Best distro for Exim/Cyrus

Paul O'Rorke paul at tracker-software.com
Thu Feb 20 16:51:36 EST 2014 

Thanks Vlad,

> the last three lines (ifnedef - endif) can be IMHO deleted, because 
> DIGEST-MD5 (and CRAM-MD5 and NTLM) do not send plaintext passwords, so 
> should be allowed even on otherwise unencrypted connection.
commented out.

> Check if user Debian-exim is member of sasl group - to get access to 
> /etc/sasldb2.

    root at blmail:/etc/exim4/conf.d# groups Debian-exim
    Debian-exim : Debian-exim root mail sasl cyrus
    root at blmail:/etc/exim4/conf.d# ls -l /etc/sasldb2
    -rw-rw---- 1 cyrus Debian-exim 12288 Feb 19 20:19 /etc/sasldb2

Looks right to me...


> Thunderbird has separate auth setting for SMTP, hovewer you should 
> specify the same user/pass as for IMAP. Check also the option "auth 
> method" and set encrypted password - which is luser translation of 
> DIGEST/CRAM-MD5.


It seems that exim is not using the same auth as cyrus.  TB doesn't 
recognise the encrypted passwords option.  Nor does Outlook so I don't 
think it's the MUA.

When I let TB query the server for settings it correctly returns with 
'Encrypted password' for IMAP but 'Password, transmitted insecurely' for 
SMTP.  Leaving that setting results in the expected 'relay not 
permitted' setting it in TB to use 'Encrypted password' results in the 
following error message in TB:

    Sending of message failed.
    The SMTP server chemainus.mjbrownloos.com does not support the
    selected authentication method. Please change the 'Authentication
    method' in the 'Account Settings | Outgoing Server (SMTP)'.

I'm watching (tail -f) the following 4 log files when I send 
(/var/log/exim/ has only mainlog and rejectlog):

    /var/log/exim4/mainlog
    /var/log/exim4/rejectlog
    /var/log/syslog
    /var/log/auth.log

but I'm not seeing anything helpful.   Indeed  I need to trace the 
process on send and find out where is is baulking, any thoughts on how 
to find that?

Since this seems to now be an Exim thing, perhaps at this point I should 
be asking this on the exim list?

*Paul O'Rorke* Tracker Software Products paul at tracker-software.com 
<mailto:paul.ororke at tracker-software.com>


On 2/20/2014 2:23 AM, Vladislav Kurz wrote:
>
> On Thursday 20 of February 2014 05:50:21 Paul O'Rorke wrote:
>
> > Hi again guys,
>
> >
>
> > thanks for the help thus far. I have managed to get cyrus talking with
>
> > exim to deliver mail (the -a inside the quotes did this) and I have the
>
> > cyrus_sasl driver authenticating using DIGEST-MD5:
>
> >
>
> > digest_md5_sasl_server:
>
> > driver = cyrus_sasl
>
> > public_name = DIGEST-MD5
>
> > server_realm = chemainus.mjbrownloos.com
>
> > server_set_id = $auth1
>
> > .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
>
> > server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
>
> > .endif
>
> Hi,
>
> the last three lines (ifnedef - endif) can be IMHO deleted, because 
> DIGEST-MD5 (and CRAM-MD5 and NTLM) do not send plaintext passwords, so 
> should be allowed even on otherwise unencrypted connection.
>
> Check if user Debian-exim is member of sasl group - to get access to 
> /etc/sasldb2.
>
> > I can receive mail OK, exim passes it to cyrus and I can work with
>
> > mailboxes in Thunderbird however I don't seem to be able to authenticate
>
> > to the SMTP server when sending. Do I need to specify a separate auth
>
> > for sending through SMTP?
>
> Thunderbird has separate auth setting for SMTP, hovewer you should 
> specify the same user/pass as for IMAP. Check also the option "auth 
> method" and set encrypted password - which is luser translation of 
> DIGEST/CRAM-MD5.
>
> > If it can authenticate for IMAP using *digest_md5_sasl_server* why would
>
> > it fail when sending?
>
> Just because IMAP auth is done by cyrus and SMTP auth by exim ;) Check 
> /var/log/exim/*log, there might be some hints...
>
> -- 
>
> S pozdravem
>
> Vladislav Kurz
>
> === WebStep, s.r.o. (Ltd.) ========= a step to the Web ===
>
> address: Mezirka 1, 602 00 Brno, CZ, tel: +420 548 214 711
>
> === www.webstep.net ======= vladislav.kurz at webstep.net ===
>
>
>
> ----
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20140220/8a88e637/attachment.html

More information about the Info-cyrus mailing list