Murder sample configs

Simon Beale simon at minos.org.uk
Thu Apr 15 13:45:52 EDT 2010


Hi

I'm trying to set up a cyrus murder set of boxes on 2.3.16 to eventually
replace our single creaking dovecot server, and am currently failing to
get a working configuration.

My current intention is to have
 switch-101 (frontend + murder master)
 switch-102 (frontend)
 store-101 (backend)
 store-102 (backend)
with user authentication being done via saslauthd against pam (which in
turn looks at ldap).

On the frontend + murder master box, I've got the following imapd.conf
(sanitized):

========================
admins: cyrus cyrus-frontend
allowplaintext: false
allowusermoves:         true
configdirectory:        /var/lib/imap
delete_mode:            delayed
duplicate_db:           skiplist
expunge_mode:           delayed
force_sasl_client_mech: plain
hashimapspool:          true
improved_mboxlist_sort: true
lmtp_downcase_rcpt:     true
mupdate_config:         unified
normalizeuid:           true
partition-default:      /var/spool/imap
proxy_authname:         cyrus-frontend
proxyd_disable_mailbox_referrals:       true
proxy_password:         ********
ptscache_db:            skiplist
sasl_mech_list:         DIGEST-MD5 PLAIN LOGIN
sasl_pwcheck_method:    saslauthd auxprop
serverlist:             store-101
sieve_allowreferrals:   false
sievedir:               /var/lib/imap/sieve
statuscache_db:         skiplist
tlscache_db:            skiplist
tls_ca_file:            /etc/pki/tls/certs/ca-bundle.crt
tls_cert_file:          /etc/pki/tls/certs/wildcard.pem
tls_key_file:           /etc/pki/tls/certs/wildcard.pem
unix_group_enable:      false
========================

And on the backend boxes I have:
========================
admins: cyrus cyrus-frontend
allowallsubscribe:      true
allowplaintext:         false
allowusermoves:         true
configdirectory:        /var/lib/imap
delete_mode:            delayed
duplicate_db:           skiplist
expunge_mode:           delayed
hashimapspool:          true
improved_mboxlist_sort: true
lmtp_downcase_rcpt:     true
mupdate_authname:       cyrus-frontend
mupdate_password:       ********
mupdate_server:         switch-101
mupdate_username:       cyrus-frontend
normalizeuid:           true
partition-default:      /var/spool/imap
proxyservers:           cyrus-frontend
ptscache_db:            skiplist
sasl_mech_list:         DIGEST-MD5 PLAIN LOGIN
sasl_pwcheck_method:    auxprop
sievedir:               /var/lib/imap/sieve
statuscache_db:         skiplist
tlscache_db:            skiplist
tls_ca_file:            /etc/pki/tls/certs/ca-bundle.crt
tls_cert_file:          /etc/pki/tls/certs/wildcard.pem
tls_key_file:           /etc/pki/tls/certs/wildcard.pem
unix_group_enable:      false
=====================

These configs do let me log in on the frontend and do a LIST, but when I
try and do a SELECT it fails:

from switch-101:  couldn't authenticate to backend server: authentication
failure
from store-101:  badlogin: switch-101 [10.10.10.37] PLAIN [SASL(-16):
encryption needed to use mechanism: security flags do not match required

Is there something obvious that I'm missing in my configuration? Or could
I ask for some kind soul to send me a known-good sample murder
configuration set of imapd.conf files that I can at least start from?

Thanks

Simon



More information about the Info-cyrus mailing list