postfix, sasl2 and imapd realm problem

Kendrick Vargas ken at
Wed Dec 11 10:28:01 EST 2002

On Wed, 11 Dec 2002, redel wrote:

> what I did:
>    - turned on unixheirsep to allow dots in mbox-names
>    - created the mailbox for each user with
>      cm user/user at
>    - run saslpasswd2 with -u -c user
>      to have the domain name as realm
>    - used auxprop as generel pw-check method.
>      (for postfix-smtpd and imapd)
>    (I tested the above configuration with my mailer:
>     I could see my Inbox and auth with CRAM-MD5 to
>     my mailbox-account user at also worked correctly)
>    - configured postfix-smtp using CRAM-MD5 or DIGEST-MD5
>      and lmtp socked for mailbox_transport to imapd.
> my problem:
> with the above configuration, postfix cannot send mail
> to the users mailboxes: I get the follwoing error:
> Dec 10 20:38:35 linux postfix/lmtp[1657]: 127871E7BD: 
> to=<hello at>, 
> relay=/var/spool/postfix/public/lmtp[/var/spool/postfix/public/lmtp], 
> delay=0, status=bounced (host 
> /var/spool/postfix/public/lmtp[/var/spool/postfix/public/lmtp] said: 
> 550-Mailbox unknown.  Either there is no mailbox associated with this 
> 550-name or you do not have authorization to see it. 550 5.1.1 User 
> unknown (in reply to RCPT TO command))
> ok, the mailbox hello at cannot be found. when creating
> mbox names in imap containing the plain user name only (without the 
> domain name extension postfix can deliver the mail 
> correctly, but then, my imap-client cannot see his Inbox anymore.

The problem is that the cyrus lmtpd is chopping off the @domain before 
delivering to the mailbox. A fix to this is to apply the lmtp patch at:

The 2.1.5 patch works fine with 2.1.11. I've been running this patch for 
some time on a personal server which handles a nice number of users.

The only problem is with this setup is that you have to keep in mind that 
now, user and user at domain are two different mailboxes. I set the default 
realm for cyrus to be a name that I wouldn't use as an extension to a 
mailbox, ever. This way my users wouldn't get a successul login to the 
server if the leave off the domain. If the default domain is the same as 
the domain part in their username and they log in with simply their 
username, they'll be allowed in but be shown no inbox. Or at least they 
did with IMP.

Another thing is with virtual user mapping. If you do a catch-all address 
in postfix to catch misc. entries, ie:		user1 at

Then any other real email boxes on wouldn't get searched for. 
In order to get around that, I find:

	user at		user at

mappings will get around this problem. You just have to make sure you 
create one for each user. I don't know why this works, but it does, and it 
makes life simpler for me.

Let he who is without clue kiss my ass

More information about the Info-cyrus mailing list