<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
To the best of my recollection, the STARTTLS commit was a result of
this "bug" :<a
href="https://bugzilla.cyrusimap.org/show_bug.cgi?id=2980"><a class="moz-txt-link-freetext" href="https://bugzilla.cyrusimap.org/show_bug.cgi?id=2980">https://bugzilla.cyrusimap.org/show_bug.cgi?id=2980</a></a><br>
<br>
I don't know if having STARTTLS advertised on a pre-auth'd
connection was causing issues or just annoyed the guy. If we
re-enable it, we should definitely do some testing to make sure that
that it doesn't break the LMTP client code in used by lmtpproxy.<br>
<br>
<br>
<div class="moz-cite-prefix">On 06/14/2016 07:55 PM, ellie timoney
via Cyrus-devel wrote:<br>
</div>
<blockquote
cite="mid:1465948523.3941552.637870905.61AB4F09@webmail.messagingengine.com"
type="cite">
<title></title>
<blockquote>
<div>I use "lmtpd -a" listen on a NIC interface and receive lmtp
request from a remote postfix instance. Now preauth works, but
mail data was transfered without encryption.<br>
</div>
</blockquote>
<div> </div>
<div>Ah, I see what you mean. I didn't know that -a option was
there.<br>
</div>
<div> </div>
<blockquote>
<div dir="ltr">
<div>I guess the commit your mentioned disabled startssl
because the author think we just need ssl to protect PLAIN
Password auth request.. <br>
</div>
</div>
</blockquote>
<div> </div>
<div>My guess would be an assumption that no-one would send LMTP
traffic over the internet (that's what SMTP is for). If one
expects LMTP traffic (and especially pre-authed LMTP traffic) to
be within a single server, or at most between servers sitting in
nearby racks over a private network, then this all makes sense.<br>
</div>
<div> </div>
<div>Ken, do you want to chime in here? The disabling STARTTLS
commit (b93e6be) and the one to add the -a option (a501222) were
both yours. I'm hoping to get a clearer understanding of the
intent.<br>
</div>
<div> </div>
<div>For what it's worth, lmtpd(8) man page says:<br>
</div>
<div> </div>
<blockquote>
<div> -a Preauthorize connections initiated on an
internet socket, instead of requiring LMTP AUTH.<br>
</div>
<div> This should only be used for connections
coming from trusted hosts.<br>
</div>
</blockquote>
<div> </div>
<div>Maybe this could be expanded: "from trusted hosts, over
trusted networks".<br>
</div>
<div> </div>
<blockquote>
<div dir="ltr">
<div>Personally, I think all mail data should be encrypted in
internet transfer.<br>
</div>
</div>
</blockquote>
<div> </div>
<div>This kind of sounds like the answer might be "don't use -a
when your listen address is reachable over the internet"...<br>
</div>
<div> </div>
<div>My own inclination is to re-enable STARTTLS, but I'd like to
better understand why it was disabled before I do so.<br>
</div>
<div> </div>
<div>On Tue, Jun 14, 2016, at 07:16 PM, qyb wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>I use "lmtpd -a" listen on a NIC interface and receive
lmtp request from a remote postfix instance. Now preauth
works, but mail data was transfered without encryption.<br>
</div>
<div> </div>
<div>I guess the commit your mentioned disabled startssl
because the author think we just need ssl to protect PLAIN
Password auth request.. Personally, I think all mail data
should be encrypted in internet transfer.<br>
</div>
</div>
<div>
<div> </div>
<div defang_data-gmailquote="yes">
<div>On Tue, Jun 14, 2016 at 9:25 AM, ellie timoney via
Cyrus-devel <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:cyrus-devel@lists.andrew.cmu.edu">cyrus-devel@lists.andrew.cmu.edu</a>></span>
wrote:<br>
</div>
<blockquote
style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0.8ex;border-left-width:1px;border-left-color:rgb(204,
204, 204);border-left-style:solid;padding-left:1ex;"
defang_data-gmailquote="yes">
<div><br>
</div>
<div>
<div> </div>
<div><span>On Wed, Jun 1, 2016, at 03:28 AM, qyb via
Cyrus-devel wrote:</span><br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div><span>I noticed that cyrus disable TLS on
preauth'd connection.</span><br>
</div>
<div>
<div> <br>
</div>
<div><span>Authentication info(plain password...)
need TLS protection. And I think that RFC822
text also need TLS.</span><br>
</div>
</div>
</div>
</blockquote>
<div> <br>
</div>
<div> </div>
<div>Can you expand on this a bit?<br>
</div>
<div> <br>
</div>
<div>As far as I understand, connections are only ever
preauth'd when they come in via UNIX-domain sockets,
which are inherently local. What are you trying to
protect, and from whom?<br>
</div>
<div> <br>
</div>
<div>For what it's worth, it looks like STARTTLS used to
work (at least to some degree) for preauth'd LMTP, but
was explicitly disabled in 2001 by this commit:<br>
</div>
<div><a moz-do-not-send="true"
href="https://cgit.cyrus.foundation/cyrus-imapd/commit/?id=b93e6be5b19362f9e295b40ceb81b702d73de6bb">https://cgit.cyrus.foundation/cyrus-imapd/commit/?id=b93e6be5b19362f9e295b40ceb81b702d73de6bb</a><br>
</div>
<div>So I guess you might be able to re-enable it by
doing the inverse of that, though I'm not really
seeing the point?<br>
</div>
</div>
</blockquote>
</div>
</div>
</blockquote>
<div> </div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Kenneth Murchison
Principal Systems Software Engineer
Carnegie Mellon University
</pre>
</body>
</html>