Hide public mailboxes from some users
Arie Peterson
ariep at xs4all.nl
Sun Aug 27 01:07:08 EEST 2017
Hi all,
I'm trying to set up public mailboxes for a subset of my users. This is on
dovecot 2.2.27.
I've created a new public namespace, and the new mailboxes indeed show up for
everyone. So far so good. Now I want to restrict access: these mailboxes
shouldn't be visible at all except to a fixed list of users. This part I can't
seem to get working.
I've added acl data along these lines:
```
pubbox anyone
pubbox/* anyone
pubbox user=me at example.com lrwstipekxa
pubbox/* user=me at example.com lrwstipekxa
```
However, other users can still see "pubbox" and its subfolders, although they
can't actually view the contents. This is corroborated by some of the output
of `doveadm mailbox list`:
```
# doveadm -D mailbox list -u other at example.com
…
doveadm(other at example.com): Debug: Namespace : type=public, prefix=pubbox/,
sep=/, inbox=no, hidden=no, list=children, subscriptions=no
…
doveadm(other at example.com): Debug: Mailbox 'pubbox/Drafts' matches global ACL
pattern 'pubbox/*'
doveadm(other at example.com): Debug: Mailbox 'pubbox/Drafts' matches global ACL
pattern 'pubbox/*'
doveadm(other at example.com): Debug: acl vfile: reading file
/mnt/data/mail/example.com/public/pubbox/mail/Drafts/dovecot-acl
doveadm(other at example.com): Debug: acl: No lookup right to mailbox:
pubbox/Drafts
doveadm(other at example.com): Debug: Mailbox 'pubbox/Sent' matches global ACL
pattern 'pubbox/*'
doveadm(other at example.com): Debug: Mailbox 'pubbox/Sent' matches global ACL
pattern 'pubbox/*'
doveadm(other at example.com): Debug: acl vfile: reading file
/mnt/data/mail/example.com/public/pubbox/mail/Sent/dovecot-acl
doveadm(other at example.com): Debug: acl: No lookup right to mailbox:
pubbox/Sent
doveadm(other at example.com): Debug: Mailbox 'pubbox' matches global ACL pattern
'pubbox'
doveadm(other at example.com): Debug: Mailbox 'pubbox' matches global ACL pattern
'pubbox'
doveadm(other at example.com): Debug: acl vfile: reading file
/mnt/data/mail/example.com/public/pubbox/mail/dovecot-acl
pubbox
pubbox/Drafts
pubbox/Sent
INBOX
```
Why do these "pubbox/*" mailboxes show up in the `mailbox list` output, even
though the debug messages say that the user has no lookup right for them?
`doveadm acl rights` seems to confirm that `other at example.com` does not have
the lookup right for these mailboxes. So why do they show up in their email
clients anyway?
Thanks for any advice!
More information about the dovecot
mailing list