sendmail and cyrus-imap - delivery problem

Matthew Seaman matthew.seaman at thebunker.net
Sun Mar 22 06:56:40 EDT 2009 

Mario Pavlov wrote:
> Hi,
> I've setup sendmail 8.14.3 to work with cyrus-imapd 2.3.13 on FreeBSD 7-STABLE
> but I have a delivery issue
> of course outgoing e-mail is OK
> but incoming is not ... it was OK before I switched to the cyrus mailer

This sounds like a job for smmapd.

> so if we assume my domain is yo.com
> here's my imapd.conf
> 
> # grep -v "^#" /usr/local/etc/imapd.conf 
> configdirectory: /var/imap
> partition-default: /var/imap/spool
> unixhierarchysep: yes
> admins: cyrus admin at yo.com
> sieveusehomedir: false
> sievedir: /var/imap/sieve
> sasl_pwcheck_method: auxprop
> defaultdomain: yo.com
> loginrealms: yo.com gg.com
> 
> and cyrus.conf
> 
> # grep -v "#" /usr/local/etc/cyrus.conf
> START {
>   recover       cmd="ctl_cyrusdb -r"
> }
> SERVICES {
>   imap          cmd="imapd" listen="imap" prefork=0
>   imaps         cmd="imapd -s" listen="imaps" prefork=0
>   pop3          cmd="pop3d" listen="pop3" prefork=0
>   pop3s         cmd="pop3d -s" listen="pop3s" prefork=0
>   sieve         cmd="timsieved" listen="sieve" prefork=0
>   lmtpunix      cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
> }
> EVENTS {
>   checkpoint    cmd="ctl_cyrusdb -c" period=30
>   delprune      cmd="cyr_expire -E 3" at=0400
>   tlsprune      cmd="tls_prune" at=0400
> }

Add:

  # Sendmail socket map daemon  
  smmapdunix    cmd="smmapd"    listen="/var/imap/socket/smmapd" prefork=1

in the SERVICES section

> and yo.com.mc assuming mu hostname is yo.com
> 
> VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.34.2.3 2008/08/31 18:26:27 gshapiro Exp $')
> OSTYPE(freebsd6)
> DOMAIN(generic)
> FEATURE(access_db, `hash -o -T<TMPF> /etc/mail/access')
> FEATURE(blacklist_recipients)
> FEATURE(local_lmtp)
> FEATURE(mailertable, `hash -o /etc/mail/mailertable')
> FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')
> DAEMON_OPTIONS(`Name=IPv4, Family=inet')
> define(`confBIND_OPTS', `WorkAroundBrokenAAAA')
> define(`confNO_RCPT_ACTION', `add-to-undisclosed')
> define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy')
> TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')
> define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')
> define(`confLOCAL_MAILER', `cyrusv2')
> MAILER(local)
> MAILER(smtp)
> MAILER(`cyrusv2')

Add:

FEATURE(`ckuser_cyrus', ,`local:/var/imap/socket/smmapd')dnl

with the rest of the FEATUREs

> 
> my users and boxes
> 
> # sasldblistusers2
> boo at yo.com: userPassword
> cyrus at yo.com: userPassword
> admin at yo.com: userPassword
> 
> # cyradm --user cyrus localhost
> Password:
> localhost> lm
> user/boo at yo.com (\HasNoChildren)
> 
> having this configuration I can see the following in the maillog if someone in internet decides to send me an e-mail:
> 
> Mar 21 09:55:57 yo sm-mta[3426]: n2L9tvmO003426: from=<whoever at gmail.com>, size=1599, class=0, nrcpts=1, msgid=<9cddded00903210255v1a8a4148yb5923d7547493b6a at mail.gmail.com>, proto=ESMTP, daemon=IPv4, relay=fg-out-1718.google.com [72.14.220.154]                                                                                                         
> Mar 21 09:55:57 yo sm-mta[3465]: n2L9tvmO003426: to=<boo at yo.com>, delay=00:00:00, xdelay=00:00:00, mailer=cyrusv2, pri=31599, relay=localhost, dsn=5.1.1, stat=User unknown 
> Mar 21 09:55:57 yo sm-mta[3465]: n2L9tvmO003426: n2L9tvmO003465: DSN: User unknown
> 
> I suspect sendmail and cyrus have to somehow agree which socket they will use
> there is a socket specified in cyrus.conf maybe I should somehow tell sendmail to use that too
> ...or may be sendmail and cyrus have to somehow agree on usernames...
> cyrus knows about user/boo at yo.com
> but does sendmail know about it ?
> or it thinks it's just boo at yo.com

You will need to compile a version of sendmail with SASL support.  You can make
the stock system sendmail do that by adding settings to /etc/make.conf, but then
you end up with a base system that depends on shlibs outside the base system.
It's probably cleaner if you install sendmail with appropriate tweaks from ports.
Add the following to /etc/make.conf:

WITH_BDB_VER=           46
WITH_SASL=              yes
WITH_SENDMAIL_PORT=     yes

SENDMAIL_CF_DIR=        /usr/local/share/sendmail/cf
MAKEMAP=                /usr/local/sbin/makemap

.if ${.CURDIR:M*/mail/sendmail*}
SENDMAIL_WITHOUT_NIS=           yes
SENDMAIL_WITH_CYRUSLOOKUP=      yes
SENDMAIL_WITH_SOCKETMAP=        yes
SENDMAIL_WITH_TLS=              yes
SENDMAIL_WITH_SASL2=            yes
SENDMAIL_WITHOUT_LDAP=          yes
SENDMAIL_WITH_BERKELEYDB=       yes
SENDMAIL_WITH_PICKY_HELO_CHECK= yes
SENDMAIL_WITH_SHARED_MILTER=    yes
.endif

Then add this to /etc/src.conf to stop the system installing the base sendmail:

WITHOUT_SENDMAIL=yes

Build and install the mail/sendmail port. The new sendmail binary should link
against libsasl2:

% ldd /usr/local/sbin/sendmail 
/usr/local/sbin/sendmail:
        libwrap.so.5 => /usr/lib/libwrap.so.5 (0x8006cf000)
        libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x8007d8000)    <<<---***
        libssl.so.5 => /usr/local/lib/libssl.so.5 (0x8008f0000)
        libcrypto.so.5 => /usr/local/lib/libcrypto.so.5 (0x800a3a000)
        libdb-4.6.so.0 => /usr/local/lib/libdb-4.6.so.0 (0x800ca5000)
        libutil.so.7 => /lib/libutil.so.7 (0x800ed5000)
        libc.so.7 => /lib/libc.so.7 (0x800fe3000)
        libthr.so.3 => /lib/libthr.so.3 (0x8011fe000)

Then edit /etc/mail/mailer.conf to look like this:

# $FreeBSD: src/etc/mail/mailer.conf,v 1.3.32.1 2008/11/25 02:59:29 kensmith Exp $
#
# Execute the "real" sendmail program, named /usr/libexec/sendmail/sendmail
#
sendmail        /usr/local/sbin/sendmail
send-mail       /usr/local/sbin/sendmail
mailq           /usr/local/sbin/sendmail
newaliases      /usr/local/sbin/sendmail
hoststat        /usr/local/sbin/sendmail
purgestat       /usr/local/sbin/sendmail

Now remove any previous DB files and rebuild using the new sendmail's version
of makemap:

   # cd /etc/mail
   # rm -i *.db
   # make all install

Fire up the newly built sendmail and test:

   # make start

> I've tried to add this
> 
> define(`CYRUS_LMTP_SOCKET',`/var/imap/socket/lmtp')
> 
> to yo.com.mc
> but it made no difference

That's already the default setting.

> I even don't understand where the problem is
> 
> what do you think could be the problem ?

In short: you need to compile in some extra functionality to
sendmail in order to support SASL and sendmail socket-map.

	Cheers,

	Matthew
-- 
Dr Matthew Seaman                     The Bunker, Ash Radar Station
PGP: 0x60AE908C on servers            Marshborough Rd
Tel: +44 1304 814890                  Sandwich
Fax: +44 1304 814899                  Kent, CT13 0PL, UK

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090322/20196253/attachment.bin

More information about the Info-cyrus mailing list