lmtp delivery to cyrus store over unix socket requires
/etc/hosts.allow entry. why?
openmacnews at gmail.com
Tue Oct 18 12:32:58 EDT 2005
-----BEGIN PGP SIGNED MESSAGE-----
first -- i'd posted this 1st on exim-users, suspecting it may be an exim issue, but the thinking
is that it may well be a cyrus issue, or prehaps OSX ...
that said, i'm delivering to my cyrus-imap (CVS) store using an lmtp socket transport from exim
debug_print = "EXIM-DEBUG [T:cyrus_lmtp_unixsock] for $local_part@$domain"
driver = lmtp
socket = /var/MailServer/Process/lmtp.socket
user = MY_USER
cyrus.conf is configured with:
lmtpunix cmd="lmtpd -a -C /var/MailServer/Conf/imapd.conf"
on delivery attempt, my EXIM log shows a failed attempt, indicating that the LMTP connection is
2005-10-17 20:35:14 -0700 IOJDYN-0000FT-OY == testuser at email@example.com
<testuser at testdomain.com> R=cyrus_localuser T=cyrus_lmtp_unixsock defer (-1): LMTP connection
closed after initial connection
and syslog shows:
Oct 17 20:35:14 devbox CYRUS/lmtpunix: refused connection from 0.0.0.0
after a bit of thrashing around, i find that if i add to /etc/hosts.allow
lmtpunix : 0.0.0.0
delivery completes successfully!
now, cyrus IS config'd/built "--with-libwrap", so i can use tcpwrappers to secure my OTHER cyrus
services (imap, imaps, sieve, etc) which are running on TCPSockets ...
QUESTION: why is a hosts.allow entry required in the 1st place for lmtpunix transport over a
and, why "0.0.0.0" for localhost, rather than 127.0.0.1 or 'localhost' in hosts.allow?
the suggestion on exim-users (thx Tony!) is that:
the code looks like it won't call tcpwrappers for Unix domain sockets.
BUT, if the kernel 'lies' to it and returns the wrong kind of socket address from
getpeername() then Cyrus will do the wrong thing.
thanks for any/all clarification!
\ / ASCII Ribbon Campaign
X against HTML email, vCards
/ \ & micro$oft attachments
[GPG] OpenMacNews at gmail dot com
fingerprint: 780A 5C81 D446 C616 B113 AA3A 9BF4 3736 88A5 678E
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (Darwin)
-----END PGP SIGNATURE-----
More information about the Info-cyrus