lmtp authentication ignored with tls enabled
Marcus Schopen
lists at localguru.de
Sun Jul 19 21:21:11 EDT 2015
Hi,
I'm trying to deliver mails via lmtp/tcp from sendmail to cyrus running
on another machine.
sendmail.mc:
--------------
define(`confLOCAL_MAILER', `cyrusv2')dnl
define(`CYRUSV2_MAILER_ARGS', `TCP imap.domain.de 2003')dnl
--------------
Without an authentication line in /etc/mail/access
--------------
AuthInfo:imap.domain.de "I:lmtp-admin" "P:pass" "M:DIGEST-MD5"
--------------
I'm getting the following error:
--------------
Jul 20 02:19:01 mail sendmail[5368]: t6K0GIKP005234:
to=<postmaster at domain.de>, delay=00:02:43, xdelay=00:00:03,
mailer=cyrusv2, pri=211679, relay=imap.domain.de. [xx.xx.xx.xx],
dsn=4.0.0, stat=Deferred: 430 Authentication required
--------------
This is correct. Adding AuthInfo to /etc/mail/access and add lmtp-admin
to sasldb2 on cyrus side mails are delivered via lmtp to cyrus with
proper authentication. Good.
But after setting tls_cert_file und tls_key_file in imapd.conf to get an
encrypted connection the lmtp authentication is completely ignored and
mails are going through even without any AuthInfo in /etc/mail/access:
cyrus log:
--------------
Jul 20 03:08:06 imap cyrus/lmtp[3875]: accepted connection
Jul 20 03:08:06 imap cyrus/lmtp[3875]: connection from [xx.xx.xx.xx]
Jul 20 03:08:06 imap cyrus/lmtp[3875]: imapd:Loading hard-coded DH
parameters
Jul 20 03:08:06 imap cyrus/lmtp[3875]: SSL_accept() incomplete -> wait
Jul 20 03:08:06 imap cyrus/lmtp[3875]: Doing a peer verify
Jul 20 03:08:06 cyrus/lmtp[3875]: last message repeated 2 times
Jul 20 03:08:06 imap cyrus/lmtp[3875]: SSL_accept() incomplete -> wait
Jul 20 03:08:06 imap cyrus/lmtp[3875]: SSL_accept() succeeded -> done
Jul 20 03:08:06 imap cyrus/lmtp[3875]: received client certificate
Jul 20 03:08:06 imap cyrus/lmtp[3875]: subject=/CN=server.domain.de
Jul 20 03:08:06 imap cyrus/lmtp[3875]: starttls: TLSv1.2 with cipher
DHE-RSA-AES256-SHA (256/256 bits new) authenticated as server.domain.de
Jul 20 03:08:06 imap cyrus/lmtp[3875]: duplicate_check:
<201507200108.t6K185oV005737 at test.domain.de> user.test Mon,
20 Jul 2015 03:08:05 +0200 0
Jul 20 03:08:06 imap cyrus/lmtp[3875]: Delivered:
<201507200108.t6K185oV005737 at test.domain.de> to mailbox: user.test
Jul 20 03:08:06 imap cyrus/lmtp[3875]: duplicate_mark:
<201507200108.t6K185oV005737 at test.domain.de> user.test Mon,
20 Jul 2015 03:08:05 +0200 1437354486 48
Jul 20 03:08:06 imap cyrus/lmtp[3875]: USAGE test user: 0.033640 sys:
0.005606
--------------
/etc/imapd.conf:
--------------
configdirectory: /var/lib/cyrus
proc_path: /run/cyrus/proc
mboxname_lockpath: /run/cyrus/lock
defaultpartition: default
partition-default: /var/spool/cyrus/mail
partition-news: /var/spool/cyrus/news
newsspool: /var/spool/news
altnamespace: no
unixhierarchysep: no
lmtp_downcase_rcpt: yes
admins: cyrus
lmtp_admins: lmtp-admin
allowanonymouslogin: no
popminpoll: 1
autocreatequota: 0
umask: 077
sieveusehomedir: false
sievedir: /var/spool/sieve
hashimapspool: true
allowplaintext: yes
sasl_minimum_layer: 0
sasl_pwcheck_method: auxprop
sasl_auto_transition: no
tls_cert_file: /etc/ssl/domain/imap.crt
tls_key_file: /etc/ssl/domain/imap.key
tls_ca_file: /etc/ssl/domain/cacert_org-class3.crt
tls_ca_path: /etc/ssl/certs
tls_session_timeout: 1440
tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH
lmtpsocket: /var/run/cyrus/socket/lmtp
idlesocket: /var/run/cyrus/socket/idle
notifysocket: /var/run/cyrus/socket/notify
syslog_prefix: cyrus
--------------
cyrus.conf:
-------------
lmtp cmd="lmtpd" listen="2003" prefork=4 maxchild=20
lmtpunix cmd="lmtpd" listen="/var/run/cyrus/socket/lmtp" prefork=0
maxchild=20
-------------
Any ideas?
Ciao
Marcus
--
"You don't get to be mom if you can't fix everything just right." -Calvin
More information about the Info-cyrus
mailing list