We are planning to migrate an OpenVMS email server to "Linux" (RHEL4) running Postfix and Cyrus-IMAP. I have setup up a single node Cyrus-IMAP backend and use Postfix to feed email into the server. The version of Cyrus-IMAP I am using is 2.2.12 distributed in latest RHEL4 RPM format (from http://www.invoca.ch/). This week I made adaptations to have a Cyrus-IMAP Murder setup. Here are my murder settings: ----------------------------------------- 1 cyrus backend servers (called mailbox1) 1 mupdate master server 2 cyrus frontend servers each running Postfix, Cyrus LMTPProxy and Proxyd ----------------------------------------- I am using saslauthd authentication (with PLAIN mechanism) against Linux PAM modules (nss_ldap and pam_krb5) which then switch over against our windows Active Directory server. This scheme is working fine under a single Cyrus-IMAP setup to authenticate our users. The _problem_ I am having _now_ with murder is I cannot make either LMTPProxy or IMAP (Proxyd) services running on my frontends to authenticate through specified proxy_servers to the backend node. I can see mupdate is running and updating user mailbox information, I can connect to my backend directly, but I cannot deliver or read email from my frontend nodes. Here are the logs on the Cyrus Murder frontend nodes showing the error: a. IMAP Error imap[12766]: Doing a peer verify imap[12766]: verify error:num=18:self signed certificate imap[12766]: received server certificate imap[12766]: starttls: TLSv1 with cipher AES256-SHA (256/256 bits new) no authentication imap[12766]: couldn't authenticate to backend server: authentication failure b. LMTP Error lmtp[10495]: couldn't authenticate to backend server: no mechanism available lmtp[10854]: couldn't authenticate to backend server: no mechanism available postfix/lmtp[10851]: 272CD1D0003: to=<xue@xxxxxxxxxxxxxxxxx>, relay=/var/lib/imap/socket/lmtp[/var/lib/imap/socket/lmtp], delay=10304, status=deferred (host /var/lib/imap/socket/lmtp[/var/lib/imap/socket/lmtp] said: 451 4.4.3 Remote server unavailable (in reply to end of DATA command)) lmtp[10854]: couldn't authenticate to backend server: no mechanism available Here are the logs on the Backend node when the frontend connects through LMTP and IMAP: mailbox1 lmtp[29392]: connection from [10.101.4.251] preauth'd as postman mailbox1 lmtp[29402]: executed mailbox1 lmtp[29392]: accepted connection mailbox1 lmtp[29392]: connection from [10.101.4.251] preauth'd as postman mailbox1 imap[29381]: accepted connection mailbox1 imap[29381]: mydelete: starting txn 2147483730 mailbox1 imap[29381]: mydelete: committing txn 2147483730 mailbox1 imap[29381]: mystore: starting txn 2147483731 mailbox1 imap[29381]: mystore: committing txn 2147483731 mailbox1 imap[29381]: starttls: TLSv1 with cipher AES256-SHA (256/256 bits new) no authentication mailbox1 imap[29381]: badlogin: [10.101.4.251] PLAIN [SASL(-13): authentication failure: user cyrus_murder is not allowed to proxy] Here are my configuration files: --------Frontend Configuration------ #---cyrus.conf---# SERVICES { # add or remove based on preferences imap cmd="proxyd" listen="imap" prefork=5 imaps cmd="proxyd -s" listen="imaps" prefork=1 pop3 cmd="pop3d" listen="pop3" prefork=3 pop3s cmd="pop3d -s" listen="pop3s" prefork=1 sieve cmd="timsieved" listen="sieve" prefork=0 mupdate cmd="/usr/lib/cyrus-imapd/mupdate" listen=3905 prefork=1 lmtpunix cmd="lmtpproxyd" listen="/var/lib/imap/socket/lmtp" prefork=1 proto="udp" prefork=1 } #---imapd.conf---# configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: mailadmin sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem tls_ca_file: /usr/share/ssl/certs/ca-bundle.crt mupdate_port: 3905 mupdate_server: imapproxy mupdate_username: admin mupdate_authname: admin mupdate_password: xxxxxx proxy_authname: cyrus_murder mailbox1_password: xxxxxxx --------Backend Configuration------ #---cyrus.conf---# SERVICES { imap cmd="imapd" listen="imap" prefork=5 imaps cmd="imapd -s" listen="imaps" prefork=1 pop3 cmd="pop3d" listen="pop3" prefork=3 pop3s cmd="pop3d -s" listen="pop3s" prefork=1 sieve cmd="timsieved" listen="sieve" prefork=1 lmtp cmd="lmtpd -a" listen="lmtp" prefork=1 proto="udp" prefork=1 } #---imapd.conf---# configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: admin sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: saslauthd sasl_mech_list: plain tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem tls_ca_file: /usr/share/ssl/certs/ca-bundle.crt altnamespace: false berkeley_cachesize: 4096 mupdate_server: imapproxy mupdate_username: admin mupdate_authname: admin mupdate_password: xxxxxxxxx proxy_servers: cyrus_murder I know Cyrus-SASL is causing the problem on the Proxy Level and I need suggestions on how to setup SASL-Authentication for my murder Frontend nodes. Thanks. -------------------------------- Jack C. Xue Computing Services Systems Group Marshall University Drinko Library 423C 1 John Marshall Drive Huntington, WV 25755-5320 E-mail: xue at marshall.edu Phone: (304)696-6396 ---- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
