Applying ACLs to a Dovecot public namespace

Posted by larsks on Server Fault See other posts from Server Fault or by larsks
Published on 2011-02-22T03:37:23Z Indexed on 2011/02/22 15:26 UTC
Read the original article Hit count: 345

Filed under:

mail

|

acl

|

imap

|

dovecot

|

namespaces

I have a public namespace define in my dovecot (dovecot-2.0.9) configuration that looks like this:

namespace {
  type = public
  separator = .
  prefix = news.
  location = maildir:/var/spool/news
  subscriptions = no  
}

I would like to make all the mailboxes in this namespace read-only. I've got the following configuration for the ACL plugin:

plugin {
  acl = vfile:/etc/dovecot/acls:cache_secs=300
}

After perusing the documentation, it seemed as if I had a mailfolder /var/spool/news/.foo.bar that I could place the following into /var/spool/news/.foo.bar/dovecot-acl:

anyone rl

But that doesn't have any affect. I also tried creating a file /usr/local/etc/dovecot/acls/news.foo.bar with the same contents, but that didn't do anything, either. I've turned on mail debugging:

mail_debug = yes

But the log doesn't produce anything that appears to be relevant to ACL processing. I'm curious to know if anyone has gotten this to work correctly and if so if you could provide some configuration examples.

Also, if there's any way to do this that doesn't involve per-mailbox configuration (.e.g, the ability to apply an ACL to news.* or something), that would be awesome. Getting the documented behavior for default ACLs working would be a step in the right direction.

© Server Fault or respective owner

Related posts about mail

JavaMail not sending Subject or From under jetty:run-war

as seen on Stack Overflow - Search for 'Stack Overflow'
Has anyone seen JavaMail not sending proper MimeMessages to an SMTP server, depending on how the JVM in started? At the end of the day, I can't send JavaMail SMTP messages with Subject: or From: fields, and it appears other headers are missing, only when running the app as a war. The web project… >>> More
mail merge e-mail in Word 2007 with attachment

as seen on Super User - Search for 'Super User'
Is there a simple way to mail merge with Word 2007 and add an attachment? I've searched google, and all results point to pasting in VB code. I want to a small team of novice users to be able to mail merge e-mails and add attachments. Does anyone know a simple way of doing this without code? >>> More
Host name or Domain not found

as seen on Server Fault - Search for 'Server Fault'
Hi I have installed amavis + postfix + spamassassin on centOS 5.4. The "/etc/hosts" file contains: 127.0.0.1 localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 67.215.65.132 mail.sufalamtech.local mail When I am sending mail then, the following… >>> More
Couldn't drop privileges: User is missing UID (see mail_uid setting)

as seen on Server Fault - Search for 'Server Fault'
I'm hoping I can use some help. I'm configuring dovecot_ldap, but I can't seem to be able to get dovecot to authenticate the ldap user. Below is my config and log info: hosts = 192.168.128.45:3268 dn = cn=Administrator,cn=Users,dc=company,dc=example,dc=com dnpass = "passwd" auth_bind = yes ldap_version… >>> More
How can I setup dependencies for Axis2 / Axiom on Maven2

as seen on Stack Overflow - Search for 'Stack Overflow'
I've tried the following settings on pom.xml to use Axis2 wsdl2code: <dependencies> <dependency> <groupId>org.apache.axis2</groupId> <artifactId>axis2</artifactId> <version>1.5.1</version> </dependency> </dependencies> ... <build> … >>> More

Related posts about acl

Difference between array('Acl' => array('type' => 'requester')) and array('Acl' => 'requester') in C

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm following the ACL tutorial for CakePHP 1.3 and I was wondering if there is a functional difference between declaring a behavior like this: var $actsAs = array('Acl' => 'requester'); and like this: var $actsAs = array('Acl' => array('type' => 'requester')); >>> More
Squid + Dans Guardian (simple configuration)

as seen on Server Fault - Search for 'Server Fault'
I just built a new proxy server and compiled the latest versions of squid and dansguardian. We use basic authentication to select what users are allowed outside of our network. It seems squid is working just fine and accepts my username and password and lets me out. But if i connect to dans guardian… >>> More
Squid configuration for proxy server

as seen on Server Fault - Search for 'Server Fault'
I have a server with 10 ip's that I want to give access to some friends via authentication but I'm stuck on squid's config file. Let's say I have these ip's available on my server: 212.77.23.10 212.77.1.10 68.44.82.112 And I want to allocate each one of them to a different user like so: 212.77… >>> More
Unable to get squid working for remote users

as seen on Server Fault - Search for 'Server Fault'
I am trying to setup squid 3.2.4, but I have not been able to get it working for remote users. Works fine locally. Unable to figure out what I am doing wrong... http_port 3128 transparent ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/share/ssl-cert/myCA.pem refresh_pattern… >>> More
video and file caching with squid lusca?

as seen on Super User - Search for 'Super User'
hello all i have configured squid lusca on ubuntu 11.04 version and also configured the video caching but the problem is the squid cannot configure the video more than 2 min long and the file of size upto 5.xx mbs only. here is my config please guide me how can i cache the long videos and files with… >>> More