postfix, sasl2 and imapd realm problem
ken at hudat.com
Wed Dec 11 10:28:01 EST 2002
On Wed, 11 Dec 2002, redel wrote:
> what I did:
> - turned on unixheirsep to allow dots in mbox-names
> - created the mailbox for each user with
> cm user/user at foo.com
> - run saslpasswd2 with -u foo.com -c user
> to have the domain name as realm
> - used auxprop as generel pw-check method.
> (for postfix-smtpd and imapd)
> (I tested the above configuration with my mailer:
> I could see my Inbox and auth with CRAM-MD5 to
> my mailbox-account user at foo.com also worked correctly)
> - configured postfix-smtp using CRAM-MD5 or DIGEST-MD5
> and lmtp socked for mailbox_transport to imapd.
> my problem:
> with the above configuration, postfix cannot send mail
> to the users mailboxes: I get the follwoing error:
> Dec 10 20:38:35 linux postfix/lmtp: 127871E7BD:
> to=<hello at foo.com.de>,
> delay=0, status=bounced (host
> /var/spool/postfix/public/lmtp[/var/spool/postfix/public/lmtp] said:
> 550-Mailbox unknown. Either there is no mailbox associated with this
> 550-name or you do not have authorization to see it. 550 5.1.1 User
> unknown (in reply to RCPT TO command))
> ok, the mailbox hello at foo.com.de cannot be found. when creating
> mbox names in imap containing the plain user name only (without the
> domain name extension @foo.com) postfix can deliver the mail
> correctly, but then, my imap-client cannot see his Inbox anymore.
The problem is that the cyrus lmtpd is chopping off the @domain before
delivering to the mailbox. A fix to this is to apply the lmtp patch at:
The 2.1.5 patch works fine with 2.1.11. I've been running this patch for
some time on a personal server which handles a nice number of users.
The only problem is with this setup is that you have to keep in mind that
now, user and user at domain are two different mailboxes. I set the default
realm for cyrus to be a name that I wouldn't use as an extension to a
mailbox, ever. This way my users wouldn't get a successul login to the
server if the leave off the domain. If the default domain is the same as
the domain part in their username and they log in with simply their
username, they'll be allowed in but be shown no inbox. Or at least they
did with IMP.
Another thing is with virtual user mapping. If you do a catch-all address
in postfix to catch misc. entries, ie:
@domain.com user1 at domain.com
Then any other real email boxes on @domain.com wouldn't get searched for.
In order to get around that, I find:
user at domain.com user at domain.com
mappings will get around this problem. You just have to make sure you
create one for each user. I don't know why this works, but it does, and it
makes life simpler for me.
Let he who is without clue kiss my ass
More information about the Info-cyrus