LMTP AUTH security exposure?
Vincent Fox
vbfox at ucdavis.edu
Tue Oct 9 18:04:32 EDT 2007
So I want to do LMTP between an MX pool and Cyrus backends.
The common way I read about doing this, is with a shared LMTP
account from MX pool to backends. So it becomes a postman sort
of account with the password in plaintext in various places and of
course transiting the network that way.
Is there any way to do this with certs instead?
If I set "allowplaintext: yes" for this purpose, well I've just
enabled it for general users also right? Which brings up a
whole 'nother set of issues.
More information about the Info-cyrus
mailing list