sendmal + cyrus imap + ckuser
m.seaman at infracaninophile.co.uk
Sat Sep 22 08:18:42 PDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Andrea Venturoli wrote:
> I apologize if this is considered OT.
> I've got a primary mailserver with sendmail+cyrus and two backup
> mailservers which forward messages to the primary.
> In order to allow for rejection at the SMTP dialogue level, I started
> using ckuser_cyrus.m4 (which comes with the sendmail port).
> The primary mailserver now does this fine; however I don't know how to
> configure the other ones to do this as well.
> Ideally I'd like sendmail to check with the primary for mailbox
> existance via TCP, but another solution would be to configure the
> cyrusv2 mailer on the backup servers too, but making it talk to cyrus
> imapd on the primary.
This isn't really a question for freebsd-ports, but...
The way to do this is to configure the cyrus smmapd to listen on
a network port -- something like this in /usr/local/etc/cyrus.conf
# Sendmail socket map daemon
smmapd cmd="smmapd" listen="192.168.1.1:smmap" prefork=1
smmapdunix cmd="smmapd" listen="/var/imap/socket/smmapd" prefork=1
Then you can tell your 2ary sendmails to use that to check for
mailbox existence and quota availability -- in /etc/mail/`hostname`.mc:
FEATURE(`ckuser_cyrus', `inet:smmap at your.mail.server')dnl
You'll have to choose what port smmapd will use: I added a line like
this to /etc/services:
smmap 10026/tcp # Sendmail Socket Map
Oh, and I'd be wary of exposing the smmapd port on the internet:
either arrange for your 1ary and 2ary mailers to have a private
back-end network they can communicate on, or have fun with
firewalling and/or VPNs.
Making your 2ary machines speak LMTP to cyrus on your mail box server
involves very similar tweaks. You'll need something like this in your
define(`CYRUSV2_MAILER_ARGS', `TCP your.mail.server lmtp')dnl
dnl Mailer definitions
and again, you'll have to decide what port LMTP listens on and set up
cyrus.conf so lmtpd is listening on a network interface, and protect
the LMTP daemon from abuse. The '-a' flag to lmtpd is very handy in
this situation: saves lots of hair loss trying to make authentication
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the freebsd-ports