On 2006-02-23 at 14:52 +0000, Dennis Davis wrote:
> Anyone should feel free to shoot my ideas down in flames if they can
> think of a better way of doing the following.
Not in flames; the Exim stuff is useful, I can't think of a way to do it
without modifying either Exim or Cyrus and your way works. But I'm not
sure if you've thought of a potentially nasty side-effect of doing it
without Cyrus knowing about it.
> I'd like to request an additional private option --
> "force_local_authenticated"
That part's good and generally useful for Exim, but what you're doing
with it seems dangerous, unless I'm misunderstanding.
Beware that there's a lot of personal opinion below, as this is a
judgement call (which you're obviously free to ignore, but please do
think about the points). Sorry about all the "I"/"me"/yada.
> cyrus_ltmp_plus_something:
> force_local_authenticated = true
> authenticated_sender = $local_part
So Exim will authenticate as the user and so allow delivery to any
folder which the user can write to?
That means that _anyone_ can send email to D.H.Davis+Received (for
instance) and you'll never see it, but in the event of a legal dispute
they could claim that you must have seen it and read it.
Is this just not a concern in your set-up? It makes me nervous, but to
each their own and my needs aren't yours. I could just be
misunderstanding; I just want to make sure that you've thought this
through (sorry if this is patronising).
My work set-up is closest to the environment you have, I think; I
suspect that our legal counsel would scream blue murder if I let anyone
on the Internet control which of _any_ of her folders a mail from them
was delivered to. (That's not a complaint; our bedrijfsjurist (legal
counsel) just tends to think through to consequences more than the users
who go "ooh shiny" and stop thinking).
I'd be more inclined to hack Cyrus to have a new option, letting an
unauthenticated user use the rcpt+folder delivery to any sub-folder of
rcpt's INBOX _IF_ that folder is on rcpt's subscription list. Even
better would be to allow those knowledgeable enough to turn it on with
an ANNOTATEMORE attribute on their INBOX folder. It might be elitist,
but I strongly suspect that people clueful enough to use +ext and want
direct-to-folder delivery are capable of speaking raw IMAP to turn it
on, if their client doesn't support ANNOTATEMORE.
If you want me to provide a Cyrus patch (money where my mouth is), I can
take a look this weekend.
I didn't respond immediately because I needed to think it through,
because I use a somewhat different set-up to achieve the same thing at
home. For user-controllable de-multiplexing, my set-up doesn't scale
beyond "household" level, because it relies upon an entire mail-domain
with the people using the service able to choose what should happen to
any mail in that domain. The same Exim/Cyrus set-up is used at work,
but with the ACLs not granting that user control, so it just handles
admin-created shared folders.
I'll explain my set-up both because it might be useful for thinking from
a different angle and because my wife is happy using it with
Thunderbird, so it's something which a general userbase can understand.
The ISP[1] I use supplies all left-hand-sides @accountname.isp to me; I
use careful group membership with Exim and Cyrus to let Exim see which
shared folders exist and deliver straight to the shared folder if it
exists, or to a last-resort bucket otherwise. (We don't use dedicated
folders for pizza delivery orders, but we do use a pizza-co@ LHS so that
we can see who leaks addresses to spammers.) This works well enough
that my less-technical wife is happy using it with Thunderbird. At
work, something similar is used but users don't have the ability to
create or delete folders; it just handles those shared folders the
mail-admin create for staff.
I'm happy to supply Exim/Cyrus configs and details; the only caveat is
to make sure that no user can delete the last-resort folder, because an
accidental GUI mis-click moving your last-resort folder to become a
child of another folder will result in your system bouncing mail.
Received enlightentment the hard way.
[1] full disclosure: I work for that ISP, *cough* often dealing with the
SMTP/POP3 mail-systems; but I use IMAP at home.
--
I am keeping international relations on a peaceable footing.
You are biding your time before acting.
He is coddling tyrants.
-- Roger BW on topic of verb conjugation
