Marcus Rueckert wrote:
On 2010-08-25 11:59:06 +0200, Chris Moules wrote:
System info: # 1.2.13: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-686-bigmem i686 Debian squeeze/sid .. mail_plugins: readonly ..
I have a requirement to have read-only to a mailbox. I have been researching through the wiki, the mailing list archives and good old Google. There was a number of similar questions with no real definitive answer.
Option 1: ACL This can work, but not if the mailbox(s) can change without you knowing how. I.E. a online read-only archive of someone else's mailbox. There is no wild-card or recursive ACL options. Rsync style backups don't allow for easy creation of custom ACL files per mailbox.
acls are stored in dovecot-acls files either inside the mailbox or in /etc/dovecot. so you can preserve them easily with rsync style backup.
Yes, I am aware of that. It is more the creation of ACL's on the *destination* that don't exist in the source. Any new mailbox that would be created on the source server would need an ACL file created for it on the destination server after being sync'ed.
- Dovecot needs write access to CONTROL and INDEX files. This lead me to using the "CONTROL" and "INDEX" options on the mail_locaiton. Setting these to the original 'rw' mount and the rest to my 'ro' bind mount. Again, messy but do-able.
Just for the record: you can configure CONTROL and INDEX seperately. see below.
I thought that I stated that. I believe that I had set 'INDEX=MEMORY' and CONTROL=/home/vmail/%d/%u/Maildir The home was set to the bind mount of /mail/vmail/%d/%u/ mail_locaiton was maildir:~/Maildir
my solution for a similar problem:
[[[ namespace public { separator = /
# Mailboxes are visible under "shared/user@domain/" # %%n, %%d and %%u are expanded to the destination user. prefix = archive/
# Mail location for other users' mailboxes. Note that %variables and ~/ # expands to the logged in user's data. %%n, %%d, %%u and %%h expand to the # destination user's data. location = maildir:/srv/mail/archive:INDEX=/srv/mail/%u/shared/%%u:CONTROL=/srv/mail/%u/shared
# Use the default namespace for saving subscriptions. subscriptions = yes
# List the shared/ namespace only if there are visible shared mailboxes. list = children } ]]]
only my mail archive user can deliver mails into that namespace (via ACL (p)). all other users only have read permissions, as index/control are per user, each user can have their own flags (like seen).
shouldnt this give you exactly what you want?
This seems to be solving a different problem to mine. I need, something like a mirror of accounts, on a separate server that gives the user read-only access to the content. The data is not public. I should only be accessible to the authorised user. The input to this archive is the 'original' live maildir, so I do not have control over the creation of folders, etc. This causes problems with dovecot ACL inheritance as the mailbox is not created via the dovecot server with the ACLs.
Regards
Chris