On 03/07/12 14:55 +0200, Eero Hänninen wrote: >Hello, > >I'm new in murder setup. I got it almost to work but I have question, >is there way to use lmtp as preauthed so that no extra auth required? > >Currently, mail-relay host connects to frontend server successfully >(frontend server running lmtpproxyd with -a option and backend server >running lmtpd with -a option), but in log appears line: >Mar 7 13:33:10 front02 lmtp[79887]: couldn't authenticate to backend >server: no mechanism available >Mar 7 13:33:10 front02 lmtp[79887]: USAGE vaike401 user: 0.014101 sys: >0.000000 > >And when I do tcpdump between backend and frontend server, there seems >no auth like actions or something else: > >B: 220 back07 Cyrus LMTP Murder v2.4.13 server ready >F: LHLO lmtpproxyd >B: 250-mh7 >B: 250-8BITMIME >B: 250-ENHANCEDSTATUSCODES >B: 250-PIPELINING >B: 250-SIZE >B: 250-AUTH EXTERNAL >B: 250 IGNOREQUOTA >F: >B: 421 4.4.1 bye end of file reached > >In last frontend server seems send nothing to backend server and >backend server disconnects after that. lmtpproxyd is probably expecting to receive a: 250-AUTH <mech list> One roundabout way of supporting this would be to used the '*_sasl_pwcheck_method: alwaystrue' configuration on the backend (assuming that your sasl library was compiled with --enable-alwaystrue). On your backend, remove the '-a' option (or run a second lmtp instance that does not use -a). If your lmtp service name in /etc/cyrus.conf is 'lmtp', then add this in /etc/imapd.conf: proxyservers: <some_user> lmtp_sasl_pwcheck_method: alwaystrue lmtp_sasl_mech_list: plain lmtp_sasl_minimum_layer: 0 And on your frontend, configure 'proxy_authname: <some_user>', and a dummy password. There are obvious security problems with this approach that I assume you understand. -- Dan White ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
