-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi, all.
When setting up imapd, I've become accustomed to setting the imapd.conf
servername option to the name of the SASL realm that I am serving for,
regardless of the server's actual hostname. For example, if I'm running
imapd on machine.x.com and my realm is x.com, I would configure
servername to match the latter and live with it.
However, in the process of performing a fresh 2.2.8 install, I got a bug
in my ear to experiment a bit. My environment consists of a FreeBSD
5.2.1-RELEASE-p9 machine with one NIC (192.168.0.1) configured with
multiple IP aliases (192.168.0.2, 192.168.0.3, etc.).
Based on my understanding of the documentation, if I were to enable
virtual domains, imapd would report a different FQDN for each
*interface* connection (e.g., mail.x.com for 192.168.0.2 or mail2.x.com
for 192.168.0.3), regardless of the actual *hostname* of that machine
(machine.x.com/192.168.0.1) and have unqualified usernames use a default
domain that is formed by truncating the FQDN (e.g., to x.com).
I've configured servername, virtdomains, and defaultdomain in the
following combinations:
servername: mail.x.com
virtdomains: yes
defaultdomain: x.com
servername: mail.x.com
virtdomains: yes
defaultdomain: x.com
servername: mail.x.com
defaultdomain: x.com
I've tried running imtest with the following options for each of the
above combinations. Neither have worked unless servername matches the
SASL realm and the other two options are unset.
[EMAIL PROTECTED]:~> imtest -m login -a acc mail.x.com
[EMAIL PROTECTED]:~> imtest -m login -a acc -r x.com mail.x.com
Also worth mentioning is the fact that I refrained from using cyradm and
instead created the user with saslpasswd2. Could this be my problem?
It would seem that either I am doing something wrong, imapd doesn't
support interface aliases, or virtual domain support is broken. Before
submitting a bug report, however, I'd like to know that I'm not just
missing something.
Here is a diff, showing my edits on the imapd.conf shipped with the
FreeBSD port, followed by my edits on cyrus.conf and non-default
settings found in the shipped imapd.conf. Not much has been changed.
[EMAIL PROTECTED]:~> diff /usr/ports/mail/cyrus-imapd22/files/imapd.conf
/usr/local/etc/imapd.conf
49c49
< #servername: <result returned by gethostname(2)>
- ---
> #servername: mail.x.com
236c236
< #sendmail: /usr/sbin/sendmail
- ---
> sendmail: /usr/local/sbin/sendmail
320c320
< #sasl_mech_list: cram-md5 digest-md5
- ---
> sasl_mech_list: digest-md5 cram-md5 plain
412a413,415
>
> virtdomains: yes
> defaultdomain: x.com
[EMAIL PROTECTED]:~> diff
/usr/ports/mail/cyrus-imapd22/work/cyrus-imapd-2.2.8/master/conf/normal.conf
/usr/local/etc/cyrus.conf
14,18c14,18
< imap cmd="imapd" listen="imap" prefork=0
< imaps cmd="imapd -s" listen="imaps" prefork=0
< pop3 cmd="pop3d" listen="pop3" prefork=0
< pop3s cmd="pop3d -s" listen="pop3s" prefork=0
< sieve cmd="timsieved" listen="sieve" prefork=0
- ---
> imap cmd="imapd" listen="mail.x.com:imap" prefork=0
> # imaps cmd="imapd -s" listen="mail.x.com:imaps" prefork=0
> # pop3 cmd="pop3d" listen="pop3" prefork=0
> # pop3s cmd="pop3d -s" listen="pop3s" prefork=0
> # sieve cmd="timsieved" listen="sieve" prefork=0
[EMAIL PROTECTED]:~> grep '^[^#]' /usr/ports/mail/cyrus-imapd22/files/imapd.conf
configdirectory: /var/imap
partition-default: /var/spool/imap
sieveusehomedir: false
sievedir: /var/imap/sieve
sasl_pwcheck_method: auxprop
[EMAIL PROTECTED]:~>
And here is the output from a few commands under this configuration.
Note that although the user exists and the interface reverse-resolves to
a name other than the hostname of the machine itself, an imtest session
reveals the machine hostname rather than the interface name.
[EMAIL PROTECTED]:~> sudo sasldblistusers2
Password:
[EMAIL PROTECTED]: userPassword
[EMAIL PROTECTED]:~> host 192.168.0.2
2.0.168.192.IN-ADDR.ARPA domain name pointer mail.x.com
[EMAIL PROTECTED]:~> imtest -m login mail.x.com
S: * OK machine.x.com Cyrus IMAP4 v2.2.8 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS
ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT
THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN acc {3}
S: + go ahead
C: <omitted>
S: L01 NO Login failed: user not found
Authentication failed. generic failure
Security strength factor: 0
. LOGOUT
* BYE LOGOUT received
. OK Completed
Connection closed.
[EMAIL PROTECTED]:~>
- --
Anthony Chavez http://www.anthonychavez.org/
mailto:[EMAIL PROTECTED] jabber:[EMAIL PROTECTED]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
iD8DBQFBT5H2bZTbIaRBRXERApnEAJ9/4Uf2eYOjw+1YiXzaz43L2ZX5NQCfRS68
TAxdVfEBK+A44ptwPPFq3BM=
=7WDH
-----END PGP SIGNATURE-----
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
