Date: Sat, 22 Sep 2007 16:18:34 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Andrea Venturoli <ml@netfence.it> Cc: freebsd-ports@freebsd.org Subject: Re: sendmal + cyrus imap + ckuser Message-ID: <46F5324A.3030509@infracaninophile.co.uk> In-Reply-To: <46F52222.8040503@netfence.it> References: <46F52222.8040503@netfence.it>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Andrea Venturoli wrote:
> I apologize if this is considered OT.
>
> I've got a primary mailserver with sendmail+cyrus and two backup
> mailservers which forward messages to the primary.
>
> In order to allow for rejection at the SMTP dialogue level, I started
> using ckuser_cyrus.m4 (which comes with the sendmail port).
> The primary mailserver now does this fine; however I don't know how to
> configure the other ones to do this as well.
>
> Ideally I'd like sendmail to check with the primary for mailbox
> existance via TCP, but another solution would be to configure the
> cyrusv2 mailer on the backup servers too, but making it talk to cyrus
> imapd on the primary.
This isn't really a question for freebsd-ports, but...
The way to do this is to configure the cyrus smmapd to listen on
a network port -- something like this in /usr/local/etc/cyrus.conf
# Sendmail socket map daemon
smmapd cmd="smmapd" listen="192.168.1.1:smmap" prefork=1
smmapdunix cmd="smmapd" listen="/var/imap/socket/smmapd" prefork=1
Then you can tell your 2ary sendmails to use that to check for
mailbox existence and quota availability -- in /etc/mail/`hostname`.mc:
FEATURE(`ckuser_cyrus', `inet:smmap@your.mail.server')dnl
You'll have to choose what port smmapd will use: I added a line like
this to /etc/services:
smmap 10026/tcp # Sendmail Socket Map
Oh, and I'd be wary of exposing the smmapd port on the internet:
either arrange for your 1ary and 2ary mailers to have a private
back-end network they can communicate on, or have fun with
firewalling and/or VPNs.
Making your 2ary machines speak LMTP to cyrus on your mail box server
involves very similar tweaks. You'll need something like this in your
.mc file:
define(`confLOCAL_MAILER', `cyrusv2')dnl
define(`CYRUSV2_MAILER_ARGS', `TCP your.mail.server lmtp')dnl
dnl
dnl Mailer definitions
dnl
MAILER(local)
MAILER(smtp)
MAILER(cyrusv2)
and again, you'll have to decide what port LMTP listens on and set up
cyrus.conf so lmtpd is listening on a network interface, and protect
the LMTP daemon from abuse. The '-a' flag to lmtpd is very handy in
this situation: saves lots of hair loss trying to make authentication
work...
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFG9TJK8Mjk52CukIwRCJu2AJ99hr1k0FOpnws678AF6CU1fQ/6NgCfTmwv
ucx5YjKjSkDOeouGzwEj57w=
=Rrz4
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46F5324A.3030509>