flectra/addons/mail/security/mail_security.xml

<?xml version="1.0" encoding="utf-8"?>
<flectra>
    <data noupdate="1">

        <!-- RULES -->
        <record id="mail_channel_rule" model="ir.rule">
            <field name="name">Mail.channel: access only public and joined groups</field>
            <field name="model_id" ref="model_mail_channel"/>
            <field name="domain_force">['|', '|',
('public', '=', 'public'),
'&amp;', ('public', '=', 'private'), ('channel_partner_ids', 'in', [user.partner_id.id]),
'&amp;', ('public', '=', 'groups'), ('group_public_id', 'in', [g.id for g in user.groups_id])]</field>
            <field name="perm_create" eval="False"/>
        </record>

        <record id="mail_followers_read_write_own" model="ir.rule">
            <field name="name">mail.followers: write its own entries</field>
            <field name="model_id" ref="model_mail_followers"/>
            <field name="groups" eval="[(4, ref('base.group_user')), (4, ref('base.group_portal'))]"/>
            <field name="domain_force">[('partner_id', '=', user.partner_id.id)]</field>
            <field name="perm_create" eval="False"/>
            <field name="perm_unlink" eval="False"/>
            <field name="perm_read" eval="False"/>
        </record>

        <record id="ir_rule_mail_notifications_group_user" model="ir.rule">
            <field name="name">mail.notifications: group_user: write its own entries</field>
            <field name="model_id" ref="model_mail_notification"/>
            <field name="groups" eval="[(4, ref('base.group_user')), (4, ref('base.group_portal'))]"/>
            <field name="domain_force">[('res_partner_id', '=', user.partner_id.id)]</field>
            <field name="perm_create" eval="False"/>
            <field name="perm_unlink" eval="False"/>
            <field name="perm_read" eval="False"/>
        </record>

        <record id="mail_message_subtype_rule_public" model="ir.rule">
            <field name="name">mail.message.subtype: portal/public: read public subtypes</field>
            <field name="model_id" ref="model_mail_message_subtype"/>
            <field name="domain_force">[('internal', '=', False)]</field>
            <field name="groups" eval="[(4, ref('base.group_portal')), (4, ref('base.group_public'))]"/>
        </record>

        <record id="mail_activity_rule_user" model="ir.rule">
            <field name="name">mail.activity: user: own only</field>
            <field name="model_id" ref="model_mail_activity"/>
            <field name="domain_force">[('user_id', '=', user.id)]</field>
            <field name="groups" eval="[(4, ref('base.group_user'))]"/>
            <field name="perm_create" eval="False"/>
            <field name="perm_read" eval="False"/>
            <field name="perm_write" eval="True"/>
            <field name="perm_unlink" eval="True"/>
        </record>

    </data>
</flectra>