[Dovecot] Why are ACLs for non-existent mailboxes accepted?
Benny Pedersen
me at junc.eu
Fri Feb 21 00:25:04 UTC 2014
On 2014-02-20 21:15, Boris wrote:
> If Dovecot would give any error message to the user he would be able to
> check
> the existence of mailboxes. In reality imho this isn't any additional
> insecurity since I could simply send an email to this mailbox and would
> receive a "delivery failed" message thus knowing of it existence.
what if the email is an alias ?, it still does not revail if its local
or remote
and there is still the possible that more then one alias have a single
mailbox
so you loose there :=)
More information about the dovecot
mailing list