> On Fri, Jan 21, 2011 at 10:22 AM, Mark Cave-Ayland > <mark.cave-ayland@xxxxxxxxxxxxxx> wrote: >> On 20/01/11 18:53, Bron Gondwana wrote: >> >>>> I hope this is useful for those who want to upgrade to 2.4 and can't >>>> wait >>>> until the auto* feature is implemented upstream - Bron, thanks for >>>> looking >>>> into it _after_ moving your home and what else :) >>> >> >> Out of interest, what are the objections to the current patch? And would >> it be applied to the 2.4.x series or wait until 2.5? >> > > A (commonly) bad MTA configuration that not reject unknown recipients, > and try to deliver the message to cyrus will generate thounsands of > mailboxes. If this feature will be implemented must have a option to > disable it. And, IMHO autocreatemailbox should be disable by default. > > A (commonly) bad environment that lmtpd/cyrdeliver isn't not protected > properly, a bad guy can take down the server with mass creating > mailboxes (abstractly a DoS). This will be out-the-box failure, and is > really bad. If the feature is implemented like the current patches from University of Athens then that's not a problem because there is no autocreation of anything until you configure it. So yes, properly configuring your MTAs first is a good thing of course :) I think the main problem with the current patches is that they are not aware of some advanced features of Cyrus like murder. Regards, Simon ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
