setting acl on autocreate folders

Anatoli me at anatoli.ws
Fri May 11 02:18:05 EDT 2018 

Ellie,

Thanks for checking. My doubt came from another documentation 
(https://www.cyrusimap.org/docs/cyrus-imapd/2.5.9/faq.php):

    plus addressing - Plus addressing allows direct delivery to a
    particular mailbox (other than an INBOX). This is done in two ways.

    The first way allows delivery to a subfolder of a specific user's
    INBOX. This is done via an address of the form:
    username+mailfolder at domain, which will deliver to the user's
    INBOX.mailfolder folder (or altnamespace equivalent). *This
    submailbox must allow the posting user the 'p' right (generally,
    this means 'anyone' must have the 'p' right), otherwise the message
    will just be filed into the user's INBOX.*


So what I'm observing in practice is that the "-a" option is not enough 
to deliver plus+addressed mails without the "anyone p" ACL permission in 
the folder, which makes me think that the user for "-a" option is not 
from the admins group, though it probably should be, right? I.e. lmtpd 
-a should be delivering plus+addressed mails without the "anyone p" ACL 
permission?

*From:* Ellie Timoney
*Sent:* Friday, May 11, 2018 02:33
*To:* Info-cyrus
*Subject:* Re: setting acl on autocreate folders

Looks like "postman" from a skim of the source, and I believe this is 
the same user as when connecting via a UNIX socket:

https://github.com/cyrusimap/cyrus-imapd/blob/15c812df6a020414a2e8863fe1afdfa3273a7bad/imap/lmtpengine.c#L993-L1005

But I would welcome correction from someone who knows, I'm just looking 
at the code.

Cheers,

ellie

On Fri, May 11, 2018, at 3:20 PM, Anatoli wrote:
> Hi Ellie,
>
> Chen's question made me recheck the docs and now I have a doubt. Could 
> you please clarify under what user the LMTP-delivered mails enters 
> Cyrus when "-a" option is used over TCP with lmtpd (i.e. lmtp 
> cmd="lmtpd -a" listen="127.0.0.1:2004")?
>
> The documentation 
> (https://cyrusimap.org/imap/concepts/overview_and_concepts.html#local-mail-transfer-protocol-lmtp) 
> says:
>
>
>     For final delivery via /LMTP over a TCP socket, it is necessary to
>     use LMTP AUTH/. This is accomplished using SASL to authenticate
>     the delivering user. If your mail server is performing delivery
>     via LMTP AUTH (that is, using a SASL mechanism), you will want
>     their authentication id to be an LMTP admins (either via the
>     admins imapd.conf option or via the <service>_admins option,
>     typically lmtp_admins).
>
>     Alternatively you may deliver via /LMTP to a unix domain socket/,
>     and /the connection will be preauthenticated as an administrative
>     user/ (and access control is accomplished by controlling access to
>     the socket).
>
>
> But it doesn't say anything about the "-a:/Preauthorize connections 
> initiated on an internet socket/, instead of requiring LMTP AUTH." 
> (https://www.cyrusimap.org/imap/reference/manpages/systemcommands/lmtpd.html#cmdoption-lmtpd-a).
>
> Thanks,
> Anatoli
>
> *From:* Ellie Timoney
> *Sent:* Friday, May 11, 2018 00:46
> *To:* Info-cyrus
> *Subject:* Re: setting acl on autocreate folders
>
>
> Hi Chen,
>
>
>> So, the question : is it possible to set specific ACLs on autocreated
>> folders ? (i.e., ACLs, different from those defined by defaultacl in
>> imapd.conf).
>>
> I believe the autocreate mechanism has no particular knowledge of ACLs all all. It just uses the standard Cyrus policy for assigning them, with no way to override it.
>
> Cheers,
>
> ellie
>
> On Wed, May 9, 2018, at 6:37 PM, Chentao Credungtao via Info-cyrus wrote:
>
>> Hello,
>>
>> This question has been asked twice before by different users, but no
>> answer has ever be given.
>>
>> In 2012 :https://www.spinics.net/lists/info-cyrus/msg14612.html
>>
>> In 2016 :https://www.spinics.net/lists/info-cyrus/msg17385.html
>>
>> I guess the answer is NO, but just the same I thought i'd asked again to
>> be sure.
>>
>> So, the question : is it possible to set specific ACLs on autocreated
>> folders ? (i.e., ACLs, different from those defined by defaultacl in
>> imapd.conf).
>>
>> Thanks,
>>
>> Chen
>>
>> ----
>> Cyrus Home Page:http://www.cyrusimap.org/
>> List Archives/Info:http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>> To Unsubscribe:
>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>>
> ----
> Cyrus Home Page:http://www.cyrusimap.org/
> List Archives/Info:http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>
>
>
>
> ----
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20180511/1a781cf3/attachment.html>

More information about the Info-cyrus mailing list