Re: Why is SASL authentication have to be so difficult? Round 2
On Mon, 6 Dec 2004, Robert Lubbers wrote:
* OK cyrus.domain.com Cyrus IMAP4 v2.2.9 server ready
. login cyrususer secret
. NO Login failed: can't request info until later in exchange
. logout
* BYE LOGOUT received
. OK Completed
Ken pointed something out to me about this yesterday, notably, that imap
has code e.g.
r = sasl_getprop(imapd_saslconn, SASL_USERNAME,
(const void **) &canon_user);
while pop does not. And I don't know the history. This is one reason I'd
rather have a real database of bugs, but making bugzilla manageable for
this is somewhat hard.
The commit log on 1.398.2.81 is "don't canonify a userid twice"
So we switch from (effectively) calling auth_canonifyid from
canonify_userid before doing sasl stuff, to this sasl_getprop after.
Reversing that change would be as follows, you'll almost certainly need to
apply it by hand.
hand.
Index: imapd.c
===
RCS file: /afs/andrew.cmu.edu/system/cvs/src/cyrus/imap/imapd.c,v
retrieving revision 1.398.2.81
retrieving revision 1.398.2.80
diff -u -r1.398.2.81 -r1.398.2.80
--- imapd.c 29 May 2003 20:18:58 - 1.398.2.81
+++ imapd.c 29 May 2003 14:50:45 - 1.398.2.80
@@ -38,7 +38,7 @@
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: imapd.c,v 1.398.2.81 2003/05/29 20:18:58 rjs3 Exp $ */
+/* $Id: imapd.c,v 1.398.2.80 2003/05/29 14:50:45 ken3 Exp $ */
#include
@@ -1561,7 +1561,8 @@
char c;
struct buf passwdbuf;
char *passwd;
-const char *reply = NULL;
+char *canon_user;
+const char *reply = 0;
int plaintextloginpause;
int r;
@@ -1571,10 +1572,20 @@
return;
}
+canon_user = canonify_userid(user, NULL, NULL);
+
+if (!canon_user) {
+ syslog(LOG_NOTICE, "badlogin: %s plaintext %s invalid user",
+ imapd_clienthost, beautify_string(user));
+ prot_printf(imapd_out, "%s NO %s\r\n", tag,
+ error_message(IMAP_INVALID_USER));
+ return;
+}
+
/* possibly disallow login */
if ((imapd_starttls_done == 0) &&
(config_getswitch(IMAPOPT_ALLOWPLAINTEXT) == 0) &&
- !is_userid_anonymous(user)) {
+ strcmp(canon_user, "anonymous") != 0) {
eatline(imapd_in, ' ');
prot_printf(imapd_out, "%s NO Login only available under a layer\r\n",
tag);
@@ -1596,7 +1607,7 @@
passwd = passwdbuf.s;
-if (is_userid_anonymous(user)) {
+if (!strcmp(canon_user, "anonymous")) {
if (config_getswitch(IMAPOPT_ALLOWANONYMOUSLOGIN)) {
passwd = beautify_string(passwd);
if (strlen(passwd) > 500) passwd[500] = '\0';
@@ -1615,21 +1626,22 @@
}
}
else if ((r = sasl_checkpass(imapd_saslconn,
-user,
-strlen(user),
+canon_user,
+strlen(canon_user),
passwd,
strlen(passwd))) != SASL_OK) {
syslog(LOG_NOTICE, "badlogin: %s plaintext %s %s",
- imapd_clienthost, user, sasl_errdetail(imapd_saslconn));
+ imapd_clienthost, canon_user, sasl_errdetail(imapd_saslconn));
sleep(3);
- if ((reply = sasl_errstring(r, NULL, NULL)) != NULL) {
+ if (reply) {
+ prot_printf(imapd_out, "%s NO Login failed: %s\r\n", tag, reply);
+ } else if ((reply = sasl_errstring(r, NULL, NULL)) != NULL) {
prot_printf(imapd_out, "%s NO Login failed: %s\r\n", tag, reply);
} else {
prot_printf(imapd_out, "%s NO Login failed: %d\r\n", tag, r);
}
-
snmp_increment_args(AUTHENTICATION_NO, 1,
VARIABLE_AUTH, 0 /* hash_simple("LOGIN") */,
VARIABLE_LISTEND);
@@ -1637,26 +1649,6 @@
return;
}
else {
- const char *canon_user;
-
- r = sasl_getprop(imapd_saslconn, SASL_USERNAME,
- (const void **) &canon_user);
-
- if(r != SASL_OK) {
- if ((reply = sasl_errstring(r, NULL, NULL)) != NULL) {
- prot_printf(imapd_out, "%s NO Login failed: %s\r\n",
- tag, reply);
- } else {
- prot_printf(imapd_out, "%s NO Login failed: %d\r\n", tag, r);
- }
-
- snmp_increment_args(AUTHENTICATION_NO, 1,
-VARIABLE_AUTH, 0 /* hash_simple("LOGIN") */,
-VARIABLE_LISTEND);
- freebuf(&passwdbuf);
- return;
- }
-
imapd_userid = xstrdup(canon_user);
snmp_increment_args(AUTHENTICATION_YES, 1,
VARIABLE_AUTH, 0 /*hash_simple("LOGIN") */,
@@ -1761,6 +1753,7 @@
*/
sasl_result = sasl_getprop(imapd_saslconn, SASL_USERNAME,
(const void **) &canon_user);
+imapd_userid = xstrdup(canon_user);
if (sasl_result != SASL_OK) {
prot_printf(imapd_out, "%s NO weird SASL error %d SASL_USERNAME\r\n",
tag, sasl_result);
@@ -1769,7 +1762,6 @@
reset_saslconn(&imapd_saslconn);
return;
}
-imapd_userid = xstrdup(canon_user);
proc_register("imapd", imapd_clienthost, imapd_userid, (char *)0);
---
Cyrus Home Page: http://asg.web.cmu.ed
Re: best filesystem for imap server
On Sun, Dec 05, 2004 at 12:43:14AM -0200, Henrique de Moraes Holschuh wrote: > On Sat, 04 Dec 2004, Einar Indridason wrote: > > > > Don't forget JFS from IBM. > > All I know about JFS is that it did not come up as better enough than ext3 > in a few benchmarks I've seen, to bother with it at the time :( > > If you have first hand experience with JFS, please describe it to us. > Especially data protection capabilities and performance in ridiculously big > directories, as required by Cyrus spools :) I don't have a first hand experience with JFS. I just found it to be missing from the discussion. We do have some *huge* mail-folders here, running on ext3, and when a directory gets over a certain size, every operation on the directory increases in time very sharply. (Due to the "linked list" implementation in ext2/ext3.) We did some googling around regarding which filesystem to choose, and I'm inclined to try JFS when we install the next mail-server. Some URLs I stumbled upon: http://linuxgazette.net/102/piszcz.html http://jamesthornton.com/hotlist/linux-filesystems/ And of course: http://www.google.com/search?q=journaled+filesystem+benchmark+linux -- einari --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: best filesystem for imap server
On Tue, 07 Dec 2004, Einar Indridason wrote: > We do have some *huge* mail-folders here, running on ext3, and when a > directory gets over a certain size, every operation on the directory > increases in time very sharply. (Due to the "linked list" implementation > in ext2/ext3.) Is that ext3 in 2.6.8.1+ with all the htrees enabled? -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Newbie needs help with migration from uw-imap
I have finaly imported all the messages. I needed to change path in scripts. So I have done everything and ad to sendmail conf lines define(`confLOCAL_MAILER', `cyrusv2') MAILER(cyrusv2) and rebuild Sendmail. But after the start I get this in the log: Dec 7 13:59:56 xmail master[21156]: about to exec /usr/lib/cyrus-imapd/lmtpd Dec 7 13:59:56 xmail lmtpunix[21156]: DBERROR db4: /var/lib/imap/db/__db.001: No such file or directory Dec 7 13:59:56 xmail lmtpunix[21156]: DBERROR: dbenv->open '/var/lib/imap/db' failed: No such file or directory Dec 7 13:59:56 xmail lmtpunix[21156]: DBERROR: init() on berkeley Dec 7 13:59:56 xmail lmtpunix[21156]: DBERROR: reading /var/lib/imap/db/skipstamp, assuming the worst: No such file or directory Dec 7 13:59:56 xmail lmtpunix[21156]: executed Dec 7 13:59:56 xmail lmtpunix[21156]: DBERROR db4: environment not yet opened Dec 7 13:59:56 xmail lmtpunix[21156]: DBERROR: opening /var/lib/imap/deliver.db: Invalid argument Dec 7 13:59:56 xmail lmtpunix[21156]: DBERROR: opening /var/lib/imap/deliver.db: cyrusdb error Dec 7 13:59:56 xmail lmtpunix[21156]: FATAL: lmtpd: unable to init duplicate delivery database Dec 7 13:59:56 xmail master[6692]: process 21156 exited, status 75 Dec 7 13:59:56 xmail master[6692]: service lmtpunix pid 21156 in READY state: terminated abnormally and so on. As I have checked, ther is no deliver.db file nor db folder under /var/lib/imap. Any hints how to resolve this? Sasa --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus Murder
Hi, I got some problems with the cyrus-murder. I built a murder-master on a backend server, where all user mailboxes are stored. Second I got a frontend server, which deals with the master and acts as lmtp-,pop3,ipmapproxy. Connection to master is given: mail.log from backend-server: Dec 7 14:37:49 marina cyrus/mupdate[7570]: Connection reset by peer, closing connection Dec 7 14:37:49 marina cyrus/mupdate[7570]: ending cmdloop() on fd 10 Dec 7 14:37:49 marina cyrus/mupdate[6147]: accepted connection Dec 7 14:37:49 marina cyrus/mupdate[6147]: telling master 4 Dec 7 14:37:49 marina cyrus/master[6125]: service mupdate pid 6147 in READY state: serving one more multi-threaded connection Dec 7 14:37:49 marina cyrus/master[6125]: service mupdate now has 1 ready workers Dec 7 14:37:49 marina cyrus/mupdate[7571]: starting cmdloop() on fd 10 Dec 7 14:37:49 marina cyrus/mupdate[7571]: login: cyrus from [] So, when I just log in per telnet to the imap-proxy on the frontend server, I get a list of my mailboxfolders, but I can't get any stuff from the folders. * OK hostname Cyrus IMAP4 Murder v2.1.16-IPv6-Debian-2.1.16-10 server ready a login a OK User logged in a list "" * * LIST (\Noinferiors) "/" "INBOX" * LIST (\HasNoChildren) "/" "sent" * LIST (\HasNoChildren) "/" "spam" * LIST (\HasNoChildren) "/" "test" * LIST (\HasNoChildren) "/" "trash" a OK Completed b select spam b NO Server(s) unavailable to complete operation mail.log from frontend-server: Dec 7 14:57:07 localhost cyrus/proxyd[3282]: getaddrinfo(/home/cyrus/mail//user//spam) failed: Name or service not known Backend: cyrus.conf: imap cmd="imapd -U 30" listen="imap" prefork=0 maxchild=100 pop3 cmd="pop3d -U 250" listen="pop3" prefork=0 maxchild=100 mupdate cmd="mupdate -m" listen=3905 prefork=1 imapd.conf not much important things, just some admin-entries Frontend: cyrus.conf imap cmd="proxyd" listen="imap" prefork=0 maxchild=100 pop3 cmd="pop3proxyd" listen="pop3" prefork=0 maxchild=50 lmtp cmd="lmtpproxyd" listen="lmtp" prefork=1 maxchild=20 mupdate cmd="mupdate" listen=3905 prefork=1 imap.conf mupdate_server: mupdate_port: 3905 mupdate_username: cyrus mupdate_authname: cyrus mupdate_realm: *** mupdate_password: *** mupdate_retry_delay: 0 proxyd_allow_status_referral: false # or true Anyone an idea?
Re: Cyrus Murder
Axel Grupe wrote: Hi, I got some problems with the cyrus-murder. I built a murder-master on a backend server, where all user mailboxes are stored. The MUPDATE master SHOULD NOT be on a backend server. I either needs to be on a separate server or on a frontend server. In theory, you could run it on a backend using a different configdirectory, but its not recommended or supported. Second I got a frontend server, which deals with the master and acts as lmtp-,pop3,ipmapproxy. Connection to master is given: *mail.log from backend-server:* Dec 7 14:37:49 marina cyrus/mupdate[7570]: Connection reset by peer, closing connection Dec 7 14:37:49 marina cyrus/mupdate[7570]: ending cmdloop() on fd 10 Dec 7 14:37:49 marina cyrus/mupdate[6147]: accepted connection Dec 7 14:37:49 marina cyrus/mupdate[6147]: telling master 4 Dec 7 14:37:49 marina cyrus/master[6125]: service mupdate pid 6147 in READY state: serving one more multi-threaded connection Dec 7 14:37:49 marina cyrus/master[6125]: service mupdate now has 1 ready workers Dec 7 14:37:49 marina cyrus/mupdate[7571]: starting cmdloop() on fd 10 Dec 7 14:37:49 marina cyrus/mupdate[7571]: login: cyrus from [] So, when I just log in per telnet to the imap-proxy on the frontend server, I get a list of my mailboxfolders, but I can't get any stuff from the folders. * OK hostname Cyrus IMAP4 Murder v2.1.16-IPv6-Debian-2.1.16-10 server ready a login a OK User logged in a list "" * * LIST (\Noinferiors) "/" "INBOX" * LIST (\HasNoChildren) "/" "sent" * LIST (\HasNoChildren) "/" "spam" * LIST (\HasNoChildren) "/" "test" * LIST (\HasNoChildren) "/" "trash" a OK Completed b select spam b NO Server(s) unavailable to complete operation *mail.log from frontend-server:* Dec 7 14:57:07 localhost cyrus/proxyd[3282]: getaddrinfo(/home/cyrus/mail//user//spam) failed: Name or service not known *Backend:* cyrus.conf: imapcmd="imapd -U 30" listen="imap" prefork=0 maxchild=100 pop3cmd="pop3d -U 250" listen="pop3" prefork=0 maxchild=100 mupdate cmd="mupdate -m" listen=3905 prefork=1 imapd.conf not much important things, just some admin-entries * Frontend: *cyrus.conf imapcmd="proxyd" listen="imap" prefork=0 maxchild=100 pop3cmd="pop3proxyd" listen="pop3" prefork=0 maxchild=50 lmtpcmd="lmtpproxyd" listen="lmtp" prefork=1 maxchild=20 mupdate cmd="mupdate" listen=3905 prefork=1 imap.conf mupdate_server: mupdate_port: 3905 mupdate_username: cyrus mupdate_authname: cyrus mupdate_realm: *** mupdate_password: *** mupdate_retry_delay: 0 proxyd_allow_status_referral: false # or true Anyone an idea? -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Why is SASL authentication have to be so difficult? Round 2
On Tue, 7 Dec 2004, Derrick J Brashear wrote:
On Mon, 6 Dec 2004, Robert Lubbers wrote:
* OK cyrus.domain.com Cyrus IMAP4 v2.2.9 server ready
. login cyrususer secret
. NO Login failed: can't request info until later in exchange
. logout
* BYE LOGOUT received
. OK Completed
Ken pointed something out to me about this yesterday, notably, that imap has
code e.g.
r = sasl_getprop(imapd_saslconn, SASL_USERNAME,
(const void **) &canon_user);
while pop does not. And I don't know the history. This is one reason I'd
rather have a real database of bugs, but making bugzilla manageable for this
is somewhat hard.
The commit log on 1.398.2.81 is "don't canonify a userid twice"
Derrick,
There was a long discussion about this on cyrus-sasl and cyrus-devel lists
awhile back: http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&searchterm=saslpasswd2%20and%20virtdomains&msg=3683
-Igor
So we switch from (effectively) calling auth_canonifyid from canonify_userid
before doing sasl stuff, to this sasl_getprop after.
Reversing that change would be as follows, you'll almost certainly need to
apply it by hand.
hand.
Index: imapd.c
===
RCS file: /afs/andrew.cmu.edu/system/cvs/src/cyrus/imap/imapd.c,v
retrieving revision 1.398.2.81
retrieving revision 1.398.2.80
diff -u -r1.398.2.81 -r1.398.2.80
--- imapd.c 29 May 2003 20:18:58 - 1.398.2.81
+++ imapd.c 29 May 2003 14:50:45 - 1.398.2.80
@@ -38,7 +38,7 @@
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: imapd.c,v 1.398.2.81 2003/05/29 20:18:58 rjs3 Exp $ */
+/* $Id: imapd.c,v 1.398.2.80 2003/05/29 14:50:45 ken3 Exp $ */
#include
@@ -1561,7 +1561,8 @@
char c;
struct buf passwdbuf;
char *passwd;
-const char *reply = NULL;
+char *canon_user;
+const char *reply = 0;
int plaintextloginpause;
int r;
@@ -1571,10 +1572,20 @@
return;
}
+canon_user = canonify_userid(user, NULL, NULL);
+
+if (!canon_user) {
+ syslog(LOG_NOTICE, "badlogin: %s plaintext %s invalid user",
+ imapd_clienthost, beautify_string(user));
+ prot_printf(imapd_out, "%s NO %s\r\n", tag, +
error_message(IMAP_INVALID_USER));
+ return;
+}
+
/* possibly disallow login */
if ((imapd_starttls_done == 0) &&
(config_getswitch(IMAPOPT_ALLOWPLAINTEXT) == 0) &&
- !is_userid_anonymous(user)) {
+ strcmp(canon_user, "anonymous") != 0) {
eatline(imapd_in, ' ');
prot_printf(imapd_out, "%s NO Login only available under a
layer\r\n",
tag);
@@ -1596,7 +1607,7 @@
passwd = passwdbuf.s;
-if (is_userid_anonymous(user)) {
+if (!strcmp(canon_user, "anonymous")) {
if (config_getswitch(IMAPOPT_ALLOWANONYMOUSLOGIN)) {
passwd = beautify_string(passwd);
if (strlen(passwd) > 500) passwd[500] = '\0';
@@ -1615,21 +1626,22 @@
}
}
else if ((r = sasl_checkpass(imapd_saslconn,
-user,
-strlen(user),
+canon_user,
+strlen(canon_user),
passwd,
strlen(passwd))) != SASL_OK) {
syslog(LOG_NOTICE, "badlogin: %s plaintext %s %s",
- imapd_clienthost, user, sasl_errdetail(imapd_saslconn));
+ imapd_clienthost, canon_user, sasl_errdetail(imapd_saslconn));
sleep(3);
- if ((reply = sasl_errstring(r, NULL, NULL)) != NULL) {
+ if (reply) {
+ prot_printf(imapd_out, "%s NO Login failed: %s\r\n", tag, reply);
+ } else if ((reply = sasl_errstring(r, NULL, NULL)) != NULL) {
prot_printf(imapd_out, "%s NO Login failed: %s\r\n", tag, reply);
} else {
prot_printf(imapd_out, "%s NO Login failed: %d\r\n", tag, r);
}
-
snmp_increment_args(AUTHENTICATION_NO, 1,
VARIABLE_AUTH, 0 /* hash_simple("LOGIN") */,
VARIABLE_LISTEND);
@@ -1637,26 +1649,6 @@
return;
}
else {
- const char *canon_user;
- - r = sasl_getprop(imapd_saslconn, SASL_USERNAME,
- (const void **) &canon_user);
-
- if(r != SASL_OK) {
- if ((reply = sasl_errstring(r, NULL, NULL)) != NULL) {
- prot_printf(imapd_out, "%s NO Login failed: %s\r\n",
- tag, reply);
- } else {
- prot_printf(imapd_out, "%s NO Login failed: %d\r\n", tag, r);
- }
-
- snmp_increment_args(AUTHENTICATION_NO, 1,
-VARIABLE_AUTH, 0 /* hash_simple("LOGIN") */,
-VARIABLE_LISTEND);
- freebuf(&passwdbuf);
- return;
- }
-
imapd_userid = xstrdup(canon_user);
snmp_increment_args(AUTHENTICATION_YES, 1,
VARIABLE_AUTH, 0 /*hash_simple("LOGIN") */, @@
-1761,6 +1753,7 @@
*/
sasl_result = sasl_getprop(imapd_saslconn, SASL_USERNAME,
(const void **) &canon_user);
+imapd_userid = xstrdup(canon_user);
if (sasl_result != SASL_OK) {
prot_printf(imapd_out, "%s NO weird SASL error %d SASL_USERNAME\r\n",
tag, sasl_result);
Re: Why is SASL authentication have to be so difficult? Round 2
The commit log on 1.398.2.81 is "don't canonify a userid twice" Derrick, There was a long discussion about this on cyrus-sasl and cyrus-devel lists awhile back: http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&searchterm=saslpasswd2%20and%20virtdomains&msg=3683 this isn't quite the same thing. further investigation shows that auxprop verify password mech works differently from all the others, including the saslauthd mech he cares about. it canonifies, and all the others don't. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Why is SASL authentication have to be so difficult? Round 2
But it looks like I also miss the scope; sasl_check_pass canonifies (which means auxprop_verify_password canonifies twice from sasl_check_pass, and from sasl_user_exists is the only verify_password backend which canonifies... sigh) anyway, i think there is something more subtle doing on here maybe? --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Why is SASL authentication have to be so difficult? Round 2
On Tue, 7 Dec 2004, Derrick J Brashear wrote: The commit log on 1.398.2.81 is "don't canonify a userid twice" Derrick, There was a long discussion about this on cyrus-sasl and cyrus-devel lists awhile back: http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&searchterm=saslpasswd2%20and%20virtdomains&msg=3683 this isn't quite the same thing. further investigation shows that auxprop verify password mech works differently from all the others, including the saslauthd mech he cares about. it canonifies, and all the others don't. I was just trying to point out the history of that particular patch. -- Igor --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Why is SASL authentication have to be so difficult? Round 2
On Tue, 7 Dec 2004, Igor Brezac wrote: There was a long discussion about this on cyrus-sasl and cyrus-devel lists awhile back: http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&searchterm=saslpasswd2%20and%20virtdomains&msg=3683 this isn't quite the same thing. further investigation shows that auxprop verify password mech works differently from all the others, including the saslauthd mech he cares about. it canonifies, and all the others don't. I was just trying to point out the history of that particular patch. Oh. Sorry. Duh. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Why is SASL authentication have to be so difficult? Round 2
Robert Lubbers wrote: I am still working on getting this IMAP server authenticating against my Windows domain PDC, and I did manage to get the POP server authenticating, which is a giant step forward. But both the IMAP component and the cyradm component are complaining: They both give me the same error message: What version of SASL are you using? I can't reproduce this error using the current versions of Cyrus and SASL. cyrus-server>telnet localhost 143 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * OK cyrus.domain.com Cyrus IMAP4 v2.2.9 server ready . login cyrususer secret . NO Login failed: can't request info until later in exchange . logout * BYE LOGOUT received . OK Completed whereas the POP3 server doesn't complain at all: cyrus-server> telnet localhost 110 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK cyrus-server.domain.com Cyrus POP3 v2.2.9 server ready <[EMAIL PROTECTED]> user cyrususer +OK Name is a valid mailbox pass intisol +OK Mailbox locked and ready The wild thing is that the /var/log/secure fuile shows a valid authentication for either one: For POP3 Dec 6 10:59:51 cyrus-server saslauthd[1841]: rel_accept_lock : released accept lock Dec 6 10:59:51 cyrus-server saslauthd[1842]: get_accept_lock : acquired accept lock Dec 6 10:59:51 cyrus-server pam_winbind[1841]: user 'cyrususer' granted acces Dec 6 10:59:51 cyrus-server pam_winbind[1841]: user 'cyrususer' granted acces Dec 6 10:59:51 cyrus-server saslauthd[1841]: do_auth : auth success: [user=cyrususer] [service=pop] [realm=] [mech=pam] Dec 6 10:59:51 cyrus-server saslauthd[1841]: do_request : response: 0 Whereas for IMAP: Dec 6 11:03:24 cyrus-server saslauthd[1842]: rel_accept_lock : released accept lock Dec 6 11:03:24 cyrus-server saslauthd[1837]: get_accept_lock : acquired accept lock Dec 6 11:03:24 cyrus-server pam_winbind[1842]: user 'cyrususer' granted acces Dec 6 11:03:24 cyrus-server pam_winbind[1842]: user 'cyrususer' granted acces Dec 6 11:03:24 cyrus-server saslauthd[1842]: do_auth : auth success: [user=cyrususer] [service=imap] [realm=] [mech=pam] Dec 6 11:03:24 cyrus-server saslauthd[1842]: do_request : response: OK' See? No difference. For cyradm: cyrus-server>cyradm --user cyrusadmin --auth login localhost IMAP Password: Login failed: can't request info until later in exchange at /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/Cyrus/IMAP/Admin.pm line 118 cyradm: cannot authenticate to server with login as cyrus Yet this is a user that exists in /etc/sasldb2: cyrus-server> sasldblistusers2 [EMAIL PROTECTED]: userPassword [EMAIL PROTECTED]: userPassword [EMAIL PROTECTED]: cmusaslsecretOTP [EMAIL PROTECTED]: cmusaslsecretOTP Just for the sake of completeness, here is the contents of my /usr/local/lib/sasl directory: cyrus-server> ls -l /usr/local/lib/sasl2 total 600 -rwxr-xr-x1 root root 711 Dec 6 10:02 libanonymous.la lrwxrwxrwx1 root root 22 Dec 6 10:02 libanonymous.so -> libanonymous.so.2.0.20 lrwxrwxrwx1 root root 22 Dec 6 10:02 libanonymous.so.2 -> libanonymous.so.2.0.20 -rwxr-xr-x1 root root89354 Dec 6 10:02 libanonymous.so.2.0.20 -rwxr-xr-x1 root root 695 Dec 6 10:02 liblogin.la lrwxrwxrwx1 root root 18 Dec 6 10:02 liblogin.so -> liblogin.so.2.0.20 lrwxrwxrwx1 root root 18 Dec 6 10:02 liblogin.so.2 -> liblogin.so.2.0.20 -rwxr-xr-x1 root root88558 Dec 6 10:02 liblogin.so.2.0.20 -rwxr-xr-x1 root root 684 Dec 6 10:02 libotp.la lrwxrwxrwx1 root root 16 Dec 6 10:02 libotp.so -> libotp.so.2.0.20 lrwxrwxrwx1 root root 16 Dec 6 10:02 libotp.so.2 -> libotp.so.2.0.20 -rwxr-xr-x1 root root 155138 Dec 6 10:02 libotp.so.2.0.20 -rwxr-xr-x1 root root 695 Dec 6 10:02 libplain.la lrwxrwxrwx1 root root 18 Dec 6 10:02 libplain.so -> libplain.so.2.0.20 lrwxrwxrwx1 root root 18 Dec 6 10:02 libplain.so.2 -> libplain.so.2.0.20 -rwxr-xr-x1 root root88316 Dec 6 10:02 libplain.so.2.0.20 -rwxr-xr-x1 root root 716 Dec 6 10:02 libsasldb.la lrwxrwxrwx1 root root 19 Dec 6 10:02 libsasldb.so -> libsasldb.so.2.0.20 lrwxrwxrwx1 root root 19 Dec 6 10:02 libsasldb.so.2 -> libsasldb.so.2.0.20 -rwxr-xr-x1 root root 145666 Dec 6 10:02 libsasldb.so.2.0.20 I have a sym link from /usr/local/lib/sals2 to /usr/local/lib/sasl, /usr/lib/sasl2, and /usr/lib/sasl. Here is my /etc/imapd.conf: postmaster: postmaster configdirectory: /var/imap partition-default: /var/spool/imap admins: noctest admin allowanonymouslogin: no allowplaintext: yes sasl_mech_list: PLAIN servername: cyrus-server.domain.com autocreatequota: 4 reject8bit: no quotawarn: 90 timeout: 30 poptimeout
Re: Newbie needs help with migration from uw-imap
Sasa Stupar wrote: I have finaly imported all the messages. I needed to change path in scripts. So I have done everything and ad to sendmail conf lines define(`confLOCAL_MAILER', `cyrusv2') MAILER(cyrusv2) You'll also need: define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp') [ snipety snip some logs ] and so on. As I have checked, ther is no deliver.db file nor db folder under /var/lib/imap. Any hints how to resolve this? Strange, those should have been created for you automatically, if you used Cyrus IMAP daemon from FC3 RPM packages. I'd check permissions and ownerships. Most of the error messages point into that direction. /var/lib/imap and everything inthere should be owned by user cyrus, group mail. All files and directories should be accessible only by user cyrus (not by group). Exceptions are /var/lib/imap and /var/lib/imap/socket (750) and /var/lib/imap/socket/lmtp special file (777, root:root ownership). Also, some of those error messages look like those related to db4/glibc bug in FC2 (that was supposedly fixed in FC3 version of glibc). If you are running i686 or FC3 you shouldn't be affected by it. You said you are running FC3, so it is kind of strange. Maybe the thing was in presmissions only. If you are running i586 on FC2, than you will be affected by that bug. I can provide you with alternative db4 RPM packages that have unofficial fix for the problem in case you are running FC2 on i586 or older system (it's the same as distribution db4, minus NPTL on i586 and older). In short, the problem on FC2 was that db4 was compiled to use NPTL, however only i686 version of glibc library had support for it. If you were running i586 system or older, i386 version of glibc library was installed, which of course doesn't have support for NPTL. On FC3, the i386 version of glibc is acutally i486 (the name of RPM package is slightly "incorrect"), so it does have NPTL support and things are working correctly (unless you really have Intel 80386 procesor, in which case things are not working at all because your glibc uses i486 instruction set). -- Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7 --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
problem with murder
Hi all
I've problems with cyrus imapd 2.2.10 and murder. I always get:
Dec 7 15:22:18 sokrates mupdate[83581]: OTP unavailable because can't
read/write key database /etc/opiekeys: Permission denied
Dec 7 15:22:18 sokrates mupdate[83581]: OTP unavailable because can't
read/write key database /etc/opiekeys: Permission denied
Dec 7 15:22:18 sokrates mupdate[83581]: Password verification failed
Dec 7 15:22:18 sokrates mupdate[83581]: Password verification failed
Dec 7 15:22:21 sokrates mupdate[83581]: badlogin: testlan.mlan.ch
[212.101.1.103] PLAIN SASL(-13): authentication failure: Password
verification failed
OPT was disabled during the sasl configuration.
I try to run mupdate_config:unified that I can use frontend and backend
on the same machine.
System information:
2x FreeBSD 4.10-p3
cyrus-imapd-2.2.10
./configure --sysconfdir=/usr/local/etc
--with-cyrus-prefix=/usr/local/cyrus
--with-cyrus-user=cyrus
--with-cyrus-group=cyrus
--with-sasl=/usr/local
--with-bdb-libdir=/usr/local/lib
--with-com_err
--with-openssl=/usr
--with-perl=/usr/local/bin/perl5.8.5
--with-bdb-incdir=/usr/local/include/db42
--with-bdb=db-4.2
--enable-murder
--with-idle=idled
--enable-listext
--enable-netscapehack
--with-snmp=/usr/local
--with-auth=unix
--prefix=/usr/local i386-portbld-freebsd4.10
cyrus-sasl-2.1.20
./configure --sysconfdir=/usr/local/etc
--with-plugindir=/usr/local/lib/sasl2
--with-dbpath=/usr/local/etc/sasldb2
--includedir=/usr/local/include
--mandir=/usr/local/man
--enable-static
--enable-auth-sasldb
--with-rc4=openssl
--with-saslauthd=/var/state/saslauthd
--with-dblib=ndbm --without-mysql
--without-pgsql
--without-sqlite
--enable-login
--disable-otp
--disable-cram
--disable-digest
--disable-ntlm
--disable-gssapi
--disable-krb4
--with-openssl=yes
--prefix=/usr/local i386-portbld-freebsd4.10
cyrus-sasl-saslauthd-2.1.20_1
(with ldap)
saslauthd runs with ldap
saslauth.conf:
dap_servers: ldap://localhost
ldap_search_base: ou=people,ou=lan,dc=lan,dc=ch
ldap_filter: (|(uid=%u)(mailacceptinggeneralid=%u))
imapd.conf (both server have the same except the servername)
# The pathname of the IMAP configuration directory
configdirectory: /var/imap
partition-default: /var/spool/imap
servername: testlan.mlan.ch
singleinstancestore: true
hashimapspool: true
fulldirhash: true
# IMAPD
quotawarn: 90
timeout: 30
# POPD
poptimeout: 10
popexpiretime: 0
# SIEVE
sieveusehomedir: false
sievedir: /var/imap/sieve
sieve_allowplaintext: yes
# ACCESS
allowplaintext: yes
admins: admin
sasl_pwcheck_method: saslauthd
sasl_mech_list: plain
sasl_ldap_server: localhost
sasl_ldap_basedn: ou=people,ou=lan,dc=lan,dc=ch
sasl_ldap_uidattr: uid
sasl_ldap_port: 389
force_sasl_client_mech: plain
sasl_ldap_ssl: no
sasl_auto_transition: yes
# MURDER
mupdate_server: sokrates.mlan.ch
mupdate_username: mupdater
mupdate_authname: mupdater
mupdate_password: test
mupdate_config: unified
# EOF
cyrus.conf (both have the same except mupdate -m)
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd="ctl_cyrusdb -r"
}
SERVICES {
#mupdate database service - must prefork atleast 1
mupdate cmd="/usr/local/cyrus/bin/mupdate -m" listen=3905
prefork=1
# add or remove based on preferences
imap cmd="imapd" listen="imap" prefork=0
pop3 cmd="pop3d" listen="pop3" prefork=0
sieve cmd="timsieved" listen="sieve" prefork=0
# at least one LMTP is required for delivery
lmtp cmd="lmtpd" listen="lmtp" prefork=0
}
EVENTS {
# this is required
checkpointcmd="ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery suppression,
# Sieve or NNTP
delprune cmd="cyr_expire -E 3" at=0400
}
any idea whats wrong? OTP is disabled. I've no clue why one server will
always try otp.
I also tried:sokrates# mupdatetest -p 3905 -u mupdater sokrates:
S: * AUTH "NTLM" "LOGIN" "PLAIN" "DIGEST-MD5" "CRAM-MD5"
S: * PARTIAL-UPDATE
S: * OK MUPDATE "sokrates.mlan.ch" "Cyrus Murder" "v2.2.10" "(master)"
C: A01 AUTHENTICATE "DIGEST-MD5"
S:
bm9uY2U9Ik9hNE1NOGZoWXcxc2FCbkZ3ZVlwQi9XbWZlaWk2M1dSYnErM1Z2a1JZSU09IixyZWFsbT0ic29rcmF0ZXMubWxhbi5zb2xuZXQuY2giLHFvcD0iYXV0aCxhdXRoLWludCxhdXRoLWNvbmYiLGNpcGhlcj0icmM0LTQwLHJjNC01NixyYzQsZGVzLDNkZXMiLG1heGJ1Zj00MDk2LGNoYXJzZXQ9dXRmLTgsYWxnb3JpdGhtPW1kNS1zZXNz
Please enter your password: (test)
C:
dXNlcm5hbWU9InJvb3QiLHJlYWxtPSJzb2tyYXRlcy5tbGFuLnNvbG5ldC5jaCIsYXV0aHppZD0ibXVwZGF0ZXIiLG5vbmNlPSJPYTRNTThmaFl3MXNhQm5Gd2VZcEIvV21mZWlpNjNXUmJxKzNWdmtSWUlNPSIsY25vbmNlPSJpem5EK1E2QXBVeDVUTVVsQWUrMXhjTDFyL2ZwN0R1WmY3WjFzRE9EVXRFPSIsbmM9MDAwMDAwMDEscW9wPWF1dGgtY29uZixjaXBoZXI9cmM0LG1heGJ1Zj0xMDI0LGRpZ2VzdC11cmk9Im11cGRhdGUvc29rcmF0ZXMubWxhbi5zb2xuZXQuY2giLHJlc3BvbnNlPWJlNjc0ZDQ4ODM5ZDQ1MjJlMDIzNmUwYjVjM2ZmOGQz
S: A01 NO "undefined error!"
Authentication failed. generic failure
Security strength factor: 128
regards
Thomas
signature.asc
Description: Dies ist ein digital signierter N
Re: Why is SASL authentication have to be so difficult? Round 2
On Tue, 7 Dec 2004, Derrick J Brashear wrote: But it looks like I also miss the scope; sasl_check_pass canonifies (which means auxprop_verify_password canonifies twice from sasl_check_pass, and from sasl_user_exists is the only verify_password backend which canonifies... sigh) anyway, i think there is something more subtle doing on here maybe? I have not looked at the code in awhile, but it looks like double canonification occurs twice in cmd_login() as well - imapd_canon_user() and sasl_checkpass(). -- Igor --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Newbie needs help with migration from uw-imap
V tor, 07.12.2004 ob 16:54 je Aleksandar Milivojevic napisal(a): > Sasa Stupar wrote: > > I have finaly imported all the messages. I needed to change path in > > scripts. So I have done everything and ad to sendmail conf lines > > define(`confLOCAL_MAILER', `cyrusv2') > > MAILER(cyrusv2) > > You'll also need: > > define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp') > > [ snipety snip some logs ] > > > and so on. > > As I have checked, ther is no deliver.db file nor db folder under > > /var/lib/imap. > > Any hints how to resolve this? > > Strange, those should have been created for you automatically, if you > used Cyrus IMAP daemon from FC3 RPM packages. I'd check permissions and > ownerships. Most of the error messages point into that direction. > /var/lib/imap and everything inthere should be owned by user cyrus, > group mail. All files and directories should be accessible only by user > cyrus (not by group). Exceptions are /var/lib/imap and > /var/lib/imap/socket (750) and /var/lib/imap/socket/lmtp special file > (777, root:root ownership). > > Also, some of those error messages look like those related to db4/glibc > bug in FC2 (that was supposedly fixed in FC3 version of glibc). If you > are running i686 or FC3 you shouldn't be affected by it. You said you > are running FC3, so it is kind of strange. Maybe the thing was in > presmissions only. If you are running i586 on FC2, than you will be > affected by that bug. I can provide you with alternative db4 RPM > packages that have unofficial fix for the problem in case you are > running FC2 on i586 or older system (it's the same as distribution db4, > minus NPTL on i586 and older). > > In short, the problem on FC2 was that db4 was compiled to use NPTL, > however only i686 version of glibc library had support for it. If you > were running i586 system or older, i386 version of glibc library was > installed, which of course doesn't have support for NPTL. On FC3, the > i386 version of glibc is acutally i486 (the name of RPM package is > slightly "incorrect"), so it does have NPTL support and things are > working correctly (unless you really have Intel 80386 procesor, in which > case things are not working at all because your glibc uses i486 > instruction set). After reinstalling cyrus-imapd it works and what a speed compared to uw-imap, uuuaaauuu. Just another thing: before I had Spamassassin setup with procmail. But procmail is no more delivering agent so how do I setup it to work with cyrus? Sasa signature.asc Description: To je digitalno podpisani del =?iso-8859-2?Q?sporo=E8ila?=
Re: Newbie needs help with migration from uw-imap
Am Di, den 07.12.2004 schrieb Sasa Stupar um 19:10: > After reinstalling cyrus-imapd it works and what a speed compared to > uw-imap, uuuaaauuu. > Just another thing: before I had Spamassassin setup with procmail. But > procmail is no more delivering agent so how do I setup it to work with > cyrus? > > Sasa Not really on-topic here. As you run Sendmail use a milter like milter-spamc, spamass-milter or MimeDefang. Alexander -- Alexander Dalloz | Enger, Germany | new address - new key: 0xB366A773 legal statement: http://www.uni-x.org/legal.html Fedora GNU/Linux Core 2 (Tettnang) on Athlon kernel 2.6.9-1.6_FC2smp Serendipity 19:53:54 up 1 day, 19:16, load average: 0.45, 0.28, 0.16 --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Newbie needs help with migration from uw-imap
Sasa Stupar wrote: After reinstalling cyrus-imapd it works and what a speed compared to uw-imap, uuuaaauuu. Just another thing: before I had Spamassassin setup with procmail. But procmail is no more delivering agent so how do I setup it to work with cyrus? Set it up to work with Sendmail instead. There are couple of possibilities. Spamass-milter, Amavis, and MIMEDefang are three I can remember (the last two will also do anti-virus if you have ClamAV installed). Spamass-milter is simple to install and configure. Amavis has much more features, and a really huge config file. MIMEDefang is the most powerfull, but you need to know at least basics of Perl programming to configure it. -- Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7 --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Newbie needs help with migration from uw-imap
V tor, 07.12.2004 ob 19:55 je Alexander Dalloz napisal(a): > Am Di, den 07.12.2004 schrieb Sasa Stupar um 19:10: > > > After reinstalling cyrus-imapd it works and what a speed compared to > > uw-imap, uuuaaauuu. > > Just another thing: before I had Spamassassin setup with procmail. But > > procmail is no more delivering agent so how do I setup it to work with > > cyrus? > > > > Sasa > > Not really on-topic here. > > As you run Sendmail use a milter like milter-spamc, spamass-milter or > MimeDefang. > > Alexander > But if I use milter then it will be globaly and then users will be unable to tweak down spamassassin for they needs. Is this correct? Sasa signature.asc Description: To je digitalno podpisani del =?iso-8859-2?Q?sporo=E8ila?=
IOERROR ...
I am seeing strange error in my log file: Dec 7 20:18:47 xmail lmtpunix[15458]: IOERROR: fstating sieve script /var/lib/imap/sieve/s/sasa/defaultbc: No such file or directory What is sieve for? Sasa signature.asc Description: To je digitalno podpisani del =?iso-8859-2?Q?sporo=E8ila?=
Re: IOERROR ...
On Tue, 7 Dec 2004, Sasa Stupar wrote: I am seeing strange error in my log file: Dec 7 20:18:47 xmail lmtpunix[15458]: IOERROR: fstating sieve script /var/lib/imap/sieve/s/sasa/defaultbc: No such file or directory You can ignore this message. You can change facility level for mail to something different than debug and you will not see this messages in syslog. What is sieve for? Server side filtering. -- Igor --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Increasing "lock_reopen" leads to complete locking_timeout
Dear list, As I've discovered only a few results on google, which didn't clearify the situation, I hope for your advice. Lines as the following one are quite common for some mailboxes on my system and with regard to [1] I don't spend much attention: Dec 5 14:13:11 hostname cyrus/lmtpd[14434]: lock_reopen: blocked, sleeping for 1 on interval 1 (15, /var/lib/cyrus/quota/t/user.thorsten) Two days ago suddenly the interval increased (only for this mailbox): Dec 5 13:07:48 hostname cyrus/imapd[698]: lock_reopen: blocked, sleeping for 9 on interval 3 (13, /var/lib/cyrus/quota/c/user.carsten) [...] Dec 5 13:08:11 hostname cyrus/imapd[12504]: lock_reopen: blocked, sleeping for 49 on interval 7 (17, /var/spool/cyrus/mail/c/user/carsten/Sent/cyrus.header) [.. Leading to ..] Dec 5 13:11:25 hostname cyrus/imapd[12504]: IOERROR: locking_timeout header for user.carsten.Sent: Resource temporarily unavailable Delivery of mails to cyrus via lmtp didn't work anymore. As I couldn't spot the actual problem, I restarted cyrus and everything runs fine again. The used version of cyrus is still 2.1.15 backported to Debian Woody. Thanks for any hints in advance! Kind regards, Thorsten [1] http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&ms g=23851 --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Increasing "lock_reopen" leads to complete locking_timeout
On Tue, 07 Dec 2004, Thorsten Büker wrote: > again. The used version of cyrus is still 2.1.15 backported to Debian > Woody. Go to http://people.debian.org/~hmh/ and read the instructions there. Switch to 2.1.17 immediately. And *do not* SIGHUP it, I have not uploaded the backport version with the fix to Cyrus bug #2582 yet. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
[no subject]
--- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
