postfix, sasl2 and imapd realm problem

Wed Dec 11 07:34:04 EST 2002

dear list,

I'm using:
   postfix-1.1.12-20021202
   cyrus-sasl-2.1.7
   cyrus-imapd-2.1.9

my requirements:
   managing a single mail domain (f.ex. foo.com) with imap,
   with auth CRAM-MD5 or DIGEST-MD5. (no plain text passwords
   and others)

what I did:
   - turned on unixheirsep to allow dots in mbox-names
   - created the mailbox for each user with
     cm user/user at foo.com
   - run saslpasswd2 with -u foo.com -c user
     to have the domain name as realm
   - used auxprop as generel pw-check method.
     (for postfix-smtpd and imapd)
   (I tested the above configuration with my mailer:
    I could see my Inbox and auth with CRAM-MD5 to
    my mailbox-account user at foo.com also worked correctly)

   - configured postfix-smtp using CRAM-MD5 or DIGEST-MD5
     and lmtp socked for mailbox_transport to imapd.

my problem:
with the above configuration, postfix cannot send mail
to the users mailboxes: I get the follwoing error:

Dec 10 20:38:35 linux postfix/lmtp[1657]: 127871E7BD: 
to=<hello at foo.com.de>, 
relay=/var/spool/postfix/public/lmtp[/var/spool/postfix/public/lmtp], 
delay=0, status=bounced (host 
/var/spool/postfix/public/lmtp[/var/spool/postfix/public/lmtp] said: 
550-Mailbox unknown.  Either there is no mailbox associated with this 
550-name or you do not have authorization to see it. 550 5.1.1 User 
unknown (in reply to RCPT TO command))

ok, the mailbox hello at foo.com.de cannot be found. when creating
mbox names in imap containing the plain user name only (without the 
domain name extension @foo.com) postfix can deliver the mail 
correctly, but then, my imap-client cannot see his Inbox anymore.

For me, the main problem in the whole story seems to be, that sasl 
passwords cannot be created without a realm. or is there a possibility 
that I have not seen yet? maybe I can tell postfix in the cyrus part 
within the deliver parameter to define the correct mailbox name as 
defined in my imap environment???
my current deliver call is:
   usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}

I studied the mails in this list and found people who had similar 
problems with auth and realms. Has anyone in the list solved this 
problem till now or any suggestions?? comments would be highly 
appreceated.

my workaround:
I created 2 mboxes for each user: one containig the complete domain
in the mbox name (hello at foo.com) and the other with the username
only  (hello). so postfix can deliver mail to hello an my imap client 
can see his Inbox. In order to get the 2 boxes together I deleted the 
mbox dir hello in /var/spool/imap/user and created a link:
   ln -s hello at foo^com hello
It worked well within my short tests. but what happens in a production 
environment?? may I get serious problems that I can't see yet?

many thanks in advance.

reinhold