Thanks Ken That has solved my problem on the proxies they are now authenticating and passing on user logins
However the LMTPproxyd still has errors. auth.log on lmtpproxyd Jan 28 21:52:49 cetcb01-02-10 lmtpd[25675]: sql plugin trying to open db 'imapUsers' on host 'cyrus_sql:mysql' Jan 28 21:52:49 cetcb01-02-10 lmtpd[25675]: sql plugin Parse the username cyrus Jan 28 21:52:49 cetcb01-02-10 lmtpd[25675]: sql plugin try and connect to a host Jan 28 21:52:49 cetcb01-02-10 lmtpd[25675]: sql plugin trying to open db 'imapUsers' on host 'cyrus_sql:mysql' Jan 28 21:52:49 cetcb01-02-10 lmtpd[25675]: No worthy mechs found imapd.log on lmtpproxyd Jan 28 21:52:49 cetcb01-02-10 lmtpd[25675]: lmtpengine do_auth: sasl_client_start failed (SASL(-4): no mechanism available: No worthy mechs found) Jan 28 21:52:49 cetcb01-02-10 master[25634]: process 25675 exited, status 75 Jan 28 21:52:49 cetcb01-02-10 master[25634]: service lmtpd pid 25675 in BUSY state: terminated abnormally imapd.log on backend Jan 28 13:51:31 cetcb07-01-09 lmtp[30694]: accepted connection Jan 28 13:51:31 cetcb07-01-09 lmtp[30694]: connection from cetcb02-02-10 [10.18.13.95] Jan 28 13:51:31 cetcb07-01-09 master[30706]: about to exec /usr/cyrus/bin/lmtpd Jan 28 13:51:31 cetcb07-01-09 lmtp[30706]: executed Should I change the conf file for imapd cyrus to start TLS on lmtp? Thanks Iain Iain Gray Sony Computer Entertainment Europe http://www.scee.com Ken Murchison <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 27/01/2004 17:33 To [EMAIL PROTECTED] cc [EMAIL PROTECTED] Subject Re: proxyd and authenticating with the backend servers [EMAIL PROTECTED] wrote: > HI > > I am having a problem with cyrus murder setup. > > I have these configured machines > > 2 frontend machines running proxyd and mupdate slaves > 2 backend machines running imapd and lmtpd > 1 mupdate master running lmtpproxyd > I am using sql for a password db > > I can happily log in to the fe servers and see user mailboxes. Also I can > log into the back end machines and retrieve mail . I can also deliver mail > to the backend machines. > > What I am having trouble with is when I try and read any mailboxes from > the front end machines then I get this error in the logs > > Jan 27 16:46:24 cetcb13-01-09 proxyd[5356]: login: > cetcfw006h.inline.scee.com[10.18.13.10] bigbigray plaintext+TLS > Jan 27 16:46:26 cetcb13-01-09 proxyd[5356]: couldn't authenticate to > backend server: no mechanism available > > If i run imtest from the front end machines either with or without TLS i > can log in and see mail as below. Also if I deliver mail to either of the > backends directly to the lmtpd then that is fine. > > The problem seems to be with proxyd and lmtpd not authenticating as the > rest does. > > I guess that this is because I am using PLAIN passwords and this is > disabled unless using TLS. > > Is there a way to enable TLS with proxyd and lmtpproxyd or am i just > completely wrong. You are correct, if you are only using plaintext authentication, then you'll need the frontend to use STARTTLS on the backend. Unfortunately, support for this is not in the 2.1 series. You can either upgrade to 2.2.3 or try to backport the STARTTLS patch to 2.1.16. Here is the relevent patchset info: PatchSet 4559 Date: 2002/12/13 19:28:37 Author: ken3 Log: added client-side STARTTLS for frontend to backend authentication when needed (still need to do something for the cert and key) Members: imap/backend.c:1.7.6.6->1.7.6.7 [cyrus-imapd-2_2] imap/backend.h:1.3.6.3->1.3.6.4 [cyrus-imapd-2_2] imap/tls.c:1.38.4.3->1.38.4.4 [cyrus-imapd-2_2] imap/tls.h:1.15.4.1->1.15.4.2 [cyrus-imapd-2_2] PatchSet 4769 Date: 2003/02/19 17:09:47 Author: ken3 Log: don't compile STARTTLS support unless we have OpenSSL Members: imap/backend.c:1.7.6.15->1.7.6.16 [cyrus-imapd-2_2] imap/backend.h:1.3.6.9->1.3.6.10 [cyrus-imapd-2_2] -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp ForwardSourceID:NT0000FDAA ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify [EMAIL PROTECTED] This footnote also confirms that this email message has been checked for all known viruses. ********************************************************************** SCEE 2004
