On 9.4.2010, at 14.24, Mike Abbott wrote: > The patch adds the concept of "submit" users. Submit users are like > master users in that they may log in as any user. However submit users > can use only a limited set of commands: just URLFETCH, ID, CAPABILITY > (although the capabilities are a lie since submit users can't use most > commands), and LOGOUT. This restriction enables an IMAP server to allow > a BURL-capable submission server to use URLFETCH commands without > risking a huge security breach if a submit user's credentials are > compromised. In other words, you can safely enable limited-power submit > users without enabling super-user master users.
Hmm. They are quite similar though. Maybe it could internally work pretty much the same as master user, except have a single flag saying it's a submit user, and based on that deny the commands. And actually this could be merged with the support for checking if user is anonymous. So something like: MASTER_USER=submit USER_TYPE=anonymous | normal | submit > The patch adds a non-standard X-PLAIN-SUBMIT authentication method > specifically to allow plain-text submit user logins while plain-text > regular user logins are not allowed. This lets the system administrator > configure the same submit user and password credentials on both the > submission server and the IMAP server. With v2.0 it's possible to do: disable_plaintext_auth = yes remote submit.domain.org { disable_plaintext_auth = no } I think that takes care of the need for X-PLAIN-SUBMIT?