OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Postfix and Cyrus: user+mailbox
From: Darron Froese (darronfroese.org)
Date: Mon Sep 04 2000 - 16:26:24 CDT

I've been using the "recipient_delimiter = +" option in Postfix to help to
sort my email a little better and while it works great I have a question
about implementing it on a larger scale than my home email server.

In order to deliver email directly to a submailbox (rather than using Sieve
or Procmail), the user delivering to it must have 'p' right set on the acl
of the mailbox.

Postfix is set up to deliver to cyrus under the user "anonymous" by default:

cyrus unix - n n - - pipe
    flags=R user=cyrus argv=/usr/local/cyrus-imapd-1.6.24/bin/deliver -e -m
${extension} ${user}

In order to allow delivery directly to a mailbox, one has to manually set
the acl on the mailbox to give the user anonymous the "p" right.

On a server with many users and mailboxes, this is unfeasable as they have
the ability to create their own folders and I don't want to have to change
the acl's on each one manually. Also the "defaultacl" option doesn't seem to
apply here.

Instead, I've gotten it to work (without changing all of the acl's) by
adding this variable and setting the "authorization id" to the user the
message is actually addressed to:

cyrus unix - n n - - pipe
    flags=R user=cyrus argv=/usr/local/cyrus-imapd-1.6.24/bin/deliver -a
${user} -e -m ${extension} ${user}

That user already has the "p" right by default - as it's their mailbox - and
it works beautifully.

My question is this:

How have other people gotten around this?
Is my solution/workaround proper?
Am I opening up any extra holes that I should know about?

It's such a simple solution...that's what's worrying me. 

-- 
Darron
darronfroese.org