From: Scott Balmos (no email)
Date: Mon May 16 2005 - 16:06:55 EDT
<quote who="Victor Duchovni">
> The authenticated submittor is not currently forwarded with AUTH=<user>
> over LMTP. Perhaps it should be, but is single-hop submission guaranteed?
In my case, or rather this instance, it is. Posts to the shared folder
subdomain are restricted to an internal server which handles all
processing.
> There are privacy/security issues in forwarding AUTH=<user> over SMTP and
> this is disabled (When using SASL the Postifx SMTP client sends AUTH=<>,
> explicitly denying any correlation between the envelope sender and the
> original authenticated sender).
>
> You need to create and use recipient addresses that *directly* map onto
> the shared folders and do access control with the usual mechanisms to
> prevent unauthorized posts.
I may be dense (it is Monday, after all), but I'm unsure of what you're
suggesting by direct mapping, or the "usual mechanisms". If you're meaning
duplicating the access control information from Cyrus to Postfix, I'm not
sure how you would suggest that be done, since pretty much everything can
be forged.
> In sufficiently security sensitive cases
> the shared folder posts should bypass SMTP and be made via IMAP POST
> operations from an IMAP client (this is properly authenticated).
>
I tend to agree. However I have yet to find an IMAP client that presents
direct IMAP appending to the user in an easy manner, at least in recent
memory. As far as I remember, when browsing an IMAP shared folder, Outlook
/ OE, Thunderbird, Apple Mail.app, etc etc etc all assume you are working
with a normal email, going to an email address. They present no options
for "sending" via IMAP append. This is probably going OT, into MUA
discussion land, but can you give examples of such MUAs that provide this
functionality correctly?
Thanks as always.
--Scott
|
|
|