cyrus + postfix + lmtpd questions [massively OT]

Nic Bernstein nic at onlight.com
Thu Mar 18 11:11:26 EDT 2010 

On 03/18/2010 01:41 AM, Simon Matter wrote:
>> I just want to get this straight. Please, someone clarify his to me.
>> Consider Cyrus and Postifx runing on different servers and having to
>> communicate with each other through lmtp.
>>
>> 1)
>> Here´s the line we all know from cyrus.conf that is gonna bring lmtp
>> listening on tcp:
>>
>> lmtp          cmd="/usr/local/cyrus/bin/lmtpd" listen="lmtp" prefork=1
>> maxchild=100
>>
>> Is that enough on the cyrus side ?
>>      
> That look okay, but see below...
>
>    
>> 2)
>> posfix's main.cf :
>>
>> mailbox_transport = inet:[1.2.3.4]:24
>>      
> Looks also okay.
>    

In postfix, I would suggest using local_transport instead of 
mailbox_transport.  The reason I make this suggestion has to do with 
getting the most out of the postfix processing and delivery options.  
One critical change, however, is that instead of alias_maps you must use 
virtual_alias_maps.  Those are handled a little bit differently, so 
check the README files.

Here I would use:

    local_transport = lmtp:inet:imap.example.com:2003 <-- or whatever
    port you're using

If you wish to stick with mailbox_transport, you should still use 
"lmtp:inet..." so postfix knows to talk LMTP and not SMTP for delivery.  
From the postfix documentation:

    # Specify a string of the form transport:nexthop, where transport is
    # the name of a mail delivery transport defined in master.cf.  The
    # :nexthop part is optional. For more details see the sample transports
    # file.

You can always define a more specific transport in master.cf, and then 
cite that in your {mailbox|local}_transport line.  For example, we often 
pair postfix with amavisd-new, and don't want postfix to overrun the 
number of amavis processes, so we add this to master.cf:

    # A special lmtp instance to feed amavisd.  Keep the maxproc field
    # below the max_servers value in amavisd.conf
    slmtp     unix  -       -       n       -       14       lmtp

And then have this for our content_filter line:

    content_filter = slmtp:127.0.0.1:10023

I would also recommend investigating whether you would benefit from 
concurrency limits (in main.cf), such as:

    local_destination_concurrency_limit = 300
    local_destination_recipient_limit = 300

These may help prevent bottlenecks when you receive messages destined 
for large distribution lists.

>    
>> 3)
>> On some previous reply someone wrote about adding the following to
>> relay_domains :
>>
>> example.com     lmtp:unix:public/lmtp    # for a local LMTP socket
>> example.com     inet:[1.2.3.4]:24        # for a remote LMTP socket
>>
>> and then to extend transport_maps:
>>
>> transport_maps=hash:/etc/postfix/transports,hash:/etc/postfix/relay_domains.
>>
>> Cant figure out why this is necesary.
>>      
> Well, using a simple mailbox_transport like shown in 2) is the easiest
> configuration. Of course you can have very complex postfix configs for
> example with complicated transport maps but you don't have to make it
> complex if your environment doesn't enforce it.
>    

Adding entries like this to relay_domains is necessary only if the 
domains in question are not in your mydestinations setting.  Having more 
than one entry for the same left-hand value (example.com in this case) 
is redundant, as the first match wins in postfix map lookups.

>> 4)
>> And last but not least. How postfix authenticates in anyway so Cyrus ????
>>      
> The question is how you want to communicate. In my case I was using a
> local trusted network between postfix and cyrus server so I did the
> easiest thing which is running lmtpd without authentication and configure
> TCP wrapper to accept only connections from the postfix host. Like so:
>
> In /etc/cyrus.conf I had lmtpd listening preauthenticated:
>
>    lmtp          cmd="lmtpd -a" listen="lmtp" prefork=1
>
> In /etc/hosts.deny on the cyrus host I had:
>
> # Allow only specific hosts to send mail via LMTP
> lmtp: ALL EXCEPT mailhub.domain.tld
>    

To set the postfix credentials for lmtp, use the lmtp_sasl_* 
configuration settings.  Check the postfix documentation for exhaustive 
discourse on this:
     http://www.postfix.org/SASL_README.html#client_sasl

Note: you will be dealing with the lmtp client for postfix and the lmtpd 
server for cyrus.

Cheers,
     -nic

-- 
Nic Bernstein                             nic at onlight.com
Onlight llc.                              www.onlight.com
219 N. Milwaukee St., Suite 2a		  v. 414.272.4477
Milwaukee, Wisconsin  53202

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20100318/da87a062/attachment.html

More information about the Info-cyrus mailing list