MTAs that pass SMTP AUTH?

[Scott Balmos]

On Tuesday 01 April 2003 01:04 am, Kevin P. Fleming wrote:
> Scott Balmos wrote:
> > My question is, where is Sendmail getting, or even sending to the deliver
> > program, the information that says to match against username msmith,
> > johndoe, or whatnot? I know of the -a switch for deliver, but pretty much
> > all the other MTAs (including Postfix) say that there can only exist a
> > "blanket" Cyrus user, designated to the MTA, for posting to shared
> > folders.
>
> This is intended to be used in a secure localized installation, with the
> users using SMTP AUTH to authenticate themselves to the MTA. The MTA
> then records this information and passes it along via LMTP AUTH to the
> Cyrus lmtpd.
>

Okay, fine. This is what I have also. The crux seems to be getting the MTA to 
pass along the AUTH info. So far I guess only Sendmail and Exim do such a 
thing, right? Has anyone *possibly* come up with a patch for Postfix about 
this? I remember a few days ago some mumblings on the list that to record 
such AUTH info to pass along with the message would be somewhat irritating.

> > Where's everything come from, authentication-wise? The only thing I can
> > think of is the user creates a message, saves to their local drafts
> > folder, then manually "moves" the message into the proper folder on IMAP.
> > But that seems really icky, and essentially like "IMAP Send".
>
> Well, in my case, we're not actually using SMTP AUTH to deliver the
> messages to the MTA. Rather, I have set up mail delivery such that a
> message that arrives at my MTA address to "user+folder at domain.com" is
> delivered as if it had been AUTH'd as "user". This means that messages
> can be delivered directly to any user's folders, without having to give
> anonymous "p" rights on those folders. Yes, this does mean that someone
> out there could abuse it, but all they could do is put random stuff
> directly into a folder, instead of into the user's INBOX.
>
> If we had shared folders set up, then I would have to implement SMTP
> AUTH so that the the folders could have reasonable (i.e. non-anonymous)
> rights.

This is *EXACTLY* what I have right now, Kevin. I've always thought that since 
there is no password, and the "user" to authenticate is in the message 
itself, such that anyone reading that message sees the full address along 
with a username that has posting credentials to that folder, it was 
completely insecure. I guess it's just a risk, you only hope that the users 
(in my case, only about 300, so it's not that big a deal) don't abuse it, and 
you just make sure the folder admins are quick to delete.

Well that makes me feel at least a little more comfortable knowing that at 
least one other person does this convoluted user+folder "authentication" 
setup like I was thinking of using. :)

Thanks!