> I use "lmtpd -a" listen on a NIC interface and receive lmtp request > from a remote postfix instance. Now preauth works, but mail data was > transfered without encryption. Ah, I see what you mean. I didn't know that -a option was there. > I guess the commit your mentioned disabled startssl because the author > think we just need ssl to protect PLAIN Password auth request.. My guess would be an assumption that no-one would send LMTP traffic over the internet (that's what SMTP is for). If one expects LMTP traffic (and especially pre-authed LMTP traffic) to be within a single server, or at most between servers sitting in nearby racks over a private network, then this all makes sense. Ken, do you want to chime in here? The disabling STARTTLS commit (b93e6be) and the one to add the -a option (a501222) were both yours. I'm hoping to get a clearer understanding of the intent. For what it's worth, lmtpd(8) man page says: > -a Preauthorize connections initiated on an internet socket, > instead of requiring LMTP AUTH. > This should only be used for connections coming from trusted hosts. Maybe this could be expanded: "from trusted hosts, over trusted networks". > Personally, I think all mail data should be encrypted in internet > transfer. This kind of sounds like the answer might be "don't use -a when your listen address is reachable over the internet"... My own inclination is to re-enable STARTTLS, but I'd like to better understand why it was disabled before I do so. On Tue, Jun 14, 2016, at 07:16 PM, qyb wrote: > I use "lmtpd -a" listen on a NIC interface and receive lmtp request > from a remote postfix instance. Now preauth works, but mail data was > transfered without encryption. > > I guess the commit your mentioned disabled startssl because the author > think we just need ssl to protect PLAIN Password auth request.. > Personally, I think all mail data should be encrypted in internet > transfer. > > On Tue, Jun 14, 2016 at 9:25 AM, ellie timoney via Cyrus-devel <cyrus- > de...@lists.andrew.cmu.edu> wrote: >> __ >> >> On Wed, Jun 1, 2016, at 03:28 AM, qyb via Cyrus-devel wrote: >>> I noticed that cyrus disable TLS on preauth'd connection. >>> >>> Authentication info(plain password...) need TLS protection. And I >>> think that RFC822 text also need TLS. >> >> >> Can you expand on this a bit? >> >> As far as I understand, connections are only ever preauth'd when they >> come in via UNIX-domain sockets, which are inherently local. What >> are you trying to protect, and from whom? >> >> For what it's worth, it looks like STARTTLS used to work (at least to >> some degree) for preauth'd LMTP, but was explicitly disabled in 2001 >> by this commit: >> https://cgit.cyrus.foundation/cyrus-imapd/commit/?id=b93e6be5b19362f9e295b40ceb81b702d73de6bb >> So I guess you might be able to re-enable it by doing the inverse of >> that, though I'm not really seeing the point?
Re: feature request: support STARTTLS for LMTP preauth'd connection
ellie timoney via Cyrus-devel Tue, 14 Jun 2016 16:56:06 -0700
- feature request: support STARTTLS for LMTP p... qyb via Cyrus-devel
- Re: feature request: support STARTTLS f... ellie timoney via Cyrus-devel
- Re: feature request: support STARTT... qyb via Cyrus-devel
- Re: feature request: support ST... Marty Lee via Cyrus-devel
- Re: feature request: support ST... ellie timoney via Cyrus-devel
- Re: feature request: suppor... Ken Murchison via Cyrus-devel
