lmtp delivery to cyrus store over unix socket requires /etc/hosts.allow entry. why?

Tue, 18 Oct 2005 10:19:19 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

hi all,

first -- i'd posted this 1st on exim-users, suspecting it may be an exim issue, 
but the thinking
is that it may well be a cyrus issue, or prehaps OSX ...


that said, i'm delivering to my cyrus-imap (CVS) store using an lmtp socket 
transport from exim
4.54:

cyrus_lmtp_unixsock:
    debug_print             = "EXIM-DEBUG [T:cyrus_lmtp_unixsock] for [EMAIL 
PROTECTED]"
    driver                  = lmtp
    socket                  = /var/MailServer/Process/lmtp.socket
    envelope_to_add
    user                    = MY_USER


cyrus.conf is configured with:

    lmtpunix     cmd="lmtpd -a  -C /var/MailServer/Conf/imapd.conf"
listen="/var/MailServer/Process/lmtp.socket" prefork=2


on delivery attempt, my EXIM log shows a failed attempt, indicating that the 
LMTP connection is
closed:

        2005-10-17 20:35:14 -0700 IOJDYN-0000FT-OY == [EMAIL 
PROTECTED]@testdomain.com
<[EMAIL PROTECTED]> R=cyrus_localuser T=cyrus_lmtp_unixsock defer (-1): LMTP 
connection
closed after initial connection

and syslog shows:

        Oct 17 20:35:14 devbox CYRUS/lmtpunix[564]: refused connection from 
0.0.0.0

after a bit of thrashing around, i find that if i add to /etc/hosts.allow

        lmtpunix : 0.0.0.0

delivery completes successfully!

now, cyrus IS config'd/built "--with-libwrap", so i can use tcpwrappers to 
secure my OTHER cyrus
services (imap, imaps, sieve, etc) which are running on TCPSockets ...

QUESTION:  why is a hosts.allow entry required in the 1st place for lmtpunix 
transport over a
UNIXsocket?

and, why "0.0.0.0" for localhost, rather than 127.0.0.1 or 'localhost' in 
hosts.allow?

the suggestion on exim-users (thx Tony!) is that:

    the code looks like it won't call tcpwrappers for Unix domain sockets.

    BUT, if the kernel 'lies' to it and returns the wrong kind of socket 
address from
getpeername() then Cyrus will do the wrong thing.


thanks for any/all clarification!

cheers,

richard


- --

/"\
\ /  ASCII Ribbon Campaign
 X   against HTML email, vCards
/ \  & micro$oft attachments

[GPG] OpenMacNews at gmail dot com
fingerprint: 780A 5C81 D446 C616 B113  AA3A 9BF4 3736 88A5 678E
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (Darwin)

iEYEAREDAAYFAkNVI7oACgkQm/Q3NoilZ467uACffdE79XLZ4cyT6t+A8JAr10ih
eg4Anil6XuL6WkWqRn/JuLtVzlW//B/l
=LanL
-----END PGP SIGNATURE-----

----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Reply via email to