On 5.4.2013, at 0.48, Lutz Preßler Lutz.Pressler@SerNet.DE wrote:
Only user1.test and user1.test.test2 have ACLs that allow testuser to access them.
host:~# doveadm mailbox status -u testuser all INBOX.shared.user1.privat INBOX.shared.user1.privat messages=37 recent=0 uidnext=70 uidvalidity=1060291494 unseen=7 highestmodseq=1 vsize=1618757 guid=9a71cb399c249d4ce10e0000c93908ca
Access with search and fetch (and probably any other doveadm command) is possible, too. Is this how it's supposed to work? Commands in testuser IMAP session respects ACLs.
My guess: You have acl plugin enabled in protocol imap {}, but not globally? No. It's enabled in global mail_plugins:
Oh. Hmm. Yeah, looks like doveadm nowadays ignores ACLs when listing mailboxes. It probably shouldn't.. I'll need to think about this. Wonder why I added the RAW_LIST flag in the first place..