This may be more of a CPanel issue than Dovecot but CPanel uses Dovecot
and not sure if this is a knob we have available in Dovecot or we need
to reach out to Cpanel directly to see if this is some custom code they
added to their distros.
Anyway, W/R/T emails sent with dtails/ + addresses ie:
foo+bar at mydomain.com
And with LDA/LMTP, in Cpanel by default the detials part, in this case
"bar" will be created in it's own folder. Automatically. To us,
this
can be an attack vector/DOS from a malicious actor so we want to turn it
off.
We understand there is:
lda_mailbox_autocreate
Which we have yes, as we do want to create mailboxes automatically when
the first message comes in, but not these folders.
I don't know if this folder autocreation on detail part is a Dovecot
thing, or specific to Cpanel. It appears CPanel has a patch/code to
option to turn it off, but it's only on a per mailbox basis. We want to
turn this behavior off globally.
As far as I know, CPanel doesn't release whatever patches they made to
make this happen, asking here if anyone has experience with this before
we start chasing them for answers.
--
inoc.net!rblayzor
XMPP: rblayzor.AT.inoc.net
PGP: https://pgp.inoc.net/rblayzor/