Re: Unexistent user
On Mon, 31 Mar 2003 [EMAIL PROTECTED] wrote: > Quoting Igor Brezac <[EMAIL PROTECTED]>: > > > > > If you have define(`_VIRTUSER_STOP_ONE_LEVEL_RECURSION_', `1')dnl and a > > mailertable entry for domain.com, this will work. > > > > I did that and that's what I've got: > > Mar 31 16:45:21 mail sm-mta[90664]: h2VNjL2r090664: SYSERR(root): rewrite: map > macro not found > Mar 31 16:45:21 mail sendmail[90663]: h2VNjLdX090663: [EMAIL PROTECTED], > [EMAIL PROTECTED] ( > 80/80), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30668, relay= > [127.0.0.1] [127.0.0.1], dsn=5.0.0, st > at=Service unavailable > Mar 31 16:45:21 mail sendmail[90663]: h2VNjLdX090663: h2VNjLdY090663: DSN: > Service unavailable > Mar 31 16:45:21 mail sm-mta[90664]: h2VNjL2s090664: SYSERR(root): rewrite: map > macro not found > Mar 31 16:45:21 mail sendmail[90663]: h2VNjLdY090663: > [EMAIL PROTECTED], delay=00:00:00, xdelay=00:00: > 00, mailer=relay, pri=33081, relay=[127.0.0.1], dsn=5.3.0, stat=Service > unavailable > Mar 31 16:45:21 mail sm-mta[90664]: h2VNjL2s090664: from=<>, size=3081, > class=0, nrcpts=0, proto=ESMTP, daemon > =MTA, relay=localhost [127.0.0.1] > Mar 31 16:45:21 mail sendmail[90663]: h2VNjLdY090663: h2VNjLdZ090663: return to > sender: Service unavailable > Mar 31 16:45:21 mail sm-mta[90664]: h2VNjL2u090664: SYSERR(root): rewrite: map > macro not found > Mar 31 16:45:21 mail sendmail[90663]: h2VNjLdZ090663: to=postmaster, > delay=00:00:00, xdelay=00:00:00, mailer=r > elay, pri=34105, relay=[127.0.0.1] [127.0.0.1], dsn=5.3.0, stat=Service > unavailable > Mar 31 16:45:21 mail sm-mta[90664]: h2VNjL2u090664: from=<>, size=4105, > class=0, nrcpts=0, proto=ESMTP, daemon > =MTA, relay=localhost [127.0.0.1] > Mar 31 16:45:21 mail sendmail[90663]: h2VNjLdY090663: > Losing ./qfh2VNjLdY090663: savemail panic > Mar 31 16:45:21 mail sendmail[90663]: h2VNjLdY090663: SYSERR(www): savemail: > cannot save rejected email anywhe > re > Mar 31 16:45:23 mail sm-mta[90659]: h2VNjN2q090659: SYSERR(root): rewrite: map > macro not found > Mar 31 16:49:39 mail sm-mta[90706]: h2VNnd2q090706: SYSERR(root): rewrite: map > macro not found > .. and so on > I do not see anything trying to deliver to cyrus mailer. There is one attempt to send email to [EMAIL PROTECTED], most everything else is misconfigured MSP (submit.cf) and attempts to notify postmaster about those errors. > > May be that feature conflicts with other features/settings in my sendmail.mc? > > This is my senmdmail.mc file: > > divert(0)dnl > OSTYPE(freebsd4)dnl > DOMAIN(generic)dnl > > define(`confAUTH_MECHANISMS',`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl > TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl > > define(`confCACERT_PATH', `/etc/mail')dnl > define(`confCACERT', `/etc/mail/newcert.pem')dnl > define(`confSERVER_CERT', `/etc/mail/server.pem')dnl > define(`confSERVER_KEY', `/etc/mail/server.pem')dnl > define(`_USE_CT_FILE_', `/etc/mail/trusted-users')dnl > > define(`_FFR_MILTER',1) > MAIL_FILTER(`mimedefang', `S=local:/var/spool/MIMEDefang/mimedefang.sock, F=T, > T=C:15m;S:4m;R:4m;E:10m')dnl > MAIL_FILTER(`drweb-filter', `S=local:/var/run/drweb/drweb-smf.sock, F=T, > T=C:1m;S:5m;R:5m;E:1h')dnl > define(`confINPUT_MAIL_FILTERS', `mimedefang,drweb-filter')dnl > define(`confMILTER_LOG_LEVEL',`6')dnl > > > FEATURE(`virtusertable', `hash /etc/mail/virtusertable')dnl > FEATURE(`mailertable', `hash /etc/mail/mailertable')dnl > FEATURE(`nocanonify')dnl > FEATURE(`always_add_domain')dnl > define(`_VIRTUSER_STOP_ONE_LEVEL_RECURSION_', `1')dnl You need to move define('_VIRT) above FEATURE statements. Make sure local-host-names is empty. What are the contents of virtuser and mailertable? > MAILER(`smtp')dnl > MAILER(`local')dnl > MAILER(`cyrusv2')dnl > > define(`confLOCAL_MAILER', `cyrusv2')dnl > > > You are confused because LHS and RHS are the same, but they mean two > > different things. LHS is an email address, RHS is a mailbox. You can > > also use this as one-to-one and many-to-one alias table. > > > > > > > -- > > Igor > > > > -- Igor
Re: createmailbox: System I/O error
I'm no expert, but I would check the file permissions on both /var/spool/imap and /var/imap Tim Jay Drake wrote: It now seems as though things are running and I am trying to create mailbox for my initial users. My current imapd.conf is: configdirectory: /var/imap partition-default: /var/spool/imap admins: cyrus jdrake sasl_pwcheck_method: auxprop allowplaintext: 1 and I have managed to get into cyradm with the following at the command line: cyradm --user myusername --server mail.myrealdomain.com --auth plain (which then prompts me for my password.) Having authenticated in this way, I then issue the command: cm user.myusername and receive: createmailbox: System I/O error This does not appear to put anything into my auth.log or imapd.log and I a at a complete loss as for what I should do to fix this... :/ TIA, Jay Drake [EMAIL PROTECTED] _ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
Re: Info
Sebastian Konstanty Zdrojewski wrote: Hi, I am experiensing a problem. I have in my imapd.log the following entries: Apr 1 18:14:37 nexus lmtpd[17042]: lmtp connection preauth'd as postman The MTA connected to the lmtpd socket to deliver a message Apr 1 18:14:37 nexus master[17106]: about to exec /usr/cyrus/bin/lmtpd lmtpd gets runnning to accept the message Apr 1 18:14:37 nexus lmtpunix[17106]: executed get the message Apr 1 18:14:40 nexus lmtpd[17042]: duplicate_check: <[EMAIL PROTECTED]> user.pluto 0 lmtpd checks to see of the message with the MID appearing on the last line was delivered recently to not store the same message twice ( see: man imapd.conf section for :duplicatesuppression") Apr 1 18:14:40 nexus lmtpd[17042]: mystore: starting txn 2147488968 Apr 1 18:14:40 nexus lmtpd[17042]: mystore: committing txn 2147488968 Apr 1 18:14:40 nexus lmtpd[17042]: duplicate_mark: <[EMAIL PROTECTED]> user.pluto 1049213680 lmtpd stored the MID in his list of recently delivered messages for future use what is their meaning and what kind of problem they involve? There is no problem. I hope this makes sense, perhaps reading the docs from cyrus-imapd would make thing clearer. mitu
re: createmailbox: System I/O error
Please disregard my previous message regarding this error. It would seem I had failed to create the appropriate directory. My apologies and thanks again. Jay Drake [EMAIL PROTECTED] _ STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
createmailbox: System I/O error
It now seems as though things are running and I am trying to create mailbox for my initial users. My current imapd.conf is: configdirectory: /var/imap partition-default: /var/spool/imap admins: cyrus jdrake sasl_pwcheck_method: auxprop allowplaintext: 1 and I have managed to get into cyradm with the following at the command line: cyradm --user myusername --server mail.myrealdomain.com --auth plain (which then prompts me for my password.) Having authenticated in this way, I then issue the command: cm user.myusername and receive: createmailbox: System I/O error This does not appear to put anything into my auth.log or imapd.log and I a at a complete loss as for what I should do to fix this... :/ TIA, Jay Drake [EMAIL PROTECTED] _ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
Re: Info
On Tue, Apr 01, 2003 at 06:20:39PM +0200, Sebastian Konstanty Zdrojewski (SKZ) wrote: SKZ> SKZ> I am experiensing a problem. Which problem are you experiencing ? This is not hide-and-seek you know .. you post the logfile, we guess what the problem is ? Naaah :) Gr, Nils.
Re: Authentication troubles
Hi Jay, You might verify that the sasl_* settings in /etc/imapd.conf are correct. It looks like sasl_pwcheck_method is set to saslauthd, but either it is not running, or the socket it listens on is different from what cyrus-imapd is looking for (the default, I _think_, is /var/state/saslauthd/mux). Also, your IMAP server will not accept a plain login (note the absence of "AUTH=PLAIN" or "AUTH=LOGIN" in the IMAP4 Capabinities). You will need an imtest command something like this: imtest -m login -t "" mail.plainhouse.com although, I always use the -u and -a options on the command line. Mike. >>> "Jay Drake" <[EMAIL PROTECTED]> 04/01/03 06:41pm >>> Having just recompiled from source and reinstalled cyrus-imap as well as cyrus-sasl, paying close attention to the instructions in the /doc directory, I am having difficulties getting imtest to succeed. I would greatly appreciate any help I could get. Environment: Redhat Linux 8 with 2.4.18-14 kernel Cyrus version: cyrus-sasl-2.1.12 cyrus-imapd-2.1.12 Copy of my attempt to use imtest as user jdrake: [EMAIL PROTECTED] doc]# su jdrake [EMAIL PROTECTED] doc]$ /usr/local/bin/imtest -m login mail.planhouse.com S: * OK phoenix Cyrus IMAP4 v2.1.12 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=OTP AUTH=DIGEST-MD5 AUTH=CRAM-MD5 S: C01 OK Completed Please enter your password: C: L01 LOGIN jdrake {6} S: + go ahead C: S: L01 NO Login failed: generic failure Authentication failed. generic failure Security strength factor: 0 . logout * BYE LOGOUT received . OK Completed Connection closed. Found in imapd.log: Apr 1 11:00:04 phoenix master[21130]: process 21144 exited, status 0 Apr 1 11:00:09 phoenix master[21173]: about to exec /usr/cyrus/bin/imapd Apr 1 11:00:09 phoenix imap[21173]: executed Apr 1 11:00:09 phoenix imapd[21173]: accepted connection Apr 1 11:00:20 phoenix imapd[21173]: badlogin: ns1.planhouse.com[206.156.254.77] plaintext jdrake SASL(-1): generic failure: checkpass failed Found in auth.log: Apr 1 11:00:20 phoenix imapd[21173]: cannot connect to saslauthd server: No such file or directory I can't think of anything else to mention off the top of my head. I hope someone can help me out. I really would love to have a working mail server by the end of the day. (I'm tired of using hotmail...) :) TIA, Jay Drake _ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus
Re: Authentication troubles
The saslauthd daemon is running. I also made sure to stop cyrus, start the saslauthd daemon and then start cyrus before receiving the aforementioned results. I've noted that in the Cyrus Imap Server FAQ this is mentioned in one place as follows: Dec 6 12:58:57 mail3.andrew.cmu.edu imapd[1297]: cannot connect to saslauthd server Make sure that saslauthd is running and that the cyrus user can access the unix domain socket (defaults to /var/run/mux). I am uncertain how to proceed in the second part of this answer to be sure that cyrus can access the unix domain socket. I do know, however, that /var/run/mux does not exist on my system. This all said, someone just privately recommended I try changing my configuration to utilize auxprop rather than saslauthd as my sasl_pwcheck_method in /etc/imapd.conf and that worked like a charm. I apologize for my ignorance and thank you all for the help you've provided. Jay Drake [EMAIL PROTECTED] From: Rob Siemborski <[EMAIL PROTECTED]> To: Jay Drake <[EMAIL PROTECTED]> CC: [EMAIL PROTECTED] Subject: Re: Authentication troubles Date: Tue, 1 Apr 2003 11:53:54 -0500 (EST) On Tue, 1 Apr 2003, Jay Drake wrote: > Found in auth.log: > > Apr 1 11:00:20 phoenix imapd[21173]: cannot connect to saslauthd server: No > such file or directory > > I can't think of anything else to mention off the top of my head. I hope > someone can help me out. I really would love to have a working mail server > by the end of the day. (I'm tired of using hotmail...) :) You need to run the saslauthd daemon. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper _ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
Re: Authentication troubles
On Tue, 1 Apr 2003, Jay Drake wrote: > Found in auth.log: > > Apr 1 11:00:20 phoenix imapd[21173]: cannot connect to saslauthd server: No > such file or directory > > I can't think of anything else to mention off the top of my head. I hope > someone can help me out. I really would love to have a working mail server > by the end of the day. (I'm tired of using hotmail...) :) You need to run the saslauthd daemon. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: MTAs that pass SMTP AUTH?
> On Mon, 31 Mar 2003 08:42:04 -0500, > Scott Balmos <[EMAIL PROTECTED]> (sb) writes: sb> Okay, fine. This is what I have also. The crux seems to be getting the MTA to sb> pass along the AUTH info. So far I guess only Sendmail and Exim do such a sb> thing, right? Has anyone *possibly* come up with a patch for Postfix about sb> this? I remember a few days ago some mumblings on the list that to record sb> such AUTH info to pass along with the message would be somewhat irritating. I think I was volunteered to raise this issue on the postfix-users list, but life is still a bit chaotic for me (still unpacking from a move). It's also been a long, long time since I've studied Postfix source at all, and much has changed since my meager tinkerings. So I was trying to re-acquaint myself with such things, and how something like this might be arranged. As has been mentioned before, one thing is for sure: it would require altering the format of the queue file. I *think* that if this was strictly controlled by some variables, which by default were off, *maybe* this would be accepted. It certainly doesn't harm that an increasing number of MTAs start supporting this. The more the merrier! :-) At any rate, this isn't likely to be something that appears overnight, alas. sb> This is *EXACTLY* what I have right now, Kevin. I've always thought that since sb> there is no password, and the "user" to authenticate is in the message sb> itself, such that anyone reading that message sees the full address along sb> with a username that has posting credentials to that folder, it was sb> completely insecure. I guess it's just a risk, you only hope that the users sb> (in my case, only about 300, so it's not that big a deal) don't abuse it, and sb> you just make sure the folder admins are quick to delete. sb> Well that makes me feel at least a little more comfortable knowing that at sb> least one other person does this convoluted user+folder "authentication" sb> setup like I was thinking of using. :) Well, what we did in some of these cases is a pretty gross, convoluted mess. I guess it works OK, but certainly could be better. You see, we got into a bit of a pinch when we tried to rely exclusively on shared folders ("BBs") for important campus discussions. The best we could do that was acceptable to all parties was to continue to use the long-time existing campus mailing lists AND some shared folders. The shared folder membership is derived from the mailing list membership. This shared folder is then listed as a special member on that list. If an individual wants to only refer to the shared folder instead of getting inundated by stuff in their inbox, then they can set the VACATION flag on their subscription for that list. This means they're still on the list, hence still a member of the shared folder, but don't get the mail in their inbox. Though not entirely fool-proof, this crazy arrangement seems to have worked out OK for the last couple or so years (forget when it was started). With some MLMs you can remove some headers and do a little masquerading, thereby tightening things up a tad. At least some of the IMAP diehards can enjoy the shared folders. However, LMTP-AUTH tied to SMTP-AUTH sure would be nice to play with. In the back of my mind I've been wondering if/how the new NNTP support coming with the new Cyrus now in beta might be employed to deal with these sort of discussions. However, I haven't pictured just how yet. -- Amos
Authentication troubles
Having just recompiled from source and reinstalled cyrus-imap as well as cyrus-sasl, paying close attention to the instructions in the /doc directory, I am having difficulties getting imtest to succeed. I would greatly appreciate any help I could get. Environment: Redhat Linux 8 with 2.4.18-14 kernel Cyrus version: cyrus-sasl-2.1.12 cyrus-imapd-2.1.12 Copy of my attempt to use imtest as user jdrake: [EMAIL PROTECTED] doc]# su jdrake [EMAIL PROTECTED] doc]$ /usr/local/bin/imtest -m login mail.planhouse.com S: * OK phoenix Cyrus IMAP4 v2.1.12 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=OTP AUTH=DIGEST-MD5 AUTH=CRAM-MD5 S: C01 OK Completed Please enter your password: C: L01 LOGIN jdrake {6} S: + go ahead C: S: L01 NO Login failed: generic failure Authentication failed. generic failure Security strength factor: 0 . logout * BYE LOGOUT received . OK Completed Connection closed. Found in imapd.log: Apr 1 11:00:04 phoenix master[21130]: process 21144 exited, status 0 Apr 1 11:00:09 phoenix master[21173]: about to exec /usr/cyrus/bin/imapd Apr 1 11:00:09 phoenix imap[21173]: executed Apr 1 11:00:09 phoenix imapd[21173]: accepted connection Apr 1 11:00:20 phoenix imapd[21173]: badlogin: ns1.planhouse.com[206.156.254.77] plaintext jdrake SASL(-1): generic failure: checkpass failed Found in auth.log: Apr 1 11:00:20 phoenix imapd[21173]: cannot connect to saslauthd server: No such file or directory I can't think of anything else to mention off the top of my head. I hope someone can help me out. I really would love to have a working mail server by the end of the day. (I'm tired of using hotmail...) :) TIA, Jay Drake _ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus
Info
Hi, I am experiensing a problem. I have in my imapd.log the following entries: Apr 1 18:14:37 nexus lmtpd[17042]: lmtp connection preauth'd as postman Apr 1 18:14:37 nexus master[17106]: about to exec /usr/cyrus/bin/lmtpd Apr 1 18:14:37 nexus lmtpunix[17106]: executed Apr 1 18:14:40 nexus lmtpd[17042]: duplicate_check: <[EMAIL PROTECTED]> user.pluto 0 Apr 1 18:14:40 nexus lmtpd[17042]: mystore: starting txn 2147488968 Apr 1 18:14:40 nexus lmtpd[17042]: mystore: committing txn 2147488968 Apr 1 18:14:40 nexus lmtpd[17042]: duplicate_mark: <[EMAIL PROTECTED]> user.pluto 1049213680 what is their meaning and what kind of problem they involve? TIA - En3pY -- Sebastian Konstanty Zdrojewski IT Analyst Neticon S.r.l. via Valtellina, 16 - 20159 Milano Tel. +39 02 68.80.731 FAX +39 02.60.85.70.41 Cell. +39 349.33.04.311 ICQ # 97334916 -- Web: http://www.neticon.it/ E-mail: [EMAIL PROTECTED]
Off-line scripts for cyradmin
Hi, Im using cyrus-imapd 2.1.12 and want to run some administrative cyradm scripts from cron. They works on-line, but I must input password by hand. Old Tcl version of cyradm did recognise parameters --user xxx --password yyy Can someone advice me, how to input password to cyradm offline? Thanks Petr
Re: setup woes
Jay Drake schrieb: > > I've been having difficulties getting Cyrus to run on my server and hope > someone might be able to help me out. The current problem I have gives me > the following output in my imapd.log when I attempt to restart the server: > > Apr 1 07:37:31 phoenix master[9193]: about to exec /usr/libexec/cyrus/imapd > Apr 1 07:37:31 phoenix imap[9193]: executed > Apr 1 07:37:31 phoenix imapd[9193]: skiplist: invalid magic header: > /var/lib/imap/mailboxes.db > Apr 1 07:37:31 phoenix imapd[9193]: DBERROR: opening > /var/lib/imap/mailboxes.db: cyrusdb error > Apr 1 07:37:31 phoenix imapd[9193]: Fatal error: can't read mailboxes file > Apr 1 07:37:31 phoenix master[9180]: process 9193 exited, status 75 > > This install is from the rpm found at http://home.teleport.ch/simix/ created > by Simon Matter(?) - cyrus-imapd-2.1.12-9.i386.rpm. This is being used on a > Linux RedHat 8 system using the 2.4.18-14 kernel. mailboxes.db is found at > /var/lib/imap/ and is chowned to cyrus.cyrus. Did you rebuild from source rpm? The webpage states that the binaries are built for RedHat 7.2 and you have to build your own if you have RedHat 8.0 HTH Simon > > Any help is greatly appreciated. > > Jay Drake > [EMAIL PROTECTED] > > _ > MSN 8 with e-mail virus protection service: 2 months FREE* > http://join.msn.com/?page=features/virus
Re: interesting limitation
On Mon, 31 Mar 2003, Dave O wrote: > > 2 level hashing would work, but I don't know if Cyrus supports that. It > would most likely be trivial to implement. > > eg spool/s/sm/user/smith spool/s/m/user/smith? ian
setup woes
I've been having difficulties getting Cyrus to run on my server and hope someone might be able to help me out. The current problem I have gives me the following output in my imapd.log when I attempt to restart the server: Apr 1 07:37:31 phoenix master[9193]: about to exec /usr/libexec/cyrus/imapd Apr 1 07:37:31 phoenix imap[9193]: executed Apr 1 07:37:31 phoenix imapd[9193]: skiplist: invalid magic header: /var/lib/imap/mailboxes.db Apr 1 07:37:31 phoenix imapd[9193]: DBERROR: opening /var/lib/imap/mailboxes.db: cyrusdb error Apr 1 07:37:31 phoenix imapd[9193]: Fatal error: can't read mailboxes file Apr 1 07:37:31 phoenix master[9180]: process 9193 exited, status 75 This install is from the rpm found at http://home.teleport.ch/simix/ created by Simon Matter(?) - cyrus-imapd-2.1.12-9.i386.rpm. This is being used on a Linux RedHat 8 system using the 2.4.18-14 kernel. mailboxes.db is found at /var/lib/imap/ and is chowned to cyrus.cyrus. Any help is greatly appreciated. Jay Drake [EMAIL PROTECTED] _ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus
Re: MTAs that pass SMTP AUTH?
On Tuesday 01 April 2003 01:04 am, Kevin P. Fleming wrote: > Scott Balmos wrote: > > My question is, where is Sendmail getting, or even sending to the deliver > > program, the information that says to match against username msmith, > > johndoe, or whatnot? I know of the -a switch for deliver, but pretty much > > all the other MTAs (including Postfix) say that there can only exist a > > "blanket" Cyrus user, designated to the MTA, for posting to shared > > folders. > > This is intended to be used in a secure localized installation, with the > users using SMTP AUTH to authenticate themselves to the MTA. The MTA > then records this information and passes it along via LMTP AUTH to the > Cyrus lmtpd. > Okay, fine. This is what I have also. The crux seems to be getting the MTA to pass along the AUTH info. So far I guess only Sendmail and Exim do such a thing, right? Has anyone *possibly* come up with a patch for Postfix about this? I remember a few days ago some mumblings on the list that to record such AUTH info to pass along with the message would be somewhat irritating. > > Where's everything come from, authentication-wise? The only thing I can > > think of is the user creates a message, saves to their local drafts > > folder, then manually "moves" the message into the proper folder on IMAP. > > But that seems really icky, and essentially like "IMAP Send". > > Well, in my case, we're not actually using SMTP AUTH to deliver the > messages to the MTA. Rather, I have set up mail delivery such that a > message that arrives at my MTA address to "[EMAIL PROTECTED]" is > delivered as if it had been AUTH'd as "user". This means that messages > can be delivered directly to any user's folders, without having to give > anonymous "p" rights on those folders. Yes, this does mean that someone > out there could abuse it, but all they could do is put random stuff > directly into a folder, instead of into the user's INBOX. > > If we had shared folders set up, then I would have to implement SMTP > AUTH so that the the folders could have reasonable (i.e. non-anonymous) > rights. This is *EXACTLY* what I have right now, Kevin. I've always thought that since there is no password, and the "user" to authenticate is in the message itself, such that anyone reading that message sees the full address along with a username that has posting credentials to that folder, it was completely insecure. I guess it's just a risk, you only hope that the users (in my case, only about 300, so it's not that big a deal) don't abuse it, and you just make sure the folder admins are quick to delete. Well that makes me feel at least a little more comfortable knowing that at least one other person does this convoluted user+folder "authentication" setup like I was thinking of using. :) Thanks!