murder configuration issue final stretch

Andrew Morgan morgan at orst.edu
Fri Dec 12 12:00:13 EST 2008 

On Thu, 11 Dec 2008, Gary W. Smith wrote:

> Andrew,
>
> I found one of your older posting which also covers this.  Here is what 
> I did.
>
> I added psotfixlmtp as a user to both the frontend and and then ran the 
> 'runuser - postfixlmtp -c "lmtptest mds01"' and used the password and it 
> authenticated just fine.  So I added the entry to my lmtp_passwd file 
> for postfix.  I also added the additional entries into the postfix 
> main.cf file as per the instructions.
>
> On the frontend I added lmtp_admins: postfixlmtp and on the backends I 
> added lmtp_admins: murder postfixlmtp.
>
> I did notice that when I try connecting to the lmtp on the frontend I 
> get an error.  I suspect that it's because it's looking for lmtp and 
> it's running the lmtpproxy
>
> # runuser  - postfixlmtp -c "lmtptest"
> WARNING: no hostname supplied, assuming localhost
> connect: Connection refused
> failure: Network initialization - can not connect to localhost.localdomain:lmtp
>
> Anyway, postfix is kicking this out in the log:
>
> lmtp[6073]: lmtp connection preauth'd as postman <-- why I'm getting 
> this, I don't know
>
> I assume that for some reason it's still allowing anonynous connections 
> to lmtp.  I checked my cyrus.conf files on all servers and there is no 
> "-a". It's perplexing.  The information you gave me makes sense but it's 
> like something has cached a setting and isn't letting go even though I 
> have restarted all of the services.

Looking at the source code in lmtpengine.c:

         /* we're not connected to a internet socket! */
         func->preauth = 1;
         strcpy(cd.clienthost, "[unix socket]");
         syslog(LOG_DEBUG, "lmtp connection preauth'd as postman");

So it appears that unix socket connections are always preauth'd.  You'll 
need to enable Cyrus' lmtpd to listen on the internet socket as well.  If 
you are running Postfix on your frontends (it looks like you are), then 
you could either disable Postfix's lmtp, or run the Cyrus lmtp on an 
alternate port.

Maybe other folks know of a cleaner way to do this, or have other 
suggestions.

 	Andy

More information about the Info-cyrus mailing list