Skip to Content.
Sympa Menu

devel - [sympa-dev] new authentication option

Subject: Developers of Sympa

List archive

[sympa-dev] new authentication option

Chronological Thread  
    < Chronological >       < Thread >
  • From: <address@concealed>
  • To: address@concealed
  • Subject: [sympa-dev] new authentication option
  • Date: Tue, 13 Nov 2007 19:53:41 +0100

We have been successfully running Sympa with modifications for over 2 years at
Eastern Mennonite University. If these modifications would be useful to
others, I would be pleased to see them become standard features.

Specifically, we have added a fourth authentication level that uses the
authentication credentials we require our users to provide to our ESMTP
server.
To accomplish this, I wrote a program that replaces the queue and bouncequeue
programs. Instead of linking to Sendmail via the aliases file, the new
program
accepts messages from Sendmail with the LMTP protocol (rfc 2033) which
provides
a way to pass to Sympa the identity of the user who authenticated to the ESMTP
server. Unlike the From: field, this cannot be forged, so we have a way to
positively identify senders without having to use SMIME or md5 confirmation.

The obvious limitation is that it only works for lists where all members are
in
a local domain and use a local SMTP server; it won’t work for public lists.
But in our university setting it has been quite useful.

Another advantage is that because LMTP is a network protocol, the MTA
delivering messages to Sympa does not have to run on the same machine as
Sympa,
and you could have multiple MTAs delivering to Sympa. This does complicate
alias management, but may be worth the effort if it solves other problems, as
it does for us.

The LMTP queue program is the most significant change, and has a dependency on
Cyrus SASL. Other than this, the modifications made to the Perl code are not
particularly extensive. List.pm is patched, as are Conf.pm and
sympa_wizard.pl
because of new paramaters in sympa.conf, and I have several customized
authorization scenarios to take advantage of the additional capabilities.
None
of these changes to the Perl code require the use of the LMTP queue program;
the old queue binaries will still work.

These modifications were made to version 5.0 which continues to serve us well
and I have not yet had the time to investigate what would be required to apply
these changes to later versions. However we do have an upgrade in the plans.

Is anyone interested in this functionality? If so, I can submit patches and
documentation.

Jason


Archive powered by MHonArc 2.6.19+.

Top of Page