On Thu, 11 Apr 2013 16:35:32 +0300 Timo Sirainen <t...@iki.fi> wrote:
> On 11.4.2013, at 16.24, Stephan von Krawczynski <sk...@ithnet.com> wrote: > > >> The MTA can work as it used to, if it can just set a group-read permission > >> to the files. So your read-only user would belong to that read-only-group. > >> I'm not sure how Postfix assigns permissions, but if it can't do that you > >> could switch to Dovecot LDA/LMTP which can set the group correctly. > > > > That is not the problem. I can set any type of permission on the mail file > > itself. Only it does not help because dovecot nevertheless is able to move > > the > > mails around or "delete" them by moving to trash box. > > No, the idea was to use two UNIX users: > > 1) the user that owns the mails and has read-write acces > > 2) another read-only user that does not own the mails, has only group-read > access. can't do anything at all to the mails. > > The directories need to have similar permissions as well (750). That's about as complicated as patching the MTA to auto-create the acl file, which I did now. I'd say global acls would be a nice coming feature ;-) -- Regards, Stephan
