<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body smarttemplateinserted="true">
<div id="smartTemplate4-quoteHeader">
<div style="font-size:10.0pt;font-family:Verdana,Arial">Ellie,<br>
<br>
Thanks for checking. My doubt came from another documentation
(<a class="moz-txt-link-freetext" href="https://www.cyrusimap.org/docs/cyrus-imapd/2.5.9/faq.php">https://www.cyrusimap.org/docs/cyrus-imapd/2.5.9/faq.php</a>):<br>
<blockquote>plus addressing - Plus addressing allows direct
delivery to a particular mailbox (other than an INBOX). This
is done in two ways.<br>
<br>
The first way allows delivery to a subfolder of a specific
user's INBOX. This is done via an address of the form:
username+mailfolder@domain, which will deliver to the user's
INBOX.mailfolder folder (or altnamespace equivalent). <b>This
submailbox must allow the posting user the 'p' right
(generally, this means 'anyone' must have the 'p' right),
otherwise the message will just be filed into the user's
INBOX.</b><br>
</blockquote>
<br>
So what I'm observing in practice is that the "<span
class="font" style="font-family:"Courier New"">-a</span>"
option is not enough to deliver plus+addressed mails without the
"anyone p" ACL permission in the folder, which makes me think
that the user for "<span class="font"
style="font-family:"Courier New"">-a</span>" option
is not from the admins group, though it probably should be,
right? I.e. <font face="Courier New">lmtpd -a</font> should be
delivering plus+addressed mails without the "anyone p" ACL
permission?<br>
<br>
</div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm
0cm;font-size:10.0pt;font-family:"Tahoma","sans-serif""><b>From:</b>
Ellie Timoney<br>
<b>Sent:</b> Friday, May 11, 2018 02:33<br>
<b>To:</b> Info-cyrus<br>
<b>Subject:</b> Re: setting acl on autocreate folders<br>
</div>
<br>
</div>
<span type="cite"
cite="mid:1526016814.1496934.1368314432.1DB24A23@webmail.messagingengine.com"
style="display: block; word-break: break-all; margin: 7px 0 0 0;
padding: 0; line-height:0"></span>
<title></title>
<style type="text/css">p.MsoNormal,p.MsoNoSpacing{margin:0}</style>
<div>Looks like "postman" from a skim of the source, and I believe
this is the same user as when connecting via a UNIX socket:<br>
</div>
<div><br>
</div>
<div><a
href="https://github.com/cyrusimap/cyrus-imapd/blob/15c812df6a020414a2e8863fe1afdfa3273a7bad/imap/lmtpengine.c#L993-L1005"
moz-do-not-send="true">https://github.com/cyrusimap/cyrus-imapd/blob/15c812df6a020414a2e8863fe1afdfa3273a7bad/imap/lmtpengine.c#L993-L1005</a><br>
</div>
<div><br>
</div>
<div>But I would welcome correction from someone who knows, I'm just
looking at the code.<br>
</div>
<div><br>
</div>
<div>Cheers,<br>
</div>
<div><br>
</div>
<div>ellie</div>
<div><br>
</div>
<div>On Fri, May 11, 2018, at 3:20 PM, Anatoli wrote:<br>
</div>
<blockquote type="cite">
<div>
<div style="font-size:10pt;font-family:Verdana, Arial;">
<div>Hi Ellie,<br>
</div>
<div> <br>
</div>
<div> Chen's question made me recheck the docs and now I have
a doubt. Could you please clarify under what user the
LMTP-delivered mails enters Cyrus when "<span class="font"
style="font-family:"Courier New"">-a</span>"
option is used over TCP with lmtpd (i.e. <span style="">lmtp
cmd="lmtpd -a" listen="127.0.0.1:2004"</span>)?<br>
</div>
<div> <br>
</div>
<div> The documentation
(<a
href="https://cyrusimap.org/imap/concepts/overview_and_concepts.html#local-mail-transfer-protocol-lmtp"
moz-do-not-send="true">https://cyrusimap.org/imap/concepts/overview_and_concepts.html#local-mail-transfer-protocol-lmtp</a>)
says:<br>
</div>
<div> <br>
</div>
<div> <br>
</div>
<blockquote>
<div>For final delivery via <i>LMTP over a TCP socket, it
is necessary to use LMTP AUTH</i>. This is accomplished
using SASL to authenticate the delivering user. If your
mail server is performing delivery via LMTP AUTH (that is,
using a SASL mechanism), you will want their
authentication id to be an LMTP admins (either via the
admins imapd.conf option or via the <service>_admins
option, typically lmtp_admins).<br>
</div>
<div> <br>
</div>
<div> Alternatively you may deliver via <i>LMTP to a unix
domain socket</i>, and <i>the connection will be
preauthenticated as an administrative user</i> (and
access control is accomplished by controlling access to
the socket).<br>
</div>
</blockquote>
<div><br>
</div>
<div>But it doesn't say anything about the "-a:<i>Preauthorize
connections initiated on an internet socket</i>, instead
of requiring LMTP AUTH."
(<a
href="https://www.cyrusimap.org/imap/reference/manpages/systemcommands/lmtpd.html#cmdoption-lmtpd-a"
moz-do-not-send="true">https://www.cyrusimap.org/imap/reference/manpages/systemcommands/lmtpd.html#cmdoption-lmtpd-a</a>).<br>
</div>
<div> <br>
</div>
<div> Thanks,<br>
</div>
<div> Anatoli<br>
</div>
<div> <br>
</div>
</div>
<div
style="border-right-width:initial;border-bottom-width:initial;border-left-width:initial;border-right-style:none;border-bottom-style:none;border-left-style:none;border-right-color:initial;border-bottom-color:initial;border-left-color:initial;border-image-source:initial;border-image-slice:initial;border-image-width:initial;border-image-outset:initial;border-image-repeat:initial;border-top-width:1pt;border-top-style:solid;border-top-color:rgb(181,
196,
223);padding-top:3pt;padding-right:0cm;padding-bottom:0cm;padding-left:0cm;font-size:10pt;font-family:Tahoma,
sans-serif;">
<div><b>From:</b> Ellie Timoney<br>
</div>
<div> <b>Sent:</b> Friday, May 11, 2018 00:46<br>
</div>
<div> <b>To:</b> Info-cyrus<br>
</div>
<div> <b>Subject:</b> Re: setting acl on autocreate folders<br>
</div>
</div>
<div><br>
</div>
</div>
<div><br>
</div>
<pre>Hi Chen,
</pre>
<blockquote type="cite">
<pre>So, the question : is it possible to set specific ACLs on autocreated
folders ? (i.e., ACLs, different from those defined by defaultacl in
imapd.conf).
</pre>
</blockquote>
<pre>I believe the autocreate mechanism has no particular knowledge of ACLs all all. It just uses the standard Cyrus policy for assigning them, with no way to override it.
Cheers,
ellie
On Wed, May 9, 2018, at 6:37 PM, Chentao Credungtao via Info-cyrus wrote:
</pre>
<blockquote type="cite">
<pre>Hello,
This question has been asked twice before by different users, but no
answer has ever be given.
In 2012 : <a href="https://www.spinics.net/lists/info-cyrus/msg14612.html" moz-do-not-send="true">https://www.spinics.net/lists/info-cyrus/msg14612.html</a>
In 2016 : <a href="https://www.spinics.net/lists/info-cyrus/msg17385.html" moz-do-not-send="true">https://www.spinics.net/lists/info-cyrus/msg17385.html</a>
I guess the answer is NO, but just the same I thought i'd asked again to
be sure.
So, the question : is it possible to set specific ACLs on autocreated
folders ? (i.e., ACLs, different from those defined by defaultacl in
imapd.conf).
Thanks,
Chen
----
Cyrus Home Page: <a href="http://www.cyrusimap.org/" moz-do-not-send="true">http://www.cyrusimap.org/</a>
List Archives/Info: <a href="http://lists.andrew.cmu.edu/pipermail/info-cyrus/" moz-do-not-send="true">http://lists.andrew.cmu.edu/pipermail/info-cyrus/</a>
To Unsubscribe:
<a href="https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus" moz-do-not-send="true">https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus</a>
</pre>
</blockquote>
<pre>----
Cyrus Home Page: <a href="http://www.cyrusimap.org/" moz-do-not-send="true">http://www.cyrusimap.org/</a>
List Archives/Info: <a href="http://lists.andrew.cmu.edu/pipermail/info-cyrus/" moz-do-not-send="true">http://lists.andrew.cmu.edu/pipermail/info-cyrus/</a>
To Unsubscribe:
<a href="https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus" moz-do-not-send="true">https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus</a>
</pre>
<div><br>
</div>
<div>----<br>
</div>
<div>Cyrus Home Page: <a href="http://www.cyrusimap.org/"
moz-do-not-send="true">http://www.cyrusimap.org/</a><br>
</div>
<div>List Archives/Info: <a
href="http://lists.andrew.cmu.edu/pipermail/info-cyrus/"
moz-do-not-send="true">http://lists.andrew.cmu.edu/pipermail/info-cyrus/</a><br>
</div>
<div>To Unsubscribe:<br>
</div>
<div><a
href="https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus"
moz-do-not-send="true">https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus</a><br>
</div>
</blockquote>
<div><br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">----
Cyrus Home Page: <a class="moz-txt-link-freetext" href="http://www.cyrusimap.org/">http://www.cyrusimap.org/</a>
List Archives/Info: <a class="moz-txt-link-freetext" href="http://lists.andrew.cmu.edu/pipermail/info-cyrus/">http://lists.andrew.cmu.edu/pipermail/info-cyrus/</a>
To Unsubscribe:
<a class="moz-txt-link-freetext" href="https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus">https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus</a></pre>
<br>
</body>
</html>