Re: creating user-mailboxes without cyradm

From: John Alton Tamplin (no email)
Date: Wed Feb 05 2003 - 14:49:14 EST

Hans Wilmer wrote:

>>Sure, read RFC 2060. You'd do "tag CREATE user/username"
>How is this dealt with in respect to security and reliability?
>Just write a script that logs in and automatically creates mailboxes
>from randomly generated (user-) names until the storage is
>full. That's sort of making DOS attacks utterly easy.
Obviously you have to be authenticated as a user with privileges to
create the folders. This is no different than saying you should connect
to an IMAP server and append millions of messages -- the answer is still
proper authentication and access controls.

John A. Tamplin                               Unix System Administrator
Emory University, School of Public Health     +1 404/727-9931

Hosted Email Solutions

Invaluement Anti-Spam DNSBLs

Powered By FreeBSD   Powered By FreeBSD