On Fri, Jan 21, 2011 at 10:22 AM, Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxxxx> wrote: > On 20/01/11 18:53, Bron Gondwana wrote: > >>> I hope this is useful for those who want to upgrade to 2.4 and can't wait >>> until the auto* feature is implemented upstream - Bron, thanks for looking >>> into it _after_ moving your home and what else :) >> > > Out of interest, what are the objections to the current patch? And would > it be applied to the 2.4.x series or wait until 2.5? > A (commonly) bad MTA configuration that not reject unknown recipients, and try to deliver the message to cyrus will generate thounsands of mailboxes. If this feature will be implemented must have a option to disable it. And, IMHO autocreatemailbox should be disable by default. A (commonly) bad environment that lmtpd/cyrdeliver isn't not protected properly, a bad guy can take down the server with mass creating mailboxes (abstractly a DoS). This will be out-the-box failure, and is really bad. -- Reinaldo de Carvalho http://korreio.sf.net http://python-cyrus.sf.net "While not fully understand a software, don't try to adapt this software to the way you work, but rather yourself to the way the software works" (myself) ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
