|
> I
think it's good that you have to explicitly set "anyone p",
because otherwise people would be able to send plus+adressed
mails to any mailbox whose name they can guess.
As the default behavior, I agree. I've just made a couple of tests: remove "anyone p" then add "postman p" or add postman as "admins: postman" but none of these worked for plus+addressing (P+A), so the postman user appears to be some hardcoded way of dealing with LMTP delivery and has nothing in common with the normal users and operations. If my assumptions are correct, I guess what Chen (OP) was asking would be useful, i.e. to be able to define "anyone p" (either as a toggle aimed at P+A or as a free-form for any user/ACL) for some auto-created folders along the other auto-configuration features (autocreate_XXX, x-list, etc.). The idea is to be able to setup most common settings for new users without any external scripts talking to cyradm or imtest. In my case the "anyone p" permission is the only thing pending. Something like: autocreate_acl <folder> <user> <acl> (multiple autocreate_acl entries could be specified) Ellie, do you think this is something of low complexity? From:
Sebastian Hagedorn
Sent: Friday, May 11, 2018 04:36 To: Anatoli Cc: Info-cyrus Subject: Re: setting acl on autocreate folders So what I'm observing in practice is that the "-a" option is not enough I think it's good that you have to explicitly set "anyone p", because otherwise people would be able to send plus-adressed mails to any mailbox whose name they can guess. -- Sebastian Hagedorn - Weyertal 121, Zimmer 2.02 Regionales Rechenzentrum (RRZK) Universität zu Köln / Cologne University - Tel. +49-221-470-89578 |
---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
