MTAs that pass SMTP AUTH?
Kevin P. Fleming
kpfleming at cox.net
Tue Apr 1 01:04:56 EST 2003
Scott Balmos wrote:
> My question is, where is Sendmail getting, or even sending to the deliver
> program, the information that says to match against username msmith, johndoe,
> or whatnot? I know of the -a switch for deliver, but pretty much all the
> other MTAs (including Postfix) say that there can only exist a "blanket"
> Cyrus user, designated to the MTA, for posting to shared folders.
>
This is intended to be used in a secure localized installation, with the
users using SMTP AUTH to authenticate themselves to the MTA. The MTA
then records this information and passes it along via LMTP AUTH to the
Cyrus lmtpd.
> Where's everything come from, authentication-wise? The only thing I can think
> of is the user creates a message, saves to their local drafts folder, then
> manually "moves" the message into the proper folder on IMAP. But that seems
> really icky, and essentially like "IMAP Send".
Well, in my case, we're not actually using SMTP AUTH to deliver the
messages to the MTA. Rather, I have set up mail delivery such that a
message that arrives at my MTA address to "user+folder at domain.com" is
delivered as if it had been AUTH'd as "user". This means that messages
can be delivered directly to any user's folders, without having to give
anonymous "p" rights on those folders. Yes, this does mean that someone
out there could abuse it, but all they could do is put random stuff
directly into a folder, instead of into the user's INBOX.
If we had shared folders set up, then I would have to implement SMTP
AUTH so that the the folders could have reasonable (i.e. non-anonymous)
rights.
More information about the Info-cyrus
mailing list