[Dovecot] Users w/o acl access appear to be subscribed to public folders (1.1b8)

Adam McDougall mcdouga9 at egr.msu.edu
Wed Nov 21 05:20:49 EET 2007


I noticed this today, I had a user outside of our department test out
dovecot.  They were using squirrelmail and I noticed that dovecot thinks
this user is subscribed to ALL public folders even though a dovecot 
ACL prevents all access.  I'm pretty sure access is still denied.  
I was able to reproduce this with a guest account I added:

l lsub "" "#shared/decs/%"
* LSUB (\Noselect) "/" "#shared/decs/linuxadmin"
* LSUB (\Noselect) "/" "#shared/decs/jbossadmin"
* LSUB () "/" "#shared/decs/support"
* LSUB () "/" "#shared/decs/receipts"
* LSUB (\Noselect) "/" "#shared/decs/pcadmin"
* LSUB () "/" "#shared/decs/network"
* LSUB (\Noselect) "/" "#shared/decs/printmaster"
* LSUB () "/" "#shared/decs/postmaster"
* LSUB (\Noselect) "/" "#shared/decs/unixadmin"
* LSUB () "/" "#shared/decs/security"
* LSUB (\Noselect) "/" "#shared/decs/webmaster"
l OK Lsub completed.

This only seems to happen when the acl plugin is enabled.  Without the acl
plugin, these are not listed as subscriptions.
After deleting /egr/mail/shared/decs/dovecot-acl-list and re-enabling the 
acl plugin, I get this:

l lsub "" "#shared/decs/%"
* LSUB () "/" "#shared/decs/unixadmin"
* LSUB () "/" "#shared/decs/support"
* LSUB () "/" "#shared/decs/security"
* LSUB () "/" "#shared/decs/printmaster"
* LSUB () "/" "#shared/decs/postmaster"
* LSUB () "/" "#shared/decs/pcadmin"
* LSUB () "/" "#shared/decs/network"
* LSUB () "/" "#shared/decs/linuxadmin"
* LSUB () "/" "#shared/decs/webmaster"
* LSUB () "/" "#shared/decs/jbossadmin"
l OK Lsub completed.

Is it related, or is it different just because a new dovecot-acl-list got
created by another user already (but is mode 700?)


More information about the dovecot mailing list