Andrew Morgan <mor...@orst.edu> writes: > On Wed, 8 Jul 2009, Pascal Gienger wrote: > >> Nikolaus Rath schrieb: >>> Hello, >>> >>> Apparently (http://wiki.exim.org/CyrusImap) I need to let lmtpd accept >>> connections from localhost as pre-authenticated to make cyrus and exim >>> work nicely together. >>> >>> Can someone explain what this actually means security wise? I.e. what >>> could a malicious user on localhost do with a pre-authed connection? >> >> He can put/deliver mail in whatever mailbox.
But unless I have some exotic filtering and/or rate limiting configured, he can do exactly the same thing by connecting to localhost:smtp, or invoking sendmail directy, can't he? So why the additional protection for lmtp? >> The other side: If you have a "malicious unix user" on your Cyrus Box, >> you'll have a bunch of another problems, far aside from delivering mails >> to every mailbox... Of course. >> Delivering mails from localhost to localhost via lmtp with >> authentication has the problem that the sending side does need to now >> the credential. If the sending side knows that credential, a "malicious >> user" does have access to it because the sending side is on the same >> box, the same container, ... > > For an entertaining read (which also contains instructions on configuring > exim to do lmtp auth): > > http://lkcl.net/reports/cyrus-configs/SIMPLEHOWTO.txt > > The author has some wonderful comments about software and managers. :) Seems to be offline right now. But I'll check it out again later. > Pascal is right though - you may end up with the lmtp auth password stored > in plaintext in a config file that end users can read. Still, lmtp auth > is probably a smarter way to go than pre-auth. You may be able to make > the necessary exim config file not readable by your users. I'm not that > familiar with exim myself. Keeping the password secret from users isn't the problem. But for some reason exim does not do authentication when checking if a user/mailbox-name is valid (and if I turn off the verification, I end up with thousands of undeliverable mails in my spool that exim accepted but cannot deliver to cyrus). So I really have to stick with pre-auth. I was just curious what exactly I'm getting into with that. Best, -Nikolaus -- »Time flies like an arrow, fruit flies like a Banana.« PGP fingerprint: 5B93 61F8 4EA2 E279 ABF6 02CF A9AD B7F8 AE4E 425C ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html