On Wed, Jan 11, 2012 at 7:04 PM, Charles Marcus CMarcus@media-brokers.comwrote:
On 2012-01-11 1:00 PM, huret deffgok kadafax@gmail.com wrote:
Hi list,
This post is slightly OT, I hope no one will take offense. I was following the wiki on using dovecot LDA with postfix and implemented, for our future mail server, the address extensions mechanism: an email sent to "validUser+foldername@**mydomain.comvalidUser%2Bfoldername@mydomain.com" will have dovecot-lda automagically create and subscribe the "foldername" folder. With some basic scripting I was able to create hundreds of folders in a few seconds. So my question is how do you implement this great feature in a secure way so that funny random people out there cant flood your mailbox with gigatons of folder.
Don't have it autocreate the folder...
Seriously, there is no way to provide that functionality and have the system determine when it is *you* doing it or someone else...
But I think it is a non problem... how often do you receive plus-addressed spam??
None from now. But I was thinking about something like malice rather than spamming. For me it's an open door to DOS the service. What about a functionality that would throttle the rate of creation of folders from one IP address, with a ban in case of abuse ? Or maybe should I look at the file system level.