Alex Cherniak
2013-Mar-07 17:10 UTC
[Dovecot] ACL to make mailboxes populated by master account Read Only for regular users.
We have a solution using Dovecot as a secondary mail archive. All mailboxes
are populated/groomed by master account and the actual users have only read
access.
This is achieved by a simple ACL approach.
dovecot.conf has
protocol imap { mail_plugins = acl quota imap_quota zlib }
plugin { acl = vfile:/etc/dovecot/acls:cache_secs=300 }
/etc/dovecot/acls/.DEFAULT file is trivial:
user=master lrwstipekxa
owner lr
It used to work with Dovecot 2.0.4 for years, but after upgrade to 2.0.18
users now have full access to folders created by master account and can
delete, add and move mails.
Should it behave this way? How can I "secure" mailboxes again? Any
help
is appreciated.
Timo Sirainen
2013-Mar-20 17:25 UTC
[Dovecot] ACL to make mailboxes populated by master account Read Only for regular users.
On 7.3.2013, at 19.10, Alex Cherniak <acherniak at gmail.com> wrote:> We have a solution using Dovecot as a secondary mail archive. All mailboxes > are populated/groomed by master account and the actual users have only read > access. > This is achieved by a simple ACL approach. > dovecot.conf has > protocol imap { mail_plugins = acl quota imap_quota zlib } > plugin { acl = vfile:/etc/dovecot/acls:cache_secs=300 } > > /etc/dovecot/acls/.DEFAULT file is trivial: > user=master lrwstipekxa > owner lr > > It used to work with Dovecot 2.0.4 for years, but after upgrade to 2.0.18 > users now have full access to folders created by master account and can > delete, add and move mails. > > Should it behave this way? How can I "secure" mailboxes again? Any help > is appreciated.I don't remember how it used to work, but it was never intended to work the way you use it. It probably didn't even fully work the way you thought it did. The .DEFAULT name is also misleading. Dovecot unfortunately still doesn't support "default ACLs".