MTAs that pass SMTP AUTH?

[Kevin P. Fleming]

Scott Balmos wrote:
> My question is, where is Sendmail getting, or even sending to the deliver 
> program, the information that says to match against username msmith, johndoe, 
> or whatnot? I know of the -a switch for deliver, but pretty much all the 
> other MTAs (including Postfix) say that there can only exist a "blanket" 
> Cyrus user, designated to the MTA, for posting to shared folders.
> 

This is intended to be used in a secure localized installation, with the 
users using SMTP AUTH to authenticate themselves to the MTA. The MTA 
then records this information and passes it along via LMTP AUTH to the 
Cyrus lmtpd.

> Where's everything come from, authentication-wise? The only thing I can think 
> of is the user creates a message, saves to their local drafts folder, then 
> manually "moves" the message into the proper folder on IMAP. But that seems 
> really icky, and essentially like "IMAP Send".

Well, in my case, we're not actually using SMTP AUTH to deliver the 
messages to the MTA. Rather, I have set up mail delivery such that a 
message that arrives at my MTA address to "user+folder at domain.com" is 
delivered as if it had been AUTH'd as "user". This means that messages 
can be delivered directly to any user's folders, without having to give 
anonymous "p" rights on those folders. Yes, this does mean that someone 
out there could abuse it, but all they could do is put random stuff 
directly into a folder, instead of into the user's INBOX.

If we had shared folders set up, then I would have to implement SMTP 
AUTH so that the the folders could have reasonable (i.e. non-anonymous) 
rights.