Re: LMTP said: 550-Mailbox unknown or you do not have authorization to see it

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Well, I did not make any discoveries. I was trying not to make everyone look at my configs but that seems to be my next step.

FILE: /etc/saslauthd.conf
------------------------------------------------------
ldap_servers: ldap://ldap.example.com
ldap_search_base: ou=people,dc=example,dc=com
ldap_filter: uid=%U

FILE: /etc/cyrus.conf
------------------------------------------------------
START {
  # do not delete this entry!
  recover       cmd="ctl_cyrusdb -r"
}
SERVICES {
  # add or remove based on preferences
  imap          cmd="imapd" listen="imap" prefork=5
  imaps         cmd="imapd -s" listen="imaps" prefork=1
  # these are only necessary if receiving/exporting usenet via NNTP
  # these are only necessary if using HTTP for CalDAV, CardDAV, or RSS
  # at least one LMTP is required for delivery
  lmtpunix      cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1
  # this is only necessary if using notifications
}
EVENTS {
  # this is required
  checkpoint    cmd="ctl_cyrusdb -c" period=30
  # this is only necessary if using duplicate delivery suppression,
  # Sieve or NNTP
  delprune      cmd="cyr_expire -E 3" at=0400
  # Expire data older than 28 days.
  deleteprune   cmd="cyr_expire -E 4 -D 28" at=0430
  expungeprune  cmd="cyr_expire -E 4 -X 28" at=0445
  # this is only necessary if caching TLS sessions
  tlsprune      cmd="tls_prune" at=0400
}
DAEMON {
  # this is only necessary if using idled for IMAP IDLE
}

FILE: /etc/cyrus.conf
------------------------------------------------------
admins: cyrus
configdirectory: /var/lib/imap
proc_path: /var/lib/imap/proc
mboxname_lockpath: /var/lib/imap/lock
duplicate_db_path: /var/lib/imap/db/deliver.db
ptscache_db_path:  /var/lib/imap/db/ptscache.db
statuscache_db_path: /var/lib/imap/db/statuscache.db
tls_sessions_db_path: /var/lib/imap/db/tls_sessions.db
defaultpartition: default
partition-default: /var/spool/imap
sievedir: /var/lib/imap/sieve
lmtpsocket: /var/lib/imap/socket/lmtp
idlesocket: /var/lib/imap/socket/idle
notifysocket: /var/lib/imap/socket/notify
syslog_prefix: cyrus
hashimapspool: true
virtdomains: off
popminpoll: 1
conversations: 1
conversations_db: twoskip
specialusealways: 1
allowplaintext: 0
sasl_pwcheck_method: saslauthd
sasl_auto_transition: no
tls_server_cert: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_server_key: /etc/pki/cyrus-imapd/cyrus-imapd.key
tls_client_ca_dir: /etc/ssl/certs
tls_session_timeout: 1440
tls_ciphers: TLSv1+HIGH:!aNULL:!eNULL:!LOW:!MD5:!EXPORT:!DES:!3DES:!RC4:@STRENGTH
tls_prefer_server_ciphers: 1
tls_versions: tls1_2
allowanonymouslogin: no
serverinfo: off

Test login results:

Test SaslAuthd
------------------------------------------------------
~$ testsaslauthd -u testuser -p 'NOT_FOR_DISPLAY'
0: OK "Success."

Test imap
------------------------------------------------------
~$ imtest -m login -u testuser -a testuser -t "" localhost
S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS LOGINDISABLED AUTH=GSS-SPNEGO AUTH=GSSAPI SASL-IR] server ready
C: S01 STARTTLS
S: S01 OK Begin TLS negotiation now
verify error:num=18:self signed certificate
TLS connection established: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
C: C01 CAPABILITY
S: * CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SEARCH=FUZZY SORT SORT=MODSEQ SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT THREAD=REFERENCES THREAD=REFS ANNOTATEMORE ANNOTATE-EXPERIMENT-1 METADATA LIST-EXTENDED LIST-STATUS LIST-MYRIGHTS LIST-METADATA WITHIN QRESYNC SCAN XLIST XMOVE MOVE SPECIAL-USE CREATE-SPECIAL-USE DIGEST=SHA1 X-REPLICATION URLAUTH URLAUTH=BINARY AUTH=GSS-SPNEGO AUTH=GSSAPI AUTH=PLAIN AUTH=LOGIN SASL-IR XCONVERSATIONS COMPRESS=DEFLATE X-QUOTA=STORAGE X-QUOTA=MESSAGE X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS IDLE
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN testuser {9}
S: + go ahead
C: <omitted>
S: L01 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SEARCH=FUZZY SORT SORT=MODSEQ SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT THREAD=REFERENCES THREAD=REFS ANNOTATEMORE ANNOTATE-EXPERIMENT-1 METADATA LIST-EXTENDED LIST-STATUS LIST-MYRIGHTS LIST-METADATA WITHIN QRESYNC SCAN XLIST XMOVE MOVE SPECIAL-USE CREATE-SPECIAL-USE DIGEST=SHA1 X-REPLICATION URLAUTH URLAUTH=BINARY LOGINDISABLED AUTH=GSS-SPNEGO AUTH=GSSAPI AUTH=PLAIN AUTH=LOGIN XCONVERSATIONS COMPRESS=DEFLATE X-QUOTA=STORAGE X-QUOTA=MESSAGE X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS IDLE] User logged in SESSIONID=<cyrus-422568-1602786511-1-7349358803894201420>
Authenticated.
Security strength factor: 256
^CC: Q01 LOGOUT
Connection closed.

Test LMTP
------------------------------------------------------
~$ sudo -u postfix swaks --to testuser@xxxxxxxxxxx --socket /var/lib/imap/socket/lmtp --protocol LMTP
[sudo] password for XXXXXXXX:
=== Trying /var/lib/imap/socket/lmtp...
=== Connected to /var/lib/imap/socket/lmtp.
<-  220 XXXXXXXXXXXXXXXXXXXXXXXXXX server ready
 -> LHLO XXXXXXXXXXXXXXXXXXXXXXXXXX
<-  250-XXXXXXXXXXXXXXXXXXXXXXXXXX
<-  250-8BITMIME
<-  250-ENHANCEDSTATUSCODES
<-  250-PIPELINING
<-  250-SIZE
<-  250-AUTH EXTERNAL
<-  250-IGNOREQUOTA
<-  250 Ok SESSIONID=<cyrus-422719-1602786735-1-4293443568200236992>
 -> MAIL FROM:<postfix@XXXXXXXXXXXXXXXXXXXXXXXXXX>
<-  250 2.1.0 ok
 -> RCPT TO:<testuser@xxxxxxxxxxx>
<** 550-Mailbox unknown.  Either there is no mailbox associated with this
<** 550-name or you do not have authorization to see it.
<** 550 5.1.1 User unknown
 -> QUIT
<-  221 2.0.0 bye
=== Connection closed with remote host.


Notes:
I did notice a difference in the LMTP response from our current production system. The current production system includes the following in the response:

<-  250-STARTTLS

I do not see that on the new system (Response shown above) with the same configuration. Curious why or if that has anything to do with it. I am using a self-signed cert on the new system for testing purposes. Is that why? Do I need to tell LMTP to accept the cert somehow?

Thanks

-Ez

On Thu, Oct 15, 2020 at 9:32 AM Ezsra McDonald <ezsra.mcdonald@xxxxxxxxx> wrote:
Sebastian,
Thank you for the response.

I have never heard of this tool but it looks interesting. I will give it a try.

Will let you all know if I find anything.

-Ez


On Thu, Oct 15, 2020 at 9:28 AM Sebastian Hagedorn <Hagedorn@xxxxxxxxxxxx> wrote:

Am 15.10.20 um 15:49 schrieb Ezsra McDonald:
> I wonder if there is a way to test LMTP manually to verify LMTP can see
> the imap accounts? I have not done much with LMTP because it always
> worked for us in the past.

My favorite tool for mail delivery testing is swaks. You can test LMTP
this way:

swaks --to YOUR-TEST-USER --socket /var/lib/imap/socket/lmtp --protocol LMTP

--
    .:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:.
                 .:.Regionales Rechenzentrum (RRZK).:.
   .:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:.

[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux