System info: # 1.2.13: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-686-bigmem i686 Debian squeeze/sid .. mail_plugins: readonly ..
I have a requirement to have read-only to a mailbox. I have been researching through the wiki, the mailing list archives and good old Google. There was a number of similar questions with no real definitive answer.
Option 1: ACL This can work, but not if the mailbox(s) can change without you knowing how. I.E. a online read-only archive of someone else's mailbox. There is no wild-card or recursive ACL options. Rsync style backups don't allow for easy creation of custom ACL files per mailbox.
Option 2: Read-only filesystem (Linux) This seems easy, but it's not. the Seen flag and dovecot was trying to move the 'new' mail to the 'cur' folder.
how do you update your archive? I tried with a bind mount, this does not let you set the 'ro' option *directly*. You must then use "-o remount,ro" to get your read-only bind mount. This is a little messy (needs custom init scripts for mounting on boot), but do-able.
Dovecot needs write access to CONTROL and INDEX files. This lead me to using the "CONTROL" and "INDEX" options on the mail_locaiton. Setting these to the original 'rw' mount and the rest to my 'ro' bind mount. Again, messy but do-able.
Clients try to move messages from 'new' to 'cur' for Maildir. Every time I opened a maildir I got an error per mail (dovecot log) about read-only filesysem as the client was trying to set
My test client, mutt, has a 'read_only' option when connecting. This eliminates this issue, but I cannot get everyone to use this archive with a correctly configured mutt.
This sent me looking for 'read only' options in other clients. I could hardly find any. I noted that mutt send an EXAMINE and not a SELECT to open the mailbox when in read_only mode and this set me thinking about doing this in another way.
Option 3: Dovecot Plugin I started looking into the dovecot plugins. Being more a systems administrator than developer I have cobbled together a working plugin. It nearly does what I want, but not quite, and I don't know why. NOTE: I no longer use the setup that I had to test Options 1 and 2.
I thought that this plugin can either be used server-wide or with the 'mail_plugins' userdb option.
The plugin forces the MAILBOX_OPEN_READONLY flag in a mailbox_open() call. The plugin returns an error for all mailbox_create() calls.
Testing in mutt:
- I am unable to delete a mail
- I am unable to create a new folder So far so good. However:
- I am able to move/copy a mail to an *existing* mailbox (note, the move operation makes the copy but fails to set the 'delete' flag)
I do not understand why this works. I have been grep-ing through the source of dovecot and the plugins to find some answer, but without luck.
Attached is the full source to my plugin and the Makefile (adapted from Johannes Berg's antispam plugin Makefile)
When finished, I will be happy to release this to the dovecot community under the GPL/LGPL or whatever.
Regards
Chris