My question is, where is Sendmail getting, or even sending to the deliver program, the information that says to match against username msmith, johndoe, or whatnot? I know of the -a switch for deliver, but pretty much all the other MTAs (including Postfix) say that there can only exist a "blanket" Cyrus user, designated to the MTA, for posting to shared folders.
This is intended to be used in a secure localized installation, with the users using SMTP AUTH to authenticate themselves to the MTA. The MTA then records this information and passes it along via LMTP AUTH to the Cyrus lmtpd.
Where's everything come from, authentication-wise? The only thing I can think of is the user creates a message, saves to their local drafts folder, then manually "moves" the message into the proper folder on IMAP. But that seems really icky, and essentially like "IMAP Send".
Well, in my case, we're not actually using SMTP AUTH to deliver the messages to the MTA. Rather, I have set up mail delivery such that a message that arrives at my MTA address to "[EMAIL PROTECTED]" is delivered as if it had been AUTH'd as "user". This means that messages can be delivered directly to any user's folders, without having to give anonymous "p" rights on those folders. Yes, this does mean that someone out there could abuse it, but all they could do is put random stuff directly into a folder, instead of into the user's INBOX.
If we had shared folders set up, then I would have to implement SMTP AUTH so that the the folders could have reasonable (i.e. non-anonymous) rights.
