On Wed, Jun 1, 2016, at 03:28 AM, qyb via Cyrus-devel wrote: > I noticed that cyrus disable TLS on preauth'd connection. > > Authentication info(plain password...) need TLS protection. And I > think that RFC822 text also need TLS. Can you expand on this a bit? As far as I understand, connections are only ever preauth'd when they come in via UNIX-domain sockets, which are inherently local. What are you trying to protect, and from whom? For what it's worth, it looks like STARTTLS used to work (at least to some degree) for preauth'd LMTP, but was explicitly disabled in 2001 by this commit: https://cgit.cyrus.foundation/cyrus-imapd/commit/?id=b93e6be5b19362f9e295b40ceb81b702d73de6bb So I guess you might be able to re-enable it by doing the inverse of that, though I'm not really seeing the point?
Re: feature request: support STARTTLS for LMTP preauth'd connection
ellie timoney via Cyrus-devel Mon, 13 Jun 2016 18:25:44 -0700
- feature request: support STARTTLS for LMTP p... qyb via Cyrus-devel
- Re: feature request: support STARTTLS f... ellie timoney via Cyrus-devel
- Re: feature request: support STARTT... qyb via Cyrus-devel
- Re: feature request: support ST... Marty Lee via Cyrus-devel
- Re: feature request: support ST... ellie timoney via Cyrus-devel
- Re: feature request: suppor... Ken Murchison via Cyrus-devel
