On Jan 21 Jonathan Marsden wrote: >> Because (as mentioned elsewhere in this thread) lmtpd is not the >> only way messages can be stored on an IMAP server: eg think of >> sending a poisoned attachment, which magically ends up in your sent >> folder. > >I don't see the 'elsewhere in this thread' mail yet, but anyway: > >This is technically correct. > >(a) That 'poisoned attachment' came from somewhere -- where? If from
Irrelevant question. The fact that it could happen is enough. I can't stop my users going to someone's computer (which has no virus protection) and connecting to my IMAP server. I have students who will no doubt use the IMAP server as a filestore when they run out of quota on the fileserver. >(b) That attachment in the IMAP Sent folder can't exactly do much >damage from there... it can't be sent to anyone, since the outgoing Imagine my answer to (a) but in reverse. [snip] >Just because your chosen scanner apparently does not respect this >principle in its current (default?) configuration, does not mean the >problem lies with Cyrus :-) ..and, conversely, you can't say your IMAP server is free from viruses because you blindly trust your users not to do silly things.