Question about murder and lmtp

Dan White dwhite at olp.net
Wed Mar 7 10:29:44 EST 2012


On 03/07/12 14:55 +0200, Eero Hänninen wrote:
>Hello,
>
>I'm new in murder setup. I got it almost to work but I have question,
>is there way to use lmtp as preauthed so that no extra auth required?
>
>Currently, mail-relay host connects to frontend server successfully
>(frontend server running lmtpproxyd with -a option and backend server
>running lmtpd with -a option), but in log appears line:
>Mar  7 13:33:10 front02 lmtp[79887]: couldn't authenticate to backend
>server: no mechanism available
>Mar  7 13:33:10 front02 lmtp[79887]: USAGE vaike401 user: 0.014101 sys:
>0.000000
>
>And when I do tcpdump between backend and frontend server, there seems
>no auth like actions or something else:
>
>B: 220 back07 Cyrus LMTP Murder v2.4.13 server ready
>F: LHLO lmtpproxyd
>B: 250-mh7
>B: 250-8BITMIME
>B: 250-ENHANCEDSTATUSCODES
>B: 250-PIPELINING
>B: 250-SIZE
>B: 250-AUTH EXTERNAL
>B: 250 IGNOREQUOTA
>F:
>B: 421 4.4.1 bye end of file reached
>
>In last frontend server seems send nothing to backend server and
>backend server disconnects after that.

lmtpproxyd is probably expecting to receive a:

250-AUTH <mech list>

One roundabout way of supporting this would be to used the
'*_sasl_pwcheck_method: alwaystrue' configuration on the backend
(assuming that your sasl library was compiled with --enable-alwaystrue).

On your backend, remove the '-a' option (or run a second lmtp instance
that does not use -a). If your lmtp service name in /etc/cyrus.conf is
'lmtp', then add this in /etc/imapd.conf:

proxyservers: <some_user>
lmtp_sasl_pwcheck_method: alwaystrue
lmtp_sasl_mech_list: plain
lmtp_sasl_minimum_layer: 0

And on your frontend, configure 'proxy_authname: <some_user>', and a dummy
password.

There are obvious security problems with this approach that I assume you
understand.

-- 
Dan White


More information about the Info-cyrus mailing list