RE: Cyrus IMAP, sendmail and LDAP
Ok, so I recompiled sendmail w/ LDAP support.. Here are the relavent parts of my mc file: define(`confLOCAL_MAILER', `cyrusv2') define(`CYRUSV2_MAILER_ARGS', `FILE /var/cyrus/imap/socket/lmtp') # LDAP Related FEATURE(`ldap_routing') LDAPROUTE_DOMAIN(`panther.mydomain.com') define(`confLDAP_DEFAULT_SPEC', `-h localhost -b ou=Users,dc=mydomain,dc=com') define(`confLDAP_DEFAULT_SPEC', `-h localhost -b ou=Users,dc=mydomain,dc=com') LDAPROUTE_DOMAIN(`panther.mydomain.com') dnl # LDAPROUTE_DOMAIN_FILE(`/etc/mail/LDAP-Routing') FEATURE(`ldap_routing',,,`bounce',`preserve') --- You have not configured Sendmail to bounce addresses that are not in LDAP. I also like to preserver '+' addresses John --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
RE: Cyrus IMAP, sendmail and LDAP
The way you have it setup now Sendmail accepts all mail before trying to deliver it via cyrus (just like most secondary and some primary mx servers do). So if I send 1000 emails to non existant users your sendmail will accept them all (regardless of weather they exist or not) before trying to deliver them to cyrus. Because I'm a spammer I've used fake return addresses so you now have 1000 bounces sitting in your mail queue (which Sendmail keeps trying to resend every hour)until they expire putting a strain on your resources. Every time I have setup LDAP routing for a domain (primarily on the mx servers but also on the cyrus system) it has resulted in a 80% to 90% reduction in mail traffic and server load. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of AJ Sent: Thursday, 8 July 2004 8:21 AM To: [EMAIL PROTECTED] Subject: Re: Cyrus IMAP, sendmail and LDAP Thanks. I have reviewed the sendmail page numerous times, but my question is what is the difference between the way I have things set up now, i.e just using cyrus as a local mailer, as opposed to ldap_routing. I am not sure why one would go one way or the other, just trying to clarify. Thanks. AJ Andrzej Filip wrote: AJ wrote: My setup is cyrus, sendmail and openldap for all users data. The way I have things set up now is sendmail use cyrus local mailer, and is not compile w/ LDAP support, so if a mailbox does not exist in cyrus, it gets bounced. Sendmail does not do user/mailbox lookups via LDAP. This seems to work ok, but on the net I have been reading most people set up sendmail to look at ldap for users, rather than cyrus. Can some people share their setups on how they implement these three together? * LDAP ROUTING (sendmail) http://www.sendmail.org/m4/ldap_routing.html * Autocreate INBOX patch for Cyrus http://email.uoa.gr/projects/cyrus/autocreate/index.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
RE: Cyrus IMAP, sendmail and LDAP
Thanks.. is there any LDAP attribute that will tell sendmail what server and cyrus mailbox to deliver to. Yes, mailLocalAddress -- Addresses to accept email to (as many as you want) mailRoutingAddress -- The address to send the mail to mailHost -- The host to deliver mail to It seems that using ldap routing w/ mailLocalAddress and mailHost will cause a loop if everything is all one one server. You're not giving Sendmail enough credit ;-) IF mailHost == local-host-name sendmail delivers localy. No loop. John --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
RE: newbie question
Hi Dudi, I am fairly experienced, done lots of sendmail installations to a manual modification of sendmail.cf ;-), A/V, spam filters etc., so I guess I'll manage - probably with some help from this list If you do not mind my asking. If you are so familiar with sendmail, why do you want to use postfix with Cyrus? Now, not being familiar with Cyrus at all, I wonder what am I facing here time wise, complexity, reliability etc. Well I guess that would depend on what type of system you are installing it on. Simon Matter provides an excellent RPM for RedHat which is what I have based my (customised) setup on. As far as reliability goes Cyrus is an outstanding piece of software. John --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
RE: sasldb2
Before I switched to LDAP I had the following on RH9 -rw-r-1 cyrusmail12288 Apr 28 10:00 /etc/sasldb2 --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
RE: Cyrus imap, virtual domains and ldap authentication
I have never used virtual domains so I don't know about that. I'm using both methods in different configurations and they both work well. However, I think for virtual domains, you have to use 'sasl_pwcheck_method: ldap' because pam doesn't handle what you want. Simon Hi Simon, Your Cyrus rpms are very much appreciated thank's very much. Well I appear to have virtual domains working on redhat 9. This is what I did. I got the cyrus-sasl rpms from Fedora Core 1 and rebuilt them on Redhat 9 with ldap support added in (it's off by default). Changed the saslauthd mech from shadow to ldap. Created /etc/saslauthd.conf ldap_servers: ldap://127.0.0.1 ldap_bind_dn: cn=Manager,dc=domain,dc=net ldap_bind_pw: supersecret ldap_scope: sub ldap_search_base: dc=domain,dc=net ldap_auth_method: bind --- Used saslauthd in /etc/imapd.conf #sasl_pwcheck_method: auxprop sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN default_domain: unused.domain.net I have different ou's for each domain in my ldap server and each user has a [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Now I just have to go through and tighten up the security ;-) John --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus imap, virtual domains and ldap authentication
cyrus-imapd-utils-2.2.3 cyrus-imapd-2.2.3 cyrus-sasl-2.1.15 Hi, I have a cyrus imap server with virtual domains authenticating against sasldb2 thats been running sucessfully for several weeks now (Thanks to Simon Matters rpms) and I'd like to convert to authenticating against my LDAP server. I've Googled until my fingers bled (quote stolen from a google search) and I'm totaly confused about how to go about it. So I'm looking for some tips/pointers about how to go about it. I've seen references to useing either of sasl_pwcheck_method: saslauthd or sasl_pwcheck_method: ldap in imapd.conf. Which should I use and then what else do I need? Regards John --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
