creating user-mailboxes without cyradm
John Alton Tamplin
jtampli at sph.emory.edu
Wed Feb 5 14:49:14 EST 2003
Hans Wilmer wrote:
>>Sure, read RFC 2060. You'd do "tag CREATE user/username"
>>
>>
>How is this dealt with in respect to security and reliability?
>
>Just write a script that logs in and automatically creates mailboxes
>from randomly generated (user-) names until the storage is
>full. That's sort of making DOS attacks utterly easy.
>
>
Obviously you have to be authenticated as a user with privileges to
create the folders. This is no different than saying you should connect
to an IMAP server and append millions of messages -- the answer is still
proper authentication and access controls.
--
John A. Tamplin Unix System Administrator
Emory University, School of Public Health +1 404/727-9931
More information about the Info-cyrus
mailing list