Thanks - point taken.
After consideration, however, I don't clearly understand the increased
vulnerability.
Calling "mboxlist_createmailbox" from "lmtpd" takes an "auth_state",
which I presume must have authority to create the specified mailbox.
For an attacker to flood the system with new mai
On Mon, 10 May 2004 [EMAIL PROTECTED] wrote:
> The "[cyr]deliver" manpage explains that if delivery is attempted to a
> mailbox, "user.userid.mailbox", and "... the ACL on any such
> mailbox does not grant the sender the "p" right ... then delivers to
> the INBOX for the userid, regardless of t
[EMAIL PROTECTED] wrote:
The "[cyr]deliver" manpage explains that if delivery is attempted to a
mailbox, "user.userid.mailbox", and "... the ACL on any such mailbox
does not grant the sender the "p" right ... then delivers to the INBOX
for the userid, regardless of the ACL on the INBOX."
I
The "[cyr]deliver" manpage explains that if delivery is attempted to a
mailbox, "user.userid.mailbox", and "... the ACL on any such
mailbox does not grant the sender the "p" right ... then delivers to
the INBOX for the userid, regardless of the ACL on the INBOX."
If delivery is attempted to
