On Wed, 2009-08-05 at 11:08 +0300, Nikita Koshikov wrote:
Here is namespace part of config file: namespace private { prefix = Company/ separator = / location = virtual:/var/mail/virtual:INDEX=MEMORY:LAYOUT=maildir++ subscriptions = no } .. Then I tried to setup ACL for virtual mailbox. Adding "acl" to mail_plugins in imap and lda section and acl=vfile to plugins config. Under /var/mail/virtual in each mailbox I create dovecot-acl file contaning: user=koshikov.n lrwstiekxa authenticated lrwstipe
But this didn't work.
That's because in private namespaces user owns the mails, and "authenticated" doesn't reduce the user's privileges. You could use "owner" instead.
Also I don't think you should use ACLs at all here. It's easier and more secure to just make /var/mail/virtual non-writable to imap process. For example change file/dir owners to root and make them world-readable.