Security impact of lmtpd with pre-auth

Andrew Morgan morgan at orst.edu
Wed Jul 8 03:06:47 EDT 2009


On Wed, 8 Jul 2009, Pascal Gienger wrote:

> Nikolaus Rath schrieb:
>> Hello,
>>
>> Apparently (http://wiki.exim.org/CyrusImap) I need to let lmtpd accept
>> connections from localhost as pre-authenticated to make cyrus and exim
>> work nicely together.
>>
>> Can someone explain what this actually means security wise? I.e. what
>> could a malicious user on localhost do with a pre-authed connection?
>
> He can put/deliver mail in whatever mailbox.
>
> The other side: If you have a "malicious unix user" on your Cyrus Box,
> you'll have a bunch of another problems, far aside from delivering mails
> to every mailbox...
>
> Delivering mails from localhost to localhost via lmtp with
> authentication has the problem that the sending side does need to now
> the credential. If the sending side knows that credential, a "malicious
> user" does have access to it because the sending side is on the same
> box, the same container, ...

For an entertaining read (which also contains instructions on configuring 
exim to do lmtp auth):

   http://lkcl.net/reports/cyrus-configs/SIMPLEHOWTO.txt

The author has some wonderful comments about software and managers.  :)

Pascal is right though - you may end up with the lmtp auth password stored 
in plaintext in a config file that end users can read.  Still, lmtp auth 
is probably a smarter way to go than pre-auth.  You may be able to make 
the necessary exim config file not readable by your users.  I'm not that 
familiar with exim myself.

 	Andy


More information about the Info-cyrus mailing list