lmtp login mech

Russell Galpin russ at lrhosting.net
Tue Jul 3 14:51:18 EDT 2007 

Hi There

I'm trying to setup a new cyrus server running cyrus-imapd-2.3.8. I've been
successfully running another server running the Invoca RPM version
(v2.2.12-Invoca-RPM-2.2.12-8.1.RHEL4).

I'm running postfix and delivering to cyrus via LMTP on the working server
everything is good. I'm now trying to get postfix on a different server to
deliver over lmtp to the new cyrus server.

I believe the problem is with the sasl_mech_list. The working server has:

local_transport = lmtp:localhost
mailbox_transport = lmtp:locahost
lmtp_sasl_auth_enable=yes
lmtp_sasl_password_maps=hash:/etc/postfix/lmtp_passwd
lmtp_sasl_security_options = noanonymous

In postfix's main.cf, this works fine and the messages are delievered. On the
new 2.3.8 server, changing them settings to:

local_transport = lmtp:10.0.0.201
mailbox_transport = lmtp:10.0.0.201
lmtp_sasl_auth_enable=yes
lmtp_sasl_password_maps=hash:/etc/postfix/lmtp_passwd
lmtp_sasl_security_options = noanonymous

Changing and re-hashing the lmtp_passwd file, gives an authentication error when
delivering:

Jul  3 17:26:50 mta1 postfix/lmtp[17245]: 6A6C815B5F0:
to=<***@***>, relay=10.0.0.201[10.0.0.201]:24, delay=0.03,
delays=0.01/0.02/0/0, dsn=4.0.0, status=deferred (host 10.0.0.201[10.0.0.201]
said: 430 Authentication required (in reply to MAIL FROM command))

Using the lmtptest app:

On the broken server:

S: 220 lrhosting.net LMTP Cyrus v2.3.8 ready
C: LHLO example.com
S: 250-lrhosting.net
S: 250-8BITMIME
S: 250-ENHANCEDSTATUSCODES
S: 250-PIPELINING
S: 250-SIZE
S: 250-STARTTLS
S: 250 IGNOREQUOTA
Authenticated.

On the working server:

S: 220 lrhosting.net LMTP Cyrus v2.2.12-Invoca-RPM-2.2.12-8.1.RHEL4 ready
C: LHLO example.com
S: 250-lrhosting.net
S: 250-8BITMIME
S: 250-ENHANCEDSTATUSCODES
S: 250-PIPELINING
S: 250-SIZE
S: 250-STARTTLS
S: 250-AUTH PLAIN
S: 250 IGNOREQUOTA
C: AUTH PLAIN *****
S: 235 Authenticated!

The working server sends "250-AUTH PLAIN" which I *believe* tells postfix how to
authenticate, since it isn't sending that, postfix chokes.

My imapd.conf is:

postmaster: postmaster
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
allowanonymouslogin: no
allowplaintext: yes
admins: cyrus
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN LOGIN
servername: lrhosting.net
altnamespace: 1
virtdomains: yes
defaultdomain: th.lrhosting.net
tls_cert_file: /var/lib/imap/imap.crt
tls_key_file: /var/lib/imap/imap.key
tls_ca_file: /var/lib/imap/cacert.pem
lmtp_admins: lmtp_admin
tls_lmtp_cert_file: /var/lib/imap/imap.crt
tls_lmtp_key_file: /var/lib/imap/imap.key
tls_lmtp_ca_file: /var/lib/imap/cacert.pem

I've tried different variations on the sasl_mech_list setting (plain, plain
login etc). If I add "digest-md5 cram-md5" then LMTP will send:

250-AUTH CRAM-MD5 DIGEST-MD5

However, I want to use plain.

Does anyone know how to solve this? Feel free to correct me if I'm barking up
totally the wrong tree.

Any help appreciated.

Russ

More information about the Info-cyrus mailing list