Security impact of lmtpd with pre-auth

Andrew Morgan morgan at orst.edu
Thu Jul 9 13:36:57 EDT 2009


On Thu, 9 Jul 2009, Reinaldo de Carvalho wrote:

> On Thu, Jul 9, 2009 at 2:05 AM, Pascal
> Gienger<Pascal.Gienger at uni-konstanz.de> wrote:
>>
>> Imagine a Cyrus Box only accepting LMTP connections, no sendmail, no
>> Postfix, no other SMTP MTA running on it.
>> Then imagine a frontend smtp relay delivering directly via LMTP over TCP
>> to your Cyrus box. You can use lmtp auth then to prevent other machines
>> from directly delivering mails via lmtp.
>>
>> Pascal
>
> Set a firewall.

Cyrus (and lmtpd) support tcp-wrappers, so it is trivial to allow 
connections from only your trusted MTA hosts.  Still, using lmtp auth is 
not a bad idea, and it is required in a Cyrus murder environment.

 	Andy


More information about the Info-cyrus mailing list