date:20190226

Re: Sieve not working

2019-02-26 Thread J Pilfold-Bagwell

Hi Willem,

Once I found that you can run sieve on ports 200 and 4190 at the same 
time, I set it up just in case Cyrus was talking to only one of the ports.

If I telnet in, I get this response.

[root@mail rules]# telnet localhost 2000
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
"IMPLEMENTATION" "Cyrus timsieved v2.4.17-Fedora-RPM-2.4.17-13.el7"
"SASL" "PLAIN LOGIN CRAM-MD5 DIGEST-MD5"
"SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags 
notify envelope relational regex subaddress copy"

"STARTTLS"
"UNAUTHENTICATE"
OK
#

and

[root@mail rules]# telnet localhost 4190
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
"IMPLEMENTATION" "Cyrus timsieved v2.4.17-Fedora-RPM-2.4.17-13.el7"
"SASL" "PLAIN LOGIN CRAM-MD5 DIGEST-MD5"
"SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags 
notify envelope relational regex subaddress copy"

"STARTTLS"
"UNAUTHENTICATE"
OK

Replacing localhost with 127.0.0.1 gets rid of the  "telnet: connect to 
address ::1: Connection refused".

I can also log into sieveshell and list and manipulate scripts::

[root@mail rules]# sieveshell --authname=mail-admin --user=jpb localhost
connecting to localhost
Please enter your password:
> list
mail
sieve-test  <- active script
> get sieve-test
require ["fileinto"];
if address :is "From" "test-u...@gmail.com" {
  fileinto "INBOX.Microsoft";
  stop;
}

On 18/02/2019 09:33, Willem Offermans wrote:

Dear Egoitz and Cyrus friends,

Check if sieve is actually listening at port 2000 as well.

Wiel Offermans
wil...@offermans.rompen.nl 

On 18 Feb 2019, at 09:34, ego...@sarenet.es 
 wrote:

Hi!

Could you try enabling local6.debug channel in syslog, so that you 
could see additional Sieve debugging information?. Can you then post 
that log?

Cheers!

El 2019-02-15 12:32, J Pilfold-Bagwell escribió:

Hi All,

I have a Centos 7 box running with the latest default cyrus install 
from the Centos 7 repo, i.e. cyrus-imapd-2.4.17-13.el7.x86_64 .

The problem I have is that sieve doesn't seem to pay any attention 
to the scripts.  I have sieve running, I can successfully log in to 
it using sieveshell, create, upload and activate scripts, but they 
don't seem to be applied to the incoming mail.  First I was trying 
the vacation and reject scripts so checked that the correct sendmail 
is in use but it fails on fileinto as well.

~~

imapd.conf looks like this:

[root@mail admin]# cat /etc/imapd.conf
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyradmin
sieve_admins: cyradmin
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: sasldb
sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
allowplaintext: yes
allowusermoves: yes
defaultdomain: mail
lmtp_downcase_rcpt: yes

tls_cert_file: /etc/ssl/certs/cyrus-imapd/newcert.pem
tls_key_file: /etc/ssl/certs/cyrus-imapd/newkey.pem
tls_ca_file: /etc/ssl/certs/cyrus-imapd/cacert.pem
tls_ca_path: /etc/ssl/certscyrus-imapd

cyrus.conf:

# standard standalone server implementation

START {
  # do not delete this entry!
  recovercmd="ctl_cyrusdb -r"

  # this is only necessary if using idled for IMAP IDLE
  idledcmd="idled"
}

# UNIX sockets start with a slash and are put into /var/lib/imap/sockets
SERVICES {
  # add or remove based on preferences
  imapcmd="imapd" listen="imap" prefork=5
  imapscmd="imapd -s" listen="imaps" prefork=1
#  pop3cmd="pop3d" listen="pop3" prefork=3
#  pop3scmd="pop3d -s" listen="pop3s" prefork=1
  sievecmd="timsieved" listen="0.0.0.0:2000" prefork=0
  sieve cmd="timsieved" listen="0.0.0.0:4190" prefork=0
#  managesieve   cmd="timsieved" listen="localhost:4190" prefork=0

  # these are only necessary if receiving/exporting usenet via NNTP
#  nntpcmd="nntpd" listen="nntp" prefork=3
#  nntpscmd="nntpd -s" listen="nntps" prefork=1

  # at least one LMTP is required for delivery
#  lmtpcmd="lmtpd" listen="lmtp" prefork=0
  lmtpunixcmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1

  # this is only necessary if using notifications
#  notify    cmd="notifyd" listen="/var/lib/imap/socket/notify" 
proto="udp" prefork=1

}

EVENTS {
  # this is required
  checkpointcmd="ctl_cyrusdb -c" period=30

  # this is only necessary if using duplicate delivery suppression,
  # Sieve or NNTP
  delprunecmd="cyr_expire -E 3" at=0400

  # this is only necessary if caching TLS sessions
  tlsprunecmd="tls_prune" at=0400

  # reindex changed mailboxes (fulltext) approximately every three hours
  squatter1   cmd="/usr/bin/ionice -c idle 
/usr/lib/

Re: Best way to auth cyrus 3.x to an AD domain setup

2019-02-26 Thread Lars Schimmer

On 2/25/19 3:17 PM, Dan White wrote:
> On 02/25/19 11:45 +0100, Lars Schimmer wrote:
>> Ok, after sasldb2 file is not good anymore, I want to ask user passwords
>> from our AD Domain setup.
>>
>> I had a short search and I did find several methosd to let cyrus3 ask
>> for users/pwasswords from a AD server, but all are kinda old.
>>
>> E.g. using krb5 service principle in win server 2008, or just using LDAp
>> against the server.
>>
>> What is the preferred, easy to use method nowadays, any docs available?
>>
>> Or how do I use sasl to save passwords encrypted with hash on local
>> harddrive?
> 
> https://www.openldap.org/lists/openldap-technical/201106/msg00198.html
> 
> In imapd.conf:
> 
> sasl_pwcheck_method: saslauthd

Tried, but passwd check bad.
With ldapsearch I get a positiv feedback, but on imap login I get:
SASL(-13): authentication failure: checkpass failed

And no simple way to debug :-(


MfG,
Lars Schimmer
-- 
-
TU Graz, Institut für ComputerGraphik & WissensVisualisierung
Tel: +43 316 873-5405   E-Mail: l.schim...@cgv.tugraz.at
Fax: +43 316 873-5402   PGP-Key-ID: 0x4A9B1723





signature.asc
Description: OpenPGP digital signature

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Sieve not working

2019-02-26 Thread Willem Offermans

Dear jpilfold-bagwell  and 
Cyrus friends,

Now you are sure that sieve is actually listening on the mentioned ports.

How about the main question? 

Are the scripts applied to the incoming mail?



Wiel Offermans
wil...@offermans.rompen.nl




> On 26 Feb 2019, at 11:36, J Pilfold-Bagwell 
>  wrote:
> 
> Hi Willem,
> 
> Once I found that you can run sieve on ports 200 and 4190 at the same time, I 
> set it up just in case Cyrus was talking to only one of the ports.
> 
> If I telnet in, I get this response.
> 
> [root@mail rules]# telnet localhost 2000
> Trying ::1...
> telnet: connect to address ::1: Connection refused
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> "IMPLEMENTATION" "Cyrus timsieved v2.4.17-Fedora-RPM-2.4.17-13.el7"
> "SASL" "PLAIN LOGIN CRAM-MD5 DIGEST-MD5"
> "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify 
> envelope relational regex subaddress copy"
> "STARTTLS"
> "UNAUTHENTICATE"
> OK
> #
> 
> and 
> 
> [root@mail rules]# telnet localhost 4190
> Trying ::1...
> telnet: connect to address ::1: Connection refused
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> "IMPLEMENTATION" "Cyrus timsieved v2.4.17-Fedora-RPM-2.4.17-13.el7"
> "SASL" "PLAIN LOGIN CRAM-MD5 DIGEST-MD5"
> "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify 
> envelope relational regex subaddress copy"
> "STARTTLS"
> "UNAUTHENTICATE"
> OK
> 
> 
> Replacing localhost with 127.0.0.1 gets rid of the  "telnet: connect to 
> address ::1: Connection refused" 
> .
> 
> I can also log into sieveshell and list and manipulate scripts::
> 
> [root@mail rules]# sieveshell --authname=mail-admin --user=jpb localhost
> connecting to localhost
> Please enter your password: 
> > list
> mail 
> sieve-test  <- active script
> > get sieve-test
> require ["fileinto"];
> if address :is "From" "test-u...@gmail.com"  {
>   fileinto "INBOX.Microsoft";
>   stop;
> }
> 
> 
> 
> 
> 
> 
> 
> 
> On 18/02/2019 09:33, Willem Offermans wrote:
> 
>> Dear Egoitz and Cyrus friends,
>> 
>> Check if sieve is actually listening at port 2000 as well.
>> 
>> 
>> Wiel Offermans
>> wil...@offermans.rompen.nl 
>> 
>> 
>> 
>> 
>>> On 18 Feb 2019, at 09:34, ego...@sarenet.es  
>>> wrote:
>>> 
>>> Hi!
>>> 
>>> 
>>> 
>>> Could you try enabling local6.debug channel in syslog, so that you could 
>>> see additional Sieve debugging information?. Can you then post that log?
>>> 
>>> 
>>> 
>>> Cheers!
>>> 
>>>  
>>> 
>>> 
>>> El 2019-02-15 12:32, J Pilfold-Bagwell escribió:
>>> 
 Hi All,
 
 I have a Centos 7 box running with the latest default cyrus install from 
 the Centos 7 repo, i.e. cyrus-imapd-2.4.17-13.el7.x86_64 .
 
 The problem I have is that sieve doesn't seem to pay any attention to the 
 scripts.  I have sieve running, I can successfully log in to it using 
 sieveshell, create, upload and activate scripts, but they don't seem to be 
 applied to the incoming mail.  First I was trying the vacation and reject 
 scripts so checked that the correct sendmail is in use but it fails on 
 fileinto as well.
 
 ~~
 
 imapd.conf looks like this:
 
 [root@mail admin]# cat /etc/imapd.conf
 configdirectory: /var/lib/imap
 partition-default: /var/spool/imap
 admins: cyradmin
 sieve_admins: cyradmin
 sievedir: /var/lib/imap/sieve
 sendmail: /usr/sbin/sendmail
 hashimapspool: true
 sasl_pwcheck_method: auxprop
 sasl_auxprop_plugin: sasldb
 sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
 allowplaintext: yes
 allowusermoves: yes
 defaultdomain: mail
 lmtp_downcase_rcpt: yes
 
 tls_cert_file: /etc/ssl/certs/cyrus-imapd/newcert.pem
 tls_key_file: /etc/ssl/certs/cyrus-imapd/newkey.pem
 tls_ca_file: /etc/ssl/certs/cyrus-imapd/cacert.pem
 tls_ca_path: /etc/ssl/certscyrus-imapd
 
 
 
 cyrus.conf:
 
 # standard standalone server implementation
 
 START {
   # do not delete this entry!
   recovercmd="ctl_cyrusdb -r"
 
   # this is only necessary if using idled for IMAP IDLE
   idledcmd="idled"
 }
 
 # UNIX sockets start with a slash and are put into /var/lib/imap/sockets
 SERVICES {
   # add or remove based on preferences
   imapcmd="imapd" listen="imap" prefork=5
   imapscmd="imapd -s" listen="imaps" prefork=1
 #  pop3cmd="pop3d" listen="pop3" prefork=3
 #  pop3scmd="pop3d -s" listen="pop3s" prefork=1
   sievecmd="timsieved" listen="0.0.0.0:2000" prefork=0
   sieve cmd="timsieved" listen="0.0.0.0:4190" prefork=0
 #  managesieve   cmd="timsieved" listen="localho

Re: Cyrus imap and identity theft

2019-02-26 Thread Neil Price




On 22/02/2019 08:41 PM, Stéphane Branchoux wrote:


Each week , few users respond to phishing mails.
I use rules on firewalls, DNS filters, training program for users , 
anti spam products , anti virus ….


I am looking for a way or tools to reduce identity theft on my Cyrus 
imap server.
For example , scripts to geo localise ip requests , detect and reject 
bad connexions  ?
Is it possible to authorize few devices for a user and reject other 
devices  ?


Which tools do you use on your Cyrus imap servers to protect them ?




fail2ban and fail2ban-repeater 
https://stuffphilwrites.com/2013/03/permanently-ban-repeat-offenders-fail2ban/
ipset-blacklist https://github.com/trick77/ipset-blacklist (great for 
banning whole countries)

password policies

Plus the usual: SPF, clam, spamassassin, greylisting, etc
Spam check outgoing mail too.

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Best way to auth cyrus 3.x to an AD domain setup

2019-02-26 Thread Lars Schimmer

Ok, here my config saslauthd.conf file:


# Servers
ldap_servers: ldap://a.b.c.d:389/ ldap://a.b.c.e:389/

# Identity
ldap_bind_dn: cn=bind,cn=Users,DC=cgv,DC=tugraz,DC=at
ldap_password: pass
#ldap_auth_method: bind

# Search
ldap_search_base: cn=Users,DC=cgv,DC=tugraz,DC=at
ldap_filter: sAMAccountName=%u


# misc
ldap_use_sasl: yes
ldap_mech: DIGEST-MD5


testsaslauthd -u maya -p pass

shows:
:auth failure: [user=maya] [service=imap] [realm=] [mech=ldap]
[reason=Unknown]
saslauthd[2735] :response: NO


So far it looks like it does not ask the ldap server at all. Hm.


MfG,
Lars Schimmer
-- 
-
TU Graz, Institut für ComputerGraphik & WissensVisualisierung
Tel: +43 316 873-5405   E-Mail: l.schim...@cgv.tugraz.at
Fax: +43 316 873-5402   PGP-Key-ID: 0x4A9B1723





signature.asc
Description: OpenPGP digital signature

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Cyrus imap and identity theft

2019-02-26 Thread Stephane Branchoux


Hello,

Thanks for the link to ipset-balcklist, i will try it.

fail2ban is not interesting for me because with phishing, connexions are 
succeded !


I would like to detect and block succeed  connections when a user 
connects from multiple


countries the same day.

Thanks

Le 26/02/2019 à 12:00, Neil Price a écrit :


On 22/02/2019 08:41 PM, Stéphane Branchoux wrote:


Each week , few users respond to phishing mails.
I use rules on firewalls, DNS filters, training program for users , 
anti spam products , anti virus ….


I am looking for a way or tools to reduce identity theft on my Cyrus 
imap server.
For example , scripts to geo localise ip requests , detect and reject 
bad connexions  ?
Is it possible to authorize few devices for a user and reject other 
devices  ?


Which tools do you use on your Cyrus imap servers to protect them ?




fail2ban and fail2ban-repeater 
https://stuffphilwrites.com/2013/03/permanently-ban-repeat-offenders-fail2ban/
ipset-blacklist https://github.com/trick77/ipset-blacklist (great for 
banning whole countries)

password policies

Plus the usual: SPF, clam, spamassassin, greylisting, etc
Spam check outgoing mail too.

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


--
Stephane BRANCHOUX
Centre de Ressources Informatiques de l'Université de Perpignan.
Systèmes/Réseaux - RSSI
mailto:stephane.branch...@univ-perp.fr
04 68 66 21 24 / 07 60 73 38 42




smime.p7s
Description: Signature cryptographique S/MIME

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Cyrus imap and identity theft

2019-02-26 Thread Merlin Hartley

fail2ban can do anything you want - including what you describe - you just have 
tell it what to look for in the logs!


--
Merlin Hartley
Computer Officer
MRC Mitochondrial Biology Unit
University of Cambridge
Cambridge, CB2 0XY
United Kingdom

> On 26 Feb 2019, at 14:20, Stephane Branchoux 
>  wrote:
> 
> Hello,
> 
> Thanks for the link to ipset-balcklist, i will try it.
> 
> fail2ban is not interesting for me because with phishing, connexions are 
> succeded !
> 
> I would like to detect and block succeed  connections when a user connects 
> from multiple
> 
> countries the same day.
> 
> Thanks
> 
> Le 26/02/2019 à 12:00, Neil Price a écrit :
>> 
>> On 22/02/2019 08:41 PM, Stéphane Branchoux wrote:
>>> 
>>> Each week , few users respond to phishing mails.
>>> I use rules on firewalls, DNS filters, training program for users , anti 
>>> spam products , anti virus ….
>>> 
>>> I am looking for a way or tools to reduce identity theft on my Cyrus imap 
>>> server.
>>> For example , scripts to geo localise ip requests , detect and reject bad 
>>> connexions  ?
>>> Is it possible to authorize few devices for a user and reject other devices 
>>>  ?
>>> 
>>> Which tools do you use on your Cyrus imap servers to protect them ?
>>> 
>>> 
>> 
>> fail2ban and fail2ban-repeater 
>> https://stuffphilwrites.com/2013/03/permanently-ban-repeat-offenders-fail2ban/
>> ipset-blacklist https://github.com/trick77/ipset-blacklist (great for 
>> banning whole countries)
>> password policies
>> 
>> Plus the usual: SPF, clam, spamassassin, greylisting, etc
>> Spam check outgoing mail too.
>> 
>> Cyrus Home Page: http://www.cyrusimap.org/
>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>> To Unsubscribe:
>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
> 
> -- 
> Stephane BRANCHOUX
> Centre de Ressources Informatiques de l'Université de Perpignan.
> Systèmes/Réseaux - RSSI
> mailto:stephane.branch...@univ-perp.fr
> 04 68 66 21 24 / 07 60 73 38 42
> 
> 
> 
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Sieve not working

Re: Best way to auth cyrus 3.x to an AD domain setup

Re: Sieve not working

Re: Cyrus imap and identity theft

Re: Best way to auth cyrus 3.x to an AD domain setup

Re: Cyrus imap and identity theft

Re: Cyrus imap and identity theft

7 matches

Site Navigation

Mail list logo

Footer information