Hi all,
I'm trying to set up public mailboxes for a subset of my users. This is on dovecot 2.2.27. I've created a new public namespace, and the new mailboxes indeed show up for everyone. So far so good. Now I want to restrict access: these mailboxes shouldn't be visible at all except to a fixed list of users. This part I can't seem to get working. I've added acl data along these lines: ``` pubbox anyone pubbox/* anyone pubbox user=m...@example.com lrwstipekxa pubbox/* user=m...@example.com lrwstipekxa ``` However, other users can still see "pubbox" and its subfolders, although they can't actually view the contents. This is corroborated by some of the output of `doveadm mailbox list`: ``` # doveadm -D mailbox list -u ot...@example.com … doveadm(ot...@example.com): Debug: Namespace : type=public, prefix=pubbox/, sep=/, inbox=no, hidden=no, list=children, subscriptions=no … doveadm(ot...@example.com): Debug: Mailbox 'pubbox/Drafts' matches global ACL pattern 'pubbox/*' doveadm(ot...@example.com): Debug: Mailbox 'pubbox/Drafts' matches global ACL pattern 'pubbox/*' doveadm(ot...@example.com): Debug: acl vfile: reading file /mnt/data/mail/example.com/public/pubbox/mail/Drafts/dovecot-acl doveadm(ot...@example.com): Debug: acl: No lookup right to mailbox: pubbox/Drafts doveadm(ot...@example.com): Debug: Mailbox 'pubbox/Sent' matches global ACL pattern 'pubbox/*' doveadm(ot...@example.com): Debug: Mailbox 'pubbox/Sent' matches global ACL pattern 'pubbox/*' doveadm(ot...@example.com): Debug: acl vfile: reading file /mnt/data/mail/example.com/public/pubbox/mail/Sent/dovecot-acl doveadm(ot...@example.com): Debug: acl: No lookup right to mailbox: pubbox/Sent doveadm(ot...@example.com): Debug: Mailbox 'pubbox' matches global ACL pattern 'pubbox' doveadm(ot...@example.com): Debug: Mailbox 'pubbox' matches global ACL pattern 'pubbox' doveadm(ot...@example.com): Debug: acl vfile: reading file /mnt/data/mail/example.com/public/pubbox/mail/dovecot-acl pubbox pubbox/Drafts pubbox/Sent INBOX ``` Why do these "pubbox/*" mailboxes show up in the `mailbox list` output, even though the debug messages say that the user has no lookup right for them? `doveadm acl rights` seems to confirm that `ot...@example.com` does not have the lookup right for these mailboxes. So why do they show up in their email clients anyway? Thanks for any advice!
