Captive mailbox in Cyrus IMAP?

Rich Graves rgraves at carleton.edu
Tue Nov 21 17:44:01 EST 2006


> That would work, although I was looking for something involving less 
> moving around. :)

Well, if your "hold" directory is the same filesystem, then the move is 
a quick rename, and if it's a 5-line script, then I don't see any 
additional sysadmin overhead.

> Say like something like when the imapd sees that user 
> joeschmo has authenticated and decides the prefix is user.joeschmoe.  If 
> I could hook in there I could override the folder to be user.captive, 
> which already has the 1 message and an ACL for read-only access.

I used to do something like that with UW-IMAP at brandeis.edu, so I do 
see the appeal. Carleton just tends to disable passwords and wait for 
users to call the helpdesk, which is more realistic at a smaller liberal 
arts college than at a university.

The downside of UW-IMAP is that the only way to configure it is to hack 
at the source code in env_unix.c. The upside is that it's actually quite 
easy to do so. Customizing Cyrus is more involved because the base 
package does a lot more.

UW-IMAP has no concept of ACLs; to make a mailbox read-only, you simply 
manipulate file system permissions. Cyrus has proper ACLs that are 
shared between mail delivery and imapd. It's not obvious what you would 
want to hack in order to make lmtpd's view of ACLs and mailbox paths 
different than imapd's. UW-IMAP is already reading /etc/passwd, so 
checking shell doesn't add any new overhead. Cyrus doesn't care about 
/etc/passwd, so you'd have to wedge some new sort of database lookup in 
somewhere.

You might be able to abuse folder annotations somehow -- that's another 
feature/concept that doesn't exist with UW-IMAP.

Other possible places/means of checking "is this user/mailbox 
different?" might be to create a magic file elsewhere in the filesystem 
(search for telemetry_log()) or to add the expired users to a UNIX group 
(search for IMAPOPT_UNIX_GROUP_ENABLE, though a lot of sites turn that 
off for performance reasons).
-- 
Rich Graves <rgraves at carleton.edu>
Sr UNIX and Security Administrator
Ofc 507-646-7079 Cell 952-292-6529


More information about the Info-cyrus mailing list