From: John Alton Tamplin (no email)
Date: Wed Feb 05 2003 - 14:49:14 EST
Hans Wilmer wrote:
>>Sure, read RFC 2060. You'd do "tag CREATE user/username"
>How is this dealt with in respect to security and reliability?
>Just write a script that logs in and automatically creates mailboxes
>from randomly generated (user-) names until the storage is
>full. That's sort of making DOS attacks utterly easy.
Obviously you have to be authenticated as a user with privileges to
create the folders. This is no different than saying you should connect
to an IMAP server and append millions of messages -- the answer is still
proper authentication and access controls.
-- John A. Tamplin Unix System Administrator Emory University, School of Public Health +1 404/727-9931