Why are only admins allowed to AUTH to lmtpd?

Voutsinas Nikos nvoutsin at noc.uoa.gr
Sat Jan 4 08:58:42 EST 2003


:)

I always thought that what was mentioned is not primary a cyrus issue, 
but given  the opportunity from Kevin's idea here is an extension

What Kevin said is also possible with sendmail. (MTA passes the authid 
of the sender to the lmtpd). In 8.12.2 this was under _FFR code, I dont 
know the current status. (Hey sendmail we are you ??). Actually this 
concept is applicable when the MTA plays the role of an MSA, where each 
intranet user is "forced" to follow the SMTP authentication procedure.


   non-local user      local/authenticated user
        or
    other MTA                     |
         |                        |
         |                        |
         <                        <
        MTA                      MSA
         |                        |
         |                        |
         <                        <
         --------------------------  MAIL FROM:<lala _ at _ noc.edunet.gr> 

                     |                         AUTH=nvoutsin
                     |                          or
                     <                         AUTH=nvoutsin at realm
                   lmtpd

MSA:intranet users should declare the MSA server in thier
clients as outgoing mail server. The MSA server according to 
RFC(???)(can't remember...) accepts user's submissions if and only
if user is succefully authenticated (in ldap :) ). Sendmail passes the 
authid (auth author or authen... ) to lmtpd as parameter on the mail 
from: command.

MTA: This is nothing else than the MX server.

Notes:
1) LMTP connections on the lmtpd are only allowed from the MSA, and MTA
2) MTA rejects each mail/connection if : a)the mail from:<> command 
contains one of the localmail domains b) originated from the local 
address space

The above described schema/architecture makes posting control 
possible.(No need for anyone p)

http://pacific.edunet.uoa.gr/
http://pacific.edunet.uoa.gr/help/mail/


Kevin P. Fleming wrote:
> I have modified my configuration here so that now my MTA (Exim 4.12) 
> uses RFC2554 authentication to identify itself to lmtpd. This was done 
> so that Exim could supply AUTH=<local part> on the MAIL FROM: line, thus 
> eliminating the need to add "anyone p" ACLs to subfolders in order to 
> allow direct subfolder delivery.
> 
> This is all working fine, except that I had to add my dummy 
> authentication user (which I create solely for Exim to authenticate 
> itself to lmtpd with) to the "admins" entry in /etc/imapd.conf. I had to 
> do this because lmptd specifically allows only admins to authenticate.
> 
> Is there any particular reason why? It's not a big deal for me, but when 
> I document this configuration for other people I'm sure this will raise 
> some eyebrows.
> 
> 





More information about the Info-cyrus mailing list