LMTP AUTH security exposure?

Ken Murchison murch at andrew.cmu.edu
Wed Oct 10 08:27:33 EDT 2007


Vincent Fox wrote:
> So I want to do LMTP between an MX pool and Cyrus backends.
> 
> The common way I read about doing this, is with a shared LMTP
> account from MX pool to backends.  So it becomes a postman sort
> of account with the password in plaintext in various places and of
> course transiting the network that way.
> 
> Is there any way to do this with certs instead?
> 
> If I set "allowplaintext: yes" for this purpose, well I've just
> enabled it for general users also right?  Which brings up a
> whole 'nother set of issues.

You can set service-specific options, such as "lmtp_allowplaintext: 
yes".  The service-specific prefix must match a service name in cyrus.conf.

-- 
Kenneth Murchison
Systems Programmer
Project Cyrus Developer/Maintainer
Carnegie Mellon University


More information about the Info-cyrus mailing list