Access Control Defaults


The admin users (imapd.conf(5) variable “admins”) get automatic go-everywhere, do-everything privileges on every mailbox. They can also see across domains which normal users can’t.


An admin user should not be a normal email account.

Mailbox owners

The user who owns a mailbox folder has additional rights which are set regardless of any additional ACLs. These are:

These are set in implicit_owner_rights of imapd.conf(5).


For all other mailboxes not owned by a user, any user accessing these mailboxes have the following default privileges:

These are set in defaultacl of imapd.conf(5).