On Nov 16, 2008, at 5:56 AM, Philip Guenther wrote:
If answer to either one is "yes", how are the ACL identifiers matched?Unspecified and implementation dependent, but that's true of basically allauthentication ID handling in IMAP, no?
Sure, I was just trying to figure out some reasonable way to implement it.
How I eventually ended up handling this in Sendmail's product was roughlyas follows:- if delivery was specified by an action in a user's sieve filter, the ACLcheck would be as that user- if a user didn't have a sieve filter then, by default, delivery will beto the user's INBOX (+detail will be ignored) and will be permitted regardless of the mailbox's ACL - alternatively, it can be configured to pass through +detail info and check for anonymous having 'p' right when a +detail is supplied - delivery that's specified by an adminstrative filter generally skips the ACL check
Thanks, this sounds good. I'll probably implement it the same way.I'm not entirely sure about the default 'p' right though. If I give "anyone +p" right it would mean that user1's Sieve script could do fileinto "shared/user2/INBOX", which doesn't seem like a good idea. I guess I could create a completely separate "anonymous" user that doesn't match any other user. Then each mailbox could have by default an "anonymous +p" right (it would match non-INBOX only when using +detail addresses).
Attachment:
PGP.sig
Description: This is a digitally signed message part