Andrew Morgan <morgan@xxxxxxxx> writes:> On Wed, 8 Jul 2009, Pascal Gienger wrote:>>> Nikolaus Rath schrieb:>>> Hello,>>>>>> Apparently (http://wiki.exim.org/CyrusImap) I need to let lmtpd accept>>> connections from localhost as pre-authenticated to make cyrus and exim>>> work nicely together.>>>>>> Can someone explain what this actually means security wise? I.e. what>>> could a malicious user on localhost do with a pre-authed connection?>>>> He can put/deliver mail in whatever mailbox. But unless I have some exotic filtering and/or rate limiting configured,he can do exactly the same thing by connecting to localhost:smtp, orinvoking sendmail directy, can't he? So why the additional protectionfor lmtp? >> The other side: If you have a "malicious unix user" on your Cyrus Box,>> you'll have a bunch of another problems, far aside from delivering mails>> to every mailbox... Of course. >> Delivering mails from localhost to localhost via lmtp with>> authentication has the problem that the sending side does need to now>> the credential. If the sending side knows that credential, a "malicious>> user" does have access to it because the sending side is on the same>> box, the same container, ...>> For an entertaining read (which also contains instructions on configuring > exim to do lmtp auth):>> http://lkcl.net/reports/cyrus-configs/SIMPLEHOWTO.txt>> The author has some wonderful comments about software and managers. :) Seems to be offline right now. But I'll check it out again later. > Pascal is right though - you may end up with the lmtp auth password stored > in plaintext in a config file that end users can read. Still, lmtp auth > is probably a smarter way to go than pre-auth. You may be able to make > the necessary exim config file not readable by your users. I'm not that > familiar with exim myself. Keeping the password secret from users isn't the problem. But for somereason exim does not do authentication when checking if auser/mailbox-name is valid (and if I turn off the verification, I end upwith thousands of undeliverable mails in my spool that exim accepted butcannot deliver to cyrus). So I really have to stick with pre-auth. I was just curious what exactlyI'm getting into with that. Best, -Nikolaus -- »Time flies like an arrow, fruit flies like a Banana.« PGP fingerprint: 5B93 61F8 4EA2 E279 ABF6 02CF A9AD B7F8 AE4E 425C ----Cyrus Home Page: http://cyrusimap.web.cmu.edu/Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twikiList Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
