Virtual domains broken?

Anthony Chavez acc at anthonychavez.org
Mon Sep 20 22:29:07 EDT 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi, all.

When setting up imapd, I've become accustomed to setting the imapd.conf
servername option to the name of the SASL realm that I am serving for,
regardless of the server's actual hostname.  For example, if I'm running
imapd on machine.x.com and my realm is x.com, I would configure
servername to match the latter and live with it.

However, in the process of performing a fresh 2.2.8 install, I got a bug
in my ear to experiment a bit.  My environment consists of a FreeBSD
5.2.1-RELEASE-p9 machine with one NIC (192.168.0.1) configured with
multiple IP aliases (192.168.0.2, 192.168.0.3, etc.).

Based on my understanding of the documentation, if I were to enable
virtual domains, imapd would report a different FQDN for each
*interface* connection (e.g., mail.x.com for 192.168.0.2 or mail2.x.com
for 192.168.0.3), regardless of the actual *hostname* of that machine
(machine.x.com/192.168.0.1) and have unqualified usernames use a default
domain that is formed by truncating the FQDN (e.g., to x.com).

I've configured servername, virtdomains, and defaultdomain in the
following combinations:

servername: mail.x.com

virtdomains: yes
defaultdomain: x.com

servername: mail.x.com
virtdomains: yes
defaultdomain: x.com

servername: mail.x.com
defaultdomain: x.com

I've tried running imtest with the following options for each of the
above combinations.  Neither have worked unless servername matches the
SASL realm and the other two options are unset.

acc at machine:~> imtest -m login -a acc mail.x.com
acc at machine:~> imtest -m login -a acc -r x.com mail.x.com

Also worth mentioning is the fact that I refrained from using cyradm and
instead created the user with saslpasswd2.  Could this be my problem?

It would seem that either I am doing something wrong, imapd doesn't
support interface aliases, or virtual domain support is broken.  Before
submitting a bug report, however, I'd like to know that I'm not just
missing something.

Here is a diff, showing my edits on the imapd.conf shipped with the
FreeBSD port, followed by my edits on cyrus.conf and non-default
settings found in the shipped imapd.conf.  Not much has been changed.

acc at machine:~> diff /usr/ports/mail/cyrus-imapd22/files/imapd.conf /usr/local/etc/imapd.conf
49c49
< #servername: <result returned by gethostname(2)>
- ---
> #servername: mail.x.com
236c236
< #sendmail: /usr/sbin/sendmail
- ---
> sendmail: /usr/local/sbin/sendmail
320c320
< #sasl_mech_list: cram-md5 digest-md5
- ---
> sasl_mech_list: digest-md5 cram-md5 plain
412a413,415
> 
> virtdomains: yes
> defaultdomain: x.com
acc at machine:~> diff /usr/ports/mail/cyrus-imapd22/work/cyrus-imapd-2.2.8/master/conf/normal.conf /usr/local/etc/cyrus.conf
14,18c14,18
<   imap		cmd="imapd" listen="imap" prefork=0
<   imaps		cmd="imapd -s" listen="imaps" prefork=0
<   pop3		cmd="pop3d" listen="pop3" prefork=0
<   pop3s		cmd="pop3d -s" listen="pop3s" prefork=0
<   sieve		cmd="timsieved" listen="sieve" prefork=0
- ---
>   imap		cmd="imapd" listen="mail.x.com:imap" prefork=0
> #  imaps		cmd="imapd -s" listen="mail.x.com:imaps" prefork=0
> #  pop3		cmd="pop3d" listen="pop3" prefork=0
> #  pop3s		cmd="pop3d -s" listen="pop3s" prefork=0
> #  sieve		cmd="timsieved" listen="sieve" prefork=0
acc at machine:~> grep '^[^#]' /usr/ports/mail/cyrus-imapd22/files/imapd.conf 
configdirectory: /var/imap
partition-default: /var/spool/imap
sieveusehomedir: false
sievedir: /var/imap/sieve
sasl_pwcheck_method: auxprop
acc at machine:~> 

And here is the output from a few commands under this configuration.
Note that although the user exists and the interface reverse-resolves to
a name other than the hostname of the machine itself, an imtest session
reveals the machine hostname rather than the interface name.

acc at machine:~> sudo sasldblistusers2 
Password:
acc at x.com: userPassword
acc at machine:~> host 192.168.0.2
2.0.168.192.IN-ADDR.ARPA domain name pointer mail.x.com
acc at machine:~> imtest -m login mail.x.com
S: * OK machine.x.com Cyrus IMAP4 v2.2.8 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR
S: C01 OK Completed
Please enter your password: 
C: L01 LOGIN acc {3}
S: + go ahead
C: <omitted>
S: L01 NO Login failed: user not found
Authentication failed. generic failure
Security strength factor: 0
. LOGOUT
* BYE LOGOUT received
. OK Completed
Connection closed.
acc at machine:~> 

- -- 
Anthony Chavez                             http://www.anthonychavez.org/
mailto:acc at anthonychavez.org         jabber:acc at jabber.anthonychavez.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFBT5H2bZTbIaRBRXERApnEAJ9/4Uf2eYOjw+1YiXzaz43L2ZX5NQCfRS68
TAxdVfEBK+A44ptwPPFq3BM=
=7WDH
-----END PGP SIGNATURE-----

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list