[cyr]deliver, executed as <user>, should have <user>'s permissions
ms419 at freezone.co.uk
ms419 at freezone.co.uk
Fri Apr 9 15:37:12 EDT 2004
"... I dislike people who do not read docs" : ) Fair enough.
I have now read _all_ /usr/share/doc/cyrus21-imapd/* and am struggling
to configure cyrus delivery using TCP sockets. cyrus.conf and
imapd.conf contain:
---
lmtp cmd="lmtpd" listen="localhost:lmtp" prefork=0 maxchild=20
---
lmtpsocket: localhost:lmtp
---
services contians:
---
lmtp 24/tcp
---
Telnet works:
---
admin at wum:~$ telnet localhost lmtp
Trying 127.0.0.1...
Connected to localhost (127.0.0.1).
Escape character is '^]'.
220 wum LMTP Cyrus v2.1.16-IPv6-Debian-2.1.16-6 ready
---
but cyrdeliver does not:
---
admin at wum:~$ /usr/sbin/cyrdeliver admin < tmp/message
couldn't connect to lmtpd: Success
421 4.3.0 deliver: couldn't connect to lmtpd
---
Logs contain:
---
Apr 9 12:07:41 wum cyrus/master[11512]: about to exec
/usr/lib/cyrus/bin/lmtpd
Apr 9 12:07:42 wum cyrus/lmtp[11512]: executed
Apr 9 12:07:42 wum cyrus/lmtpd[11512]: accepted connection
Apr 9 12:07:42 wum cyrus/lmtpd[11512]: connection from localhost
[127.0.0.1]
Apr 9 12:07:42 wum cyrus/deliver[11511]: lmtpengine do_auth: could not
sasl_setprop the security properties
---
imapd has no SASL problems ... What have I missed?
My goal is for a user's permission to deliver to a folder to agree with
that folder's ACL - so I can run cyrdeliver as an unprivileged user
(like from .procmailrc), w/o allowing the user to deliver to every
folder.
Jack
On Apr 6, 2004, at 8:07 AM, Henrique de Moraes Holschuh wrote:
> On Tue, 06 Apr 2004, ms419 at freezone.co.uk wrote:
>> [cyr]deliver is executed as my user, instead of "root.mail" - as it
> ...
>>
>> How do others get around this?
>
> Read the manpages, and configure cyrus deliver to use TCP sockets
> (cyrus
> lmtpd must be told to listen on the TCP socket as well), or change the
> permissions for the local unix socket. If you're using a Debian
> package of
> the 2.1 series, go read /usr/share/doc/cyrus21-imapd/* NOW.
>
> Make sure you do understand the security implications of what you're
> doing,
> you may end up opening email submission to anyone (which might be, or
> might
> not be a problem in your setup).
>
> --
> "One disk to rule them all, One disk to find them. One disk to bring
> them all and in the darkness grind them. In the Land of Redmond
> where the shadows lie." -- The Silicon Valley Tarot
> Henrique Holschuh
> ---
> Home Page: http://asg.web.cmu.edu/cyrus
> Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
>
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list