feature request: support STARTTLS for LMTP preauth'd connection

ellie timoney ellie at fastmail.com
Tue Jun 14 19:55:23 EDT 2016


> I use "lmtpd -a" listen on a NIC interface and receive lmtp request
> from a remote postfix instance. Now preauth works, but mail data was
> transfered without encryption.
 
Ah, I see what you mean.  I didn't know that -a option was there.
 
> I guess the commit your mentioned disabled startssl because the author
> think we just need ssl to protect PLAIN Password auth request..
 
My guess would be an assumption that no-one would send LMTP traffic over
the internet (that's what SMTP is for).  If one expects LMTP traffic
(and especially pre-authed LMTP traffic) to be within a single server,
or at most between servers sitting in nearby racks  over a private
network, then this all makes sense.
 
Ken, do you want to chime in here?  The disabling STARTTLS commit
(b93e6be) and the one to add the -a option (a501222) were both yours.
I'm hoping to get a clearer understanding of the intent.
 
For what it's worth, lmtpd(8) man page says:
 
> -a     Preauthorize connections initiated on an internet socket,
> instead  of  requiring  LMTP  AUTH.
> This should only be used for connections coming from trusted hosts.
 
Maybe this could be expanded: "from trusted hosts, over trusted
networks".
 
> Personally, I think all mail data should be encrypted in internet
> transfer.
 
This kind of sounds like the answer might be "don't use -a when your
listen address is reachable over the internet"...
 
My own inclination is to re-enable STARTTLS, but I'd like to better
understand why it was disabled before I do so.
 
On Tue, Jun 14, 2016, at 07:16 PM, qyb wrote:
> I use "lmtpd -a" listen on a NIC interface and receive lmtp request
> from a remote postfix instance. Now preauth works, but mail data was
> transfered without encryption.
>
> I guess the commit your mentioned disabled startssl because the author
> think we just need ssl to protect PLAIN Password auth request..
> Personally, I think all mail data should be encrypted in internet
> transfer.
>
> On Tue, Jun 14, 2016 at 9:25 AM, ellie timoney via Cyrus-devel <cyrus-
> devel at lists.andrew.cmu.edu> wrote:
>> __
>>
>> On Wed, Jun 1, 2016, at 03:28 AM, qyb via Cyrus-devel wrote:
>>> I noticed that cyrus disable TLS on preauth'd connection.
>>>
>>> Authentication info(plain password...) need TLS protection. And I
>>> think that RFC822 text also need TLS.
>>
>>
>> Can you expand on this a bit?
>>
>> As far as I understand, connections are only ever preauth'd when they
>> come in via UNIX-domain sockets, which are inherently local.  What
>> are you trying to protect, and from whom?
>>
>> For what it's worth, it looks like STARTTLS used to work (at least to
>> some degree) for preauth'd LMTP, but was explicitly disabled in 2001
>> by this commit:
>> https://cgit.cyrus.foundation/cyrus-imapd/commit/?id=b93e6be5b19362f9e295b40ceb81b702d73de6bb
>> So I guess you might be able to re-enable it by doing the inverse of
>> that, though I'm not really seeing the point?
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.andrew.cmu.edu/pipermail/cyrus-devel/attachments/20160615/7b12bb2f/attachment.html>


More information about the Cyrus-devel mailing list