[cyr]deliver, executed as <user>, should have <user>'s permissions

Joe Rhett jrhett at isite.net
Fri Apr 9 21:54:38 EDT 2004


If you are connecting to localhost, use a socket instead of TCP.

On Fri, Apr 09, 2004 at 12:37:12PM -0700, ms419 at freezone.co.uk wrote:
> "... I dislike people who do not read docs" : ) Fair enough.
> 
> I have now read _all_ /usr/share/doc/cyrus21-imapd/* and am struggling 
> to configure cyrus delivery using TCP sockets. cyrus.conf and 
> imapd.conf contain:
> ---
> lmtp cmd="lmtpd" listen="localhost:lmtp" prefork=0 maxchild=20
> ---
> lmtpsocket: localhost:lmtp
> ---
> services contians:
> ---
> lmtp            24/tcp
> ---
> Telnet works:
> ---
> admin at wum:~$ telnet localhost lmtp
> Trying 127.0.0.1...
> Connected to localhost (127.0.0.1).
> Escape character is '^]'.
> 220 wum LMTP Cyrus v2.1.16-IPv6-Debian-2.1.16-6 ready
> ---
> but cyrdeliver does not:
> ---
> admin at wum:~$ /usr/sbin/cyrdeliver admin < tmp/message
> couldn't connect to lmtpd: Success
> 421 4.3.0 deliver: couldn't connect to lmtpd
> ---
> Logs contain:
> ---
> Apr  9 12:07:41 wum cyrus/master[11512]: about to exec 
> /usr/lib/cyrus/bin/lmtpd
> Apr  9 12:07:42 wum cyrus/lmtp[11512]: executed
> Apr  9 12:07:42 wum cyrus/lmtpd[11512]: accepted connection
> Apr  9 12:07:42 wum cyrus/lmtpd[11512]: connection from localhost 
> [127.0.0.1]
> Apr  9 12:07:42 wum cyrus/deliver[11511]: lmtpengine do_auth: could not 
> sasl_setprop the security properties
> ---
> imapd has no SASL problems ... What have I missed?
> 
> My goal is for a user's permission to deliver to a folder to agree with 
> that folder's ACL - so I can run cyrdeliver as an unprivileged user 
> (like from .procmailrc), w/o allowing the user to deliver to every 
> folder.
> 
> Jack
> 
> On Apr 6, 2004, at 8:07 AM, Henrique de Moraes Holschuh wrote:
> 
> >On Tue, 06 Apr 2004, ms419 at freezone.co.uk wrote:
> >>[cyr]deliver is executed as my user, instead of "root.mail" - as it
> >...
> >>
> >>How do others get around this?
> >
> >Read the manpages, and configure cyrus deliver to use TCP sockets 
> >(cyrus
> >lmtpd must be told to listen on the TCP socket as well), or change the
> >permissions for the local unix socket.  If you're using a Debian 
> >package of
> >the 2.1 series, go read /usr/share/doc/cyrus21-imapd/* NOW.
> >
> >Make sure you do understand the security implications of what you're 
> >doing,
> >you may end up opening email submission to anyone (which might be, or 
> >might
> >not be a problem in your setup).
> >
> >-- 
> >  "One disk to rule them all, One disk to find them. One disk to bring
> >  them all and in the darkness grind them. In the Land of Redmond
> >  where the shadows lie." -- The Silicon Valley Tarot
> >  Henrique Holschuh
> >---
> >Home Page: http://asg.web.cmu.edu/cyrus
> >Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> >List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> >
> >
> 
> ---
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

-- 
Joe Rhett                                                      Chief Geek
JRhett at Isite.Net                                      Isite Services, Inc.
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html




More information about the Info-cyrus mailing list