[no subject]
After upgrading to 2.1.2 I can't get PAM_MYSQL to work. My /etc/imapd.conf as usually says: sasl_pwcheck_method: pam and the rest is configured properly. However it doesn't work anymore. Do I have to do that via saslauthd now? If so, won't it slow down the whole thing? Log files say: Mar 18 00:44:21 giga imapd[7841]: badlogin: localhost.localdomain[127.0.0.1] plaintext root SASL(-4): no mechanism available: checkpass failed Mar 18 00:45:31 giga imapd[7841]: unknown password verifier pam Nick
Re: CYRUS_SERVICE Variable? Easy Question??
I ran across this when upgrading a site from 1.x to 2.x. I had forgotten to remove the inetd.conf entries for the cyrus servers. In 2.x they don't run from inetd, they are spawned by the master.
Problems with sieveshell on FreeBSD: "fillin_interactions"?
One of the freebsd machines I have access to recently upgraded from 1.mumble to 2.0.14. The port was used without modification. Everything is fine except for this: %sieveshell Can't load '/usr/local/lib/perl5/site_perl/5.005/i386-freebsd/auto/Cyrus/SIEVE/managesieve/managesieve.so' for module Cyrus::SIEVE::managesieve: /usr/local/lib/perl5/site_perl/5.005/i386-freebsd/auto/Cyrus/SIEVE/managesieve/managesieve.so: Undefined symbol "fillin_interactions" at /usr/libdata/perl/5.00503/DynaLoader.pm line 169. at /usr/local/bin/sieveshell line 42 BEGIN failed--compilation aborted at /usr/local/bin/sieveshell line 42. Anyone come across this before?
Re: Problems with sieveshell on FreeBSD: "fillin_interactions"?
Nick Sayer wrote: > One of the freebsd machines I have access to recently upgraded from > 1.mumble to 2.0.14. The port was used without modification. Everything > is fine except for this: > > %sieveshell > Can't load > >'/usr/local/lib/perl5/site_perl/5.005/i386-freebsd/auto/Cyrus/SIEVE/managesieve/managesieve.so' > > for module Cyrus::SIEVE::managesieve: > >/usr/local/lib/perl5/site_perl/5.005/i386-freebsd/auto/Cyrus/SIEVE/managesieve/managesieve.so: > > Undefined symbol "fillin_interactions" at > /usr/libdata/perl/5.00503/DynaLoader.pm line 169. > > at /usr/local/bin/sieveshell line 42 > BEGIN failed--compilation aborted at /usr/local/bin/sieveshell line 42. > > Anyone come across this before? Rebuilding the port fixed this. Perhaps this is because I ran the initial port build while 1.6 was still installed?
RE: lmtp and over quota
go to cyrus source dir and modify /imap/lmtpdengine.c and the recompile Nick Ustinov [EMAIL PROTECTED] http://www.videinfra.com -Original Message- From: Jean-Michel Doublet [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 12, 2001 00:41 To: [EMAIL PROTECTED] Subject: lmtp and over quota Hi, I would like ltmp to send 5xx smtp reply when a user is over quota and not a 4xx reply. How can i proceed ?
RE: howto for RH7?
I've had some problems too, the easiest way is to install a clean RH7, then install db3 from rpm and then the source compiles well. Nick Ustinov [EMAIL PROTECTED] http://www.videinfra.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 14, 2001 17:36 To: [EMAIL PROTECTED] Subject: howto for RH7? i've spent some time trying to get recent versions of cyrus-imapd working on RH7, but from both source and rpm install, i've only run into problems (the 'file descriptor' (if i use rpm) and 'signalled to death' (if i install from source, even using the most recent db from sleepycay) errors which have been oft reported but as far as i can see not odften resolved, at least according to Google). i've gotten CLOSEST, i guess, installing from source, but i can't get past the 'signalled to death' error...the only suggestion i've found to fixing that is to make sure sasl is compiled using the same version of db as cyrus, but i admit i'm not quite sure how to do that, as cyrus-sasl doesnt have a configure option similar to --with-dbdir on cyrus-imapd SO short of spending a week of my life on this, does anyone have a step-by-step howto build 2.0-series imapd with sasl/pam on a virgin Rh7/7.1 system? all help greatly appreciated thx
Re: Patch to change dots to slashes.
Hi, Will this ever be integrated into the cyrus CVS tree? Thanks, Nick On Thu, 21 Jun 2001 17:52:08 -0700, David Fuchs wrote: > I've attached it to this message. > > Just extract cyrus-imapd-2.0.14, cd to the directory, and run: > "patch < /path/to/cyrus-imapd-2.0.14-DOTPATCH.diff" > > This is a later version of the original patch I released, it fixes a problem > setting/parsing quota files. > > -David Fuchs > > - Original Message - > From: Kevin J. Menard, Jr. <[EMAIL PROTECTED]> > To: David Fuchs <[EMAIL PROTECTED]> > Cc: Cyrus Info Mailing List <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Thursday, June 21, 2001 5:47 PM > Subject: Re: Patch to change dots to slashes. > > > > Hey David, > > > > > > Wednesday, February 14, 2001, 6:47:52 PM, you wrote: > > > > DF> Attached are two patch-files that will change the Netnews dot > delimiter > > DF> to a slash in Cyrus. I created these patches from the sources for > > DF> 2.0.11 (you shouldn't need 2.0.11 to apply it though). The first file > > DF> (imappatch) needs to be run in the IMAP directory of the Cyrus > sources. > > DF> The second file (libpatch) needs to be run in the lib directory of the > > DF> Cyrus sources. > > > > DF> User mailboxes will act differently with the patch applied. Dots are > > DF> now allowed in usernames, but not slashes. > > > > DF> Example of a mailbox listing: > > > > cyradm>> lm > > DF> user/david.fuchs > > DF> user/david.fuchs/subfolder > > > > DF> I've tested this patch with Microsoft Outlook Express and Pine as mail > > DF> clients (POP3 and IMAP). Everything seems to work fine. I'm not a > > DF> professional developer, so if there are any problems please mail me. > > > > DF> -David Fuchs > > > > Anyone have a patch for 2.0.14? > > > > -- > > Kevin > > > > > > << File Attachment Removed: "application/octet-stream; > name="cyrus-imapd-2.0.14-DOTPATCH.diff"" >> -- aka [EMAIL PROTECTED], [EMAIL PROTECTED] ___ Get 100% private, FREE email for life from Excite UK Visit http://inbox.excite.co.uk/
Re: user+folder delivery confusion
Since you're using LMTP to the lmtpd socket, you don't have to do anything special at all. Define the "local mailer" in your .mc file as cyrus. It can handle both 'user', 'user+subbox' or '+shared_folder' as left-hand-sides and deliver all of them correctly. You can even use any of these 3 as the right-hand-side of an alias if you wish. > Hello all, > > I've been batting my head against a wall on this one, and need some > help, please. I've read all I can find in the archives on how to get > mails delivered to a user's sub-folders and to shared mailboxes, and I > just can't get it to work right. > > I've tried several of the suggestions I've seen in the mailing list > (those that I sorta understood what I should do, anyway) and they > cause something else to break, causing sendmail panics in my logs. > > My current mc file looks like so (in the relevant portions): > > MAILER(`local')dnl > MAILER(`smtp')dnl > > MAILER_DEFINITIONS > Mcyrus, P=[IPC], F=lsDFMnqA@/:|SmXz, E=\r\n, >S=EnvFromL, R=EnvToL/HdrToL, T=DNS/RFC822/X-Unix, >A=FILE /var/imap/socket/lmtp > > LOCAL_RULE_0 > Rbb + $+ < @ $=w . >$#cyrus $: + $1 > > LOCAL_RULESETS > # if there's a plus part, we want to directly deliver it > SLocal_localaddr > R$+ + $*$#cyrus $@ $: $1 + $2 > > > Can someone please tell me what I should do to enable the > [EMAIL PROTECTED] scheme? I have a couple of users (myself included) > that need/want this to work. > > Thanks, > Will > > -- -- > William K. Hardeman > [EMAIL PROTECTED] > http://www.wkh.org > > Always listen to experts. They'll tell you what can't be done and why. > Then do it. > --Robert A. Heinlein
Re: Installing on FreeBSD
It's fairly straightforward. I recommend this set of steps: 1. Install the db3 port. Just do that in the ordinary way. 2. Search the archives of this list for the SASL pwcheck_pam.c file. When you build the cyrus-sasl port, you want to modify the build so that pwcheck uses this file. 3. Modify /etc/pam.conf to add entries for the 'cyrus' service to use whichever PAM functionality you desire (at this point you have the option of adding other pam module ports if you wish, such as pam_smb). 4. Install the cyrus-imap port in the usual manner. You don't need to add any options. 5. Make yourself an /etc/mail/_.mc file. Do this by copying the sendmail.mc file and modifying it to taste. One thing you will need to do is this: FEATURE(local_lmtp)dnl define(`confLOCAL_MAILER',`cyrus')dnl MAILER(smtp)dnl MAILER_DEFINITIONS McyrusP=[IPC], F=lsSDFMngA@/:|SmXz, E=\r\n, S=EnvFromL, R=EnvToL/HdrToL, T=DNS/RFC822/X-Unix,U=cyrus:cyrus, A=FILE /var/imap/socket/lmtp The MAILER_DEFINITION should be salted to taste. The A argument should be set to wherever the lmtp socket lives, as defined by cyrus.conf, and the rest of the arguments should shadow the normal SMTP mailer definition for the most part. You may wish to modify the mc file in other ways (for example, adding cyrus-sasl may make it desirable to add sasl authentication to sendmail for authenticated SMTP), but such mods are outside the scope of this document. When you're done, make .cf and test it, copying it to sendmail.cf if it works. Then 'make restart' to restart sendmail. That ought to do it. Louis LeBlanc wrote: >Hey all. I have Cyrus imapd 1.6.24 running on a RH 6.2 linux box, and >it has done quite well since just after the 1.6.24 release. No >complaints whatsoever. Install was complicated, but well documented >in the Linux HowTo, so great. > >Now the problem. I am switching my server to FreeBSD 4.3 and would >like to upgrade to 2.0.14 - which is present in a FreeBSD port. > >Does anyone know where I can find install info specific to FreeBSD? I >am checking out the html install info in the distribution, and it >notes a couple Linux specific steps, but . . . > >Any and all help is appreciated. > >TIA >Lou >
Re: What is CYRUS_SERVICE? (was Re: Installing on FreeBSD)
Louis LeBlanc wrote: > >Is that a typo? 'make sure there aren't any entries for imap, pop3, >etc'??? > No, it's not. For cyrus, the 'master' takes the place of [x]inetd and cron entries. It *reuses* the service handlers in much the same way apache does. > > >What about sieve? > same thing. > > >Thanks > >Lou >
Re: Installing on FreeBSD
Daeron wrote: >Hi, > My experience is just the oppersite: > FreeBSD 4.3, Cyrus 2.0.12 from /usr/ports/mail/cyrus-imap >/usr/local/etc/imapd.conf edited with "sasl_pwcheck: pam" > I've also tried "PAM". >/etc/pam.conf with "imap auth required /usr/local/lib/pam_mysql.so >user=." >and same for pop3 > The problem is that many pam modules don't work when they're not run as 'root'. Since cyrus runs as user 'cyrus', having cyrus do PAM won't work properly. You need to get pwcheck to do the pam thing and have cyrus use pwcheck to do the work. So you need to add pwcheck_pam.c (see this list's archives) to the cyrus-sasl pwcheck, then configure the 'cyrus' service in /etc/pam.conf however you like. Then all services that use SASL will authenticate how you like. > > >But nothing authenticates. When I tried imtest I found the thing replies >that there's no authentification mechaism. So I investigate & find that the >Makefile has a single auth option listed --with-auth=unix > ...arr ah! I think, so I've tried a --with-auth=pam to which it it seems >to make all in man, et, sieve, acap, and lib before eventually saying "don't >know how to make auth_pam.o. Stop" > The fix isn't in cyrus-imap, it's in cyrus-sasl.
Re: LMTP - getting in the way
Louis LeBlanc wrote: >So it looks like I got much of 2.0.14 on FreeBSD working, now what is >the problem with LMTP? I don't have a network with mail relays and >multiple servers or anything like that, so I don't think I really need >a second MTA. My current working setup (on the dying Linux box) is >1.6.24; sendmail drops messages to procmail - configurable per user - >which then calls deliver to drop the message in the correct folder. > >This is all I really need to do, so how can I get rid of LMTP? > You can't. deliver in 2.x merely front-ends the LMTP socket, so even if you use deliver for everything you still need LMTP for deliver to work. I used to be like you -- I used procmail and wanted to figure out how to get procmail between sendmail and cyrus. I eventually decided that sieve was really all I needed and did without procmail. Unless you're hooking shell scripts up as filters or bizarre things like that, it's very likely that sieve is sufficient. Another detail is that if you use sieve and have sendmail set up to do LMTP delivery, you can filter on the envelope headers, which normaly is not possible with procmail. Of course, the ability for an administrator to allow a method of hooking shell scripts as filters up to sieve would be very nice... > > >Thanks >Lou >
Re: lmtp again.
I stronly recommend you use the sendmail.mc bits that I posted a little while ago. It works, it preserves the envelope headers for sieve, it avoids forking a process (deliver) needlessly in deliveries and allows cyrus to hardlink CCed messages. And sendmail is not hard to configure. It is hard to edit .cf files. Editing .cf files and configuring sendmail are not the same thing.
Re: berkeley to cyrus conversion
Sam Smith wrote: >I have seen all the old messages about using mbxcvt and c-client. How does that >work exactly? It says in the docs that cyrus imap is NOT one of the formats it >supports. > >Also the scripts from "Managing IMAP" are out-of-date, since at least one uses >the tcl version of cyradm. > >What are people using now to do the conversion? >Thanks for any help... > I wrote a perl script that takes a Unix "mbox" formatted mailbox and uploads it to an IMAP folder. I could post and/or e-mail it if there is any demand. It's not perfect -- it is possible that messages containing illegal characters could be refused by cyrus, but in my experience most of the messages thusly rejected are spam in any case (you expect RFC compliance from someone dumb enough to think spam works?).
Re: [ANN] UNIX hierarchy separator for Cyrus IMAP
> I am pleased to announce the availability of a selectable hierarchy > separator for Cyrus IMAP. Up until now, Cyrus used a netnews-style > hierarchy, where '.' was used as the hierarchy delimiter -- thus > prohibiting '.' from appearing in mailbox names. This release allows a > UNIX-style '/' separator to be used in the same fashion that David > Fuchs' (and derivative) patches. Hey great! This will let me work around MacOS X's Mail program's stupidity in this regard. Before I set up alt namespace, I couldn't get to any of my folders besides the INBOX! Doesn't anyone read an RFC anymore before they write software? Sheesh.
Re: [ANN] UNIX hierarchy separator for Cyrus IMAP
Ken Murchison wrote: > > Nick Sayer wrote: >>Hey great! This will let me work around MacOS X's Mail program's stupidity >>in this regard. Before I set up alt namespace, I couldn't get to any of my >>folders besides the INBOX! Doesn't anyone read an RFC anymore before they >>write software? Sheesh. >> > > Who? Me or the Mac guys? Sorry for the ambiguity. The problem lies in the MacOS X Mail client, NOT in cyrus. When you try and select a subfolder, you get an error back that "folder/subfolder" is not an acceptable mailbox name to the server. Well, of course it's not! :-) alt namespace was required before I could look at anything other than INBOX because, for example, I would get an error saying that it couldn't select "INBOX/Sent". Now I can get to all of the first level folders because they can be selected without separator chars, but I anticipate that I will be able to get to all of them with the unix separator patch. But if Apple had been able to read an RFC, none of it would be necessary at all.
Re: [ANN] UNIX hierarchy separator for Cyrus IMAP
Ken Murchison wrote: > > Nick Sayer wrote: > >>Ken Murchison wrote: >> >> >>>Nick Sayer wrote: >>> >>>>Hey great! This will let me work around MacOS X's Mail program's stupidity >>>>in this regard. Before I set up alt namespace, I couldn't get to any of my >>>>folders besides the INBOX! Doesn't anyone read an RFC anymore before they >>>>write software? Sheesh. >>>> >>>> >>>Who? Me or the Mac guys? >>> >>Sorry for the ambiguity. The problem lies in the MacOS X Mail client, >>NOT in cyrus. When you try and select a subfolder, you get an error back >>that "folder/subfolder" is not an acceptable mailbox name to the server. >>Well, of course it's not! :-) alt namespace was required before I could >>look at anything other than INBOX because, for example, I would get an >>error saying that it couldn't select "INBOX/Sent". Now I can get to all >>of the first level folders because they can be selected without >>separator chars, but I anticipate that I will be able to get to all of >>them with the unix separator patch. But if Apple had been able to read >>an RFC, none of it would be necessary at all. >> > > I'm confused. Are/were you running a patched version of Cyrus that > created folders with '/' as the separator? My stuff is NOT compatible > with anything that actually stores folder names containing '/' in the > mailboxes DB (like David Fuchs' patch). The whole premise of my > alt-namespace and hier-sep is to not change any of the on-disk files. No. It's just cyrus with the namespace patch. MacOS X's mail client is stupid. It tries to do a 10 SELECT INBOX/foo despite the fact that the LSUB/LIST output said "INBOX.foo". This behavior is clearly stupid. You're being blinded by an expectation that the client was not written by morons. :-)
Re: LDAP && imap (Invalid credentials)
David wrote: > > /etc/imap.conf: > sasl_pwcheck_method: pam > Don't do it this way. Set this to pwcheck, then rebuild pwcheck to use pwcheck_pam.c. This insures that the pam methods are run as root rather than as cyrus. See the archives for more info.
deleting old mailboxes
Hey! Is there some script or anything, that would scan the imap/user dir, lookup .seen file date and create a list or delete mailboxes which are X months unread? Nick
Re: Newbie struggling with sendmail config
Fred Ball wrote:
> Hi, crew. I'm going for my first installation of Cyrus imapd, running
> sendmail and freeBSD 4.3.
>
> I'm using the O'Reilly IMAP book as a guide, and everything *seemed*okay
> until I hit the instructions for building the sendmail config file. It
> instructs me to add the following two lines to cyrusproto.mc:
>
> OSTYPE(freebsd4)
> DOMAIN('DOMAIN.COM')
>
> Then I run:
>
> m4 ../m4/cf.m4 cyrusproto.mc > cyrusproto.cf
>
> Every time I do this, I get the message:
>
> m4: . . /domain/'DOMAIN.COM'.m4: No such file or directory
To build a sendmail.cf under FreeBSD 4.x, start with the freebsd.mc
file, which should be in /etc/mail. Copy that to some other name, and
put that name in /etc/make.conf in a SENDMAIL.MC= line.
For cyrus 2.x, change you need to make is like this:
FEATURE(local_lmtp)dnl
define(`confLOCAL_MAILER',`cyrus')dnl
MAILER_DEFINITIONS
mcyrus,
P=[IPC], F=lsSDFMnqA@/:|SmXz, E=\r\n,
S=EnvFromL, R=EnvToL/HdrToL, T=DNS/RFC822/X-Unix,
U=cyrus:cyrus, A=FILE /var/imap/socket/lmtp
The mailer definition should be the same as the one for 'smtp', but with
the U= added and the A= as shown. The argument to A= should be the lmtp
listening socket path specified in your cyrus.conf file.
This is an optimal setup. No extra processes will be spawned (with 2.x
deliver just does the equivalent LMTP delivery), envelope information
will be preserved (for Sieve), CCed mail will be hardlinked in the cyrus
filesystem.
To deliver to top leve dirs, specify +box.path. To deliver to a folder
under a user's INBOX, use user+box.
Nothing could be simpler.
>
> as if it is looking for another script piece. When I omit the domain
> line, it seems to output fine. But then I try O'Reilly's test for the
> sendmail config:
>
> cyradmin -user cyrus localhost imap
>
> and it returns:
>
> cyradm: cannot connect to server
>
> Any ideas on where to start with this
>
I think you're mixing apples and oranges here. This has nothing to do
with sendmail. But it probably does mean that cyrus isn't running.
RE: Bind the daemon to a specific ip address
I guess, that's done in cyrus.conf like that:
SERVICES {
imap cmd="/usr/cyrus/bin/imapd" listen="127.0.0.1:imap" prefork=0
and so on
-Original Message-
From: Norbert Sendetzky [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 25, 2001 12:28
To: [EMAIL PROTECTED]
Subject: Bind the daemon to a specific ip address
Hi all
Does anybody know, if it is possible to bind the cyrus daemon to a specific
ip address, e.g. 127.0.0.1?
Norbert
2.0.15 + HIERARCHY => MacOS X mail working
Folks here may or may not have remembered that I mentioned a while ago that the MacOS X mail client does not work with IMAP servers that do not use "/" as their separator. I coerced the FreeBSD port to build 2.0.15 with the new hierarchy patches. With the unix hierarchy separator directive turned on, I can confirm that the MacOS X mail client works correctly. For what that's worth. I sent mail to the port maintainer with my patch. It is easier than it might at first seem. Here's how: 1. change GNU_CONFIGURE=YES to USE_AUTOCONF=YES in the port makefile. 2. redo files/patch-ac so that it applies the same fix to aclocal.m4 instead of configure. 3. Now you can apply the diff from the 2.0.15 normal distribution and the 2.0.15-HIERARCHY-r2 one, discarding the diffs in 'configure' itself. When you build the port, configure will be regenerated by autoconf.
Bug: 2.0.15-HIERARCHY - delete subscribed folder screws up LSUB
Check this out: * OK medusa.kfu.com Cyrus IMAP4 v2.0.15-HIERSEP-r2 server ready . login user testcase . OK User logged in . list * * * LIST (\Noinferiors) "/" "INBOX" * LIST () "/" "Drafts" * LIST () "/" "Sent" * LIST () "/" "Templates" * LIST () "/" "Trash" * LIST () "/" "amanda" * LIST () "/" "archive/20010428" * LIST () "/" "archive/certificates" * LIST () "/" "archive/enlighten-inbox" * LIST () "/" "archive/ladybugs" * LIST () "/" "archive/old" * LIST () "/" "archive/older" * LIST () "/" "archive/orders" * LIST () "/" "archive/passwords" * LIST () "/" "archive/purchases" * LIST () "/" "archive/wrinkles" * LIST () "/" "cron-stools" * LIST () "/" "lists/6bone" * LIST () "/" "lists/airport-config" * LIST () "/" "lists/bestos" * LIST () "/" "lists/bzflag-dev" * LIST () "/" "lists/dcti" [and so on and so on] . OK Completed (0.000 secs 42 calls) . lsub * * * LSUB (\Noinferiors) "/" "INBOX" * LSUB () "/" "Drafts" * LSUB () "/" "Sent" * LSUB () "/" "Templates" * LSUB () "/" "Trash" * LSUB () "/" "amanda" * LSUB () "/" "archive/20010428" * LSUB () "/" "archive/certificates" * LSUB () "/" "archive/enlighten-inbox" * LSUB () "/" "archive/ladybugs" * LSUB () "/" "archive/old" * LSUB () "/" "archive/older" * LSUB () "/" "archive/orders" * LSUB () "/" "archive/passwords" * LSUB () "/" "archive/purchases" * LSUB () "/" "archive/wrinkles" * LSUB () "/" "cron-stools" * LSUB () "/" "lists/6bone" * LSUB () "/" "lists/airport-config" * LSUB () "/" "lists/bestos" * LSUB () "/" "lists/bzflag-dev" * LSUB () "/" "lists/dcti" [and so on and so on] . OK Completed (0.000 secs 42 calls) Ok. So we have a nice, full hierarchy, most of which is subscribed. With me so far? Now the bug: . create abra/cadabra . OK Completed . subscribe abra/cadabra . OK Completed . lsub * * * LSUB (\Noinferiors) "/" "INBOX" * LSUB () "/" "Drafts" * LSUB () "/" "Sent" * LSUB () "/" "Templates" * LSUB () "/" "Trash" * LSUB () "/" "abra/cadabra" * LSUB () "/" "amanda" * LSUB () "/" "archive/20010428" * LSUB () "/" "archive/certificates" * LSUB () "/" "archive/enlighten-inbox" * LSUB () "/" "archive/ladybugs" * LSUB () "/" "archive/old" * LSUB () "/" "archive/older" * LSUB () "/" "archive/orders" * LSUB () "/" "archive/passwords" * LSUB () "/" "archive/purchases" * LSUB () "/" "archive/wrinkles" * LSUB () "/" "cron-stools" * LSUB () "/" "lists/6bone" * LSUB () "/" "lists/airport-config" * LSUB () "/" "lists/bestos" * LSUB () "/" "lists/bzflag-dev" * LSUB () "/" "lists/dcti" [and so on and so on] . OK Completed (0.016 secs 43 calls) So far so good. . delete abra/cadabra . OK Completed . lsub * * * LSUB (\Noinferiors) "/" "INBOX" * LSUB () "/" "Drafts" * LSUB () "/" "Sent" * LSUB () "/" "Templates" * LSUB () "/" "Trash" . OK Completed (0.000 secs 6 calls) Woah! The subscription list is (almost) gone! . unsubscribe abra/cadabra . OK Completed . lsub * * * LSUB (\Noinferiors) "/" "INBOX" * LSUB () "/" "Drafts" * LSUB () "/" "Sent" * LSUB () "/" "Templates" * LSUB () "/" "Trash" * LSUB () "/" "amanda" * LSUB () "/" "archive/20010428" * LSUB () "/" "archive/certificates" * LSUB () "/" "archive/enlighten-inbox" * LSUB () "/" "archive/ladybugs" * LSUB () "/" "archive/old" * LSUB () "/" "archive/older" * LSUB () "/" "archive/orders" * LSUB () "/" "archive/passwords" * LSUB () "/" "archive/purchases" * LSUB () "/" "archive/wrinkles" * LSUB () "/" "cron-stools" * LSUB () "/" "lists/6bone" * LSUB () "/" "lists/airport-config" * LSUB () "/" "lists/bestos" * LSUB () "/" "lists/bzflag-dev" * LSUB () "/" "lists/dcti" [and so on and so on] . OK Completed (0.008 secs 42 calls) Oh! There it is! So the bug is a two-parter. 1. Deleting a subscribed mailbox does not automatically unsubscribe oneself from it. 2. Extra entries in the ...user/f/foo.sub file that corespond to nonexistent mailboxes causes the LSUB output to truncate at that spot. This is the case whether or not the unix hierachy character is set. I don't know if it's the case if I turn off alternate namespace (I don't want to do that).
Re: Bug: 2.0.15-HIERARCHY - delete subscribed folder screws up LSUB
Ken Murchison wrote: > > Nick Sayer wrote: > > > [...] > > >>2. Extra entries in the ...user/f/foo.sub file that corespond to >>nonexistent mailboxes causes the LSUB output to truncate at that spot. >> > > Try this patch. Fairly simple, but a pain in the ass to find. > *ding ding ding* That fixed it.
SirCam and sieve
I really, really want to do this: if body :is :comparator "i;octet" text: I send you this f i l e in order to have your a d v i c e . reject "Possible SirCam Infection"; stop; } (note that I have perturbed the line a bit in order for this message not to match the worm's signature. I am sure you all know what I'm talking about) Is there no way for the sieve to match on lines in the body? This would be the next extension I would like to see.
Re: Restoring Mailboxes from a Backup
Marc Schöchlin wrote: > Hi ! > > I´m useing the following Version/RPMs of Cyrus: > > cyrus-sasl-1.5.24-17 > cyrus-imapd-2.0.14-3rm > cyrus-imapd-devel-2.0.14-3rm > cyrus-imapd-utils-2.0.14-3rm > cyrus-imapd-doc-2.0.14-3rm > > Cyrus works very well, but now i´m asking me how I can restore specific > Mailboxes from a backup by keeping: > > - the ACLs Restore the mailbox database. > - the mailboxdata Restore the mail files you care about, then reconstruct the mailbox > > How can I restore a complete server ? Reinstall the software, restore the sasl database (if applicable), restore etc/*.conf (and other things like ssl keys), restore the user, sieve and quota directories, restore the mailbox database, restore the mail files, reconstruct all mailboxes, restart master. > > Which data should be included in the backup ? Everything. :-) You can never back up too much. :-) It may not be a bad idea every once in a while to dump the mailboxes database to a flat file just in case. You do this with ctl_mboxlist -d. > > How can I rebuild the database integrity ? Well, for the mailboxes, do a reconstruct. For the mailbox database itself, I believe it can be rebuilt, but you would lose the ACLs if the database was not restorable. > > I have serveral problems in finding this information...is there any in > the www ? > > If someone explains me the restore, I will write a little howto :-) > > Regards > > Mar Schöchlin > > > > >
RE: Mailboxes with dots
There is a dot patch available for 2.0.12 at http://www.inbox.lv/nick It's pretty simple and can be applied to 2.0.16 as well, just do it manually (don't use patch command). However, applying the patch disables direct mail sending to mailboxes with dots. Nick -Original Message- From: Sherpya [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 28, 2001 17:27 To: [EMAIL PROTECTED] Subject: Mailboxes with dots I need to create mailboxes with dots e.g.: john.smith into cyrus, but . (dot) is used for directory hierarchy, Altnamespace thread does not help me, I cannot find patch for this. Is a working solution? I need this for a production server. Bye Sherpya
user unknown
Hey! Recently upgraded to cyrus from cvs (2.1.0pre), it shown a great improvement in lmtpd, however, now I _sometimes randomly_ get the following: >>> DATA <<< 550 4.3.0 System I/O error. 550 5.1.1 [EMAIL PROTECTED] User unknown <<< 503 5.5.1 No recipients In sendmail log file it also shows User unknown error. Sometimes mail goes to [EMAIL PROTECTED] well... Ideas? Nick Ustinov Enterprise Solutions Group Director Vide Infra Grupa SIA 40 Brivibas St, Riga, Latvia, LV 1050 phone: +371 7812294 fax: +371 7812297 http://www.videinfra.com
just to track...
Sep 26 16:14:12 satan sendmail[10059]: f8QEDc3x010059: from=<[EMAIL PROTECTED]>, size=34899, class=0, nrcpts=1, m sgid=<[EMAIL PROTECTED]>, bodytype=8BITMIME, proto=ESMTP, daemon=MTA, relay=alpha.dpunet.lv [159 .148.144.1] Sep 26 16:14:13 satan sendmail[11198]: f8QEECoN011198: [EMAIL PROTECTED], size=34899, class=0, nrcpts=1, msg id=<[EMAIL PROTECTED]>, relay=root@localhost Sep 26 16:14:13 satan sendmail[11175]: f8QEDc3x010059: to=<[EMAIL PROTECTED]>, delay=00:00:34, xdelay=00:00:01, mailer=avpke eper, pri=65730, relay=inbox.lv.AVP, dsn=2.0.0, stat=Sent Sep 26 16:14:13 satan sendmail[11208]: f8QEECoN011198: [EMAIL PROTECTED], [EMAIL PROTECTED] (0/0), del ay=00:00:01, xdelay=00:00:00, mailer=cyrus, pri=30763, relay=localhost, dsn=5.1.1, stat=User unknown AVP is Kaspersky antivirus, works fine with the rest Nick Ustinov Enterprise Solutions Group Director Vide Infra Grupa SIA 40 Brivibas St, Riga, Latvia, LV 1050 phone: +371 7812294 fax: +371 7812297 http://www.videinfra.com
[UNIX: /var/imap/socket/lmtp]
Is it normal, that from some point I see relay=localhost [[UNIX: /var/imap/socket/lmtp]] in my maillog file: Sep 26 19:27:01 satan sendmail[31789]: f8QHR1WN031789: to=root, delay=00:00:00, xdelay=00:00:00, mailer=cyrus, pri=30237, relay=localhost [[UNIX: /var/imap/socket/lmtp]], dsn=2.0.0, stat=Sent What's that [UNIX: /var/imap/socket/lmtp] and wasn't it there before. Nick Ustinov Enterprise Solutions Group Director Vide Infra Grupa SIA 40 Brivibas St, Riga, Latvia, LV 1050 phone: +371 7812294 fax: +371 7812297 http://www.videinfra.com
lmtpdengine.c
Concerning previous msgs --- the problem was that I've modified lmtpdengine.c and changed 452 4.2.2 Over quota to 550 4.2.2 Over quota Basically, I always did that since I do not want overquota messages to stay in queue. However, 2.1.0pre didn't like this change and now in case of overquota issues both "550 4.2.2 Over quota" and then User unknown, which is treated by sendmail as User unknown. Is there anything I should change in sendmail config, is it a bug or a feature? Sincerely, Nick
RE: lmtpdengine.c
Yeah, well, the thing is that most of the users who are overquoted will never ever come back anymore. I have a system with >100k users, so you can imagine whats going on if I collect overquote e-mails. I guess hotmail.com sends them back immidetely as well. Nick. -Original Message- From: Ken Murchison [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 23:02 To: Nick Ustinov Cc: '[EMAIL PROTECTED]' Subject: Re: lmtpdengine.c Nick Ustinov wrote: > > Concerning previous msgs --- the problem was that I've modified > lmtpdengine.c and changed > > 452 4.2.2 Over quota > > to > > 550 4.2.2 Over quota > > Basically, I always did that since I do not want overquota messages to stay > in queue. However, 2.1.0pre didn't like this change and now in case of > overquota issues both "550 4.2.2 Over quota" and then User unknown, which is > treated by sendmail as User unknown. Is there anything I should change in > sendmail config, is it a bug or a feature? So you want messages destined for people who are overquota to be bounced instead of queued locally? Because you're sending back a 550 code, even the sending MTA won't retry. Cyrus 2.1 now checks the quota at the time of the RCPT TO: command, as well as after the DATA command (in case the usage changed in between). I haven't thought about the consequences of what you are trying to do with 2.1, but I'd guess that you're confusing your MTA by spitting back a permanent failure to RCPT TO: (usually unknown user) because of an over quota issue. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Eudora and ssl/tls and cyrus
I did some searches in the archives. If there is anything similar, searching on Eudora and ssl or tls didn't find it. Eudora will not complete TLS negotiation with Cyrus. I am running Redhat Roswell (the current Redhat Beta, 7.1+) on an Intel box. I am running cyrus-imapd-2.0.15-HIERSEP-r2, and (from the Redhat rpm) openssl-0.9.6b-7. I have generated a server key that works with Eudora 5.1 when I use it to communicate with smtp and Postfix. It is not signed by a "known CA" but Eudora allows you to "trust" a particular certificate. smtp goes through the postfix use of the SSL library. However, when I use that same key to connect to imap on the alternate port, things just don't work. The message (from Eudora) is: SSL Negotiation failed: You have configured the personality/protocol to reject any exchange key lengths below 0. But the negotiated exchange key length is -1. Hence this established secure channel is unacceptable. Connection will be dropped. Cause: (-6996) Logged messages are: Sep 27 00:57:28 parrot master[23631]: about to exec /usr/cyrus/bin/imapd Sep 27 00:57:28 parrot service-imap[23631]: executed Sep 27 00:57:28 parrot imapd[23631]: accepted connection Sep 27 00:57:29 parrot imapd[23631]: STARTTLS failed: glock.squawk.com[208.176.1 24.157] Sep 27 00:57:29 parrot master[23188]: process 23631 exited, status 0 A ethereal dump of the interaction between Eudora and Cyrus, which doesn't say much: * OK parrot.squawk.com Cyrus IMAP4 v2.0.15-HIERSEP-r2 server ready 0 CAPABILITY * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 0 OK Completed 1 STARTTLS 1 OK Begin TLS negotiation now Then some binary gets put in here... 1 NO Starttls failed * BAD Invalid tag * BAD Invalid tag and a short binary burst here... Has anyone actually either (1) seen this message or anything similar or (2) gotten Eudora to work with cyrus imap? Is there new tls stuff that I should be using? -- We often hear of war described as if it were some kind of impersonal affliction, such as the Black Plague or famine.The fact is that war is not just something that happens, it is something that people make happen, and they make it happen for reasons. As Clausewitz said, war is the continuation of politics by other means. Exactly. War is neither a hurricane nor a flood. It is, on the contrary, the cutting edge of ideology. -- Jeff Cooper Nick Simicich - [EMAIL PROTECTED] - http://scifi.squawk.com/njs.html
back to lmtpd problems
cannonical form (even if it doesn't resolve to an
MX).
R$* $: $>Parse0 $>3 $1
R$* < $* > $* $: $1 < $2 . > $3
Pretend it's canonical.
R$* < $* . . > $* $1 < $2 . > $3
Remove extra dots.
# Allow relaying if the connected host is a local IP address.
R$* $: < $&{client_addr} > Get client
IP address.
R<> $#OKLocal is ok.
R< $* . $- > $* $(localip $1.$2 $: < $1 > . $2 $) Check last
three octets.
R$* < MATCH > $#OK
R< $- > $* $: $(localip $1 $: < > $1 $2 $) Check first
octet.
R$* < MATCH > $#OK
# Allow relaying if the connected host has recently POP3 authenticated.
R$* $: < $&{client_addr} > Get client
IP address.
R< $* > $(popip $1 $) Check full
address.
R$* < MATCH > $#OK
# IP address didn't match.
Anyone willing to help? :)
Sincerely,
Nick
RE: back to lmtpd problems
Francesc, Thanks for the idea, however the tests show that disk speed is quite enough (and I guess there are no much faster drives I can get on the market right now :). The problem could be in db3 locking or something like that, which is linux specific. As for sendmail-->postfix change -- I might want to try that, however I am not experienced in postfix and the system is quite critical, it's not that easy. Anyway, this looks like cyrus problem -- the fact is that sendmail works FASTER than lmtpd causes the bottlenecks. Nick. -Original Message- From: Francesc Guasch [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 13:20 Cc: '[EMAIL PROTECTED]' Subject: Re: back to lmtpd problems Nick Ustinov ha escrito: > > It's Linux RedHat 7.0 with kernel 2.4.2-0.1.28smp running at dual p3/550 > and the system launches approx the same number of lmtpds. > > The e-mails are being delivered, but EXTREMELY slow. I don't know where the > problem is, however the system is unable to deliver more than 100-200 > e-mails per minute. As you understand, while it is delivering 100-200 Hi Nick. I've had no such scenario but let me guess something (that could be completely wrong). My bet is your problem is in disk speed. You have a limit of concurrent delivering caused by your drive. When it reaches that limit it gets worse. I'd try to set a max number of concurrent delivering lmtpd processes in sendmail. I'd also buy faster scsi drives. Another thing you could consider is replace sendmail and start using postfix. I've seen reports of incredible number of mails delivered and I've been using it in many servers happilly. It supports cyrus, lmtpd and avp. In the postfix mailing list I've seen people who have a lot of users like you. Maybe you should check the postfix archives or subscribe to the list. ( low noise ). -- --Frankie
RE: back to lmtpd problems (ot)
Should I use avcheck instead of avpkeeper with sendmail as well, or that's just for postfix? -Original Message- From: Tarjei Huse [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 17:15 To: Francesc Guasch Cc: '[EMAIL PROTECTED]' Subject: Re: back to lmtpd problems (ot) > and I've been using it in many servers happilly. It supports cyrus, > lmtpd and avp. Note however that you should not use avpkeeper, but instead the programe avcheck made by Ralf Hildebrandt. It offers better performance and higher security. Also, I only had problems combining avpkeeper and postfix, but using avcheck with kavdaemon works like a charm. Tarjei > In the postfix mailing list I've seen people who have a lot of > users like you. Maybe you should check the postfix archives or > subscribe to the list. ( low noise ). > > -- > --Frankie
lmtpd locking?
I am still investigating this many-lmtpds-in memory thing and running sendmail -q -v -X shows the following: 05707 >>> Running /var/spool/mqueue/f91BZUx28683 (sequence 9 of 733) 05707 >>> >>> RSET 05707 >>> RSET 05707 <<< 250 2.0.0 ok 05707 >>> 250 2.0.0 ok 05707 >>> [EMAIL PROTECTED] Using cached ESMTP connection to localhost via cyrus... 05707 >>> >>> MAIL From:<[EMAIL PROTECTED]> SIZE=263 05707 >>> MAIL From:<[EMAIL PROTECTED]> SIZE=263 05707 <<< 250 2.1.0 ok 05707 >>> 250 2.1.0 ok 05707 >>> >>> RCPT To: 05707 >>> RCPT To: 05707 <<< 250 2.1.5 ok 05707 >>> 250 2.1.5 ok 05707 >>> >>> DATA 05707 >>> DATA 05707 <<< 354 go ahead 05707 >>> 354 go ahead 05707 >>> Received: (from root@localhost) 05707 >>> by satan.inbox.lv (8.11.6/8.11.0) id f91BZUx28683 05707 >>> for [EMAIL PROTECTED]; Mon, 1 Oct 2001 13:35:30 +0200 05707 >>> Received: from hyper.gids.lv (ns.gids.lv [159.148.14.3]) 05707 >>> by satan.inbox.lv (8.11.6/8.11.0) with ESMTP id f91BYje27669 05707 >>> for <[EMAIL PROTECTED]>; Mon, 1 Oct 2001 13:34:45 +0200 05707 >>> Received: from black-monster (unknown [217.199.98.170]) 05707 >>> by hyper.gids.lv (Postfix) with SMTP id 504B1655A1 05707 >>> for <[EMAIL PROTECTED]>; Mon, 1 Oct 2001 12:22:59 +0200 (EET) 05707 >>> Date: Mon, 01 Oct 2001 12:27:23 -0200 05707 >>> Subject: [EMAIL PROTECTED] nosuutiijis Tev zinju no oHo.lv 05707 >>> To: [EMAIL PROTECTED] 05707 >>> From: "oHo.lv" <[EMAIL PROTECTED]> 05707 >>> Message-Id: <[EMAIL PROTECTED]> 05707 >>> 05707 >>> test 05707 >>> . 05707 >>> >>> . and freezes here. Running strace on this, indicates, that it freezes on read(8, so, I assume lmtp is not sending some response after . in DATA ?? Comments? Nick Ustinov Enterprise Solutions Group Director Vide Infra Grupa SIA 40 Brivibas St, Riga, Latvia, LV 1050 phone: +371 7812294 fax: +371 7812297 http://www.videinfra.com
lmtpd locking continued
And that's the place, where lmtpd freezes: Oct 1 14:27:09 satan lmtpd[5687]: duplicate_check: <[EMAIL PROTECTED]> user.bforce 0 Nick Ustinov Enterprise Solutions Group Director Vide Infra Grupa SIA 40 Brivibas St, Riga, Latvia, LV 1050 phone: +371 7812294 fax: +371 7812297 http://www.videinfra.com
RE: lmtpd locking continued
Sorry, it's 2.1.0pre, pulled sep 26th. concerning the problem -- i ran reconstruct on this mailbox (user.bforce) and it went fine, however this doesn't always help (was it a coincedence?) I enabled another sendmail.mc config with avpkeeper, which works fine now (non-local mails delivered). However, localmails which are delivered using cyrus mailer are still freezing after issuing DATA (messages are being delivered to mailboxes, by the way). This happens when it tries to connect via UNIX: /var/imap/socket/lmtp according to sendmail's log. Nick -Original Message- From: Amos Gouaux [mailto:[EMAIL PROTECTED]] Sent: Monday, October 01, 2001 15:20 To: [EMAIL PROTECTED] Subject: Re: lmtpd locking continued >>>>> On Mon, 1 Oct 2001 13:22:27 +0200 , >>>>> Nick Ustinov <[EMAIL PROTECTED]> (nu) writes: nu> And that's the place, where lmtpd freezes: nu> Oct 1 14:27:09 satan lmtpd[5687]: duplicate_check: nu> <[EMAIL PROTECTED]> user.bforce 0 You should probably indicate what version of Cyrus you're using. At one point you mention 2.1.0pre, but don't specify when you pulled this from CVS. -- Amos
RE: lmtpd locking continued
Ken, just pulled latest cvs version, still the same. As for too many files open, I have echo 32768 >/etc/fs/file-max -Original Message- From: Ken Murchison [mailto:[EMAIL PROTECTED]] Sent: Monday, October 01, 2001 17:59 To: Nick Ustinov Cc: '[EMAIL PROTECTED]' Subject: Re: lmtpd locking continued Nick Ustinov wrote: > > Sorry, > > it's 2.1.0pre, pulled sep 26th. Try pulling it again. I fixed a file descriptor leak (which I created) in lmtpd. Your lmtpd _may_ be running up against the fd limit. Do you get any complaints about too many open files? Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
RE: lmtpd locking continued
Larry, just did that and it sent 48 out of 721 msgs in mqueue.. And froze here: Running /var/spool/mqueue/f91HRse04091 (sequence 49 of 721) >>> RSET 250 2.0.0 ok <[EMAIL PROTECTED]>... Using cached ESMTP connection to localhost via cyrus... >>> MAIL From:<[EMAIL PROTECTED]> SIZE=538 250 2.1.0 ok >>> RCPT To: 250 2.1.5 ok >>> DATA 354 go ahead >>> . strace shows it's read(7, Is it somehow related to alarm(300) I see in strace output as well? Sincererly, Nick PS. Pretty weird user name, however it exists, reconstructed and is accessible via IMAP -Original Message- From: Lawrence Greenfield [mailto:[EMAIL PROTECTED]] Sent: Monday, October 01, 2001 19:46 To: '[EMAIL PROTECTED]'; Nick Ustinov Subject: Re: lmtpd locking continued From: Nick Ustinov <[EMAIL PROTECTED]> Date: Mon, 1 Oct 2001 18:02:16 +0200 Ken, just pulled latest cvs version, still the same. As for too many files open, I have echo 32768 >/etc/fs/file-max Did you nuke your existing duplicate delivery db and run ctl_cyrusdb -r? As you noticed, the duplicate delivery code was reworked in 2.1 and may still have some gotchas. Larry
RE: cyrus/pam tutorial?
Vincent, I am using cyrus with pam_mysql. Let me know what are the problems you are facing and I will try to help. In general, you compile pam module, create entries in /etc/pam.d (files imap and pop) with settings pam modules require and set in /etc/imapd.conf sasl_pwcheck_method: pam Sincerely, Nick -Original Message- From: Vincent Stoessel [mailto:[EMAIL PROTECTED]] Sent: Monday, October 01, 2001 21:40 To: [EMAIL PROTECTED] Subject: cyrus/pam tutorial? Hello , I am having a hard time getting cyrus to use pam authentication. It only seems to want to work with sasl. Any tuttorials or hints? -- Vincent Stoessel [EMAIL PROTECTED] Java Linux Apache Mysql Php (JLAMP) Engineer (301) 362-1750 Mobile (410) 419-8588
RE: lmtpd locking continued
Larry, Ken, I ran strace on lmtpd and noticed that it sticks with connecting to notify_unix socket. I recompiled it with-notify=no and it seems to work fine now (and much faster too :) Ken, ignore last email with strace, it was all right (my fault) Nick -Original Message- From: Lawrence Greenfield [mailto:[EMAIL PROTECTED]] Sent: Monday, October 01, 2001 22:37 To: Nick Ustinov; Ken Murchison Cc: '[EMAIL PROTECTED]' Subject: Re: lmtpd locking continued Date: Mon, 01 Oct 2001 13:47:01 -0400 From: Ken Murchison <[EMAIL PROTECTED]> > >>> MAIL From:<[EMAIL PROTECTED]> SIZE=538 > 250 2.1.0 ok > >>> RCPT To: > 250 2.1.5 ok > >>> DATA > 354 go ahead > >>> . Hmm. This *should* have given you: 554 5.6.0 Message has no header/body separator No, no, Sendmail never shows the body of the message when it sends it. (Ok, maybe on really high debug levels, but not normally.) It sent a message between the DATA and the . > > strace shows it's read(7, Could you please check to see which file its trying to read from? Look for open() = 7. If the strace is gone, please trace a new connection. I think this was an strace of Sendmail, not an strace of lmtpd. I agree a trace of lmtpd and a gdb backtrace of where lmtpd is when this happens would be more helpful. Larry
RE: cyrus/pam tutorial?
Vincent, I have rh7 and exactly the same situation -- pam_mysql, mysql and web interface for user creation, which inserts necessary records to mysql tables upon user creation. As for pam_mysql -- the tricky part here may be that you have unneeded line break in end of /etc/pam.d/imap file (I was fighting this for a couple of days :) Also, what format do you use in /etc/pam.d/imap ? I have auth optional ...(params for pammysql)... account required ...(same params for pammysql)... and worked just fine. Did you check /var/log/messages file? also, i'd recommend #define DEBUG in pam_mysql.c so you can see whats going on. Nick -Original Message- From: Vincent Stoessel [mailto:[EMAIL PROTECTED]] Sent: Monday, October 01, 2001 22:46 To: Nick Ustinov Cc: [EMAIL PROTECTED] Subject: Re: cyrus/pam tutorial? This is great. I have been banging my head against the wall here. Let me tell you what I want to do and you tell me if it even possible. 1. I moved to cyrus from UW because of the ability to create virtual mailboxes and sasl has worked fine 2, I also have a mysql database that contains user info and is also used to authenticate users for various parts of the website including my web based imap client. what I want to do is 1. combine the creation of cyrus mailboxes with record creation in the sql db 2. have cyrus use pam_mysql to look up and authenticate passwords from the sql database are 1 or 2 possible ? I have compiled pam_mysql as directed and tested it with pam module for the sudo and it definetely checks the database when I use it there. The same is not true for imap, no queries are made to the database and nothing seems to work except sasl I am working on an intel redhat linux 7.1 system. Thanks in advance. Nick Ustinov wrote: > Vincent, > > I am using cyrus with pam_mysql. Let me know what are the problems you are > facing and I will try to help. In general, you compile pam module, create > entries in /etc/pam.d (files imap and pop) with settings pam modules require > and set in /etc/imapd.conf sasl_pwcheck_method: pam > > Sincerely, > Nick > > -Original Message- > From: Vincent Stoessel [mailto:[EMAIL PROTECTED]] > Sent: Monday, October 01, 2001 21:40 > To: [EMAIL PROTECTED] > Subject: cyrus/pam tutorial? > > > Hello , I am having a hard time getting cyrus to > use pam authentication. It only seems to want to work > with sasl. Any tuttorials or hints? > -- Vincent Stoessel [EMAIL PROTECTED] Java Linux Apache Mysql Php (JLAMP) Engineer (301) 362-1750 Mobile (410) 419-8588
nfs and spool hash
I am planning upgrading my system and switching to new IDE RAID 5 disks. I've read that mounting imap spool over NFS is not a good idea due to NFS locking problems, however the FAQ was pretty out-of-date. I've got several Q's: 1) Is NFS still locking on high-volume traffic? 2) If I add hashimapspool: true to my imapd.conf, then create all dirs like a/ b/ c/ and so on and move user dirs accordingly, shall it work? Is there a tool for doing that automatically? I have 5 imapspool partitions with total of ~103.000 accounts. Sincerely, Nick
RE: cyrus/pam tutorial?
it should be sasl_pwcheck_method, not sasl_passwd_check Nick -Original Message- From: Vincent Stoessel [mailto:[EMAIL PROTECTED]] Sent: Monday, October 01, 2001 23:47 Cc: [EMAIL PROTECTED] Subject: Re: cyrus/pam tutorial? This what my /etc/imapd.conf looks like: configdirectory: /var/imap partition-default: /var/spool/imap admins: admin srvtab: /var/imap/srvtab allowanonymouslogin: no sasl_passwd_check: PAM allowplaintext: yes Like you , I am using the following params > auth optional ...(params for pammysql)... > account required ...(same params for pammysql)... I am tail -f ing my mysql.log (mysql is running in logging mode) and I can see connections that I make from the command line but not from the imap pam I have the same config in sudo , sudo makes the connection but not imap. Nick Ustinov wrote: > Vincent, > > I have rh7 and exactly the same situation -- pam_mysql, mysql and web > interface for user creation, which inserts necessary records to mysql tables > upon user creation. > > As for pam_mysql -- the tricky part here may be that you have unneeded line > break in end of /etc/pam.d/imap file (I was fighting this for a couple of > days :) > > Also, what format do you use in /etc/pam.d/imap ? > > I have > > auth optional ...(params for pammysql)... > account required ...(same params for pammysql)... > > and worked just fine. Did you check /var/log/messages file? also, i'd > recommend #define DEBUG in pam_mysql.c so you can see whats going on. > > > Nick > > -Original Message- > From: Vincent Stoessel [mailto:[EMAIL PROTECTED]] > Sent: Monday, October 01, 2001 22:46 > To: Nick Ustinov > Cc: [EMAIL PROTECTED] > Subject: Re: cyrus/pam tutorial? > > > This is great. I have been banging my head against the wall here. > Let me tell you what I want to do and you tell me if it even possible. > > > 1. I moved to cyrus from UW because of the ability to create virtual > mailboxes > and sasl has worked fine > > 2, I also have a mysql database that contains user info and is also used to > authenticate > users for various parts of the website including my web based imap > client. > > what I want to do is > > 1. combine the creation of cyrus mailboxes with record creation in the sql > db > 2. have cyrus use pam_mysql to look up and authenticate passwords from the > sql database > > > are 1 or 2 possible ? > > I have compiled pam_mysql as directed and tested it with pam module for the > sudo > and it definetely checks the database when I use it there. The same is not > true for imap, > no queries are made to the database and nothing seems to work except sasl > > I am working on an intel redhat linux 7.1 system. > > Thanks in advance. > > Nick Ustinov wrote: > > >>Vincent, >> >>I am using cyrus with pam_mysql. Let me know what are the problems you are >>facing and I will try to help. In general, you compile pam module, create >>entries in /etc/pam.d (files imap and pop) with settings pam modules >> > require > >>and set in /etc/imapd.conf sasl_pwcheck_method: pam >> >>Sincerely, >>Nick >> >>-Original Message- >>From: Vincent Stoessel [mailto:[EMAIL PROTECTED]] >>Sent: Monday, October 01, 2001 21:40 >>To: [EMAIL PROTECTED] >>Subject: cyrus/pam tutorial? >> >> >>Hello , I am having a hard time getting cyrus to >>use pam authentication. It only seems to want to work >>with sasl. Any tuttorials or hints? >> >> > > > -- Vincent Stoessel [EMAIL PROTECTED] Java Linux Apache Mysql Php (JLAMP) Engineer (301) 362-1750 Mobile (410) 419-8588
RE: cyrus/pam tutorial?
No, should be fine. Did you restart master after making changes in imapd.conf? Did you enable #define DEBUG in pam_mysql? What is exactly in your /etc/pam.d/imap file? Nick -Original Message- From: Vincent Stoessel [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 02, 2001 00:15 To: Nick Ustinov Cc: [EMAIL PROTECTED] Subject: Re: cyrus/pam tutorial? Changed but still no mysql connection. :-( I compiled cyrus-imapd-2.0.16 with these flags: ./configure --with-auth=unix --without-krb --with-perl=/usr/bin/perl and cyrus-sasl-1.5.24 with : ./configure --with-openssl=/usr/local/ssl --enable-netscapehack --with-sasl=/usr/local --with-pam --disable-krb4 --disable-gssapi --disable-cram --disable-digest should I have included anything else Nick Ustinov wrote: > it should be sasl_pwcheck_method, not sasl_passwd_check > > Nick > > -Original Message- > From: Vincent Stoessel [mailto:[EMAIL PROTECTED]] > Sent: Monday, October 01, 2001 23:47 > Cc: [EMAIL PROTECTED] > Subject: Re: cyrus/pam tutorial? > > > This what my /etc/imapd.conf looks like: > > > configdirectory: /var/imap > partition-default: /var/spool/imap > admins: admin > srvtab: /var/imap/srvtab > allowanonymouslogin: no > sasl_passwd_check: PAM > allowplaintext: yes > > > Like you , I am using the following params > > > auth optional ...(params for pammysql)... > > account required ...(same params for pammysql)... > > I am tail -f ing my mysql.log (mysql is running in logging mode) > > and I can see connections that I make from the command line but not > from the imap pam > > > I have the same config in sudo , sudo makes the connection but not imap. > > > > > > Nick Ustinov wrote: > > >>Vincent, >> >>I have rh7 and exactly the same situation -- pam_mysql, mysql and web >>interface for user creation, which inserts necessary records to mysql >> > tables > >>upon user creation. >> >>As for pam_mysql -- the tricky part here may be that you have unneeded >> > line > >>break in end of /etc/pam.d/imap file (I was fighting this for a couple of >>days :) >> >>Also, what format do you use in /etc/pam.d/imap ? >> >>I have >> >>auth optional ...(params for pammysql)... >>account required ...(same params for pammysql)... >> >>and worked just fine. Did you check /var/log/messages file? also, i'd >>recommend #define DEBUG in pam_mysql.c so you can see whats going on. >> >> >>Nick >> >>-Original Message- >>From: Vincent Stoessel [mailto:[EMAIL PROTECTED]] >>Sent: Monday, October 01, 2001 22:46 >>To: Nick Ustinov >>Cc: [EMAIL PROTECTED] >>Subject: Re: cyrus/pam tutorial? >> >> >>This is great. I have been banging my head against the wall here. >>Let me tell you what I want to do and you tell me if it even possible. >> >> >>1. I moved to cyrus from UW because of the ability to create virtual >>mailboxes >>and sasl has worked fine >> >>2, I also have a mysql database that contains user info and is also used >> > to > >>authenticate >>users for various parts of the website including my web based imap >>client. >> >>what I want to do is >> >>1. combine the creation of cyrus mailboxes with record creation in the sql >>db >>2. have cyrus use pam_mysql to look up and authenticate passwords from the >>sql database >> >> >>are 1 or 2 possible ? >> >>I have compiled pam_mysql as directed and tested it with pam module for >> > the > >>sudo >>and it definetely checks the database when I use it there. The same is not >>true for imap, >>no queries are made to the database and nothing seems to work except sasl >> >>I am working on an intel redhat linux 7.1 system. >> >>Thanks in advance. >> >>Nick Ustinov wrote: >> >> >> >>>Vincent, >>> >>>I am using cyrus with pam_mysql. Let me know what are the problems you are >>>facing and I will try to help. In general, you compile pam module, create >>>entries in /etc/pam.d (files imap and pop) with settings pam modules >>> >>> >>require >> >> >>>and set in /etc/imapd.conf sasl_pwcheck_method: pam >>> >>>Sincerely, >>>Nick >>> >>>-Original Message- >>>From: Vincent Stoessel [mailto:[EMAIL PROTECTED]] >>>Sent: Monday, October 01, 2001 21:40 >>>To: [EMAIL PROTECTED] >>>Subject: cyrus/pam tutorial? >>> >>> >>>Hello , I am having a hard time getting cyrus to >>>use pam authentication. It only seems to want to work >>>with sasl. Any tuttorials or hints? >>> >>> >>> >> >> > > > -- Vincent Stoessel [EMAIL PROTECTED] Java Linux Apache Mysql Php (JLAMP) Engineer (301) 362-1750 Mobile (410) 419-8588
RE: lmtpd locking continued
Jeremy, I was using old notify_unix from 2.0.13 since I changed the format of the output string a little bit; I will try to recompile with the new one and see if it is any change. By the way, it locked on connect(.../var/notify_unix) when the traffic was high and kept sendmail and lmtpd in memory. However, at some point it went thru but could be hanging for 10-20 minutes Nick -Original Message- From: Jeremy Howard [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 02, 2001 04:21 To: Nick Ustinov; 'Lawrence Greenfield'; Ken Murchison Cc: [EMAIL PROTECTED] Subject: Re: lmtpd locking continued > I ran strace on lmtpd and noticed that it sticks with connecting to > notify_unix socket. I recompiled it with-notify=no and it seems to work fine > now (and much faster too :) > > Ken, ignore last email with strace, it was all right (my fault) > I thought notify_unix.c was ignoring failure to connect to the notify socket. Obviously not! Given we've had 2 problems with this code in the last week, it sounds like someone who knows C a lot better than me should check it thoroughly...
RE: cyrus/pam tutorial?
I'd change it to auth optional /lib/security/pam_mysql.so ... is user cyr without password? also, you need db= table= usercolumn= Nick -Original Message- From: Vincent Stoessel [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 02, 2001 00:59 To: Nick Ustinov Cc: [EMAIL PROTECTED] Subject: Re: cyrus/pam tutorial? yeah ,killed and started master again. here is the file wc reports 3 lines. My email may have broken it up though [root@web pam.d]# cat imap auth optional pam_mysql.so user=cyr host=securedb passwdcolumn=Password crypt=2 auth required pam_warn.so accountrequired pam_mysql.so user=cyr host=securedb passwdcolumn=Password crypt=2 Nick Ustinov wrote: > No, should be fine. Did you restart master after making changes in > imapd.conf? Did you enable #define DEBUG in pam_mysql? What is exactly in > your /etc/pam.d/imap file? > > Nick > > -Original Message- > From: Vincent Stoessel [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, October 02, 2001 00:15 > To: Nick Ustinov > Cc: [EMAIL PROTECTED] > Subject: Re: cyrus/pam tutorial? > > > Changed but still no mysql connection. :-( > > > I compiled cyrus-imapd-2.0.16 with these flags: > > ./configure --with-auth=unix --without-krb --with-perl=/usr/bin/perl > > and cyrus-sasl-1.5.24 with : > > > ./configure --with-openssl=/usr/local/ssl --enable-netscapehack > --with-sasl=/usr/local --with-pam --disable-krb4 > --disable-gssapi --disable-cram > --disable-digest > > > > > > should I have included anything else > > Nick Ustinov wrote: > > >>it should be sasl_pwcheck_method, not sasl_passwd_check >> >>Nick >> >>-Original Message- >>From: Vincent Stoessel [mailto:[EMAIL PROTECTED]] >>Sent: Monday, October 01, 2001 23:47 >>Cc: [EMAIL PROTECTED] >>Subject: Re: cyrus/pam tutorial? >> >> >>This what my /etc/imapd.conf looks like: >> >> >>configdirectory: /var/imap >>partition-default: /var/spool/imap >>admins: admin >>srvtab: /var/imap/srvtab >>allowanonymouslogin: no >>sasl_passwd_check: PAM >>allowplaintext: yes >> >> >>Like you , I am using the following params >> >> > auth optional ...(params for pammysql)... >> > account required ...(same params for pammysql)... >> >>I am tail -f ing my mysql.log (mysql is running in logging mode) >> >>and I can see connections that I make from the command line but not >>from the imap pam >> >> >>I have the same config in sudo , sudo makes the connection but not imap. >> >> >> >> >> >>Nick Ustinov wrote: >> >> >> >>>Vincent, >>> >>>I have rh7 and exactly the same situation -- pam_mysql, mysql and web >>>interface for user creation, which inserts necessary records to mysql >>> >>> >>tables >> >> >>>upon user creation. >>> >>>As for pam_mysql -- the tricky part here may be that you have unneeded >>> >>> >>line >> >> >>>break in end of /etc/pam.d/imap file (I was fighting this for a couple of >>>days :) >>> >>>Also, what format do you use in /etc/pam.d/imap ? >>> >>>I have >>> >>>auth optional ...(params for pammysql)... >>>account required ...(same params for pammysql)... >>> >>>and worked just fine. Did you check /var/log/messages file? also, i'd >>>recommend #define DEBUG in pam_mysql.c so you can see whats going on. >>> >>> >>>Nick >>> >>>-Original Message- >>>From: Vincent Stoessel [mailto:[EMAIL PROTECTED]] >>>Sent: Monday, October 01, 2001 22:46 >>>To: Nick Ustinov >>>Cc: [EMAIL PROTECTED] >>>Subject: Re: cyrus/pam tutorial? >>> >>> >>>This is great. I have been banging my head against the wall here. >>>Let me tell you what I want to do and you tell me if it even possible. >>> >>> >>>1. I moved to cyrus from UW because of the ability to create virtual >>>mailboxes >>> and sasl has worked fine >>> >>>2, I also have a mysql database that contains user info and is also used >>> >>> >>to >> >> >>>authenticate >>> users for various parts of the website including my web based imap >>>client. >>> >>>what I want to do is >>> >>>1. combine the creation of cyrus mailboxes with record creation in the sql >>>db >>&g
pop3d auth
Pretty strange -- I have tuned pam_mysql to be case insensitive for usernames. If I telnet to imap port and do . login UsEr password it logs me in. If I do the same with pop3 (user UsEr pass password) according to log it says user UsEr logged in, however the response is -- ERR Invalid login ? Nick
Re: cyradm error
Cyrus, by default, installs its perl in
/usr/local/lib/site_perl/5.6.0/i386-linux/
Most of the perl scripts need @INC modified, as in
BEGIN {
push @INC, "/usr/local/lib/site_perl/5.6.0/i386-linux/";
};
before any use statements, but cyradm works differently -
This patch made it work for me:
--- cyradm~ Sat Sep 15 01:16:23 2001
+++ cyradmWed Sep 26 04:00:00 2001
@@ -40,8 +40,8 @@
#
#
case "x$BASH_VERSION" in
-x) exec perl -MCyrus::IMAP::Shell -e shell -- ${1+"$@"} ;;
-*) exec perl -MCyrus::IMAP::Shell -e shell -- "$@" ;;
+x) exec perl -I/usr/local/lib/site_perl/5.6.0/i386-linux/
-MCyrus::IMAP::Shell -e shell -- ${1+"$@"} ;;
+*) exec perl -I/usr/local/lib/site_perl/5.6.0/i386-linux/
-MCyrus::IMAP::Shell -e shell -- "$@" ;;
esac
echo "$0: how did I get here?" >&2
exit 1
At 09:17 AM 10/3/2001 -0300, Anderson wrote:
>Hi friends,
>I am running cyrus-imapd-2.0.16 along with postfix under Red Hat Linux 7.1.
>Who can help to decide this problem me ?
>
># cyradm -u cyrus localhost
>Can't locate Cyrus/IMAP/Shell.pm in @INC (@INC contains:
>/usr/lib/perl5/5.6.0/i386-linux /usr/lib/perl5/5.6.0
>/usr/lib/perl5/site_perl/5.6.0/i386-linux /usr/lib/perl5/site_perl/5.6.0
>/usr/lib/perl5/site_perl .).
>BEGIN failed--compilation aborted.
>
>
>Anderson Ferreira
>Analista de Suporte
>
>APPI Informática LTDA.
>Av. Atáufo de Paiva nº 135/1410
>Leblon - Rio de janeiro
>Tel - 55 21 2529-5600
>Fax - 55 21 2511-0785
--
War is an ugly thing, but it is not the ugliest of things. The decayed and
degraded state of moral and patriotic feeling which thinks that nothing is
worth war is much worse. A man who has nothing for which he is willing to
fight, nothing he cares about more than his own personal safety, is a
miserable creature who has no chance of being free, unless made so by the
exertions of better men than himself. -- John Stuart Mill
Nick Simicich - [EMAIL PROTECTED]
RE: New server
At 02:25 PM 10/3/2001 -0400, Kiarna Boyd wrote: >Wow. >Yes you are right if that is a base performance. >I have 2.0.16 currently for cyrus. Sendmail 8.22. > >Is there specific tuning I need to do? >Are there FAQ's available? I was running sendmail on a P-100 which primarily served as a mailing list host. I was sending out about 140,000 pieces of mail a week, and it was slamming the poor P-100. My average queue delay was about 1 hour 40 minutes for mail delivered without bounceback. I am now running postfix, still on the same hardware, my average delay in queue is under 10 minutes and instead of the delivery process being cpu bound, postfix takes less than 10% of the cpu and mail runs i/o bound. Postfix was essentially a drop-in replacement for sendmail, I think I had to change one place where I was invoking sendmail because I used an odd option that postfix's sendmail compatibility interface did not support. On a different system, I have postfix and cyrus well integrated. I am not nearly at your load levels on that system, so I can't provide any guidance. But if I were running 42% of my CPU for mail delivery, I would look to postfix or another mail system as a way of saving most of that. >My mail queue is high and I have about 20 imap seesions at peak. > >Nfs auto mounts to user home dirs. Mailboxes are local to the server though. > >I show 7 sendmail processes each at around 6 %. > >Thanks for your help! -- War is an ugly thing, but it is not the ugliest of things. The decayed and degraded state of moral and patriotic feeling which thinks that nothing is worth war is much worse. A man who has nothing for which he is willing to fight, nothing he cares about more than his own personal safety, is a miserable creature who has no chance of being free, unless made so by the exertions of better men than himself. -- John Stuart Mill Nick Simicich - [EMAIL PROTECTED]
Re: Eudora and ssl/tls and cyrus
At 05:02 PM 10/3/2001 -0400, Ken Murchison wrote: >Sorry about the late response, but I just got some time to look into >this. Your fix allows Eudora to negotiate TLSv1, but does NOT fix the >STARTTLS problem. I still can not get Eudora to do STARTTLS with an >unmodified Cyrus. Well, I just ran a bunch of tests, and I'm pretty sure I know what confused me. If you simply change the connection method, it uses the old connection method, until and unless you change the server name. Once you do that, it will try and reconnect, but it is pretty badly hosed. During testing, I got my client into a state where it would not make any TLS connection. I tried a bunch of stuff. Finally, in desperation, I sent a message to my tls protected smtp server, and then I was able to do at least an alternate port connection. But if you have made a connection, even i you turn off alternate port, it still uses the alternate port. I think that was why I was confused. >If you look closely at the log of your connection, you connected to an >imaps daemon, meaning that you're doing what Eudora calls an "Alternate >Port" connection (SSL wrapped IMAP on port 993). Because it says service-imaps? Yep, that is what was happening,even though I set it to "required, starttls". I assumed it had flipped back to the primary port. I should have run ethereal on the network connection. >So, we're back to square one -- Eudora is still broken. Yep. The only way it works is on the alternate port, which, I guess, is better than nothing. >Ken > > >Nick Simicich wrote: > > > > I just successfully got Eudora to negotiate TLS with Cyrus. This applies > > to Eudora 5.1. > > > > A log extract which shows that I was able to connect in TLS is below --- > > you will have to trust me that I did it from Eudora. The way to accomplish > > this is to stop Eudora, and using an editor like emacs or notepad, edit the > > eudora.ini file. In the [Settings] part of the file, find a entry labeled > > "SSLReceiveVersion" If it is there, change the value specified to 0. If > > it is not there, add a line reading > > > > SSLReceiveVersion=0 > > > > Then start Eudora again. > > > > This parameter defaults to 6, which allows SSL Version 3 only. A setting > > of 0 allows any of the settings it will speak. 7 forces TLS 1.0, other > > settings force various other combinations. But 0 makes Eudora permissive > > and allows it to speak what the other end wants to speak, thus allowing it > > to use TLS version 1.0. Why Eudora decided to make this parameter default > > to 6, I have no idea. I believe that this will allow Eudora 5.1 to talk to > > an unmodified Cyrus. > > > > The FAQ should probably be changed to mention this parameter -- and maybe > > when people contact Eudora it should be to ask that the parameter be > changed. > > > > Sep 27 22:37:40 parrot master[30495]: about to exec /usr/cyrus/bin/imapd > > Sep 27 22:37:40 parrot service-imaps[30495]: executed > > Sep 27 22:37:40 parrot imapd[30495]: accepted connection > > Sep 27 22:37:44 parrot imapd[30495]: starttls: TLSv1 with cipher > > DES-CBC3-SHA (1 > > 68/168 bits) no authentication > > Sep 27 22:37:45 parrot imapd[30495]: login: > > glock.squawk.com[208.176.124.157] ni > > ck CRAM-MD5+TLS User logged in > > Sep 27 22:37:45 parrot imapd[30495]: seen_db: user nick opened > > /var/imap/user/n/ > > nick.seen > > Sep 27 22:37:45 parrot imapd[30495]: open: user nick opened INBOX > > > > -- > > We often hear of war described as if it were some kind of impersonal > > affliction, such as the Black Plague or famine.The fact is that war is not > > just something that happens, it is something that people make happen, and > > they make it happen for reasons. As Clausewitz said, war is the > continuation > > of politics by other means. Exactly. War is neither a hurricane nor a > flood. > > It is, on the contrary, the cutting edge of ideology. > >-- Jeff Cooper > > Nick Simicich - [EMAIL PROTECTED] - http://scifi.squawk.com/njs.html > >-- >Kenneth Murchison Oceana Matrix Ltd. >Software Engineer 21 Princeton Place >716-662-8973 x26 Orchard Park, NY 14127 >--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp -- War is an ugly thing, but it is not the ugliest of things. The decayed and degraded state of moral and patriotic feeling which thinks that nothing is worth war is much worse. A man who has nothing for which he is willing to fight, nothing he cares about more than his own personal safety, is a miserable creature who has no chance of being free, unless made so by the exertions of better men than himself. -- John Stuart Mill Nick Simicich - [EMAIL PROTECTED]
RE: Many domains, one Cyrus
The idea is to bind each domain to separate ip address, set these ip addresses to single machine, set up master to listen to different ips and launch imapd, popd with -C paramters, that point to corresponding config files, which contain different spool dirs. Dig this maillist archive, it has pretty good instructions on doing this. Nick -Original Message- From: djinn [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 04, 2001 17:47 To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Many domains, one Cyrus I am looking for a way to set up cyrus (2.0.9) to deliver to mail boxes that are unique within their domain but not necessarily across the entire server. For example, we have a client named Chris Primus, [EMAIL PROTECTED] We have another client, Christopher Secundus, [EMAIL PROTECTED] These are obviously not the same people, and their mail should go to different mailboxes. The obvious and oft-suggested method for this is to create mailboxes named chris.client1 and chris.client2 and map, either with aliases or LDAP, [EMAIL PROTECTED]>chris.client1. This is fine and works well once you get it set up (I have). However, both Chris's have existing accounts with us, both Chris's pay us a lot of money and both Chris's are not technically savvy and will get very annoyed if I call them up and tell them that they have to change their Outlook mail settings to log in as a new, harder to remember username to check their mail. I have read that Cyrus can handle this sort of thing. Can anyone who's faced a similar situation help me out? TIA jenn
Re: Eudora, STARTTLS and the alternate port
One can use tls on the alternate port (not starttls but full time tls) by
changing the eudora.ini file to add the two lines as follow:
SSLReceiveVersion=0
SSLSendVersion=0
Oct 19 16:02:44 parrot imapd[17996]: starttls: TLSv1 with cipher
DES-CBC3-SHA (168
/168 bits) no authentication
Oct 19 16:02:45 parrot imapd[17996]: login:
glock.squawk.com[208.176.124.157] nick
CRAM-MD5+TLS User logged in
SSLSendVersion is used for the smtp connection, which may not be important
to you. But it seems that if you set one you should set the other for
completeness.
Whereas this is not STARTTLS, when you set "secure sockets" to "required,
alternate port" it will make a TLS connection to the alternate port on an
unmodified Cyrus, and TLS will work. So you can push the changes to your
eudora people by telling them to make this change to their eudora.ini file.
I originally thought that this would allow starttls on the primary port,
but it won't. It will, however, negotiate TLS with an unmodified cyrus on
the alternate port if you add the above two lines to the eudora.ini file in
the settings area. Stop eudora, edit eudora.ini, start eudora again.
If you make a change to the port negotiations, and there is an active
connection, the connection will not change unless you stop and start
eudora, or maybe change the name of the machine that you are connecting
to. If you just tell it to change from "required, alternate port" to
"required, STARTTLS" it will continue to use the old connection on the
alternate port. that was why I originally thought that this change allowed
"required, STARTTLS" on the primary port to work.
ssl v3 and tls are equally strong, so far as I know, for picking the
symmetric key. The symmetric cypher mentioned above is real good, I
believe. :-)
At 09:52 AM 2001-10-19 -0400, Scott Adkins wrote:
>Okay, we just got bitten by the Eudora 5.x STARTTLS problem that was
>discussed last month. We have the same problem where only those clients
>cannot negotiate a TLS connection properly, and thus fails to login at
>all. So...
>
>Ken suggested removing or commenting out the following lines:
>
> if (tlsonly) {
> off |= SSL_OP_NO_SSLv2;
> off |= SSL_OP_NO_SSLv3;
> }
>
>I am wondering exactly what effect this will have on us... how does this
>affect clients that *do* TLS just fine, such as Mulberry, for instance?
>Would the other clients still use TLS and Eudora use SSLv3?
>
>For my next question, I am curious if there is a way to turn off the
>STARTTLS capability on the main imap port, but still allow the use of
>the alternate IMAP SSL port. I don't see this capability in the server,
>appearing to be an all or nothing type thing based onthe tls options
>listed in the imapd.conf file. Using stunnel to wrap imap on an imaps
>port is not really an option here, but I know that is one way to do it.
>
--
War is an ugly thing, but it is not the ugliest of things. The decayed and
degraded state of moral and patriotic feeling which thinks that nothing is
worth war is much worse. A man who has nothing for which he is willing to
fight, nothing he cares about more than his own personal safety, is a
miserable creature who has no chance of being free, unless made so by the
exertions of better men than himself. -- John Stuart Mill
Nick Simicich - [EMAIL PROTECTED]
Re: RFC: Sieving mail delivered directly to shared/public folders
It seems to me that this could be far more easily done by creating a pseudo- user. Have this user be the target of the alias and his sieve script will be run. That sieve script can have nothing but fileinto directives to populate the public folders. This pseudo-user does not even have to have an INBOX, I don't think. Or if it does, then it will be perpetually empty if your sieve script is written correctly. :-)
Re: Microsoft Outlook Express "Logon using Secure Password Authentication" option.
At 09:26 AM 9/28/2001 +0200, Tarjei Huse wrote: >In the "advanced" tag in OE, there are settings for setting ssl and ports for >the server. Please tell me if I am wrong, but my impression with OE is that it can't use startssl. It can either make a connection to a TLS enabled socket or it will talk in the clear. Is that true? -- We often hear of war described as if it were some kind of impersonal affliction, such as the Black Plague or famine.The fact is that war is not just something that happens, it is something that people make happen, and they make it happen for reasons. As Clausewitz said, war is the continuation of politics by other means. Exactly. War is neither a hurricane nor a flood. It is, on the contrary, the cutting edge of ideology. -- Jeff Cooper Nick Simicich - [EMAIL PROTECTED] - http://scifi.squawk.com/njs.html
Re: Eudora and ssl/tls and cyrus
At 08:41 AM 9/28/2001 -0400, Jeremy Beker wrote: >Any ideas as to where on the Mac version one would set this? I don't have a mac. I found this by looking at the on-line user's manual in the Eudora web site. Hmmm. The manual is in an hqx file, and winzip won't decompress it The manuals are pointed to by a web page off of http://www.eudora.com/email/docs/index.html. I tried downloading it twice and I guess that winzip can't deal with the file, it says that the binhex has no "end". I also found the parameter in windows in the online help by doing a search for "tls" - that brought up the section on the Eudora INI file. Now, in the windows version, at least, there are huge numbers of things that can be set in the eudora.ini file - the filtering for the headings you see is controlled there. I don't know anyone who is a "heavy" Eudora user who does not hack their ini file, and this includes people who are pretty hapless. I'd be surprised if there was not some equivalent for the mac Eudora folks. So maybe someone who actually has a mac can download the manual and look at it, I can't. I should make it clear that I don't speak for the Eudora folks, I just use the product. By the way, there is a corresponding parameter, SSLSendVersion which controls the encodings used by the smtp connection. If you are setting SSLReceiveVersion to 0 to allow TLS, you probably also want to set SSLSendVersion to 0, so that you use TLS for both connections. -- We often hear of war described as if it were some kind of impersonal affliction, such as the Black Plague or famine.The fact is that war is not just something that happens, it is something that people make happen, and they make it happen for reasons. As Clausewitz said, war is the continuation of politics by other means. Exactly. War is neither a hurricane nor a flood. It is, on the contrary, the cutting edge of ideology. -- Jeff Cooper Nick Simicich - [EMAIL PROTECTED] - http://scifi.squawk.com/njs.html
Re: Eudora and ssl/tls and cyrus
I apologize that this is a FAQ and will now scurry off to recompile. Yep,
that does it, it established a sslV3 connection immediately, authenticated
without a problem.
Are there more Eudora related questions in this 2.1 FAQ? Is it available
anywhere? Ah, you said it was available in CVS, I'll try to figure out how
to access it, I'm not a CVS maven by any stretch of the imagination, I
think I used it from a cookbook once several years ago.
I will write a note to their tech support.
RFC2246 describes TLS. It looks like the Standards Track RFC that requires
TLS for the STARTTLS command is RFC2595, specifically section 2.1, Cipher
Suite Requirements. So it looks like they are in violation of
2595. Perhaps the FAQ should be updated to point to 2595, the requirement
that TLS is a requirement for implementation of the STARTTLS command is
very clear there.
At 08:16 AM 9/27/2001 -0400, Ken Murchison wrote:
>Nick Simicich wrote:
> >
> > I did some searches in the archives. If there is anything similar,
> > searching on Eudora and ssl or tls didn't find it. Eudora will not
> > complete TLS negotiation with Cyrus.
> >
> > I am running Redhat Roswell (the current Redhat Beta, 7.1+) on an Intel
> box.
> >
> > I am running cyrus-imapd-2.0.15-HIERSEP-r2, and (from the Redhat rpm)
> > openssl-0.9.6b-7.
> >
> > I have generated a server key that works with Eudora 5.1 when I use it to
> > communicate with smtp and Postfix. It is not signed by a "known CA" but
> > Eudora allows you to "trust" a particular certificate. smtp goes through
> > the postfix use of the SSL library. However, when I use that same key to
> > connect to imap on the alternate port, things just don't work.
> >
> > The message (from Eudora) is:
> >
> > SSL Negotiation failed: You have configured the personality/protocol to
> > reject any exchange key lengths below 0. But the negotiated exchange key
> > length is -1. Hence this established secure channel is
> > unacceptable. Connection will be dropped. Cause: (-6996)
>
> >From doc/faq.html in CVS (to be inluded in the 2.1 release):
>
>Q: Eudora 5.x can't connect using STARTTLS ("SSL Neogotiation Failed").
>What should I do?
>
> A: First, complain to QUALCOMM because their STARTTLS
>implementation is broken. Eudora doesn't support TLSv1
> (per RFC2246) and Cyrus requires it. If you really need this
>before it is fixed in Eudora, remove or comment
> out the following lines in tls.c:
>
> if (tlsonly) {
> off |= SSL_OP_NO_SSLv2;
> off |= SSL_OP_NO_SSLv3;
> }
>
>
>FYI, I have complained to QUALCOMM with no response. Perhaps if more
>people complain, they will do something about it. After all, the
>command IS called STARTTLS and not STARTSSL.
--
We often hear of war described as if it were some kind of impersonal
affliction, such as the Black Plague or famine.The fact is that war is not
just something that happens, it is something that people make happen, and
they make it happen for reasons. As Clausewitz said, war is the continuation
of politics by other means. Exactly. War is neither a hurricane nor a flood.
It is, on the contrary, the cutting edge of ideology.
-- Jeff Cooper
Nick Simicich - [EMAIL PROTECTED] - http://scifi.squawk.com/njs.html
Re: Eudora and ssl/tls and cyrus
At 07:46 AM 9/27/2001 -0500, Amos Gouaux wrote: > >>>>> On Thu, 27 Sep 2001 01:05:53 -0400, > >>>>> Nick Simicich <[EMAIL PROTECTED]> (ns) writes: > >ns> I did some searches in the archives. If there is anything similar, >ns> searching on Eudora and ssl or tls didn't find it. Eudora will not >ns> complete TLS negotiation with Cyrus. > >Are you attempting to use the 'alternate port' configuration, or the >'starttls' configuration? I ask because we were able to get the >'alternate port' configuration to work, but not the other. Turns >out that Eudora actually tries to do 'startssl' instead of >'starttls'. (No, 'startssl' doesn't exist.) I had actually posted a trace of one of the sessions, extracted from ethereal (before it started working). As you can see, the verb being used in, in fact, STARTSSL. So I am of the opinion that if eudora was mistakenly using a "STARTSSL" verb, that they are now using STARTTLS (and, after that, refusing to actually start a TLS session - when I made the code change to turn not reject negotiation of SSL v2 and V3, it began negotiating a SSL V3 session rather than failing to negotiate a TLS session). But I had actually attempted both the alternate port configuration and the main-port-with-startssl configuration, and they both failed in the same way - it is that Eudora does ot support TLS. I have not looked at the details of the negotiation since examining the differences between SSL V2 and SSL V3 closely when trying to determine why socksified connections to SSL V3 servers sometimes failed while SSL V2 connections always worked (some early SSL V3 implementations could not fallback when the cached secret on the server was not known to the client because it was not, in fact, the same client even though it came from the same IP address, the bypass was, in many cases, to force V2). So I don't know what, if any, advantages there are from forcing TLS, or why someone would not want to go ahead and fall back to SSL V3 other than it adheres to standards. The code change that was suggested to not force TLS but to accept the use of either TLS or SSL V2/V3 allowed things to work. >* OK parrot.squawk.com Cyrus IMAP4 v2.0.15-HIERSEP-r2 server ready >0 CAPABILITY >* CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID >NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT >THREAD=REFERENCES IDLE STARTTLS AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 >0 OK Completed >1 STARTTLS >1 OK Begin TLS negotiation now >Then some binary gets put in here... >1 NO Starttls failed >* BAD Invalid tag >* BAD Invalid tag >and a short binary burst here... >If this sounds like it might be your situation, either use the >'alternate port' or make a small change to the Cyrus code (I forget >exactly where) so that it will tolerate this non-standard >'startssl'. I understand this has been reported to Eudora. The client that I have had to force to use alternate ports is Lookout. I have not bothered to investigate why in those cases. -- We often hear of war described as if it were some kind of impersonal affliction, such as the Black Plague or famine.The fact is that war is not just something that happens, it is something that people make happen, and they make it happen for reasons. As Clausewitz said, war is the continuation of politics by other means. Exactly. War is neither a hurricane nor a flood. It is, on the contrary, the cutting edge of ideology. -- Jeff Cooper Nick Simicich - [EMAIL PROTECTED] - http://scifi.squawk.com/njs.html
Eudora and ssl/tls and cyrus
I just successfully got Eudora to negotiate TLS with Cyrus. This applies to Eudora 5.1. A log extract which shows that I was able to connect in TLS is below --- you will have to trust me that I did it from Eudora. The way to accomplish this is to stop Eudora, and using an editor like emacs or notepad, edit the eudora.ini file. In the [Settings] part of the file, find a entry labeled "SSLReceiveVersion" If it is there, change the value specified to 0. If it is not there, add a line reading SSLReceiveVersion=0 Then start Eudora again. This parameter defaults to 6, which allows SSL Version 3 only. A setting of 0 allows any of the settings it will speak. 7 forces TLS 1.0, other settings force various other combinations. But 0 makes Eudora permissive and allows it to speak what the other end wants to speak, thus allowing it to use TLS version 1.0. Why Eudora decided to make this parameter default to 6, I have no idea. I believe that this will allow Eudora 5.1 to talk to an unmodified Cyrus. The FAQ should probably be changed to mention this parameter -- and maybe when people contact Eudora it should be to ask that the parameter be changed. Sep 27 22:37:40 parrot master[30495]: about to exec /usr/cyrus/bin/imapd Sep 27 22:37:40 parrot service-imaps[30495]: executed Sep 27 22:37:40 parrot imapd[30495]: accepted connection Sep 27 22:37:44 parrot imapd[30495]: starttls: TLSv1 with cipher DES-CBC3-SHA (1 68/168 bits) no authentication Sep 27 22:37:45 parrot imapd[30495]: login: glock.squawk.com[208.176.124.157] ni ck CRAM-MD5+TLS User logged in Sep 27 22:37:45 parrot imapd[30495]: seen_db: user nick opened /var/imap/user/n/ nick.seen Sep 27 22:37:45 parrot imapd[30495]: open: user nick opened INBOX -- We often hear of war described as if it were some kind of impersonal affliction, such as the Black Plague or famine.The fact is that war is not just something that happens, it is something that people make happen, and they make it happen for reasons. As Clausewitz said, war is the continuation of politics by other means. Exactly. War is neither a hurricane nor a flood. It is, on the contrary, the cutting edge of ideology. -- Jeff Cooper Nick Simicich - [EMAIL PROTECTED] - http://scifi.squawk.com/njs.html
Re: Eudora and ssl/tls and cyrus
At 07:37 PM 9/27/2001 -0400, Nick Simicich wrote: >I had actually posted a trace of one of the sessions, extracted from >ethereal (before it started working). As you can see, the verb being used >in, in fact, STARTSSL. So I am of the opinion I meant to type STARTTLS above, not STARTSSL. Just shoot me now. The final solution was to change a parameter in the eudora.ini file to allow it to negotiate tls. -- We often hear of war described as if it were some kind of impersonal affliction, such as the Black Plague or famine.The fact is that war is not just something that happens, it is something that people make happen, and they make it happen for reasons. As Clausewitz said, war is the continuation of politics by other means. Exactly. War is neither a hurricane nor a flood. It is, on the contrary, the cutting edge of ideology. -- Jeff Cooper Nick Simicich - [EMAIL PROTECTED] - http://scifi.squawk.com/njs.html
sendmail vs. lmtp
Here's what sendmail -q -v gives: Running /var/spool/mqueue/f8SA52LY010595 (sequence 1 of 322) f8SA52LY010595: locked Running /var/spool/mqueue/f8S9utK1032228 (sequence 2 of 322) f8S9utK1032228: locked Running /var/spool/mqueue/f8S9wCS5002185 (sequence 3 of 322) f8S9wCS5002185: locked Running /var/spool/mqueue/f8S9wiQ1003110 (sequence 4 of 322) f8S9wiQ1003110: locked Running /var/spool/mqueue/f8S9xPHr004028 (sequence 5 of 322) f8S9xPHr004028: locked Running /var/spool/mqueue/f8S9ppOE025946 (sequence 6 of 322) f8S9ppOE025946: locked Running /var/spool/mqueue/f8S9vKUr000525 (sequence 7 of 322) f8S9vKUr000525: locked Running /var/spool/mqueue/f8S9www2003521 (sequence 8 of 322) f8S9www2003521: locked Running /var/spool/mqueue/f8S9vEOv000359 (sequence 9 of 322) [EMAIL PROTECTED] Connecting to /var/imap/socket/lmtp via cyrus... 220 satan.inbox.lv LMTP Cyrus v2.1.0pre ready >>> LHLO satan.inbox.lv 250-satan.inbox.lv 250-8BITMIME 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-SIZE 250-AUTH PLAIN EXTERNAL 250 IGNOREQUOTA >>> MAIL From:<[EMAIL PROTECTED]> SIZE=464 250 2.1.0 ok >>> RCPT To: >>> DATA 250 2.1.5 ok 354 go ahead >>> . 250 2.1.5 Ok [EMAIL PROTECTED] Sent Running /var/spool/mqueue/f8S9vr2d001619 (sequence 10 of 322) f8S9vr2d001619: locked Basically, after each messages that "not locked" for him, sendmail freezes for 1-2 minutes.. then goes ahead, skips 40-50 msgs and delivers one more.. then freezes again. Ideas? Nick
sendmail?
Hey, Maybe this is not the right place to ask, but anyway.. I somehow came to the point, when sendmail is not even connecting to cyrus in any case. cyrus.log file keeps silence. I have 10 messages in /var/spool/mqueue, so I do /usr/sbin/sendmail -q -v and what I see is: Running /var/spool/mqueue/f8SFhVE14937 (sequence 1 of 8) and that's it. It just stops here doing nothing. All debug levels are tuned up to max values. I've tried to use lmtpunix socket and tried to use lmtp listener -- same result. If I connect to lmtp listen manually, it issues promt, replies to LHLO and behaves normally. Any ideas? Here's my new "minimal" .mc file: # define(`confDEF_USER_ID',``8:12'') define(`confBIND_OPTS',`-DNSRCH -DEFNAMES') define(`confTO_IDENT',`0') FEATURE(`nocanonify') FEATURE(`always_add_domain') FEATURE(`accept_unresolvable_domains') FEATURE(`use_cw_file') MAILER(`local') MAILER(`smtp') MAILER_DEFINITIONS Mcyrus, P=[IPC], F=lsDFMnqA@/:|SmXz, E=\r\n, S=EnvFromL, R=EnvToL/HdrToL, T=DNS/RFC822/X-Unix, A=FILE /var/imap/socket/lmtp LOCAL_RULE_0 Rbb + $+ < @ $=w . >$#cyrus $: + $1 #- Sincerely, Nick
RE:
you can use pam_mysql or pam_ldap -Original Message- From: Robert McCallum [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 09, 2001 20:09 To: info-cyrus Subject: Hello, Which methods of authentication can be used if I do not want to actually add user accounts to the server that cyrus is running on, just mail accounts?? Thanks in advance Robert __ Do You Yahoo!? NEW from Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1
RE: pam/mysql doesnt work
and which pam_mysql? did you compile it enabling DEBUG option? Nick -Original Message- From: Mark Davis [mailto:[EMAIL PROTECTED]] Sent: Friday, October 12, 2001 14:40 To: [EMAIL PROTECTED] Subject: Re: pam/mysql doesnt work Hi! again Thx for your answer. But i also tried to compile sasl with the follwoing options: $ ./configure --prefix=/usr --with-passwd_method=PAM --with_pam=/lib/security or $ ./configure --prefix=/usr --with_pam=/lib/security and as you can see in the log of my configure: > >checking for pam_start in -lpam... yes > >checking for security/pam_appl.h... yes > >checking PAM support... yes I also tried sasl_pwcheck_method: pam, pan??? and pam. Always "cannot find ..." And i also removed the "pwcheck_method" from imapd.conf And finally there are NO spaces at the end (i verified with vi). Nothing worked. I'am getting frustrated. Isn't there a how-to that i maybe didnt worked through, that you can tell me ? I am using ( i forgot to mention last time): Distro: SuSE 7.2 (Maybe next monday i try 7.3) openssl-0.9.6a (and dev) cyrus-imapd-2.0.16 cyrus-sasl-1.5.24 pam-0.74-39 (and dev) mysql-2.23.37 (client and dev) Greets Mark Davis Am Donnerstag, 11. Oktober 2001 14:36 schrieben Sie: > Mark, > > Try substituting --with-pam for --with-passwd_method=PAM when > configuring sasl. > > > Also try removing: > > pwcheck_method: PAM > > from your /etc/imapd.conf . You should only require: > > sasl_pwcheck_method: pam > > Mark Davis wrote: > >Hi all... > > > >I want to authenticate the users via a mysql-db. So i compiled pam_mysql > > and made the files pop3/imap in the /etc/pam.d/ directory. > > > >I read all the mailings about pam / mysql... But i still have problems to > > get the thing to work... > > > >I always get the following message in /var/log/messages or > > /var/log/auth.log: > > > >Oct 10 15:33:24 mail imapd[10949]: unrecognized plaintext verifier PAM > > > >It seems, that sasl doesnt know what PAM is ?! > > > >I compiled sasl with: > >$ ./configure \ > >--prefix=/usr \ > >--with-passwd_method=PAM > > > >and the result auf the configure-script looks as PAM should work (see > > below). > > > >sasldb works fine... Any ideas ? All my configuration files are listed > > below. > > > >Greets > >Mark Davis > > > >$ ldd /usr/local/imapd/bin/imapd > >libsasl.so.7 => /usr/local/lib/libsasl.so.7 (0x40017000) > >libssl.so.0.9.6 => /usr/lib/libssl.so.0.9.6 (0x40026000) > >libcrypto.so.0.9.6 => /usr/lib/libcrypto.so.0.9.6 (0x40054000) > >libdb-3.3.so => /usr/lib/libdb-3.3.so (0x40115000) > >libresolv.so.2 => /lib/libresolv.so.2 (0x40196000) > >libnsl.so.1 => /lib/libnsl.so.1 (0x401a8000) > >libc.so.6 => /lib/libc.so.6 (0x401be000) > >libdl.so.2 => /lib/libdl.so.2 (0x402db000) > >libcrypt.so.1 => /lib/libcrypt.so.1 (0x402df000) > >/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x4000) > > > > > >$ more /usr/local/sasl/cyrus.conf > >pwcheck_method: PAM > > > > > >$ more /etc/imapd.conf: > >configdirectory: /var/imap > >partition-default: /var/spool/imap > >admins: root cyrus > >sasl_pwcheck_method: PAM > >srvtab: /var/imap/srvtab > >allowanonymouslogin: no > >pwcheck_method: PAM > >allowplaintext: yes > > > > > >$ ./configure --prefix=/usr --with-passwd_method=PAM > >... > >checking for syslog... yes > >checking for crypt... no > >checking for crypt in -lcrypt... yes > >checking for connect... yes > >checking for pam_start in -lpam... yes > >checking for security/pam_appl.h... yes > >checking PAM support... yes > >checking CRAM-MD5... enabled > >checking SCRAM-MD5... disabled > >checking for des_pcbc_encrypt in -ldes... no > >checking for RSAPublicEncrypt in -lrsaref... no > >checking for des_pcbc_encrypt in -lcrypto... yes > >checking for openssl/des.h... yes > >checking DIGEST-MD5... enabled > >checking for res_search in -lresolv... yes > >checking for krb.h... no > >configure: warning: No Kerberos V4 found > >checking KERBEROS_V4... disabled > >checking for gssapi.h... no > >checking for gssapi/gssapi.h... no > >configure: warning: Disabling GSSAPI > >checking GSSAPI... disabled > >checking ANONYMOUS... enabled > >checking PLAIN... enabled > >checking LOGIN... disabled > >checking SRP... disabled > >checking X509... disabled > > > > > >$more /etc/pam.d/imap (or pop3) > >#%PAM-1.0 > >authoptional/lib/security/pam_mysql.so user=test passwd=word > >host=localhost table=user db=mail crypt=2 > >password required /lib/security/pam_mysql.so user=test passwd=word > >host=localhost table=user db=mail crypt=2
RE: pam/pop3d problems...
one of the problems could be that you didn't create mailboxes for users using cyradm. in that case imap auth works fine, but pop3 fails. nick -Original Message- From: Robin Ericsson [mailto:[EMAIL PROTECTED]] Sent: Monday, October 15, 2001 10:58 To: [EMAIL PROTECTED] Subject: pam/pop3d problems... Hi, I'm using the IMAPd with PAM and pam_mysql, and it works great, and as I found need to have POP3 aswell, I though I could just enable that in cyrus.conf and copy pam config. But that didn't seem to work. I'm not using pam.d, but pam.conf, and the lines for imap and pop3 are identical. I'm using cyrus 2.0.16 on FreeBSD built from ports, so any help is very useful. -- Robin Ericsson fyllo.net / jalla.nu
Stupid Exchange migration question
This doesn't have a lot to do with Cyrus, I'll admit (I am a big big fan of cyrus, though). But I need to come up with some kind of answer in order to make management even consider migrating away from exchange. Cyrus has public folders, which is good. But when using Outlook against an IMAP server, you can't store contact folders on the IMAP server. What have people used in the past as a solution for having a public contacts folder in Outlook shared throughout an organization when not using an exchange server? Do you mount it from a share or something?
Re: mmap support on NetBSD
On Friday 11 January 2002 1:12 pm, Sean Witham wrote: > Does anyone know what the mmap issues were/are that cause Cyrus not > to use mmap on NetBSD ? I ask because I am aware that there have been > fixes to mmap in recent releases of NetBSD. I asked about this and apparently fixing the bug in the netbsd-1-5 branch is non-trivial. > If a Cyrus expert would like to post what bugs in NetBSD mmap > prevents its use by Cyrus to the tech-pkg list, the package team may > be able to check if these are known fixed bugs and re-test Cyrus with > mmap support enabled. The cyrus configure script does a good job of determining if mmap support is available. I would expect a -current user to get mmap support and a netbsd-1-5 user not to get mmap support. Nick
altnamespace and unixhierarchysep patches for 2.0.16?
Does anyone have patches relative to 2.0.16 that will enable these two features? I've done it in the past and had it work just fine. I can't upgrade to 2.1.x yet because FreeBSD does not yet have a port for SASL 2.x and I don't feel like going off the beaten path for this.
Re: PHP Interface/Web GUI
Steven M Bloomfield said: > www.squirrelmail.org is a web based e-mail client written in PHP > Works fine connecting to Cyrus. > Use websieve for web gui interface. squirrelmail doesn't work fine with cyrus... It works FANTASTICALLY with cyrus!! :-) There is also a sieve plugin for squirrelmail. It's not 100% yet, but it's pretty close to the mark. squirrelmail, cyrus, cyrus-sasl set up for PAM and the PAM_SMB module is a truly awesome replacement for an Exchange server. Now if only someone would make it possible for Outlook to store non-mail folders (that is, contacts and schedule stuff) on cyrus... :-)
/var/imap/db/log.000000000x
Hey, Is it possbile to disable BDB logging (or whatever that is -- /var/imap/db/log.0x)? The system creates 10Mb files and under high traffic it's 100-150 Mb/day Sincerely, Nick --- This message contains no viruses. Guaranteed by Kaspersky Anti-Virus. www.antivirus.lv
Re: Cyrus and IMP
We are running cyrus 2.1.0 with imp 3.0 in a production environment. The system has about 150,000 user accounts and over 600,000 cyrus mailboxes. Apache server load is 50-100 reqs/second. Everything works excellent, basically I don't even look after it -- it just works :) Nick > Hi all, > > I'm a rather new Linux user and I have just started up > my own server. The machine is right now running Debian 2.2 (potato), > Exim, courier-imap and imp 2.2. > > My question is if anyone else on this list is running > IMP (pref. 3.0) with Cyrus 1.5.19 or above? > > My goal is to upgrade to the much improved IMP version 3.0 > and it depends on that other programs be upgraded first. Potato > includes a version of Cyrus that is reported to work with IMP 3. > So by switching to Cyrus would mean one program less to upgrade > manually. > > Thanks in advance for any tips or tricks. > > /jonas, Sweden. > > > Sincerely, Nick --- This message contains no viruses. Guaranteed by Kaspersky Anti-Virus. www.antivirus.lv
Re: Cyrus and IMP
Reklama. one athlon 1.4ghz 756Mb RAM running RH7.1,Cyrus2.1,sendmail,pam_mysql,kaspersky antivirus second athlon 1.4ghz 1 gb RAM running RH7.1,Apache, php+APC cache, mysql, IMP3 Works suprisingly well :) system load at peak times is up to 2, however this doesn't slow down anything at all. i would recommend installing APC cache for PHP, which decreases load of webmail server dramatically (in my case at least it was over 400% improvement). Nick > what hardware do you use to support this load? > > David Lang > > On Sun, 24 Mar 2002, Nick Ustinov wrote: > > > Date: Sun, 24 Mar 2002 11:52:32 +0200 > > From: Nick Ustinov <[EMAIL PROTECTED]> > > To: Jonas Jacobsson <[EMAIL PROTECTED]> > > Cc: [EMAIL PROTECTED] > > Subject: Re: Cyrus and IMP > > > > We are running cyrus 2.1.0 with imp 3.0 in a production environment. The > > system has about 150,000 user accounts and over 600,000 cyrus mailboxes. > > Apache server load is 50-100 reqs/second. Everything works excellent, > > basically I don't even look after it -- it just works :) > > > > Nick > > > > > > > Hi all, > > > > > > I'm a rather new Linux user and I have just started up > > > my own server. The machine is right now running Debian 2.2 (potato), > > > Exim, courier-imap and imp 2.2. > > > > > > My question is if anyone else on this list is running > > > IMP (pref. 3.0) with Cyrus 1.5.19 or above? > > > > > > My goal is to upgrade to the much improved IMP version 3.0 > > > and it depends on that other programs be upgraded first. Potato > > > includes a version of Cyrus that is reported to work with IMP 3. > > > So by switching to Cyrus would mean one program less to upgrade > > > manually. > > > > > > Thanks in advance for any tips or tricks. > > > > > > /jonas, Sweden. > > > > > > > > > > > > > > > > > Sincerely, > > Nick > > > > > > > > --- > > This message contains no viruses. > > Guaranteed by Kaspersky Anti-Virus. > > www.antivirus.lv > > > Sincerely, Nick --- This message contains no viruses. Guaranteed by Kaspersky Anti-Virus. www.antivirus.lv
Re: Please help with user problem
Reklama. You can either: 1) cd /usr/cyrus/bin su cyrus ./reconstruct user. 2) go to cyradm, sam user. c dm user. Nick > I am using Redhat 7.1 running cyrus 2.0.9 with Postfix. I dame a > mistake and deleted a user's directory and can't get it off a backup. > When I go into cyradm and try to set my ACl list to c so I can delete > the user, it gives me an I/O error. When I just try to delete it using > the dm command, it gives me a permission denied error. I made a > directory of the user's name in my user partition hoping it would get > rid of the I/O error but that didn't work. Anyone know how I can get > rid of this error so I can delete this user and then rebuild him? > > Sincerely, Nick --- This message contains no viruses. Guaranteed by Kaspersky Anti-Virus. www.antivirus.lv
oops, sorry for html mess
Sorry, SMTP server I had was adding ads to outgoing messages :) Sincerely, Nick
Re: cyrus on compaq alpha
worked on alpha :) just to let you know: small change was needed in imclient.c and imclient.h -- where those functions are declared you have to put size_t instead of unsigned Sincerely, Nick - Original Message - From: "Nick Ustinov" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, March 27, 2002 23:01 Subject: cyrus on compaq alpha > Has anyone tried to compile cyrus 2.1.3 on alpha? The result I get is: > > make[1]: Entering directory `/root/cyrus_2.1.3_nick/lib' > gcc -c -I.. -I/usr/include/db3 -I/usr/local/include -DHAVE_CONFIG_H -I. -I > . -Wall -g -O2 \ > imclient.c > imclient.c:628: conflicting types for `imclient_write' > imclient.c:198: previous declaration of `imclient_write' > imclient.c:1485: conflicting types for `imclient_writebase64' > imclient.c:201: previous declaration of `imclient_writebase64' > make[1]: *** [imclient.o] Error 1 > make[1]: Leaving directory `/root/cyrus_2.1.3_nick/lib' > make: *** [all] Error 1 > > > Sincerely, > Nick > >
Re: Problem with cyrus: daemon not responding - ctl_mboxlist running
Oh, also check /etc/cyrus.conf so you have sievecmd="timsieved" listen="sieve" prefork=0 under SERVICES Sincerely, Nick - Original Message - From: "Kennedy van Dam Eric" <[EMAIL PROTECTED]> To: "info-cyrus" <[EMAIL PROTECTED]> Sent: Friday, March 29, 2002 18:43 Subject: Problem with cyrus: daemon not responding - ctl_mboxlist running > Hi everybody. > > We suffer a problem with Cyrus-sasl. > > Taper (backup application) completly froze the server and we need to make a hard > reboot. Since this reboot, people are unable to connect to their mail account > (using imap4 or pop3). > > For a while, restarting cyrus service only seems to restart the pop3d daemon. > Now the same command restart first pop3d and then imapd (a few seconds later). > But we are stil unable to receive any mail (pop or imap). The only process which > seems to run continuously is the ctl_mboxlist. > > Does anyone have an idea about what happend or is happening. > In the worst case, which files do we need to backup/verify/recover if we need to > reinstall the server ? > > thanks for any help you can provide. > > -- > Eric Kennedy van Dam > Administrateur Système - Ingénieur Certifié RedHat > Mail: [EMAIL PROTECTED] > url: http://telecom.fpms.ac.be >
Re: Problem with cyrus: daemon not responding - ctl_mboxlist running
Which version of cyrus are you using? And why do you say that the problem is with cyrus-sasl? ctl_mboxlist is using cyrus-imapd mailbox database. You can try to kill ctl_mboxlist, then go to /usr/cyrus/bin do su cyrus and run ./ctl_cyrusdb -r. I guess in older versions it was ctl_mboxlist -r but I am not sure. If that doesn't help, you can dump mailboxes to a text file by ./ctl_mboxlist -d -f mailboxdump.txt, then rename /var/imap/mailboxes.db to mailboxes.db.old and run ./ctl_mboxlist -u To: "info-cyrus" <[EMAIL PROTECTED]> Sent: Friday, March 29, 2002 18:43 Subject: Problem with cyrus: daemon not responding - ctl_mboxlist running > Hi everybody. > > We suffer a problem with Cyrus-sasl. > > Taper (backup application) completly froze the server and we need to make a hard > reboot. Since this reboot, people are unable to connect to their mail account > (using imap4 or pop3). > > For a while, restarting cyrus service only seems to restart the pop3d daemon. > Now the same command restart first pop3d and then imapd (a few seconds later). > But we are stil unable to receive any mail (pop or imap). The only process which > seems to run continuously is the ctl_mboxlist. > > Does anyone have an idea about what happend or is happening. > In the worst case, which files do we need to backup/verify/recover if we need to > reinstall the server ? > > thanks for any help you can provide. > > -- > Eric Kennedy van Dam > Administrateur Système - Ingénieur Certifié RedHat > Mail: [EMAIL PROTECTED] > url: http://telecom.fpms.ac.be >
Re: Cyrus-Imap/Sieve/Postfix/SuSE7.3
Make sure you have
sievedir: /usr/sieve
in your /etc/imapd.conf
Sincerely,
Nick
- Original Message -
From: "Alain Barthélemy" <[EMAIL PROTECTED]>
To: "Cyrus-list" <[EMAIL PROTECTED]>
Cc: "cassandre" <[EMAIL PROTECTED]>
Sent: Friday, March 29, 2002 15:27
Subject: Cyrus-Imap/Sieve/Postfix/SuSE7.3
> Hello,
>
> Trying to install sieve but I am stucked
>
> I am looking for a good manual for Sieve but it is unfindable.
>
> Cyrus-Imap works without apparent problems
> With the SuSE 7.3 standard installation
>
> There is a directory /usr/sieve with cyrus:mail ownership
> In this directory: directories a => z
> I found long ago a script sieveshell.pl
> It is installed in /usr/sieve
> If I type /usr/sieve/sieveshell.pl -u cyrus localhost (after #> su cyrus)
> OK I can work with the program (list, get, put, activate, etc ...) but
only with user cyrus, if I try another user => unable to connect to server
> I "put" a script => nothing happens
> Not even error message
>
> Is there somewhere a good manual?
>
> Example of script:
>
> require ["reject"];
> if header :contains "From:" "bibi@address" {
> reject "VTFF";
> }
>
> But nothing happens (after put script then activate script). If I sens a
mail from bibi@address nothing happens.
>
> Thus: a good manual somewhere?
>
> Thank you
>
> --
> Alain Barthélemy
> [EMAIL PROTECTED]
> http://bartydeux.gminfomatique.com
>
Re: cyrus imapd 2.1.3
man 5 imapd.conf Bu the way autocreatequota 1 is pretty strange - this way you configure cyrus to set 1 Kb quota to a newly created mailboxes. If you want 1 Mb, use 1000 instead of 1 Sincerely, Nick - Original Message - From: "Andreas Meyer" <[EMAIL PROTECTED]> To: "cyrus" <[EMAIL PROTECTED]> Sent: Sunday, March 31, 2002 12:15 Subject: Re: cyrus imapd 2.1.3 > Hello! > > Am 30 Mar 2002 12:53:05 + schrieb simon: > > > > > logout > > > * BAD Invalid tag > > > type in > > > > 1 login > > 2 select "INBOX" > > 3 logout > > > > ( the numbers at the front are important and are required) > > Thank you! I need docu about the options I can write to the > imapd.conf for Cyrus IMAP4 v2.1.3 > > I found that some options don´t work e.g defaultpartition and > umask. When I use them I cannot telnet to cyrus. > > configdirectory: /var/imap > #defaultpartition default > partition-default: /var/spool/imap > admins: cyrus > #umask 027 > #srvtab: /var/imap/srvtab > allowanonymouslogin: no > #quotawarn 90 > #timeout 30 > #autocreatequota 1 > #cleartextloginpause 5 > sasl_passwd_check: sasldb > #sasl_pwcheck_method: sasldb > sievedir: /usr/sieve > > I cannot find any documentation about the imapd.conf :( > > > regards > -- > > Andreas Meyer http://home.wtal.de/MeineHomepage >
moving from 2.0 to 2.1.3
We are planning to switch production server from 2.0.16 to 2.1.3/skiplist. The system has about 60 mailboxes and is quite heavily loaded (seeing alot of db lockers). Are there any hidden catches people i should avoid? Besides converting mailboxes file using cvt_cyrusdb is there anything else I should know about? How about sieve scripts? Are these compatbile? Also, is it recommended to switch to skiplist only for mailbox file or for the rest as well? Sincerely, Nick
web info-cyrus archives
If anyone is interested, there is a full searchable archive of info-cyrus at http://giga.bit.lv/info-cyrus It's a bit slow at the moment, however, it's apache+php+cyrus2.1.3 on 200 mhz pentium and very slow hdd with 16k messages in one mailbox :) I promise to upgrade it asap. Sincerely, Nick
Re: web info-cyrus archives
1) better search 2) you can download attached files :) (that was the main reason) 3) supposed to be faster :) Sincerely, Nick - Original Message - From: "Ken Murchison" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, April 04, 2002 04:01 Subject: Re: web info-cyrus archives > > > Nick Ustinov wrote: > > > > If anyone is interested, there is a full searchable archive of info-cyrus at > > http://giga.bit.lv/info-cyrus > > How is this different from: > > http://asg.web.cmu.edu/archive/mailbox.php?mailbox=archive.info-cyrus > > -- > Kenneth Murchison Oceana Matrix Ltd. > Software Engineer 21 Princeton Place > 716-662-8973 x26 Orchard Park, NY 14127 > --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp >
Re: web info-cyrus archives
1) better search 2) you can download attached files :) (that was the main reason) 3) supposed to be faster :) Sincerely, Nick - Original Message - From: "Ken Murchison" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, April 04, 2002 04:01 Subject: Re: web info-cyrus archives > > > Nick Ustinov wrote: > > > > If anyone is interested, there is a full searchable archive of info-cyrus at > > http://giga.bit.lv/info-cyrus > > How is this different from: > > http://asg.web.cmu.edu/archive/mailbox.php?mailbox=archive.info-cyrus > > -- > Kenneth Murchison Oceana Matrix Ltd. > Software Engineer 21 Princeton Place > 716-662-8973 x26 Orchard Park, NY 14127 > --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp >
Re: web info-cyrus archives
Upgraded hardware. Now it's usable and is located at http://www.cyrus-imap.org/info-cyrus As for cyrus-imap.org content, it's coming very soon. (anyone to contribute?) Sincerely, Nick - Original Message ----- From: "Nick Ustinov" <[EMAIL PROTECTED]> To: "Ken Murchison" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, April 04, 2002 09:36 Subject: Re: web info-cyrus archives > 1) better search > 2) you can download attached files :) (that was the main reason) > 3) supposed to be faster :) > > > Sincerely, > Nick > - Original Message - > From: "Ken Murchison" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, April 04, 2002 04:01 > Subject: Re: web info-cyrus archives > > > > > > > > Nick Ustinov wrote: > > > > > > If anyone is interested, there is a full searchable archive of > info-cyrus at > > > http://giga.bit.lv/info-cyrus > > > > How is this different from: > > > > http://asg.web.cmu.edu/archive/mailbox.php?mailbox=archive.info-cyrus > > > > -- > > Kenneth Murchison Oceana Matrix Ltd. > > Software Engineer 21 Princeton Place > > 716-662-8973 x26 Orchard Park, NY 14127 > > --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp > > > >
sendmail vs postfix
Hey everyone, Finally, I have upgraded to 2.1.3. I use skiplist for mailboxes and duplicate db now. Cyrus works together with sendmail and the server is pretty heavily loaded. mailboxes.db file is over 50Mb. The system receives about 150-350 emails per minute, sendmail is set up it deliverymode=q with 1 minute interval. At peak times load average was going to 15-20, now it's a bit less in average, however sometimes goes even higher. Anyway -- isn't postfix supposed to be better for such high loads? I've tried to install postfix 1.1.7 (lmtp as mailbox_transport) however when load avg went to 50 I stopped it and returned to sendmail. I know disk speed is essential here -- well, it is fast. Any comments? Maybe Exim will be better? I guess I will have to put MTA on another machine, otherwise it keeps getting even worse. Sincerely, Nick PS. sorry, maybe the message is not for this mailing list -- i just wanna know which one works better with cyrus.
weird
I use PAM for auth, however, SOMETIMES i still see: Apr 19 18:23:25 tom pop3d[23395]: unable to open Berkeley db /etc/sasldb2: No such file or directory Apr 19 18:23:25 tom pop3d[23395]: could not find password Commentes? Sincerely, Nick
lmtpd's
Also, I have quite a number (100 or 150) of lmtpd's handing in memory doing:
fcntl64(8, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=0, len=0}
if I do strace.
Is this normal??
Sincerely,
Nick
2.1.3 --> 2.1.0 sieve ?
Since I was experiencing serious performance problems with 2.1.3, particullary with lmtpd I had to downgrade to 2.1. Now everything seems to work fine, however I get: Apr 20 11:58:23 tom lmtpd[11976]: sieve runtime error for tatjanask id <[EMAIL PROTECTED]>: Redirect: Sendmail process terminated normally, exit status 71 and so on. Sieve doens't work anymore. Any comments? Sincerely, Nick
Re: 2.1.3 --> 2.1.0 sieve ?
My fault, didn't put sendmail binary back. Anyway, what's wrong with new 2.1.3? I guess it's lmtpd that is not doing good. Now, when it's back to cyrus 2.1.0 the load is stable and is about 1. Once I switch to 2.1.3 the load is ok (also around 1) till the moment sendmail starts to deliver mails and calls lmtpd. After that point I get about 100-120 lmtpd's in memory and load avg about 10. Mail is delivered normally. After some time, if there is no new mail passing by lmtp processes die and load stabilizies again. At peak time, when there are always messages in queue, load is always around 30, which is not acceptable. I've tried latest cyrus from cvs and also tried 2.1.3 with flock() patch. No effect. Sincerely, Nick - Original Message - From: "Ken Murchison" <[EMAIL PROTECTED]> To: "Nick Ustinov" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Saturday, April 20, 2002 17:10 Subject: Re: 2.1.3 --> 2.1.0 sieve ? > Quoting Nick Ustinov <[EMAIL PROTECTED]>: > > > Since I was experiencing serious performance problems with 2.1.3, > > particullary with lmtpd I had to downgrade to 2.1. Now everything seems to > > work fine, however I get: > > > > Apr 20 11:58:23 tom lmtpd[11976]: sieve runtime error for tatjanask id > > <[EMAIL PROTECTED]>: Redirect: Sendmail process terminated > > normally, exit status 71 > > > > and so on. Sieve doens't work anymore. Any comments? > > AFAICT, nothing sieve-related changed in lmtpd.c from 2.1 to 2.1.3. This error > is telling you that the 'sendmail' process has been spawned and exixted with an > error code. My guess is that the MTA that you are using doesn't like > the 'sendmail' command line that is being passed to it. Are you using Sendmail > or some other MTA? If its not Sendmail, then read the manpage for > its 'sendmail' command and then look at send_forward() in lmtpd.c > > Ken > -- > Kenneth Murchison Oceana Matrix Ltd. > Software Engineer 21 Princeton Place > 716-662-8973 x26 Orchard Park, NY 14127 > --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp >
sieveshell says "sasl mech list empty"
Hello people, I'm having a problem with sieveshell. When I run 'sieveshell localhost' I get: connecting to localhost unable to connect to server: sasl mech list empty at /usr/bin/sieveshell line 175. And when I 'telnet localhost sieve' I get: Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. "IMPLEMENTATION" "Cyrus timsieved v1.1.0" "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational regex" OK I can get into IMAP with no problems. I'm using pam_mysql to auth and these lines are taken from my imapd.conf: allowanonymouslogin:no allowplaintext: yes sasl_pwcheck_method:saslauthd sasl_mech_list: PLAIN I looked in the archives and I found two solutions: 1) sasl plugins in the wrong place. Now I think there supposed to be in /usr/lib/sasl2 and that's where they are. I can't figure out how I would check this or what files I should have there. 2) PAM is incorrectly configured I have a sieve entry in /etc/pam.d/ Any ideas? I'm a Cyrus newbie and I'm stuck. Is is something to do with 'sasl_mech_list' in my imapd.conf? I tryed blindly playing with it but got nowhere. Nick
Re: sieveshell says "sasl mech list empty"
> When I had this problem I strace'ed the process to see where it was > looking > for the plugins, I think that helped me a lot. Hummm.. the plot thickens. According to strace sieveshell is happily opening several of the files in /usr/lib/sasl2/ as read only. So. I'm guessing that sieveshell isn't finding the plugin it wants? I'm trying to use pam_mysql with sieve like I use with imapd but imapd appears to be happy If it would help I can send the strace output Nick
Re: sieveshell says "sasl mech list empty"
> > > Did you configure "sieve" as a PAM service? > > Uh I'm not sure. How would I tell? How would one do that? > > I'm running Gentoo and using it's ports system. It makes life alot > easyer > > but I'm never sure what options are used at compile time not to > > mention that I'm running way short of docs on using sieve with pam. > > Actually, I jumped the gun a bit here, since your timsieved isn't even > advertising any mechs. Uhh... yeah. Don't worry I'm all confuzed to hell by now. > The problem isn't with sieveshell, it's with timsieved. Yes, that is what I originally thought. > Have you tried trussing/straceing timsieved to see what is going on > when > it tries to load plugins? No. But I have now and that's all fked up. This is all starting to make sence. I think that timsieved was compiled wrong. It's looking for all sorts of stuff in the wrong places. I'll talk to the port's maintainer and work this out Thanx to all for the kick in the right direction! Nick
Re: sieveshell says "sasl mech list empty"
> > > > Did you configure "sieve" as a PAM service? > > > Uh I'm not sure. How would I tell? How would one do that? > > > I'm running Gentoo and using it's ports system. It makes life alot > > easyer > > > but I'm never sure what options are used at compile time not to > > > mention that I'm running way short of docs on using sieve with pam. > > > > Actually, I jumped the gun a bit here, since your timsieved isn't > even > > advertising any mechs. > Uhh... yeah. Don't worry I'm all confuzed to hell by now. > > > The problem isn't with sieveshell, it's with timsieved. > Yes, that is what I originally thought. > > > Have you tried trussing/straceing timsieved to see what is going on > > when > > it tries to load plugins? > No. But I have now and that's all fked up. > This is all starting to make sence. I think that timsieved was compiled > wrong. It's looking for all sorts of stuff in the wrong places. I'll > talk > to the port's maintainer and work this out > Thanx to all for the kick in the right direction! Dammit I spoke too soon. On closer inspection of the output and some jiggering around I find that's not the problem. timsieve was finding the librarys eventually so I'm back to crying on my keyboard whapping my head against this problem. Does anyone know what librarys it should be loading to get pam_mysql auth to work? Does anyone know of any docs relating to getting timsieve to use PAM auth? Failing that how do you install sieve scripts without timsieved? Nick
Re: sieveshell says "sasl mech list empty"
> Is IMAP auth-ing OK with PLAIN? What's your sasl_minimum_layer? I
> thought
> "1" was low enough, but you may need to try "0".
Thanks man but I saw a thread on that in the archives and already gave it
a shot. No better I'm afraid.
I'm fairly sure that the compile is correct after all my testing with
strace so I'm left thinking that this has to be a config problem. I have
to have missed something stupid.
For some reason timsieve doesn't list any auth types.
Here are all the config files that I can think of... anyone see any stupid
mistakes? Please?
Thanks
Nick
---START imapd.conf---
configdirectory:/var/imap
partition-default: /var/spool/imap
sievedir: /var/imap/sieve
# Don't use an everyday user as admin.
admins: cyrus
#hashimapspool: yes
allowanonymouslogin:no
allowplaintext: yes
# Use this if sieve-scripts could be in ~user/.sieve.
#sieveusehomedir: yes
# Use saslauthd if you want to use pam for imap.
# But be warned: login with DIGEST-MD5 or CRAM-MD5
# is not possible using pam.
sasl_pwcheck_method:saslauthd
# Following taken from the FAQ
postmaster: postmaster
sasl_mech_list: PLAIN LOGIN
# Added to try and get fking sieve to work
sasl_minimum_layer: 0
autocreatequota: 1
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
#sievedir: /usr/sieve
sendmail: /usr/sbin/sendmail
sieve_maxscriptsize: 32
sieve_maxscripts: 5
unixhierarchysep: yes
---END imapd.conf---
---START /etc/pam.d/sieve---
authsufficient /lib/security/pam_mysql.so user=mail passwd=**
host=localhost db=mail table=accountuser usercolumn=username
passwdcolumn=password crypt=0
account required/lib/security/pam_mysql.so user=mail passwd=**
host=localhost db=mail table=accountuser usercolumn=username
passwdcolumn=password crypt=0
---END /etc/pam.d/sieve---
---START /etc/cyrus.conf---
START {
# do not delete this entry!
recover cmd="ctl_cyrusdb -r"
# this is only necessary if using idled for IMAP IDLE
# idledcmd="idled"
}
# UNIX sockets start with a slash and are put into /var/imap/socket
SERVICES {
# add or remove based on preferences
imap cmd="imapd" listen="imap" prefork=0
pop3 cmd="pop3d" listen="pop3" prefork=0
# Don't forget to generate the needed keys for SSL or TLS
# (see doc/html/install-configure.html)
#imapscmd="imapd -s" listen="imaps" prefork=0
#pop3scmd="pop3d -s" listen="pop3s" prefork=0
sieve cmd="timsieved" listen="sieve" prefork=0
# at least one LMTP is required for delivery
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
# this is only necessary if using notifications
# notify cmd="notifyd" listen="/var/imap/socket/notify" proto="udp"
prefork=1
}
EVENTS {
# this is required
checkpointcmd="ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery suppression
delprune cmd="ctl_deliver -E 3" period=1440
# this is only necessary if caching TLS sessions
tlsprune cmd="tls_prune" period=1440
}
---END cyrus.conf---
Compliation problems / cyrus-imap 2.1.9
Hello, I'm currently attempting to compile 2.1.9 on a Debian Woody (3.0r0) HPPA box. I'm running into the following problem during linkage stage of the IMAP perl library: * If ld (2.12.90.0.1) is used, I get this: cc -c -I../../lib -DDEBIAN -fno-strict-aliasing -I/usr/local/include\ -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -DVERSION=\"1.00\" \ -DXS_VERSION=\"1.00\" -fPIC -I/usr/lib/perl/5.6.1/CORE -DPERL_POLLUTE IMAP.c Running Mkbootstrap for Cyrus::IMAP () chmod 644 IMAP.bs rm -f blib/arch/auto/Cyrus/IMAP/IMAP.so LD_RUN_PATH="/usr/local/lib" ld -L/usr/local/lib IMAP.o -o\ blib/arch/auto/Cyrus/IMAP/IMAP.so ../../lib/libcyrus.a -lsasl2 -lssl\ -lcrypto -lperl -lm ld: warning: cannot find entry symbol _start; defaulting to 000121d4 ../../lib/libcyrus.a(imclient.o): In function .L291': imclient.o(.text+0xdec): undefined reference to $$dyncall' imclient.o(.text+0x1018): undefined reference to $$dyncall' ../../lib/libcyrus.a(imclient.o): In function .L505': imclient.o(.text+0x14d4): undefined reference to $$dyncall' ../../lib/libcyrus.a(imclient.o): In function .L429': imclient.o(.text+0x300c): undefined reference to $$dyncall' ../../lib/libcyrus.a(util.o): In function kv_bsearch': util.o(.text+0x298): undefined reference to $$dyncall' make[2]: *** [blib/arch/auto/Cyrus/IMAP/IMAP.so] Error 1 * If cc (gcc 3.0.4) is used, I get this: cc -c -I../../lib -DDEBIAN -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -DVERSION=\"1.00\" -DXS_VERSION=\"1.00\" -fPIC -I/usr/lib/perl/5.6.1/CORE -DPERL_POLLUTE IMAP.c Running Mkbootstrap for Cyrus::IMAP () chmod 644 IMAP.bs rm -f blib/arch/auto/Cyrus/IMAP/IMAP.so LD_RUN_PATH="/usr/local/lib" gcc -L/usr/local/lib IMAP.o -o blib/arch/auto/Cyrus/IMAP/IMAP.so ../../lib/libcyrus.a -lsasl2 -lssl -lcrypto -lperl -lm /usr/lib/gcc-lib/hppa-linux/3.0.4/../../../crt1.o: In function _start': /usr/lib/gcc-lib/hppa-linux/3.0.4/../../../crt1.o(.text+0x0): undefined reference to main' /usr/lib/gcc-lib/hppa-linux/3.0.4/../../../crt1.o(.text+0x4): undefined reference to main' collect2: ld returned 1 exit status make[2]: *** [blib/arch/auto/Cyrus/IMAP/IMAP.so] Error 1 Methinks its a problem with the Makefile somewhere, but I can't put a finger on it, and after some good trial and error, I've still come back to the same end results. I can see why it would complain about 'main' as it would appear to be building a shared library with no 'main' function in ../perl/imap/IMAP.c. -- I also had a few other issues with compliation that I (who knows if it is right) fixed: With db 4.1.24, compilation would barf on cyrusdb_db3.c @ line 350. gcc complained about too few arguments to db->open(). I added a NULL so the final called looked like: r = db->open(db, NULL, fname, NULL, DB_BTREE, DB_CREATE, 0664); That seemed to make gcc happy, since it was looking for a DB_TXN *txnid, which can apparently be NULL. I'm sure there is something rather obvious that I am missing here, but I can't put a finger on what it is. Any help would be greatly appriecated. -- Nick Majeran
timsieved isn't listing any auth methods
Hi People,
I can't get timsieve to list it's one auth method... PLAIN and thus
can't get sieveshell to work. This is the second set of posts I've made so
if this seems a little familiar that's because it is ;)
I've been working on and off on this bug for about two months now :(
The problem is that timsieved isn't listing it's auth method and I don't
know why. I'm using PLAIN as my auth method becuase I'm using pam_mysql to
authenticate against a MySQL DB. I know that Plain is insecure but I have
a firewall. I have tryed a number of things mostly revolving around the
sasl2 plugins and none have helped in the least. I am intrested in ANY
wild ideas that anyone might have about what to try next but please read
the stuff below detailing what I have already tryed.
I would also be most intrested to know if anyone managed to get PLAIN auth
against PAM to work with timsieve...
Or if anyone has timsieve working with *just* the PLAIN auth method.
The one idea I still have is that timsieve isn't reading it's config data
from /etc/imapd.conf. I have no clue as to how to check if this is a
problem any ideas most welcome.
Many thanks.
Nick
>>>>>>> Things I have already tryed <<<<<<<<<<<<
libs in the workng place or libs with the wrong permissions.
I was advised to use strace on timsieved and see if there were any file
calls that couldn't be completed. I could not find any. The permissions on
my sasl2 libs are all o+rx. The strace is attached, if your good at
reading them please give it a once over (I'm not so good).
No sieve entry in /etc/pam.d. I created a sieve file in that dir with the
correct (I think) details for how to auth against the db.
sasl_minimum_layer... On the advice of a list member I added this var to
my imapd.conf with the value '0'. This didn't appear to have any effect.
>>>>>>> My Config <<<<<<<<<<<<
---START imapd.conf---
configdirectory:/var/imap
partition-default: /var/spool/imap
sievedir: /var/imap/sieve
# Don't use an everyday user as admin.
admins: cyrus
#hashimapspool: yes
allowanonymouslogin:no
allowplaintext: yes
# Use this if sieve-scripts could be in ~user/.sieve.
#sieveusehomedir: yes
# Use saslauthd if you want to use pam for imap.
# But be warned: login with DIGEST-MD5 or CRAM-MD5
# is not possible using pam.
sasl_pwcheck_method:saslauthd
# Following taken from the FAQ
postmaster: postmaster
sasl_mech_list: PLAIN LOGIN
# Added to try and get fking sieve to work
sasl_minimum_layer: 0
autocreatequota: 1
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
#sievedir: /usr/sieve
sendmail: /usr/sbin/sendmail
sieve_maxscriptsize: 32
sieve_maxscripts: 5
unixhierarchysep: yes
---END imapd.conf---
---START /etc/pam.d/sieve---
authsufficient /lib/security/pam_mysql.so user=mail passwd=**
host=localhost db=mail table=accountuser usercolumn=username
passwdcolumn=password crypt=0
account required/lib/security/pam_mysql.so user=mail passwd=**
host=localhost db=mail table=accountuser usercolumn=username
passwdcolumn=password crypt=0
---END /etc/pam.d/sieve---
---START /etc/cyrus.conf---
START {
# do not delete this entry!
recover cmd="ctl_cyrusdb -r"
# this is only necessary if using idled for IMAP IDLE
# idledcmd="idled"
}
# UNIX sockets start with a slash and are put into /var/imap/socket
SERVICES {
# add or remove based on preferences
imap cmd="imapd" listen="imap" prefork=0
pop3 cmd="pop3d" listen="pop3" prefork=0
# Don't forget to generate the needed keys for SSL or TLS
# (see doc/html/install-configure.html)
#imapscmd="imapd -s" listen="imaps" prefork=0
#pop3scmd="pop3d -s" listen="pop3s" prefork=0
sieve cmd="timsieved" listen="sieve" prefork=0
# at least one LMTP is required for delivery
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
# this is only necessary if using notifications
# notify cmd="notifyd" listen="/var/imap/socket/notify" proto="udp"
prefork=1
}
EVENTS {
# this is required
checkpointcmd="ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery suppression
delprune cmd="ctl_deliver -E 3" period=1440
# this is only necessary if caching TLS sessions
tlsprune cmd="tls_prune" period=1440
}
---END
Re: timsieved isn't listing any auth methods [Solution]
Hi,
It turns out that I didn't have libplain.so in the /usr/libs/sasl2 dir.
I never did figure out why, when I recompiled sasl it appeared. I'm now
happily sorting mail :)
Nick
-Original Message-----
From: "Nick Fisher" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Date: Thu, 31 Oct 2002 19:01:18 -0500
Subject: timsieved isn't listing any auth methods
> Hi People,
> I can't get timsieve to list it's one auth method... PLAIN and thus
> can't get sieveshell to work. This is the second set of posts I've made
> so
> if this seems a little familiar that's because it is ;)
> I've been working on and off on this bug for about two months now :(
>
> The problem is that timsieved isn't listing it's auth method and I
> don't
> know why. I'm using PLAIN as my auth method becuase I'm using pam_mysql
> to
> authenticate against a MySQL DB. I know that Plain is insecure but I
> have
> a firewall. I have tryed a number of things mostly revolving around the
> sasl2 plugins and none have helped in the least. I am intrested in ANY
> wild ideas that anyone might have about what to try next but please
> read
> the stuff below detailing what I have already tryed.
>
> I would also be most intrested to know if anyone managed to get PLAIN
> auth
> against PAM to work with timsieve...
> Or if anyone has timsieve working with *just* the PLAIN auth method.
>
> The one idea I still have is that timsieve isn't reading it's config
> data
> from /etc/imapd.conf. I have no clue as to how to check if this is a
> problem any ideas most welcome.
>
> Many thanks.
>
> Nick
>
>
>
>
> >>>>>>> Things I have already tryed <<<<<<<<<<<<
>
>
> libs in the workng place or libs with the wrong permissions.
> I was advised to use strace on timsieved and see if there were any file
> calls that couldn't be completed. I could not find any. The permissions
> on
> my sasl2 libs are all o+rx. The strace is attached, if your good at
> reading them please give it a once over (I'm not so good).
>
> No sieve entry in /etc/pam.d. I created a sieve file in that dir with
> the
> correct (I think) details for how to auth against the db.
>
> sasl_minimum_layer... On the advice of a list member I added this var
> to
> my imapd.conf with the value '0'. This didn't appear to have any
> effect.
>
>
>
> >>>>>>> My Config <<<<<<<<<<<<
>
>
> ---START imapd.conf---
> configdirectory:/var/imap
> partition-default: /var/spool/imap
> sievedir: /var/imap/sieve
>
> # Don't use an everyday user as admin.
> admins: cyrus
>
> #hashimapspool: yes
> allowanonymouslogin:no
> allowplaintext: yes
>
> # Use this if sieve-scripts could be in ~user/.sieve.
> #sieveusehomedir: yes
>
> # Use saslauthd if you want to use pam for imap.
> # But be warned: login with DIGEST-MD5 or CRAM-MD5
> # is not possible using pam.
> sasl_pwcheck_method:saslauthd
>
> # Following taken from the FAQ
> postmaster: postmaster
> sasl_mech_list: PLAIN LOGIN
>
> # Added to try and get fking sieve to work
> sasl_minimum_layer: 0
>
> autocreatequota: 1
> reject8bit: no
> quotawarn: 90
> timeout: 30
> poptimeout: 10
> dracinterval: 0
> drachost: localhost
> #sievedir: /usr/sieve
> sendmail: /usr/sbin/sendmail
> sieve_maxscriptsize: 32
> sieve_maxscripts: 5
> unixhierarchysep: yes
> ---END imapd.conf---
>
> ---START /etc/pam.d/sieve---
> authsufficient /lib/security/pam_mysql.so user=mail
> passwd=**
> host=localhost db=mail table=accountuser usercolumn=username
> passwdcolumn=password crypt=0
> account required/lib/security/pam_mysql.so user=mail
> passwd=**
> host=localhost db=mail table=accountuser usercolumn=username
> passwdcolumn=password crypt=0
> ---END /etc/pam.d/sieve---
>
> ---START /etc/cyrus.conf---
> START {
> # do not delete this entry!
> recover cmd="ctl_cyrusdb -r"
>
> # this is only necessary if using idled for IMAP IDLE
> # idledcmd="idled"
> }
>
> # UNIX sockets start with a slash and are put into /var/imap/socket
> SERVICES {
> # add or remove based on preferences
> imap cmd="imapd" listen="imap" prefork=0
> pop3 cmd="pop3d" listen="pop3" prefork=0
> # Don't forget to generate the neede
What happened to my db/ ?
Hello All, I recently moved my cyrus-imapd install from one machine to annother. The move went *quite* well, I had both servers stoped and rsynced the live server's data (/var/imap, /var/spool/imap) over to the new server. Everything was fine untill I started playing with SSL, at that point I started having problems getting cyrus running after a restart. Here is what I was seeing in my logs: """ Jan 8 17:27:11 [tls_prune] DBERROR db4: operation not permitted during recovery. Jan 8 17:27:11 [tls_prune] DBERROR: opening /var/imap/tls_sessions.db: Invalid argument Jan 8 17:27:11 [tls_prune] DBERROR: opening /var/imap/tls_sessions.db: cyrusdb error """ Somewhere I found a post from someone having the same problem. They said that they could get cyrus working again by removing all the files in /var/imap/db. So I did that. Now I can start cyrus and read my mail *PHEW*. However I now have a new raft of errors showing up in syslog. Everytime I start cyrus I get this: """ Jan 8 18:01:42 [master] setrlimit: Unable to set file descriptors limit to -1: Operation not permitted Jan 8 18:01:42 [master] retrying with 1024 (current max) Jan 8 18:01:42 [master] process started Jan 8 18:01:42 [ctl_cyrusdb] recovering cyrus databases Jan 8 18:01:42 [ctl_cyrusdb] DBERROR db4: DB_ENV->log_flush: LSN past current end-of-log - Last output repeated twice - Jan 8 18:01:42 [ctl_cyrusdb] DBERROR db4: Recovery function for LSN 1 182 failed Jan 8 18:01:42 [ctl_cyrusdb] DBERROR: dbenv->open '/var/imap/db' failed: Invalid argument Jan 8 18:01:42 [ctl_cyrusdb] DBERROR: init /var/imap/db: cyrusdb error Jan 8 18:01:42 [ctl_cyrusdb] DBERROR db4: environment not yet opened Jan 8 18:01:42 [ctl_cyrusdb] DBERROR: opening /var/imap/mailboxes.db: Invalid argument Jan 8 18:01:42 [ctl_cyrusdb] DBERROR: opening /var/imap/mailboxes.db: cyrusdb error Jan 8 18:01:42 [master] process 4105 exited, status 75_ Jan 8 18:01:42 [master] ready for work Jan 8 18:01:42 [tls_prune] tls_prune: purged 0 out of 0 entries Jan 8 18:01:42 [ctl_cyrusdb] checkpointing cyrus databases Jan 8 18:01:42 [ctl_deliver] duplicate_prune: pruning back 3 days Jan 8 18:01:42 [ctl_deliver] duplicate_prune: purged 2 out of 742 entries Jan 8 18:01:42 [ctl_cyrusdb] done checkpointing cyrus databases """ I don't *think* it's a permissions problem... """ usr # ls -la /var/imap/db/. total 12952 drwxr-xr-x2 cyrusmail 4096 Jan 8 21:15 . drwxr-xr-x 14 cyrusmail 4096 Jan 9 16:45 .. -rw-r--r--1 cyrusmail0 Sep 23 13:31 .keep -rw---1 cyrusmail 8192 Jan 8 21:15 __db.001 -rw---1 cyrusmail 270336 Jan 8 21:15 __db.002 -rw---1 cyrusmail98304 Jan 8 21:15 __db.003 -rw---1 cyrusmail 18063360 Jan 8 21:15 __db.004 -rw---1 cyrusmail32768 Jan 8 21:15 __db.005 -rw---1 cyrusmail 286763 Jan 9 17:10 log.01 """ I'm using EXT3 so I don't think it's anything to do with the "chattr +S" stuff. I tryed recompiling cyrus it didn't help. The idea of cyrus dying fills me with dread. Someone please help me out here what is going on and how do I stop it? If someone can give me a bit of a shove in the right direction it would be MOST helpfull. links... generall information even mild abuse, all gratefully accepted. Many thanks Nick
