Updated 2.4.6 with autocreate for those who need it
Reinaldo de Carvalho
reinaldoc at gmail.com
Fri Jan 21 09:53:49 EST 2011
On Fri, Jan 21, 2011 at 10:22 AM, Mark Cave-Ayland
<mark.cave-ayland at siriusit.co.uk> wrote:
> On 20/01/11 18:53, Bron Gondwana wrote:
>
>>> I hope this is useful for those who want to upgrade to 2.4 and can't wait
>>> until the auto* feature is implemented upstream - Bron, thanks for looking
>>> into it _after_ moving your home and what else :)
>>
>
> Out of interest, what are the objections to the current patch? And would
> it be applied to the 2.4.x series or wait until 2.5?
>
A (commonly) bad MTA configuration that not reject unknown recipients,
and try to deliver the message to cyrus will generate thounsands of
mailboxes. If this feature will be implemented must have a option to
disable it. And, IMHO autocreatemailbox should be disable by default.
A (commonly) bad environment that lmtpd/cyrdeliver isn't not protected
properly, a bad guy can take down the server with mass creating
mailboxes (abstractly a DoS). This will be out-the-box failure, and is
really bad.
--
Reinaldo de Carvalho
http://korreio.sf.net
http://python-cyrus.sf.net
"While not fully understand a software, don't try to adapt this
software to the way you work, but rather yourself to the way the
software works" (myself)
More information about the Info-cyrus
mailing list