feature request: support STARTTLS for LMTP preauth'd connection
murch at andrew.cmu.edu
Wed Jun 15 08:57:11 EDT 2016
To the best of my recollection, the STARTTLS commit was a result of this
I don't know if having STARTTLS advertised on a pre-auth'd connection
was causing issues or just annoyed the guy. If we re-enable it, we
should definitely do some testing to make sure that that it doesn't
break the LMTP client code in used by lmtpproxy.
On 06/14/2016 07:55 PM, ellie timoney via Cyrus-devel wrote:
> I use "lmtpd -a" listen on a NIC interface and receive lmtp
> request from a remote postfix instance. Now preauth works, but
> mail data was transfered without encryption.
> Ah, I see what you mean. I didn't know that -a option was there.
> I guess the commit your mentioned disabled startssl because the
> author think we just need ssl to protect PLAIN Password auth
> My guess would be an assumption that no-one would send LMTP traffic
> over the internet (that's what SMTP is for). If one expects LMTP
> traffic (and especially pre-authed LMTP traffic) to be within a single
> server, or at most between servers sitting in nearby racks over a
> private network, then this all makes sense.
> Ken, do you want to chime in here? The disabling STARTTLS commit
> (b93e6be) and the one to add the -a option (a501222) were both yours.
> I'm hoping to get a clearer understanding of the intent.
> For what it's worth, lmtpd(8) man page says:
> -a Preauthorize connections initiated on an internet
> socket, instead of requiring LMTP AUTH.
> This should only be used for connections coming from
> trusted hosts.
> Maybe this could be expanded: "from trusted hosts, over trusted networks".
> Personally, I think all mail data should be encrypted in internet
> This kind of sounds like the answer might be "don't use -a when your
> listen address is reachable over the internet"...
> My own inclination is to re-enable STARTTLS, but I'd like to better
> understand why it was disabled before I do so.
> On Tue, Jun 14, 2016, at 07:16 PM, qyb wrote:
>> I use "lmtpd -a" listen on a NIC interface and receive lmtp request
>> from a remote postfix instance. Now preauth works, but mail data was
>> transfered without encryption.
>> I guess the commit your mentioned disabled startssl because the
>> author think we just need ssl to protect PLAIN Password auth
>> request.. Personally, I think all mail data should be encrypted in
>> internet transfer.
>> On Tue, Jun 14, 2016 at 9:25 AM, ellie timoney via Cyrus-devel
>> <cyrus-devel at lists.andrew.cmu.edu
>> <mailto:cyrus-devel at lists.andrew.cmu.edu>> wrote:
>> On Wed, Jun 1, 2016, at 03:28 AM, qyb via Cyrus-devel wrote:
>>> I noticed that cyrus disable TLS on preauth'd connection.
>>> Authentication info(plain password...) need TLS protection. And
>>> I think that RFC822 text also need TLS.
>> Can you expand on this a bit?
>> As far as I understand, connections are only ever preauth'd when
>> they come in via UNIX-domain sockets, which are inherently
>> local. What are you trying to protect, and from whom?
>> For what it's worth, it looks like STARTTLS used to work (at
>> least to some degree) for preauth'd LMTP, but was explicitly
>> disabled in 2001 by this commit:
>> So I guess you might be able to re-enable it by doing the inverse
>> of that, though I'm not really seeing the point?
Principal Systems Software Engineer
Carnegie Mellon University
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Cyrus-devel