creating user-mailboxes without cyradm
Dave McMurtrie
dgm+ at pitt.edu
Wed Feb 5 14:41:08 EST 2003
On Wed, 5 Feb 2003, Hans Wilmer wrote:
> On Mon, Jan 27, 2003 at 12:28:56PM -0500, Ken Murchison wrote:
>
> > > is there a way to create INBOXes for users by IMAP-commands
> >
> > Sure, read RFC 2060. You'd do "tag CREATE user/username"
>
> How is this dealt with in respect to security and reliability?
>
> Just write a script that logs in and automatically creates mailboxes
> from randomly generated (user-) names until the storage is
> full. That's sort of making DOS attacks utterly easy.
If a cyrus admin wants to DOS attack his/her own server, they're allowed
to. If a regular user attempts to create top-level mailboxes, they'll get
a "NO permission denied" or equivalent.
Dave
--
Dave McMurtrie, Systems Programmer
University of Pittsburgh
Computing Services and Systems Development,
Development Services -- UNIX and VMS Services
717P Cathedral of Learning
(412)-624-6413
More information about the Info-cyrus
mailing list