Shared mailboxe are a very convenient way to access the content of a mailbox from different accounts. The situation I'm going to describe here is the following:
So, we are going to create “contact@example.net” as a shared mailbox and give accesses to Bob, Bill and Alice. Here is how.
Shared mailboxes are a bit special. Unlike regular mailboxes, they do not require a valid user on the system. Cyrus will use a internal “postuser” to determine the destination of incoming messages. When Postfix (or any SMTP server) receives an email for “contact@example.net”, it will forward it to “sharedboxmngr+shared.contact”. Cyrus will translate this destination address as “This is a message for a shared folder because it starts with postuser 'sharedboxmngr': deliver it to mailbox located into shared.contact”.
<note>This is explained in the man page of imapd.conf</note>
First, we create the postuser in /etc/imapd.conf:
# vim /etc/imapd.conf [...] postuser: sharedboxmngr
The altnamespace parameter also need to be changed from 'no' to 'yes' in /etc/imapd.conf.
# Alternate namespace # If enabled, activate the alternate namespace as documented in # /usr/share/doc/cyrus-doc-2.2/html/altnamespace.html, where an user's # subfolders are in the same level as the INBOX # See also userprefix and sharedprefix on imapd.conf(5) altnamespace: yes
Then, restart cyrus-imap and create the shared mailbox in the cyradm interface.
# /etc/init.d/cyrus2.2 restart Stopping Cyrus IMAPd: cyrmaster. Waiting for complete shutdown... Starting Cyrus IMAPd: cyrmaster. # cyradm --user cyrus localhost Password: localhost> cm shared.contact
The mailbox should appear in the main partition of Cyrus-Imap. The default on Debian is /var/spool/cyrus/mail so the mailbox is stored at /var/spool/cyrus/mail/c/shared/contact.
ACLs are of the following types:
| Access right | Description |
|---|---|
| l | Look up the name of the mailbox (but not its contents). (visible to LIST/LSUB/UNSEEN) |
| r | Read the contents of the mailbox. (SELECT, CHECK, FETCH, PARTIAL, SEARCH, COPY source) |
| s | Preserve the “seen” and “recent” status of messages across IMAP sessions. (STORE \SEEN) |
| w | Write flags other than \SEEN and \DELETED. |
| i | Insert (move or copy) a message into the mailbox. (APPEND, COPY destination) |
| p | Post (send mail to mailbox) |
| c | Create a new mailbox below the top-level mailbox (ordinary users cannot create top-level mailboxes) (CREATE new sub-mailboxes, RENAME or DELETE mailbox) |
| d | Delete a message and/or the mailbox itself. (STORE \DELETED, EXPUNGE) |
| a | Administer the mailbox (change the mailbox's ACL) (SETACL) |
To allow incoming messages to be delivered to this mailbox, we need to give the p permission to everybody:
localhost> setaclmailbox shared.contact anyone p
To allow Bob and Bill to read, mark, write and delete in this mailbox, we give them the lrswipcd permissions:
localhost> setaclmailbox shared.contact bob lrswipcd localhost> setaclmailbox shared.contact bill lrswipcd
To allow Alice to read the content of the mailbox, we give her the lr permissions. Since we do not give her the s permission as well, she cannot mark a message as “read” (the SEEN flag is not stored).
localhost> setaclmailbox shared.contact alice lr
<note>Instead of setaclmailbox, you can use 'setacl' or 'sam'. They mean the same thing.</note>
Now, the mailbox should appear to Bob, Bill and Alice. In Thunderbird, go to the Subscribe control panel and check the shared mailbox.
This “contact” shared mailbox is not a regular user. Therefore, Postfix cannot just forward it to cyrus like any other mail. It needs to translate “contact@example.net” into “sharedboxmngr+shared.contact”. We can do that with an alias.
There are many ways to manage aliases, but the basic one is to add a new line into /etc/aliases, as follow:
# vim /etc/aliases [...] contact: sharedboxmngr+shared.contact # postalias /etc/aliases
And that's it. Postfix should translate the alias before forwarding the email to cyrus, and cyrus will store it in the shared mailbox.