> -----Messaggio originale----- > Da: Aki Tuomi <aki.tu...@open-xchange.com> > Inviato: giovedì 6 febbraio 2025 13:34 > A: dove...@iotti.biz; dovecot--- via dovecot <dovecot@dovecot.org> > Oggetto: Re: R: Preventing message deletion > > > > On 06/02/2025 13:16 EET dovecot--- via dovecot <dovecot@dovecot.org> > wrote: > > > > > > > Da: Aki Tuomi <aki.tu...@open-xchange.com> > > > Inviato: giovedì 6 febbraio 2025 11:49 > > > A: dove...@iotti.biz; dovecot--- via dovecot <dovecot@dovecot.org> > > > Oggetto: Re: Preventing message deletion > > > > > > > > > > On 06/02/2025 12:39 EET dovecot--- via dovecot > > > > <dovecot@dovecot.org> > > > wrote: > > > > > > > > > > > > Hi all > > > > > > > > How may I disable message deletions via IMAP for some or all of my > users? > > > > I read on the net that a possible solution would be to use the ACL > > > > IMAP plugin. But the examples I found were not so clear to me. We > > > > do not use shared mailboxes or namespaces. Only simple virtual > > > > users, each with it's own private mailbox. > > > > I would like to use the global acl file both for administration > > > > simplicity and because as I understood, global acl enrties take > > > > preference over any user setting. > > > > > > > > In the ACL page example there is a line: > > > > * user=foo lrw > > > > > > > > But in the comment it tells that doing so, every user' mailbox > > > > would be shared with the foo user, with the lrw permissions. Which > > > > is not what I would want. I don't need to share anything, just to > > > > restrict what the user, foo here, can do on his mailbox. > > > > > > > > Thank you, > > > > Luigi > > > > > > Hi! > > > > > > Folder sharing won't actually happen unless you have a shared namespace. > > > > > > And you can also use `owner` which refers to the mailbox owner, so > > > > > > * owner -te > > > > > > which will mean that the owner is not allowed to expunge or write > > > \deleted flag. > > > > Thank you AKi for the clarification. > > > > At least in this rather old dovecot-2.2.36 from CentOS 7 (I know, it needs > updating but I have to do what says the one who pays:) using the negative "- > te" form did not work. I found in my logs: > > dovecot: imap(t...@domain.com): Error: Global ACL file > /etc/dovecot/global-acls line 1: Unknown ACL '-' > > and mailbox access was prevented for all users. > > > > I used the form > > * user=t...@domain.com lrwsipk > > > > And it seem to work now. > > > > Thank you again. > > > > I would use > > * owner lrwsipk > > unless it's exactly that one use you want to affect? > > Aki
Sorry for the late reply: I made some test. The solution suggested works. Indeed, I used the explicit username and not "owner" in the acl line just because I have to restrict only some users. But another problem appeared. Now it's not possible to move messages between IMAP folders. I dumped the traffic and a MOVE imap command Is issued. I found that the "e" (expunge) acl right is what is missing, which was cleared out to prevent deletions. I just imagine that there is no solution to prevent message delete, but allow move, but hope there are other solutions. Thank you Luigi _______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
