murder configuration issue final stretch
Andreas Winkelmann
ml at awinkelmann.de
Fri Dec 12 12:51:58 EST 2008
>> I found one of your older posting which also covers this. Here is what
>> I did.
>>
>> I added psotfixlmtp as a user to both the frontend and and then ran the
>> 'runuser - postfixlmtp -c "lmtptest mds01"' and used the password and it
>> authenticated just fine. So I added the entry to my lmtp_passwd file
>> for postfix. I also added the additional entries into the postfix
>> main.cf file as per the instructions.
>>
>> On the frontend I added lmtp_admins: postfixlmtp and on the backends I
>> added lmtp_admins: murder postfixlmtp.
>>
>> I did notice that when I try connecting to the lmtp on the frontend I
>> get an error. I suspect that it's because it's looking for lmtp and
>> it's running the lmtpproxy
>>
>> # runuser - postfixlmtp -c "lmtptest"
>> WARNING: no hostname supplied, assuming localhost
>> connect: Connection refused
>> failure: Network initialization - can not connect to
>> localhost.localdomain:lmtp
>>
>> Anyway, postfix is kicking this out in the log:
>>
>> lmtp[6073]: lmtp connection preauth'd as postman <-- why I'm getting
>> this, I don't know
>>
>> I assume that for some reason it's still allowing anonynous connections
>> to lmtp. I checked my cyrus.conf files on all servers and there is no
>> "-a". It's perplexing. The information you gave me makes sense but it's
>> like something has cached a setting and isn't letting go even though I
>> have restarted all of the services.
>
> Looking at the source code in lmtpengine.c:
>
> /* we're not connected to a internet socket! */
> func->preauth = 1;
> strcpy(cd.clienthost, "[unix socket]");
> syslog(LOG_DEBUG, "lmtp connection preauth'd as postman");
>
> So it appears that unix socket connections are always preauth'd. You'll
> need to enable Cyrus' lmtpd to listen on the internet socket as well. If
> you are running Postfix on your frontends (it looks like you are), then
> you could either disable Postfix's lmtp, or run the Cyrus lmtp on an
> alternate port.
You are right about the pre-authentication on a unix Socket. It is always
turned on.
Postfix has no lmtp-Server, so he does not need to disable something. The
Unix Socket in Postfix which is named lmtp is the Socket from the Postfix
Internal Side to it's lmtp-Client.
I don't think this is a problem with/without pre-authentification. The
lmtp-Server in Cyrus-IMAP uses the given proxy_authname/*_password,
regardless of the credentials used in the connection to the lmtp-Server.
> Maybe other folks know of a cleaner way to do this, or have other
> suggestions.
--
Andreas
More information about the Info-cyrus
mailing list