Author: TN Date: To: Pat Lashley CC: Exim Users Mailing List Subject: Re: [Exim] Re: rcpt_include_affixes not working for me
Pat Lashley wrote:
> It is in the 'Cyrus IMAP Server FAQ' under 'plus addressing'.
> (Or at least it is for Cyrus imapd 2.2; I'm not sure about
> earlier versions.)
>
> ok, thanks. I think I'll make a suggestion to the cyrus guys to put it
in the docs section "Administering Mailboxes' which I think is a better
place than FAQ's.
> Note that folder base ACLs are inherited from their parent, with
> some exceptions when inheriting from INBOX. So if you're nesting
> the detail folders, you shouldn't have to set the ACL on each of
> them, just on the ones that are directly under INBOX.
>
> (Of course, if you're trying to set up INBOX.spam mailboxes for
> a bunch of users, that doesn't help...)
> OK, thats good to know for future possibilities.
Here comes the embarrassing part for me. I am very hazy about the
difference between authorization vs authentication in the context of
exim. To make exim deliver to cyrus, I've always had 'lmtp -a' for
pre-authorization in cyrus' conf, otherwise I get deferment messages in
my logs like:
2004-01-15 14:45:06 1AgyRO-0000xm-Bm == tnuro+test@???
R=local_user_cyrus T=local_delivery_cyrus defer (0): SMTP error from
remote mailer after MAIL FROM:<tnuro@???> SIZE=2230: host
localhost [127.0.0.1]:
430 Authentication required
(I've made text changes to the domains to protect me from spam & SCO!,
but nothing to the other data)
Is this a sensible thing to do ? Does it interfere with
authenticated_sender somehow?
Here's an imtest readout (with text changes to domains again):
testbox:/etc# imtest -u tnuro -a tnuro localhost
S: * OK testbox.mydomain.com Cyrus IMAP4 v2.1.16-IPv6-Debian-2.1.16-3
server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE LISTEXT LIST-SUBSCRIBED
ANNOTATEMORE
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN tnuro {4}
S: + go ahead
C: <omitted>
S: L01 OK User logged in
Authenticated.
Security strength factor: 0
What confuses me is that I see no AUTH capability in this list, yet I
can still authenticate. If I telnet into the LMTP port (as I've detailed
in my previous postings), it also shows no AUTHentication mechanisms
either. From my limited knowledge of lmtp, my understanding is that
unless I pre-authorize with 'lmtp -a', i need to authenticate with AUTH=
during the conversation with lmtp. However, I see no AUTH mechanisms in
my lmtp readout.
I'm using sasl, with the following options:
admins: cyrus
allowplaintext:yes
sasl_mech_list:PLAIN
sasl_pwcheck_method:saslauthd
In a nutshell, if I use pre-authorize on lmtp, mail can be delivered
into the inbox, or to subboxes as long as the acl's permit it. If I
don't pre-authorize, I get deferment of all mail.
What I want to happen is for email to be able to be delivered into
subfolders regardless of acl's using the authenticated_sender option in
exim. How can this be done ?
