autocreatequota - does it really work?

Ken Murchison ken at oceana.com
Tue Nov 19 08:56:08 EST 2002 


Simon Matter wrote:
> 
> I like the createonpost feature very much. It makes life easier for
> everybody storing user accounts in LDAP or some kind of DB. No need to
> always call cyradm somehow through webinterface or CLI after creating a
> user in the directory.
> 
> Is there a chance this patch makes it into the official source tree?

I'll let the CMU guys respond for themselves, but the createonpost
feature seems problematic if your MTA doesn't verify the legitimacy of
the recipient address before passing it to lmtpd.  The only way that
lmtpd knows if a recipient is allowed or not is if the INBOX for that
user exists.  With createonpost enabled, you'll get INBOXes created for
every damn address that a spammer tries in your domain.

Now, if you're MTA does user lookups in LDAP, MySQL, etc, then this is a
non-issue.


> Christos Soulios schrieb:
> >
> > In my opinion features such as autocreate must not be implemented by clients,
> > but by the imap server. This way a lot of problems due to incompatibilities of
> > the various MUAs on the naming of the INBOX subfolders and the policies on the
> > inbox creation are avoided.
> >
> > Below I attach you some patches for the autocreate function. We patched the
> > autocreate function in order to have some extra features. In short, the extra
> > features implemented in this autocreate function are :
> >
> > 1. Cyrus **creates** the inbox as well as other submailboxes. The user is
> > subscribed automatically to some or all of them. The administrator can
> > explicitly define in imapd.conf which submailboxes may be created and to which
> > the user is subscribed.
> >
> > 2. Create on post is also implemented. Which means, that a mailbox may also be
> > created when a mail arrives at the user's mailbox, while the user has not
> > already logged in the system. Of course, this configurable too.
> >
> > 3. On login the user may also be subscribed to bulleting board folders, provided
> > that he has been granted the priviliges to subscribe to this folder. This is
> > very useful with public folders (allowed to anonymous or anyone). Of course,
> > this is also configurable in imapd.conf.
> >
> > A snippet of my imapd.conf, relative to the autocreate feature is following :
> >
> > ----------------     <snip>  ---------------------
> > #createonpost: no
> > #If nonzero new mailboxes will be created on if
> > #autocreatequota is also set.
> >
> > createonpost: yes
> >
> > autocreatefolders: SUB: Sent |SUB: Drafts |SUB: Trash | Templates
> >
> > ----------------     <snip>  ---------------------
> >
> > NOTICE : If cyrus admin ever tries to log in the system and is authorised as a
> > user that has never logged in before, special care is taken and the mailbox is
> > never created. This behaviour may also be implemented as configurable.
> >
> > --
> > /**
> >  * Christos Soulios
> >  * EDUnet Team
> >  * University of Athens
> >  * e-mail : soulbros_AT_noc.uoa.gr
> >  */
> >
> >   ------------------------------------------------------------------------
> >                         Name: edunet-autocreate
> >    edunet-autocreate    Type: Ohne Angabe (application/octet-stream)
> >                     Encoding: base64

-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp

More information about the Info-cyrus mailing list