feature request: support STARTTLS for LMTP preauth'd connection

Ken Murchison murch at andrew.cmu.edu
Wed Jun 15 08:57:11 EDT 2016 

To the best of my recollection, the STARTTLS commit was a result of this 
"bug" :https://bugzilla.cyrusimap.org/show_bug.cgi?id=2980

I don't know if having STARTTLS advertised on a pre-auth'd connection 
was causing issues or just annoyed the guy.  If we re-enable it, we 
should definitely do some testing to make sure that that it doesn't 
break the LMTP client code in used by lmtpproxy.


On 06/14/2016 07:55 PM, ellie timoney via Cyrus-devel wrote:
>
>     I use "lmtpd -a" listen on a NIC interface and receive lmtp
>     request from a remote postfix instance. Now preauth works, but
>     mail data was transfered without encryption.
>
> Ah, I see what you mean.  I didn't know that -a option was there.
>
>     I guess the commit your mentioned disabled startssl because the
>     author think we just need ssl to protect PLAIN Password auth
>     request..
>
> My guess would be an assumption that no-one would send LMTP traffic 
> over the internet (that's what SMTP is for).  If one expects LMTP 
> traffic (and especially pre-authed LMTP traffic) to be within a single 
> server, or at most between servers sitting in nearby racks over a 
> private network, then this all makes sense.
> Ken, do you want to chime in here?  The disabling STARTTLS commit 
> (b93e6be) and the one to add the -a option (a501222) were both yours. 
>  I'm hoping to get a clearer understanding of the intent.
> For what it's worth, lmtpd(8) man page says:
>
>            -a     Preauthorize connections initiated on an internet
>     socket, instead  of  requiring  LMTP  AUTH.
>                   This should only be used for connections coming from
>     trusted hosts.
>
> Maybe this could be expanded: "from trusted hosts, over trusted networks".
>
>     Personally, I think all mail data should be encrypted in internet
>     transfer.
>
> This kind of sounds like the answer might be "don't use -a when your 
> listen address is reachable over the internet"...
> My own inclination is to re-enable STARTTLS, but I'd like to better 
> understand why it was disabled before I do so.
> On Tue, Jun 14, 2016, at 07:16 PM, qyb wrote:
>> I use "lmtpd -a" listen on a NIC interface and receive lmtp request 
>> from a remote postfix instance. Now preauth works, but mail data was 
>> transfered without encryption.
>> I guess the commit your mentioned disabled startssl because the 
>> author think we just need ssl to protect PLAIN Password auth 
>> request.. Personally, I think all mail data should be encrypted in 
>> internet transfer.
>> On Tue, Jun 14, 2016 at 9:25 AM, ellie timoney via Cyrus-devel 
>> <cyrus-devel at lists.andrew.cmu.edu 
>> <mailto:cyrus-devel at lists.andrew.cmu.edu>> wrote:
>>
>>
>>     On Wed, Jun 1, 2016, at 03:28 AM, qyb via Cyrus-devel wrote:
>>>     I noticed that cyrus disable TLS on preauth'd connection.
>>>
>>>     Authentication info(plain password...) need TLS protection. And
>>>     I think that RFC822 text also need TLS.
>>
>>     Can you expand on this a bit?
>>
>>     As far as I understand, connections are only ever preauth'd when
>>     they come in via UNIX-domain sockets, which are inherently
>>     local.  What are you trying to protect, and from whom?
>>
>>     For what it's worth, it looks like STARTTLS used to work (at
>>     least to some degree) for preauth'd LMTP, but was explicitly
>>     disabled in 2001 by this commit:
>>     https://cgit.cyrus.foundation/cyrus-imapd/commit/?id=b93e6be5b19362f9e295b40ceb81b702d73de6bb
>>     So I guess you might be able to re-enable it by doing the inverse
>>     of that, though I'm not really seeing the point?
>>

-- 
Kenneth Murchison
Principal Systems Software Engineer
Carnegie Mellon University

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.andrew.cmu.edu/pipermail/cyrus-devel/attachments/20160615/622c3efc/attachment-0001.html>

More information about the Cyrus-devel mailing list