postfix to cyrus-imap via lmtp?

[Adi Linden]

> Then the problem is really that debian's postfix packages don't include
> postfix's SMTP AUTH/sasl patch, right?  I've done a lot of postfix builds
> in the past and they're really nothing to be afraid of.  Even on the
> machines where I run debian, I still build postfix from source to gain
> access to things like LDAP and the latest versions.

No, Debian's cyrus-sasl doesn't include the patch to lookup encrypted
passwords in sql. This means I have to build cyrus-sasl from source and
everything that depends on it, cyrus-imapd, postfix, anything else?
It also mans I have to build a 'dummy' MTA package so I can remove
Debian's postfix package without wrecking my system.

I guess I could use pam. SMTP AUTH would look like:
    postfix -> sasl -> saslauthd -> pam -> mysql

And cyrus-imap would do the same:
    imap -> sasl -> saslauthd -> pam -> mysql

> What if a user gains access to your database?  Furthermore, what would be
> the point of having them stored in plain text?  Might as well encrypt them
> then.

Having encrypted passwords is part of the problem, in addition the fact
that there are many different encryption schemes. My users already have a
mix of crypt and md5crypt passwords. Still need a way to rectify this.
Stil might be handy to temorarily collect usernames and a clear text
passwords, then store them encrypted in mysql.

Oh man, I am almost ready to toss the idea of a 'sealed' mail server
alltogether. Instead keep unix accounts, shadow passwords and lock down
the box so mail users do not have shell access....

Adi
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html