Security impact of lmtpd with pre-auth
Andrew Morgan
morgan at orst.edu
Wed Jul 8 03:06:47 EDT 2009
On Wed, 8 Jul 2009, Pascal Gienger wrote:
> Nikolaus Rath schrieb:
>> Hello,
>>
>> Apparently (http://wiki.exim.org/CyrusImap) I need to let lmtpd accept
>> connections from localhost as pre-authenticated to make cyrus and exim
>> work nicely together.
>>
>> Can someone explain what this actually means security wise? I.e. what
>> could a malicious user on localhost do with a pre-authed connection?
>
> He can put/deliver mail in whatever mailbox.
>
> The other side: If you have a "malicious unix user" on your Cyrus Box,
> you'll have a bunch of another problems, far aside from delivering mails
> to every mailbox...
>
> Delivering mails from localhost to localhost via lmtp with
> authentication has the problem that the sending side does need to now
> the credential. If the sending side knows that credential, a "malicious
> user" does have access to it because the sending side is on the same
> box, the same container, ...
For an entertaining read (which also contains instructions on configuring
exim to do lmtp auth):
http://lkcl.net/reports/cyrus-configs/SIMPLEHOWTO.txt
The author has some wonderful comments about software and managers. :)
Pascal is right though - you may end up with the lmtp auth password stored
in plaintext in a config file that end users can read. Still, lmtp auth
is probably a smarter way to go than pre-auth. You may be able to make
the necessary exim config file not readable by your users. I'm not that
familiar with exim myself.
Andy
More information about the Info-cyrus
mailing list