LMTP AUTH security exposure?
Jarod Watkins
jarod at jxxtech.net
Tue Oct 9 20:00:10 EDT 2007
On Tue, 09 Oct 2007 15:04:32 -0700, Vincent Fox <vbfox at ucdavis.edu> wrote:
> So I want to do LMTP between an MX pool and Cyrus backends.
>
> The common way I read about doing this, is with a shared LMTP
> account from MX pool to backends. So it becomes a postman sort
> of account with the password in plaintext in various places and of
> course transiting the network that way.
>
> Is there any way to do this with certs instead?
>
> If I set "allowplaintext: yes" for this purpose, well I've just
> enabled it for general users also right? Which brings up a
> whole 'nother set of issues.
>
>
>
> ----
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
I don't know if this is what you are looking for, but in this tutorial, this guy uses SASL auth with users inside a plain text file. I am sure you can use SSL, since there are options within the imapd.conf file for LMTP certs. Just scroll down to the Local Delivery section:
http://linuxgazette.net/124/pfeiffer.html
Hope this helps.
More information about the Info-cyrus
mailing list