Re: [expert] Re: Cyrus-imapd
Norman Zhang escribió: Thanks. I tried exactly the above and creating smtp as follows. [EMAIL PROTECTED] root]# more /etc/pam.d/smtp auth required /lib/security/pam_stack.so service=system-auth accountrequired /lib/security/pam_stack.so service=system-auth But still couldn't get it to work (continuous prompt for username/password from OE). I then changed pwcheck_method: sasldb. I can now send/receive mail. Really strange, that should not work at all (to check the sasldb it should be pwcheck_method: auxprop according to the documentation). Sasl is probably using another method instead of plaintext. Try to add mech_list: plain in /usr/lib/sasl2/smtpd.conf to see if it makes a difference However, I still have one more question, sasldb means I need to useradd/passwd to create new users. I also need to add users to cyrus through cyradm. Well, yes, but this is a separate issue: you have to create a *mailbox* with cyradm. The authentication method is configured through sasl. Cyrus-imapd in my package is configured to use saslauth-pam. Configuring postfix for smtp auth is another issue altogether (though the authentication is managed using cyrus-sasl libraries). I need to update two user databases separately. Without users created locally, I can't seem to login to the user account and access inbox. Is there a way to simplify this? I don't understand what you're trying to accomplish. If you want *no* local users, just create mailboxes in cyrus and use the sasldb (or whatever other method you prefer, ldap, mysql, whatever) to grant access to mailboxes that are not tied to local users. If you instead want local user and authenticate with the system database (/etc/passwd, /etc/shadow), cyrus-imapd is already configured that way, and smtp_auth in postfix should work the way I told you (mind me, I'm not using smtp_auth with sasl v2, I'm using it with an older version and the setup is different and no good for you). If it doesn't work you'll have to check the log files (for postfix and for saslauthd -- in /var/log/messages ) to see what's going wrong (I know it's a pain). Check the docs in /usr/share/doc/cyrus-sasl-2.1.15 Bye -- - Yo también quiero una Europa libre de Patentes de Software - - I want a Software Patents Free Europe too! And you? - --- EuropeSwPatentFree - http://EuropeSwPatentFree.hispalinux.es pgp0.pgp Description: PGP signature
[expert] Re: Cyrus-imapd
Hi, [root]# more /etc/pam.d/smtp auth required /lib/security/pam_stack.so service=system-auth accountrequired /lib/security/pam_stack.so service=system-auth But still couldn't get it to work (continuous prompt for username/password from OE). I then changed pwcheck_method: sasldb. I can now send/receive mail. Really strange, that should not work at all (to check the sasldb it should be pwcheck_method: auxprop according to the documentation). Sasl is probably using another method instead of plaintext. Try to add mech_list: plain in /usr/lib/sasl2/smtpd.conf to see if it makes a difference I followed http://www.mandrakesecure.net/en/docs/postfix-sasl.php. I changed pwcheck_method: sasldb in /usr/lib/sasl2/smtpd.conf then followed by saslpasswd2 -a smtpd. I already have sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN in /etc/imapd.conf. I also made smtpd_sasl_local_domain = in /etc/postfix/main.cf. Is this the correct way of doing things? However, I still have one more question, sasldb means I need to useradd/passwd to create new users. I also need to add users to cyrus through cyradm. Well, yes, but this is a separate issue: you have to create a *mailbox* with cyradm. The authentication method is configured through sasl. Cyrus-imapd in my package is configured to use saslauth-pam. Configuring postfix for smtp auth is another issue altogether (though the authentication is managed using cyrus-sasl libraries). I'm just confused. I was hoping to authenticate against cyrus mailbox and do smtp auth with one set of account. That way it would be easy to maintain. By changing pwcheck_method: sasldb in smtpd.conf, I made it to authenticate against sasl.db for smtp auth, and login to cyrus mailbox against /etc/passwd? Regards, Norman Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Re: Cyrus-imapd
Norman Zhang escribió: I followed http://www.mandrakesecure.net/en/docs/postfix-sasl.php. I changed That documentation is outdated: it's for version 1 of the sasl library. 9.2 is using verion 2. The documentation is in /usr/share/doc/cyrus-sasl-2.1.15/ (there's also a migration guide). pwcheck_method: sasldb in /usr/lib/sasl2/smtpd.conf then followed by saslpasswd2 -a smtpd. I already have sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN in /etc/imapd.conf. I also made smtpd_sasl_local_domain = in /etc/postfix/main.cf. Is this the correct way of doing things? You're mixing two separate issues. One thing is cyrus-mapd configuration and another is postfix configuration. /etc/imapd.conf configures cyrus-imapd. Options there with a sasl_ prefix are for sasl configuration (authentication), i.e. how users are supposed to authenticate against cyrus-imapd. /etc/postfix/main.cf is postfix configuration, while sasl options for postfix should go to /usr/lib/sasl2/smtpd.conf [] I'm just confused. I was hoping to authenticate against cyrus mailbox and do you simply *don't* authenticate against cyrus-imapd mailbox, you authenticate against some database containing secrets. For that cyrus-imapd uses sasl, so it can use various methods to exchange credentials between the client and the server and various sources for secrets. smtp auth with one set of account. That way it would be easy to maintain. By but you can configure both cyrus-imapd and postfix (or better the sasl library as used by cyrus-imapd and the sasl library as used by postfix) to use the same sources and/or the same methods for authentication. changing pwcheck_method: sasldb in smtpd.conf, I made it to authenticate against sasl.db for smtp auth, no, you gave an invalid option so sasl ignored it and used a different method than plaintext password (other method that, incidentally, takes its secrets from the sasldb). and login to cyrus mailbox against /etc/passwd? smtpd.conf has nothing to do with cyrus-imapd authentication. You configure that in /etc/imapd.conf. You can configure it the same as postfix. The difference is that options for sasl in /etc/imapd.conf have to be prefixed by sasl_, while there's no need for such prefix in /usr/lib/sasl2/smtpd.conf. Besides this difference the options are the same. Bye -- - Yo también quiero una Europa libre de Patentes de Software - - I want a Software Patents Free Europe too! And you? - --- EuropeSwPatentFree - http://EuropeSwPatentFree.hispalinux.es pgp0.pgp Description: PGP signature
[expert] Re: Cyrus-imapd
My users are local users. It should be easy then: pwcheck_method: saslauthd (in smtpd.conf) check that /etc/sysconfig/saslauthd has SASL_AUTHMECH=pam (it's the default) service saslauthd start (to make it permanent chkconfig --add saslauthd) and then configure the pam method to use in /etc/pam.d/smtp Thanks. I tried exactly the above and creating smtp as follows. [EMAIL PROTECTED] root]# more /etc/pam.d/smtp auth required /lib/security/pam_stack.so service=system-auth accountrequired /lib/security/pam_stack.so service=system-auth But still couldn't get it to work (continuous prompt for username/password from OE). I then changed pwcheck_method: sasldb. I can now send/receive mail. However, I still have one more question, sasldb means I need to useradd/passwd to create new users. I also need to add users to cyrus through cyradm. I need to update two user databases separately. Without users created locally, I can't seem to login to the user account and access inbox. Is there a way to simplify this? Regards, Norman Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Re: Cyrus-imapd
Norman Zhang escribió: My users are local users. It should be easy then: pwcheck_method: saslauthd (in smtpd.conf) check that /etc/sysconfig/saslauthd has SASL_AUTHMECH=pam (it's the default) service saslauthd start (to make it permanent chkconfig --add saslauthd) and then configure the pam method to use in /etc/pam.d/smtp Bye -- - Yo también quiero una Europa libre de Patentes de Software - - I want a Software Patents Free Europe too! And you? - --- EuropeSwPatentFree - http://EuropeSwPatentFree.hispalinux.es pgp0.pgp Description: PGP signature
[expert] Re: Cyrus-imapd
Hi, I followed the steps given in README.RPM 1. mailbox_transport = lmtp:$myhostname (/etc/postfix/main.cf) 2. lmtp cmd=lmtpd listen=lmtp prefork=0 (/etc/cyrus.conf) 3. add lmtp_admins: cyruslmtp at the bottom of /etc/cyrus.conf 4. useradd cyruslmtp with password testing123 I think I found the cause to the problem. I need to use saslpasswd2 for cyruslmtp rather than useradd/passwd? I'm a little confused with sasldb and saslauthd. I'm using cyrus-imapd-2.1.15-6mdk. I have saslauthd 2.1.15 (authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap) and saslpasswd2 installed. Which one should I use? How do I check if saslauthd is used by default? BTW, I don't have /etc/imapd.conf. Is that replaced by /etc/postfix/main.cf? 5. create /etc/postfix/lmtp_sasl_pass for root:root with 600 permissions. File contents are $myhostnameTABcyruslmtp:testing123 Literally? I think you should use the real hostname here instead of $myhostname (mail.rd.arkonnetworks.com?) 6. postmap /etc/postfix/lmtp_sasl_pass postconf -e lmtp_sasl_auth_enable = yes postconf -e lmtp_sasl_password_maps = hash:/etc/postfix/lmtp_sasl_pass postconf -e lmtp_sasl_security_options = noanonymous but I'm still getting lmtpd[1822]: connection from mail.rd.arkonnetworks.com [207.34.136.7] postfix/lmtp[1821]: 594C018000A0: to=nzhang @ rd,arkonnetworks.com, relay=mail.rd.arkonnetworks.com[207.34.136.7], delay=0, status=deferred (host mail.rd.arkonnetworks.com[207.34.136.7] said: 430 Authentication required (in reply to MAIL FROM command)) Or maybe the problem is that postfix cannot access the file due to the chroot? Sorry I cannot be of more help, I never used tcp sockets with lmtp (as you can see that section in the readme comes from another person). Regards, Norman Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Re: Cyrus-imapd
Norman Zhang escribió: Hi, I followed the steps given in README.RPM 1. mailbox_transport = lmtp:$myhostname (/etc/postfix/main.cf) 2. lmtp cmd=lmtpd listen=lmtp prefork=0 (/etc/cyrus.conf) 3. add lmtp_admins: cyruslmtp at the bottom of /etc/cyrus.conf There's an error in /etc/cyrus.conf. The line should be added in /etc/imapd.conf, not /etc/cyrus.conf 4. useradd cyruslmtp with password testing123 I think I found the cause to the problem. I need to use saslpasswd2 for cyruslmtp rather than useradd/passwd? Only if you want to use the sasldb for your password (either in addition or replacing any other authentication database you can use with sasl) I'm a little confused with sasldb and saslauthd. Well, yes, everybody is confused with sasl authentication (and all its possible configurations). It's very flexible and that makes it very difficult to grasp. I'm not sure if the documentation for cyrus-sasl and/or cyrus-imapd is clear enough, but, IIRC, there should be enough information to get started. I'm using cyrus-imapd-2.1.15-6mdk. I have saslauthd 2.1.15 (authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap) and saslpasswd2 installed. Which one should I use? How do I check if saslauthd is used by default? check that in /etc/imapd.conf you have the line sasl_pwcheck_method: saslauthd *but* that will only be used for plaintext authentication. Other authentication methods (cram md5 for example) need a shared secret (i.e. the server need the plaintext password), and that's impossible with saslauthd. If you want to be sure that the server only advertises plaintext (so you are sure it will only use saslauthd and nothing else) you can either remove all sasl plugins except plain, or restrict to plaintext putting the following line sasl_mech_list: PLAIN in /etc/imapd.conf. The former will affect all servers using sasl, the latter only cyrus-imap (note that any option starting with sasl_ in /etc/imapd.conf is actually an option for the sasl library, so you should read sasl documentation to see what options are available). BTW, I don't have /etc/imapd.conf. Is that replaced by /etc/postfix/main.cf? No, /etc/imapd.conf is for cyrus-imapd (and a default version comes with the package, so I don't understand why you don't have it), while /etc/postfix/main.cf is postfix configuration. Bye -- - Yo también quiero una Europa libre de Patentes de Software - - I want a Software Patents Free Europe too! And you? - --- EuropeSwPatentFree - http://EuropeSwPatentFree.hispalinux.es pgp0.pgp Description: PGP signature
[expert] Re: Cyrus-imapd
Hi, I followed the steps given in README.RPM 1. mailbox_transport = lmtp:$myhostname (/etc/postfix/main.cf) 2. lmtp cmd=lmtpd listen=lmtp prefork=0 (/etc/cyrus.conf) 3. add lmtp_admins: cyruslmtp at the bottom of /etc/cyrus.conf 4. useradd cyruslmtp with password testing123 I think I found the cause to the problem. I need to use saslpasswd2 for cyruslmtp rather than useradd/passwd? I'm a little confused with sasldb and saslauthd. I'm using cyrus-imapd-2.1.15-6mdk. I have saslauthd 2.1.15 (authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap) and saslpasswd2 installed. Which one should I use? How do I check if saslauthd is used by default? BTW, I don't have /etc/imapd.conf. Is that replaced by /etc/postfix/main.cf? Sorry for all the noise. I found that 9.2 is using saslauthd by default. The information is provided in /etc/imapd.conf. sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN I do have /etc/imapd.conf as it came with LM 9.2, but not smtpd.conf. I guess smtpd.conf is indeed replaced by main.cf. Regards, Norman Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Re: Cyrus-imapd
Hi, I followed the steps given in README.RPM 1. mailbox_transport = lmtp:$myhostname (/etc/postfix/main.cf) 2. lmtp cmd=lmtpd listen=lmtp prefork=0 (/etc/cyrus.conf) 3. add lmtp_admins: cyruslmtp at the bottom of /etc/cyrus.conf There's an error in /etc/cyrus.conf. The line should be added in /etc/imapd.conf, not /etc/cyrus.conf Thanks. I have changed that. 4. useradd cyruslmtp with password testing123 I think I found the cause to the problem. I need to use saslpasswd2 for cyruslmtp rather than useradd/passwd? Only if you want to use the sasldb for your password (either in addition or replacing any other authentication database you can use with sasl) I'm using cyrus-imapd-2.1.15-6mdk. I have saslauthd 2.1.15 (authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap) and saslpasswd2 installed. Which one should I use? How do I check if saslauthd is used by default? check that in /etc/imapd.conf you have the line sasl_pwcheck_method: saslauthd *but* that will only be used for plaintext authentication. Other authentication methods (cram md5 for example) need a shared secret (i.e. the server need the plaintext password), and that's impossible with saslauthd. If you want to be sure that the server only advertises plaintext (so you are sure it will only use saslauthd and nothing else) you can either remove all sasl plugins except plain, or restrict to plaintext putting the following line sasl_mech_list: PLAIN Thanks for the clarification. I guess I will use TLS on top of PLAIN. But first I need to get postfix + cyrus working. I have been trying to get postfix + cyrus working on and off for a long time now. Hopefully, after getting it to work I can post my findings on Twiki. in /etc/imapd.conf. The former will affect all servers using sasl, the latter only cyrus-imap (note that any option starting with sasl_ in /etc/imapd.conf is actually an option for the sasl library, so you should read sasl documentation to see what options are available). Thanks. I will read up on those docs. I now have so many docs all over the net on my desk... Sorry I have been mixing you up and Luca Berra. 8) Regards, Norman Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Re: Cyrus-imapd
Norman Zhang escribió: Sorry for all the noise. I found that 9.2 is using saslauthd by default. The information is provided in /etc/imapd.conf. sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN I do have /etc/imapd.conf as it came with LM 9.2, but not smtpd.conf. I guess smtpd.conf is indeed replaced by main.cf. Well, no, smtpd.conf is the sasl configuration for postfix smtp auth. If you need smtp auth you'll need to create that file (in /usr/lib/sasl2, I think it's the wrong location but that's how mandrake's sasl package is configured). If you don't need smtp auth forget about /usr/lib/sasl2/smtpd.conf Bye -- - Yo también quiero una Europa libre de Patentes de Software - - I want a Software Patents Free Europe too! And you? - --- EuropeSwPatentFree - http://EuropeSwPatentFree.hispalinux.es pgp0.pgp Description: PGP signature
Re: [expert] Re: Cyrus-imapd
Norman Zhang escribió: Thanks for the clarification. I guess I will use TLS on top of PLAIN. Well, that won't change anything (I mean, sasl is not involved so using tls won't mean changing sasl configuration). If you want to avoid cyrus-imapd advertising plaintext authentication over an insecure link (i.e. before tls has been negotiated) you can add allowplaintext: no in /etc/imapd.conf Bye -- - Yo también quiero una Europa libre de Patentes de Software - - I want a Software Patents Free Europe too! And you? - --- EuropeSwPatentFree - http://EuropeSwPatentFree.hispalinux.es pgp0.pgp Description: PGP signature
[expert] Re: Cyrus-imapd
information is provided in /etc/imapd.conf. sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN I do have /etc/imapd.conf as it came with LM 9.2, but not smtpd.conf. I guess smtpd.conf is indeed replaced by main.cf. Well, no, smtpd.conf is the sasl configuration for postfix smtp auth. If you need smtp auth you'll need to create that file (in /usr/lib/sasl2, I think it's the wrong location but that's how mandrake's sasl package is configured). If you don't need smtp auth forget about /usr/lib/sasl2/smtpd.conf After putting lmtp_admins: cyruslmtp into /etc/imapd.conf, now I can receive mail. Setting smtp_sasl_auth_enable = yes would mean all clients sending mail to Postfix will be authenticated via sasl, including Exchange or other peoples' servers too? Regards, Norman Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Re: Cyrus-imapd
Norman Zhang escribió: After putting lmtp_admins: cyruslmtp into /etc/imapd.conf, now I can receive mail. Setting smtp_sasl_auth_enable = yes would mean all clients sending mail to Postfix will be authenticated via sasl, including Exchange or other peoples' servers too? No, that would be smtpd_sasl_auth_enabled, and only depending on the setting of smtpd_recipient_restrictions. You should google for postfix smtp auth or look at the documentation, howto and faqs section at postfix.org. Bye -- - Yo también quiero una Europa libre de Patentes de Software - - I want a Software Patents Free Europe too! And you? - --- EuropeSwPatentFree - http://EuropeSwPatentFree.hispalinux.es pgp0.pgp Description: PGP signature
[expert] Re: Cyrus-imapd
Hi, mail. Setting smtp_sasl_auth_enable = yes would mean all clients sending mail to Postfix will be authenticated via sasl, including Exchange or other peoples' servers too? Please ignore my question. smtp_sasl_auth_enable keyword tells postfix to attempt to authenticate on all outbound connections. I guess people sending in is not affected. Sorry for all the noise. I will read up on the docs before posting again. Regards, Norman Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Re: Cyrus-imapd
Hi, Sorry for all the noise. I found that 9.2 is using saslauthd by default. The information is provided in /etc/imapd.conf. sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN I do have /etc/imapd.conf as it came with LM 9.2, but not smtpd.conf. I guess smtpd.conf is indeed replaced by main.cf. Well, no, smtpd.conf is the sasl configuration for postfix smtp auth. If you need smtp auth you'll need to create that file (in /usr/lib/sasl2, I think it's the wrong location but that's how mandrake's sasl package is configured). If you don't need smtp auth forget about /usr/lib/sasl2/smtpd.conf I added the following lines to /etc/postfix/main.cf smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_relay_domains smtpd_sasl_security_options = noanonymous My users are local users. If I changed /usr/lib/sasl2/smtpd.conf to include pwcheck_method:sasldb, that means I need to add users to /var/lib/sasl2/sasl.db manually and also assign permission 644 to satisfy chroot condition? This would also make it very difficult for users to change their password? If I use local users, I could give them usermin access and they could change password at will. If I use the option pwcheck_method:pwcheck. I need to add /usr/sbin/pwck to /etc/rc.d/rc.local but I get the following errors. user adm: directory /var/adm does not exist user news: directory /var/spool/news does not exist user uucp: directory /var/spool/uucp does not exist pwck: no changes I'm lost here. Could you give some hints? Regards, Norman Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Re: Cyrus-imapd
Am Donnerstag, 6. November 2003 22:27 schrieb Luca Olivetti: Luca Olivetti wrote: In fact, I don't even know how to configure postfix to check for local users (using mailbox_transport = lmtp:). Duh, it's on by default in recent postfix, local_recipient_maps, configured by mandrake as proxy:unix:passwd.byname $alias_maps. I didn't know it. So it should be modified to blank if you want mail for users with no local account. afaik no. postfix only accepts mails for addresses listed in local_recipient_maps for local delivery. if you have mailusers only in your cyrus store, you have to add either a seperate database for cyrus users to postfix or you have to add an alias for every user in cyrus to your postfix alias database. Bye Martin -- H E L I X Gesellschaft für Software Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
[expert] Re: Cyrus-imapd
Hi, If nzhang is not a local user and not listed as an alias, postfix rejects the mail. I have created user nzhang and mailbox nzhang in cyrus. I also added nzhang: norman.zhang It is the wrong order, type (the left hand side is expanded to the right hand side) norman.zhang: nzhang Thanks for your eagle eyes. I changed that. to /etc/postfix/aliases. I still can't receive mail in cyrus' inbox. BTW, I'm using lmtp TCP sockets as per suggestion given in README.RPM. I changed mailbox_transport = lmtp:$myhostname I don't use the tcp socket but it seems correct so far. BTW, the tcp socket needs authentication by default. Possibly you have to add the port number of the lmtp server. I was told postfix lmtp uses default port 24 and cyrus uses 2003. Is the above statement mailbox_transport = lmtp:$myhostname sufficient? Regards, Norman Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Re: Cyrus-imapd
Norman Zhang wrote: I was told postfix lmtp uses default port 24 and cyrus uses 2003. Is the above statement mailbox_transport = lmtp:$myhostname sufficient? Both should use the port specified in /etc/services, and since the cyrus-imapd rpm adds a line in /etc/services for lmtp you should be fine. Bye -- - Yo también quiero una Europa libre de Patentes de Software - - I want a Software Patents Free Europe too! And you? - --- EuropeSwPatentFree - http://EuropeSwPatentFree.hispalinux.es pgp0.pgp Description: PGP signature
[expert] Re: Cyrus-imapd
Hi, I was told postfix lmtp uses default port 24 and cyrus uses 2003. Is the above statement mailbox_transport = lmtp:$myhostname sufficient? Both should use the port specified in /etc/services, and since the cyrus-imapd rpm adds a line in /etc/services for lmtp you should be fine. Thanks. I just verified it is 2003 in /etc/services. I followed the steps given in README.RPM 1. mailbox_transport = lmtp:$myhostname (/etc/postfix/main.cf) 2. lmtp cmd=lmtpd listen=lmtp prefork=0 (/etc/cyrus.conf) 3. add lmtp_admins: cyruslmtp at the bottom of /etc/cyrus.conf 4. useradd cyruslmtp with password testing123 5. create /etc/postfix/lmtp_sasl_pass for root:root with 600 permissions. File contents are $myhostnameTABcyruslmtp:testing123 6. postmap /etc/postfix/lmtp_sasl_pass postconf -e lmtp_sasl_auth_enable = yes postconf -e lmtp_sasl_password_maps = hash:/etc/postfix/lmtp_sasl_pass postconf -e lmtp_sasl_security_options = noanonymous but I'm still getting lmtpd[1822]: connection from mail.rd.arkonnetworks.com [207.34.136.7] postfix/lmtp[1821]: 594C018000A0: to=[EMAIL PROTECTED], relay=mail.rd.arkonnetworks.com[207.34.136.7], delay=0, status=deferred (host mail.rd.arkonnetworks.com[207.34.136.7] said: 430 Authentication required (in reply to MAIL FROM command)) May I ask what am I don't wrong? I'm trying to send email from external user to local user. Regards, Norman Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Re: Cyrus-imapd
Norman Zhang wrote: I followed the steps given in README.RPM 1. mailbox_transport = lmtp:$myhostname (/etc/postfix/main.cf) 2. lmtp cmd=lmtpd listen=lmtp prefork=0 (/etc/cyrus.conf) 3. add lmtp_admins: cyruslmtp at the bottom of /etc/cyrus.conf 4. useradd cyruslmtp with password testing123 5. create /etc/postfix/lmtp_sasl_pass for root:root with 600 permissions. File contents are $myhostnameTABcyruslmtp:testing123 Literally? I think you should use the real hostname here instead of $myhostname (mail.rd.arkonnetworks.com?) 6. postmap /etc/postfix/lmtp_sasl_pass postconf -e lmtp_sasl_auth_enable = yes postconf -e lmtp_sasl_password_maps = hash:/etc/postfix/lmtp_sasl_pass postconf -e lmtp_sasl_security_options = noanonymous but I'm still getting lmtpd[1822]: connection from mail.rd.arkonnetworks.com [207.34.136.7] postfix/lmtp[1821]: 594C018000A0: to=[EMAIL PROTECTED], relay=mail.rd.arkonnetworks.com[207.34.136.7], delay=0, status=deferred (host mail.rd.arkonnetworks.com[207.34.136.7] said: 430 Authentication required (in reply to MAIL FROM command)) Or maybe the problem is that postfix cannot access the file due to the chroot? Sorry I cannot be of more help, I never used tcp sockets with lmtp (as you can see that section in the readme comes from another person). Bye -- - Yo también quiero una Europa libre de Patentes de Software - - I want a Software Patents Free Europe too! And you? - --- EuropeSwPatentFree - http://EuropeSwPatentFree.hispalinux.es pgp0.pgp Description: PGP signature
Re: [expert] Re: Cyrus-imapd
Am Donnerstag, 6. November 2003 01:05 schrieb Norman Zhang: The second issue is aliases. Of course you can have a mailbox nzhang with an alias (in postfix) norman.zhang. Or you can create a mailbox norman.zhang (actually you cannot in the default configuration, since the dot is the hierarchy separator in cyrus, but you can change it with altnamespace in /etc/imapd.conf). If I have a mailbox nzhang but with alias norman.zhang. Does that mean mail for both nzhang @ abc.com and norman.zhang @ abc.com will get to mailbox nzhang? If I want to only accept mail for norman.zhang @ abc.com, I need to create a mailbox norman.zhang? No, Your MTA (usualy postfix) does not know anything of the data stored in cyrus. By default postfix only knows addresses from users stored in the local user base (unix users) and the aliased addresses. If nzhang is not a local user and not listed as an alias, postfix rejects the mail. Regards, Norman Martin -- H E L I X Gesellschaft für Software Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Re: Cyrus-imapd
Martin Fahrendorf wrote: alias norman.zhang. Does that mean mail for both nzhang @ abc.com and norman.zhang @ abc.com will get to mailbox nzhang? If I want to only accept mail for norman.zhang @ abc.com, I need to create a mailbox norman.zhang? No, Your MTA (usualy postfix) does not know anything of the data stored in cyrus. By default postfix only knows addresses from users stored in the local user base (unix users) and the aliased addresses. If nzhang is not a local user and not listed as an alias, postfix rejects the mail. Not really, it depends on configuration. Since with cyrus it's possible to have mailboxes unrelated to local users, normally postfix passes whatever it doesn't recognize to cyrus (and if you want single message store, i.e. a single copy is stored is the same message is for multiple recipients this has to be done even before alias expansion). In fact, I don't even know how to configure postfix to check for local users (using mailbox_transport = lmtp:). Now, if it were possible for postfix to open the lmtp connection just after if has received the RCPT TO: to check that the cyrus mailbox exists, and reject it directly if it doesn't instead of trying to bounce it later, that would be interesting. Bye -- - Yo también quiero una Europa libre de Patentes de Software - - I want a Software Patents Free Europe too! And you? - --- EuropeSwPatentFree - http://EuropeSwPatentFree.hispalinux.es pgp0.pgp Description: PGP signature
Re: [expert] Re: Cyrus-imapd
Luca Olivetti wrote: In fact, I don't even know how to configure postfix to check for local users (using mailbox_transport = lmtp:). Duh, it's on by default in recent postfix, local_recipient_maps, configured by mandrake as proxy:unix:passwd.byname $alias_maps. I didn't know it. So it should be modified to blank if you want mail for users with no local account. Bye -- - Yo también quiero una Europa libre de Patentes de Software - - I want a Software Patents Free Europe too! And you? - --- EuropeSwPatentFree - http://EuropeSwPatentFree.hispalinux.es pgp0.pgp Description: PGP signature
[expert] Re: Cyrus-imapd
Hi, Does that mean mail for both nzhang @ abc.com and norman.zhang @ abc.com will get to mailbox nzhang? If I want to only accept mail for norman.zhang @ abc.com, I need to create a mailbox norman.zhang? No, Your MTA (usualy postfix) does not know anything of the data stored in cyrus. By default postfix only knows addresses from users stored in the local user base (unix users) and the aliased addresses. If nzhang is not a local user and not listed as an alias, postfix rejects the mail. I have created user nzhang and mailbox nzhang in cyrus. I also added nzhang: norman.zhang to /etc/postfix/aliases. I still can't receive mail in cyrus' inbox. BTW, I'm using lmtp TCP sockets as per suggestion given in README.RPM. I changed mailbox_transport = lmtp:$myhostname Is this correct? Regards, Norman Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Re: Cyrus-imapd
Am Freitag, 7. November 2003 01:49 schrieb Norman Zhang: Hi, Does that mean mail for both nzhang @ abc.com and norman.zhang @ abc.com will get to mailbox nzhang? If I want to only accept mail for norman.zhang @ abc.com, I need to create a mailbox norman.zhang? No, Your MTA (usualy postfix) does not know anything of the data stored in cyrus. By default postfix only knows addresses from users stored in the local user base (unix users) and the aliased addresses. If nzhang is not a local user and not listed as an alias, postfix rejects the mail. I have created user nzhang and mailbox nzhang in cyrus. I also added nzhang: norman.zhang It is the wrong order, type (the left hand side is expanded to the right hand side) norman.zhang: nzhang to /etc/postfix/aliases. I still can't receive mail in cyrus' inbox. BTW, I'm using lmtp TCP sockets as per suggestion given in README.RPM. I changed mailbox_transport = lmtp:$myhostname I don't use the tcp socket but it seems correct so far. BTW, the tcp socket needs authentication by default. Possibly you have to add the port number of the lmtp server. Is this correct? Regards, Norman Martin -- H E L I X Gesellschaft für Software Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Re: Cyrus-imapd
Norman Zhang wrote: I read somewhere that I could create mailboxes for users in cyrus and don't need to useradd if only using MySQL. Is this correct? For example, if I'm to create a mailbox for myself, say nzhang and want to receive mail for address [EMAIL PROTECTED] Do I just create a mailbox nzhang with alias nzhang: norman.zhang? system user and cyrus mailboxes are two separate and unrelated things, so, yes, you can have mailboxes with no associated user on the system, *but* you have to provide a method to authenticate those mailboxes. So you can create a nzhang mailbox in cyrus with no nzhang user on that box, but then cyrus has to use a different database than the system users database (usually /etc/shadow). Cyrus uses sasl for authentication, and that's the most difficult thing to get right, due to its extreme flexibility and configurability. By default the rpm is configured to use the system database (actually through a separate daemon, since cyrus cannot read /etc/shadow) because it's the simplest thing to do and it's a good starting point. The second issue is aliases. Of course you can have a mailbox nzhang with an alias (in postfix) norman.zang. Or you can create a mailbox norman.zhang (actually you cannot in the default configuration, since the dot is the hierarchy separator in cyrus, but you can change it with altnamespace in /etc/imapd.conf). Bye -- - Yo también quiero una Europa libre de Patentes de Software - - I want a Software Patents Free Europe too! And you? - --- EuropeSwPatentFree - http://EuropeSwPatentFree.hispalinux.es pgp0.pgp Description: PGP signature
[expert] Re: Cyrus-imapd
The second issue is aliases. Of course you can have a mailbox nzhang with an alias (in postfix) norman.zhang. Or you can create a mailbox norman.zhang (actually you cannot in the default configuration, since the dot is the hierarchy separator in cyrus, but you can change it with altnamespace in /etc/imapd.conf). If I have a mailbox nzhang but with alias norman.zhang. Does that mean mail for both nzhang @ abc.com and norman.zhang @ abc.com will get to mailbox nzhang? If I want to only accept mail for norman.zhang @ abc.com, I need to create a mailbox norman.zhang? Regards, Norman Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Re: Cyrus-imapd
Hi, I just installed cyrus-imapd-2.1.15-6mdk on my 9.2 box. Should I create users for /etc/postfix/aliases or should I just create them in cyrus? You create *mailboxes* for users in cyrus and *aliasies* in postfix. Postfix will resolve aliases to mailboxes and will try to deliver messages to those mailboxes in cyrus. If the mailbox exist the message goes through, otherwise it will be befused by cyrus and bounced by postfix. I read somewhere that I could create mailboxes for users in cyrus and don't need to useradd if only using MySQL. Is this correct? For example, if I'm to create a mailbox for myself, say nzhang and want to receive mail for address [EMAIL PROTECTED] Do I just create a mailbox nzhang with alias nzhang: norman.zhang? The cyrus-imapd package adds a cyrus user by default. Do I need to change its password? Yes (it's in the README.RPM in the doc directory). Sorry I will read up on that again. BTW thanks for making the RPM available in Contrib. Regards, Norman Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com