[Dovecot] Dovecot LDA and address extensions - folders flood
huret deffgok
kadafax at gmail.com
Wed Jan 11 21:05:43 EET 2012
On Wed, Jan 11, 2012 at 7:04 PM, Charles Marcus
<CMarcus at media-brokers.com>wrote:
> On 2012-01-11 1:00 PM, huret deffgok <kadafax at gmail.com> wrote:
>
>> Hi list,
>>
>> This post is slightly OT, I hope no one will take offense.
>> I was following the wiki on using dovecot LDA with postfix and
>> implemented,
>> for our future mail server, the address extensions mechanism: an email
>> sent
>> to "validUser+foldername@**mydomain.com<validUser%2Bfoldername at mydomain.com>"
>> will have dovecot-lda automagically
>> create and subscribe the "foldername" folder. With some basic scripting I
>> was able to create hundreds of folders in a few seconds. So my question is
>> how do you implement this great feature in a secure way so that funny
>> random people out there cant flood your mailbox with gigatons of folder.
>>
>
> Don't have it autocreate the folder...
>
> Seriously, there is no way to provide that functionality and have the
> system determine when it is *you* doing it or someone else...
>
> But I think it is a non problem... how often do you receive plus-addressed
> spam??
None from now. But I was thinking about something like malice rather than
spamming. For me it's an open door to DOS the service.
What about a functionality that would throttle the rate of creation of
folders from one IP address, with a ban in case of abuse ? Or maybe should
I look at the file system level.
More information about the dovecot
mailing list