Hi,
suppose I upload a script to the server using managesieve. A perfectly
fine script which contain only a fileinto command for the mailbox
/mumble/stumble. The next day, someone who doesn't like me changes the
ACL on /mumble/stumble such that I no longer have the right to insert
messages into it.
The implication here is that you might want to check fileinto validity
in managesieve. I'm very dubious about this being a good idea - in addition
to ACLs changing after the fact, there's also the issue of uploading the
sieve referring to the mailbox before the mailbox is created.
I also suspect that in many architectures it would be quite difficult to
perform such a check. It certainly is next to impossible to do a meaningful
check of this sort in ours.
What should happen when a message arrives and the script wants to
fileinto? I can't find any mention at all of access control in 3028bis,
far less of access control which changes after the sieve is blessed by
managesieve.
We handle this case essentially by converting the fileinto into a keep.
I don't thinking requiring such behavior is a good idea, however, we might
want to point out the issue and suggest this as one way to deal with it.
Ned