Murder and POP3

Ken Murchison ken at oceana.com
Mon Dec 8 08:35:45 EST 2003


Does the test user have a mailbox on the backend?  Because POP3 only 
supports one mailbox, when you authenticate, it also tries to open the 
mailbox.  If user.test can't be found or open, authentication will fail. 
  IMAP is different in that authentication and mailbox selection are two 
separate functions.  What happens if you do:

x SELECT INBOX

in imtest?


Andreas S. Kerber wrote:

> I'm currently implementing a cyrus murder test environment (1 backend,
> 1 frontend and the mupdate-master on a seperate machine). All machines
> with Cyrus 2.1.16, no virtual domains, unixhierarchysep: no, saslauthd uses
> pam.
> Everything is working fine (all mailbox operations and IMAP), except
> POP3, which is not working.
> 
> After authenticating via POP3 at the frontend, it immediatly fails with
> "-ERR Authentication to backend server failed".
> IMAP works fine and talking POP3 directly to the backend works fine too.
> 
> According to "ngrep" the frontend connects to the backend,
> reads the POP3 banner and thats it. It doesn't seem to even try to
> authenticate.  Any idea what the problem could be? Is anybody using POP3 on
> a murder?
> 
> 
> This is the ngrep output from the backend when trying to connect
> via POP3 to the frontend:
> 
> # ngrep port 110                
> interface: eth0 (213.182.0.0/255.255.255.128)
> filter: ip and ( port 110 )
> ####
> T 213.182.0.<frontend>:110 -> 213.182.0.<backend>:38004 [AP]
>   +OK osiris2 Cyrus POP3 v2.1.16 server ready <2075889155.1070884187 at osiris2>..
> ####
> 
> This is what happens on the frontend:
> 
> # pop3test -a test -w test -p 110 213.182.0.<frontend>   
> S: +OK seth Cyrus POP3 Murder v2.1.16 server ready <2755492160.1070883991 at seth>
> C: CAPA
> S: +OK List of capabilities follows
> S: SASL DIGEST-MD5 CRAM-MD5
> S: EXPIRE NEVER
> S: LOGIN-DELAY 0
> S: TOP
> S: UIDL
> S: PIPELINING
> S: RESP-CODES
> S: AUTH-RESP-CODE
> S: USER
> S: IMPLEMENTATION Cyrus POP3 proxy server v2.1.16
> S: .
> C: AUTH CRAM-MD5
> S: + PDM3NjE4NTI5NDIuMTM5MTk0NDZAc2V0aD4=
> C: dGVzdCA2ZWVkMjE0NDhmMzM2ZmEwMDA4YTc0MzdhZDQwOWU1YQ==
> S: -ERR Authentication to backend server failed
> Authentication failed. generic failure
> Security strength factor: 0
> Connection closed. 
> 
> 
> The logs on the frontend reveal nothing helpful:
> 
> Dec  8 12:51:52 seth pop3d[16023]: accepted connection
> Dec  8 12:51:52 seth master[17910]: about to exec /usr/cyrus/bin/pop3proxyd
> Dec  8 12:51:52 seth pop3[17910]: executed
> Dec  8 12:51:52 seth pop3d[16023]: login: <client hostname>[213.182.0.X] test CRAM-MD5 User logged in
> Dec  8 12:51:52 seth pop3d[16023]: couldn't authenticate to backend server
> Dec  8 12:51:52 seth master[13756]: process 16023 exited, status 0
> 
> 
> As you can see IMAP works fine:
> 
> # imtest -a test -w test -p 143 213.182.0.<frontend>
> S: * OK seth Cyrus IMAP4 Murder v2.1.16 server ready
> C: C01 CAPABILITY
> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UI5
> S: C01 OK Completed
> C: A01 AUTHENTICATE CRAM-MD5
> S: + PDE4NzczNTIxNzEuMTM5MjA3NjVAc2V0aD4=
> C: dGVzdCBhZjViMWIzYTAyMjdiNmM5OWE1ZmE2YmZkYjk1ZGI4Nw==
> S: A01 OK Success (no protection)
> Authenticated.
> Security strength factor: 0
> . LIST "" "*"
> * LIST (\HasNoChildren) "." "INBOX"
> . OK Completed
> 
> 
> 
> The is the frontend configuration:
> 
> configdirectory: /var/imap
> partition-default: /data/imap
> admins: cyradm
> sasl_pwcheck_method: saslauthd
> proxy_authname: murder
> osiris2_password: XXXXXX
> mupdate_server: <mupdatemaster hostname>
> mupdate_port: 3905
> mupdate_username: mupdateslave1
> mupdate_authname: mupdateslave1
> mupdate_password: XXXX
> 
> 
> And this is the backend configuration:
> 
> configdirectory: /var/imap
> partition-default: /data/imap
> admins: cyradm
> allowanonymouslogin: no
> sasl_srvtab: /var/imap/srvtab
> sasl_pwcheck_method: saslauthd
> sendmail: /usr/sbin/sendmail
> proxyservers: murder
> mupdate_server: <mupdatemaster hostname>
> mupdate_port: 3905
> mupdate_username: backend1
> mupdate_authname: backend1
> mupdate_password: XXXXX
> 
> If needed I can post an "strace" from a running pop3proxyd, there
> doesn't seem to be anything helpful in there either tough.
> 
> Your help would be greatly appreciated!
> 


-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp





More information about the Info-cyrus mailing list