how to make sendmail authenticate to lmtpd

Rob Siemborski rjs3 at andrew.cmu.edu
Wed Jan 15 16:45:55 EST 2003


On Wed, 15 Jan 2003, Gautam Das wrote:

> /* secprops = mysasl_secprops(SASL_SEC_NOPLAINTEXT); */
>    secprops = mysasl_secprops(0);
>
> There was a discussion thread with the above tip from Rob (Thanks Rob).
> However it made imap proxy work but not mailbox move from one backend to
> another.

I'm not going to make any guarantees about trying to use the murder in a
plaintext environment. It hasn't been tested in any way and there might be
some surprises that I haven't thought of.  That said, it's entirely
possible that the backend imapd that is working as a client is refusing to
use plaintext in *its* authentication, so I'd troll around in backend.c
some.

> 2. sendmail fails to deliver messages via lmtpproxyd due to
> authentication problems.This is a typical mail deliver test that fails
> on the frontend server running lmtpproxyd.
>
> root at spnode21$ mail -v test100
> Subject: test
> test
> .
> Cc:
> test100... Connecting to [127.0.0.1] port 2003 via cyrusv2...
> 220 spnode21 LMTP Cyrus v2.1.11 ready
> >>> LHLO ufl.edu
> 250-spnode21
> 250-8BITMIME
> 250-ENHANCEDSTATUSCODES
> 250-PIPELINING
> 250-SIZE
> 250-STARTTLS
> 250-AUTH PLAIN
> 250 IGNOREQUOTA
> >>> MAIL From:<root at ufl.edu> SIZE=32 AUTH=root at ufl.edu
> 430 Authentication required
> test100... Deferred: 430 Authentication required
> Closing connection to [127.0.0.1]
> >>> QUIT
> 221 2.0.0 bye
[snip]
> The above mailer (lmtp via a tcp socket) works fine on backend machines,
> which is using preauthenticated lmtpd i.e. "lmtpd -a" in cyrus.conf.
>
> Any help will be appreciated.

You shouldn't run lmtpd on a TCP socket with -a.  That basically bypasses
any sense of delivery security LMTP is offering you.  In reality, sendmail
should be configured to do SMTP AUTH.

At the very least, lmtpproxyd has to be able to do authenticated delivery
from your smtp servers to the lmtpds on the backends.  (and you can run
lmtpproxyd -a on a unix socket on the local machine).

-Rob

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper





More information about the Info-cyrus mailing list