MTAs that pass SMTP AUTH?
Amos Gouaux
+archive.info-cyrus at utdallas.edu
Tue Apr 1 11:46:42 EST 2003
>>>>> On Mon, 31 Mar 2003 08:42:04 -0500,
>>>>> Scott Balmos <sbalmos at adelphia.net> (sb) writes:
sb> Okay, fine. This is what I have also. The crux seems to be getting the MTA to
sb> pass along the AUTH info. So far I guess only Sendmail and Exim do such a
sb> thing, right? Has anyone *possibly* come up with a patch for Postfix about
sb> this? I remember a few days ago some mumblings on the list that to record
sb> such AUTH info to pass along with the message would be somewhat irritating.
I think I was volunteered to raise this issue on the postfix-users
list, but life is still a bit chaotic for me (still unpacking from
a move). It's also been a long, long time since I've studied
Postfix source at all, and much has changed since my meager
tinkerings. So I was trying to re-acquaint myself with such
things, and how something like this might be arranged.
As has been mentioned before, one thing is for sure: it would
require altering the format of the queue file. I *think* that if
this was strictly controlled by some variables, which by default
were off, *maybe* this would be accepted. It certainly doesn't
harm that an increasing number of MTAs start supporting this.
The more the merrier! :-)
At any rate, this isn't likely to be something that appears
overnight, alas.
sb> This is *EXACTLY* what I have right now, Kevin. I've always thought that since
sb> there is no password, and the "user" to authenticate is in the message
sb> itself, such that anyone reading that message sees the full address along
sb> with a username that has posting credentials to that folder, it was
sb> completely insecure. I guess it's just a risk, you only hope that the users
sb> (in my case, only about 300, so it's not that big a deal) don't abuse it, and
sb> you just make sure the folder admins are quick to delete.
sb> Well that makes me feel at least a little more comfortable knowing that at
sb> least one other person does this convoluted user+folder "authentication"
sb> setup like I was thinking of using. :)
Well, what we did in some of these cases is a pretty gross,
convoluted mess. I guess it works OK, but certainly could be
better. You see, we got into a bit of a pinch when we tried to
rely exclusively on shared folders ("BBs") for important campus
discussions. The best we could do that was acceptable to all
parties was to continue to use the long-time existing campus
mailing lists AND some shared folders.
The shared folder membership is derived from the mailing list
membership. This shared folder is then listed as a special member
on that list. If an individual wants to only refer to the shared
folder instead of getting inundated by stuff in their inbox, then
they can set the VACATION flag on their subscription for that
list. This means they're still on the list, hence still a member
of the shared folder, but don't get the mail in their inbox.
Though not entirely fool-proof, this crazy arrangement seems to
have worked out OK for the last couple or so years (forget when it
was started). With some MLMs you can remove some headers and do a
little masquerading, thereby tightening things up a tad. At least
some of the IMAP diehards can enjoy the shared folders. However,
LMTP-AUTH tied to SMTP-AUTH sure would be nice to play with.
In the back of my mind I've been wondering if/how the new NNTP
support coming with the new Cyrus now in beta might be employed to
deal with these sort of discussions. However, I haven't pictured
just how yet.
--
Amos
More information about the Info-cyrus
mailing list