<!DOCTYPE html>
<html class="writer-html5" lang="en" >
<head>
  <meta charset="utf-8" /><meta name="generator" content="Docutils 0.19: https://docutils.sourceforge.io/" />

  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
  <title>Mailbox Namespaces &mdash; Cyrus IMAP 3.10.2 documentation</title>
      <link rel="stylesheet" href="../../../_static/pygments.css" type="text/css" />
      <link rel="stylesheet" href="../../../_static/css/theme.css" type="text/css" />
      <link rel="stylesheet" href="../../../_static/graphviz.css" type="text/css" />
      <link rel="stylesheet" href="../../../_static/cyrus.css" type="text/css" />
  
        <script data-url_root="../../../" id="documentation_options" src="../../../_static/documentation_options.js"></script>
        <script src="../../../_static/jquery.js"></script>
        <script src="../../../_static/underscore.js"></script>
        <script src="../../../_static/_sphinx_javascript_frameworks_compat.js"></script>
        <script src="../../../_static/doctools.js"></script>
        <script src="../../../_static/sphinx_highlight.js"></script>
    <script src="../../../_static/js/theme.js"></script>
    <link rel="index" title="Index" href="../../../genindex.html" />
    <link rel="search" title="Search" href="../../../search.html" />
    <link rel="next" title="Virtual Domains" href="virtual-domains.html" />
    <link rel="prev" title="Automatic Creation of Mailboxes" href="automatic-creation-of-mailboxes.html" /> 
</head>

<body class="wy-body-for-nav"> 
  <div class="wy-grid-for-nav">
    <nav data-toggle="wy-nav-shift" class="wy-nav-side">
      <div class="wy-side-scroll">
        <div class="wy-side-nav-search" >

          
          
          <a href="../../../index.html" class="icon icon-home">
            Cyrus IMAP
          </a>
              <div class="version">
                3.10.2
              </div>
<div role="search">
  <form id="rtd-search-form" class="wy-form" action="../../../search.html" method="get">
    <input type="text" name="q" placeholder="Search docs" aria-label="Search docs" />
    <input type="hidden" name="check_keywords" value="yes" />
    <input type="hidden" name="area" value="default" />
  </form>
</div>
        </div><div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="Navigation menu">
              <p class="caption" role="heading"><span class="caption-text">Cyrus IMAP</span></p>
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../../../download.html">Download</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../quickstart.html">Quickstart Guide</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="../../../overview.html">Overview</a><ul class="current">
<li class="toctree-l2 current"><a class="reference internal" href="../features.html">Features</a><ul class="current">
<li class="toctree-l3"><a class="reference internal" href="../features.html#security-and-authentication">Security and Authentication</a></li>
<li class="toctree-l3 current"><a class="reference internal" href="../features.html#mailbox-management">Mailbox Management</a><ul class="current">
<li class="toctree-l4"><a class="reference internal" href="automatic-creation-of-mailboxes.html">Automatic Creation of Mailboxes</a></li>
<li class="toctree-l4 current"><a class="current reference internal" href="#">Mailbox Namespaces</a></li>
<li class="toctree-l4"><a class="reference internal" href="virtual-domains.html">Virtual Domains</a></li>
<li class="toctree-l4"><a class="reference internal" href="mailbox-annotations.html">Mailbox Annotations (METADATA)</a></li>
<li class="toctree-l4"><a class="reference internal" href="mailbox-distribution.html">Mailbox Distribution</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../features.html#message-management">Message Management</a></li>
<li class="toctree-l3"><a class="reference internal" href="../features.html#calendar-and-contact-dav-collection-management">Calendar and Contact (DAV) Collection Management</a></li>
<li class="toctree-l3"><a class="reference internal" href="../features.html#storage">Storage</a></li>
<li class="toctree-l3"><a class="reference internal" href="../features.html#load-management">Load Management</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../overview_and_concepts.html">Concepts</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../setup.html">Setup</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../operations.html">Operations</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../developers.html">Developers</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../support.html">Support/Community</a></li>
</ul>
<p class="caption" role="heading"><span class="caption-text">Cyrus SASL</span></p>
<ul>
<li class="toctree-l1"><a class="reference external" href="http://www.cyrusimap.org/sasl">Cyrus SASL</a></li>
</ul>

        </div>
      </div>
    </nav>

    <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap"><nav class="wy-nav-top" aria-label="Mobile navigation menu" >
          <i data-toggle="wy-nav-top" class="fa fa-bars"></i>
          <a href="../../../index.html">Cyrus IMAP</a>
      </nav>

      <div class="wy-nav-content">
        <div class="rst-content">
          <div role="navigation" aria-label="Page navigation">
  <ul class="wy-breadcrumbs">
      <li><a href="../../../index.html" class="icon icon-home" aria-label="Home"></a></li>
          <li class="breadcrumb-item"><a href="../../../overview.html">Overview</a></li>
          <li class="breadcrumb-item"><a href="../features.html">Features</a></li>
      <li class="breadcrumb-item active">Mailbox Namespaces</li>
      <li class="wy-breadcrumbs-aside">
              <a href="https://github.com/cyrusimap/cyrus-imapd/blob/master/docsrc/imap/concepts/features/namespaces.rst" class="fa fa-github"> Edit on GitHub</a>
      </li>
  </ul>
  <hr/>
</div>
          <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
           <div itemprop="articleBody">
             
  <section id="mailbox-namespaces">
<span id="id1"></span><h1>Mailbox Namespaces<a class="headerlink" href="#mailbox-namespaces" title="Permalink to this heading"></a></h1>
<section id="namespace-basics">
<h2>Namespace Basics<a class="headerlink" href="#namespace-basics" title="Permalink to this heading"></a></h2>
<p><strong>What is a namespace?</strong> A namespace is a hierarchical list of mailboxes a user has access to, named to maintain uniqueness and provide access control.</p>
<p>There are four different uses of the term &quot;namespace&quot; within Cyrus:</p>
<ol class="arabic">
<li><p><strong>IMAP NAMESPACE command</strong></p>
<blockquote>
<div><p>This is the set of mailboxes a user has access to and is the namespace as defined by <span class="target" id="index-0"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc2342.html"><strong>RFC 2342</strong></a> in response to the <code class="docutils literal notranslate"><span class="pre">IMAP</span> <span class="pre">NAMESPACE</span></code> command.</p>
<p>A user can have access to three different kinds of mailboxes: their own (known as <em>personal</em>), other people's mailboxes that they have shared access to (known as <em>other users</em>) and any mailboxes that have more than one owner (known as <em>shared</em>).</p>
<p>More info at <a class="reference internal" href="#imap-admin-namespaces-user-access"><span class="std std-ref">User Access Namespaces</span></a>.</p>
</div></blockquote>
</li>
<li><p><strong>User namespace mode: altnamespace</strong></p>
<blockquote>
<div><p>Cyrus's user namespace mode controls how it responds to the <code class="docutils literal notranslate"><span class="pre">IMAP</span> <span class="pre">NAMESPACE</span></code> command and what the hierarchy of mailboxes looks like in response to an <code class="docutils literal notranslate"><span class="pre">IMAP</span> <span class="pre">LIST</span></code> command for a user. The config setting <em>altnamespace</em>: on or off in <a class="reference internal" href="../../reference/manpages/configs/imapd.conf.html#std-cyrusman-imapd.conf-5">imapd.conf(5)</a> manages the mode. It is also affected by the hierarchy separator, which can be &quot;/&quot; (default: on) or &quot;.&quot; (off) controlled by <em>unixhierarchysep</em> in <a class="reference internal" href="../../reference/manpages/configs/imapd.conf.html#std-cyrusman-imapd.conf-5">imapd.conf(5)</a>.</p>
<ol class="arabic">
<li><p>altnamespace: on (default)</p>
<blockquote>
<div><ul class="simple">
<li><p>personal: &quot;&quot; (empty string)</p></li>
<li><p>other users: &quot;Other Users&quot; (The string can be changed in <a class="reference internal" href="../../reference/manpages/configs/imapd.conf.html#std-cyrusman-imapd.conf-5">imapd.conf(5)</a> with <code class="docutils literal notranslate"><span class="pre">userprefix</span></code>)</p></li>
<li><p>shared: &quot;Shared Folders&quot; (The string can be changed in <a class="reference internal" href="../../reference/manpages/configs/imapd.conf.html#std-cyrusman-imapd.conf-5">imapd.conf(5)</a> with <code class="docutils literal notranslate"><span class="pre">sharedprefix</span></code>)</p></li>
</ul>
</div></blockquote>
</li>
<li><p>altnamespace: off (was known as standard or regular)</p>
<blockquote>
<div><ul class="simple">
<li><p>personal: INBOX</p></li>
<li><p>other users: user</p></li>
<li><p>shared: &quot;&quot; (empty string)</p></li>
</ul>
</div></blockquote>
</li>
</ol>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>altnamespace mode is valid only for the <em>user</em> namespace: it doesn't affect the <a class="reference internal" href="#imap-admin-namespaces-administrator"><span class="std std-ref">administrator's view</span></a>.</p>
</div>
<p>Consider a user &quot;uhura&quot;. Uhura can see all the folders from user &quot;spock&quot;, some folders from users &quot;kirk&quot;, as well as the shared folder &quot;commandcrew&quot;.</p>
<p>Under altnamespace:off mode with a <code class="docutils literal notranslate"><span class="pre">.</span></code> separator, she sees her folders as:</p>
<blockquote>
<div><ul class="simple">
<li><p>INBOX</p></li>
<li><p>INBOX.folder-1</p></li>
<li><p>INBOX.folder-2 (etc)</p></li>
<li><p>user.spock (this is INBOX for &quot;spock&quot;)</p></li>
<li><p>user.spock.folder-x</p></li>
<li><p>user.kirk.folder-y (&quot;kirk&quot; hasn't shared their INBOX)</p></li>
<li><p>commandcrew</p></li>
</ul>
</div></blockquote>
<p>Under altnamespace:on mode with a <code class="docutils literal notranslate"><span class="pre">/</span></code> separator, she sees her folders as:</p>
<blockquote>
<div><ul class="simple">
<li><p>INBOX (INBOX is special in IMAP and is always the users Inbox)</p></li>
<li><p>folder-1</p></li>
<li><p>folder-2 (etc)</p></li>
<li><p>Other Users/spock</p></li>
<li><p>Other Users/spock/folder-x</p></li>
<li><p>Other Users/kirk/folder-y</p></li>
<li><p>Shared Folders/commandcrew</p></li>
</ul>
</div></blockquote>
<div class="admonition warning">
<p class="admonition-title">Warning</p>
<p>When using a <code class="docutils literal notranslate"><span class="pre">.</span></code> separator (unixhierarchysep: off), user names and folder names
internally swap the <code class="docutils literal notranslate"><span class="pre">.</span></code> with <code class="docutils literal notranslate"><span class="pre">^</span></code>. This is because dots mark a subfolder if
you're not using unixhierarchy separators. Some IMAP clients do not cope well with the ^ character, which is why
unixhierarchysep: on is now the default as it allows dots in usernames and folder names.</p>
</div>
<p>More info at <a class="reference internal" href="#imap-admin-namespaces-mode"><span class="std std-ref">User Namespace Mode</span></a>.</p>
</div></blockquote>
</li>
<li><p><strong>Administrator namespace</strong></p>
<blockquote>
<div><p>While a user has their three kinds of mailboxes they have access to, an administrator can see all mailboxes (optionally restricted to the administrator's own domain). As a result, the response to <code class="docutils literal notranslate"><span class="pre">LIST</span></code> commands is different for administrators.</p>
<p>In the administrator namespace, all user mailboxes are presented as <code class="docutils literal notranslate"><span class="pre">user/&lt;username&gt;/&lt;folder&gt;</span></code> (with unixhierarchysep: on) and with <code class="docutils literal notranslate"><span class="pre">&#64;&lt;domain&gt;</span></code> appended in virtual domain mode. Shared folders appear at the top level. The user namespace mode (altnamespace on/off) does NOT affect administrator mode; only the hierarchy separator affects display.</p>
<p>For unixhierarchy separators:</p>
<blockquote>
<div><ul class="simple">
<li><p>shared/commandcrew</p></li>
<li><p><a class="reference external" href="mailto:user/uhura&#37;&#52;&#48;example&#46;com">user/uhura<span>&#64;</span>example<span>&#46;</span>com</a></p></li>
<li><p><a class="reference external" href="mailto:user/uhura/folder-1&#37;&#52;&#48;example&#46;com">user/uhura/folder-1<span>&#64;</span>example<span>&#46;</span>com</a></p></li>
<li><p><a class="reference external" href="mailto:user/spock&#37;&#52;&#48;example&#46;com">user/spock<span>&#64;</span>example<span>&#46;</span>com</a></p></li>
<li><p><a class="reference external" href="mailto:user/spock/folder-x&#37;&#52;&#48;example&#46;com">user/spock/folder-x<span>&#64;</span>example<span>&#46;</span>com</a></p></li>
<li><p><a class="reference external" href="mailto:user/kirk&#37;&#52;&#48;example&#46;com">user/kirk<span>&#64;</span>example<span>&#46;</span>com</a></p></li>
<li><p><a class="reference external" href="mailto:user/mc&#46;coy&#37;&#52;&#48;example&#46;com">user/mc<span>&#46;</span>coy<span>&#64;</span>example<span>&#46;</span>com</a></p></li>
</ul>
</div></blockquote>
<p>More info at <a class="reference internal" href="#imap-admin-namespaces-administrator"><span class="std std-ref">Administrator Namespaces</span></a>.</p>
</div></blockquote>
</li>
<li><p><strong>Internal namespace</strong></p>
<blockquote>
<div><p>Developer reference only. This is how each mailbox is uniquely stored inside <code class="docutils literal notranslate"><span class="pre">mailboxes.db</span></code>. Each mailbox name has a unique representation that is the &quot;key&quot; in the mailboxes.db key-value database.</p>
<blockquote>
<div><ul class="simple">
<li><p>commandcrew (??)</p></li>
<li><p>example.com!user.uhura</p></li>
<li><p>example.com!user.uhura.folder-1</p></li>
<li><p>example.com!user.spock</p></li>
<li><p>example.com!user.spock.folder-x</p></li>
<li><p>example.com!user.kirk</p></li>
<li><p>example.com|user.mc^coy</p></li>
</ul>
</div></blockquote>
<p>More info at <a class="reference internal" href="../../developer/namespaces.html#imap-developer-namespaces"><span class="std std-ref">Namespaces: a developer view</span></a>.</p>
</div></blockquote>
</li>
</ol>
</section>
<section id="user-access-namespaces">
<span id="imap-admin-namespaces-user-access"></span><h2>User Access Namespaces<a class="headerlink" href="#user-access-namespaces" title="Permalink to this heading"></a></h2>
<section id="personal-namespace">
<span id="imap-features-namespaces-personal"></span><h3>Personal Namespace<a class="headerlink" href="#personal-namespace" title="Permalink to this heading"></a></h3>
<p>The personal namespace refers to the hierarchy of mailboxes that a
Cyrus IMAP user owns, such as user <em>Nyota Uhura &lt;nyota.uhura&#64;example.com&gt;</em>
being the owner of the <code class="docutils literal notranslate"><span class="pre">user/nyota.uhura&#64;example.com</span></code> hierarchy.</p>
<p>Mailboxes in the personal namespace start with the literal string <code class="docutils literal notranslate"><span class="pre">user</span></code>.</p>
<p>Uhura will typically view her personal namespace such that sub-folders of
her INBOX may not have a distinguished prefix -- other than perhaps
<code class="docutils literal notranslate"><span class="pre">INBOX</span></code> if <code class="docutils literal notranslate"><span class="pre">altnamespace</span></code> is disabled:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">INBOX</span>
<span class="n">Drafts</span>
<span class="n">Sent</span> <span class="n">Items</span>
<span class="n">Spam</span>
<span class="n">Trash</span>
</pre></div>
</div>
</section>
<section id="other-users-namespace">
<span id="imap-features-namespaces-other-users"></span><h3>Other Users Namespace<a class="headerlink" href="#other-users-namespace" title="Permalink to this heading"></a></h3>
<p>The Other Users namespace is a namespace that is reserved for mailboxes
in other user's personal namespaces, that have been shared with the
current user.</p>
<p>With <em>Spock</em> and <em>Kirk</em> in the same environment, who are also sharing
their personal mailboxes with <em>Uhura</em>, the
<a class="reference internal" href="#imap-features-namespaces-other-users"><span class="std std-ref">Other Users Namespace</span></a> namespace kicks in when
these mailboxes are viewed.</p>
<p>For <em>Nyota Uhura &lt;nyota.uhura&#64;example.org&gt;</em>, with
<em>James Kirk &lt;james.kirk&#64;example.org&gt;</em> sharing a selection of his mailboxes, Uhura's mailbox list looks like:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">INBOX</span>
<span class="n">Drafts</span>
<span class="n">Sent</span> <span class="n">Items</span>
<span class="n">Spam</span>
<span class="n">Trash</span>
<span class="n">Other</span> <span class="n">Users</span><span class="o">/</span><span class="n">james</span><span class="o">.</span><span class="n">kirk</span>
<span class="n">Other</span> <span class="n">Users</span><span class="o">/</span><span class="n">james</span><span class="o">.</span><span class="n">kirk</span><span class="o">/</span><span class="n">Subfolder</span>
</pre></div>
</div>
<p>Note that the prefix used here is &quot;Other Users&quot; to show the mailbox
in question is part of another user's personal namespace.</p>
<p>The other users namespace can be suppressed in LIST commands by setting
<code class="docutils literal notranslate"><span class="pre">disable_user_namespace</span></code> to <code class="docutils literal notranslate"><span class="pre">1</span></code> in <a class="reference internal" href="../../reference/manpages/configs/imapd.conf.html#std-cyrusman-imapd.conf-5">imapd.conf(5)</a>. This
is useful in larger environments because of the nature of the
<a class="reference internal" href="../../reference/admin/access-control.html#imap-admin-access-control-lists-discretionary"><span class="std std-ref">Discretionary Access Control</span></a> Cyrus IMAP
entertains by default.</p>
</section>
<section id="shared-namespaces">
<span id="imap-features-namespaces-shared"></span><h3>Shared Namespaces<a class="headerlink" href="#shared-namespaces" title="Permalink to this heading"></a></h3>
<p>Shared namespaces contain mailboxes
that are not owned by any one user, though one or more actual
users have administrative rights on the folders.</p>
<p>More than one shared namespaces can be created (aside from those named
<code class="docutils literal notranslate"><span class="pre">user</span></code> as this hierarchy is reserved for the
<a class="reference internal" href="#imap-features-namespaces-personal"><span class="std std-ref">Personal Namespace</span></a> of each user).</p>
<p>Examples of shared folders could include:</p>
<p class="rubric">Shared mail folders for mailing list traffic</p>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">lists/cyrus.imap/announce&#64;example.org</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">lists/cyrus.imap/devel&#64;example.org</span></code></p></li>
</ul>
<p class="rubric">Shared mail folders for common email addresses</p>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">shared/contact&#64;example.org</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">shared/hostmaster&#64;example.org</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">shared/info&#64;example.org</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">shared/postmaster&#64;example.org</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">shared/root&#64;example.org</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">shared/webmaster&#64;example.org</span></code></p></li>
</ul>
<p>The shared namespace can be suppressed in LIST commands by setting
<code class="docutils literal notranslate"><span class="pre">disable_shared_namespace</span></code> to <code class="docutils literal notranslate"><span class="pre">1</span></code> in <a class="reference internal" href="../../reference/manpages/configs/imapd.conf.html#std-cyrusman-imapd.conf-5">imapd.conf(5)</a>. This
is useful in larger environments that want to avoid all LIST
operations which can result in large, long lists of folders.</p>
</section>
</section>
<section id="user-namespace-mode">
<span id="imap-admin-namespaces-mode"></span><h2>User Namespace Mode<a class="headerlink" href="#user-namespace-mode" title="Permalink to this heading"></a></h2>
<section id="altnamespace-on-or-off">
<h3>altnamespace: on or off<a class="headerlink" href="#altnamespace-on-or-off" title="Permalink to this heading"></a></h3>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>If you are upgrading an existing server which uses <a class="reference internal" href="../../reference/manpages/systemcommands/timsieved.html#std-cyrusman-timsieved-8">timsieved(8)</a> to manage Sieve scripts and choose to swap namespace modes, you should run the script <a class="reference internal" href="../../reference/manpages/systemcommands/translatesieve.html#std-cyrusman-translatesieve-8">translatesieve(8)</a> after configuring the namespace option(s). This script will translate the folder names in fileinto actions.</p>
</div>
<p>By default  Cyrus IMAP uses <em>altnamespace: on</em> , and unixhierarchysep: on &quot;/&quot; (slash) character for the
hierarchy separator.</p>
<p>The following limits also apply:</p>
<ul class="simple">
<li><p>Mailbox names are case-sensitive,</p></li>
<li><p>A mailbox name may not start with a <code class="docutils literal notranslate"><span class="pre">.</span></code> (dot) character,</p></li>
<li><p>A mailbox name may not contain two <code class="docutils literal notranslate"><span class="pre">.</span></code> (dot) characters in a row,</p></li>
<li><p>Non-ASCII characters and shell meta-characters are not permitted in
mailbox names.</p></li>
</ul>
<p>While these limits apply under all circumstances, use of the unix hierarchy separator can also affect the display.</p>
<p>When using the altnamespace:off namespace mode, a user's
shorthand qualifier (e.g. <code class="docutils literal notranslate"><span class="pre">john</span></code> for <code class="docutils literal notranslate"><span class="pre">john&#64;example.org</span></code>) MAY NOT
contain a <code class="docutils literal notranslate"><span class="pre">.</span></code> (dot) character, as the character is being used as a
hierarchy separator in mailbox names, and would thus create a personal
mailbox rather then a user's INBOX. Using <code class="docutils literal notranslate"><span class="pre">john.doe</span></code> for
the INBOX name for user <em>John Doe &lt;john.doe&#64;example.org&gt;</em> does not work,
as it would create a sub-folder <code class="docutils literal notranslate"><span class="pre">doe</span></code> for the INBOX <code class="docutils literal notranslate"><span class="pre">user.john</span></code>.</p>
<p>The same limitation goes for the use of virtual domains. Since a mailbox
in a virtual domain typically uses a fully qualified user identifier
(e.g. <code class="docutils literal notranslate"><span class="pre">john&#64;example.org</span></code>, thus including a valid (sub-)domain name),
the <code class="docutils literal notranslate"><span class="pre">.</span></code> (dot) character is inherited from the Domain Name System
naming convention. This poses a problem without the use of the <code class="docutils literal notranslate"><span class="pre">.</span></code>
(dot) character as a mailbox hierarchy separator.</p>
</section>
<section id="example">
<h3>Example<a class="headerlink" href="#example" title="Permalink to this heading"></a></h3>
<p>In a default situation using the altnamespace:on namespace
mode, a user <em>John Doe &lt;john&#64;example.org&gt;</em> would start out with a
mailbox <code class="docutils literal notranslate"><span class="pre">INBOX</span></code>, and will want to create sub-folders such as
for drafted and sent messages.</p>
<p>These mailboxes will be presented to John's client as follows (assuming dot separator):</p>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">INBOX</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">Drafts</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">Sent</span> <span class="pre">Items</span></code></p></li>
</ul>
<p>Where altnamespace is set to off, this looks like:</p>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">INBOX</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">INBOX.Drafts</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">INBOX.Sent</span> <span class="pre">Items</span></code></p></li>
</ul>
<div class="admonition warning">
<p class="admonition-title">Warning</p>
<p>Changing <code class="docutils literal notranslate"><span class="pre">altnamespace</span></code> in an active operating environment will
cause all IMAP clients to need to resync the entire hierarchy.</p>
</div>
<hr class="docutils" />
</section>
</section>
<section id="administrator-namespaces">
<span id="imap-admin-namespaces-administrator"></span><h2>Administrator Namespaces<a class="headerlink" href="#administrator-namespaces" title="Permalink to this heading"></a></h2>
<p>An administrator -- a user for which the username is included in the
<code class="docutils literal notranslate"><span class="pre">admins</span></code> setting in <a class="reference internal" href="../../reference/manpages/configs/imapd.conf.html#std-cyrusman-imapd.conf-5">imapd.conf(5)</a> -- has a different
perspective when using the IMAP protocol to perform administrative
tasks.</p>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>The administrator namespace is not affected by the user namespace mode (altnamespace: on/off)</p>
</div>
<p>With the UNIX hierarchy separator enabled, the list would look as
follows:</p>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">user/jane</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">user/jane/Drafts</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">user/jane/Sent</span> <span class="pre">Items</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">user/john</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">user/john/Drafts</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">user/john/Sent</span> <span class="pre">Items</span></code></p></li>
</ul>
<p>Continuing with the UNIX hierarchy separator enabled, should virtual
domains be in use, the list may appear to the administrator user
<code class="docutils literal notranslate"><span class="pre">cyrus</span></code> as follows:</p>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">user/jane&#64;example.org</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">user/jane/Drafts&#64;example.org</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">user/jane/Sent</span> <span class="pre">Items&#64;example.org</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">user/john&#64;example.org</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">user/john/Drafts&#64;example.org</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">user/john/Sent</span> <span class="pre">Items&#64;example.org</span></code></p></li>
</ul>
<p>But the <code class="docutils literal notranslate"><span class="pre">admins</span></code> setting in <a class="reference internal" href="../../reference/manpages/configs/imapd.conf.html#std-cyrusman-imapd.conf-5">imapd.conf(5)</a> allows for a
username of <code class="docutils literal notranslate"><span class="pre">admin&#64;example.org</span></code> to be specified as an administrator as
well. Should <code class="docutils literal notranslate"><span class="pre">admin&#64;example.org</span></code> take a peek, then the following list
would appear:</p>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">user/jane</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">user/jane/Drafts</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">user/jane/Sent</span> <span class="pre">Items</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">user/john</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">user/john/Drafts</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">user/john/Sent</span> <span class="pre">Items</span></code></p></li>
</ul>
<div class="admonition important">
<p class="admonition-title">Important</p>
<p>In multi-domain or multi-tenant environments, the following
mailboxes may exist:</p>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">user/john</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">user/john&#64;example.com</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">user/john&#64;example.org</span></code></p></li>
</ul>
<p>Be aware that an unrealmed <code class="docutils literal notranslate"><span class="pre">cyrus</span></code> administrator user
can administrator mailboxes in each of the three realms (null for
<code class="docutils literal notranslate"><span class="pre">user/john</span></code>, <code class="docutils literal notranslate"><span class="pre">example.com</span></code> for <code class="docutils literal notranslate"><span class="pre">user/john&#64;example.com</span></code> and
<code class="docutils literal notranslate"><span class="pre">example.org</span></code> for <code class="docutils literal notranslate"><span class="pre">user/john&#64;example.org</span></code>), but a realmed
administrator <code class="docutils literal notranslate"><span class="pre">admin&#64;example.org</span></code> will be able to see and administer
mailboxes restricted to the <code class="docutils literal notranslate"><span class="pre">example.org</span></code> authorization realm.
In this case they will see <code class="docutils literal notranslate"><span class="pre">john&#64;example.com</span></code>
being presented as <code class="docutils literal notranslate"><span class="pre">user/john</span></code> -- not to be confused with the
actually unrealmed <code class="docutils literal notranslate"><span class="pre">user/john</span></code> mailbox that exists on the system
as well.</p>
</div>
</section>
</section>


           </div>
          </div>
          <footer><div class="rst-footer-buttons" role="navigation" aria-label="Footer">
        <a href="automatic-creation-of-mailboxes.html" class="btn btn-neutral float-left" title="Automatic Creation of Mailboxes" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left" aria-hidden="true"></span> Previous</a>
        <a href="virtual-domains.html" class="btn btn-neutral float-right" title="Virtual Domains" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right" aria-hidden="true"></span></a>
    </div>

  <hr/>

  <div role="contentinfo">
    <p>&#169; Copyright 1993–2025, The Cyrus Team.</p>
  </div>

  Built with <a href="https://www.sphinx-doc.org/">Sphinx</a> using a
    <a href="https://github.com/readthedocs/sphinx_rtd_theme">theme</a>
    provided by <a href="https://readthedocs.org">Read the Docs</a>.
   

</footer>
        </div>
      </div>
    </section>
  </div>
  <script>
      jQuery(function () {
          SphinxRtdTheme.Navigation.enable(true);
      });
  </script>
 



</body>
</html>