Paul J Stevens <[EMAIL PROTECTED]> said: > I don't see how auto_create_mailbox using 'dbmail-smtp -u user -m mailbox' > should pose any security risk. Subaddress redirection is of course a > different > matter, and it should be treated differently.
Right, so here's the scoop: - the dsnuser struct holds the delivery information such as the incoming username, the mailbox to deliver to, and the lists of userid's and forwards that are resolved by alias expansion. - pipe receives a list of dsnusers and passes certain parts of each one to sort_and_deliver (just the userid and mailbox parts). - sort_and_deliver calls db_find_create_mailbox with only a userid and a mailbox. The code I started to write in May (I found an old working tree with it) passes the entire dsnuser struct into sort_and_deliver and splits up a few of the loops in pipe and sort into separate functions. This is a better way to go longterm, because it allows us to add new fields to the dsnuser struct and then use them in different places in the delivery chain without having to change function signatures all the time. The really simple solution is to pass a default mailbox and a flag indication if the first mailbox should be created if not found, or if the fallback mailbox should be used instead (and created if not found). The subaddress could be the first mailbox, and the -m argument would be the fallback (-M just overwrites the subaddress). Whatever is specified in -m/-M would always be created if not found. Sound like a plan? Aaron --
