Does Dovecot allow different clients to subscribe different subsets of IMAP folders?

Daniel Tröder troeder at
Thu Jun 4 15:26:30 UTC 2015

Hi Steve,

for some reason I didn't get you message though the mailing list (my ml
settings?), but only directly. For the sake of completeness I'm replying
here - I hope that's OK.

Shared mailboxes are really easy to implement. Just enable the namespace
(type = shared) in /etc/dovecot/conf.d/10-mail.conf

You may want to share index files, so you'll have the same [un]read
flags on all devices. Simply do _not_ configure INDEXPVT, or configure
it to a common directory.

If you wish to share keywords so you'll have the same
"important"/"red"/"star" flags on all accounts, do _not_ configure
pre-user CONTROL, or configure it to a common directory.

I think this should work:

namespace {
  type = shared
  separator = /
  prefix = shared/%%u/
  location = maildir:%%h/Maildir
  subscriptions = no
  list = children

You'll have to configure ACLs too.

plugin {
  acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes
plugin {
  # Without global ACLs:
  acl = vfile

10-mail.conf: mail_plugins = $mail_plugins acl quota
20-imap.conf: mail_plugins = $mail_plugins imap_acl imap_quota

Then you can get/set ACLs with:

doveadm acl get -u mobile at shared/main at   <--- INBOX
doveadm acl set -A shared/main at mobile at lookup read ...
doveadm acl get -u mobile at shared/main at

doveadm acl set -A shared/main at mobile at lookup read ...

You'll have to find a way to do this for all your mailboxes in some
shell script or with python or whatever.

Good luck

Am 04.06.2015 um 16:43 schrieb Steve:
> Hi Daniel,
> Hmm - I'm happy to use different 'user names' to log into Dovecot... as
> long as each of these logins can still subscribe to the same universe of
> folders I have available at present.  I can envision using steve_mobile
> and steve_desktop as logins, as long as these still provide access to
> the same mailboxes as I have in steve's Maildir folder.
> I'm guessing that this would mean I can't/shouldn't use PAM for Dovecot
> authentication? I don't really want to create 'dummy' (shell-account)
> "users" on my server... but, I guess, it would be OK if I were to use
> some other authentication mechanism, and pointed all these Dovecot-only
> logins to the same Maildir folder.
> By any chance, is there a 'howto' detailing a suitable sample
> configuration for such a setup?
> BTW - I would definitely want to be able to change subscriptions from
> any device...  I just want independent subscriptions for my
> tablet/phone/desktop/VM clients - as I use email in different ways from
> these different environments.
> On 04/06/2015 15:24, Daniel Tröder wrote:
>> Hi Steve,
>> I don't think the IMAP protocol has the concept of a "user agent". So
>> there is no way for an IMAP server to distinguish between client
>> programs.
>> You could use POP and poll different mailboxes - but your clients
>> probably don't support that. So you'll have to use different users.
>> But that give you a cool solution: Use shared mailboxes.
>> You could share all mailboxes of you main user to all the "device-users"
>> and then use the clients to subscribe only to those mailboxes that are
>> of interest.
>> That way you can change what a client sees using the client program,
>> without logging into the server as root. Especially nice, when you are
>> traveling and decide you need to read a mailbox with your mobile you
>> hadn't though about before.
>> Greetings
>> Daniel

Daniel Tröder
Open Source Software Engineer

Univention GmbH
be open
28359 Bremen
Tel.: +49 421 22232-91
Fax : +49 421 22232-99

troeder at

Geschäftsführer: Peter H. Ganten
HRB 20755 Amtsgericht Bremen
Steuer-Nr.: 71-597-02876

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the dovecot mailing list