Allowing anonymous users to directly submit via LMTP would defeat any accounting done in the MTA and allow for perfectly forged Received headers. Allowing arbitrary users to authenticate could be just as bad with the current code, though it could be modified---but it's not clear it's worth it.This is all working fine, except that I had to add my dummy authentication user (which I create solely for Exim to authenticate itself to lmtpd with) to the "admins" entry in /etc/imapd.conf. I had to do this because lmptd specifically allows only admins to authenticate.Is there any particular reason why? It's not a big deal for me, but when I document this configuration for other people I'm sure this will raise some eyebrows.
Since there are some LMTP extensions like IGNOREQUOTA that require administrative rights, it doesn't seem worthwhile to try to get finer grained authorization than "lmtp_admins".
Larry
