Sendmail + LMTP AUTH

Scott Adkins adkinss at ohio.edu
Mon Jan 27 22:18:29 EST 2003 

Okay, I must be clueless here... I have looked through the docs, looked
through the archives, done google searches, etc.  I just plain don't
understand how to configure sendmail to do LMTP authentication correctly.
I am in need to open up the TCP port of LMTP to more than just [localhost]
and believe that LMTP AUTH is the way to do it.  We do not have tcpwrapper
support compiled in, and really need to find a way to do it without having
to recompile lmtpd.

In the cyrus config file, I have the following config lines:

  # LMTP is required for delivery
  #lmtp         cmd="lmtpd -a" listen="localhost:lmtp"
  lmtp          cmd="lmtpd" listen="lmtp"
  lmtpunix      cmd="lmtpd" listen="/var/imap/socket/lmtp"

We were running with the "-a" option forced to localhost.  I removed it
and removed the localhost reference.  The lmtpunix line is there in case
anyone uses the deliver program to deliver a message.

As far as the sendmail configuration goes, I have the following:

  dnl server configuration for SMTP AUTH
  define(`confAUTH_MECHANISMS', `PLAIN')dnl
  TRUST_AUTH_MECH(`PLAIN')
  define(`confAUTH_OPTIONS', `p,y')dnl

  dnl server configuration for SMTPS
  DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')

  dnl cyrus configuration
  define(`confLOCAL_MAILER', `cyrus')

  MAILER(`local')
  MAILER(`smtp')

  MAILER_DEFINITIONS
  Mcyrus, P=[IPC], F=lsDFMnqAwW@/:|SmXz, E=\r\n,
          S=EnvFromL, R=EnvToL/HdrToL, T=DNS/RFC822/X-Unix,
          U=cyrus:mail, A=TCP [localhost] lmtp

Note:  This is obviously not the full file, but hopefully just the parts
relevant to the discussion.

Now, what do I need to change in order to get LMTP AUTH working?  I do
have some questions regarding how LMTP AUTH actually occurs... First,
what username/password gets used for the authentication?  Is it going to
be "postman", like it is for when lmtpd is ran with the "-a" option?  I
can only guess that this might be the case, since delivery of email is
coming from an anonymous source and not a physical user on the system.
If this is the case, then what about the password?  Is it stored in the
config file, or cached or what?  Secondly, I assume this occurs in the
plain-text format, so, should I be setting up LMTP to be done over SSL?
Will sendmail use SSL to LMTP correctly?  If this is the case, how do I
change the above setup to make SSL LMTP work?

By the way, please note that I have "allowplaintext: 1" in the imapd.conf
file, so authenticating over a plain-text connection for IMAP and POP is
not allowed... they have to authenticate over an SSL/TLS connection first.
Since this is set, won't this affect LMTP authentication as well?

Okay, lots of questions... I hope I can get some answers... I feel that I
am pouring more time and energy into this problem than I need, and really
need to turn my attention elsewhere...

Thanks!
Scott
-- 
 +-----------------------------------------------------------------------+
      Scott W. Adkins                http://www.cns.ohiou.edu/~sadkins/
   UNIX Systems Engineer                  mailto:adkinss at ohio.edu
        ICQ 7626282                 Work (740)593-9478 Fax (740)593-1944
 +-----------------------------------------------------------------------+
     PGP Public Key available at http://www.cns.ohiou.edu/~sadkins/pgp/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 231 bytes
Desc: not available
Url : https://lists.andrew.cmu.edu/mailman/private/info-cyrus/attachments/20030127/9b741ed0/attachment.bin

More information about the Info-cyrus mailing list