[no subject]

[Tony]

Hello,

I've been having a problem with sieve and was hoping someone on this list
might be able to help. I have managed to get sieve to work with all the
filtering commands, except "fileinto".

Software Versions:
--
Cyrus Imap 2.2.4
Cyrus Sasl 2.1.18
Postfix 2.1
FreeBSD 5.2.1-Release-p6

Following are the relevant parts of my imapd.conf:
--
unixhierarchysep: yes
altnamespace: no
duplicatesuppression: yes
sieveusehomedir: false
sievedir: /var/imap/sieve

This is the content of my sieve script using "fileinto".

require ["fileinto","reject"];

if
header :contains "Subject" "testing"
{
fileinto "INBOX/Junk";
}

Here is the debug output from Cyrus:
---
May 19 23:26:06 mail master[41279]: about to exec /usr/local/cyrus/bin/lmtpd
May 19 23:26:06 mail lmtpunix[41279]: executed
May 19 23:26:06 mail lmtpunix[41279]: accepted connection
May 19 23:26:06 mail lmtpunix[41279]: lmtp connection preauth'd as postman
May 19 23:26:06 mail lmtpunix[41279]: duplicate_check:
<[EMAIL PROTECTED]> user.test^mydomain^com.Junk 0
May 19 23:26:06 mail lmtpunix[41279]: duplicate_check:
<[EMAIL PROTECTED]> user.test^mydomain^com 0
May 19 23:26:06 mail lmtpunix[41279]: mystore: starting txn 2147483772
May 19 23:26:06 mail lmtpunix[41279]: mystore: committing txn 2147483772
May 19 23:26:06 mail lmtpunix[41279]: duplicate_mark:
<[EMAIL PROTECTED]> user.test^mydomain^com 1085034366
2


Any help would greatly be appreciated.

Thank you,
Tony

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Cyrus Sieve Problems

[Tony]

Hello,

Sorry about posting this earlier without a subject.

I've been having a problem with sieve and was hoping someone on this list
might be able to help. I have managed to get sieve to work with all the
filtering commands, except "fileinto".

Software Versions:
--
Cyrus Imap 2.2.4
Cyrus Sasl 2.1.18
Postfix 2.1
FreeBSD 5.2.1-Release-p6

Following are the relevant parts of my imapd.conf:
--
unixhierarchysep: yes
altnamespace: no
duplicatesuppression: yes
sieveusehomedir: false
sievedir: /var/imap/sieve

This is the content of my sieve script using "fileinto".

require ["fileinto","reject"];

if
header :contains "Subject" "testing"
{
fileinto "INBOX/Junk";
}

Here is the debug output from Cyrus:
---
May 19 23:26:06 mail master[41279]: about to exec
/usr/local/cyrus/bin/lmtpd
May 19 23:26:06 mail lmtpunix[41279]: executed
May 19 23:26:06 mail lmtpunix[41279]: accepted connection
May 19 23:26:06 mail lmtpunix[41279]: lmtp connection preauth'd as postman
May 19 23:26:06 mail lmtpunix[41279]: duplicate_check:
<[EMAIL PROTECTED]> user.test^mydomain^com.Junk 0 May
19 23:26:06 mail lmtpunix[41279]: duplicate_check:
<[EMAIL PROTECTED]> user.test^mydomain^com 0
May 19 23:26:06 mail lmtpunix[41279]: mystore: starting txn 2147483772 May
19 23:26:06 mail lmtpunix[41279]: mystore: committing txn 2147483772 May
19 23:26:06 mail lmtpunix[41279]: duplicate_mark:
<[EMAIL PROTECTED]> user.test^mydomain^com 1085034366 2






---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Cyrus Sieve Problems

[Tony]

I have tried the following syntax, but none of them work.

fileinto "INBOX/Junk";

fileinto "INBOX.Junk";

fileinto "Junk";

>
> Just a guess.. How about "Junk" or "INBOX.Junk" ?
>
>


>> fileinto "INBOX/Junk";

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: cyrus-imap and pam_mysql (very strange, and doesn't want to work!)

[Tony]

Try changing:

auth sufficient

to

auth required



> I've been hacking at this for quite a bit.  A Google search has turned up
> some nice little tidbits, but nothing seems to be working.
>
> I have Cyrus-IMAPD set up, and the mysql auth is funky, to say the least.
> It seems that any user with any password can login to the system!  Of
> course, only users with actual mailboxes can check anything.
>
> My /etc/pam.d/imap file:
>
> #
> # $FreeBSD: src/etc/pam.d/imap,v 1.5 2003/03/08 09:50:11 markm Exp $
> #
> # PAM configuration for the "imap" service
> #
>
>
> auth sufficient pam_mysql.so user=mail passwd=PASSWORD host=127.0.0.1
> db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=1
> logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host
> logpidcolumn=pid logtimecolumn=time
>
> account required pam_mysql.so user=mail passwd=PASSWORD host=127.0.0.1
> db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=1
> logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host
> logpidcolumn=pid logtimecolumn=time
>
>
> The output of /var/log/messages:
>
> May 25 02:25:34 cougar saslauthd[67928]: pam_sm_authenticate called.
> May 25 02:25:34 cougar saslauthd[67928]: dbuser changed.
> May 25 02:25:34 cougar saslauthd[67928]: dbpasswd changed.
> May 25 02:25:34 cougar saslauthd[67928]: host changed.
> May 25 02:25:34 cougar saslauthd[67928]: database changed.
> May 25 02:25:34 cougar saslauthd[67928]: table changed.
> May 25 02:25:34 cougar saslauthd[67928]: usercolumn changed.
> May 25 02:25:34 cougar saslauthd[67928]: passwdcolumn changed.
> May 25 02:25:34 cougar saslauthd[67928]: crypt changed.
> May 25 02:25:34 cougar saslauthd[67928]: logtable changed.
> May 25 02:25:34 cougar saslauthd[67928]: logmsgcolumn changed.
> May 25 02:25:34 cougar saslauthd[67928]: logusercolumn changed.
> May 25 02:25:34 cougar saslauthd[67928]: loghostcolumn changed.
> May 25 02:25:34 cougar saslauthd[67928]: logpidcolumn changed.
> May 25 02:25:34 cougar saslauthd[67928]: logtimecolumn changed.
> May 25 02:25:34 cougar saslauthd[67928]: db_connect  called.
> May 25 02:25:34 cougar saslauthd[67928]: returning 0 .
> May 25 02:25:34 cougar saslauthd[67928]: db_checkpasswd called.
> May 25 02:25:34 cougar saslauthd[67928]: pam_mysql: where clause =
> May 25 02:25:34 cougar saslauthd[67928]: SELECT password FROM accountuser
> WHERE username='rls0001'
> May 25 02:25:34 cougar saslauthd[67928]: sqlLog called.
> May 25 02:25:34 cougar saslauthd[67928]: insert into log (msg, user, host,
> pid, time) values('AUTH SUCCESSFUL', 'rls0001', '', '67928', NOW())
> May 25 02:25:34 cougar saslauthd[67928]: Returning 0
> May 25 02:25:34 cougar saslauthd[67928]: returning 0 .
> May 25 02:25:34 cougar saslauthd[67928]: returning 0.
> May 25 02:25:34 cougar imap[67927]: login: hlpdsk.dsl.telerama.com
> [205.201.9.222] rls0001 plaintext User logged in
>
>
> The wierd thing is, the password I used for this login was NOT the password
> I've assigned to the account!
>
> Fortunately, I'm in the testing-before-deployment phase; this is a serious
> potential security issue.
>
>
> The contents of /etc/imapd.conf:
>
> postmaster: postmaster
> configdirectory: /var/imap
> partition-default: /var/spool/imap
> # admins: cyrus # no admins!
> allowanonymouslogin: no
> allowplaintext: yes
> sasl_mech_list: PLAIN
> servername: imap.runningleopard.com
> autocreatequota: 1
> reject8bit: no
> quotawarn: 90
> timeout: 30
> poptimeout: 10
> #dracinterval: 0
> #drachost: localhost
> sasl_pwcheck_method: saslauthd
> #sievedir: /usr/sieve
> sendmail: /usr/sbin/sendmail
> #sieve_maxscriptsize: 32
> #sieve_maxscripts: 5
> #unixhierarchysep: yes
>
> The whole auth process seems to be "broken".  Any help would be most
> appreciated.
>
>
> ---
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
>


---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Cyrus-Imapd SERIOUS problem Please HELP

[Tony]

> Well i have set up a postfix mailserver with cyrus sasl for smtp auth , cyrus
> imapd as the IMAP with Mysql as a back-end. Authentication is being done with
> pam-mysql
> I have a strange problem. When you enter a valid username you can login with
> ANY password, the IMAP responds .. OK User Loged in.
>
> i tried Almost ALL the how-to that exist but i couldnt find anything. so my
> last chance is to post here my config files and tell me IF there is a chance
> of fix that thing. Sorry for my big log but i am desperate  .
>
> in order NOT to make a HUGE link i will post the config files in links so you
> just click the link and you see the config
>
> postfix main.cf -> www.nightwish.gr/postfix/main.cf
> cyrus -> www.nightwish.gr/postfix/cyrus.conf
> cyrus-imapd -> www.nightwish.gr/postfix/imapd.conf
>
> mysql virtual files of postfix
> www.nightwish.gr/postfix/mysql_virtual_alias_maps.cf
> www.nightwish.gr/postfix/mysql_virtual_domains_maps.cf
> www.nightwish.gr/postfix/mysql_virtual_mailbox_maps.cf
>
> the files of pam.d
> www.nightwish.gr/postfix/imap
> www.nightwish.gr/postfix/smtp

In your pam.d files for imap & smtp. Change the following:

auth sufficient pam_mysql.so

to

auth required pam_mysql.so


>
> and finaly the cyrus-sasl file
> www.nightwish.gr/postfix/smtpd.conf
>
> and finaly see the output from the /var/log/messages
>
> Jul 14 21:29:56 verniki imap[38653]: mysql plugin couldnt connect to any host
> Jul 14 21:29:56 verniki imap[38653]: mysql plugin couldnt connect to any host
> Jul 14 21:29:56 verniki saslauthd[545]: pam_sm_authenticate called.
> Jul 14 21:29:56 verniki saslauthd[545]: dbuser changed.
> Jul 14 21:29:56 verniki saslauthd[545]: dbpasswd changed.
> Jul 14 21:29:56 verniki saslauthd[545]: host changed.
> Jul 14 21:29:56 verniki saslauthd[545]: database changed.
> Jul 14 21:29:56 verniki saslauthd[545]: table changed.
> Jul 14 21:29:56 verniki saslauthd[545]: usercolumn changed.
> Jul 14 21:29:56 verniki saslauthd[545]: passwdcolumn changed.
> Jul 14 21:29:56 verniki saslauthd[545]: crypt changed.
> Jul 14 21:29:56 verniki saslauthd[545]: sqllog changed.
> Jul 14 21:29:56 verniki saslauthd[545]: db_connect called.
> Jul 14 21:29:56 verniki saslauthd[545]: returning 0 .
> Jul 14 21:29:56 verniki saslauthd[545]: db_checkpasswd called.
> Jul 14 21:29:56 verniki saslauthd[545]: pam_mysql: where clause =
> Jul 14 21:29:56 verniki saslauthd[545]: SELECT password FROM mailbox WHERE
> username='koko'
> Jul 14 21:29:56 verniki saslauthd[545]: pam_mysql: select returned more than
> one result
> Jul 14 21:29:56 verniki saslauthd[545]: returning 9 after db_checkpasswd.
>
> Please help :s
> Thank you in advance
>
> ---
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>


---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

migrating mailboxes between cyrus-imap servers

[Tony]

Hi,

I'm working on replacing an old server running cyrus-imap 2.1.9 (on
SuSE 8.1) with an install of CentOS 4.2 using the upstream provider's
rebuilt rpm- which is cyrus-imapd-2.2.12-3.RHEL4.1.  So far it is
going well- I have the new server authenticating nicely from LDAP and a
test mailbox which I can use.

My next step is to do some test migrations of user's mailboxes from the old (still live) server.

I can see that the directory structure has changed -
/var/spool/imap/user/tony has become /var/spool/imap/t/user/tony/ - and
I read that the database formats have changed and will need rebuilding
too.

Can anyone point me at any howto's for the easiest (or best) way to do a bulk migration like this?
-- Cheers,Tony

Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: migrating mailboxes between cyrus-imap servers

[Tony]

On 1/24/06, Tony <[EMAIL PROTECTED]> wrote:
I'm working on replacing an old server running cyrus-imap 2.1.9 (on
SuSE 8.1) with an install of CentOS 4.2 using the upstream provider's
rebuilt rpm- which is cyrus-imapd-2.2.12-3.RHEL4.1.  So far it is
going well- I have the new server authenticating nicely from LDAP and a
test mailbox which I can use.
I can see that the directory structure has changed -
/var/spool/imap/user/tony has become /var/spool/imap/t/user/tony/ - and
I read that the database formats have changed and will need rebuilding
too.

Can anyone point me at any howto's for the easiest (or best) way to do a bulk migration like this?I'm going to reply to myself since noone else was able toI figured out to use hashimapspool: false in 
imapd.conf to get the directory structure to stay as before.I figure out after a while that SuSE had built 2.1.9 with skiplist already on, so I didn't need to convert the databases from berkeley to skiplist using cvt_cyrusdb.
I can now import my mailboxes and bring the server up - and it works apart from the .seen databases - so I'm getting pretty close.If I do this on a sample mailbox's seen list:/usr/lib/cyrus-imapd/cvt_cyrusdb /var/lib/imap/user/a/auser.seen flat /var/lib/imap/user/a/auser.seen.new skiplist
then I get the following in /var/log/maillog:Feb 11 21:48:52 server cvt_cyrusdb[30400]: DBERROR db4: Program version 4.2 doesn't match environment versionFeb 11 21:48:52 server cvt_cyrusdb[30400]: DBERROR: dbenv->open '/var/lib/imap/db' failed: Invalid argument
Feb 11 21:48:52 server cvt_cyrusdb[30400]: DBERROR: init() on berkeleywhich seems pretty odd to me. Does anyone else recognise this error?-- Cheers,Tony

Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Sieve redirect works but vacation doesn't

[Tony Hansen]

ana.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

See below:

Ken Murchison wrote:
> 
> Gary Mills wrote:
> >
> > Eurika!  I finally got a vacation response.  Here's the problem:
> > My sieve script looked like this...
> >
> >   require ["fileinto","vacation"];
> >
> >   vacation :days 4 :addresses ["[EMAIL PROTECTED]", "[EMAIL PROTECTED]
ting.umanitoba.ca"] "Testing vacation for the next week";
> >
> > My test messages were sent to ``[EMAIL PROTECTED]''.  When I changed
> > the addresses in the sieve script to have the four upper-case characters,
> > I got my first ever vacation response.  Sendmail rewrites all of our
> > addresses in that format.  However, case should not matter in hostnames.
> > Lmtpd should be doing a case-independant comparison!
> 
> I think you're right, but before I make any changes, I want to make sure
> that I don't break anything else.
> 
> Issues that come to mind:
> 
> - do we compare the entire addresses case-independently or just the
> domain?

Technically the answer is: domain: yes, the rest: it depends on the mail
implementation. Does the mail system treat usernames as case independent
(most do these days)? If so, your sieve processor should do likewise.

> - should the same be done for loop control mechanisms (ie, comparing
> envelope 'from' and envelope 'to', or comparing envelope 'from' and
> :addresses)?

ditto

> Any thoughts?
> 
> Ken
> --
> Kenneth Murchison Oceana Matrix Ltd.
> Software Engineer 21 Princeton Place
> 716-662-8973 x26  Orchard Park, NY 14127
> --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp

cyrus imapd 1.6.24 and sasl authentication mechanisms

[Tony Johnson]

I have cyrus-imapd 1.6.24 and cyrus-sasl 1.5.24 installed on a Solaris 8
intel box but not configured correctly.
I have installed these sasl libraries:

bash-2.04$ ls /usr/local/lib/sasl
Cyrus.conf  libdigestmd5.la libkerberos4.so.1
libanonymous.a  libdigestmd5.so libkerberos4.so.1.0.15
libanonymous.la libdigestmd5.so.0   liblogin.la
libanonymous.so libdigestmd5.so.0.0.17  liblogin.so
libanonymous.so.1   libgssapiv2.a   liblogin.so.0
libanonymous.so.1.0.15  libgssapiv2.la  liblogin.so.0.0.5
libcrammd5.alibgssapiv2.so  libplain.a
libcrammd5.la   libgssapiv2.so.1libplain.la
libcrammd5.so   libgssapiv2.so.1.0.14   libplain.so
libcrammd5.so.1 libkerberos4.a  libplain.so.1
libcrammd5.so.1.0.15libkerberos4.la libplain.so.1.0.14
libdigestmd5.a  libkerberos4.so

When i...

bash-2.04$ /usr/local/bin/imtest -m login -p imap money
C: C01 CAPABILITY
S: * OK money.expertsolns.com Cyrus IMAP4 v1.6.24 server ready
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS
X-NON-HIERARCHICAL-RENAME NO_ATOMIC_RENAME UNSELECT ID X-NETSCAPE
S: C01 OK Completed
Password:

I have no authentication mechanisms so all logins fail.

I want to use kerberos because I don't have to add users to my system and
can use the same database over multiple systems.  I think I have mit
kerberos5 1.2.1 setup correctly because I can ksu, but the kerbers4 aspect
seems to be not setup:

bash-2.04$ ksu
Authenticated [EMAIL PROTECTED]
Account root: authorization for [EMAIL PROTECTED] successful
Changing uid to root (0)
bash-2.04$

To make a long story short the install.html from cyrus-imapd-1.6.24 says
that:

Any message other than one starting with a "A01 OK" means there is a
problem. If the test fails, a more specific error message is written through
syslog to the server log. To terminate the connection, type ". logout".

What problem?  How can i fix this "problem"?  How do I add authentication
mechanisms to cyrus imapd correctly?  It says in the same web page that if
the authentication mechanisms do not show up then they failed to initialize.
How do I make these mechanisms initialize correctly?

RE: Compiling trouble on Solaris 8

[Tony Johnson]

On my solaris 8 box I had to pretty cleanly go out of my way to install the
GNU utilities, because the SUN stuff is proprietary.  Try going to
http://www.sunfreeware.com and get the prebuilt packages just to save time
downloading and compiling.  Edit PATH, and LD_LIBRARY_PATH and try again.

I've personally had alot of problems compiling stuff like sendmail 8.11.1
and bind 8.2.2-P7 on redhat 7.  not sure what they did between 6.2 and 7

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Lawrence
Greenfield
Sent: Sunday, December 10, 2000 8:45 AM
To: Anders Holm; [EMAIL PROTECTED]
Subject: Re: Compiling trouble on Solaris 8


Are you using "bison" or "yacc" to compile the .y files?  Are you
rebuilding them or using the included .c files?

Larry

--On Tuesday, November 28, 2000 03:23:02 PM + Anders Holm
<[EMAIL PROTECTED]> wrote:

> Hi!
>
> I'm a newbie to Cyrus that has a question.
>
> I'm trying to compile Cyrus IMAPD 1.6.24 and 2.0.7 on Solaris 8 aswell on
> Red Hat 7.0, and it just doesn't want to complete the compilation.
>
> The error I am getting is the following:
>
> ld: fatal: symbol `yys' is multiply defined:
>  (file ../sieve/libsieve.a(sieve.o) and file
>  ../sieve/libsieve.a(addr.o)); ld: fatal: symbol `yyv' is
> multiply defined:
>  (file ../sieve/libsieve.a(sieve.o) and file
>  ../sieve/libsieve.a(addr.o)); ld: fatal: File processing errors.
> No output written to deliver
> collect2: ld returned 1 exit status
>
> Either I am missing something or there is something broken in the
> "deliver" code. Don't know which, since I'm not a programmer,
> unfortunately.. ;)
>
> Any pointers to where to look would be greatly appreciated!! ;)
>
> Thanks folks!
>
> --
> +
> +++ Anders Holm
> Unix SysAdmin/PostMaster
> Worldport Communications Inc.
> Blanchardstown Corporate Park, Blanchardstown, Dublin 15, Ireland
>
> Email: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
> Tel:+353-(0)1 2412400
> Fax:+353-(0)1 2412495
> Mobile: +353-(0)86 6042374
> Web:http://www.wrdp.com
>
> -
> --- The information transmitted by this E-mail may contain confidential
> and/or privileged material and may constitute non-public information.
> This E-mail is intended to be conveyed only to the designated
> addressee(s).  If you are not a designated addressee, please contact the
> sender and delete this E-mail and all attachments from your computer.
> Any review, retransmission, dissemination or other use of, or taking of
> any action in reliance upon, this E-mail or its attachments by persons or
> entities other than the designated addressee(s) is strictly prohibited
> and may be unlawful.
> -
> ---
>
> "Sysadmins do their jobs with sharp knives in a crowded room."
>- Quote from the ARK motivations page located at:
>http://ark.sourceforge.net/motivations.html
>

RE: building 2.0.9 on Solaris 8

[Tony Johnson]

Whoops, dblib should be dbdir , but same result

-Original Message-
From: Tony Johnson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 28, 2000 10:19 PM
To: Cyrus Info Mailingliste
Subject: building 2.0.9 on Solaris 8


bash-2.04$
./configure --with-auth=krb4 --with-krb=/usr/local --with-sasl=/usr/local/li
b/sasl/ --with-dblib=/usr/local/BerkeleyDB.3.1/
creating cache ./config.cache
checking host system type... i386-pc-solaris2.8
checking for makedepend... makedepend
checking for gcc... gcc
checking whether the C compiler (gcc  ) works... yes
checking whether the C compiler (gcc  ) is a cross-compiler... no
checking whether we are using GNU C... yes
checking whether gcc accepts -g... yes
checking for ranlib... ranlib
checking whether make sets ${MAKE}... yes
checking for a BSD compatible install... /usr/local/bin/install -c
checking how to run the C preprocessor... gcc -E
checking for AIX... no
checking for POSIXized ISC... no
checking for mawk... mawk
checking for working const... yes
checking for long file names... yes
checking for runpath switch... -R
checking for unistd.h... yes
checking for sys/select.h... yes
checking for sys/param.h... yes
checking for memmove... yes
checking for strcasecmp... yes
checking for ftruncate... yes
checking for strerror... yes
checking for dirent.h that defines DIR... yes
checking for opendir in -ldir... no
checking whether struct tm is in sys/time.h or time.h... time.h
checking for tm_zone in struct tm... no
checking for tzname... yes
checking for vprintf... yes
checking for db_create in -ldb-3... no
checking for db_create in -ldb... no
configure: error: this version requires Berkeley DB 3.x.
(Get it from http://www.sleepycat.com/.)

hmmm...

bash-2.04$ ls /usr/local/BerkeleyDB.3.1/include
db.h  db_185.h  db_cxx.h
bash-2.04$ ls /usr/local/BerkeleyDB.3.1/lib
libdb-3.1.la  libdb_cxx-3.1.so   libdb_java-3.1_g.so  libdb_tcl-3.so
libdb-3.1.so  libdb_cxx-3.so libdb_java-3.so  libdb_tcl.so
libdb-3.solibdb_cxx.so   libdb_java.so
libdb.so  libdb_java-3.1.la  libdb_tcl-3.1.la
libdb_cxx-3.1.la  libdb_java-3.1.so  libdb_tcl-3.1.so

It's there but...

building 2.0.9 on Solaris 8

[Tony Johnson]

bash-2.04$
./configure --with-auth=krb4 --with-krb=/usr/local --with-sasl=/usr/local/li
b/sasl/ --with-dblib=/usr/local/BerkeleyDB.3.1/
creating cache ./config.cache
checking host system type... i386-pc-solaris2.8
checking for makedepend... makedepend
checking for gcc... gcc
checking whether the C compiler (gcc  ) works... yes
checking whether the C compiler (gcc  ) is a cross-compiler... no
checking whether we are using GNU C... yes
checking whether gcc accepts -g... yes
checking for ranlib... ranlib
checking whether make sets ${MAKE}... yes
checking for a BSD compatible install... /usr/local/bin/install -c
checking how to run the C preprocessor... gcc -E
checking for AIX... no
checking for POSIXized ISC... no
checking for mawk... mawk
checking for working const... yes
checking for long file names... yes
checking for runpath switch... -R
checking for unistd.h... yes
checking for sys/select.h... yes
checking for sys/param.h... yes
checking for memmove... yes
checking for strcasecmp... yes
checking for ftruncate... yes
checking for strerror... yes
checking for dirent.h that defines DIR... yes
checking for opendir in -ldir... no
checking whether struct tm is in sys/time.h or time.h... time.h
checking for tm_zone in struct tm... no
checking for tzname... yes
checking for vprintf... yes
checking for db_create in -ldb-3... no
checking for db_create in -ldb... no
configure: error: this version requires Berkeley DB 3.x.
(Get it from http://www.sleepycat.com/.)

hmmm...

bash-2.04$ ls /usr/local/BerkeleyDB.3.1/include
db.h  db_185.h  db_cxx.h
bash-2.04$ ls /usr/local/BerkeleyDB.3.1/lib
libdb-3.1.la  libdb_cxx-3.1.so   libdb_java-3.1_g.so  libdb_tcl-3.so
libdb-3.1.so  libdb_cxx-3.so libdb_java-3.so  libdb_tcl.so
libdb-3.solibdb_cxx.so   libdb_java.so
libdb.so  libdb_java-3.1.la  libdb_tcl-3.1.la
libdb_cxx-3.1.la  libdb_java-3.1.so  libdb_tcl-3.1.so

It's there but...

RE: PROBLEM!!!...

[Tony Johnson]

I really shouldn't but we need more details.  What OS are u using?  In
almost all cases this is a less then 10 character answer but we still need
details.  Please be more specific.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Jorge A.
Rodriguez
Sent: Monday, January 15, 2001 11:45 AM
To: [EMAIL PROTECTED]
Subject: PROBLEM!!!...


Hi there:

Friends, I know this is not a list of boot, but i need to boot in single
mode because the file of passwd is corrupt, some can tellme How can i do
it?, i mean what key i have to press to do it?

regards...

me.

RE: PROBLEM!!!...

[Tony Johnson]

if your linux kernel is named linux then type "linux -s" at the lilo boot
prompt

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Jorge A.
Rodriguez
Sent: Monday, January 15, 2001 1:42 PM
To: Cyrus List; Anders Olausson
Subject: Re: PROBLEM!!!...


Well Thanks every people that helped me...i've actually resolved the
problem, and i learn with urs advices...

Thank u very much...

===
Lic. Jorge A. Rodríguez Suárez
Grupo de Administracion de Redes.
Universidad de Ciego de Avila.
CUBA, email: [EMAIL PROTECTED]
===
- Original Message -
From: "Anders Olausson" <[EMAIL PROTECTED]>
To: "Jorge A. Rodriguez" <[EMAIL PROTECTED]>
Sent: Monday, January 15, 2001 2:30 PM
Subject: Re: PROBLEM!!!...


> Hello,
>
> what kind of system do you run on machine?
>
> Regards
>   Anders Olausson
>
> On Mon, 15 Jan 2001, Jorge A. Rodriguez wrote:
>
> > Hi there:
> >
> > Friends, I know this is not a list of boot, but i need to boot in single
> > mode because the file of passwd is corrupt, some can tellme How can i do
> > it?, i mean what key i have to press to do it?
> >
> > regards...
> >
> > me.
> >
> >
>
>

RE:

[Tony Johnson]

I've seen an abnormally high number of these.  Maybe the cyrus web site
needs to be reworked so that the email address to send subscribe/unsubscribe
messages is more clear.
Yes?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Alex
Koshterek
Sent: Thursday, February 01, 2001 11:00 AM
To: [EMAIL PROTECTED]
Subject:


unsubscribe

RE: pine

[Tony Johnson]

Do I have to compile pine with sasl/imapd/imsp libraries to do this, or can
this be done with default install?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Shelley Waltz
Sent: Friday, February 09, 2001 9:41 AM
To: Marcel Andre Beltz
Cc: [EMAIL PROTECTED]
Subject: Re: pine


Marcel,
Here's how you add subfolders of Inbox [in Netscape] in Pine:

in .pinerc file, there's an entry called "incoming-folders="
you add these lines to it:

incoming-folders="Friends"{imap.mydomain.edu/user=mylogin}INBOX.Friends,
 "Humor"{imap.mydomain.edu/user=mylogin}INBOX.Humor

assuming Friends and Humor sub folder of Inbox and imap.mydoamin.edu
is my imap server and mylogin is my imap login name.

or, once you have Incoming Folders set uo in Pine, use the "Add"
option to add more folders.

Shelley Waltz

On Thu, 8 Feb 2001, Marcel Andre Beltz wrote:

> Hello,
> i have a question about imap-clients:
> i read on imap.org that pine is a client for imap4rev1 but i don`t get
> it running.
> It is no problem to open my inbox folder but the folder i create with
> netscape i can´t open. What´s the problem?
>
> Please help me, because i don´t want to use netscape, nor can i use it
> on every computer
>
> mfg
> Marcel Beltz
>
>
>

RE: Ahhh!! Pulling my hair out over imapd/sasl configure!

[Tony Johnson]

This is part of a larger discussion.  The /usr/ucb/cc is proprietary to SUN.
I use gcc-2.95.2.  Secondly I do NOT want to disable gssapi, krb as U have
in your sasl configure.  This is the whole problem of what I was saying.  I
enable them and specifically point configure where to find the libs and
after the compile succeeds, the authentication mechanisms were not enabled
as per my test.

The des library has to be rewritten because -ldes is specific to SUN.  the
ecb_encrypt() routine is not enabled on SUN 5.8.  You point configure
to -ldes425 and it compiles in fine.  problems afterwards, but it compiles
in fine.

Rc4 was another problem, but after my rewrite of configure, it did find that
also as part of openssl.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 14, 2001 2:23 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: RE: Ahhh!! Pulling my hair out over imapd/sasl configure!


Tony Johnson writes:
>
>Just out of curiosity, what OS are U using.  I bet that this would work
>directly out of the box from FreeBSD ports (Those guys/gals are good!) But
>trying to do this on Solaris 8 x86 which is highly proprietary and u have
to
>basically reconfigure and unproprietarize (I guess this on on of those
Jesse
>Jackson made up words) the box.
>
>The berkeley libs are not found here either but I assume that this is not a
>problem because U can use gdbm or ndbm.  But its strange that in my
>LD_LIBRARY_PATH includes /usr/local/Berkeley3.1...

You shouldn't have to use LD_LIBRARY_PATH in Solaris.  Please check
the Solaris-2 FAQ for a discussion of this issue.  You do have to
tell the configure scripts where to find libraries and include files.

As and example, here's what I use for SASL:

env CPPFLAGS="-I/usr/local/src/db/db-3.1.17/build_unix" \
LDFLAGS="-L/usr/local/src/db/db-3.1.17/build_unix -R/usr/local/lib"
\
CC=cc \
./configure --localstatedir=/var/run --with-dblib=berkeley \
--with-pwcheck=/var/run/pwcheck --enable-login --disable-krb4 \
--disable-gssapi --with-des=yes \
--with-rc4=/usr/local/src/OpenSSL/openssl-0.9.5a

#!/end

And for Cyrus:

#!/bin/sh

env CC=cc CPPFLAGS="-I/usr/local/src/db/db-3.1.17/build_unix" \








LDFLAGS="-L/usr/local/src/db/db-3.1.17/build_unix -L/usr/local/src/zephyr/ze
phyr-2.0.4/lib/zephyr" \
LIBS="-lsocket -lnsl" \
./configure --with-cyrus-prefix=/usr/local/cyrus \
--with-idle=idled \
--with-auth=unix --with-notify=zephyr \
--with-zephyr=/usr/local/src/zephyr/zephyr-2.0.4/h/zephyr \
--with-sasl=/usr/local/src/cyrus/libsasl-1.5.24 \
--with-statedir=/var/run \
--with-openssl=/usr/local/src/OpenSSL/openssl-0.9.5a


#!/end


--
-Gary Mills--Unix Support--U of M Academic Computing and Networking-

RE: Ahhh!! Pulling my hair out over imapd/sasl configure!

[Tony Johnson]

Just out of curiosity, what OS are U using.  I bet that this would work
directly out of the box from FreeBSD ports (Those guys/gals are good!) But
trying to do this on Solaris 8 x86 which is highly proprietary and u have to
basically reconfigure and unproprietarize (I guess this on on of those Jesse
Jackson made up words) the box.

The berkeley libs are not found here either but I assume that this is not a
problem because U can use gdbm or ndbm.  But its strange that in my
LD_LIBRARY_PATH includes /usr/local/Berkeley3.1...

The authentication mechanism in my case are not found by configure because I
had to change the library names to support Mit krb5-121, such as -lkrb
and -ldes are named -ldes425 -lkrb4.  Routines such as the ecb_encrypt() are
in the mit libs but they are not named properly. But after rewriting the
configure script and it find the libs the authentication mechanisms are not
enabled when running imtest.

Other libraries such as libcrypt from openssl are found after doing the
above procedure (putting my /usr/local/ssl in LD_LIBRARY_PATH) but those
authentication mechanisms are not enabled in imtest.

Using Cyrus-imapd 1.6.4 and cyrus-sasl.  The 2.0.9 didn't compile.  Will try
the new version.

Will try again

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Chuck Dale
Sent: Wednesday, February 14, 2001 7:55 AM
To: [EMAIL PROTECTED]
Subject: Re: Ahhh!! Pulling my hair out over imapd/sasl configure!


Wrote dglynn on Tue, Feb 13, 2001 at 10:31:45PM -0500:
> Ok, I REALLY need this server up and running but I can't
> get the authentication right!

Hey! Sounds just like me over the past month.

> imtest doesn't work either!  Does ANYONE on this list have a clue
> on how to "simply" use sasldb?  Configure options would help...



Here are some of the problems I've had:

* configure doesn't find Berkeley DB even when it's apparently
  installed in a standard system location (hello RedHat)

* there is almost *no* common ground between the source and the
  various packages included with Linux distributions.

  i.e:

  I run Debian at home: The Debian maintainers appear to have
  haxored all over Cyrus to make it play how they want it to. Yet
  that isn't how the normal defaults work.

  I run RedHat 7.0 on my development server: And so I grab the
  included Cyrus 2. Which of course works totally differently to the
  other versions I've been using.

  I run RedHat 6.2 on my main hosting server: Good luck trying to
  get Cyrus 2 running on that! And even the RPMS that RedHat put out
  with PowerTools are buggy.

  Between all of these distributions hardly any of the default
  configurations were similar. And it never worked without a lot of
  coaxing.

* strace is your friend for tracking the voodoo that SASL does
  trying to authenticate.

  One moment it's reading Cyrus.conf, another it's reading
  imapd.conf.

  Then the maintainers forget to make the /etc/sasldb file readable
  by group mail.

* Getting Postfix to play with Cyrus is not difficult but the
  documentation sucks. The default transport map line included with
  my currently installed version of Postfix doesn't work. So I
  search the net to find people with the same problem and find two
  different answers neither of which seem to work.

  Worked finally..

* There is *no* easy way to make Cyrus listen on a certain IP
  address. Surely this would be a common thing for people testing it
  before moving from UW or testing a new version?

  I got out my C cluelessness and haxored away at the code for about
  10 minutes and managed to modify the call to bind() in master.c
  but could there be a configuration option to set the interface to
  bind to?

* The build process appears to be very brittle and managed to break
  whenever the system wasn't perfect as expected. The idea of a
  configure script is that it is reasonably clued up and can look
  for "libdb3" instead of the nonstandard "libdb-3".




Sorry to sound ungrateful and abusive. I'm very grateful for Cyrus.

Hey! Maybe even I should put in a hand to help with some of this stuff..

Whoa..

Chuck

   [ [EMAIL PROTECTED] ]

RE: Ahhh!! Pulling my hair out over imapd/sasl configure!

[Tony Johnson]

CMU uses Solaris 7?  I think I read that somewhere.  I'd be interested to
know if they had to patch thier own code or if they just did:
./configure (options)
make all
make install

Using Gnu make and GCC.  Did configure find everyting CMU built cyrus
imapd/sasl was designed to use or did they have to patch it for SUN.


On a side note, I will not get into name calling over a mailing list.  This
achieves nothing.  The interesting thing about my sillyness is that you
agreed with it.  Cyrus seems to be being ported to peoples OS'S, whether it
be Solaris , Debian, Redhat or whatever.  This points back to what I was
saying above.

Point being, be more tactful and civil.  We're just asking questions.  If
You had all the answers then you wouldn't be pulling your hair out.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Amos Gouaux
Sent: Wednesday, February 14, 2001 4:38 PM
To: [EMAIL PROTECTED]
Subject: Re: Ahhh!! Pulling my hair out over imapd/sasl configure!


>>>>> On Wed, 14 Feb 2001 13:45:30 -0600,
>>>>> Tony Johnson <[EMAIL PROTECTED]> (tj) writes:

tj> Just out of curiosity, what OS are U using.  I bet that this would work

Well, he indicated Debian, RedHat 7.0, and RedHat 6.2.

tj> directly out of the box from FreeBSD ports (Those guys/gals are good!)
But
tj> trying to do this on Solaris 8 x86 which is highly proprietary and u
have to
tj> basically reconfigure and unproprietarize (I guess this on on of those
Jesse
tj> Jackson made up words) the box.

This seems totally silly.  The folks at CMU have indicated they are
using Solaris 7.  In my experience, there is often little or no
difference compiling Solaris x86 compared to SPARC.  If anything it
sounds like more porting may be required with {Free,Open}BSD.

tj> The berkeley libs are not found here either but I assume that this is
not a
tj> problem because U can use gdbm or ndbm.  But its strange that in my
tj> LD_LIBRARY_PATH includes /usr/local/Berkeley3.1...

Strange?  That's where Sleepycat by default puts it.  In the past
I'd sometimes force it under /usr/local/{bin,lib} with other apps.
However, since there can be an incompatibility between Berkeley DB
releases, I've gone back to just letting it drop into
/usr/local/Berkeley.X.

tj> Other libraries such as libcrypt from openssl are found after doing the
tj> above procedure (putting my /usr/local/ssl in LD_LIBRARY_PATH) but those
tj> authentication mechanisms are not enabled in imtest.

Generally using the configure options might be better.  Depending on
the platform, setting LD_LIBRARY_PATH can actually introduce other
problems, or at the least slow down the loading of shared libs.

--
Amos

NEWBIE: Got Sieve/Cyrus IMAP working but question aboutwebsieve

[Tony Maro]

I've been using Cyrus IMAP & Sieve for some time, (in fact
you'll find one of my sample scripts on the Sieve home page)
however I have little experience with Perl modules and the
like and wish to get websieve working.

There are two modules included that need something done
with, but nothing says WHAT to do with them.  How do I
install the IMAP-Admin & perlsieve modules?  Using VI is
Getting old LOL.

Thanks,

Tony Maro

RE: NEWBIE: Got Sieve/Cyrus IMAP working but question aboutwebsi eve

[Tony Maro]

Aha!  Wish I'd thought of that!  Oh, yeah, I did.  There WAS no
documentation
in either package.  But thanks anyway for your enlightening reply.

With much searching and other sources I pieced together how to make a Perl
module using "perl Makefile.pl" followed by "make".  Now it works great.
Sorry
if this ended up off-topic and more Perl than Sieve.

-Tony

-Original Message-
From: Scott Smith
Subject: Re: NEWBIE: Got Sieve/Cyrus IMAP working but question about
websieve

unpack them, read the documentation.  The sam,e way you installed Cyrus.

Scott

On Mon, 9 Apr 2001, Tony Maro wrote:

> I've been using Cyrus IMAP & Sieve for some time, (in fact you'll find 
> one of my sample scripts on the Sieve home page) however I have little 
> experience with Perl modules and the like and wish to get websieve 
> working.
>
> There are two modules included that need something done
> with, but nothing says WHAT to do with them.  How do I install the 
> IMAP-Admin & perlsieve modules?  Using VI is Getting old LOL.

RE: Cyrus/PAM/NIS on RedHat7 failing with 'PLAIN no mechanismava ilable'

[Tony Maro]

First, I'm still on cyrus-imapd-1.6.19-2 and it's working so I haven't 
messed with it.  If anything I say is wrong as of 2, sorry.

There are a couple of known issues with PAM that I'm aware of.

The shadow (and maybe passwd) file must be group readable (unless someone
else has a fix I dunno about).  This causes problems because everytime
you use Linuxconf or add a new user, RH will change it back, destroying
mail access until you fix it again.  Also, user cyrus must be in the root
group.

I found a strange occurance that after adding a user, fixing the shadow
permissions and logging out, it STILL reverted to NOT group readable so I
had to log back in and fix it again.

So, "chmod 0440 shadow" and put cyrus in the root group.  It's a kinda
bandaid and opens up security somewhat.  For added security, consider 
using SSL-capable IMAP clients so that passwords are not sent in the clear.

On my install, I found that I had to manually create the directories for
the mail to be delivered in.  /usr/cyrus/a  /usr/cyrus/a/anthony
/usr/cyrus/b,
etc...

-Tony

-Original Message-
From: Gilion Goudsmit [mailto:[EMAIL PROTECTED]] 

I've successfully configured Cyrus using the sasldb sasl_pwcheck_method
(imapd.conf) but would prefer using PAM, so I can flexibly switch the
userdatabase. For starters I'm just using the system_auth pam method. I've
set the sasl_pwcheck_method to 'pam', and the 'imap' file in the pam.d
folder reads the following:

auth   required /lib/security/pam_stack.so service=system-auth
accountrequired /lib/security/pam_stack.so service=system-auth

<>

Apr  9 19:48:42 gandalf2 imapd[12360]: badlogin:
localhost.localdomain[127.0.0.1] PLAIN no mechanism available
Apr  9 19:48:47 gandalf2 PAM_unix[12360]: authentication failure;
(uid=76) -> root for system-auth service

Uid 76 is the cyrus user, so I suppose something is failing because the
server is running as cyrus or something? Or do I need to 'allow' PLAIN
logins from somewhere? Any help is making it work but especially and helping
me understand what is actually going wrong would be greatly appreciated and
buys you lunch in Amsterdam (plain-ticket not included).

Thank you and Regards, Gilion R. Goudsmit, MagicMinds, Amsterdam.

Not quite Cyrus but Solaris...

[Tony Maro]

Title: Message



Okay, off-topic 
again, BUT important.
 
A new Internet worm 
is attacking Solaris boxes out there and I know several of you run 
Solaris.  Once it ingrains itself in the Solaris box it uses that as a 
launching point to attack Microsoft IIS servers and deface websites with an 
anti-USA government message.
 
We saw the first 
fruits of the virus last Sunday, and have found 4 compromised servers just 
within our own local customer base since then.  Symantec didn't release a 
report on it until yesterday.
 
Here's a link to the 
info:
 
http://service1.symantec.com/sarc/sarc.nsf/html/sadmind-iis.html
 
 

drown/SSL issue

[Tony Galecki via Info-cyrus]

I’m trying to figure out how to make my Cyrus install to not be susceptible to 
the drown issue.
I have tried limiting the ciphers to TLSv1.2 but haven’t had much success.

What should the tld_ciper_list be? Or is this an issue with SSL? (To fix this 
do I need to patch the SSL libraries and rebuild SSL and Cyrus?
From the imapd.conf file
tls_cipher_list: TLSv1.2:!NULL:!aNULL:!eNULL:!EXPORT:!SSLv2

Thank you!

Other info:
nmap tells me I should be just fine:
nmap --script ssl-enum-ciphers -p T:993 127.0.0.1
PORTSTATE SERVICE
993/tcp open  imaps
| ssl-enum-ciphers: 
|   TLSv1.2: 
| ciphers: 
|   TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 1024) - A
|   TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 1024) - A
|   TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 1024) - A
|   TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 1024) - A
|   TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
|   TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|   TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
|   TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
| compressors: 
|   NULL
| cipher preference: client
| warnings: 
|   Key exchange parameters of lower strength than certificate key
|_  least strength: A

But the python scanner from https://drownattack.com/  
says I still have an issue.

My version info:
name   : Cyrus IMAPD
version: v2.4.17-Fedora-RPM-2.4.17-8.el7_1 d1df8aff 2012-12-01
vendor : Project Cyrus
support-url: http://www.cyrusimap.org 
os : Linux
os-version : 3.10.0-327.10.1.el7.x86_64
environment: Built w/Cyrus SASL 2.1.26
 Running w/Cyrus SASL 2.1.26
 Built w/Berkeley DB 5.3.21: (May 11, 2012)
 Running w/Berkeley DB 5.3.21: (May 11, 2012)
 Built w/OpenSSL 1.0.1e-fips 11 Feb 2013
 Running w/OpenSSL 1.0.1e-fips 11 Feb 2013
 Built w/zlib 1.2.7
 Running w/zlib 1.2.7
 CMU Sieve 2.4
 TCP Wrappers
 NET-SNMP
 mmap = shared
 lock = fcntl
 nonblock = fcntl
 idle = idled
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: drown/SSL issue

[Tony Galecki via Info-cyrus]

Lots of fiddling arround, tls_versions: ssl3 tls1_2 in the imapd.conf file also 
fixed the issue. However, some clients (notably older Mac Mail clients) were 
not able to connect.

> On Mar 3, 2016, at 2:49 AM, Wolfgang Breyha  wrote:
> 
> On 02/03/16 12:02, Wolfgang Breyha via Info-cyrus wrote:
>> You do not need to rebuild OpenSSL. I would check the SPEC File of the CentOS
>> 7 RPM which patches they included. If the TLS changes were not backported I
>> would try to build one of the newer 2.4.18 SRPMs for Fedora (eg. 23) on 
>> CentOS 7.
> 
> As of today RHEL/CentOS ships openssl updates with deactivated SSLv2 at
> build time. It should be enough to update it and restart cyrus.
> 
> Greetings, Wolfgang
> -- 
> Wolfgang Breyha  | http://www.blafasel.at/
> Vienna University Computer Center | Austria


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: drown/SSL issue

[Tony Galecki via Info-cyrus]

Yes. Turns out without 1.0, 1.1 and 1.2, many email clients don’t work.

> On Mar 3, 2016, at 10:48 AM, Andrew Morgan  wrote:
> 
> On Thu, 3 Mar 2016, Tony Galecki via Info-cyrus wrote:
> 
>> Lots of fiddling arround, tls_versions: ssl3 tls1_2 in the imapd.conf file 
>> also fixed the issue. However, some clients (notably older Mac Mail clients) 
>> were not able to connect.
> 
> Don't you want to include tls1_0 and tls1_1 in the list?  Here at OSU, we use 
> the defaults, "tls_versions: tls1_0 tls1_1 tls1_2".
> 
>   Andy


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

LDAP backed aliases

[Tony Galecki via Info-cyrus]

I’ve done a quick search and haven’t come across anything yet. Is there a way 
to manage or pull alias information via LDAP? It could be that my google fu is 
weaker than yours.

We have a regular employee rotation between job types and locations. We keep 
there accounts around and activate/deactivate in LDAP them as they come and go.
I’d like to have that integrated with the aliasing feature so doing things like 
mailing all mails all the currently working employees and doesn’t fill up the 
mailboxes of people who aren’t around. I’m not apposed to changing the LDAP 
schema, there are a number of other features I’d like to add to simply the 
migration of users between active sites.

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus