feature request: support STARTTLS for LMTP preauth'd connection

ellie timoney ellie at fastmail.com
Mon Jun 13 21:25:18 EDT 2016

On Wed, Jun 1, 2016, at 03:28 AM, qyb via Cyrus-devel wrote:
> I noticed that cyrus disable TLS on preauth'd connection.
> Authentication info(plain password...) need TLS protection. And I
> think that RFC822 text also need TLS.
Can you expand on this a bit?
As far as I understand, connections are only ever preauth'd when they
come in via UNIX-domain sockets, which are inherently local.  What are
you trying to protect, and from whom?
For what it's worth, it looks like STARTTLS used to work (at least to
some degree) for preauth'd LMTP, but was explicitly disabled in 2001 by
this commit:
So I guess you might be able to re-enable it by doing the inverse of
that, though I'm not really seeing the point?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.andrew.cmu.edu/pipermail/cyrus-devel/attachments/20160614/22385fd6/attachment.html>

More information about the Cyrus-devel mailing list