Create Mailboxes on Delivery

[ms419 at freezone.co.uk]

On Jun 24, 2004, at 1:24 PM, John Wade wrote:

> ms419 at freezone.co.uk wrote:
>
>> On Jun 24, 2004, at 2:01 AM, Aristotelis wrote:
>>
>>> On Wed, 23 Jun 2004 ms419 at freezone.co.uk wrote:
>>>
>>>> It is essential to me to create the mailboxes for which incoming
>>>> messages are intended when they don't exist. To this end, I am 
>>>> writing
>>>> a patch.
>>>
>>>  This IMHO is a really bad idea. People can easily create
>>> problems in this type of setup. I could just start emailing
>>>
>>> to
>>> user.arisg.koko1
>>> user.arisg.koko2
>>> user.arisg.koko3
>>> user.arisg.koko4
>>> user.arisg.koko5
>>>
>>>  And all this dummy folders will be created.
>>> (I can also think for some other problems that might occur
>>> with this setup)
>>
>> Rob Siemborski made this point on this list back in May. I still
>> misunderstand, or don't see the danger. It is impossible for _people_
>> to create problems because, in general, I think they lack the 
>> authority
>> to create mailboxes. Those authenticated users with authority to 
>> create
>> certain mailboxes could do so using IMAP, so I don't understand why
>> enabling this on delivery represents an increased danger. Please
>> correct me if I'm way out to lunch.
>
> I agree that IMHO this sounds like very bad behavior, unless I 
> misunderstand
> how you are doing delivery, this gives any arbitrary individual 
> anywhere on
> the internet the ability to create mailboxes in your user's inboxes by 
> simply
> constructing an appropriate email address and sending a message.   
> This could
> be malicious or simply an inadvertant typo.   Unless you are using 
> your MTA
> to protect cyrus by filtering out invalid sub mailboxes, you would be 
> very
> exposed.

I can see I *was* out to lunch. I wasn't familiar with the 
"<user>+<extended delivery information>" convention. Sorry; and thanks, 
everyone, for your patience.

I was surprised by the idea that anyone can deliver to specific 
mailboxes; I'm accustomed to having to explicitly sort messages before 
delivery, so I would choose to disable the "+" syntax and enable 
auto-creation of mailboxes, if I could.

In any case, I can avoid the danger of auto-creating mailboxes by 
filtering "+" messages before delivery.

I use "mboxlist_createmailbox" in the previously attached patch to 
successfully create a mailbox, but the mailbox *doesn't exist*?
---
wum.ruz.lat> lm
INBOX (\HasChildren)
INBOX.Drafts (\HasNoChildren)
INBOX.Sent (\HasNoChildren)
INBOX.Trash (\HasNoChildren)
.
.
.
INBOX.new-mailbox (\NonExistent \HasNoChildren)
---
Can someone please suggest what might be wrong with my use of this 
function? I've looked at its other uses in the Cyrus source and can't 
figure out what I'm doing wrong.

Let me explain why I'm so hung up on this auto-create feature. I've a 
couple dozen mailboxes in which I store email, news, & voicemail. 
Messages are sorted by a big procmail recipe. I periodically run a 
script to rename each mailbox "mailbox.<date>" (to keep them from 
growing too big). The script doesn't recreate "mailbox" - to avoid 
backing up empty mailboxes the next time it's run.

More important, I sort spam and messages with large attachments into 
sub-mailboxes of their intended mailboxes ("mailbox.junk" & 
"mailbox.large"). I sort large messages to avoid waiting for my 
portable to synchronize while I'm on the road. While this is 
accomplished with a single rule in procmail (to append ".junk" or 
".large" to a "mailbox" variable), I currently must maintain twice a 
couple dozen mailboxes. This takes time - and if I make a mistake, the 
junk ends up in my INBOX : P

Thanks for your help!

Jack

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html