headers
shabahang elmian | 14 Aug 2012 09:16
Picon
Favicon

Murder - MTA --> Auth required on frontend

Hello,
I have a problem on murder env.
Env:
1 MTA on postfix (redhat221)
1 frontend+Mupdate (redhat101)
2 backends (redhat103, redhat112)

if i pont the MTA to backend(mailbox_transport = lmtp:redhat101.example.com:2003), it works on the backend mail boxes.
but when pointing MTA to frontend ,its getting a error as follow:
Aug 14 10:39:59 localhost postfix/lmtp[5717]: 31E182408EF: to=<test112_1 <at> example.com>, relay=redhat101.example.com[10.131.57.101]:2003, delay=0.29, delays=0.12/0.01/0.16/0, dsn=4.0.0, status=deferred (host redhat101.example.com[10.131.57.101] said: 430 Authentication required (in reply to MAIL FROM command))


I would be thankful if you could help me on the problem.
Best regards,
Shabahang

-----------------------------------------
Config on frontend :
[root <at> redhat101 ~]# egrep -v "^#|^$" /etc/cyrus.conf 
START {
  # do not delete this entry!
  recover cmd="ctl_cyrusdb -r"
  # this is only necessary if using idled for IMAP IDLE
  idled cmd="/usr/lib/cyrus-imapd/idled"
}
SERVICES {
  # add or remove based on preferences
  mupdate       cmd="/usr/cyrus/bin/mupdate -m" listen=3905 prefork=1
  imap          cmd="proxyd" listen="imap" prefork=5
  imaps         cmd="proxyd -s" listen="imaps" prefork=1
  pop3          cmd="pop3d" listen="pop3" prefork=0
  pop3s         cmd="pop3d -s" listen="pop3s" prefork=0
  kpop          cmd="pop3d -k" listen="kpop" prefork=0
  nntp          cmd="/usr/lib/cyrus-imapd/nntpd" listen="nntp" prefork=0
  nntps         cmd="/usr/lib/cyrus-imapd/nntpd -s" listen="nntps" prefork=0
  sieve         cmd="timsieved" listen="sieve" prefork=0
  lmtp          cmd="/usr/cyrus/bin/lmtpproxyd" listen="0.0.0.0:lmtp" prefork=0
  # these are only necessary if receiving/exporting usenet via NNTP
  # at least one LMTP is required for delivery
  # this is only necessary if using notifications
}
EVENTS {
  # this is required
  checkpoint cmd="ctl_cyrusdb -c" period=30
  # this is only necessary if using duplicate delivery suppression,
  # Sieve or NNTP
  delprune cmd="cyr_expire -E 3" at=0400
  # this is only necessary if caching TLS sessions
  tlsprune cmd="tls_prune" at=0400
}
[root <at> redhat101 ~]# egrep -v "^#|^$" /etc/imapd.conf 
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN PLAIN+TLS LOGIN DIGEST-MD5 CRAM-MD5
tls_cert_file: /etc/pki/cyrus-imapd/server.pem
tls_key_file: /etc/pki/cyrus-imapd/server.pem
tls_ca_file: /etc/pki/cyrus-imapd/server.pem
tls_ca_path: /etc/pki/cyrus-imapd/
allowplaintext: yes
redhat112_password: password
redhat103_password: password
proxy_authname: cyrus
allowanonymouslogin: yes
lmtp_admins: cyrus
[root <at> redhat101 ~]# 
config on backend : 
[root <at> redhat103 ~]# egrep -v "^#|^$" /etc/cyrus.conf 
START {
  # do not delete this entry!
  recover cmd="ctl_cyrusdb -r"
  # this is only necessary if using idled for IMAP IDLE
  idled cmd="idled"
}
SERVICES {
  # add or remove based on preferences
  imap cmd="imapd" listen="imap" prefork=5
  imaps cmd="imapd -s" listen="imaps" prefork=1
  pop3 cmd="pop3d" listen="pop3" prefork=3
  pop3s cmd="pop3d -s" listen="pop3s" prefork=1
  sieve cmd="timsieved" listen="sieve" prefork=0
  # these are only necessary if receiving/exporting usenet via NNTP
  # at least one LMTP is required for delivery
  lmtp cmd="lmtpd -a" listen="0.0.0.0:lmtp" prefork=1
  lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1
  # this is only necessary if using notifications
}
EVENTS {
  # this is required
  checkpoint cmd="ctl_cyrusdb -c" period=30
  # this is only necessary if using duplicate delivery suppression,
  # Sieve or NNTP
  delprune cmd="cyr_expire -E 3" at=0400
  # this is only necessary if caching TLS sessions
  tlsprune cmd="tls_prune" at=0400
}
[root <at> redhat103 ~]# egrep -v "^#|^$" /etc/imapd.conf 
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus mupdateslave1 backend1
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd 
sasl_mech_list: PLAIN PLAIN+TLS
tls_cert_file: /etc/pki/cyrus-imapd/server.pem
tls_key_file: /etc/pki/cyrus-imapd/server.pem
tls_ca_file: /etc/pki/cyrus-imapd/server.pem
tls_ca_path: /etc/pki/cyrus-imapd/
allowplaintext: yes
allowanonymouslogin: yes
mupdate_server: redhat101
mupdate_username: cyrus
mupdate_authname: cyrus
mupdate_password: password
proxyservers: cyrus
proxy_password: password
lmtp_admins: cyrus
[root <at> redhat103 ~]# 

Config on MTA
[root <at> redhat221 ~]# grep lmtp /etc/postfix/main.cf |grep -v ^#
mailbox_transport = lmtp:redhat101.example.com:2003
lmtp_sasl_auth_enable = yes
lmtp_sasl_security_options = noanonymous
lmtp_sasl_password_maps = hash:/etc/postfix/lmtp_sasl_pass 
[root <at> redhat221 ~]# 
--------------------------------------------------------------





----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Permalink | Reply |
headers
Stephen Ingram | 14 Aug 2012 19:36
Picon

Re: Murder - MTA --> Auth required on frontend

On Tue, Aug 14, 2012 at 12:16 AM, shabahang elmian <eshabahang <at> yahoo.com> wrote:
> Hello,
> I have a problem on murder env.
> Env:
> 1 MTA on postfix (redhat221)
> 1 frontend+Mupdate (redhat101)
> 2 backends (redhat103, redhat112)
>
> if i pont the MTA to backend(mailbox_transport =
> lmtp:redhat101.example.com:2003), it works on the backend mail boxes.
> but when pointing MTA to frontend ,its getting a error as follow:
>
> Aug 14 10:39:59 localhost postfix/lmtp[5717]: 31E182408EF:
> to=<test112_1 <at> example.com>, relay=redhat101.example.com[10.131.57.101]:2003,
> delay=0.29, delays=0.12/0.01/0.16/0, dsn=4.0.0, status=deferred (host
> redhat101.example.com[10.131.57.101] said: 430 Authentication required (in
> reply to MAIL FROM command))
>
>
>
> I would be thankful if you could help me on the problem.
> Best regards,
> Shabahang
>
> -----------------------------------------
> Config on frontend :
> [root <at> redhat101 ~]# egrep -v "^#|^$" /etc/cyrus.conf
> START {
>   # do not delete this entry!
>   recover cmd="ctl_cyrusdb -r"
>   # this is only necessary if using idled for IMAP IDLE
>   idled cmd="/usr/lib/cyrus-imapd/idled"
> }
> SERVICES {
>   # add or remove based on preferences
>   mupdate       cmd="/usr/cyrus/bin/mupdate -m" listen=3905 prefork=1
>   imap          cmd="proxyd" listen="imap" prefork=5
>   imaps         cmd="proxyd -s" listen="imaps" prefork=1
>   pop3          cmd="pop3d" listen="pop3" prefork=0
>   pop3s         cmd="pop3d -s" listen="pop3s" prefork=0
>   kpop          cmd="pop3d -k" listen="kpop" prefork=0
>   nntp          cmd="/usr/lib/cyrus-imapd/nntpd" listen="nntp" prefork=0
>   nntps         cmd="/usr/lib/cyrus-imapd/nntpd -s" listen="nntps" prefork=0
>   sieve         cmd="timsieved" listen="sieve" prefork=0
>   lmtp          cmd="/usr/cyrus/bin/lmtpproxyd" listen="0.0.0.0:lmtp"
> prefork=0

You don't need 0.0.0.0, just lmtp      cmd=lmtpproxyd listen:lmtp" will do.

>   # these are only necessary if receiving/exporting usenet via NNTP
>   # at least one LMTP is required for delivery
>   # this is only necessary if using notifications
> }
> EVENTS {
>   # this is required
>   checkpoint cmd="ctl_cyrusdb -c" period=30
>   # this is only necessary if using duplicate delivery suppression,
>   # Sieve or NNTP
>   delprune cmd="cyr_expire -E 3" at=0400
>   # this is only necessary if caching TLS sessions
>   tlsprune cmd="tls_prune" at=0400
> }
> [root <at> redhat101 ~]# egrep -v "^#|^$" /etc/imapd.conf
> configdirectory: /var/lib/imap
> partition-default: /var/spool/imap
> admins: cyrus
> sievedir: /var/lib/imap/sieve
> sendmail: /usr/sbin/sendmail
> hashimapspool: true
> sasl_pwcheck_method: saslauthd
> sasl_mech_list: PLAIN PLAIN+TLS LOGIN DIGEST-MD5 CRAM-MD5
> tls_cert_file: /etc/pki/cyrus-imapd/server.pem
> tls_key_file: /etc/pki/cyrus-imapd/server.pem
> tls_ca_file: /etc/pki/cyrus-imapd/server.pem
> tls_ca_path: /etc/pki/cyrus-imapd/
> allowplaintext: yes
> redhat112_password: password
> redhat103_password: password
> proxy_authname: cyrus
> allowanonymouslogin: yes
> lmtp_admins: cyrus
> [root <at> redhat101 ~]#
> config on backend :
> [root <at> redhat103 ~]# egrep -v "^#|^$" /etc/cyrus.conf
> START {
>   # do not delete this entry!
>   recover cmd="ctl_cyrusdb -r"
>   # this is only necessary if using idled for IMAP IDLE
>   idled cmd="idled"
> }
> SERVICES {
>   # add or remove based on preferences
>   imap cmd="imapd" listen="imap" prefork=5
>   imaps cmd="imapd -s" listen="imaps" prefork=1
>   pop3 cmd="pop3d" listen="pop3" prefork=3
>   pop3s cmd="pop3d -s" listen="pop3s" prefork=1
>   sieve cmd="timsieved" listen="sieve" prefork=0
>   # these are only necessary if receiving/exporting usenet via NNTP
>   # at least one LMTP is required for delivery
>   lmtp cmd="lmtpd -a" listen="0.0.0.0:lmtp" prefork=1
>   lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1
>   # this is only necessary if using notifications

Two things wrong here. First, you only need one line. lmtpunix is for
listening on a unix socket. lmtp is for listening on a tcp
socket--this is the one you need if postfix is on another server.
Also, the -a is telling lmtp to use preauthorized connections. This is
not what you've told Postfix. Get rid of it. Make sure you tell Cyrus
your lmtp password in imapd.conf.

So, lmtp       cmd="lmtpd listen:lmtp" prefork=1     will work.

> }
> EVENTS {
>   # this is required
>   checkpoint cmd="ctl_cyrusdb -c" period=30
>   # this is only necessary if using duplicate delivery suppression,
>   # Sieve or NNTP
>   delprune cmd="cyr_expire -E 3" at=0400
>   # this is only necessary if caching TLS sessions
>   tlsprune cmd="tls_prune" at=0400
> }
> [root <at> redhat103 ~]# egrep -v "^#|^$" /etc/imapd.conf
> configdirectory: /var/lib/imap
> partition-default: /var/spool/imap
> admins: cyrus mupdateslave1 backend1
> sievedir: /var/lib/imap/sieve
> sendmail: /usr/sbin/sendmail
> hashimapspool: true
> sasl_pwcheck_method: saslauthd
> sasl_mech_list: PLAIN PLAIN+TLS
> tls_cert_file: /etc/pki/cyrus-imapd/server.pem
> tls_key_file: /etc/pki/cyrus-imapd/server.pem
> tls_ca_file: /etc/pki/cyrus-imapd/server.pem
> tls_ca_path: /etc/pki/cyrus-imapd/
> allowplaintext: yes
> allowanonymouslogin: yes
> mupdate_server: redhat101
> mupdate_username: cyrus
> mupdate_authname: cyrus
> mupdate_password: password
> proxyservers: cyrus
> proxy_password: password
> lmtp_admins: cyrus
> [root <at> redhat103 ~]#
>
> Config on MTA
> [root <at> redhat221 ~]# grep lmtp /etc/postfix/main.cf |grep -v ^#
> mailbox_transport = lmtp:redhat101.example.com:2003
> lmtp_sasl_auth_enable = yes
> lmtp_sasl_security_options = noanonymous
> lmtp_sasl_password_maps = hash:/etc/postfix/lmtp_sasl_pass

See, Postfix is trying to send a username and password to authenticate
itself to Cyrus. Make sure they both have the same username and
password information.

Steve
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Permalink | Reply |

Gmane