From: Victor Duchovni (no email)
Date: Mon May 16 2005 - 15:26:26 EDT
On Mon, May 16, 2005 at 03:09:26PM -0400, Scott Balmos wrote:
> In my
> setup, I have shared folder posting addresses that are expanded to the
> form, for example, of sbalmos+. Then, like in
> a standard setup, I have in master.cf an entry for deliver that pulls the
> authentication userid from ${user} (e.g. sbalmos) and the board name from
> ${extension}.
Gross hack, there is no reason to impute the credentials of the sender
from such envelope addresses, they are easily forged.
> However, lmtp(8) does not have these variables, and thus my shared folders
> setup falls flat on its face. The first step is what file in pipe(8), or
> master(8) maybe, processes the variables ${user} and ${extension}, so
> similar code could be copied into lmtp. Secondly, and this is probably
> going to be a local modification instead of being generally accepted, the
> LMTP protocol conversation code would be modified to insert this new
> arbitrary username in the AUTH=<foo> keyword of the MAIL FROM state.
> Currently, the code simply inserts AUTH=<>, with some comment about being
> able to authenticate the MTA, but not the sender.
>
The authenticated submittor is not currently forwarded with AUTH=<user>
over LMTP. Perhaps it should be, but is single-hop submission guaranteed?
There are privacy/security issues in forwarding AUTH=<user> over SMTP and
this is disabled (When using SASL the Postifx SMTP client sends AUTH=<>,
explicitly denying any correlation between the envelope sender and the
original authenticated sender).
You need to create and use recipient addresses that *directly* map onto
the shared folders and do access control with the usual mechanisms to
prevent unauthorized posts. In sufficiently security sensitive cases
the shared folder posts should bypass SMTP and be made via IMAP POST
operations from an IMAP client (this is properly authenticated).
-- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the "Reply-To" header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: <mailto:?body=unsubscribe%20postfix-users>
|
|
|