Well, I did not make any discoveries. I was trying not to make everyone look at my configs but that seems to be my next step.
FILE: /etc/saslauthd.conf ------------------------------------------------------ ldap_servers: ldap://ldap.example.com <http://ldap.xample.com> ldap_search_base: ou=people,dc=example,dc=com ldap_filter: uid=%U FILE: /etc/cyrus.conf ------------------------------------------------------ START { # do not delete this entry! recover cmd="ctl_cyrusdb -r" } SERVICES { # add or remove based on preferences imap cmd="imapd" listen="imap" prefork=5 imaps cmd="imapd -s" listen="imaps" prefork=1 # these are only necessary if receiving/exporting usenet via NNTP # these are only necessary if using HTTP for CalDAV, CardDAV, or RSS # at least one LMTP is required for delivery lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1 # this is only necessary if using notifications } EVENTS { # this is required checkpoint cmd="ctl_cyrusdb -c" period=30 # this is only necessary if using duplicate delivery suppression, # Sieve or NNTP delprune cmd="cyr_expire -E 3" at=0400 # Expire data older than 28 days. deleteprune cmd="cyr_expire -E 4 -D 28" at=0430 expungeprune cmd="cyr_expire -E 4 -X 28" at=0445 # this is only necessary if caching TLS sessions tlsprune cmd="tls_prune" at=0400 } DAEMON { # this is only necessary if using idled for IMAP IDLE } FILE: /etc/cyrus.conf ------------------------------------------------------ admins: cyrus configdirectory: /var/lib/imap proc_path: /var/lib/imap/proc mboxname_lockpath: /var/lib/imap/lock duplicate_db_path: /var/lib/imap/db/deliver.db ptscache_db_path: /var/lib/imap/db/ptscache.db statuscache_db_path: /var/lib/imap/db/statuscache.db tls_sessions_db_path: /var/lib/imap/db/tls_sessions.db defaultpartition: default partition-default: /var/spool/imap sievedir: /var/lib/imap/sieve lmtpsocket: /var/lib/imap/socket/lmtp idlesocket: /var/lib/imap/socket/idle notifysocket: /var/lib/imap/socket/notify syslog_prefix: cyrus hashimapspool: true virtdomains: off popminpoll: 1 conversations: 1 conversations_db: twoskip specialusealways: 1 allowplaintext: 0 sasl_pwcheck_method: saslauthd sasl_auto_transition: no tls_server_cert: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_server_key: /etc/pki/cyrus-imapd/cyrus-imapd.key tls_client_ca_dir: /etc/ssl/certs tls_session_timeout: 1440 tls_ciphers: TLSv1+HIGH:!aNULL:!eNULL:!LOW:!MD5:!EXPORT:!DES:!3DES:!RC4:@STRENGTH tls_prefer_server_ciphers: 1 tls_versions: tls1_2 allowanonymouslogin: no serverinfo: off *Test login results:* Test SaslAuthd ------------------------------------------------------ ~$ testsaslauthd -u testuser -p 'NOT_FOR_DISPLAY' 0: OK "Success." Test imap ------------------------------------------------------ ~$ imtest -m login -u testuser -a testuser -t "" localhost S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS LOGINDISABLED AUTH=GSS-SPNEGO AUTH=GSSAPI SASL-IR] server ready C: S01 STARTTLS S: S01 OK Begin TLS negotiation now verify error:num=18:self signed certificate TLS connection established: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) C: C01 CAPABILITY S: * CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SEARCH=FUZZY SORT SORT=MODSEQ SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT THREAD=REFERENCES THREAD=REFS ANNOTATEMORE ANNOTATE-EXPERIMENT-1 METADATA LIST-EXTENDED LIST-STATUS LIST-MYRIGHTS LIST-METADATA WITHIN QRESYNC SCAN XLIST XMOVE MOVE SPECIAL-USE CREATE-SPECIAL-USE DIGEST=SHA1 X-REPLICATION URLAUTH URLAUTH=BINARY AUTH=GSS-SPNEGO AUTH=GSSAPI AUTH=PLAIN AUTH=LOGIN SASL-IR XCONVERSATIONS COMPRESS=DEFLATE X-QUOTA=STORAGE X-QUOTA=MESSAGE X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS IDLE S: C01 OK Completed Please enter your password: C: L01 LOGIN testuser {9} S: + go ahead C: <omitted> S: L01 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SEARCH=FUZZY SORT SORT=MODSEQ SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT THREAD=REFERENCES THREAD=REFS ANNOTATEMORE ANNOTATE-EXPERIMENT-1 METADATA LIST-EXTENDED LIST-STATUS LIST-MYRIGHTS LIST-METADATA WITHIN QRESYNC SCAN XLIST XMOVE MOVE SPECIAL-USE CREATE-SPECIAL-USE DIGEST=SHA1 X-REPLICATION URLAUTH URLAUTH=BINARY LOGINDISABLED AUTH=GSS-SPNEGO AUTH=GSSAPI AUTH=PLAIN AUTH=LOGIN XCONVERSATIONS COMPRESS=DEFLATE X-QUOTA=STORAGE X-QUOTA=MESSAGE X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS IDLE] User logged in SESSIONID=<cyrus-422568-1602786511-1-7349358803894201420> Authenticated. Security strength factor: 256 ^CC: Q01 LOGOUT Connection closed. Test LMTP ------------------------------------------------------ ~$ sudo -u postfix swaks --to [email protected] --socket /var/lib/imap/socket/lmtp --protocol LMTP [sudo] password for XXXXXXXX: === Trying /var/lib/imap/socket/lmtp... === Connected to /var/lib/imap/socket/lmtp. <- 220 XXXXXXXXXXXXXXXXXXXXXXXXXX server ready -> LHLO XXXXXXXXXXXXXXXXXXXXXXXXXX <- 250-XXXXXXXXXXXXXXXXXXXXXXXXXX <- 250-8BITMIME <- 250-ENHANCEDSTATUSCODES <- 250-PIPELINING <- 250-SIZE <- 250-AUTH EXTERNAL <- 250-IGNOREQUOTA <- 250 Ok SESSIONID=<cyrus-422719-1602786735-1-4293443568200236992> -> MAIL FROM:<postfix@XXXXXXXXXXXXXXXXXXXXXXXXXX> <- 250 2.1.0 ok -> RCPT TO:<[email protected]> <** 550-Mailbox unknown. Either there is no mailbox associated with this <** 550-name or you do not have authorization to see it. <** 550 5.1.1 User unknown -> QUIT <- 221 2.0.0 bye === Connection closed with remote host. *Notes*: I did notice a difference in the LMTP response from our current production system. The current production system includes the following in the response: <- 250-STARTTLS I do not see that on the new system (Response shown above) with the same configuration. Curious why or if that has anything to do with it. I am using a self-signed cert on the new system for testing purposes. Is that why? Do I need to tell LMTP to accept the cert somehow? Thanks -Ez On Thu, Oct 15, 2020 at 9:32 AM Ezsra McDonald <[email protected]> wrote: > Sebastian, > Thank you for the response. > > I have never heard of this tool but it looks interesting. I will give it a > try. > > Will let you all know if I find anything. > > -Ez > > > On Thu, Oct 15, 2020 at 9:28 AM Sebastian Hagedorn <[email protected]> > wrote: > >> >> Am 15.10.20 um 15:49 schrieb Ezsra McDonald: >> > I wonder if there is a way to test LMTP manually to verify LMTP can see >> > the imap accounts? I have not done much with LMTP because it always >> > worked for us in the past. >> >> My favorite tool for mail delivery testing is swaks. You can test LMTP >> this way: >> >> swaks --to YOUR-TEST-USER --socket /var/lib/imap/socket/lmtp --protocol >> LMTP >> >> -- >> .:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:. >> .:.Regionales Rechenzentrum (RRZK).:. >> .:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:. >> >> ------------------------------------------ Cyrus: Info Permalink: https://cyrus.topicbox.com/groups/info/T11ac789bb1e97f39-M805fa17aba80742b308a908a Delivery options: https://cyrus.topicbox.com/groups/info/subscription
