[Dovecot] Plugins: virtuals vs acls

newer
Sieve vacation won't send second...

Leho Kraav

16 Sep 2011 16 Sep '11

2:48 p.m.

Hi all

dovecot-virtual: * all

when dovecot-acl files restrict some subset of * for a user, does dovecot respect these ACLs when collecting messages for virtual folder? I'd like a confirmation about what I should be seeing when I start implementing this setup.

Show replies by date

Timo Sirainen

16 Sep 16 Sep

3:03 p.m.

On Fri, 2011-09-16 at 14:48 +0300, Leho Kraav wrote:

...

dovecot-virtual: * all

when dovecot-acl files restrict some subset of * for a user, does dovecot respect these ACLs when collecting messages for virtual folder?

If they aren't respected, it's a bug.

Leho Kraav

19 Sep 19 Sep

5:39 p.m.

On Fri, Sep 16, 2011 at 03:03:47PM +0300, Timo Sirainen wrote: ..On Fri, 2011-09-16 at 14:48 +0300, Leho Kraav wrote: .. ..> dovecot-virtual: ..> * ..> all ..> ..> when dovecot-acl files restrict some subset of * for a user, does ..> dovecot respect these ACLs when collecting messages for virtual folder? .. ..If they aren't respected, it's a bug.

(dovecot-2.2.19)

So, 5 years later, I got to implementing dovecot-virtual :)

I'd like to set up a LargeMailbox/Virtual/30d mailbox that restricts the view of a hidden, and otherwise inaccessible LargeMailbox to "last 30 days" rolling window.

dovecot-virtual for that is simple enough, but ACL-s get in the way.

LargeMailbox ACL user=Moi none LargeMailbox/Virtual/30d ACL user=Moi lrwsip

It looks like docevot is correctly restricting reading LargeMailbox - user Moi is able to subscribe the mailbox, but sees zero messages in there.

How can I make LargeMailbox readable from a virtual without giving the mail client the ability to read all of LargeMailbox on its own?

-- Leho Kraav, senior technology & marketing architect Mobile: +372-56-603673 G+: lkooglizmus@gmail.com

Leho Kraav

20 Sep 20 Sep

11:21 a.m.

...

On Fri, 2011-09-16 at 14:48 +0300, Leho Kraav wrote:

How can I make LargeMailbox readable from a virtual without giving the mail client the ability to read all of LargeMailbox on its own?

Symlinking a hidden "secret key" mailbox name works:

Symlink LargeMailbox -> LargeMailbox.sa0yaiy9Nah0thoo5do9iew1ciJaeXahphoox4si (secret key)
Start using vfile:/etc/dovecot/global-acl

LargeMailbox.sa0yaiy9Nah0thoo5do9iew1ciJaeXahphoox4si user=Moi rwsi (hide mailbox, but allow modifications) LargeMailbox.Virtual.30d user=Moi lrwsip (full list + modification permissions)

LargeMailbox.Virtual.30d/dovecot-virtual

!LargeMailbox.sa0yaiy9Nah0thoo5do9iew1ciJaeXahphoox4si (save to backing mailbox) all younger 2592000

Remaining excercise questions:

any more sensible / simpler techniques available?
any holes - is it possible for user=Moi to somehow learn the "secret key" name of the backing mailbox?

2984

Age (days ago)

4815

Last active (days ago)

List overview

3 comments

2 participants

participants (2)

Leho Kraav
Timo Sirainen