On 11/04/12 09:43 -0600, Dale J Chatham wrote: >my intent it so have postfix in the DMZ delivering to cyrus lmtp and >cyrus internal. > >I'd like to not have to have a map of users, but to use ideally sasldb >to determine users and passwords, but pam if necessary. I'd rather use >stock packages and avoid compiling from scratch. > >Distro is centos 6.3 > >I can't seem to get all the pieces talking to each other and have taken >a week reading everything I can find. This would seem to be a natural >way to run, but I can't find docs on it. > >If there is a FAQ out there, someone please point me to it. On 11/04/12 10:12 -0600, Dale J Chatham wrote: >I was hoping postfix could be configured to blindly forward to lmtp and >let lmtp authenticate. > >I lost a dual sendmail configuration where mail was received in the DMZ >and then forwarded to a sendmail internal. > >Perhaps I'm approaching this entirely wrong. On 11/04/12 10:32 -0600, Dale J Chatham wrote: >One more point. Can't one authenticate with saslauthd running on a >remote machine? > >So, could I: > >Internet DMZ Internal >======== ============= ============== >mail -> Postfix -> lmtp > ^ | | > | +--- + v > | | Cyrus-imapd > | | | > | | v > +-----------------+> saslauthd Cyrus can use saslauthd to authenticate both incoming lmtp and imap connections. By default both daemons should use the same authentication service, whether that's sasldb or saslauthd, or another source. Such a configuration might look like (on the Cyrus server): lmtp_admins: postfix_username sasl_mech_list: PLAIN LOGIN # Needed if authenticating with saslauthd sasl_minimum_layer: 0 allowplaintext: yes # Needed, unless you're using tls sasl_pwcheck_method: saslauthd Consult the Postfix documentation for how to specify the lmtp credentials. It's standard practice to enable smtp authentication on a postfix server, particularly if you have roaming users with email clients. As Andy pointed out, you may need to sync your authentication database between the two servers, unless your authentication database is network enabled, i.e. SQL or LDAP. Postfix can be configured to use cyrus sasl for smtp authentication (see saslfinger), -- Dan White ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus