Updated 2.4.6 with autocreate for those who need it
Simon Matter
simon.matter at invoca.ch
Fri Jan 21 10:01:45 EST 2011
> On Fri, Jan 21, 2011 at 10:22 AM, Mark Cave-Ayland
> <mark.cave-ayland at siriusit.co.uk> wrote:
>> On 20/01/11 18:53, Bron Gondwana wrote:
>>
>>>> I hope this is useful for those who want to upgrade to 2.4 and can't
>>>> wait
>>>> until the auto* feature is implemented upstream - Bron, thanks for
>>>> looking
>>>> into it _after_ moving your home and what else :)
>>>
>>
>> Out of interest, what are the objections to the current patch? And would
>> it be applied to the 2.4.x series or wait until 2.5?
>>
>
> A (commonly) bad MTA configuration that not reject unknown recipients,
> and try to deliver the message to cyrus will generate thounsands of
> mailboxes. If this feature will be implemented must have a option to
> disable it. And, IMHO autocreatemailbox should be disable by default.
>
> A (commonly) bad environment that lmtpd/cyrdeliver isn't not protected
> properly, a bad guy can take down the server with mass creating
> mailboxes (abstractly a DoS). This will be out-the-box failure, and is
> really bad.
If the feature is implemented like the current patches from University of
Athens then that's not a problem because there is no autocreation of
anything until you configure it.
So yes, properly configuring your MTAs first is a good thing of course :)
I think the main problem with the current patches is that they are not
aware of some advanced features of Cyrus like murder.
Regards,
Simon
More information about the Info-cyrus
mailing list