[Dovecot] ACL to make mailboxes populated by master account Read Only for regular users.

7 Mar 2013


      We have a solution using Dovecot as a secondary mail archive. All mailboxes
are populated/groomed by master account and the actual users have only read
access.
This is achieved by a simple ACL approach.
dovecot.conf has
protocol imap { mail_plugins = acl quota imap_quota zlib }
plugin { acl = vfile:/etc/dovecot/acls:cache_secs=300 }
/etc/dovecot/acls/.DEFAULT file is trivial:
user=master lrwstipekxa
owner lr
It used to work with Dovecot 2.0.4 for years, but after upgrade to 2.0.18
users now have full access to folders created by master account and can
delete, add and move mails.
Should it behave this way? How can I "secure" mailboxes again? Any help
is appreciated.

[Dovecot] ACL to make mailboxes populated by master account Read Only for regular users.

Alex Cherniak