Cyrus, sendmail and Cyrus SASL on CentOS4.1

lkolchin at univ.haifa.ac.il lkolchin at univ.haifa.ac.il
Tue Oct 11 03:59:42 EDT 2005 

Hi,
 
This is the sendmail AUTH problem.
I'm using postfix and can send you the lines of code for the main.cf on postfix to handle this issue, but again you are using sendmail, so it could be different in your case:
 
# SASL SUPPORT FOR CLIENTS
#
# The following options set parameters needed by Postfix to enable
# Cyrus-SASL support for authentication of mail clients.
#
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
 
# SASL SUPPORT FOR SERVERS
#
# The following options set parameters needed by Postfix to enable
# Cyrus-SASL support for authentication of mail servers.
#
# smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
# smtp_use_tls = yes
# smtp_sasl_auth_enable = yes
# smtp_sasl_security_options =
 

## TLS
#  Transport Layer Security
#  
#
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
 
smtpd_tls_key_file = /var/lib/imap/server.pem
smtpd_tls_cert_file = /var/lib/imap/server.pem
smtpd_tls_CAfile = /var/lib/imap/server.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
 
 
Best Regards,
Leon Kolchinsky


________________________________

From: info-cyrus-bounces at lists.andrew.cmu.edu [mailto:info-cyrus-bounces at lists.andrew.cmu.edu] On Behalf Of Petre Agenbag
Sent: Monday, October 10, 2005 4:35 PM
To: info-cyrus at lists.andrew.cmu.edu
Subject: Cyrus, sendmail and Cyrus SASL on CentOS4.1



Hi List

 

I recently tried to get the distributed rpm’s for CyrusImap, sendmail and cyrus sasl that came with CentOS4.1 to act as my IMAP/POP3 mail-server.

 

I’m fairly familiar with this combination, coming from RHEL3 with source-built cyrus and sendmail running just fine; however, when I saw the rpm’s that came with CentOS4.1, I thought it would be good to use rpm’s since yum could do the updating for me…

 

I got everything to work fairly well, except the authentication; users can successfully authenticate to collect mail via POP3 and IMAP, but when trying to send thru the server, the authentication fails with the following:

 

Oct 10 16:27:19 apollo saslauthd[2448]: do_auth         : auth failure: [user=testing] [service=smtp] [realm=] [mech=shadow] [reason=Unknown]

 

Here is /etc/imapd.conf

configdirectory: /var/lib/imap

partition-default: /var/spool/imap

admins: cyrus

sievedir: /var/lib/imap/sieve

sendmail: /usr/sbin/sendmail

hashimapspool: true

lmtpsocket: /var/imap/socket/lmtp

virtdomains: userid

sasl_pwcheck_metd: saslauthd

sasl_mech_list: PLAIN CRAM-MD5 DIGEST-MD5 LOGIN

#tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem

#tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem

#tls_ca_file: /usr/share/ssl/certs/ca-bundle.crt

tls_ca_file: /var/lib/imap/server.pem

tls_cert_file: /var/lib/imap/server.pem

tls_key_file: /var/lib/imap/server.pem

 

and /etc/cyrus.conf

# standard standalone server implementation

 

START {

  # do not delete this entry!

  recover       cmd="ctl_cyrusdb -r"

 

  # this is only necessary if using idled for IMAP IDLE

#  idled                cmd="idled"

}

 

# UNIX sockets start with a slash and are put into /var/lib/imap/sockets

SERVICES {

  # add or remove based on preferences

  imap          cmd="imapd" listen="imap" prefork=5

  imaps         cmd="imapd -s" listen="imaps" prefork=1

  pop3          cmd="pop3d" listen="pop3" prefork=3

  pop3s         cmd="pop3d -s" listen="pop3s" prefork=1

  sieve         cmd="timsieved" listen="sieve" prefork=0

 

  # these are only necessary if receiving/exporting usenet via NNTP

#  nntp         cmd="nntpd" listen="nntp" prefork=3

#  nntps                cmd="nntpd -s" listen="nntps" prefork=1

 

  # at least one LMTP is required for delivery

#  lmtp         cmd="lmtpd" listen="lmtp" prefork=0

  lmtpunix      cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=1

 

  # this is only necessary if using notifications

#  notify       cmd="notifyd" listen="/var/lib/imap/socket/notify" proto="udp" prefork=1

}

 

EVENTS {

  # this is required

  checkpoint    cmd="ctl_cyrusdb -c" period=30

 

  # this is only necessary if using duplicate delivery suppression,

  # Sieve or NNTP

  delprune      cmd="cyr_expire -E 3" at=0400

 

  # this is only necessary if caching TLS sessions

  tlsprune      cmd="tls_prune" at=0400

}

 

 

And here is the versions of cyrus and sendmail:

cyrus-sasl-2.1.19-5.EL4

cyrus-imapd-utils-2.2.12-3.RHEL4.1

cyrus-sasl-md5-2.1.19-5.EL4

cyrus-imapd-2.2.12-3.RHEL4.1

cyrus-imapd-devel-2.2.12-3.RHEL4.1

cyrus-imapd-nntp-2.2.12-3.RHEL4.1

cyrus-sasl-plain-2.1.19-5.EL4

cyrus-sasl-devel-2.1.19-5.EL4

cyrus-imapd-murder-2.2.12-3.RHEL4.1

 

sendmail-8.13.1-2

sendmail-cf-8.13.1-2

 

 

>From the bits and pieces on forums everywhere it seems that the problem is with saslauth?

 

I am planning to run multiple virtual hosts on this server and no LDAP.

 

Can anyone help me to sort this problem out?

 

Thanks in advance for any help.

 

Regards

Petre

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.andrew.cmu.edu/mailman/private/info-cyrus/attachments/20051011/d545533b/attachment.html

More information about the Info-cyrus mailing list