feature request: support STARTTLS for LMTP preauth'd connection

ellie timoney ellie at fastmail.com
Mon Jun 13 21:25:18 EDT 2016


On Wed, Jun 1, 2016, at 03:28 AM, qyb via Cyrus-devel wrote:
> I noticed that cyrus disable TLS on preauth'd connection.
>
> Authentication info(plain password...) need TLS protection. And I
> think that RFC822 text also need TLS.
 
Can you expand on this a bit?
 
As far as I understand, connections are only ever preauth'd when they
come in via UNIX-domain sockets, which are inherently local.  What are
you trying to protect, and from whom?
 
For what it's worth, it looks like STARTTLS used to work (at least to
some degree) for preauth'd LMTP, but was explicitly disabled in 2001 by
this commit:
https://cgit.cyrus.foundation/cyrus-imapd/commit/?id=b93e6be5b19362f9e295b40ceb81b702d73de6bb
So I guess you might be able to re-enable it by doing the inverse of
that, though I'm not really seeing the point?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.andrew.cmu.edu/pipermail/cyrus-devel/attachments/20160614/22385fd6/attachment.html>


More information about the Cyrus-devel mailing list