Security impact of lmtpd with pre-auth

Pascal Gienger Pascal.Gienger at uni-konstanz.de
Thu Jul 9 01:05:16 EDT 2009


Nikolaus Rath schrieb:

> But unless I have some exotic filtering and/or rate limiting configured,
> he can do exactly the same thing by connecting to localhost:smtp, or
> invoking sendmail directy, can't he? So why the additional protection
> for lmtp?

Imagine a Cyrus Box only accepting LMTP connections, no sendmail, no 
Postfix, no other SMTP MTA running on it.
Then imagine a frontend smtp relay delivering directly via LMTP over TCP 
to your Cyrus box. You can use lmtp auth then to prevent other machines 
from directly delivering mails via lmtp.

Pascal
-- 
Pascal Gienger
University of Konstanz, IT Services Department ("Rechenzentrum")
Electronic Communications and Web Services
Building V, Room V404, Phone +49 7531 88 5048, Fax +49 7531 88 3739


More information about the Info-cyrus mailing list