[dovecot] Re: inetd/xinetd/tcpserver support

Charlie Brady charlieb-dovecot at e-smith.com
Thu Mar 20 17:27:39 EET 2003 

On 20 Mar 2003, Timo Sirainen wrote:

> On Thu, 2003-03-20 at 03:30, Charlie Brady wrote:
> > I have a working tcpserver system, but one using a substantially different 
> > process mix. I haven't used imap-login at all, but have used 
> > imapfront-auth from Bruce Guenter's mailfront package 
> > (http://www.untroubled.org/mailfront/).
> > 
> > 002 login foo xxxxx
> > * PREAUTH [CAPABILITY IMAP4rev1 SORT THREAD=REFERENCES MULTIAPPEND 
> > UNSELECT LITERAL+ IDLE CHILDREN LISTEXT LIST-SUBSCRIBED] Logged in as foo
> 
> There's one problem. Dovecot shouldn't reply with PREAUTH but "002 OK".
> Mailfront gives the 002 in environment variable, so you'd have to modify
> Dovecot to use it.

I realised that was a problem. I'm happy to hear that you have a solution 
:-)

> Dovecot did before use such variable, but I changed
> it later to send the OK before executing imap process. I don't really
> remember why anymore, but I think there was a good reason :)

Perhaps the reason is to be found in CVS change logs.

I'd really appreciate it if you could point out to me where I'd find the 
code which would make use of the variable.

> > Privilege separation is a very good thing. Is there any more detailed 
> > documentation of how you have done yours than 
> > http://dovecot.procontrol.fi/doc/design.txt?
> 
> Not really. And I'm not really sure how I could get it more detailed? :)
> I think that tells the most relevant things.

I guess I asked the wrong question. I shouldn't have asked "how" - I 
should have asked "why have you done it that way?". The system you have 
seems over complex. Simple solutions (if they work correctly) are always 
better.

> > Can you provide any reasons why I should use your imap-master, imap-auth
> > and imap-login proceses rather than my mix'n'match setup? I'm confident 
> > that my setup has the simple, secure, reliable characteristics that I 
> > need, whereas I don't have the same confidence in your process set - it 
> > seems unnecessarily complex to me.
> 
> Well, your setup doesn't have privilege separation :) It runs as root
> all the way until imap process is started. I looked at mailfront and it
> looked good, but I wouldn't be that confident after you add SSL support.
> There's been holes in OpenSSL library, and I think there's still more to
> be found (or created). Security holes in it gives instant root access
> with your setup,

Not so. See below.

> with Dovecot setup the process executing SSL is
> non-privileged and chrooted so it's not very likely that attacker could
> do much there.

If you have a look at Scott Gifford's work, he also runs SSL non-root and 
chrooted. I agree with you that that is a very significant improvement 
over established practice.

> Another problem with mailfront is that it doesn't support IMAP literals,
> eg.:
> 
> x login {4}
> user {4}
> pass
> 
> I don't know if there's any clients that would do it, but it would be
> valid for them.

Yes, that is a deficiency, but as you point out, probably not practically 
relevant at the moment. If it did become a problem, mailfront could be 
patched - it's GPL software, and Bruce Guenter can be persuaded to do
commissioned work.

--
Charlie

More information about the dovecot mailing list