LMTP AUTH security exposure?
Ken Murchison
murch at andrew.cmu.edu
Wed Oct 10 08:27:33 EDT 2007
Vincent Fox wrote:
> So I want to do LMTP between an MX pool and Cyrus backends.
>
> The common way I read about doing this, is with a shared LMTP
> account from MX pool to backends. So it becomes a postman sort
> of account with the password in plaintext in various places and of
> course transiting the network that way.
>
> Is there any way to do this with certs instead?
>
> If I set "allowplaintext: yes" for this purpose, well I've just
> enabled it for general users also right? Which brings up a
> whole 'nother set of issues.
You can set service-specific options, such as "lmtp_allowplaintext:
yes". The service-specific prefix must match a service name in cyrus.conf.
--
Kenneth Murchison
Systems Programmer
Project Cyrus Developer/Maintainer
Carnegie Mellon University
More information about the Info-cyrus
mailing list