Re: Unexistent user
On Mon, 31 Mar 2003 [EMAIL PROTECTED] wrote:
> Quoting Igor Brezac <[EMAIL PROTECTED]>:
>
> >
> > If you have define(`_VIRTUSER_STOP_ONE_LEVEL_RECURSION_', `1')dnl and a
> > mailertable entry for domain.com, this will work.
> >
>
> I did that and that's what I've got:
>
> Mar 31 16:45:21 mail sm-mta[90664]: h2VNjL2r090664: SYSERR(root): rewrite: map
> macro not found
> Mar 31 16:45:21 mail sendmail[90663]: h2VNjLdX090663: [EMAIL PROTECTED],
> [EMAIL PROTECTED] (
> 80/80), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30668,
relay=
> [127.0.0.1] [127.0.0.1], dsn=5.0.0, st
> at=Service unavailable
> Mar 31 16:45:21 mail sendmail[90663]: h2VNjLdX090663: h2VNjLdY090663: DSN:
> Service unavailable
> Mar 31 16:45:21 mail sm-mta[90664]: h2VNjL2s090664: SYSERR(root): rewrite: map
> macro not found
> Mar 31 16:45:21 mail sendmail[90663]: h2VNjLdY090663:
> [EMAIL PROTECTED], delay=00:00:00, xdelay=00:00:
> 00, mailer=relay, pri=33081, relay=[127.0.0.1], dsn=5.3.0, stat=Service
> unavailable
> Mar 31 16:45:21 mail sm-mta[90664]: h2VNjL2s090664: from=<>, size=3081,
> class=0, nrcpts=0, proto=ESMTP, daemon
> =MTA, relay=localhost [127.0.0.1]
> Mar 31 16:45:21 mail sendmail[90663]: h2VNjLdY090663: h2VNjLdZ090663: return to
> sender: Service unavailable
> Mar 31 16:45:21 mail sm-mta[90664]: h2VNjL2u090664: SYSERR(root): rewrite: map
> macro not found
> Mar 31 16:45:21 mail sendmail[90663]: h2VNjLdZ090663: to=postmaster,
> delay=00:00:00, xdelay=00:00:00, mailer=r
> elay, pri=34105, relay=[127.0.0.1] [127.0.0.1], dsn=5.3.0, stat=Service
> unavailable
> Mar 31 16:45:21 mail sm-mta[90664]: h2VNjL2u090664: from=<>, size=4105,
> class=0, nrcpts=0, proto=ESMTP, daemon
> =MTA, relay=localhost [127.0.0.1]
> Mar 31 16:45:21 mail sendmail[90663]: h2VNjLdY090663:
> Losing ./qfh2VNjLdY090663: savemail panic
> Mar 31 16:45:21 mail sendmail[90663]: h2VNjLdY090663: SYSERR(www): savemail:
> cannot save rejected email anywhe
> re
> Mar 31 16:45:23 mail sm-mta[90659]: h2VNjN2q090659: SYSERR(root): rewrite: map
> macro not found
> Mar 31 16:49:39 mail sm-mta[90706]: h2VNnd2q090706: SYSERR(root): rewrite: map
> macro not found
> .. and so on
>
I do not see anything trying to deliver to cyrus mailer. There is one
attempt to send email to [EMAIL PROTECTED], most everything else is
misconfigured MSP (submit.cf) and attempts to notify postmaster about
those errors.
>
> May be that feature conflicts with other features/settings in my sendmail.mc?
>
> This is my senmdmail.mc file:
>
> divert(0)dnl
> OSTYPE(freebsd4)dnl
> DOMAIN(generic)dnl
>
> define(`confAUTH_MECHANISMS',`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
> TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
>
> define(`confCACERT_PATH', `/etc/mail')dnl
> define(`confCACERT', `/etc/mail/newcert.pem')dnl
> define(`confSERVER_CERT', `/etc/mail/server.pem')dnl
> define(`confSERVER_KEY', `/etc/mail/server.pem')dnl
> define(`_USE_CT_FILE_', `/etc/mail/trusted-users')dnl
>
> define(`_FFR_MILTER',1)
> MAIL_FILTER(`mimedefang', `S=local:/var/spool/MIMEDefang/mimedefang.sock, F=T,
> T=C:15m;S:4m;R:4m;E:10m')dnl
> MAIL_FILTER(`drweb-filter', `S=local:/var/run/drweb/drweb-smf.sock, F=T,
> T=C:1m;S:5m;R:5m;E:1h')dnl
> define(`confINPUT_MAIL_FILTERS', `mimedefang,drweb-filter')dnl
> define(`confMILTER_LOG_LEVEL',`6')dnl
>
>
> FEATURE(`virtusertable', `hash /etc/mail/virtusertable')dnl
> FEATURE(`mailertable', `hash /etc/mail/mailertable')dnl
> FEATURE(`nocanonify')dnl
> FEATURE(`always_add_domain')dnl
> define(`_VIRTUSER_STOP_ONE_LEVEL_RECURSION_', `1')dnl
You need to move define('_VIRT) above FEATURE statements. Make sure
local-host-names is empty. What are the contents of virtuser and
mailertable?
> MAILER(`smtp')dnl
> MAILER(`local')dnl
> MAILER(`cyrusv2')dnl
>
> define(`confLOCAL_MAILER', `cyrusv2')dnl
>
> > You are confused because LHS and RHS are the same, but they mean two
> > different things. LHS is an email address, RHS is a mailbox. You can
> > also use this as one-to-one and many-to-one alias table.
> >
> > >
> > --
> > Igor
> >
>
>
--
Igor
Re: createmailbox: System I/O error
I'm no expert, but I would check the file permissions on both /var/spool/imap and /var/imap Tim Jay Drake wrote: It now seems as though things are running and I am trying to create mailbox for my initial users. My current imapd.conf is: configdirectory: /var/imap partition-default: /var/spool/imap admins: cyrus jdrake sasl_pwcheck_method: auxprop allowplaintext: 1 and I have managed to get into cyradm with the following at the command line: cyradm --user myusername --server mail.myrealdomain.com --auth plain (which then prompts me for my password.) Having authenticated in this way, I then issue the command: cm user.myusername and receive: createmailbox: System I/O error This does not appear to put anything into my auth.log or imapd.log and I a at a complete loss as for what I should do to fix this... :/ TIA, Jay Drake [EMAIL PROTECTED] _ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
Re: Info
Sebastian Konstanty Zdrojewski wrote: Hi, I am experiensing a problem. I have in my imapd.log the following entries: Apr 1 18:14:37 nexus lmtpd[17042]: lmtp connection preauth'd as postman The MTA connected to the lmtpd socket to deliver a message Apr 1 18:14:37 nexus master[17106]: about to exec /usr/cyrus/bin/lmtpd lmtpd gets runnning to accept the message Apr 1 18:14:37 nexus lmtpunix[17106]: executed get the message Apr 1 18:14:40 nexus lmtpd[17042]: duplicate_check: <[EMAIL PROTECTED]> user.pluto 0 lmtpd checks to see of the message with the MID appearing on the last line was delivered recently to not store the same message twice ( see: man imapd.conf section for :duplicatesuppression") Apr 1 18:14:40 nexus lmtpd[17042]: mystore: starting txn 2147488968 Apr 1 18:14:40 nexus lmtpd[17042]: mystore: committing txn 2147488968 Apr 1 18:14:40 nexus lmtpd[17042]: duplicate_mark: <[EMAIL PROTECTED]> user.pluto 1049213680 lmtpd stored the MID in his list of recently delivered messages for future use what is their meaning and what kind of problem they involve? There is no problem. I hope this makes sense, perhaps reading the docs from cyrus-imapd would make thing clearer. mitu
re: createmailbox: System I/O error
Please disregard my previous message regarding this error. It would seem I had failed to create the appropriate directory. My apologies and thanks again. Jay Drake [EMAIL PROTECTED] _ STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
createmailbox: System I/O error
It now seems as though things are running and I am trying to create mailbox for my initial users. My current imapd.conf is: configdirectory: /var/imap partition-default: /var/spool/imap admins: cyrus jdrake sasl_pwcheck_method: auxprop allowplaintext: 1 and I have managed to get into cyradm with the following at the command line: cyradm --user myusername --server mail.myrealdomain.com --auth plain (which then prompts me for my password.) Having authenticated in this way, I then issue the command: cm user.myusername and receive: createmailbox: System I/O error This does not appear to put anything into my auth.log or imapd.log and I a at a complete loss as for what I should do to fix this... :/ TIA, Jay Drake [EMAIL PROTECTED] _ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
Re: Info
On Tue, Apr 01, 2003 at 06:20:39PM +0200, Sebastian Konstanty Zdrojewski (SKZ) wrote: SKZ> SKZ> I am experiensing a problem. Which problem are you experiencing ? This is not hide-and-seek you know .. you post the logfile, we guess what the problem is ? Naaah :) Gr, Nils.
Re: Authentication troubles
Hi Jay,
You might verify that the sasl_* settings in /etc/imapd.conf are
correct. It looks like sasl_pwcheck_method is set to saslauthd, but
either it is not running, or the socket it listens on is different from
what cyrus-imapd is looking for (the default, I _think_, is
/var/state/saslauthd/mux).
Also, your IMAP server will not accept a plain login (note the absence
of "AUTH=PLAIN" or "AUTH=LOGIN" in the IMAP4 Capabinities). You will
need an imtest command something like this:
imtest -m login -t "" mail.plainhouse.com
although, I always use the -u and -a options on the command line.
Mike.
>>> "Jay Drake" <[EMAIL PROTECTED]> 04/01/03 06:41pm >>>
Having just recompiled from source and reinstalled cyrus-imap as well
as
cyrus-sasl, paying close attention to the instructions in the /doc
directory, I am having difficulties getting imtest to succeed. I would
greatly appreciate any help I could get.
Environment:
Redhat Linux 8 with 2.4.18-14 kernel
Cyrus version:
cyrus-sasl-2.1.12
cyrus-imapd-2.1.12
Copy of my attempt to use imtest as user jdrake:
[EMAIL PROTECTED] doc]# su jdrake
[EMAIL PROTECTED] doc]$ /usr/local/bin/imtest -m login
mail.planhouse.com
S: * OK phoenix Cyrus IMAP4 v2.1.12 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
SORT
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=OTP AUTH=DIGEST-MD5
AUTH=CRAM-MD5
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN jdrake {6}
S: + go ahead
C:
S: L01 NO Login failed: generic failure
Authentication failed. generic failure
Security strength factor: 0
. logout
* BYE LOGOUT received
. OK Completed
Connection closed.
Found in imapd.log:
Apr 1 11:00:04 phoenix master[21130]: process 21144 exited, status 0
Apr 1 11:00:09 phoenix master[21173]: about to exec
/usr/cyrus/bin/imapd
Apr 1 11:00:09 phoenix imap[21173]: executed
Apr 1 11:00:09 phoenix imapd[21173]: accepted connection
Apr 1 11:00:20 phoenix imapd[21173]: badlogin:
ns1.planhouse.com[206.156.254.77] plaintext jdrake SASL(-1): generic
failure: checkpass failed
Found in auth.log:
Apr 1 11:00:20 phoenix imapd[21173]: cannot connect to saslauthd
server: No
such file or directory
I can't think of anything else to mention off the top of my head. I
hope
someone can help me out. I really would love to have a working mail
server
by the end of the day. (I'm tired of using hotmail...) :)
TIA,
Jay Drake
_
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
http://join.msn.com/?page=features/virus
Re: Authentication troubles
The saslauthd daemon is running. I also made sure to stop cyrus, start the saslauthd daemon and then start cyrus before receiving the aforementioned results. I've noted that in the Cyrus Imap Server FAQ this is mentioned in one place as follows: Dec 6 12:58:57 mail3.andrew.cmu.edu imapd[1297]: cannot connect to saslauthd server Make sure that saslauthd is running and that the cyrus user can access the unix domain socket (defaults to /var/run/mux). I am uncertain how to proceed in the second part of this answer to be sure that cyrus can access the unix domain socket. I do know, however, that /var/run/mux does not exist on my system. This all said, someone just privately recommended I try changing my configuration to utilize auxprop rather than saslauthd as my sasl_pwcheck_method in /etc/imapd.conf and that worked like a charm. I apologize for my ignorance and thank you all for the help you've provided. Jay Drake [EMAIL PROTECTED] From: Rob Siemborski <[EMAIL PROTECTED]> To: Jay Drake <[EMAIL PROTECTED]> CC: [EMAIL PROTECTED] Subject: Re: Authentication troubles Date: Tue, 1 Apr 2003 11:53:54 -0500 (EST) On Tue, 1 Apr 2003, Jay Drake wrote: > Found in auth.log: > > Apr 1 11:00:20 phoenix imapd[21173]: cannot connect to saslauthd server: No > such file or directory > > I can't think of anything else to mention off the top of my head. I hope > someone can help me out. I really would love to have a working mail server > by the end of the day. (I'm tired of using hotmail...) :) You need to run the saslauthd daemon. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper _ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
Re: Authentication troubles
On Tue, 1 Apr 2003, Jay Drake wrote: > Found in auth.log: > > Apr 1 11:00:20 phoenix imapd[21173]: cannot connect to saslauthd server: No > such file or directory > > I can't think of anything else to mention off the top of my head. I hope > someone can help me out. I really would love to have a working mail server > by the end of the day. (I'm tired of using hotmail...) :) You need to run the saslauthd daemon. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: MTAs that pass SMTP AUTH?
> On Mon, 31 Mar 2003 08:42:04 -0500,
> Scott Balmos <[EMAIL PROTECTED]> (sb) writes:
sb> Okay, fine. This is what I have also. The crux seems to be getting the MTA to
sb> pass along the AUTH info. So far I guess only Sendmail and Exim do such a
sb> thing, right? Has anyone *possibly* come up with a patch for Postfix about
sb> this? I remember a few days ago some mumblings on the list that to record
sb> such AUTH info to pass along with the message would be somewhat irritating.
I think I was volunteered to raise this issue on the postfix-users
list, but life is still a bit chaotic for me (still unpacking from
a move). It's also been a long, long time since I've studied
Postfix source at all, and much has changed since my meager
tinkerings. So I was trying to re-acquaint myself with such
things, and how something like this might be arranged.
As has been mentioned before, one thing is for sure: it would
require altering the format of the queue file. I *think* that if
this was strictly controlled by some variables, which by default
were off, *maybe* this would be accepted. It certainly doesn't
harm that an increasing number of MTAs start supporting this.
The more the merrier! :-)
At any rate, this isn't likely to be something that appears
overnight, alas.
sb> This is *EXACTLY* what I have right now, Kevin. I've always thought that since
sb> there is no password, and the "user" to authenticate is in the message
sb> itself, such that anyone reading that message sees the full address along
sb> with a username that has posting credentials to that folder, it was
sb> completely insecure. I guess it's just a risk, you only hope that the users
sb> (in my case, only about 300, so it's not that big a deal) don't abuse it, and
sb> you just make sure the folder admins are quick to delete.
sb> Well that makes me feel at least a little more comfortable knowing that at
sb> least one other person does this convoluted user+folder "authentication"
sb> setup like I was thinking of using. :)
Well, what we did in some of these cases is a pretty gross,
convoluted mess. I guess it works OK, but certainly could be
better. You see, we got into a bit of a pinch when we tried to
rely exclusively on shared folders ("BBs") for important campus
discussions. The best we could do that was acceptable to all
parties was to continue to use the long-time existing campus
mailing lists AND some shared folders.
The shared folder membership is derived from the mailing list
membership. This shared folder is then listed as a special member
on that list. If an individual wants to only refer to the shared
folder instead of getting inundated by stuff in their inbox, then
they can set the VACATION flag on their subscription for that
list. This means they're still on the list, hence still a member
of the shared folder, but don't get the mail in their inbox.
Though not entirely fool-proof, this crazy arrangement seems to
have worked out OK for the last couple or so years (forget when it
was started). With some MLMs you can remove some headers and do a
little masquerading, thereby tightening things up a tad. At least
some of the IMAP diehards can enjoy the shared folders. However,
LMTP-AUTH tied to SMTP-AUTH sure would be nice to play with.
In the back of my mind I've been wondering if/how the new NNTP
support coming with the new Cyrus now in beta might be employed to
deal with these sort of discussions. However, I haven't pictured
just how yet.
--
Amos
Authentication troubles
Having just recompiled from source and reinstalled cyrus-imap as well as
cyrus-sasl, paying close attention to the instructions in the /doc
directory, I am having difficulties getting imtest to succeed. I would
greatly appreciate any help I could get.
Environment:
Redhat Linux 8 with 2.4.18-14 kernel
Cyrus version:
cyrus-sasl-2.1.12
cyrus-imapd-2.1.12
Copy of my attempt to use imtest as user jdrake:
[EMAIL PROTECTED] doc]# su jdrake
[EMAIL PROTECTED] doc]$ /usr/local/bin/imtest -m login mail.planhouse.com
S: * OK phoenix Cyrus IMAP4 v2.1.12 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=OTP AUTH=DIGEST-MD5
AUTH=CRAM-MD5
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN jdrake {6}
S: + go ahead
C:
S: L01 NO Login failed: generic failure
Authentication failed. generic failure
Security strength factor: 0
. logout
* BYE LOGOUT received
. OK Completed
Connection closed.
Found in imapd.log:
Apr 1 11:00:04 phoenix master[21130]: process 21144 exited, status 0
Apr 1 11:00:09 phoenix master[21173]: about to exec /usr/cyrus/bin/imapd
Apr 1 11:00:09 phoenix imap[21173]: executed
Apr 1 11:00:09 phoenix imapd[21173]: accepted connection
Apr 1 11:00:20 phoenix imapd[21173]: badlogin:
ns1.planhouse.com[206.156.254.77] plaintext jdrake SASL(-1): generic
failure: checkpass failed
Found in auth.log:
Apr 1 11:00:20 phoenix imapd[21173]: cannot connect to saslauthd server: No
such file or directory
I can't think of anything else to mention off the top of my head. I hope
someone can help me out. I really would love to have a working mail server
by the end of the day. (I'm tired of using hotmail...) :)
TIA,
Jay Drake
_
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
http://join.msn.com/?page=features/virus
Info
Hi, I am experiensing a problem. I have in my imapd.log the following entries: Apr 1 18:14:37 nexus lmtpd[17042]: lmtp connection preauth'd as postman Apr 1 18:14:37 nexus master[17106]: about to exec /usr/cyrus/bin/lmtpd Apr 1 18:14:37 nexus lmtpunix[17106]: executed Apr 1 18:14:40 nexus lmtpd[17042]: duplicate_check: <[EMAIL PROTECTED]> user.pluto 0 Apr 1 18:14:40 nexus lmtpd[17042]: mystore: starting txn 2147488968 Apr 1 18:14:40 nexus lmtpd[17042]: mystore: committing txn 2147488968 Apr 1 18:14:40 nexus lmtpd[17042]: duplicate_mark: <[EMAIL PROTECTED]> user.pluto 1049213680 what is their meaning and what kind of problem they involve? TIA - En3pY -- Sebastian Konstanty Zdrojewski IT Analyst Neticon S.r.l. via Valtellina, 16 - 20159 Milano Tel. +39 02 68.80.731 FAX +39 02.60.85.70.41 Cell. +39 349.33.04.311 ICQ # 97334916 -- Web: http://www.neticon.it/ E-mail: [EMAIL PROTECTED]
Off-line scripts for cyradmin
Hi, Im using cyrus-imapd 2.1.12 and want to run some administrative cyradm scripts from cron. They works on-line, but I must input password by hand. Old Tcl version of cyradm did recognise parameters --user xxx --password yyy Can someone advice me, how to input password to cyradm offline? Thanks Petr
Re: setup woes
Jay Drake schrieb: > > I've been having difficulties getting Cyrus to run on my server and hope > someone might be able to help me out. The current problem I have gives me > the following output in my imapd.log when I attempt to restart the server: > > Apr 1 07:37:31 phoenix master[9193]: about to exec /usr/libexec/cyrus/imapd > Apr 1 07:37:31 phoenix imap[9193]: executed > Apr 1 07:37:31 phoenix imapd[9193]: skiplist: invalid magic header: > /var/lib/imap/mailboxes.db > Apr 1 07:37:31 phoenix imapd[9193]: DBERROR: opening > /var/lib/imap/mailboxes.db: cyrusdb error > Apr 1 07:37:31 phoenix imapd[9193]: Fatal error: can't read mailboxes file > Apr 1 07:37:31 phoenix master[9180]: process 9193 exited, status 75 > > This install is from the rpm found at http://home.teleport.ch/simix/ created > by Simon Matter(?) - cyrus-imapd-2.1.12-9.i386.rpm. This is being used on a > Linux RedHat 8 system using the 2.4.18-14 kernel. mailboxes.db is found at > /var/lib/imap/ and is chowned to cyrus.cyrus. Did you rebuild from source rpm? The webpage states that the binaries are built for RedHat 7.2 and you have to build your own if you have RedHat 8.0 HTH Simon > > Any help is greatly appreciated. > > Jay Drake > [EMAIL PROTECTED] > > _ > MSN 8 with e-mail virus protection service: 2 months FREE* > http://join.msn.com/?page=features/virus
Re: interesting limitation
On Mon, 31 Mar 2003, Dave O wrote: > > 2 level hashing would work, but I don't know if Cyrus supports that. It > would most likely be trivial to implement. > > eg spool/s/sm/user/smith spool/s/m/user/smith? ian
setup woes
I've been having difficulties getting Cyrus to run on my server and hope someone might be able to help me out. The current problem I have gives me the following output in my imapd.log when I attempt to restart the server: Apr 1 07:37:31 phoenix master[9193]: about to exec /usr/libexec/cyrus/imapd Apr 1 07:37:31 phoenix imap[9193]: executed Apr 1 07:37:31 phoenix imapd[9193]: skiplist: invalid magic header: /var/lib/imap/mailboxes.db Apr 1 07:37:31 phoenix imapd[9193]: DBERROR: opening /var/lib/imap/mailboxes.db: cyrusdb error Apr 1 07:37:31 phoenix imapd[9193]: Fatal error: can't read mailboxes file Apr 1 07:37:31 phoenix master[9180]: process 9193 exited, status 75 This install is from the rpm found at http://home.teleport.ch/simix/ created by Simon Matter(?) - cyrus-imapd-2.1.12-9.i386.rpm. This is being used on a Linux RedHat 8 system using the 2.4.18-14 kernel. mailboxes.db is found at /var/lib/imap/ and is chowned to cyrus.cyrus. Any help is greatly appreciated. Jay Drake [EMAIL PROTECTED] _ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus
Re: MTAs that pass SMTP AUTH?
On Tuesday 01 April 2003 01:04 am, Kevin P. Fleming wrote: > Scott Balmos wrote: > > My question is, where is Sendmail getting, or even sending to the deliver > > program, the information that says to match against username msmith, > > johndoe, or whatnot? I know of the -a switch for deliver, but pretty much > > all the other MTAs (including Postfix) say that there can only exist a > > "blanket" Cyrus user, designated to the MTA, for posting to shared > > folders. > > This is intended to be used in a secure localized installation, with the > users using SMTP AUTH to authenticate themselves to the MTA. The MTA > then records this information and passes it along via LMTP AUTH to the > Cyrus lmtpd. > Okay, fine. This is what I have also. The crux seems to be getting the MTA to pass along the AUTH info. So far I guess only Sendmail and Exim do such a thing, right? Has anyone *possibly* come up with a patch for Postfix about this? I remember a few days ago some mumblings on the list that to record such AUTH info to pass along with the message would be somewhat irritating. > > Where's everything come from, authentication-wise? The only thing I can > > think of is the user creates a message, saves to their local drafts > > folder, then manually "moves" the message into the proper folder on IMAP. > > But that seems really icky, and essentially like "IMAP Send". > > Well, in my case, we're not actually using SMTP AUTH to deliver the > messages to the MTA. Rather, I have set up mail delivery such that a > message that arrives at my MTA address to "[EMAIL PROTECTED]" is > delivered as if it had been AUTH'd as "user". This means that messages > can be delivered directly to any user's folders, without having to give > anonymous "p" rights on those folders. Yes, this does mean that someone > out there could abuse it, but all they could do is put random stuff > directly into a folder, instead of into the user's INBOX. > > If we had shared folders set up, then I would have to implement SMTP > AUTH so that the the folders could have reasonable (i.e. non-anonymous) > rights. This is *EXACTLY* what I have right now, Kevin. I've always thought that since there is no password, and the "user" to authenticate is in the message itself, such that anyone reading that message sees the full address along with a username that has posting credentials to that folder, it was completely insecure. I guess it's just a risk, you only hope that the users (in my case, only about 300, so it's not that big a deal) don't abuse it, and you just make sure the folder admins are quick to delete. Well that makes me feel at least a little more comfortable knowing that at least one other person does this convoluted user+folder "authentication" setup like I was thinking of using. :) Thanks!
