[Dovecot] Help needed with plugin - Read Only access to IMAP mailbox

Chris Moules chris at gms.lu
Wed Aug 25 13:54:40 EEST 2010


Marcus Rueckert wrote:
> On 2010-08-25 11:59:06 +0200, Chris Moules wrote:
>> System info:
>> # 1.2.13: /etc/dovecot/dovecot.conf
>> # OS: Linux 2.6.32-5-686-bigmem i686 Debian squeeze/sid
>> ..
>> mail_plugins: readonly
>> ..
>>
>> I have a requirement to have read-only to a mailbox. I have been
>> researching through the wiki, the mailing list archives and good old
>> Google. There was a number of similar questions with no real
>> definitive answer.
>>
>> Option 1: ACL
>> This can work, but not if the mailbox(s) can change without you
>> knowing how. I.E. a online read-only archive of someone else's
>> mailbox. There is no wild-card or recursive ACL options. Rsync style
>> backups don't allow for easy creation of custom ACL files per
>> mailbox.
> 
> acls are stored in dovecot-acls files either inside the mailbox or in
> /etc/dovecot. so you can preserve them easily with rsync style backup.
> 

Yes, I am aware of that. It is more the creation of ACL's on the *destination* that don't exist in the source.
Any new mailbox that would be created on the source server would need an ACL file created for it on the destination server after 
being sync'ed.

>>  2) Dovecot needs write access to CONTROL and INDEX files.
>> This lead me to using the "CONTROL" and "INDEX" options on the
>> mail_locaiton. Setting these to the original 'rw' mount and the rest
>> to my 'ro' bind mount. Again, messy but do-able.
> 
> Just for the record: you can configure CONTROL and INDEX seperately. see below.

I thought that I stated that. I believe that I had set 'INDEX=MEMORY' and CONTROL=/home/vmail/%d/%u/Maildir
The home was set to the bind mount of /mail/vmail/%d/%u/
mail_locaiton was maildir:~/Maildir

> my solution for a similar problem:
> 
> [[[
> namespace public {
>    separator = /
> 
>    # Mailboxes are visible under "shared/user at domain/"
>    # %%n, %%d and %%u are expanded to the destination user.
>    prefix = archive/
> 
>    # Mail location for other users' mailboxes. Note that %variables and ~/
>    # expands to the logged in user's data. %%n, %%d, %%u and %%h expand to the
>    # destination user's data.
>    location = maildir:/srv/mail/archive:INDEX=/srv/mail/%u/shared/%%u:CONTROL=/srv/mail/%u/shared
> 
>    # Use the default namespace for saving subscriptions.
>    subscriptions = yes
> 
>    # List the shared/ namespace only if there are visible shared mailboxes.
>    list = children
> }
> ]]]
> 
> only my mail archive user can deliver mails into that namespace (via ACL (p)).
> all other users only have read permissions, as index/control are per user, each user can have their own
> flags (like seen).
> 
> shouldnt this give you exactly what you want?
> 

This seems to be solving a different problem to mine. I need, something like a mirror of accounts, on a separate server that 
gives the user read-only access to the content.
The data is not public. I should only be accessible to the authorised user.
The input to this archive is the 'original' live maildir, so I do not have control over the creation of folders, etc. This 
causes problems with dovecot ACL inheritance as the mailbox is not created via the dovecot server with the ACLs.

Regards

Chris


More information about the dovecot mailing list