>> I found one of your older posting which also covers this. Here is what >> I did. >> >> I added psotfixlmtp as a user to both the frontend and and then ran the >> 'runuser - postfixlmtp -c "lmtptest mds01"' and used the password and it >> authenticated just fine. So I added the entry to my lmtp_passwd file >> for postfix. I also added the additional entries into the postfix >> main.cf file as per the instructions. >> >> On the frontend I added lmtp_admins: postfixlmtp and on the backends I >> added lmtp_admins: murder postfixlmtp. >> >> I did notice that when I try connecting to the lmtp on the frontend I >> get an error. I suspect that it's because it's looking for lmtp and >> it's running the lmtpproxy >> >> # runuser - postfixlmtp -c "lmtptest" >> WARNING: no hostname supplied, assuming localhost >> connect: Connection refused >> failure: Network initialization - can not connect to >> localhost.localdomain:lmtp >> >> Anyway, postfix is kicking this out in the log: >> >> lmtp[6073]: lmtp connection preauth'd as postman <-- why I'm getting >> this, I don't know >> >> I assume that for some reason it's still allowing anonynous connections >> to lmtp. I checked my cyrus.conf files on all servers and there is no >> "-a". It's perplexing. The information you gave me makes sense but it's >> like something has cached a setting and isn't letting go even though I >> have restarted all of the services. > > Looking at the source code in lmtpengine.c: > > /* we're not connected to a internet socket! */ > func->preauth = 1; > strcpy(cd.clienthost, "[unix socket]"); > syslog(LOG_DEBUG, "lmtp connection preauth'd as postman"); > > So it appears that unix socket connections are always preauth'd. You'll > need to enable Cyrus' lmtpd to listen on the internet socket as well. If > you are running Postfix on your frontends (it looks like you are), then > you could either disable Postfix's lmtp, or run the Cyrus lmtp on an > alternate port.
You are right about the pre-authentication on a unix Socket. It is always turned on. Postfix has no lmtp-Server, so he does not need to disable something. The Unix Socket in Postfix which is named lmtp is the Socket from the Postfix Internal Side to it's lmtp-Client. I don't think this is a problem with/without pre-authentification. The lmtp-Server in Cyrus-IMAP uses the given proxy_authname/*_password, regardless of the credentials used in the connection to the lmtp-Server. > Maybe other folks know of a cleaner way to do this, or have other > suggestions. -- Andreas ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html