Security impact of lmtpd with pre-auth
Andrew Morgan
morgan at orst.edu
Thu Jul 9 13:36:57 EDT 2009
On Thu, 9 Jul 2009, Reinaldo de Carvalho wrote:
> On Thu, Jul 9, 2009 at 2:05 AM, Pascal
> Gienger<Pascal.Gienger at uni-konstanz.de> wrote:
>>
>> Imagine a Cyrus Box only accepting LMTP connections, no sendmail, no
>> Postfix, no other SMTP MTA running on it.
>> Then imagine a frontend smtp relay delivering directly via LMTP over TCP
>> to your Cyrus box. You can use lmtp auth then to prevent other machines
>> from directly delivering mails via lmtp.
>>
>> Pascal
>
> Set a firewall.
Cyrus (and lmtpd) support tcp-wrappers, so it is trivial to allow
connections from only your trusted MTA hosts. Still, using lmtp auth is
not a bad idea, and it is required in a Cyrus murder environment.
Andy
More information about the Info-cyrus
mailing list