RE: Cyrus IMAP, sendmail and LDAP
> Ok, so I recompiled sendmail w/ LDAP support.. > Here are the relavent parts of my mc file: > > define(`confLOCAL_MAILER', `cyrusv2') > define(`CYRUSV2_MAILER_ARGS', `FILE /var/cyrus/imap/socket/lmtp') > > # LDAP Related > FEATURE(`ldap_routing') > LDAPROUTE_DOMAIN(`panther.mydomain.com') > define(`confLDAP_DEFAULT_SPEC', `-h localhost -b > ou=Users,dc=mydomain,dc=com') > define(`confLDAP_DEFAULT_SPEC', `-h localhost -b ou=Users,dc=mydomain,dc=com') LDAPROUTE_DOMAIN(`panther.mydomain.com') dnl # LDAPROUTE_DOMAIN_FILE(`/etc/mail/LDAP-Routing') FEATURE(`ldap_routing',,,`bounce',`preserve') --- You have not configured Sendmail to bounce addresses that are not in LDAP. I also like to preserver '+' addresses John --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
RE: Cyrus IMAP, sendmail and LDAP
> Thanks.. is there any LDAP attribute that will tell sendmail what server > and cyrus mailbox to deliver to. Yes, mailLocalAddress -- Addresses to accept email to (as many as you want) mailRoutingAddress -- The address to send the mail to mailHost -- The host to deliver mail to >It seems that using ldap routing w/ > mailLocalAddress and mailHost will cause a loop if everything is all one > one server. You're not giving Sendmail enough credit ;-) IF mailHost == local-host-name sendmail delivers localy. No loop. John --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
RE: Cyrus IMAP, sendmail and LDAP
The way you have it setup now Sendmail accepts all mail before trying to deliver it via cyrus (just like most secondary and some primary mx servers do). So if I send 1000 emails to non existant users your sendmail will accept them all (regardless of weather they exist or not) before trying to deliver them to cyrus. Because I'm a spammer I've used fake return addresses so you now have 1000 bounces sitting in your mail queue (which Sendmail keeps trying to resend every hour)until they expire putting a strain on your resources. Every time I have setup LDAP routing for a domain (primarily on the mx servers but also on the cyrus system) it has resulted in a 80% to 90% reduction in mail traffic and server load. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of AJ Sent: Thursday, 8 July 2004 8:21 AM To: [EMAIL PROTECTED] Subject: Re: Cyrus IMAP, sendmail and LDAP Thanks. I have reviewed the sendmail page numerous times, but my question is what is the difference between the way I have things set up now, i.e just using cyrus as a local mailer, as opposed to ldap_routing. I am not sure why one would go one way or the other, just trying to clarify. Thanks. AJ Andrzej Filip wrote: > AJ wrote: > >> My setup is cyrus, sendmail and openldap for all users data. >> The way I have things set up now is sendmail use cyrus local mailer, >> and is not compile w/ LDAP support, so if a mailbox does not exist in >> cyrus, it gets bounced. Sendmail does not do user/mailbox lookups >> via LDAP. >> This seems to work ok, but on the net I have been reading most people >> set up sendmail to look at ldap for users, rather than cyrus. >> Can some people share their setups on how they implement these three >> together? > > > * LDAP ROUTING (sendmail) > http://www.sendmail.org/m4/ldap_routing.html > * Autocreate INBOX patch for Cyrus > http://email.uoa.gr/projects/cyrus/autocreate/index.html > --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
RE: newbie question
Hi Dudi, > I am fairly experienced, done lots of sendmail installations to a manual > modification of sendmail.cf ;-), A/V, spam filters etc., so I guess I'll > manage - probably with some help from this list If you do not mind my asking. If you are so familiar with sendmail, why do you want to use postfix with Cyrus? >Now, not being familiar with Cyrus at all, I wonder what am I facing >here time wise, complexity, reliability etc. Well I guess that would depend on what type of system you are installing it on. Simon Matter provides an excellent RPM for RedHat which is what I have based my (customised) setup on. As far as reliability goes Cyrus is an outstanding piece of software. John --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
RE: Question about usernames with an @
Hi AJ,
All we've done is simply added a secong uid ie;
# Entry 1: [EMAIL PROTECTED],ou=Users,dc=domain,dc=com
dn: [EMAIL PROTECTED],ou=Users,dc=domain,dc=com
objectClass: top
objectClass: inetOrgPerson
cn: Fred
sn: Citizen
uid: fred
uid: [EMAIL PROTECTED]
uidNumber: 1025
gidNumber: 3012
userPassword: {SSHA}Secret;-)
This was a trivial addition
John
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of AJ
> Sent: Tuesday, 8 June 2004 2:20 AM
> To: [EMAIL PROTECTED]
> Subject: Question about usernames with an @
>
>
> Hi,
> I am using LDAP for authentication and my uid attribute is in
> the form of:
> [EMAIL PROTECTED] I want to use this to authenticate, but I
> am having some
> problems. I came across some info via google search, but no real answers.
> I wanted to search the archives, but it looks like they are gone??
> Anyway, I am using SASL 2.1.18 and Cyrus IMAP 2.2.3 with the
> following config:
>
> saslauthd.conf:
> ldap_auth_method: bind
> ldap_servers: ldap://127.0.0.1
> ldap_search_base: ou=Users,dc=domain,dc=com
> ldap_use_sasl: no
> ldap_method: simple
>
> imapd.conf:
> configdirectory: /var/cyrus/imap
> partition-default: /var/cyrus/spool/imap
> admins: cyrus
> sievedir: /var/cyrus/sieve
> sendmail: /usr/sbin/sendmail
> hashimapspool: true
> sasl_pwcheck_method: saslauthd
> sasl_mech_list: PLAIN LOGIN
> virtdomains: yes
> defaultdomain: domain.com
> altnamespace: yes
> unixhierarchysep: yes
>
>
> Some of the uid's though, do not have an @ sign and I wanted to
> handle that case
> as well.. Is this possible?
>
>
> Thanks.
> AJ
>
> ---
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
RE: sasldb2
Before I switched to LDAP I had the following on RH9 -rw-r-1 cyrusmail12288 Apr 28 10:00 /etc/sasldb2 --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
RE: Cyrus imap, virtual domains and ldap authentication
> I have never used virtual domains so I don't know about that. I'm using > both methods in different configurations and they both work well. However, > I think for virtual domains, you have to use 'sasl_pwcheck_method: ldap' > because pam doesn't handle what you want. > > Simon Hi Simon, Your Cyrus rpms are very much appreciated thank's very much. Well I appear to have virtual domains working on redhat 9. This is what I did. I got the cyrus-sasl rpms from Fedora Core 1 and rebuilt them on Redhat 9 with ldap support added in (it's off by default). Changed the saslauthd mech from shadow to ldap. Created /etc/saslauthd.conf ldap_servers: ldap://127.0.0.1 ldap_bind_dn: cn=Manager,dc=domain,dc=net ldap_bind_pw: supersecret ldap_scope: sub ldap_search_base: dc=domain,dc=net ldap_auth_method: bind --- Used saslauthd in /etc/imapd.conf #sasl_pwcheck_method: auxprop sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN default_domain: unused.domain.net I have different ou's for each domain in my ldap server and each user has a [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Now I just have to go through and tighten up the security ;-) John --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus imap, virtual domains and ldap authentication
cyrus-imapd-utils-2.2.3 cyrus-imapd-2.2.3 cyrus-sasl-2.1.15 Hi, I have a cyrus imap server with virtual domains authenticating against sasldb2 thats been running sucessfully for several weeks now (Thanks to Simon Matters rpms) and I'd like to convert to authenticating against my LDAP server. I've "Googled until my fingers bled" (quote stolen from a google search) and I'm totaly confused about how to go about it. So I'm looking for some tips/pointers about how to go about it. I've seen references to useing either of "sasl_pwcheck_method: saslauthd" or "sasl_pwcheck_method: ldap" in imapd.conf. Which should I use and then what else do I need? Regards John --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
