On Wed, 10 Jan 2007, Rob Mueller wrote:
but this is in conflict with the the idea that in a large installation of
people who don't know each other the 'anyone' permission doesn't make
sense.
what is really desired for + addressing is to say that messages that arrive
via the lmtp interface are allowed to write to all folders (not just the
inbox folders) without allowing other users on the system to write
arbatrary data to other people's folders via the IMAP interface.
at least if it's arriving via the lmtp interface you have reason to believe
that it's been (somewhat) validated by your MTA.
That's really what the "p" permission is all about:
p - post (send mail to submission address for mailbox,
not enforced by IMAP4 itself)
So setting "anyone p" means that email via LMTP can be put into any persons
folder by the delivery agent, but that folder isn't visible or accessible via
any IMAP commands.
At least that how I believe it works, and what we've observed. Maybe Ken can
clarify?
Ok, I thought that 'post' pre-dated lmtp and was the IMAP function to write a
message into the folder.
i.e. a program like imapsync would need the 'p' permission to write the
messages, (but would need other permissions to check for messages, set flags,
etc)
I'll play around with things a bit while waiting for clarification.
David Lang
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
