how to make sendmail authenticate to lmtpd

Gautam Das gautam at ufl.edu
Wed Jan 15 20:51:26 EST 2003


Rob,

Thanks. SMTP AUTH was the answer. Now sendmail is authenticating to
frontend lmtpproxyd as murder and delivering mail via the backend lmtpd
with proper authentication. Next I have to figure out how to get mailbox
moves between backends to work. 

Just wanted to clarify, I am not running lmtpd -a on the backends. I had
done some testing with "lmtpd -a" to allow only localhost to connect to
the "localhost:lmtp" port  via TCP socket. lmtpd was not open to the
world:) 

Gautam

On Wed, 2003-01-15 at 16:45, Rob Siemborski wrote:
> On Wed, 15 Jan 2003, Gautam Das wrote:
> 
> > /* secprops = mysasl_secprops(SASL_SEC_NOPLAINTEXT); */
> >    secprops = mysasl_secprops(0);
> >
> > There was a discussion thread with the above tip from Rob (Thanks Rob).
> > However it made imap proxy work but not mailbox move from one backend to
> > another.
> 
> I'm not going to make any guarantees about trying to use the murder in a
> plaintext environment. It hasn't been tested in any way and there might be
> some surprises that I haven't thought of.  That said, it's entirely
> possible that the backend imapd that is working as a client is refusing to
> use plaintext in *its* authentication, so I'd troll around in backend.c
> some.
> 
> > 2. sendmail fails to deliver messages via lmtpproxyd due to
> > authentication problems.This is a typical mail deliver test that fails
> > on the frontend server running lmtpproxyd.
> >
> > root at spnode21$ mail -v test100
> > Subject: test
> > test
> > .
> > Cc:
> > test100... Connecting to [127.0.0.1] port 2003 via cyrusv2...
> > 220 spnode21 LMTP Cyrus v2.1.11 ready
> > >>> LHLO ufl.edu
> > 250-spnode21
> > 250-8BITMIME
> > 250-ENHANCEDSTATUSCODES
> > 250-PIPELINING
> > 250-SIZE
> > 250-STARTTLS
> > 250-AUTH PLAIN
> > 250 IGNOREQUOTA
> > >>> MAIL From:<root at ufl.edu> SIZE=32 AUTH=root at ufl.edu
> > 430 Authentication required
> > test100... Deferred: 430 Authentication required
> > Closing connection to [127.0.0.1]
> > >>> QUIT
> > 221 2.0.0 bye
> [snip]
> > The above mailer (lmtp via a tcp socket) works fine on backend machines,
> > which is using preauthenticated lmtpd i.e. "lmtpd -a" in cyrus.conf.
> >
> > Any help will be appreciated.
> 
> You shouldn't run lmtpd on a TCP socket with -a.  That basically bypasses
> any sense of delivery security LMTP is offering you.  In reality, sendmail
> should be configured to do SMTP AUTH.
> 
> At the very least, lmtpproxyd has to be able to do authenticated delivery
> from your smtp servers to the lmtpds on the backends.  (and you can run
> lmtpproxyd -a on a unix socket on the local machine).
> 
> -Rob
> 
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
> Research Systems Programmer * /usr/contributed Gatekeeper
> 






More information about the Info-cyrus mailing list