On Oct 19, 2006, at 3:10 PM, W B Hacker wrote:
If one simply insists on a domain-wide differentiator, such as a prefixed/suffixed address format: <folder/listname>.<real_user>@<domain.tld> or <real_user>.<folder/listname>@<domain.tld>or <whatever_else_you_wish_to_parse_embedded_local_part>@<domain>.<tld>Then *ALL* IMAP users may have this feature. No symlinks required.CAVEAT: Best to NOT allow the router/transport code for this special structureto create folders that do not pre-exist. ELSE you have a catch-all-builder that dictionery attacks may exploit. - Though one can see uses for that as a 'feature' as well...
We have a setup where [EMAIL PROTECTED] will be delivered straight to the folder and will auto create the folder. This has not been a problem since they have to know the original accountname and a dictionary attack against the accountname alone is just as easy as one with accountname*folder . This allows the users to, at the spur of the moment, create new folders when entering in email addresses on web forms, etc, without having to remember to create the folder in their mua. The downside is that they cannot turn off such addresses since they will be autocreated. (I have had to go in change the protections on the folder so that the MTA cannot write into it). I am thinking about how to allow the autocreate of folders but have a user administrable way (no local logins for the users) to be able to turn off a folder and make it inactive.
where * = our special character, not an asterisk Chad
One might also wish to provide each user with a dynamically- generated alias asdamage control against address harvesting.
--- Chad Leigh -- Shire.Net LLC Your Web App and Email hosting provider chad at shire.net
smime.p7s
Description: S/MIME cryptographic signature
-- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
