[Dovecot] ACL to make mailboxes populated by master account Read Only for regular users.

Timo Sirainen tss at iki.fi
Wed Mar 20 19:25:04 EET 2013

On 7.3.2013, at 19.10, Alex Cherniak <acherniak at gmail.com> wrote:

> We have a solution using Dovecot as a secondary mail archive. All mailboxes
> are populated/groomed by master account and the actual users have only read
> access.
> This is achieved by a simple ACL approach.
> dovecot.conf has
> protocol imap { mail_plugins = acl quota imap_quota zlib }
> plugin { acl = vfile:/etc/dovecot/acls:cache_secs=300 }
> /etc/dovecot/acls/.DEFAULT file is trivial:
> user=master lrwstipekxa
> owner lr
> It used to work with Dovecot 2.0.4 for years, but after upgrade to 2.0.18
> users now have full access to folders created by master account and can
> delete, add and move mails.
> Should it behave this way? How can I "secure" mailboxes again? Any help
> is appreciated.

I don't remember how it used to work, but it was never intended to work the way you use it. It probably didn't even fully work the way you thought it did. The .DEFAULT name is also misleading. Dovecot unfortunately still doesn't support "default ACLs".

More information about the dovecot mailing list