Re: Sendmail + LMTP AUTH
Scott Adkins wrote: > > Ah, sorry... version 8.12.5. I did not use the new cyrusv2.m4 file used > in the mailer directory. You don't need to, but it looks cleaner: # mailers define(`confLOCAL_MAILER', `cyrusv2')dnl define(`CYRUSV2_MAILER_ARGS', `TCP localhost lmtp')dnl MAILER(`cyrusv2')dnl MAILER(`smtp')dnl Anyway, to do LMTP AUTH, you need to setup Sendmail to have client auth info. You can do this either via the access database or the authinfo database. I do this in the access database because I already have it setup for SMTP AUTH relaying. In sendmail.mc: FEATURE(`access_db')dnl In /etc/mail/access: # client AUTH AuthInfo: "I:" "P:" where can be a hostname, domain name, IPv4 or IPv6, is an admin or lmtp_admin (I use 'cyrus') and is the admins's password. If you don't want to have the plaintext password in this file, then you can use a BASE64-encoded version by specifying "P=". You can also list the mechanisms to try with the optional "M: ..." Once you have this setup, remember to remake your sendmail.cf and to run makemap on your access database. If you want to use the authinfo database instead, then use FEATURE(authinfo) and /etc/mail/authinfo. The format of the line(s) in the authinfo database are the same. I _believe_ that all of this stuff is in the Sendmail docs, but the latest bat book (3rd ed.) has AUTH and STARTTLS documented. > --On Tuesday, January 28, 2003 10:06 AM -0500 Ken Murchison > <[EMAIL PROTECTED]> wrote: > > > > Scott Adkins wrote: > >> > >> Okay, I must be clueless here... I have looked through the docs, looked > >> through the archives, done google searches, etc. I just plain don't > >> understand how to configure sendmail to do LMTP authentication correctly. > > > > What version of Sendmail? The config varies slightly between 8.10/11 > > and 8.12. > > > > -- > > Kenneth Murchison Oceana Matrix Ltd. > > Software Engineer 21 Princeton Place > > 716-662-8973 x26 Orchard Park, NY 14127 > > --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp > > -- > +---+ > Scott W. Adkinshttp://www.cns.ohiou.edu/~sadkins/ >UNIX Systems Engineer mailto:[EMAIL PROTECTED] > ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 > +---+ > PGP Public Key available at http://www.cns.ohiou.edu/~sadkins/pgp/ > > > >Part 1.2Type: application/pgp-signature >Encoding: 7bit -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Sendmail + LMTP AUTH
Scott Adkins wrote: > > Okay, I must be clueless here... I have looked through the docs, looked > through the archives, done google searches, etc. I just plain don't > understand how to configure sendmail to do LMTP authentication correctly. What version of Sendmail? The config varies slightly between 8.10/11 and 8.12. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Sendmail + LMTP AUTH
Okay, I must be clueless here... I have looked through the docs, looked through the archives, done google searches, etc. I just plain don't understand how to configure sendmail to do LMTP authentication correctly. I am in need to open up the TCP port of LMTP to more than just [localhost] and believe that LMTP AUTH is the way to do it. We do not have tcpwrapper support compiled in, and really need to find a way to do it without having to recompile lmtpd. In the cyrus config file, I have the following config lines: # LMTP is required for delivery #lmtp cmd="lmtpd -a" listen="localhost:lmtp" lmtp cmd="lmtpd" listen="lmtp" lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" We were running with the "-a" option forced to localhost. I removed it and removed the localhost reference. The lmtpunix line is there in case anyone uses the deliver program to deliver a message. As far as the sendmail configuration goes, I have the following: dnl server configuration for SMTP AUTH define(`confAUTH_MECHANISMS', `PLAIN')dnl TRUST_AUTH_MECH(`PLAIN') define(`confAUTH_OPTIONS', `p,y')dnl dnl server configuration for SMTPS DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s') dnl cyrus configuration define(`confLOCAL_MAILER', `cyrus') MAILER(`local') MAILER(`smtp') MAILER_DEFINITIONS Mcyrus, P=[IPC], F=lsDFMnqAwW@/:|SmXz, E=\r\n, S=EnvFromL, R=EnvToL/HdrToL, T=DNS/RFC822/X-Unix, U=cyrus:mail, A=TCP [localhost] lmtp Note: This is obviously not the full file, but hopefully just the parts relevant to the discussion. Now, what do I need to change in order to get LMTP AUTH working? I do have some questions regarding how LMTP AUTH actually occurs... First, what username/password gets used for the authentication? Is it going to be "postman", like it is for when lmtpd is ran with the "-a" option? I can only guess that this might be the case, since delivery of email is coming from an anonymous source and not a physical user on the system. If this is the case, then what about the password? Is it stored in the config file, or cached or what? Secondly, I assume this occurs in the plain-text format, so, should I be setting up LMTP to be done over SSL? Will sendmail use SSL to LMTP correctly? If this is the case, how do I change the above setup to make SSL LMTP work? By the way, please note that I have "allowplaintext: 1" in the imapd.conf file, so authenticating over a plain-text connection for IMAP and POP is not allowed... they have to authenticate over an SSL/TLS connection first. Since this is set, won't this affect LMTP authentication as well? Okay, lots of questions... I hope I can get some answers... I feel that I am pouring more time and energy into this problem than I need, and really need to turn my attention elsewhere... Thanks! Scott -- +---+ Scott W. Adkinshttp://www.cns.ohiou.edu/~sadkins/ UNIX Systems Engineer mailto:[EMAIL PROTECTED] ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 +---+ PGP Public Key available at http://www.cns.ohiou.edu/~sadkins/pgp/ msg10668/pgp0.pgp Description: PGP signature