Re: [exim] [Patch supplied] Exim enhancement request.

Pàgina inicial
Aquest missatge és part del següent fil:
M\l'arbre de fils complet ordenat per data
MMTony Finch en <-
MPhil Pennock en ->
Delete this message
Reply to this message
Autor: Dennis Davis
Data:  
A: exim-users
Assumpte: Re: [exim] [Patch supplied] Exim enhancement request.
On Fri, 24 Feb 2006, Phil Pennock wrote:

> Date: Fri, 24 Feb 2006 14:02:12 +0100
> From: Phil Pennock <exim-users@???>
> To: exim-users@???
> Cc: Dennis Davis <D.H.Davis@???>
> Subject: Re: [exim] [Patch supplied] Exim enhancement request.

...

> The OP is wanting to not need to set the Post privilege by making
> Exim authenticate as a client using the same credential Cyrus has,
> so that all inbound email to user fred is authenticated as posted
> BY user fred.
>
> That scenario worries me at several levels, but the lack of
> mailbox-owner's control over which sub-folders a malicious
> Internet denizen sends mail to is the scenario which comes to
> mind.
>
> At least, that's my interpretation of the situation. Dennis, if
> I've got this wrong then sorry, and please correct me.

I share your concerns. The documentation for such a facility
would need to include phrases such as:

This facility should be used with caution. It certainly has the
ability to bypass any access controls on a Cyrus IMAP server.

I'd only want to use this on a subset of mail folders. I'll give
an example. Institutions often set up generic contact addresses.
Making up some for this University, and the target mail folders
on a Cyrus IMAP server, we might have: 

library-holdings@???  -->  user.library-shared.holdings
library-survey@???    -->  user.library-shared.survey
library-staff@???     -->  user.library-shared.staff


ie the target mailboxes are subfolders of a pseudo-user,
"library-shared". The usual Cyrus access control mechanisms are
applied to each mail folder with one or more people being given
administrative rights.

(I'm sure this isn't the only way to set up shared folders on a
Cyrus server and isn't necessarily the best. However I've seen it
done this way. However I'm by no means a Cyrus expert. So feel
free to correct me on Cyrus matters. Even though I suspect this
mailing list might not be the best place to discuss these issues.)

Administrators of the above mail folders control access rights.
However they must ensure the "anyone" user has "p" (posting) rights
for mail to be delivered.

I was wondering if it was possible to get exim to force mail
delivery to the above folders via lmtp without the "anyone" user
having "p" rights. Certainly administrators have mistakenly removed
this access, resulting in time[1] being spent moving messages from
the parent folder into the relevant subfolder. This was the basis
for my original request. 

[1] Fortunately not my time...
-- 
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
D.H.Davis@???               Phone: +44 1225 386101



Aquest missatge es va enviar a les següents llistes de correu:
Exim-users
Informació sobre la llista de correu | Missatges propers		<-Re: [OT] Sieve/Cyrus (was Re: [exim] [Patch supplied] Exim enhancement request.)[exim] spammers IP ban->
Tahini and Hummus and Cumin Development Archives administrat per cumin AdminsLurker (versió 2.3)