Marcus Rueckert wrote:
This seems to be solving a different problem to mine. I need, something like a mirror of accounts, on a separate server that gives the user read-only access to the content. The data is not public. I should only be accessible to the authorised user. The input to this archive is the 'original' live maildir, so I do not have control over the creation of folders, etc. This causes problems with dovecot ACL inheritance as the mailbox is not created via the dovecot server with the ACLs.
Marcus,
thanks again for the reply.
you can specify default ACLs in /etc/dovecot/acls?
I did try this. Again, the issue being that they are not inherited to sub-folders, so a ACL for the INBOX is not used for all folders. You need a global ACL file named for each folder name. So if a client creates a folder called "My banana photo collection" you would need a file "/etc/dovecot/acls/My banana photo collection" with something like "authenticated rl"
It is not possible to have a global ACL for every possible folder name.
i suggest playing around with mail_debug and see what ACL files it tries to load.
and the name "public" for the namespace is confusing. it is not really public. only people with ACL entries can read from it. (yes i tested this)
but unlike shared namespaces it is not user specific (e.g. "shared/foo@bar/INBOX")
darix
I have experimented with the ACL options. It could be do-able but it seemed a *lot* harder to get that right than to have a little plugin on a 'archive/recover' server.
Regards
Chris