On Wed, Jan 11, 2012 at 7:04 PM, Charles Marcus <cmar...@media-brokers.com>wrote:
> On 2012-01-11 1:00 PM, huret deffgok <kada...@gmail.com> wrote: > >> Hi list, >> >> This post is slightly OT, I hope no one will take offense. >> I was following the wiki on using dovecot LDA with postfix and >> implemented, >> for our future mail server, the address extensions mechanism: an email >> sent >> to "validUser+foldername@**mydomain.com<validuser%2bfoldern...@mydomain.com>" >> will have dovecot-lda automagically >> create and subscribe the "foldername" folder. With some basic scripting I >> was able to create hundreds of folders in a few seconds. So my question is >> how do you implement this great feature in a secure way so that funny >> random people out there cant flood your mailbox with gigatons of folder. >> > > Don't have it autocreate the folder... > > Seriously, there is no way to provide that functionality and have the > system determine when it is *you* doing it or someone else... > > But I think it is a non problem... how often do you receive plus-addressed > spam?? None from now. But I was thinking about something like malice rather than spamming. For me it's an open door to DOS the service. What about a functionality that would throttle the rate of creation of folders from one IP address, with a ban in case of abuse ? Or maybe should I look at the file system level.
