Hide public mailboxes from some users

Arie Peterson ariep at xs4all.nl
Sun Aug 27 01:07:08 EEST 2017


Hi all,


I'm trying to set up public mailboxes for a subset of my users. This is on 
dovecot 2.2.27.

I've created a new public namespace, and the new mailboxes indeed show up for 
everyone. So far so good. Now I want to restrict access: these mailboxes 
shouldn't be visible at all except to a fixed list of users. This part I can't 
seem to get working.

I've added acl data along these lines:

```
pubbox anyone 
pubbox/* anyone 

pubbox user=me at example.com lrwstipekxa
pubbox/* user=me at example.com lrwstipekxa
```

However, other users can still see "pubbox" and its subfolders, although they 
can't actually view the contents. This is corroborated by some of the output 
of `doveadm mailbox list`:

```
# doveadm -D mailbox list -u other at example.com
…
doveadm(other at example.com): Debug: Namespace : type=public, prefix=pubbox/, 
sep=/, inbox=no, hidden=no, list=children, subscriptions=no
…
doveadm(other at example.com): Debug: Mailbox 'pubbox/Drafts' matches global ACL 
pattern 'pubbox/*'
doveadm(other at example.com): Debug: Mailbox 'pubbox/Drafts' matches global ACL 
pattern 'pubbox/*'
doveadm(other at example.com): Debug: acl vfile: reading file 
/mnt/data/mail/example.com/public/pubbox/mail/Drafts/dovecot-acl
doveadm(other at example.com): Debug: acl: No lookup right to mailbox: 
pubbox/Drafts
doveadm(other at example.com): Debug: Mailbox 'pubbox/Sent' matches global ACL 
pattern 'pubbox/*'
doveadm(other at example.com): Debug: Mailbox 'pubbox/Sent' matches global ACL 
pattern 'pubbox/*'
doveadm(other at example.com): Debug: acl vfile: reading file 
/mnt/data/mail/example.com/public/pubbox/mail/Sent/dovecot-acl
doveadm(other at example.com): Debug: acl: No lookup right to mailbox: 
pubbox/Sent
doveadm(other at example.com): Debug: Mailbox 'pubbox' matches global ACL pattern 
'pubbox'
doveadm(other at example.com): Debug: Mailbox 'pubbox' matches global ACL pattern 
'pubbox'
doveadm(other at example.com): Debug: acl vfile: reading file 
/mnt/data/mail/example.com/public/pubbox/mail/dovecot-acl
pubbox
pubbox/Drafts
pubbox/Sent
INBOX
```

Why do these "pubbox/*" mailboxes show up in the `mailbox list` output, even 
though the debug messages say that the user has no lookup right for them? 

`doveadm acl rights` seems to confirm that `other at example.com` does not have 
the lookup right for these mailboxes. So why do they show up in their email 
clients anyway?


Thanks for any advice!


More information about the dovecot mailing list