On 4.9.2013, at 17.20, Lars Uhlmann <dovecot@lars-uhlmann.de> wrote:

I have configured an public namespace "Test" for a group of users:

| namespace public { | separator = . | prefix = Test. | location = maildir:/mailroot/public/Test | hidden = no | list = yes | subscriptions = yes | }

Using each users own subscription file for a public mailbox doesn't make sense when the mailbox is heavily used. Every directory operation (create/rename) needs to be synced between all subscribers automatically and immediately. So I set "subscriptions = yes".

My ACLS look like this:

| user=mark lrwstiekx | user=tim lrwstiekx | user=max lr | user=jenny lrwstiekx | user=louis lr

Nevertheless _all_ my mail users still have access to the namespace's directory tree. It is my understanding that when a user doesn't has 'lookup' access, he should not be able to subscribe to this mailbox. In my opinion this is a security problem. ACLs must be processed _before_ a shared subscrition file is parsed.

Well, it shouldn't happen in all situations. It's comparable to deleting a subscribed mailbox, which also doesn't remove the subscription automatically. But yeah, I guess the behavior can be changed for your use case: http://hg.dovecot.org/dovecot-2.2/rev/1cf67db75455

I think a better solution would be to still have a per-user subscriptions file, but automatically subscribe to newly seen shared folders that are marked with autosubscribe-flag. Of course, there's currently no way to do that.