murder configuration issue final stretch

Gary W. Smith gary at primeexalia.com
Thu Dec 11 19:22:27 EST 2008 

Andrew, 
 
I found one of your older posting which also covers this.  Here is what I did.
 
I added psotfixlmtp as a user to both the frontend and and then ran the 'runuser - postfixlmtp -c "lmtptest mds01"' and used the password and it authenticated just fine.  So I added the entry to my lmtp_passwd file for postfix.  I also added the additional entries into the postfix main.cf file as per the instructions.  
 
On the frontend I added lmtp_admins: postfixlmtp and on the backends I added lmtp_admins: murder postfixlmtp.
 
I did notice that when I try connecting to the lmtp on the frontend I get an error.  I suspect that it's because it's looking for lmtp and it's running the lmtpproxy
 
# runuser  - postfixlmtp -c "lmtptest"                                             
WARNING: no hostname supplied, assuming localhost
connect: Connection refused
failure: Network initialization - can not connect to localhost.localdomain:lmtp
 
Anyway, postfix is kicking this out in the log:
 
lmtp[6073]: lmtp connection preauth'd as postman  <-- why I'm getting this, I don't know
 
I assume that for some reason it's still allowing anonynous connections to lmtp.  I checked my cyrus.conf files on all servers and there is no "-a". It's perplexing.  The information you gave me makes sense but it's like something has cached a setting and isn't letting go even though I have restarted all of the services.
 
I'm still working the issue but if this rings a bell I'd love any feedback.
 
 

________________________________

From: Andrew Morgan [mailto:morgan at orst.edu]
Sent: Wed 12/10/2008 9:35 AM
To: Gary W. Smith
Cc: Wesley Craig; info-cyrus at lists.andrew.cmu.edu
Subject: RE: murder configuration issue final stretch



On Tue, 9 Dec 2008, Gary W. Smith wrote:

> Andy/Wesley,
>
> First off, thanks for all of the help.  I've gotten pretty far I think.
> I ran into a couple problems and some notes on some list groups about
> dead options that were shown in examples.
>
> http://garysmith.pbwiki.com/Cyrus
>
> I have put all of my configs into a wiki (broken down by server/type).
> The problem that I'm running into right now is that if I log into the
> frontend box using cyradmin (as root or cyrus) I can see mailboxes but
> when I go to create one on a backend server, cyradm prompts me for the
> password for the corresponding account on the remote machine.  I'm not
> sure if this is by design or an issue.
>
> The other big issue is that I have lmtp configured on the frontend to
> forward to the backend.  The lmtp process is running on the backend as I
> can telnet to it (telnet ip lmtp).  On the backend I seem to be getting
> a SASL2 auth error.
>
> badlogin: 10.80.72.1 PLAIN SASL(-13): authentication failure: Password
> verification failed

The documentation doesn't state this, but in a murder environment all LMTP
connections must be authenticated.  Using the "-a" option doesn't work
because then the frontend doesn't have a set of credentials for proxying.
At least, that's what my testing showed.

Try creating a "cyr_lmtp" (or whatever you want to call it) user on both
your backends and frontends.  Then add the following:

On backends:

lmtp_admins: cyr_lmtp murder

On frontends:

lmtp_admins: cyr_lmtp

Then make sure your MTA is authenticating as cyr_lmtp when it connects to
the Cyrus lmtpd.

        Andy


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20081211/68821ed8/attachment.html

More information about the Info-cyrus mailing list