Security impact of lmtpd with pre-auth
Nikolaus Rath
Nikolaus at rath.org
Tue Jul 7 20:37:02 EDT 2009
Hello,
Apparently (http://wiki.exim.org/CyrusImap) I need to let lmtpd accept
connections from localhost as pre-authenticated to make cyrus and exim
work nicely together.
Can someone explain what this actually means security wise? I.e. what
could a malicious user on localhost do with a pre-authed connection?
Unfortunately the lmtpd manpage does not say anything about for which
operations an authorization is required.
Thanks,
-Nikolaus
--
»Time flies like an arrow, fruit flies like a Banana.«
PGP fingerprint: 5B93 61F8 4EA2 E279 ABF6 02CF A9AD B7F8 AE4E 425C
More information about the Info-cyrus
mailing list