At Mon, 15 Jun 2009 07:42:14 -0400, Dave McMurtrie <dave64@xxxxxxxxxxxxxx> wrote: Subject: Re: murder and autocreate (I know it is not supported) > > Exactly. The point I was trying to make is that we already have a need > for some system to be able to connect to our IMAP server for the purpose > of deleting mailboxes, so having that same system connect to our IMAP > server to create mailboxes seems to make perfect sense. That's all fine and well for those who wish to automate deletion of mailboxes. Note that I'm not saying anything about preventing or removing the ability to manually or programmatically create mailboxes -- just that Cyrus in many (even most by numbers?) environments _must_ have the ability to automatically create mailboxes on demand if it's to be easily managed without having a vast majority of those installations also have to craft or find some additional custom mailbox management tool that's more likely to be an ugly hack than a secure and clean design. Even if you do have your user management system create mailboxes You still need to have your MTA validate addresses. And, unless you do mailbox creation before user creation, you could still end up with a window of vulnerability where the authentication database contains the user account and the MTA presents a message to Cyrus before there's a mailbox ready to receive it. Perhaps this will normally be a tiny window but I have actually seen an ISP account management system reliably generate the welcome message to a new user before it finished creating the new mailbox and thus the welcome message always bounced. Yes it was a stupid design, but that's what happens when the underlying systems are not first designed cleanly and elegantly. Not having a built-in basic way for Cyrus to automatically create mailboxes for valid users is also a poor design. Several good well-tested patches to enable this feature had been available for a very long time (years?) before the "murder" feature was added in the first place, and I have a firm conviction that if the autocreate feature had been added to Cyrus when it was first made available then the design of the clustering mechanisms would have supported it properly from the beginning too. I'm not even sure I understand the difficulty with it now -- if the cluster front-end knows how to direct a user access to the appropriate backend, then so can it direct an initial delivery for mailbox creation. -- Greg A. Woods +1 416 218-0098 VE3TCP RoboHack <woods@xxxxxxxxxxx> Planix, Inc. <woods@xxxxxxxxxx> Secrets of the Weird <woods@xxxxxxxxx> ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
