We're using Dovecot 1.0.3, and I'm setting up some shared IMAP folders. The eventual goal is to do the standard "learn as spam" / "learn as ham" type of setup, with some cron jobs to do the message extractions.
But there's one minor twist: the "learn as ham" folder will need to be write-only for users. (I'll either create a fake user with read access to extract the mail for sa-learn, or do some local filesystem access, etc. A problem for a future day.) The issue is that some of the mail being misclassified might contain sensitive information. So users should be able to copy messages into that folder, but not list or read other messages. (Yes, they will be removed from the folder by the future sa-learn script, don't worry.)
I can get normal operation with the ACL plugin and a global ACL file:
# "TestTwo" mailbox acl file:
authenticated lrwik- OK Dovecot ready. 1 login ........ 1 OK Logged in. 2 list "" *
- LIST (\Noselect \HasChildren) "." "Testing/"
- LIST (\HasNoChildren) "." "Testing/TestTwo"
- LIST (\HasNoChildren) "." "Testing/TestOne" 2 OK List completed. 3 select "Testing/TestTwo"
- FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
- OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted.
- 0 EXISTS
- 0 RECENT
- OK [UIDVALIDITY 1189458953] UIDs valid
- OK [UIDNEXT 1] Predicted next UID 3 OK [READ-WRITE] Select completed.
Now, I change the TestTwo acl file to read
authenticated lwikbut can no longer subscribe to the folder:
1 login ........ 1 OK Logged in. 2 list "" *
- LIST (\Noselect \HasChildren) "." "Testing/"
- LIST (\HasNoChildren) "." "Testing/TestTwo"
- LIST (\HasNoChildren) "." "Testing/TestOne" 2 OK List completed. 3 subscribe "Testing/TestTwo" 3 NO Permission denied
According to http://wiki.dovecot.org/ACL, the 'l' flag means "Mailbox is visible in mailbox list. Mailbox can be subscribed to." but the second part of that statement is not actually happening.
Is this a misunderstanding on my part, or a bug?
-- Phil Edwards