On Thursday 20 February 2014 20:45:32 Boris wrote:
Dovecot 2.2.9-1 accepts SETACL commands that share mailboxes to non-existent mailboxes. There is no error message. Is this intended behavior?
I think it's bad because clients present a success message when indeed the intent of the user failed. Typos are hard to catch.
I probably found the solution myself. Quoting RFC 4314:
An implementation MUST make sure the ACL commands themselves do not give information about mailboxes with appropriately restricted ACLs. For example, when a user agent executes a GETACL command on a mailbox that the user has no permission to LIST, the server would respond to that request with the same error that would be used if the mailbox did not exist, thus revealing no existence information, much less the mailbox's ACL.
If Dovecot would give any error message to the user he would be able to check the existence of mailboxes. In reality imho this isn't any additional insecurity since I could simply send an email to this mailbox and would receive a "delivery failed" message thus knowing of it existence.
So is there a way to force Dovecot to refuse SETACL to nonexistent users?