This may be more of a CPanel issue than Dovecot but CPanel uses Dovecot and not sure if this is a knob we have available in Dovecot or we need to reach out to Cpanel directly to see if this is some custom code they added to their distros.

Anyway, W/R/T emails sent with dtails/ + addresses ie:

foo+bar@mydomain.com

And with LDA/LMTP, in Cpanel by default the detials part, in this case "bar" will be created in it's own folder. Automatically. To us, this can be an attack vector/DOS from a malicious actor so we want to turn it off.

We understand there is: lda_mailbox_autocreate

Which we have yes, as we do want to create mailboxes automatically when the first message comes in, but not these folders.

I don't know if this folder autocreation on detail part is a Dovecot thing, or specific to Cpanel. It appears CPanel has a patch/code to option to turn it off, but it's only on a per mailbox basis. We want to turn this behavior off globally.

As far as I know, CPanel doesn't release whatever patches they made to make this happen, asking here if anyone has experience with this before we start chasing them for answers.

-- inoc.net!rblayzor XMPP: rblayzor.AT.inoc.net PGP: https://pgp.inoc.net/rblayzor/