lets you SELECT/COPY/DELETE in another user's mailbox without their password. Useful for cross-folder message moves (cyradm has no copy-messages-between-folders).
+
+## Subscriptions
+- File: `/var/lib/imap/domain/<H>/<DOMAIN>/<hash>/user/<name>.sub`, one mailbox per line in internal name format `<domain>!user.<name>.<folder>`.
+- After mailbox `renm`, `.sub` files are NOT auto-updated → bulk `sed` to rewrite references.
+- For new mailboxes (`cm`), users are NOT auto-subscribed (only autocreate triggers subscription). Use IMAP `SUBSCRIBE` via admin proxy.
+
+## Roundcube
+- DB: `mysql.dmz.etersoft.ru/eter_roundcube` (creds in `/etc/roundcube/config.inc.php` on 10.20.30.66).
+- `users.preferences` = PHP serialized. Per-user `junk_mbox`/`archive_mbox` override globals.
+- Standard folder name conventions: `Junk` (RFC 6154 SPECIAL-USE `\Junk`), `Archive` (singular). `create_default_folders=false` → relies on Cyrus autocreate. `protect_default_folders=true` → user can't delete.
+- Domain migration legacy: some mailboxes have `office.etersoft.ru!user.X` ACL'd to `user@etersoft.ru` (old domain). Need explicit `sam ... user@office.etersoft.ru lrswipkxtecdan` to grant access.

 ## Logs
 - Mail: `/var/log/mail/all`, `/var/log/maillog`