Why are only admins allowed to AUTH to lmtpd?
Kevin P. Fleming
kpfleming at cox.net
Fri Jan 3 16:28:29 EST 2003
Rob Siemborski wrote:
> On Fri, 3 Jan 2003, Kevin P. Fleming wrote:
>
>
> >This is all working fine, except that I had to add my dummy authentication user
> >(which I create solely for Exim to authenticate itself to lmtpd with) to the
> >"admins" entry in /etc/imapd.conf. I had to do this because lmptd specifically
> >allows only admins to authenticate.
>
>
> use lmtp_admins if you don't want to give that user full admin rights.
OK, I hadn't found that option yet. It's perfect for what I need.
>
>
>
> >Is there any particular reason why? It's not a big deal for me, but when
> >I document this configuration for other people I'm sure this will raise
> >some eyebrows.
>
>
> There's no reason regular users should be submitting to the LMTP server,
> they should be submitting using SMTP to an SMTP server, and then the LMTP
> server trusts the SMTP server. This (admitedly marginaly) simplifies the
> authorization code in lmtpd.
True enough. In my case, the LMTP server listens only on a TCP socket on the
loopback interface, and there are no shell accounts on this system, so it's
fairly secure already.
More information about the Info-cyrus
mailing list