[Dovecot] ACL to make mailboxes populated by master account Read Only for regular users.
We have a solution using Dovecot as a secondary mail archive. All mailboxes are populated/groomed by master account and the actual users have only read access. This is achieved by a simple ACL approach. dovecot.conf has protocol imap { mail_plugins = acl quota imap_quota zlib } plugin { acl = vfile:/etc/dovecot/acls:cache_secs=300 }
/etc/dovecot/acls/.DEFAULT file is trivial: user=master lrwstipekxa owner lr
It used to work with Dovecot 2.0.4 for years, but after upgrade to 2.0.18 users now have full access to folders created by master account and can delete, add and move mails.
Should it behave this way? How can I "secure" mailboxes again? Any help is appreciated.
On 7.3.2013, at 19.10, Alex Cherniak acherniak@gmail.com wrote:
We have a solution using Dovecot as a secondary mail archive. All mailboxes are populated/groomed by master account and the actual users have only read access. This is achieved by a simple ACL approach. dovecot.conf has protocol imap { mail_plugins = acl quota imap_quota zlib } plugin { acl = vfile:/etc/dovecot/acls:cache_secs=300 }
/etc/dovecot/acls/.DEFAULT file is trivial: user=master lrwstipekxa owner lr
It used to work with Dovecot 2.0.4 for years, but after upgrade to 2.0.18 users now have full access to folders created by master account and can delete, add and move mails.
Should it behave this way? How can I "secure" mailboxes again? Any help is appreciated.
I don't remember how it used to work, but it was never intended to work the way you use it. It probably didn't even fully work the way you thought it did. The .DEFAULT name is also misleading. Dovecot unfortunately still doesn't support "default ACLs".
participants (2)
-
Alex Cherniak
-
Timo Sirainen