<HTML dir=ltr><HEAD><TITLE>RE: murder configuration issue final stretch</TITLE>
<META http-equiv=Content-Type content="text/html; charset=unicode">
<META content="MSHTML 6.00.6000.16735" name=GENERATOR></HEAD>
<BODY>
<DIV id=idOWAReplyText11639 dir=ltr>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>Andrew, </FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>I found one of your older posting which also covers this. Here is what I did.</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>I added psotfixlmtp as a user to both the frontend and and then ran the 'runuser - postfixlmtp -c "lmtptest mds01"' and used the password and it authenticated just fine. So I added the entry to my lmtp_passwd file for postfix. I also added the additional entries into the postfix main.cf file as per the instructions. </FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>On the frontend I added lmtp_admins: postfixlmtp and on the backends I added lmtp_admins: murder postfixlmtp.</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>I did notice that when I try connecting to the lmtp on the frontend I get an error. I suspect that it's because it's looking for lmtp and it's running the lmtpproxy</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2># runuser - postfixlmtp -c "lmtptest" <BR>WARNING: no hostname supplied, assuming localhost</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2>connect: Connection refused<BR>failure: Network initialization - can not connect to localhost.localdomain:lmtp</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>Anyway, postfix is kicking this out in the log:</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>lmtp[6073]: lmtp connection preauth'd as postman <-- why I'm getting this, I don't know</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>I assume that for some reason it's still allowing anonynous connections to lmtp. I checked my cyrus.conf files on all servers and there is no "-a". </FONT><FONT face=Arial size=2>It's perplexing. The information you gave me makes sense but it's like something has cached a setting and isn't letting go even though I have restarted all of the services.</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>I'm still working the issue but if this rings a bell I'd love any feedback.</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr> </DIV></DIV>
<DIV dir=ltr><BR>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Andrew Morgan [mailto:morgan@orst.edu]<BR><B>Sent:</B> Wed 12/10/2008 9:35 AM<BR><B>To:</B> Gary W. Smith<BR><B>Cc:</B> Wesley Craig; info-cyrus@lists.andrew.cmu.edu<BR><B>Subject:</B> RE: murder configuration issue final stretch<BR></FONT><BR></DIV>
<DIV>
<P><FONT size=2>On Tue, 9 Dec 2008, Gary W. Smith wrote:<BR><BR>> Andy/Wesley,<BR>><BR>> First off, thanks for all of the help. I've gotten pretty far I think.<BR>> I ran into a couple problems and some notes on some list groups about<BR>> dead options that were shown in examples.<BR>><BR>> <A href="http://garysmith.pbwiki.com/Cyrus">http://garysmith.pbwiki.com/Cyrus</A><BR>><BR>> I have put all of my configs into a wiki (broken down by server/type).<BR>> The problem that I'm running into right now is that if I log into the<BR>> frontend box using cyradmin (as root or cyrus) I can see mailboxes but<BR>> when I go to create one on a backend server, cyradm prompts me for the<BR>> password for the corresponding account on the remote machine. I'm not<BR>> sure if this is by design or an issue.<BR>><BR>> The other big issue is that I have lmtp configured on the frontend to<BR>> forward to the backend. The lmtp process is running on the backend as I<BR>> can telnet to it (telnet ip lmtp). On the backend I seem to be getting<BR>> a SASL2 auth error.<BR>><BR>> badlogin: 10.80.72.1 PLAIN SASL(-13): authentication failure: Password<BR>> verification failed<BR><BR>The documentation doesn't state this, but in a murder environment all LMTP<BR>connections must be authenticated. Using the "-a" option doesn't work<BR>because then the frontend doesn't have a set of credentials for proxying.<BR>At least, that's what my testing showed.<BR><BR>Try creating a "cyr_lmtp" (or whatever you want to call it) user on both<BR>your backends and frontends. Then add the following:<BR><BR>On backends:<BR><BR>lmtp_admins: cyr_lmtp murder<BR><BR>On frontends:<BR><BR>lmtp_admins: cyr_lmtp<BR><BR>Then make sure your MTA is authenticating as cyr_lmtp when it connects to<BR>the Cyrus lmtpd.<BR><BR> Andy<BR></FONT></P></DIV></BODY></HTML>