Hi, unfortunately I found a bug in Dovecot's ACL handling for shared mailboxes. It turns out Dovecot doesn't enforce lower casing the privileged username to whom the mailbox should be shared to. This results in a invalid configuration. Users get confused, since they passed on a valid email address in their ACL setup. /usr/local/www/default/mail/test at mydomain.localdomain/maildir/.Spam/dovecot-acl user=leander at mydomain.localdomain eilrwts ^^ works /usr/local/www/default/mail/leander at mydomain.localdomain/maildir/dovecot-acl user=test at mydomain.localdomain eilrwts ^^ works /usr/local/www/default/mail/test at mydomain.localdomain/maildir/.Drafts/dovecot-acl user=Leander at MyDomain.LocalDomain eilrwts ^^ Doesn't work Best regards Leander Sch?fer
On 16.09.2016 12:54, Leander Sch?fer wrote:> Hi, > > unfortunately I found a bug in Dovecot's ACL handling for shared > mailboxes. It turns out Dovecot doesn't enforce lower casing the > privileged username to whom the mailbox should be shared to. This > results in a invalid configuration. Users get confused, since they > passed on a valid email address in their ACL setup. > > /usr/local/www/default/mail/test at mydomain.localdomain/maildir/.Spam/dovecot-acl > > user=leander at mydomain.localdomain eilrwts > ^^ works > > /usr/local/www/default/mail/leander at mydomain.localdomain/maildir/dovecot-acl > > user=test at mydomain.localdomain eilrwts > ^^ works > > /usr/local/www/default/mail/test at mydomain.localdomain/maildir/.Drafts/dovecot-acl > > user=Leander at MyDomain.LocalDomain eilrwts > ^^ Doesn't work > > Best regards > Leander Sch?ferHi! Did you know you can use %Lu instead of %u to force lowercasing? Aki
On 9/16/2016 6:53 AM, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:> On 16.09.2016 12:54, Leander Sch?fer wrote: >> user=Leander at MyDomain.LocalDomain eilrwts >> ^^ Doesn't work> Hi! Did you know you can use %Lu instead of %u to force lowercasing?In my opinion this should be the default...
Hi Aki, Thanks for your advice. Yes, I'm aware of this. Yet lowercasing should be the default since Dovecot 2.1.x., isn't it? Yet I wouldn't know where exactly to implement this %L, since the ACLs are set through IMAP commands through the users mailclient like Thunderbird. So in other words, the email address to whom the user want to grant ACLs provided by the user's mailclient, has nothing to do with my auth backend where e.g. %u => %Lu would apply. PLease correct me if I'm wrong here. It clearly looks like a bug of the internal processing of the "dovecot-acl-list" files. It simply lacks on a lowercase enforcement in the code, like it already seems to do for the "dovecot-acl" file. Best regards Leander Sch?fer Am 16.09.16 um 12:53 schrieb Aki Tuomi:> > On 16.09.2016 12:54, Leander Sch?fer wrote: >> Hi, >> >> unfortunately I found a bug in Dovecot's ACL handling for shared >> mailboxes. It turns out Dovecot doesn't enforce lower casing the >> privileged username to whom the mailbox should be shared to. This >> results in a invalid configuration. Users get confused, since they >> passed on a valid email address in their ACL setup. >> >> /usr/local/www/default/mail/test at mydomain.localdomain/maildir/.Spam/dovecot-acl >> >> user=leander at mydomain.localdomain eilrwts >> ^^ works >> >> /usr/local/www/default/mail/leander at mydomain.localdomain/maildir/dovecot-acl >> >> user=test at mydomain.localdomain eilrwts >> ^^ works >> >> /usr/local/www/default/mail/test at mydomain.localdomain/maildir/.Drafts/dovecot-acl >> >> user=Leander at MyDomain.LocalDomain eilrwts >> ^^ Doesn't work >> >> Best regards >> Leander Sch?fer > Hi! Did you know you can use %Lu instead of %u to force lowercasing? > > Aki