deliver vs LMTP for shared folders

Scott Balmos sbalmos at members.simunex.com
Fri May 13 11:34:29 EDT 2005 

Ken Murchison wrote:

> Scott Balmos wrote:
>
>> Hi all,
>>
>> This is probably a bad subject line for the topic, but I can't think 
>> of a better one. I've always heard, between here and on the Postfix 
>> list, that delivering directly via LMTP to Cyrus is better than using 
>> the deliver wrapper program. I was curious how much of a performance 
>> hit there is by using deliver rather than LMTP directly? There's a 
>> method to my madness.
>
>
> I can't give you any quantitative number, but its just an extra, 
> needless process.
>
>> Anyway... The main problem is that I have found no way to get Postfix 
>> to authenticate as an arbitary user over LMTP (e.g. to pull the 
>> username from the user+folder address). I can set the Postfix LMTP 
>> client to authenticate with SASL... But then Postfix requires a SASL 
>> password map, which is impossible because the user account passwords 
>> are not stored anywhere in cleartext.
>
>
> Keep in mind that deliver is just a simple LMTP client, so anything 
> that it does, *should* be possible in any MTA.  An admin can always 
> proxy as another user as long as you use a SASL mechanism which 
> supports it (PLAIN, DIGEST-MD5).  But, in deliver's case its using the 
> optional AUTH=<authuser> keyword with the MAIL FROM command.  At least 
> one of these methods should be supported by Postfix.
>
Should and does are not always the same, unfortunately. :) I think this 
is one area where Postfix maintains its mutual distrust of itself (its 
other component programs) in the name of security. From the LMTP client 
protocol code in Postfix:

        /*
         * We authenticate the local MTA only, but not the sender.
         */
#ifdef USE_SASL_AUTH
        if (var_lmtp_sasl_enable
        && (state->features & LMTP_FEATURE_AUTH)
        && state->sasl_passwd)
        vstring_strcat(next_command, " AUTH=<>");
#endif
        next_state = LMTP_STATE_RCPT;
        break;

So using AUTH=<blah> is out of the question, not to mention the fact 
that (as given by the state->sasl_passwd attribute check) Postfix 
expects to need to log in successfully before even thinking about 
putting in AUTH=<>. And as far as I can tell in the LMTP SASL code, 
Postfix has support for authentication, but not authorization. 
Whereabouts in the SASL docs, RFC, or whatever does it describe how to 
specify the authorization name in an LMTP (or SMTP for that matter) AUTH 
login conversation? If I'm reading the source code to deliver correctly, 
it uses the AUTH=<> keyword regardless, so I'm guessing that keyword is 
always available no matter whether or not you authenticate with SASL 
during the LMTP conversation startup.

Like I said in the original message, I don't think this is an area that 
Postfix will budge on. :/ I'll see what they say after I get more 
information. But I seem to vaguely remember a conversation a year or so 
ago (I'll have to check the archives) about this, with 
less-than-positive results.

Thanks Ken & all for any more info.

--Scott

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list