murder and autocreate (I know it is not supported)

Greg A. Woods woods-cyrus at weird.com
Thu Jun 18 14:29:01 EDT 2009 

At Thu, 11 Jun 2009 17:37:34 -0700 (PDT), Andrew Morgan <morgan at orst.edu> wrote:
Subject: Re: murder and autocreate (I know it is not supported)
> 
> >> Why make everything far more complicated than it needs to be?
> >> Especially things related to user management?
> >>
> >
> > A valid point to mailbox creation, but what would delete the mailbox
> > when a student graduates?
> 
> It is really quite trivial to write small scripts (perl, php, python, etc) 
> to manage Cyrus mailboxes.  I don't know why folks do all this work by 
> hand...

Who said anything about doing anything by hand?  (or mailbox deletion,
for that matter :-))

> I don't like the thought of Cyrus creating mailboxes on its own.  One can 
> simply add mailbox creation to all the other steps of provisioning a new 
> account (creating an LDAP entry, making a home directory, setting quotas, 
> etc).

Cyrus autocreate isn't creating mailboxes "on its own" -- it's creating
them at the demand of, and under the guidance of, the MTA

So, if something screwed up, as things inevitably do, even with all
kinds of fancy special local script hacks that are supposed to be doing
this mailbox creation, and the MTA is able to see that an account is
valid and it should accept mail for it, but the screwup means that Cyrus
doesn't have a mailbox waiting to receive the mail that the MTA just
accepted on good authority of the authentication database.

User management tools should NEVER _ever_ have anything to do with
mailbox _creation_.

The (modern) MTA _must_ validate the addresses.  Since it already has to
do this job the LDA really must just trust it, else the problem solved
by the MTA's validation of addresses is effectively dissolved and broken.

Therefore Cyrus _must_ create mailboxes automatically for addresses
presented to it by the MTA.  I suppose for the paranoid Cyrus could also
validate the existence of the user account, but it's hardly necessary if
your MTA/LDA/Cyrus implementation is secure.

I'm really not sure why anyone would worry about Cyrus creating
mailboxes.  Things have worked this way for nearly forever in Unix
systems.  The mailer always creates mailboxes automatically for users
who are known to exist.

-- 
						Greg A. Woods

+1 416 218-0098                VE3TCP          RoboHack <woods at robohack.ca>
Planix, Inc. <woods at planix.com>      Secrets of the Weird <woods at weird.com>

More information about the Info-cyrus mailing list