Why are only admins allowed to AUTH to lmtpd?
Kevin P. Fleming
kpfleming at cox.net
Fri Jan 3 16:29:20 EST 2003
Lawrence Greenfield wrote:
> --On Friday, January 03, 2003 12:48 PM -0700 "Kevin P. Fleming"
> wrote:
>
> > This is all working fine, except that I had to add my dummy
> > authentication user (which I create solely for Exim to authenticate
> > itself to lmtpd with) to the "admins" entry in /etc/imapd.conf. I had to
> > do this because lmptd specifically allows only admins to authenticate.
> >
> > Is there any particular reason why? It's not a big deal for me, but when
> > I document this configuration for other people I'm sure this will raise
> > some eyebrows.
>
>
> Allowing anonymous users to directly submit via LMTP would defeat any
> accounting done in the MTA and allow for perfectly forged Received
> headers. Allowing arbitrary users to authenticate could be just as bad
> with the current code, though it could be modified---but it's not clear
> it's worth it.
>
> Since there are some LMTP extensions like IGNOREQUOTA that require
> administrative rights, it doesn't seem worthwhile to try to get finer
> grained authorization than "lmtp_admins".
I responded to most of that in my reply to Rob, but thanks for the additional
information. lmtp_admins will do exactly what I need.
More information about the Info-cyrus
mailing list