Cyrus Postfix SASL Auth SMTP MySQL Always Authenticate multiple mech_list

[Eugene van der Merwe]

I am trying to create a destination NAT SMTP intercept server. I need this
because for SPAM reporting our upstream are providing our NAT gateway IPs
instead of our client's internal network IPs and now they are blocking us.

Our clients use many authentication methods, including plain and cram-md5.
Ideally I want to support these mech_list:
plain login digest-md5 cram-md5

I install the auxprop_plugin: sql and I pipe requests to the MySQL. But the
MySQL insists on checking the password. I tried manipulating the MySQL to
always return true but this seems impossible.

What I would like to know is how to use Cyrus SASL Auth redirection to
always authenticate the SMTP user regardless of username and password.

My workaround for now is to use just 'plain' and this works quite well but I
suspect Exchange server are reporting EHLO problems and I can see cram-md5
failures.

My platform is Ubuntu 8.04 32-bit using standard .DEB files.

kind regards,

Eugene van der Merwe
Founder and CEO
Snowball Effect
+27 (0)21 880-2228
+27 (0)82 309-6710




-- Forwarded message --
From: Andrew Morgan mor...@orst.edu
Date: 3 February 2010 19:26
Subject: Re: trouble with sieve and cyrus murder
To: Carlos Ricardo Bernal Veiga crbve...@gmail.com
Cc: info-cyrus@lists.andrew.cmu.edu


On Wed, 3 Feb 2010, Carlos Ricardo Bernal Veiga wrote:

 Ohhh Thank you Dan, this parameter worked really good in our Webmail, and
so
 sorry for my english, We are studying the cyrus murder to deploy in our
 company, do you know about some success case with murder?? We have about
 seventy thousand accounts and we want know more about this project...

We run Cyrus with Murder at Oregon State University for over 30,000 users.
I don't know if there is any practical limit on the number of mailboxes
Cyrus Murder can support, but it must be a lot larger than 30,000 or
70,000.  We support these users with only 3 backends and 3 frontends.
It's all a matter of giving your Cyrus servers enough I/O.

   Andy

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Cyrus Postfix SASL Auth SMTP MySQL Always Authenticate multiple mech_list

[Dan White]

On 03/02/10 20:09 +0200, Eugene van der Merwe wrote:
I am trying to create a destination NAT SMTP intercept server. I need this
because for SPAM reporting our upstream are providing our NAT gateway IPs
instead of our client's internal network IPs and now they are blocking us.

Our clients use many authentication methods, including plain and cram-md5.
Ideally I want to support these mech_list:
plain login digest-md5 cram-md5

I install the auxprop_plugin: sql and I pipe requests to the MySQL. But the
MySQL insists on checking the password. I tried manipulating the MySQL to
always return true but this seems impossible.

What I would like to know is how to use Cyrus SASL Auth redirection to
always authenticate the SMTP user regardless of username and password.

My workaround for now is to use just 'plain' and this works quite well but I
suspect Exchange server are reporting EHLO problems and I can see cram-md5
failures.

Eugene,

Are these your customers? Where do they normally authenticate to when your
intercept server is not in place? Do you have a central authentication
setup (such as a central mysql database) that you can use on the intercept
server?

-- 
Dan White

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html