<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi Mickael,</p>
<p>thank you very much.<br>
That's work.</p>
<p>I am now blocked in autocreating user on backend, but it's
another problem ;-)</p>
<p>Thanks again,<br>
<br>
Ismaël Tanguy<br>
</p>
<div class="moz-signature">
<meta charset="UTF-8">
<style>
/*
* Remove the red dotted border from tables and cells with no border,
* this will make them INVISIBLE
*/
table[empty-cells],
table[border="0"],
/* next two selectors on line below for the case where tbody is omitted */
table[border="0"] > tr > td, table[border="0"] > tr > th,
table[border="0"] > thead > tr > td, table[border="0"] > tbody > tr > td, table[border="0"] > tfoot > tr > td,
table[border="0"] > thead > tr > th, table[border="0"] > tbody > tr > th, table[border="0"] > tfoot > tr > th,
table:not([border]),
/* next two selectors on line below for the case where tbody is omitted */
table:not([border]) > tr > td, table:not([border]) > tr > th,
table:not([border]) > thead > tr > td, table:not([border]) > tbody > tr > td, table:not([border]) > tfoot > tr > td,
table:not([border]) > thead > tr > th, table:not([border]) > tbody > tr > th, table:not([border]) > tfoot > tr > th
{
border: none !important;
}</style></div>
<div class="moz-cite-prefix">Le 07/03/2019 à 11:55, Michael Menge a
écrit :<br>
</div>
<blockquote type="cite"
cite="mid:20190307115536.Horde.abq94lJF-NZD553VbaecXd5@webmail.uni-tuebingen.de">Hi,
<br>
<br>
<br>
I suspect, lmtp it trying to proxy auth, which is not possible
with the PLAIN mech,
<br>
(but e.g. with LOGIN). So as only PLAIN is availble "No worthy
mechs found".
<br>
<br>
You can try not to set "mupdate_username: murder" in the frontend
imapd.conf.
<br>
But keep "mupdate_authname: murder". This should result in normal
PLAIN authentication
<br>
as user "murder".
<br>
<br>
Even if you enable the LOGIN mech, setting mupdate_username can
cause some problems.
<br>
I can't remember which problems, but I reminded myself not to set
mupdate_username
<br>
with a comment in my own imapd.conf
<br>
<br>
Regards
<br>
<br>
Michael Menge
<br>
<br>
<br>
Quoting Ismaël Tanguy <a class="moz-txt-link-rfc2396E" href="mailto:ismael.tanguy@univ-brest.fr"><ismael.tanguy@univ-brest.fr></a>:
<br>
<br>
<blockquote type="cite">Hello,
<br>
<br>
I'm stucked in configuring a murder cluster with one frontend
and one backend.
<br>
LMTP between frontend and backend doesn't work, the logs says
that no mechanism is available.
<br>
I'm using sasl plain.
<br>
When turning saslauthd in debug mode, mta connection to frontend
is OK, but there's no request for the connection between
frontend and backend.
<br>
lmtptest -t "" -a murder backend is OK and goes over TLS.
<br>
Here's the debug log:
<br>
<br>
### /var/log/maillog -> frontend cyrus
<br>
<br>
frontend cyrus/lmtp[19541]: accepted connection
<br>
frontend cyrus/lmtp[19541]: connection from mta.domain [IP]
<br>
frontend cyrus/lmtp[19541]: command: LHLO mta.domain
<br>
frontend cyrus/lmtp[19541]: TLS is available.
<br>
frontend cyrus/lmtp[19541]: command: STARTTLS
<br>
frontend cyrus/lmtp[19541]: TLS is available.
<br>
frontend cyrus/lmtp[19541]: SSL_accept() incomplete -> wait
<br>
frontend cyrus/lmtp[19541]: SSL_accept() succeeded -> done
<br>
frontend cyrus/lmtp[19541]: starttls: TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits new) no authentication
<br>
frontend cyrus/lmtp[19541]: command: LHLO mta.domain
<br>
frontend cyrus/lmtp[19541]: TLS is available.
<br>
frontend cyrus/lmtp[19541]: command: AUTH PLAIN ***************
<br>
frontend cyrus/lmtp[19541]: login: mta.domain [IP] cyrus
PLAIN+TLS User logged in
<br>
frontend cyrus/lmtp[19541]: command: MAIL
FROM:<mail@domain> SIZE=576
<br>
frontend cyrus/lmtp[19541]: command: RCPT TO:<mail@domain>
<br>
frontend cyrus/lmtp[19541]: command: DATA
<br>
frontend cyrus/lmtp[19541]: USAGE <uid> user: 0.030932
sys: 0.017066
<br>
frontend cyrus/lmtp[19537]: accepted connection
<br>
frontend cyrus/lmtp[19537]: connection from frontend.domain [IP]
<br>
frontend cyrus/lmtp[19537]: command: LHLO lmtpproxyd
<br>
frontend cyrus/lmtp[19537]: TLS is available.
<br>
frontend cyrus/lmtp[19537]: command: STARTTLS
<br>
frontend cyrus/lmtp[19537]: TLS is available.
<br>
frontend cyrus/lmtp[19541]: tls_server_ca_dir=(NULL)
tls_server_ca_file=/etc/ssl/certs/wildcard.ca
<br>
frontend cyrus/lmtp[19537]: SSL_accept() incomplete -> wait
<br>
frontend cyrus/lmtp[19541]: Doing a peer verify
<br>
frontend cyrus/lmtp[19541]: Doing a peer verify
<br>
frontend cyrus/lmtp[19541]: Doing a peer verify
<br>
frontend cyrus/lmtp[19537]: Doing a peer verify
<br>
frontend cyrus/lmtp[19537]: Doing a peer verify
<br>
frontend cyrus/lmtp[19537]: Doing a peer verify
<br>
frontend cyrus/lmtp[19537]: SSL_accept() incomplete -> wait
<br>
frontend cyrus/lmtp[19537]: SSL_accept() succeeded -> done
<br>
frontend cyrus/lmtp[19537]: received client certificate
<br>
frontend cyrus/lmtp[19537]:
subject=***********************************************
<br>
frontend cyrus/lmtp[19537]: starttls: TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits new) authenticated as
*.domain
<br>
frontend cyrus/lmtp[19541]: received server certificate
<br>
frontend cyrus/lmtp[19541]: starttls: TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits new client) no
authentication
<br>
frontend cyrus/lmtp[19537]: command: LHLO lmtpproxyd
<br>
frontend cyrus/lmtp[19537]: TLS is available.
<br>
frontend cyrus/lmtp[19541]: couldn't authenticate to backend
server: no mechanism available
<br>
frontend cyrus/lmtp[19537]: command: QUIT
<br>
frontend cyrus/lmtp[19541]: command: QUIT
<br>
<br>
<br>
### saslauthd -d -a pam >> cyrus is lmtpuser from mta,
murder is lmtpuser for the backend,
<br>
### lmtp connection to the backend doesn't go to saslauthd
<br>
saslauthd[19525] :rel_accept_lock : released accept lock
<br>
saslauthd[19527] :get_accept_lock : acquired accept lock
<br>
saslauthd[19525] :do_auth : auth success: [user=cyrus]
[service=lmtp] [realm=] [mech=pam]
<br>
saslauthd[19525] :do_request : response: OK
<br>
<br>
<br>
### /var/log/messages
<br>
frontend cyrus/lmtp[19563]: No worthy mechs found
<br>
frontend cyrus/lmtp[19563]: No worthy mechs found
<br>
<br>
### /var/log/maillog -> mta postfix
<br>
mta postfix/smtpd[7678]: connect from client_test
<br>
mta postfix/smtpd[7678]: DCAEF10392E5: client=client_test
<br>
mta postfix/cleanup[7682]: DCAEF10392E5: message-id=<>
<br>
mta postfix/qmgr[2161]: DCAEF10392E5: from=<mail.domain>,
size=576, nrcpt=1 (queue active)
<br>
mta postfix/smtpd[7678]: disconnect from client_test
<br>
mta postfix/lmtp[7683]: Untrusted TLS connection established to
frontend:24: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384
(256/256 bits)
<br>
mta postfix/lmtp[7683]: DCAEF10392E5: to=<mail.domain>,
relay=frontend:24, delay=0.1, delays=0.01/0/0.07/0.02,
dsn=4.4.3, status=deferred (host frontend said: 451 4.4.3 Remote
server unavailable (in reply to end of DATA command))
<br>
<br>
<br>
### /etc/imapd.conf -> frontend
<br>
sasl_pwcheck_method: saslauthd
<br>
sasl_mech_list: PLAIN
<br>
mupdate_server: cyrus-murder.univ-brest.fr
<br>
mupdate_username: murder
<br>
mupdate_authname: murder
<br>
mupdate_password: password
<br>
backend_password: password
<br>
proxy_authname: murder
<br>
<br>
<br>
### /etc/cyrus.conf -> frontend
<br>
START {
<br>
recover cmd="ctl_cyrusdb -r"
<br>
}
<br>
SERVICES {
<br>
# add or remove based on preferences
<br>
mupdate cmd="mupdate" listen=3905 prefork=1
<br>
imap cmd="imapd" listen="imap" prefork=5
<br>
imaps cmd="imapd -s" listen="imaps" prefork=1
<br>
pop3 cmd="pop3d" listen="pop3" prefork=3
<br>
pop3s cmd="pop3d -s" listen="pop3s" prefork=1
<br>
sieve cmd="timsieved" listen="sieve" prefork=0
<br>
nntp cmd="nntpd" listen="nntp" prefork=3
<br>
lmtp cmd="lmtpd" listen="lmtp" prefork=0
<br>
}
<br>
EVENTS {
<br>
checkpoint cmd="ctl_cyrusdb -c" period=30
<br>
delprune cmd="cyr_expire -E 3" at=0400
<br>
tlsprune cmd="tls_prune" at=0400
<br>
}
<br>
DAEMON {
<br>
idled cmd="idled"
<br>
}
<br>
<br>
### /etc/sysconfig/saslauthd
<br>
SOCKETDIR=/run/saslauthd
<br>
MECH=pam
<br>
<br>
### lmtptest frontend -> backend
<br>
(frontend)# lmtptest -t "" -a murder backend
<br>
S: 220 backend.domain Cyrus LMTP 3.0.8-7.el7.centos Fedora
server ready
<br>
C: LHLO lmtptest
<br>
S: 250-backend.domain
<br>
S: 250-8BITMIME
<br>
S: 250-ENHANCEDSTATUSCODES
<br>
S: 250-PIPELINING
<br>
S: 250-SIZE
<br>
S: 250-STARTTLS
<br>
S: 250-AUTH PLAIN
<br>
S: 250-IGNOREQUOTA
<br>
S: 250 Ok
SESSIONID=<cyrus-28058-1551952740-1-7710567405059874995>
<br>
C: STARTTLS
<br>
S: 220 Begin TLS negotiation now
<br>
verify error:num=19:self signed certificate in certificate chain
<br>
TLS connection established: TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
<br>
C: LHLO lmtptest
<br>
S: 250-backend.domain
<br>
S: 250-8BITMIME
<br>
S: 250-ENHANCEDSTATUSCODES
<br>
S: 250-PIPELINING
<br>
S: 250-SIZE
<br>
S: 250-AUTH PLAIN
<br>
S: 250-IGNOREQUOTA
<br>
S: 250 Ok
SESSIONID=<cyrus-28058-1551952740-2-5714180577914972405>
<br>
Please enter your password:
<br>
C: AUTH PLAIN ***************************************
<br>
S: 235 Authenticated!
<br>
Authenticated.
<br>
Security strength factor: 256
<br>
<br>
<br>
It seems I miss something in imapd.conf to tell LMTP to use sasl
plain but I didn't find the way.
<br>
Any help would be greatly appreciated.
<br>
<br>
Thanks
<br>
<br>
<br>
Ismaël TANGUY
<br>
Université de Bretagne Occidentale
<br>
Brest - France
<br>
<br>
----
<br>
Cyrus Home Page: <a class="moz-txt-link-freetext" href="http://www.cyrusimap.org/">http://www.cyrusimap.org/</a>
<br>
List Archives/Info:
<a class="moz-txt-link-freetext" href="http://lists.andrew.cmu.edu/pipermail/info-cyrus/">http://lists.andrew.cmu.edu/pipermail/info-cyrus/</a>
<br>
To Unsubscribe:
<br>
<a class="moz-txt-link-freetext" href="https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus">https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus</a>
<br>
</blockquote>
<br>
<br>
<br>
--------------------------------------------------------------------------------
<br>
M.Menge Tel.: (49) 7071/29-70316
<br>
Universität Tübingen Fax.: (49) 7071/29-5912
<br>
Zentrum für Datenverarbeitung mail:
<a class="moz-txt-link-abbreviated" href="mailto:michael.menge@zdv.uni-tuebingen.de">michael.menge@zdv.uni-tuebingen.de</a>
<br>
Wächterstraße 76
<br>
72074 Tübingen
<br>
<br>
----
<br>
Cyrus Home Page: <a class="moz-txt-link-freetext" href="http://www.cyrusimap.org/">http://www.cyrusimap.org/</a>
<br>
List Archives/Info:
<a class="moz-txt-link-freetext" href="http://lists.andrew.cmu.edu/pipermail/info-cyrus/">http://lists.andrew.cmu.edu/pipermail/info-cyrus/</a>
<br>
To Unsubscribe:
<br>
<a class="moz-txt-link-freetext" href="https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus">https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus</a><br>
</blockquote>
</body>
</html>