fronend-to-backend lmtp auth: only admins may authenticate
Andrew Morgan
morgan at orst.edu
Mon Nov 27 16:54:00 EST 2006
On Thu, 23 Nov 2006, Peter Schober wrote:
> I'm having a slight problem understanding the cyrus docs[0] regarding
> frontend to backend authentication for LMTP over TCP. all cyri are
> 2.2.13.
>
> # backend imapd.log:
> Nov 23 17:55:02 backend lmtp[21449]: accepted connection
> Nov 23 17:55:02 backend lmtp[21449]: connection from frontend.example.org [10.0.0.1]
> Nov 23 17:55:02 backend lmtp[21449]: frontend is not an admin
> Nov 23 17:55:05 backend lmtp[21449]: badlogin: 10.0.0.1 PLAIN SASL(-13): authentication failure: only admins may authenticate
>
> everything works fine if 'frontend' is listed under 'admins:' on the
> backends, but "Setting up the backends ..."[0] like in the docs:
>
> You will also want to configure atleast (sic) one user/group using the
> proxyservers imapd.conf option. This user should not be an
> administrator, since this means that anyone who can get ahold of your
> proxy servers now has full administrative control on your backend.
>
> leads me to including 'frontend' just in 'lmtp_admins' and
> 'proxyservers':
>
> # frontend config:
> proxy_authname: frontend
> backend_password: ...
>
> # backend config:
> admins: cyrus
> proxyservers: frontend
> lmtp_admins: frontend
> #for backend to backend auth
> proxy_authname: cyrus
> proxy_password: ...
>
> so while the error message above is exceptionally clear (and easy to
> "fix") I'd rather have this setup properly (not that we're too concerned
> with the security of our frontends currently).
>
> regards,
> -p.schober
>
> [0] http://cyrusimap.web.cmu.edu/imapd/install-murder.html
Just a confirmation that I had to do the same thing here to get lmtp
delivery working to backends. :)
Andy
More information about the Info-cyrus
mailing list