Why are only admins allowed to AUTH to lmtpd?

Kevin P. Fleming kpfleming at cox.net
Fri Jan 3 16:29:20 EST 2003


Lawrence Greenfield wrote:

> --On Friday, January 03, 2003 12:48 PM -0700 "Kevin P. Fleming"
>  wrote:
>
> > This is all working fine, except that I had to add my dummy
> > authentication user (which I create solely for Exim to authenticate
> > itself to lmtpd with) to the "admins" entry in /etc/imapd.conf. I had to
> > do this because lmptd specifically allows only admins to authenticate.
> >
> > Is there any particular reason why? It's not a big deal for me, but when
> > I document this configuration for other people I'm sure this will raise
> > some eyebrows.
>
>
> Allowing anonymous users to directly submit via LMTP would defeat any
> accounting done in the MTA and allow for perfectly forged Received
> headers. Allowing arbitrary users to authenticate could be just as bad
> with the current code, though it could be modified---but it's not clear
> it's worth it.
>
> Since there are some LMTP extensions like IGNOREQUOTA that require
> administrative rights, it doesn't seem worthwhile to try to get finer
> grained authorization than "lmtp_admins".

I responded to most of that in my reply to Rob, but thanks for the additional 
information. lmtp_admins will do exactly what I need.





More information about the Info-cyrus mailing list