murder and autocreate (I know it is not supported)

Andrew Morgan morgan at orst.edu
Thu Jun 18 15:22:20 EDT 2009 

On Thu, 18 Jun 2009, Greg A. Woods wrote:

> Cyrus autocreate isn't creating mailboxes "on its own" -- it's creating
> them at the demand of, and under the guidance of, the MTA
>
> So, if something screwed up, as things inevitably do, even with all
> kinds of fancy special local script hacks that are supposed to be doing
> this mailbox creation, and the MTA is able to see that an account is
> valid and it should accept mail for it, but the screwup means that Cyrus
> doesn't have a mailbox waiting to receive the mail that the MTA just
> accepted on good authority of the authentication database.
>
> User management tools should NEVER _ever_ have anything to do with
> mailbox _creation_.

NEVER use absolutes!  ;)

> The (modern) MTA _must_ validate the addresses.  Since it already has to
> do this job the LDA really must just trust it, else the problem solved
> by the MTA's validation of addresses is effectively dissolved and broken.
>
> Therefore Cyrus _must_ create mailboxes automatically for addresses
> presented to it by the MTA.  I suppose for the paranoid Cyrus could also
> validate the existence of the user account, but it's hardly necessary if
> your MTA/LDA/Cyrus implementation is secure.
>
> I'm really not sure why anyone would worry about Cyrus creating
> mailboxes.  Things have worked this way for nearly forever in Unix
> systems.  The mailer always creates mailboxes automatically for users
> who are known to exist.

Unix systems don't automatically create accounts when someone tries to 
login...  Nor do they automatically create home directories for an 
existing user, or set disk quotas, or populate the home directory with 
skeleton shell init scripts.  That is the job of the user management tool 
("useradd" on many systems).

In our case, the list of valid email addresses on our MTA is generated 
from the list of mailboxes in Cyrus.

Obviously there are multiple ways to do account/mailbox creation.  I have 
no problem if you want to let Cyrus create mailboxes automatically.  I 
prefer to have more direct control, but to each their own.

 	Andy

More information about the Info-cyrus mailing list