[Dovecot] Why SETACL accepts non-existant users (was Re: Why are ACLs for non-existent mailboxes accepted?)

Michael M Slusarz slusarz at curecanti.org
Tue Feb 25 01:04:40 UTC 2014


Quoting Boris <da-dovecotlist-15 at abelonline.de>:

> On Friday 21 February 2014 08:54:34 Steffen Kaiser wrote:
>> On Thu, 20 Feb 2014, Boris wrote:
>> > On Thursday 20 February 2014 20:45:32 Boris wrote:
>> >> Dovecot 2.2.9-1 accepts SETACL commands that share mailboxes to
>> >> non-existent mailboxes. There is no error message. Is this intended
>> >> behavior?
>>
>> There is a "false friend" here. A "mailbox" in the tongue of many English
>> speakers is an IMAP folder, the mailbox file all mails had been appended
>> together in the old times, when mbx or mbox mail storage format was
>> common. In Germany many people use "Mailbox" as the collection of all IMAP
>> folders of one account.
>>
>> So the question is why Dovecot accepts non-existant _users_ as you wrote
>> in your last line.
>>
>> > I probably found the solution myself. Quoting RFC 4314:
>> No, because of mailbox != Mailbox.
>
> So what is the reason then?

There is nothing in RFC 4314 that requires the mailbox to exist.

SETACL only returns NO if you "can't set acl".  But "can't set acl" !=  
"mailbox has to exist".  Example: a server can allow pre-setting ACLs  
for mailboxes that MAY be created in the future.  Perfectly legal  
according to the spec.

RFC 3501 defines the commands needed to check for mailbox existence.   
If you are trying to use ACL commands to determine mailbox existence  
you are doing it wrong.

michael



More information about the dovecot mailing list