Hello everyone
sorry i'm not very experienced and also my english
I installed a centos 7 server with ispconfig postfix dovecot 2.2.36 and
roundcube, this server is only a mail archive, so my need is that ALL
the mailboxes are read-only on roundcube/imap and any user must NOT
delete the messages. ... so I configured dovecot's ALC following the
guide "https://wiki2.dovecot.org/ACL"; I think I did everything correctly
and I don't get errors but entering the webmail roundcube I CAN DELETE
MESSAGES . it seems that the acl have no effect
added to the dovecot configuration file /etc/dovecot/dovecot.conf
__
plugin {
acl = vfile: / etc / dovecot / dovecot-acl
}
.
protocol imap {
mail_plugins = $ mail_plugins imap_acl
}
mail_plugins = acl
.
__
created the "global" file /etc/dovecot/dovecot-acl and inserted that the
test user has only lookup and reading rights (lr):
* user=t...@test.com lr
__
my dovecot.conf
*
listen = *,[::]
protocols = imap pop3
auth_mechanisms = plain login
disable_plaintext_auth = no
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_privileged_group = vmail
ssl_cert = Debug: Skipping module doveadm_expire_plugin, because dlopen() failed:
/usr/lib64/dovecot/doveadm/lib10_doveadm_expire_plugin.so: undefined
symbol: expire_set_deinit (this is usually intentional, so just ignore
this message)
Debug: Skipping module doveadm_quota_plugin, because dlopen() failed:
/usr/lib64/dovecot/doveadm/lib10_doveadm_quota_plugin.so: undefined
symbol: quota_user_module (this is usually intentional, so just ignore
this message)
Debug: Module loaded:
/usr/lib64/dovecot/doveadm/lib10_doveadm_sieve_plugin.so
Debug: Skipping module doveadm_fts_lucene_plugin, because dlopen()
failed: /usr/lib64/dovecot/doveadm/lib20_doveadm_fts_lucene_plugin.so:
undefined symbol: lucene_index_iter_deinit (this is usually intentional,
so just ignore this message)
Debug: Skipping module doveadm_fts_plugin, because dlopen() failed:
/usr/lib64/dovecot/doveadm/lib20_doveadm_fts_plugin.so: undefined
symbol: fts_user_get_language_list (this is usually intentional, so just
ignore this message)
Debug: Skipping module doveadm_mail_crypt_plugin, because dlopen()
failed: /usr/lib64/dovecot/doveadm/libdoveadm_mail_crypt_plugin.so:
undefined symbol: mail_crypt_box_get_pvt_digests (this is usually
intentional, so just ignore this message)
doveadm(t...@test.com): Debug: Added userdb setting:
mail=maildir:/var/vmail/test.com/test/Maildir
doveadm(t...@test.com): Debug: Added userdb setting:
plugin/quota_rule=*:storage=0B
doveadm(t...@test.com): Debug: Added userdb setting:
plugin/sieve=/var/vmail/test.com/test/.sieve
doveadm(t...@test.com): Debug: Effective uid=5000, gid=5000,
home=/var/vmail/test.com/test
doveadm(t...@test.com): Debug: acl: No acl_shared_dict setting - shared
mailbox listing is disabled
doveadm(t...@test.com): Debug: maildir++:
root=/var/vmail/test.com/test/Maildir, index=, indexpvt=, control=,
inbox=/var/vmail/test.com/test/Maildir, alt=
doveadm(t...@test.com): Debug: acl: initializing backend with data:
vfile:/etc/dovecot/dovecot-acl
doveadm(t...@test.com): Debug: acl: acl username = t...@test.com
doveadm(t...@test.com): Debug: acl: owner = 1
doveadm(t...@test.com): Debug: acl vfile: Global ACL file:
/etc/dovecot/dovecot-acl
doveadm(t...@test.com): Info: Mailbox 'INBOX' is in namespace ''
doveadm(t...@test.com): Info: Mailbox path: /var/vmail/test.com/test/Maildir
doveadm(t...@test.com): Info: All message flags are shared across users
in mailbox
doveadm(t...@test.com): Debug: Mailbox 'INBOX' matches global ACL
pattern '*'
doveadm(t...@test.com): Debug: Mailbox 'INBOX' matches global ACL
pattern '*'
doveadm(t...@test.com): Debug: Mailbox 'INBOX' matches global ACL
pattern '*'
doveadm(t...@test.com): Debug: acl vfile: file
/var/vmail/test.com/test/Maildir/dovecot-acl not found
doveadm(t...@test.com): Info: User t...@test.com has rights: lookup read
doveadm(t...@test.com): Info: Mailbox in user's private namespace
doveadm(t...@test.com): Info: Mailbox INBOX is visible in LIST
[root@archivio ~]#
*
if I see the line "Info: User t...@test.com has rights: lookup read" it
seems that the ACL (lookup and read) are correctly applied,
but as I was saying above, entering the user t...@test.com on the
webmail, I can do everything I want to also delete the e-mails .
these are days I try to understand but I don't understand what I'm wrong
and how to solve
thank you all in advance