Cyrus, sendmail and Cyrus SASL on CentOS4.1

Mon Oct 10 15:15:22 EDT 2005

Petre Agenbag wrote:

> Hi List
>
> I recently tried to get the distributed rpm’s for CyrusImap, sendmail 
> and cyrus sasl that came with CentOS4.1 to act as my IMAP/POP3 
> mail-server.
>
> I’m fairly familiar with this combination, coming from RHEL3 with 
> source-built cyrus and sendmail running just fine; however, when I saw 
> the rpm’s that came with CentOS4.1, I thought it would be good to use 
> rpm’s since yum could do the updating for me…
>
> I got everything to work fairly well, except the authentication; users 
> can successfully authenticate to collect mail via POP3 and IMAP, but 
> when trying to send thru the server, the authentication fails with the 
> following:
>
> Oct 10 16:27:19 apollo saslauthd[2448]: do_auth : auth failure: 
> [user=testing] [service=smtp] [realm=] [mech=shadow] [reason=Unknown]
>
> Here is /etc/imapd.conf
>
> configdirectory: /var/lib/imap
>
> partition-default: /var/spool/imap
>
> admins: cyrus
>
> sievedir: /var/lib/imap/sieve
>
> sendmail: /usr/sbin/sendmail
>
> hashimapspool: true
>
> lmtpsocket: /var/imap/socket/lmtp
>
> virtdomains: userid
>
> sasl_pwcheck_metd: saslauthd
>
> sasl_mech_list: PLAIN CRAM-MD5 DIGEST-MD5 LOGIN
>
> #tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem
>
> #tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem
>
> #tls_ca_file: /usr/share/ssl/certs/ca-bundle.crt
>
> tls_ca_file: /var/lib/imap/server.pem
>
> tls_cert_file: /var/lib/imap/server.pem
>
> tls_key_file: /var/lib/imap/server.pem
>
> and /etc/cyrus.conf
>
> # standard standalone server implementation
>
> START {
>
> # do not delete this entry!
>
> recover cmd="ctl_cyrusdb -r"
>
> # this is only necessary if using idled for IMAP IDLE
>
> # idled cmd="idled"
>
> }
>
> # UNIX sockets start with a slash and are put into /var/lib/imap/sockets
>
> SERVICES {
>
> # add or remove based on preferences
>
> imap cmd="imapd" listen="imap" prefork=5
>
> imaps cmd="imapd -s" listen="imaps" prefork=1
>
> pop3 cmd="pop3d" listen="pop3" prefork=3
>
> pop3s cmd="pop3d -s" listen="pop3s" prefork=1
>
> sieve cmd="timsieved" listen="sieve" prefork=0
>
> # these are only necessary if receiving/exporting usenet via NNTP
>
> # nntp cmd="nntpd" listen="nntp" prefork=3
>
> # nntps cmd="nntpd -s" listen="nntps" prefork=1
>
> # at least one LMTP is required for delivery
>
> # lmtp cmd="lmtpd" listen="lmtp" prefork=0
>
> lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=1
>
> # this is only necessary if using notifications
>
> # notify cmd="notifyd" listen="/var/lib/imap/socket/notify" 
> proto="udp" prefork=1
>
> }
>
> EVENTS {
>
> # this is required
>
> checkpoint cmd="ctl_cyrusdb -c" period=30
>
> # this is only necessary if using duplicate delivery suppression,
>
> # Sieve or NNTP
>
> delprune cmd="cyr_expire -E 3" at=0400
>
> # this is only necessary if caching TLS sessions
>
> tlsprune cmd="tls_prune" at=0400
>
> }
>
> And here is the versions of cyrus and sendmail:
>
> cyrus-sasl-2.1.19-5.EL4
>
> cyrus-imapd-utils-2.2.12-3.RHEL4.1
>
> cyrus-sasl-md5-2.1.19-5.EL4
>
> cyrus-imapd-2.2.12-3.RHEL4.1
>
> cyrus-imapd-devel-2.2.12-3.RHEL4.1
>
> cyrus-imapd-nntp-2.2.12-3.RHEL4.1
>
> cyrus-sasl-plain-2.1.19-5.EL4
>
> cyrus-sasl-devel-2.1.19-5.EL4
>
> cyrus-imapd-murder-2.2.12-3.RHEL4.1
>
> sendmail-8.13.1-2
>
> sendmail-cf-8.13.1-2
>
> From the bits and pieces on forums everywhere it seems that the 
> problem is with saslauth?
>
> I am planning to run multiple virtual hosts on this server and no LDAP.
>
> Can anyone help me to sort this problem out?
>
> Thanks in advance for any help.
>
> Regards
>
> Petre
>
>------------------------------------------------------------------------
>
>----
>Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
To let users use the same passworddatabase as cyrus to send mail via 
your sendmail with smtp_auth you need this,

in site.config.m4

APPENDDEF(`confENVDEF', `-DSASL=2')dnl
APPENDDEF(`confLIBS', `-lsasl2')dnl

Find you sourc m4 sendmail.cf file and add (look in cf/cf dir),

define(`confAUTH_OPTIONS', `y')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl

And in the file
/usr/local/lib/sasl2/Sendmail.conf (or where it is on your system) add.

pwcheck_method: auxprop
mech_list: PLAIN LOGIN
auxprop_plugin: sql
password_format: plaintext

and change this above example to fit your system.

When this is done and try to send mail via your sendmail your mailclient 
will ask for username and password. This usernames and password is the 
same as the login to collect mail.

I hope it helped a little bit...

/Casper

PS all examples are ripped from my own configfiles so do NOT forget to 
change so it fits your needs. And another thing, i do not know anything 
about rpm's so this must be done with the sources of sendmail. How to do 
the same with rmp's, as i told, i can't.