Re: removing banners from cyrus
> What is the procedure for removing the banners from Cyrus? I am sure > this involves edition a source file and recompiling I hust haven't > seen this documented anywhere. If someone could advise. Thanks Banners Cyrus ??? Cyrus doesnt have banners ? Does it ? Are you sure it is not your MTA which is probably where banners should be removed anyway ? -- Simon
Re: removing banners from cyrus
The "+OK %s Cyrus POP3 v2.0.15 server ready" banner can be changed by editing line 323 in /src/cyrus-imapd-2.0.15/imap/pop3d.c On Tuesday 02 April 2002 10:06, you wrote: > > What is the procedure for removing the banners from Cyrus? I am sure > > this involves edition a source file and recompiling I hust haven't > > seen this documented anywhere. If someone could advise. Thanks > > Banners Cyrus ??? Cyrus doesnt have banners ? Does it ? > > Are you sure it is not your MTA which is probably where banners > should be removed anyway ?
Re: marking a message as read...
> Going from the old mbox format to cyrus i found only one thing that > kinda annoys me, how you CANNOT mark a message as read. > > Got a few users who hold about 500meg of messages each and i'm > wondering if it's possible to mark a message as read. As far as i can > tell i dont see anything in the cyrus userdirs with that ability. Was > wondering if anything was in the works? or should i just tell em to > delete their damned old mail? YOu can use the X-Status header in the mail to see UW-Imap status settings and set them via IMAP calls. HTH -- Simon
Postfix/Procmail/Cyrus-Imap
Hello, As I have some problem to have Sieve working (no documentation) I'll try to use Procmail My question is With Postfix The mail must be first processed by Procmail. Thus I suppose I uncomment the following line in /etc/postfix/main.cf: mailbox_command = /usr/bin/procmail Then the mail is transferred to Cyrus for delivery mailbox_transport = cyrus Is it enough? Nothing else to do? Except creating .procmailrc of course. -- Alain Barthélemy [EMAIL PROTECTED] http://bartydeux.gminfomatique.com
createfolders-script
Hi,
I tried to use the script "createfolders" as it can be found in the O'Reilly
IMAP-book from D. and K. Mullet. Starting the script it tells me:
Undefined subroutine &Cyrus::IMAP::Shell::cyradm_usage called at
/usr/local/lib/perl5/site_perl/5.005/i586-linux//Cyrus/IMAP/Shell.pm line
426.
/usr/local/bin/createfolders: puts: command not found
/usr/local/bin/createfolders: line 26: syntax error near unexpected token
`}'
/usr/local/bin/createfolders: line 26: `} else {'
I use the IMAP-perl-library under Cyrus 2.0.14.
Any idea?
Thanks,
Gruss
Ch. Krempe
Freie Universitaet Berlin Christoph Krempe
Universitaetsbibliothek
- Rechenzentrum - Systemverwaltung
Garystrasse 39
14195 Berlin
Germany Tel: +0049/30/838 54583
Fax: +0049/30/838 54582
e-mail: [EMAIL PROTECTED]
URL:http://www.ub.fu-berlin.de/~ck
Cyrus IMAP/Sendmail Security configuration - Sanity Check?
Securing Sendmail with Cyrus - Sanity Check: I've configured sendmail 8.12.2, to "RunAsUser" user -> "cyrus" rather than "root". Please look over the following "sendmail.cf" excerpts and directory ownership and permissions. Do these configs make sense? Is this environment Secure? What other recommendations are suggested? . . . # what user id do we assume for the majority of the processing? O RunAsUser=cyrus . . . Mlocal, P=/usr/bin/procmail, F=lsDFMAw5:/|@qSPfhn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, U=root:cyrus, T=DNS/RFC822/X-Unix, A=procmail -Y -a $h -d $u . . . ## ### Cyrus Mailer specification ### ## # $Id: cyrus.m4,v 8.22 2000/09/02 17:46:43 ca Exp $ (Carnegie Mellon) # Mcyrus, P=/usr/cyrus/bin/deliver, F=lsDFMnPqAh5@/:|, S=EnvFromL, R=EnvToL/HdrToL, U=cyrus:mail, T=DNS/RFC822/X-Unix, A=deliver -e -m $h -- $u Mcyrusbb, P=/usr/cyrus/bin/deliver, F=lsDFMnPu, S=EnvFromL, R=EnvToL/HdrToL, U=cyrus:mail, T=DNS/RFC822/X-Unix, A=deliver -e -m $u Mcyrus, P=[IPC], F=lsDFMnqA@/:|SmXz, E=\r\n, S=EnvFromL, R=EnvToL/HdrToL, T=DNS/RFC822/X-Unix, A=FILE /var/imap/socket/lmtp . . . Queue Directory permissions: drwxrwx---2 cyrusmail 4096 Apr 1 09:17 clientmqueue drwxr-x---4 cyrusmail 4096 Mar 25 16:31 imap drwxr-x---3 cyrusmail 4096 Mar 26 08:57 imap-news drwx--2 cyrusamavis 4096 Apr 1 13:57 mqamavis drwx--2 root cyrus4096 Dec 10 11:28 mqueue I know that the above configuration works however, I'm specifically, curious about the "local mailer" -> "procmail" configuration. Is a potential security hole created by executing the local mailer as "root"? Your assistance in this matter is appreciated - Thanks! RB
Cyrus IMAP/SASLV2 -> salsauthd -> PAM -> LDAP; indexing uid?
I have Cyrus IMAP 2.1.3 + SASLV2 2.1.2 deployed and clients authenticate via "saslauthd" with auth mechanism "PAM" which in turn looks into "/etc/pam.d/imap" utilizing module "pam_ldap-140" to check an LDAP repository (OpenLDAP 2.0.23). The PAM module "pam_ldap" interrogates the LDAP schema via the "uid" attribute and if a matching "uid" is found passes the "userPassword" attribute value to PAM for password verification. To provide for lookup efficiency, I configured LDAP to -> "index uid eq" However, with indexing on attribute "uid" set, authentication fails. If LDAP attribute "uid" is not indexed, authentication is successful. Any ideas of what could be occurring? What maybe ill-configured? RB
Re: Starting master on Mac OS X
On Monday, April 1, 2002, at 11:52 PM, Michael Bartosh wrote:
> At 11:23 PM -0500 4/1/02, Kevin Bond wrote:
>>
>> I am having an odd problem using 2.1.3 in Mac OS X.
>
> Hi-
>
> You might try telling cyrus to sleep for 30-60 before you start it.
> This worked for me with 2.0.16. Are you giving it its own startup item?
>
Here is the plist I use:
{
Description = "Cyrus IMAP server";
Provides = ("IMAP");
Requires = ("Resolver","NetInfo","Disks","Network","System Log");
Uses = ("Network Time");
OrderPreference= "Late";
Messages =
{
start = "Starting Cyrus";
stop = "Stopping Cyrus";
};
}
> Set the order to last, and make it require a late startup item.
>
I can't make it last, since I need the LMTP port to come up before
sendmail or I will get delivery failures for queued messages. I changed
the sendmail plist to depend on IMAP to make this order correct.
>
> On another note:
>
> Is cyradm working for you?
>
Yes, cyradm works fine.
> If so, could you send me your --configure and build environment
> (compiler flags, etc)? I'd greatly appreciate it.
>
I use the files from http://www.apache.org/~pier/macosx/ for OpenSSL,
libtool, automake and autoconf. I started using FINK but that turned
out to be more trouble than it was worth. The only thing I had to do to
make cyradm work was fix the build command lines to include a -L option
so that the sasl2 library was found.
The configuration lines are:
For sasl2.1.1:
./configure --with-statissasl --enable-otp --disable-gssapi
--enable-login --disable-krb4 --with-bdb-
libdir=/usr/local/BerkeleyDB.4.0/lib --with-bdb-
incdir=/usr/local/BerkeleyDB.4.0/include
For cyrus 2.1.3:
./configure --with-dbdir=/usr/local/BerkeleyDB.4.0
Using Pier's glibtoolize makes sasl build just fine. I did have to make
some patches to cyrus 2.1.3 which I have attached.
imap.diff
Description: Binary data
> I have to run 2.0.16 in order to use sasl 1.5.27, since 2.x doesn't
> work with OpenLDAP yet- but maybe you've done something I'm missing,
> since perl is perl, after all.
>
I am not currently using LDAP so I can't speak to the auxprop plugin
issue for that.
Re: removing banners from cyrus
This will take care of both the IMAP and POP3 banners? Nothing needs to be done to say .. imapd.c Thanks again At 11:01 AM 4/2/2002 +0100, Steve Wright wrote: >The "+OK %s Cyrus POP3 v2.0.15 server ready" banner can be changed by editing >line 323 in /src/cyrus-imapd-2.0.15/imap/pop3d.c > > >On Tuesday 02 April 2002 10:06, you wrote: > > > What is the procedure for removing the banners from Cyrus? I am sure > > > this involves edition a source file and recompiling I hust haven't > > > seen this documented anywhere. If someone could advise. Thanks > > > > Banners Cyrus ??? Cyrus doesnt have banners ? Does it ? > > > > Are you sure it is not your MTA which is probably where banners > > should be removed anyway ?
Re: removing banners from cyrus
Changing pop3d.c will only change the "+OK %s Cyrus POP3 v2.0.15 server
ready" banner.
If you want to change the imap banner, to the best of my knowledge you have
to change (in imapd.c) the "OK %s Cyrus IMAP4 %s server ready\r\n" line (same
as pop3d.c), the section containing the imap id (as per RFC2971)
prot_printf(imapd_out, "* ID ("
"\"name\" \"Cyrus\""
" \"version\" \"%s\""
" \"vendor\" \"Project Cyrus\""
" \"support-url\" \"http://asg.web.cmu.edu/cyrus\"";,
CYRUS_VERSION);
& there are a few entries specific to netscape.
Steve.
On Tuesday 02 April 2002 15:39, you wrote:
> This will take care of both the IMAP and POP3 banners? Nothing needs to be
> done to say .. imapd.c
>
> Thanks again
>
> At 11:01 AM 4/2/2002 +0100, Steve Wright wrote:
> >The "+OK %s Cyrus POP3 v2.0.15 server ready" banner can be changed by
> > editing line 323 in /src/cyrus-imapd-2.0.15/imap/pop3d.c
[no subject]
Hello! Who can tell me waht problem I have? delta pipe[862]: fatal: pipe_comand: execvp /cyrus/bin/deliver: No such file or directory delta postfix/pipe[861]: 6CD003E16: to=<[EMAIL PROTECTED]>, \ relay=cyrus, delay=1, status=bounced (Command died with status 1: "/cyrus/bin/deliver") "deliver" is in /usr/cyrus/bin. Has the message above something to do that there is a wrong pathinformation? greets -- Andreas Meyer http://home.wtal.de/MeineHomepage
Re: Starting master on Mac OS X
At 9:47 AM -0500 4/2/02, Kevin Bond wrote: >I can't make it last, since I need the LMTP port to come up before >sendmail or I will get delivery failures for queued messages. I >changed the sendmail plist to depend on IMAP to make this order >correct. Ahh- I start Postfix and Cyrus in the same item. I'd change MAILSERVER=-NO- in /etc/hostconfig, and roll your own startup item that includes cyrus and your MTA, starting late. I sleep master for 30- but again, I'm using an older version of cyrus-imapd. : > The only thing I had to do to make cyradm work was fix the build >command lines to include a -L option so that the sasl2 library was >found. I'll have to look at pier's stuff again. my build already finds sasl libs though, which makes the fact that cyradm can't see them odd. thanks! -- http://www.4am-media.com Mac OS X Consulting and Training Michael Bartosh [EMAIL PROTECTED] 303.517.0272 Denver, CO "The surest way to corrupt a youth is to instruct him to hold in higher regard those who think alike than those who think differently." - -- Nietzsche Think Different.
sieve and shared folders
Does anyone know of any problems using sieve scripts with Shared Folders? I have set altnamespace to yes and have normal user.name users with sieve working just fine. I also have a couple mailboxes in the shared space, but the scripts don't seem to be getting read. I have run the test program on them just to make sure the syntax is okay. Any help would be appreciated, Justin. -- -- Justin Wood [EMAIL PROTECTED] Systems Administrator FlipDog.com http://www.flipdog.com/ --
Re: removing banners from cyrus
I am confused as to what or why there are things specific to Netscape.
Perhaps I have left out the context of my question. I am trying to prevent
people doing recognizance banner grabbing for security reasons>
At 04:15 PM 4/2/2002 +0100, Steve Wright wrote:
>Changing pop3d.c will only change the "+OK %s Cyrus POP3 v2.0.15 server
>ready" banner.
>
>If you want to change the imap banner, to the best of my knowledge you have
>to change (in imapd.c) the "OK %s Cyrus IMAP4 %s server ready\r\n" line (same
>as pop3d.c), the section containing the imap id (as per RFC2971)
>
> prot_printf(imapd_out, "* ID ("
> "\"name\" \"Cyrus\""
> " \"version\" \"%s\""
> " \"vendor\" \"Project Cyrus\""
> " \"support-url\" \"http://asg.web.cmu.edu/cyrus\"";,
> CYRUS_VERSION);
>
>& there are a few entries specific to netscape.
>
>Steve.
>
>On Tuesday 02 April 2002 15:39, you wrote:
> > This will take care of both the IMAP and POP3 banners? Nothing needs to be
> > done to say .. imapd.c
> >
> > Thanks again
> >
> > At 11:01 AM 4/2/2002 +0100, Steve Wright wrote:
> > >The "+OK %s Cyrus POP3 v2.0.15 server ready" banner can be changed by
> > > editing line 323 in /src/cyrus-imapd-2.0.15/imap/pop3d.c
Re: Starting master on Mac OS X
On Tuesday, April 2, 2002, at 11:35 AM, Michael Bartosh wrote: >> The only thing I had to do to make cyradm work was fix the build >> command lines to include a -L option so that the sasl2 library was >> found. > > I'll have to look at pier's stuff again. > > my build already finds sasl libs though, which makes the fact that > cyradm can't see them odd. > Are you sure? The configuration for the perl subtree is different from the rest of the imapd tree. That is why my patch adds -L/usr/local/lib to the three Makefile.PL files. If you don't do this everything builds with some warnings in the Perl section about sasl2 but cyradm will not run. -kevin
Re: sieve and shared folders
> On Tue, 02 Apr 2002 09:47:23 -0700, > Justin Wood <[EMAIL PROTECTED]> (jw) writes: jw> Does anyone know of any problems using sieve scripts with Shared jw> Folders? I have set altnamespace to yes and have normal user.name jw> users with sieve working just fine. I also have a couple mailboxes jw> in the shared space, but the scripts don't seem to be getting read. jw> I have run the test program on them just to make sure the syntax is jw> okay. Sieve only works with real users (folder prefix of "user."). There has been some talk about how to approach this, but at least for me, nothing terribly satisfactory. One idea that seems to be the most straight forward to implement would be to use a pseudo-user for non-user folders. However, my concern with this is that I would not want to have *all* the non-user folders run through Sieve. If you've got a lot of Shared Folders it seems to me this would become a nasty bottleneck, but maybe not? Also, how do you then allow different individuals to edit a Sieve script for different Shared Folders if there is only one script under this one pseudo-user? -- Amos
Dumb Q
How do i quit this list =) Thanks, Matt
Re: Postfix/Procmail/Cyrus-Imap
Alain Barthélemy wrote: [..Procmail..] > With Postfix > The mail must be first processed by Procmail. Thus I suppose I > uncomment the following line in /etc/postfix/main.cf: > mailbox_command = /usr/bin/procmail Should be ignored if you set in master.cf for example: cyrus blabla flags=R user=cyrus argv=/path/to/procmail -p /path/to/.procmailrc > Then the mail is transferred to Cyrus for delivery > mailbox_transport = cyrus User cyrus gets the mail, yes. See above. > Is it enough? Nothing else to do? Except creating .procmailrc of > course. Maybe some funny permission problems with lmtp, but that's easy, if the rest of the stuff is working. :) Or your first testmails are going to Nirvana. Hint: Set procmail option VERBOSE=yes and the deliver command to /path/to/deliver -a username -m user.username.your.mailbox.here Thomas
Re: removing banners from cyrus
Clifford Thurber wrote:
>
> I am confused as to what or why there are things specific to Netscape.
> Perhaps I have left out the context of my question. I am trying to prevent
> people doing recognizance banner grabbing for security reasons>
If you think that having the vendor/version information in the banner is
a security problem, then you should tell us what you think the security
issues are, so they can be fixed. If its a config problem, then fix
your config ;-)
In any case, there are multiple places in the services where the
vendor/version string is used:
- In the banners for imapd, pop3d, lmtpd -- disable by editing the
source --
look for prot_printf(, "... ready\r\n", ,CYRUS_VERSION)
- imapd: ID command response -- disable with "imapidresponse: no" in
imapd.conf
- imapd: NETSCAPE command response -- not compiled by default
(--enable-netscapehack configure option)
- pop3d: IMPLEMENTATION capability -- disable by editing the source in
cmd_capa()
Ken
>
> At 04:15 PM 4/2/2002 +0100, Steve Wright wrote:
>
> >Changing pop3d.c will only change the "+OK %s Cyrus POP3 v2.0.15 server
> >ready" banner.
> >
> >If you want to change the imap banner, to the best of my knowledge you have
> >to change (in imapd.c) the "OK %s Cyrus IMAP4 %s server ready\r\n" line (same
> >as pop3d.c), the section containing the imap id (as per RFC2971)
> >
> > prot_printf(imapd_out, "* ID ("
> > "\"name\" \"Cyrus\""
> > " \"version\" \"%s\""
> > " \"vendor\" \"Project Cyrus\""
> > " \"support-url\" \"http://asg.web.cmu.edu/cyrus\"";,
> > CYRUS_VERSION);
> >
> >& there are a few entries specific to netscape.
> >
> >Steve.
> >
> >On Tuesday 02 April 2002 15:39, you wrote:
> > > This will take care of both the IMAP and POP3 banners? Nothing needs to be
> > > done to say .. imapd.c
> > >
> > > Thanks again
> > >
> > > At 11:01 AM 4/2/2002 +0100, Steve Wright wrote:
> > > >The "+OK %s Cyrus POP3 v2.0.15 server ready" banner can be changed by
> > > > editing line 323 in /src/cyrus-imapd-2.0.15/imap/pop3d.c
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: your mail
On Tue, Apr 02, 2002 at 05:14:15PM +0200, Andreas Meyer wrote: > Date: Tue, 2 Apr 2002 17:14:15 +0200 > From: Andreas Meyer <[EMAIL PROTECTED]> > To: cyrus <[EMAIL PROTECTED]> > X-Mailer: Sylpheed version 0.7.0 (GTK+ 1.2.9; i686-pc-linux-gnu) > > Hello! > > Who can tell me waht problem I have? > > delta pipe[862]: fatal: pipe_comand: execvp /cyrus/bin/deliver: No such file or >directory > delta postfix/pipe[861]: 6CD003E16: to=<[EMAIL PROTECTED]>, \ > relay=cyrus, delay=1, status=bounced (Command died with status 1: >"/cyrus/bin/deliver") > > "deliver" is in /usr/cyrus/bin. Has the message above something to > do that there is a wrong pathinformation? > > > greets Modify your master.cf to change to that /usr/cyrus/bin/deliver or /opt/cyrus or whatever you installed it under.
Re: removing banners from cyrus
Ken I am just interested in suppresing platform/version information when someone telnet to port 143. Just one more layer of security. If I understand you correctly I just need to add: "imapidresponse: no" to /etc/imapd.conf? This correct. >If you think that having the vendor/version information in the banner is >a security problem, then you should tell us what you think the security >issues are, so they can be fixed. If its a config problem, then fix >your config ;-) > >In any case, there are multiple places in the services where the >vendor/version string is used: > >- In the banners for imapd, pop3d, lmtpd -- disable by editing the >source -- > look for prot_printf(, "... ready\r\n", ,CYRUS_VERSION) >- imapd: ID command response -- disable with "imapidresponse: no" in >imapd.conf >- imapd: NETSCAPE command response -- not compiled by default >(--enable-netscapehack configure option) >- pop3d: IMPLEMENTATION capability -- disable by editing the source in >cmd_capa() > >Ken >
Re: Postfix/Procmail/Cyrus-Imap
On Tue, Apr 02, 2002 at 02:00:45PM +0200, Alain Barthlemy wrote: > > Hello, > > As I have some problem to have Sieve working (no documentation) I'll try to use >Procmail > > My question is > > With Postfix > > The mail must be first processed by Procmail. Thus I suppose I uncomment the >following line in /etc/postfix/main.cf: > > mailbox_command = /usr/bin/procmail > > Then the mail is transferred to Cyrus for delivery > > mailbox_transport = cyrus > > Is it enough? Nothing else to do? Except creating .procmailrc of course. As a postfix user, i'll be honest i have procmail enabled and guess what. now i get relay=cyrus. You cannot run TWO delivery methods in postfix. What you can do is in master.cf you can create your own rule and script to run it thru procmail first, and then use /usr/cyrus/bin/deliver to deliver the mail. But as of default, master.cf can only do one method, not two. sorry.
Re: Postfix/Procmail/Cyrus-Imap
Is there a way to execute promail for only one user ? I mean, set an alias at /etc/aliases point it to procmail and then, at procmailrc file set filters rules? I have been trying that way but no success! Thanks - sandra
Re: removing banners from cyrus
Clifford Thurber wrote: > > Ken I am just interested in suppresing platform/version information when > someone telnet to port 143. Just one more layer of security. But by doing this, you're implying that there is a security hole in the Cyrus server which can be exploited if the hacker discovers the vendor/version info. Is there some known security hole in Cyrus that isn't in other servers. Even if there is, I don't think that the lack of info in the banner is going to stop a hacker from trying the exploit anyway. Furthermore, a good hacker intent on finding Cyrus servers could also detect them by look for known response strings from commands, etc. > If I understand you correctly I just need to add: > > "imapidresponse: no" > > to /etc/imapd.conf? > > This correct. No. This will only suppress the response for an ID command. If you don't want the vendor/version info in the banner, you'll have to edit the source. > > >If you think that having the vendor/version information in the banner is > >a security problem, then you should tell us what you think the security > >issues are, so they can be fixed. If its a config problem, then fix > >your config ;-) > > > >In any case, there are multiple places in the services where the > >vendor/version string is used: > > > >- In the banners for imapd, pop3d, lmtpd -- disable by editing the > >source -- > > look for prot_printf(, "... ready\r\n", ,CYRUS_VERSION) > >- imapd: ID command response -- disable with "imapidresponse: no" in > >imapd.conf > >- imapd: NETSCAPE command response -- not compiled by default > >(--enable-netscapehack configure option) > >- pop3d: IMPLEMENTATION capability -- disable by editing the source in > >cmd_capa() > > > >Ken > > -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Kerberos authorization methods
I'm trying to move my Cyrus installation to a complete Kerberos V install. I have SASL working w/ Sendmail, OpenLDAP & KerberosV and it appears to be working fine. The question: Has anyone implemented KerberosV authorization methods for Cyrus IMAP (lib/auth_krb5.c) in either 2.0.x or 2.1.x?? If not I'm willing to undertake the process. Any comments or suggestions before I start into this?? Any pointers for parsing principals in Kerberos V?? Thanks Paul --- Paul Fleming [EMAIL PROTECTED] SIU School of Medicine Springfield IL
Re: removing banners from cyrus
On Tue, 2002-04-02 at 13:26, Ken Murchison wrote: > > > Clifford Thurber wrote: > > > > Ken I am just interested in suppresing platform/version information when > > someone telnet to port 143. Just one more layer of security. > > But by doing this, you're implying that there is a security hole in the > Cyrus server which can be exploited if the hacker discovers the > vendor/version info. Is there some known security hole in Cyrus that > isn't in other servers. Even if there is, I don't think that the lack > of info in the banner is going to stop a hacker from trying the exploit > anyway. Furthermore, a good hacker intent on finding Cyrus servers > could also detect them by look for known response strings from commands, > etc. > Ah yes, the old "security through obscurity" game. From what I've seen eliminating the server type and version has no affect on whether a cracker can exploit any weakness that an application has. And that's because the vast majority of attacks aren't done in what one would consider an intelligent manner. The attacker doesn't examine services to figure out if they are vulnerable or not. He/she simply runs a script that attempts to exploit all known vulnerabilities. So hiding the fact that you are running a certain version of Sendmail, or Cyrus, or whatever doesn't generally help. The attack scripts that I've recovered from cracked boxes (that were then used to try to crack other boxes) just had a big list of things to try. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ Jim Levie email: [EMAIL PROTECTED] Dynetics Inc, Huntsville, Al Ph.256.964.4337 The opinions expressed above are just that...
Re: removing banners from cyrus
as far as I've seen eliminating version banners causes more problems becouse it makes it harder for the sysadmins to check what version is running (you can try to keep records, but we all know that records don't always agree with reality) so you end up being more likly to be running a bad version then if you could check. David Lang On 2 Apr 2002, Jim Levie wrote: > Date: 02 Apr 2002 13:59:18 -0600 > From: Jim Levie <[EMAIL PROTECTED]> > To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> > Subject: Re: removing banners from cyrus > > On Tue, 2002-04-02 at 13:26, Ken Murchison wrote: > > > > > > Clifford Thurber wrote: > > > > > > Ken I am just interested in suppresing platform/version information when > > > someone telnet to port 143. Just one more layer of security. > > > > But by doing this, you're implying that there is a security hole in the > > Cyrus server which can be exploited if the hacker discovers the > > vendor/version info. Is there some known security hole in Cyrus that > > isn't in other servers. Even if there is, I don't think that the lack > > of info in the banner is going to stop a hacker from trying the exploit > > anyway. Furthermore, a good hacker intent on finding Cyrus servers > > could also detect them by look for known response strings from commands, > > etc. > > > Ah yes, the old "security through obscurity" game. From what I've seen > eliminating the server type and version has no affect on whether a > cracker can exploit any weakness that an application has. And that's > because the vast majority of attacks aren't done in what one would > consider an intelligent manner. The attacker doesn't examine services to > figure out if they are vulnerable or not. He/she simply runs a script > that attempts to exploit all known vulnerabilities. So hiding the fact > that you are running a certain version of Sendmail, or Cyrus, or > whatever doesn't generally help. The attack scripts that I've recovered > from cracked boxes (that were then used to try to crack other boxes) > just had a big list of things to try. > -- > =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ > Jim Levie email: > [EMAIL PROTECTED] > Dynetics Inc, Huntsville, Al Ph.256.964.4337 > The opinions expressed above are just that... >
Re: Starting master on Mac OS X
At 11:59 AM -0500 4/2/02, Kevin Bond wrote: >The configuration for the perl subtree is different from the rest of >the imapd tree. Ahh. Neat. I'll have to look at it- see if I can get the theory of the patch into sasl 1.5.27 / imapd 2.0.16. -- http://www.4am-media.com Mac OS X Consulting and Training Michael Bartosh [EMAIL PROTECTED] 303.517.0272 Denver, CO "The surest way to corrupt a youth is to instruct him to hold in higher regard those who think alike than those who think differently." - -- Nietzsche Think Different.
Re: removing banners from cyrus
OK using your logic I will deduce that since anything on a network can be hacked into I should not attempt to take any security precautions. Security is applied in layers and the more layers the better. My question was not intended to start a thread regarding security practices as that is not the design of this list. We should drop it. I asked a question and got an answer. At 01:59 PM 4/2/2002 -0600, Jim Levie wrote: >On Tue, 2002-04-02 at 13:26, Ken Murchison wrote: > > > > > > Clifford Thurber wrote: > > > > > > Ken I am just interested in suppresing platform/version information when > > > someone telnet to port 143. Just one more layer of security. > > > > But by doing this, you're implying that there is a security hole in the > > Cyrus server which can be exploited if the hacker discovers the > > vendor/version info. Is there some known security hole in Cyrus that > > isn't in other servers. Even if there is, I don't think that the lack > > of info in the banner is going to stop a hacker from trying the exploit > > anyway. Furthermore, a good hacker intent on finding Cyrus servers > > could also detect them by look for known response strings from commands, > > etc. > > >Ah yes, the old "security through obscurity" game. From what I've seen >eliminating the server type and version has no affect on whether a >cracker can exploit any weakness that an application has. And that's >because the vast majority of attacks aren't done in what one would >consider an intelligent manner. The attacker doesn't examine services to >figure out if they are vulnerable or not. He/she simply runs a script >that attempts to exploit all known vulnerabilities. So hiding the fact >that you are running a certain version of Sendmail, or Cyrus, or >whatever doesn't generally help. The attack scripts that I've recovered >from cracked boxes (that were then used to try to crack other boxes) >just had a big list of things to try. >-- >=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ > Jim Levie email: >[EMAIL PROTECTED] > Dynetics Inc, Huntsville, Al Ph.256.964.4337 > The opinions expressed above are just that...
Re: your mail
Hallo! Am Tue, 2 Apr 2002 10:37:19 -0800 schrieb damm: > > relay=cyrus, delay=1, status=bounced (Command died with status 1: >"/cyrus/bin/deliver") > > > > "deliver" is in /usr/cyrus/bin. Has the message above something to > > do that there is a wrong pathinformation? > > > > > > greets > Modify your master.cf to change to that /usr/cyrus/bin/deliver or /opt/cyrus or >whatever you > installed it under. Thank you! Now I have another problem: delta deliver[1635]: connect(/var/imap/socket/lmtp) failed: Connection refused What could cause this one? regards -- Andreas Meyer http://home.wtal.de/MeineHomepage
Strang folder behavior
Currently whe are migrating from cyrus 1.6.24 to 2.0.16 running on linux 2.4. What I have done is the following: 1. created all users on the new server 2. Copied all the mailboxes from the old systen to the new system 3. Imported the mailboxes file 4. reconstruct each mailbox After that everything seems te be fine. Acl are ok, .sub files are ok, quota files are ok. The strang thing is that, using either outlook expres of execmail, only a few subfolders are subscribed. Subscribing the others and then logout/login results in a loss of most of the subscriptions... What can be wrong. Thank for any suggestions -- Freerk J. Bosscha Networkadministrator Noordelijke Hogeschool Leeuwarden Tesselschadestraat 12 8913 HB Leeuwarden The Netherlands Phone : xx-31-(0)58 2961 435 fax : xx-31-(0)58 2961 466 e-mail: [EMAIL PROTECTED] url : http://www1.nhl.nl/~bosscha
Re: your mail
Andreas Meyer schrieb: > > Hallo! > > Am Tue, 2 Apr 2002 10:37:19 -0800 schrieb damm: > > > > relay=cyrus, delay=1, status=bounced (Command died with status 1: >"/cyrus/bin/deliver") > > > > > > "deliver" is in /usr/cyrus/bin. Has the message above something to > > > do that there is a wrong pathinformation? > > > > > > > > > greets > > Modify your master.cf to change to that /usr/cyrus/bin/deliver or /opt/cyrus or >whatever you > > installed it under. > > Thank you! > > Now I have another problem: > > delta deliver[1635]: connect(/var/imap/socket/lmtp) failed: Connection refused Hm, I don't understand. I have the following in main.cf: mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp If Cyrus imapd is stopped, I get the error you mentioned when I try to deliver mail. -Simon > > What could cause this one? > > regards > -- > > Andreas Meyer http://home.wtal.de/MeineHomepage
Re: your mail
On Wed, Apr 03, 2002 at 08:49:01AM +0200, Simon Matter wrote: > Hm, I don't understand. I have the following in main.cf: > > mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp > > If Cyrus imapd is stopped, I get the error you mentioned when I try to > deliver mail. > > -Simon > That's fine, but master has to be running in order for lmtpd to work. So you can pick either lmtp or the deliver command, either works. I imagine equally as well, but if you want try mailbox_transport = cyrus then in master.cf change it to use /usr/cyrus/bin/deliver or wherever you keep your cyrus dir at.
