On Wed, 8 Jul 2009, Pascal Gienger wrote: > Nikolaus Rath schrieb: >> Hello, >> >> Apparently (http://wiki.exim.org/CyrusImap) I need to let lmtpd accept >> connections from localhost as pre-authenticated to make cyrus and exim >> work nicely together. >> >> Can someone explain what this actually means security wise? I.e. what >> could a malicious user on localhost do with a pre-authed connection? > > He can put/deliver mail in whatever mailbox. > > The other side: If you have a "malicious unix user" on your Cyrus Box, > you'll have a bunch of another problems, far aside from delivering mails > to every mailbox... > > Delivering mails from localhost to localhost via lmtp with > authentication has the problem that the sending side does need to now > the credential. If the sending side knows that credential, a "malicious > user" does have access to it because the sending side is on the same > box, the same container, ... For an entertaining read (which also contains instructions on configuring exim to do lmtp auth): http://lkcl.net/reports/cyrus-configs/SIMPLEHOWTO.txt The author has some wonderful comments about software and managers. :) Pascal is right though - you may end up with the lmtp auth password stored in plaintext in a config file that end users can read. Still, lmtp auth is probably a smarter way to go than pre-auth. You may be able to make the necessary exim config file not readable by your users. I'm not that familiar with exim myself. Andy ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
