Murder - MTA --> Auth required on frontend

Stephen Ingram sbingram at gmail.com
Tue Aug 14 13:36:06 EDT 2012 

On Tue, Aug 14, 2012 at 12:16 AM, shabahang elmian <eshabahang at yahoo.com> wrote:
> Hello,
> I have a problem on murder env.
> Env:
> 1 MTA on postfix (redhat221)
> 1 frontend+Mupdate (redhat101)
> 2 backends (redhat103, redhat112)
>
> if i pont the MTA to backend(mailbox_transport =
> lmtp:redhat101.example.com:2003), it works on the backend mail boxes.
> but when pointing MTA to frontend ,its getting a error as follow:
>
> Aug 14 10:39:59 localhost postfix/lmtp[5717]: 31E182408EF:
> to=<test112_1 at example.com>, relay=redhat101.example.com[10.131.57.101]:2003,
> delay=0.29, delays=0.12/0.01/0.16/0, dsn=4.0.0, status=deferred (host
> redhat101.example.com[10.131.57.101] said: 430 Authentication required (in
> reply to MAIL FROM command))
>
>
>
> I would be thankful if you could help me on the problem.
> Best regards,
> Shabahang
>
> -----------------------------------------
> Config on frontend :
> [root at redhat101 ~]# egrep -v "^#|^$" /etc/cyrus.conf
> START {
>   # do not delete this entry!
>   recover cmd="ctl_cyrusdb -r"
>   # this is only necessary if using idled for IMAP IDLE
>   idled cmd="/usr/lib/cyrus-imapd/idled"
> }
> SERVICES {
>   # add or remove based on preferences
>   mupdate       cmd="/usr/cyrus/bin/mupdate -m" listen=3905 prefork=1
>   imap          cmd="proxyd" listen="imap" prefork=5
>   imaps         cmd="proxyd -s" listen="imaps" prefork=1
>   pop3          cmd="pop3d" listen="pop3" prefork=0
>   pop3s         cmd="pop3d -s" listen="pop3s" prefork=0
>   kpop          cmd="pop3d -k" listen="kpop" prefork=0
>   nntp          cmd="/usr/lib/cyrus-imapd/nntpd" listen="nntp" prefork=0
>   nntps         cmd="/usr/lib/cyrus-imapd/nntpd -s" listen="nntps" prefork=0
>   sieve         cmd="timsieved" listen="sieve" prefork=0
>   lmtp          cmd="/usr/cyrus/bin/lmtpproxyd" listen="0.0.0.0:lmtp"
> prefork=0

You don't need 0.0.0.0, just lmtp      cmd=lmtpproxyd listen:lmtp" will do.

>   # these are only necessary if receiving/exporting usenet via NNTP
>   # at least one LMTP is required for delivery
>   # this is only necessary if using notifications
> }
> EVENTS {
>   # this is required
>   checkpoint cmd="ctl_cyrusdb -c" period=30
>   # this is only necessary if using duplicate delivery suppression,
>   # Sieve or NNTP
>   delprune cmd="cyr_expire -E 3" at=0400
>   # this is only necessary if caching TLS sessions
>   tlsprune cmd="tls_prune" at=0400
> }
> [root at redhat101 ~]# egrep -v "^#|^$" /etc/imapd.conf
> configdirectory: /var/lib/imap
> partition-default: /var/spool/imap
> admins: cyrus
> sievedir: /var/lib/imap/sieve
> sendmail: /usr/sbin/sendmail
> hashimapspool: true
> sasl_pwcheck_method: saslauthd
> sasl_mech_list: PLAIN PLAIN+TLS LOGIN DIGEST-MD5 CRAM-MD5
> tls_cert_file: /etc/pki/cyrus-imapd/server.pem
> tls_key_file: /etc/pki/cyrus-imapd/server.pem
> tls_ca_file: /etc/pki/cyrus-imapd/server.pem
> tls_ca_path: /etc/pki/cyrus-imapd/
> allowplaintext: yes
> redhat112_password: password
> redhat103_password: password
> proxy_authname: cyrus
> allowanonymouslogin: yes
> lmtp_admins: cyrus
> [root at redhat101 ~]#
> config on backend :
> [root at redhat103 ~]# egrep -v "^#|^$" /etc/cyrus.conf
> START {
>   # do not delete this entry!
>   recover cmd="ctl_cyrusdb -r"
>   # this is only necessary if using idled for IMAP IDLE
>   idled cmd="idled"
> }
> SERVICES {
>   # add or remove based on preferences
>   imap cmd="imapd" listen="imap" prefork=5
>   imaps cmd="imapd -s" listen="imaps" prefork=1
>   pop3 cmd="pop3d" listen="pop3" prefork=3
>   pop3s cmd="pop3d -s" listen="pop3s" prefork=1
>   sieve cmd="timsieved" listen="sieve" prefork=0
>   # these are only necessary if receiving/exporting usenet via NNTP
>   # at least one LMTP is required for delivery
>   lmtp cmd="lmtpd -a" listen="0.0.0.0:lmtp" prefork=1
>   lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1
>   # this is only necessary if using notifications

Two things wrong here. First, you only need one line. lmtpunix is for
listening on a unix socket. lmtp is for listening on a tcp
socket--this is the one you need if postfix is on another server.
Also, the -a is telling lmtp to use preauthorized connections. This is
not what you've told Postfix. Get rid of it. Make sure you tell Cyrus
your lmtp password in imapd.conf.

So, lmtp       cmd="lmtpd listen:lmtp" prefork=1     will work.

> }
> EVENTS {
>   # this is required
>   checkpoint cmd="ctl_cyrusdb -c" period=30
>   # this is only necessary if using duplicate delivery suppression,
>   # Sieve or NNTP
>   delprune cmd="cyr_expire -E 3" at=0400
>   # this is only necessary if caching TLS sessions
>   tlsprune cmd="tls_prune" at=0400
> }
> [root at redhat103 ~]# egrep -v "^#|^$" /etc/imapd.conf
> configdirectory: /var/lib/imap
> partition-default: /var/spool/imap
> admins: cyrus mupdateslave1 backend1
> sievedir: /var/lib/imap/sieve
> sendmail: /usr/sbin/sendmail
> hashimapspool: true
> sasl_pwcheck_method: saslauthd
> sasl_mech_list: PLAIN PLAIN+TLS
> tls_cert_file: /etc/pki/cyrus-imapd/server.pem
> tls_key_file: /etc/pki/cyrus-imapd/server.pem
> tls_ca_file: /etc/pki/cyrus-imapd/server.pem
> tls_ca_path: /etc/pki/cyrus-imapd/
> allowplaintext: yes
> allowanonymouslogin: yes
> mupdate_server: redhat101
> mupdate_username: cyrus
> mupdate_authname: cyrus
> mupdate_password: password
> proxyservers: cyrus
> proxy_password: password
> lmtp_admins: cyrus
> [root at redhat103 ~]#
>
> Config on MTA
> [root at redhat221 ~]# grep lmtp /etc/postfix/main.cf |grep -v ^#
> mailbox_transport = lmtp:redhat101.example.com:2003
> lmtp_sasl_auth_enable = yes
> lmtp_sasl_security_options = noanonymous
> lmtp_sasl_password_maps = hash:/etc/postfix/lmtp_sasl_pass

See, Postfix is trying to send a username and password to authenticate
itself to Cyrus. Make sure they both have the same username and
password information.

Steve

More information about the Info-cyrus mailing list