Hi all,
I'm trying to set up public mailboxes for a subset of my users. This is on dovecot 2.2.27.
I've created a new public namespace, and the new mailboxes indeed show up for everyone. So far so good. Now I want to restrict access: these mailboxes shouldn't be visible at all except to a fixed list of users. This part I can't seem to get working.
I've added acl data along these lines:
pubbox anyone
pubbox/* anyone
pubbox user=me@example.com lrwstipekxa
pubbox/* user=me@example.com lrwstipekxa
However, other users can still see "pubbox" and its subfolders, although they
can't actually view the contents. This is corroborated by some of the output
of doveadm mailbox list:
# doveadm -D mailbox list -u other@example.com
…
doveadm(other@example.com): Debug: Namespace : type=public, prefix=pubbox/,
sep=/, inbox=no, hidden=no, list=children, subscriptions=no
…
doveadm(other@example.com): Debug: Mailbox 'pubbox/Drafts' matches global ACL
pattern 'pubbox/*'
doveadm(other@example.com): Debug: Mailbox 'pubbox/Drafts' matches global ACL
pattern 'pubbox/*'
doveadm(other@example.com): Debug: acl vfile: reading file
/mnt/data/mail/example.com/public/pubbox/mail/Drafts/dovecot-acl
doveadm(other@example.com): Debug: acl: No lookup right to mailbox:
pubbox/Drafts
doveadm(other@example.com): Debug: Mailbox 'pubbox/Sent' matches global ACL
pattern 'pubbox/*'
doveadm(other@example.com): Debug: Mailbox 'pubbox/Sent' matches global ACL
pattern 'pubbox/*'
doveadm(other@example.com): Debug: acl vfile: reading file
/mnt/data/mail/example.com/public/pubbox/mail/Sent/dovecot-acl
doveadm(other@example.com): Debug: acl: No lookup right to mailbox:
pubbox/Sent
doveadm(other@example.com): Debug: Mailbox 'pubbox' matches global ACL pattern
'pubbox'
doveadm(other@example.com): Debug: Mailbox 'pubbox' matches global ACL pattern
'pubbox'
doveadm(other@example.com): Debug: acl vfile: reading file
/mnt/data/mail/example.com/public/pubbox/mail/dovecot-acl
pubbox
pubbox/Drafts
pubbox/Sent
INBOX
Why do these "pubbox/*" mailboxes show up in the mailbox list output, even
though the debug messages say that the user has no lookup right for them?
doveadm acl rights seems to confirm that other@example.com does not have
the lookup right for these mailboxes. So why do they show up in their email
clients anyway?
Thanks for any advice!