Thanks - point taken.
After consideration, however, I don't clearly understand the increased
vulnerability.
Calling mboxlist_createmailbox from lmtpd takes an auth_state,
which I presume must have authority to create the specified mailbox.
For an attacker to flood the system with new
On Mon, 10 May 2004 [EMAIL PROTECTED] wrote:
The [cyr]deliver manpage explains that if delivery is attempted to a
mailbox, user.userid.mailbox, and ... the ACL on any such
mailbox does not grant the sender the p right ... then delivers to
the INBOX for the userid, regardless of the ACL on
The [cyr]deliver manpage explains that if delivery is attempted to a
mailbox, user.userid.mailbox, and ... the ACL on any such
mailbox does not grant the sender the p right ... then delivers to
the INBOX for the userid, regardless of the ACL on the INBOX.
If delivery is attempted to any
[EMAIL PROTECTED] wrote:
The [cyr]deliver manpage explains that if delivery is attempted to a
mailbox, user.userid.mailbox, and ... the ACL on any such mailbox
does not grant the sender the p right ... then delivers to the INBOX
for the userid, regardless of the ACL on the INBOX.
If
