On Thursday 20 February 2014 20:45:32 Boris wrote:> Dovecot 2.2.9-1 accepts SETACL commands that share mailboxes to non-existent > mailboxes. There is no error message. Is this intended behavior? > > I think it's bad because clients present a success message when indeed the > intent of the user failed. Typos are hard to catch.I probably found the solution myself. Quoting RFC 4314: An implementation MUST make sure the ACL commands themselves do not give information about mailboxes with appropriately restricted ACLs. For example, when a user agent executes a GETACL command on a mailbox that the user has no permission to LIST, the server would respond to that request with the same error that would be used if the mailbox did not exist, thus revealing no existence information, much less the mailbox's ACL. If Dovecot would give any error message to the user he would be able to check the existence of mailboxes. In reality imho this isn't any additional insecurity since I could simply send an email to this mailbox and would receive a "delivery failed" message thus knowing of it existence. So is there a way to force Dovecot to refuse SETACL to nonexistent users?
Benny Pedersen
2014-Feb-21 00:25 UTC
[Dovecot] Why are ACLs for non-existent mailboxes accepted?
On 2014-02-20 21:15, Boris wrote:> If Dovecot would give any error message to the user he would be able to > check > the existence of mailboxes. In reality imho this isn't any additional > insecurity since I could simply send an email to this mailbox and would > receive a "delivery failed" message thus knowing of it existence.what if the email is an alias ?, it still does not revail if its local or remote and there is still the possible that more then one alias have a single mailbox so you loose there :=)
Steffen Kaiser
2014-Feb-21 07:54 UTC
[Dovecot] Why SETACL accepts non-existant users (was Re: Why are ACLs for non-existent mailboxes accepted?)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 20 Feb 2014, Boris wrote:> On Thursday 20 February 2014 20:45:32 Boris wrote: >> Dovecot 2.2.9-1 accepts SETACL commands that share mailboxes to non-existent >> mailboxes. There is no error message. Is this intended behavior?There is a "false friend" here. A "mailbox" in the tongue of many English speakers is an IMAP folder, the mailbox file all mails had been appended together in the old times, when mbx or mbox mail storage format was common. In Germany many people use "Mailbox" as the collection of all IMAP folders of one account. So the question is why Dovecot accepts non-existant _users_ as you wrote in your last line.> I probably found the solution myself. Quoting RFC 4314:No, because of mailbox != Mailbox. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUwcGOnD1/YhP6VMHAQLsrQgArKBviwA4oHXpQSPHEj9hS+FgmV2pkO82 +3azectYRBh/srANAfhCq+9k6C68yq7BtPTLp77ZyW/v/YG+2lkT4hck+XoEgK+Y NOew0F/9x3hG2/drStM20YLJBzX54THhJObc832Mk7QMGIsSsILdBZ+SeGYMBuU6 +721ytjNjUXF/WBqcgJpA4v+SrFYY1UXTMWWLyUwql/dxJ8lxU7pdhlpoieb9oFm BG5jM5YuFg7Faav3eI260mJwUSvxq/L+5xRafDpF//fmhICPMJBgbB9/Z0e/ariO yvfHCPXppKZRcRUOE0OpcVONBNi/Dkowl1mbEpNxIzVvQZCwIO8eDQ==Z3aV -----END PGP SIGNATURE-----