On 11.7.2019 20.43, HTMLServices.it via dovecot wrote:
Hello everyone

sorry i'm not very experienced and also my english

I installed a centos 7 server with ispconfig postfix dovecot 2.2.36 and roundcube, this server is only a mail archive, so my need is that ALL the mailboxes are read-only on roundcube/imap and any user must NOT delete the messages. ... so I configured dovecot's ALC following the guide "https://wiki2.dovecot.org/ACL" I think I did everything correctly and I don't get errors but entering the webmail roundcube I CAN DELETE MESSAGES ..... it seems that the acl have no effect ....


snip

if I see the line "Info: User test@test.com has rights: lookup read" it seems that the ACL (lookup and read) are correctly applied,
but as I was saying above, entering the user test@test.com on the webmail, I can do everything I want to also delete the e-mails ..... these are days I try to understand but I don't understand what I'm wrong and how to solve  ....
thank you all in advance

This is because the rules are applies as "owner", and not as "test@test.com". If you want to prevent test@test.com from deleting their mail, you need to create /var/vmail/test.com/test/Maildir/dovecot-acl with

* owner lr

Aki