Hello, I am new to this list, so feel free to correct me if I do something wrong. I don't have a problem, just a question.
The RFC which covers IMAP ACLs [1] states that one of the standard rights is: l - lookup (mailbox is visible to LIST/LSUB commands, SUBSCRIBE mailbox)
If I have a shared or public namespace and have a mailbox for which I do not have lookup rights, Dovecot seems to do great with the LIST commands at not showing it to me.
Two things I noticed though: SUBSCRIBE-ing to the mailbox is still successful LSUB will list mailboxes which I do not have lookup rights to
I imagine the first issue is easy enough to correct since it's just another check before actually subscribing. The second issue seems a little more difficult in my mind since Dovecot seems to just dump the subscription files to the client without checking whether the mailbox is allowed or not. I imagine a similar issue popped up with the LIST command and that's why the dovecot-acl-list files exist.
Anyway, am I right in my observations, or am I completely overlooking something obvious?
Thanks!
Willie
[1] http://tools.ietf.org/html/rfc4314#section-2.1 Dovecot's wiki also indicates support for this in http://wiki1.dovecot.org/ACL#ACL_files
I'm using version 1.2.9 with the acl and imap_acl mail_plugins in case that matters.