IMAP ACLs reference

There is some confusion about IMAP ACLs, and how they are used and implemented by MDaemon, Outlook Connector and WorldClient.

First, what are ACLs? ACL stands for “Access Control List”, and ACLs are a way of controlling who can see a folder, and what rights a user has within that folder.

There are 10 defined ACLs supported by MDaemon:

  • l – lookup (mailbox is visible to LIST/LSUB commands)
  • r – read (SELECT the mailbox, perform CHECK, FETCH, PARTIAL, SEARCH, COPY from mailbox)
  • s – keep seen/unseen information across sessions (STORE SEEN flag)
  • w – write (STORE flags other than SEEN and DELETED)
  • i – insert (perform APPEND, COPY into mailbox)
  • p – post (send mail to submission address for mailbox, not enforced by IMAP4 itself)
  • c – create (CREATE new sub-mailboxes in any implementation-defined hierarchy)
  • d – delete (STORE DELETED flag, perform EXPUNGE)
  • a – administer (perform SETACL)

Note the differences between “write”, “insert”, “post” and “create” as these tend to confuse people somewhat.

Outlook Connector (and MDaemon Groupware before it) rely on the same set of IMAP ACLs, but implement them somewhat differently. For example, IMAP has no concept of “editing” an item, so instead, when you modify an item in Outlook Connector, Outlook Connector will INSERT a new item and DELETE the old item, so to edit, you require both the INSERT and DELETE rights.

In non-email folders, the “keep seen/unseen”, “w – write”, “p – post” rights are not used and can be ignored.

WorldClient implements ACLs in a nearly identical fashion to MDaemon and Outlook Connector, emulating as many of the permissions as closely as possible.

Note that users own all folders contained within their mailboxes at all times, and the owner of a folder always has all rights and even if these rights aren’t explicitly listed, they are granted. Public folders don’t have an owner.

Lastly, note that ACLs are inherited by subfolders when they are created, but permission changes to a parent don’t apply to children unless the administrator uses the “Set sub” folder to set permissions on subfolders.

Changing the iPhone IMAP “Sent” folder name

One of the downsides to using multiple devices or clients against a single IMAP account is that every device/client does things a little differently. Some use the IMAP deleted flag, some use a “Trash” folder, others use “Deleted Items”.  Sent it almost as bad, most clients use “Sent”, but many use “Sent Items” (Outlook’s standard).

Luckily many IMAP clients allow you to reconfigure the special Sent, Drafts and Trash folders.  With the iPhone, you can change these folders, but the option is well hidden, and isn’t always accessible.

First, create an IMAP account on your iPhone, then follow these instructions:

  1. Start at the home screen
  2. Go to Settings
  3. Choose “Mail, Contacts, Calendar”
  4. Select an IMAP account
  5. Scroll to the very bottom of the list, choose “Advanced”
  6. Change each of the “Mailbox Behaviours” items as needed.

If no folders show up in the list, return to the home screen, go to the Mail app, open the account, this should present you with a folder list.  Now return to step #1 and try again.

Also be aware that even once you change a mailbox, it will still show up with the default name in the iPhone interface, however, the iPhone will use the selected folder when interacting with the server.

Automatically creating IMAP folders for new users

I recently had a request to automatically create one or more IMAP folders for all new users, and subscribe to them automatically.

I was originally hoping to implement it entirely in the content filter, but it was a bit more complex then I’d hoped.

Right now my script assumes that MDaemon is installed at C:\MDaemon\ and user folders are C:\MDaemon\Users\$DOMAIN$\$MAILBOX$\ if this is not correct, you will need to modify the batch file and content filter rules to update the paths, or post back here and I can send an updated version.

Download newuser-imap-folders which contains three files, cfrules.txt, newuser.cmd and newuser.mrk.

  1. Make a directory called C:\MDaemon\Scripts
  2. Copy the “newuser.cmd” and “newuser.mrk” files into this directory.
  3. Open cfrules.dat in notepad, copy the contents into the clipboard.
  4. Open \MDaemon\App\cfrules.dat in notepad, paste the content of my cfrules.txt into the top of cfrules.dat, save cfrules.dat and close it.
  5. Go to MDaemon, open the content filter, you should see a new rule called “Trap Welcome Message” — Enable it.

At this point any newly created user should have three folders, “Test1”, “Test2” and “Test3” created, and they should be automatically subscribed to these folders.

Changing the list of folders requires editing the two newuser files.

In newuser.cmd, there are three lines at the bottom that look like this:

MD C:\MDaemon\Users\%2\%1\Test1.IMAP

You can add as many of these lines as you want, just replace the “Test1” with the name of the folder you want to create.

If you want to use a foldername with spaces, use this instead:

MD “C:\MDaemon\Users\%2\%1\Test 1.IMAP”

You’ll also need to edit newuser.mrk, there are three lines at the bottom that look like this:


This file controls the IMAP subscriptions for the user, so if you want the created folders to be automatically subscribed, list the folders here.  No quotes are required for a folder name with spaces here.

Hopefully this all makes sense and you don’t have any troubles, but if you do, please reply back in the comments and I’d be happy to assist.

UPDATE (2008/08/20): ZIP file was not properly linked/attached the first time around, re-uploaded to the server and updated the page.

Download at newuser-imap-folders