Solved

Cyrus setup on RHEL + other configuration Q's

Posted on 2004-03-23
23
807 Views
Last Modified: 2013-12-06
I've just done a "everything" install of Whitebox Linux on a server I plan to put into production.

( firstly, comments on my choice of whitebox vs free alternatives such as fedora, mandrake etc)

Now then, I've used jlevie's installation instructions for sendmail/cyrus on his page at entrophy-free.net ( Jim, if you're reading, I found a couple of things...)

I'm having difficulties with configuring my sendmail.mc file to wor with cyrus, I include the version that comes with WBL along with the changes I made:
Assuming my FQDN for this machine will be www.xxx.yyy, plz help me to change below to work with Cyrus. Also, plz explain the options related to non-resolvable domains and the issues (my users will all have normal dial-ups etc)

 [root@zen mail]# cat sendmail.mc
divert(-1)dnl
dnl #
dnl # This is the sendmail macro config file for m4. If you make changes to
dnl # /etc/mail/sendmail.mc, you will need to regenerate the
dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is
dnl # installed and then performing a
dnl #
dnl #     make -C /etc/mail
dnl #
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`Cyrus/SASL for Red Hat Linux')dnl
OSTYPE(`linux')dnl
dnl #
dnl # Uncomment and edit the following line if your outgoing mail needs to
dnl # be sent out through an external mail server:
dnl #
dnl define(`SMART_HOST',`smtp.your.provider')
dnl #
define(`confDEF_USER_ID',``8:12'')dnl
dnl define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`confTRUSTED_USER', `cyrus')dnl
define(`confLOCAL_MAILER', `cyrusv2')dnl

define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
dnl define(`STATUS_FILE', `/etc/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
dnl #
dnl # The following allows relaying if the user authenticates, and disallows
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl #
dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl #
dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.
dnl #
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl #
dnl # Rudimentary information on creating certificates for sendmail TLS:
dnl #     make -C /usr/share/ssl/certs usage
dnl #
dnl define(`confCACERT_PATH',`/usr/share/ssl/certs')
dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')
dnl #
dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
dnl # slapd, which requires the file to be readble by group ldap
dnl #
dnl define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl
dnl #
dnl define(`confTO_QUEUEWARN', `4h')dnl
dnl define(`confTO_QUEUERETURN', `5d')dnl
dnl define(`confQUEUE_LA', `12')dnl
dnl define(`confREFUSE_LA', `18')dnl
define(`confTO_IDENT', `0')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`no_default_msa',`dnl')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
dnl #
dnl # The -t option will retry delivery if e.g. the user runs over his quota.
dnl #
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl #
dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 465, but
dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
dnl #
dnl # For this to work your OpenSSL certificates must be configured.
dnl #
dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
dnl #
dnl # The following causes sendmail to additionally listen on the IPv6 loopback
dnl # device. Remove the loopback address restriction listen to the network.
dnl #
dnl # NOTE: binding both IPv4 and IPv6 daemon to the same port requires
dnl #       a kernel patch
dnl #
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
dnl #
dnl # We strongly recommend not accepting unresolvable domains if you want to
dnl # protect yourself from spam. However, the laptop and users on computers
dnl # that do not have 24x7 DNS do need this.
dnl #
FEATURE(`accept_unresolvable_domains')dnl
dnl #
dnl FEATURE(`relay_based_on_MX')dnl
dnl #
dnl # Also accept email sent to "localhost.localdomain" as local email.
dnl #
LOCAL_DOMAIN(`localhost.localdomain')dnl
dnl #
dnl # The following example makes mail from this host and any additional
dnl # specified domains appear to be sent from mydomain.com
dnl #
dnl MASQUERADE_AS(`mydomain.com')dnl
dnl #
dnl # masquerade not just the headers, but the envelope as well
dnl #
dnl FEATURE(masquerade_envelope)dnl
dnl #
dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
dnl #
dnl FEATURE(masquerade_entire_domain)dnl
dnl #
dnl MASQUERADE_DOMAIN(localhost)dnl
dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl
dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
define(`CYRUSV2_MAILER_FLAGS', `uA@/:|m')dnl
MAILER(smtp)dnl
MAILER(cyrusv2)dnl


Note for Jim:
Jim, your installation notes for cyrus seems to lack the creation of a /var/spool/imap/proc folder. Also, I'm getting strange errors in the cyruslog file after install:

tail cyruslog
Mar 23 22:32:05 zen lmtpunix[4443]: DBERROR: opening /var/spool/imap/config/deliver.db: cyrusdb error
Mar 23 22:32:05 zen lmtpunix[4443]: FATAL: lmtpd: unable to init duplicate delivery database
Mar 23 22:32:05 zen master[2745]: process 4443 exited, status 75
Mar 23 22:32:05 zen master[2745]: service lmtpunix pid 4443 in READY state: terminated abnormally
Mar 23 22:32:05 zen master[4444]: about to exec /usr/cyrus/bin/lmtpd
Mar 23 22:32:05 zen lmtpunix[4444]: DBERROR db4: /var/spool/imap/config/db/__db.001: No such file or directory
Mar 23 22:32:05 zen lmtpunix[4444]: DBERROR: dbenv->open '/var/spool/imap/config/db' failed: No such file or directory
Mar 23 22:32:05 zen lmtpunix[4444]: DBERROR: init() on berkeley
Mar 23 22:32:05 zen lmtpunix[4444]: DBERROR: reading /var/spool/imap/config/db/skipstamp, assuming the worst: No such file or directory
Mar 23 22:32:05 zen lmtpunix[4444]: executed

tail messages
Mar 23 22:33:18 zen master[2745]: service lmtpunix pid 4670 in READY state: terminated abnormally
Mar 23 22:33:18 zen lmtpunix[4671]: DBERROR db4: /var/spool/imap/config/db/__db.001: No such file or directory
Mar 23 22:33:18 zen lmtpunix[4671]: DBERROR: dbenv->open '/var/spool/imap/config/db' failed: No such file or directory
Mar 23 22:33:18 zen lmtpunix[4671]: DBERROR: init() on berkeley
Mar 23 22:33:18 zen lmtpunix[4671]: DBERROR: reading /var/spool/imap/config/db/skipstamp, assuming the worst: No such file or directory
Mar 23 22:33:18 zen lmtpunix[4671]: DBERROR db4: environment not yet opened
Mar 23 22:33:18 zen lmtpunix[4671]: DBERROR: opening /var/spool/imap/config/deliver.db: Invalid argument
Mar 23 22:33:18 zen lmtpunix[4671]: DBERROR: opening /var/spool/imap/config/deliver.db: cyrusdb error
Mar 23 22:33:18 zen lmtpunix[4671]: FATAL: lmtpd: unable to init duplicate delivery database
Mar 23 22:33:19 zen master[2745]: service lmtpunix pid 4671 in READY state: terminated abnormally

I'm sure it's also due to these errors that the cyruslog and messages log grows to more than a gig each in just 4 days running???



0
Comment
Question by:psimation
  • 13
  • 10
23 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 10661652
What version of Cyrus did you use?
0
 
LVL 17

Author Comment

by:psimation
ID: 10661727
The latest version available: 2.2.3
( Yes I know, your installation instructions are for an earlier version, but the installation of Cyrus has greatly remained the same?)
0
 
LVL 17

Author Comment

by:psimation
ID: 10674776
I've returned to take a public flogging...

Jim
As per usual, you are quite right; I reverted to an earlier build ( the last 2.1.x version), and all works fine now. I will READ the install files of 2.2.x as my well deserved punnishment for making assumptions...
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 40

Accepted Solution

by:
jlevie earned 500 total points
ID: 10823816
FYI: I've updated my page on Cyrus install (http://www.entrophy-free.net/mail-server-el.html)
0
 
LVL 17

Author Comment

by:psimation
ID: 10827782
Thanks Jim

All seems to be running smoothly now!
0
 
LVL 17

Author Comment

by:psimation
ID: 10863440
Hi Jim, hope you still follow this thread:

Just a quick one; I have 2.2.3 running like a dream, but I noticed that on my old system, all the users were located in their own folders on:
/var/spool/imap/user

However, on the new cyrus, it seems to be

/var/spool/imap/mail/X/user/

where X = {a,b,c...z};
Is this a "feature", or is this dictated by a .conf setting ,build parameter or more likely, the lack of grey matter in my cranial cavity?
I find it much more difficult to keep track of the mailboxes this way? If it's a "feature", is there a way to change it to the "good ol' days" ( except for the obvious way of sticking with 2.0.dinosaur)?

Thanks
0
 
LVL 40

Expert Comment

by:jlevie
ID: 10863611
That's the new user hash scheme that started with 2.1.something. And no I don't know how you could configure it to revert to the old hash scheme.
0
 
LVL 17

Author Comment

by:psimation
ID: 10937833
Jim,
hopefully the last time I "abuse" this closed question:

When sending mail , I get errors saying that the server rejected plaintext as an authentication method, yet, as you can see per my imapd.conf file:

configdirectory:      /var/spool/imap/config
partition-default:    /var/spool/imap/mail
lmtpsocket:           /var/spool/imap/socket/lmtp
sievedir:             /var/spool/imap/sieve
sieveusehomedir:      false
duplicate_db:         skiplist
hashimapspool:        true
sendmail:             /usr/sbin/sendmail
sasl_pwcheck_method:  auxprop
sasl_mech_list:       CRAM-MD5 DIGEST-MD5 PLAIN LOGIN
allowplaintext:       yes
postmaster:           postmaster@psimation.com
admins:               cyrus

Even when I do a "check for supported types" with Evolution, it only shows Cram-MD5 etc, but no Plain.

Is this something one must select at build time? I wouldn't mind NOT using plaintext as authentication, but most of my users are Windows users, and it seems outlook does not have that feature. Also, even if i select Cram-MD5, whenever I try to send with a new account on this box, i immediately get a "relaying denied" message as if it is not authenticating?
Can you give me some pointers please?
0
 
LVL 40

Expert Comment

by:jlevie
ID: 10940164
Authentication for sending mail has nothing to do with what is in the imapd.conf file. In the case of Sendmail that is strictly controlled by sendmail.mc/cf and /usr/lib/sasl2/Sendmail.conf. Since PLAIN and LOGIN isn't available to the clients I'd guess that your sendmail.mc file includes:

define(`confAUTH_OPTIONS', `A p')dnl

which retricts PLAIN and LOGIN to TLS connections. Changing that to:

define(`confAUTH_OPTIONS', `A')dnl

will allow those methods over un-encrypted connections.
0
 
LVL 17

Author Comment

by:psimation
ID: 10940800
Hi Jim
OK, I changed that, built a new sendmail.cf and restarted sendmail, guess what??? Same thing. Won't take give plaintext as an option for auth, and still says relaying denied.

Now, I have used cram-md5 for receiving and sending auth, but that still says relaying denied, so it looks like the problems are not directly related, ie, the even if I got the plain text to work, the relaying denied would persist?
0
 
LVL 40

Expert Comment

by:jlevie
ID: 10941597
I'm assuming that mail.psimation.com is your mail server, correct? Something still isn't quite right with your sendmail.mc since a 'telnet mail.psimation.com 25' only shows:

250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5

as allowed methods. For your environment the correct directives in sendmail.mc would be:

define(`confAUTH_OPTIONS', `A')dnl
dnl #
dnl # The following allows relaying if the user authenticates, and disallows
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl #
dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl #
dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.
dnl #
TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

With that correctly in sendmail.mc, a new sendmail.cf generated, and sendmail restarted connecting to the SMTP port and issuing a 'ehlo localhost.localdomain' will show:

250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN

Simple clients (like Outlook) will then be able to autheticate and once authenticated sendmail will allow them to relay through the server.
0
 
LVL 17

Author Comment

by:psimation
ID: 10941786
This is the sendmail.mc I use to create sendmail.cf.
I can't understand it, it clearly shows the auth mechs there, but still, no plaintext... Could this mc file be "incompatible" with my version of sendmail (8.12.10)?

I've marked the 2 lines I commented out with <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<


**********************************************************************************************************************************
divert(-1)dnl
dnl #
dnl # This is the sendmail macro config file for m4. If you make changes to
dnl # /etc/mail/sendmail.mc, you will need to regenerate the
dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is
dnl # installed and then performing a
dnl #
dnl #     make -C /etc/mail
dnl #
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`Cyrus/SASL for Red Hat Linux')dnl
OSTYPE(`linux')dnl
dnl #
dnl # Uncomment and edit the following line if your outgoing mail needs to
dnl # be sent out through an external mail server:
dnl #
dnl define(`SMART_HOST',`smtp.your.provider')
dnl #
define(`confDEF_USER_ID',``8:12'')dnl
define(`confTRUSTED_USER', `smmsp')dnl
define(`confTRUSTED_USER', `cyrus')dnl
define(`confLOCAL_MAILER', `cyrusv2')dnl
dnl define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/etc/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
dnl #
dnl # The following allows relaying if the user authenticates, and disallows
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl #
dnl define(`confAUTH_OPTIONS', `A')dnl  <<<<<<<<<<<<<<<<<<<<< this one had a "p", but I removed it...
dnl #
dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.
dnl #
dnl TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl #
dnl # Rudimentary information on creating certificates for sendmail TLS:
dnl #     make -C /usr/share/ssl/certs usage
dnl #
dnl define(`confCACERT_PATH',`/usr/share/ssl/certs')
dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')
dnl #
dnl define(`confTO_QUEUEWARN', `4h')dnl
dnl define(`confTO_QUEUERETURN', `5d')dnl
define(`confQUEUE_LA', `8')dnl
define(`confREFUSE_LA', `16')dnl
define(`confTO_IDENT', `0')dnl
dnl #
dnl # Set Mail restrictions as you see fit...
dnl #
define(`confMAX_MESSAGE_SIZE', `50000000')dnl
define(`confMAX_RCPTS_PER_MESSAGE', `50')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`no_default_msa',`dnl')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
dnl # FEATURE(`genericstable',`hash -o /etc/mail/genericstable.db')dnl     <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
dnl # GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')dnl       <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl #
dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 465, but
dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
dnl #
dnl # For this to work your OpenSSL certificates must be configured.
dnl #
dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
dnl #
dnl # The following causes sendmail to additionally listen on the IPv6 loopback
dnl # device. Remove the loopback address restriction listen to the network.
dnl #
dnl # NOTE: binding both IPv4 and IPv6 daemon to the same port requires
dnl #       a kernel patch
dnl #
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
dnl #
dnl FEATURE(`relay_based_on_MX')dnl     <<<<<<<<<<<<<<<<<<<<<<<is this applicable to me???
dnl #
dnl # Also accept email sent to "localhost.localdomain" as local email.
dnl #
LOCAL_DOMAIN(`localhost.localdomain')dnl
dnl #
dnl # The following example makes mail from this host and any additional
dnl # specified domains appear to be sent from mydomain.com
dnl #
MASQUERADE_AS(`your-domain.tld')dnl
dnl #
dnl # masquerade not just the headers, but the envelope as well
dnl #
FEATURE(masquerade_envelope)dnl
dnl #
dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
dnl #
FEATURE(masquerade_entire_domain)dnl
dnl
FEATURE(`local_lmtp')dnl
FEATURE(`preserve_local_plus_detail')dnl
dnl #
dnl # To deliver to mixed case subfolders uncomment the next line.
dnl #
define(`CYRUSV2_MAILER_FLAGS', `uA@/:|m')dnl
MAILER(cyrusv2)dnl
MAILER(local)dnl
dnl
MAILER(smtp)dnl
****************************************************************************************************************

I first tried to use the default .mc file that came with WBL, but that also did not work, so I used yours.


0
 
LVL 40

Expert Comment

by:jlevie
ID: 10941999
These:

dnl TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

are still commented out. Remove "dnl " from the beginning of each line. And you can take GSSAPI out of the
seond line since that method isn't usable in your setup and can just confuse clients.
0
 
LVL 17

Author Comment

by:psimation
ID: 10942122
Oh my word....

I swear, for all this time I was under the impression that the "dnl" was like some kind of "new line" statement, and that there had to be a # for it to be a comment...

Oh my word....

Well, as per usual, thanks to you, things are working PERFECTLY now....

What can I say, Thanks Jim, you thine saviour of mine bacon ...
0
 
LVL 17

Author Comment

by:psimation
ID: 10946718
Hi Jim
Are these db errors anything to worry about? Everything seems to be working fine???

Apr 28 23:16:30 zen ctl_cyrusdb[16547]: DBERROR: error listing log files: DB_NOTFOUND: No matching key/data pair found
Apr 28 23:16:30 zen ctl_cyrusdb[16547]: DBERROR: archive /var/imap/config/db: cyrusdb error
Apr 28 23:16:30 zen ctl_cyrusdb[16547]: done checkpointing cyrus databases
Apr 28 23:46:30 zen ctl_cyrusdb[16574]: checkpointing cyrus databases
Apr 28 23:46:30 zen ctl_cyrusdb[16574]: DBERROR: error listing log files: DB_NOTFOUND: No matching key/data pair found
Apr 28 23:46:30 zen ctl_cyrusdb[16574]: DBERROR: archive /var/imap/config/db: cyrusdb error
Apr 28 23:46:30 zen ctl_cyrusdb[16574]: done checkpointing cyrus databases
Apr 29 00:16:30 zen ctl_cyrusdb[16593]: checkpointing cyrus databases
0
 
LVL 40

Expert Comment

by:jlevie
ID: 10953691
One can see these errors  on a newly installed Cyrus mail server where there's not yet data in all of the DB's.
Is that the case here?
0
 
LVL 17

Author Comment

by:psimation
ID: 10953929
Well, I only have 4 test mailboxes atm, but the domain is "live" so there are quite a bit mail coming in already.
I've just had a look at the log now, and it looks better, only the checkpointing bit's are there, no errors yet, I will keep checking, hopefully it was just that...
Thanks
0
 
LVL 40

Expert Comment

by:jlevie
ID: 10954019
The checkpoints occur at regular intervals and are supposed to there. The DB errors usually dissappear after a day or so
0
 
LVL 17

Author Comment

by:psimation
ID: 10967484
Hi Jim
All is now fine and no more DB errors, however, windows users cannot authenticate when trying to send, and the log says this:
May  1 15:45:49 zen saslauthd[2952]: do_auth         : auth failure: [user=xxx1] [service=smtp] [realm=] [mech=shadow] [reason=Unknown]

It looks like for some reason Outlook 2003 has a "shadow" mech for sending the password? Can this be fixed ( I can't see anywhere in outlook where you can specify the password type)?  
0
 
LVL 40

Expert Comment

by:jlevie
ID: 10967851
That sounds like /usr/lib/sasl2/Sendmail.conf contains"pwcheck_method: saslauthd" instead of "pwcheck_method: auxprop".
Change that and Sendmail will authenticate against sasldb
0
 
LVL 17

Author Comment

by:psimation
ID: 10968653
Works like a charm....
Thanks
0
 
LVL 40

Expert Comment

by:jlevie
ID: 10969036
And you'd expect anything otherwise???
0
 
LVL 17

Author Comment

by:psimation
ID: 10970833
LOL, not really, only other thing I expected was that there was even more that I messed up somehow...But, touch wood, at the moment, all seems to be running without any problems...
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will explain how to establish a SSH connection to Ubuntu through the firewall and using a different port other then 22. I have set up a Ubuntu virtual machine in Virtualbox and I am running a Windows 7 workstation. From the Ubuntu vi…
Fine Tune your automatic Updates for Ubuntu / Debian
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question