Re: Webmail for Cyrus Imap ?
Alex Kamalov wrote: > > Guys, > > I was wondering if anyone can tell me a preferred webmail interface for > cyrus-imap ? Which one should I use that could be relatively painless, > albeit with functionality ? > I have on my system IMP --- Good very big in code source terms but is designed to do more. Silky mail --- big re vamp of imp nice but doesnt support the IMP personal address books. Both these tend to be slower than the others Squirrel mail --- Nice I like the modules and the spell checker. Jawmail --- There are some annoying bugs becuase it doesnt escape SQL codes. Again nice plugin/module feature. Supports saving email address of people you send to which was a big one for one of my users. Werkmail --- very simple. So far the users have preffered Squirrel mail and jawmail although they are going back to IMP slowly I think (IMP was the orignal and still has many peoples addresses in the address book). -- Simon Loader (unemployed)
Re: dothack and cyrus 2.0.16
On Mon, 2002-01-28 at 21:38, Ken Murchison wrote: > > > Joe Rhett wrote: > > > > Any chance one of you could do this so that the branch is validated and up > > to date, please? Briref note I have a patch for this (taken from the cvs ) at:- http://www.surf.org.uk/downloads/HIERSEP-r2.patch -- Simon Loader
RE: dothack and cyrus 2.0.16
On Tue, 2002-01-29 at 15:08, Ramiro Morales wrote: > Enric, > > Are you sure? > > I see the imap/namespace.h file at line 10858 in Simon's patch I screwed up he was right , I just put a new vversion up I didnt realised he had my patch to start iwth. but ive fixed it all now (should have CC list) -- Simon
Auxprop plugin for mysql and ldap
I did send this the other day to the list but that message was probably too big to get through without been moderated. anyway a patch to add a mysql auxprop and ldap auxprop plugins is availble from : http://www.surf.org.uk/downloads/ YOu will probably need to run automake -i autoconf before configure will recognise --with-ldapauxprop --with-mysqlauxprop. The ldap version is not compatiable with openldap compiled with saslv1 support (clashes in namespace). read doc/sysadmin.html on how to configure. It could do with a bit of testing. -- Simon Loader (unemployed)
Re: autocreatequota & imap clients
On Wed, 2002-02-13 at 17:51, Lawrence Greenfield wrote: >Date: Wed, 13 Feb 2002 13:56:27 +0200 >From: Nikos Voutsinas <[EMAIL PROTECTED]> > [...] > Some body did a patch to do auto create of mailboxes but I have lost the URL ... I have the patch somewhere if it is required. -- Simon
Re: autocreatequota & imap clients
> >
> > Some body did a patch to do auto create of mailboxes but I have lost the
> > URL ... I have the patch somewhere if it is required.
> >
> > --
> > Simon
>
> We have a patch (for 2.0.16 +) that provides the same
> functionality, in case a mail is posted to a user whose mailbox has not
> been created yet. This patch introduces a new boolean configuration
> option called "createonpost" through which admins can activate or
> deactivate this feature. This functionality for the time being applies
> only for user. folders and not for BB or Subfolders
> (It would be possible though by applying some additional checks
> dependant on the mail service architecture, to address these cases too)
This patch ( attached) , only creates on login ..
its is from http://www.ispman.org/extras/
--
Simon
*** cyrus-imapd-2.0.11/imap/imapd.c Fri Jan 19 11:37:28 2001
--- imap/imapd.c Thu Feb 8 18:02:54 2001
***
*** 2211,2217
--- 2211,2224
{
struct mailbox mailbox;
char mailboxname[MAX_MAILBOX_NAME+1];
+ char add_name[MAX_MAILBOX_NAME+1]; /* I'm not happy about this buffer, but
+ since "INBOX." can be no bigger than
+ "user.*", it *should* be okay. */
+ char add_mailboxname[MAX_MAILBOX_NAME+1];
+ char *autofolders;
+ char *autofolder;
int r = 0;
+ int r_tmp;
double usage;
int doclose = 0;
***
*** 2231,2236
--- 2238,2281
if (!r) {
r = mailbox_open_header(mailboxname, imapd_authstate, &mailbox);
+ if (r == IMAP_MAILBOX_NONEXISTENT &&
+ !strncasecmp(name, "INBOX", 6) &&
+ config_getint("autocreatequota", 0)) { /* Autocreate INBOX */
+ r = mboxlist_createmailbox(mailboxname, MAILBOX_FORMAT_NORMAL,
+ NULL, 1, imapd_userid,
+ imapd_authstate);
+ if (!r) {
+ r = mailbox_open_header(mailboxname, imapd_authstate,
+ &mailbox);
+ }
+ r_tmp = r; /* Save return value for later */
+
+ if (!r) {
+ /* Deal with surreptitiously creating additional folders */
+ autofolders = strdup(config_getstring("autocreatefolders", ""));
+ autofolder = strtok(autofolders, " ");
+ while (autofolder != NULL) {
+ add_name[0] = '\0';
+ strcat(add_name, name);
+ strcat(add_name, ".");
+ strcat(add_name, autofolder);
+ r = mboxname_tointernal(add_name, imapd_userid, add_mailboxname);
+ if (!r) {
+ /* Throw away return because errors cannot be fatal and
+ there's no way to report them. syslog() maybe? */
+ (void)mboxlist_createmailbox(add_mailboxname,
+ MAILBOX_FORMAT_NORMAL,
+ NULL, 1, imapd_userid,
+ imapd_authstate);
+ }
+ /* I hope there are no intervening strtok()s */
+ autofolder = strtok(NULL, " ");
+ }
+ free(autofolders);
+ }
+
+ r = r_tmp; /* Replace ``original'' return value */
+ }
}
if (!r) {
Re: pop3 question
On Wed, 2002-02-20 at 10:36, Christian Mayer wrote: > Hello cyrus list > > I am setting up an cyrus-imap server. > There are some useres to connect with imap. > And the rest of the useres should connect with pop3. > So is it possible that the pop3 users are not allowed to connect with imap? > How should I setup the mailboxes for pop3 only users that they are not > allowed to use imap? This is not something cyrus does by default you would have change some code. If they have static IP addresses you could just firewall people out , but this is probably not true. You could run 2 versions of cyrus on the same box one for POP and one for IMAP on separate IPs (to allow IMAP users to use POP). -- Simon
Re: Virtual Domain support?
On Wed, 2002-02-20 at 04:19, Mike Grommet wrote: > I'm using Cyrus IMAP 2.0.16 > > I've read many articles in the archives concerning the use of cyrus in > virtual hosting environments... Most of them are fairly old tho. > > Did this support get added in? POP/IMAP does not support virtual hosts in general (Has anything ever been done about this ?? ) well not like http. however one of the patches now in cyrus is UNIX hierarchy convention this allows people to use .`s in namespace (read docs in src for more info). Which means you can create users like simon_surf.org.uk which is the closest to Virtual hosting you can do. ( an @ can be used my patching LMTPD) Another thing that could be done is to have a cyrus server per domain (requires IP per domain) by using the -C flag to choose different config files. -- Simon
Re: who uses cyrus ?
On Wed, 2002-02-20 at 17:27, Steve Wright wrote: > Hi, > > We are evaluating cyrus imap & sieve for our production servers & I would be > grateful if someone could name maybe a few large companies / organizations > that are also running it. Cyrus is a key part of the NINAA product by pavilion Internet ( www.ninaa.net ). ( biggest number of mailboxes I know about is about 5000 ). -- Simon
Re: can't write to the imapd.log and auth.log
On Thu, 2002-02-21 at 13:46, Manuel Hendel wrote: > On Thu, Feb 21, 2002 at 02:31:24PM +0100, [EMAIL PROTECTED] wrote: > > > > execute > > touch /var/log/imapd.log > > and > > touch /var/log/auth.log > > > > imapd does not create the files if they dont exist > > This doesn't change anything, I tried this before. > and kill -HUP the syslog deamon. -- Simon
Re: quota message
On Thu, 2002-02-21 at 16:10, Steve Wright wrote: > I'm getting this message generated by postfix when cyrus refuses to accept > mail because the cyrus user is over quota, I need to remove the reference to > the lmtp socket, can anyone tell me how ?? You will need to edit postfix source somewhere. Postfix lmtp connects to the lmtp socket gets the 550 error and creates that message. ( I would look first in the lmtp code but thats just a pointer).
re: ldap and cyrus
On Mon, 2002-02-25 at 16:53, Dave C wrote: > I'm having some trouble getting cyrus-imap with sasl > to work with ldap, i have the cyrus-imapd ldap patch > and recompiled, but im just getting a connectoin, what > shoudl the pwcheck_method be if i still want to use > sasl as the password store and just use ldap for user > information? You want to use ldap to get the username and sasldb to get a password. I dont think this is going to work ??? Use one or the other I personally dont understand what it is you are trying to do what do you mean just getting a connection do you mean it will not authenticate you ? Sorry. -- Simon
re: ldap auth or sasldb auth
On Tue, 2002-02-26 at 15:38, Dave C wrote: > All, > > I am wondering if I have this process right, I want to > use LDAP with cyrus so do I store everythign in ldap > or just all the user information and the password is > stored in /etc/sasldb? if so then i'd assume the > pwcheck_method: sasldd. I am ok with either storing > everything in ldap or just storing the user info, I > just want to be sure to do it properly, Depends what you mean by ldap with cyrus. Ldap can be used to authenticate the user or you could use sasldb. IF you use sasldb, then I dont know what you want ldap to do (Address book in which case it could be kept separate) > as it stands now my imapd.conf looks like: > > configdirectory: /var/imap > partition-default: /var/spool/imap > admins: cyrus root > allowanonymouslogin: no > sasl_pwcheck_method: ldap > sasl_ldap_basedn: dc=temperagen,dc=com > sasl_ldap_search_base: dc=temperagen,dc=com > sasl_ldap_server_host: localhost > sasl_ldap_server_port: 389 > sasl_ldap_query_filter: (mailacceptinggeneralid=%s) > sasl_ldap_result_attribute: mailacceptinggeneralid What version of sasl are you using what patch I dont remember one haveing sasl_ldap_result_attribute although I could be wrong. Its looks like sasl v2 with the auxprop patch but Im not totally ceratin . ( Pwcheck_method: auxprop would be required) -- Simon
Re: error function prot_printf
On Wed, 2002-02-27 at 20:17, Ana Belén Díez wrote: > I try to do 'make' for to install Cyrus-Imap 2.0.16, but I have this > problem:. > > # make all CFLAGS=-O > ... > gcc -c -I.. -I/usr/local/include -I/usr/local/BerkeleyDB.3.1/include -I/usr/ > local/include -I/usr/include -I/opt > /sfw/include -I/usr/local/include -I/usr/local/include -DHAVE_CONFIG_H -I. - > I. -O \ > prot.c > prot.c: In function `prot_printf': > prot.c:614: `__builtin_va_alist' undeclared (first use in this function) > prot.c:614: (Each undeclared identifier is reported only once > prot.c:614: for each function it appears in.) > make: *** [prot.o] Error 1 > OS version ? Configure options ?
Re: Postfix & cyrus
On Mon, 2002-03-04 at 13:28, Manou Rabary wrote:
Hi all,
I use cyrus imap with postfix.
I saw in a documentation ;-) how to use postfix to transport mail:
insert in /etc/postfix/master.cf the following line:
cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/sbin/cyrdeliver -e -m ${extension}
${user}
But I can't locate cyrdeliver.
What version of Cyrus are you using
( find // -name cyrdeliver ) Although I thought to was called deliver
but
prehaps cyrus deliver and shouldnt you use LMTP instead ? (if the
version of cyrus supports)
--
Simon
Re: why ldap auth
On Tue, 2002-03-05 at 16:30, Dave C wrote: > Could someone tell me if there is already no ldap > database existing why it would be beneficial to use > ldap for user info and authentication versus using > sasldb for the user/password information. thanks. > Ldap unlike other DB queries is fast lookup. I mean ldap is often used because the speed at which information can be retrieved it is slow on putting in information though. This is way many ISP`s are starting to use it to store all user information is that all information for authentication/mail/web can be retrieved quickly -- Simon
Re: altnamespace and unixhierarchysep patches for 2.0.16?
On Thu, 2002-03-07 at 23:19, Nick Sayer wrote: Does anyone have patches relative to 2.0.16 that will enable these two features? I've done it in the past and had it work just fine. I can't upgrade to 2.1.x yet because FreeBSD does not yet have a port for SASL 2.x and I don't feel like going off the beaten path for this. I have sasl 2 on freebsd from source working and I know the Scot W. Hetzel ( who does sasl 1) has done a port in the ports collection for sasl v2 ( note he sent me an email about I havent actually checked ports). as for the unixhierarchysep goto www.surf.org.uk/downloads/ there is a patch that should (hopefully) work it might very probably include altnamespace too. -- Simon Loader
Re: cyrs-imapd HIERSEP?
On Sun, 2002-03-10 at 19:16, Jeff Bert wrote: > can anyone point me to where i can d/l this? the link on the howto page at > http://dudle.linuxroot.org/docs/postfix_cyrus/ is broken. > > sorry if you think I've been flooding info-cyrus lately with all my > questions... all have been answered except for this one. > http://www.surf.org.uk/downloads/ Has a patch you can apply -- Simon
Re: is it possible to use mailbox names like user@domain.tld ?
> but i cannot deliver messages to that mailbox. > > cat msgfile | deliver [EMAIL PROTECTED] > [EMAIL PROTECTED]: Mailbox does not exist > > lmtpd / deliver seas the @ as splitting a realm there is a one line mod ( search archive I posted a diff once) which will enable @`s to work
Re: Make a Linux mail server talk to Microsoft Outlook 2000
On Tue, 2002-03-26 at 19:34, Anderson - Informática - Ind. Machina Zaccaria wrote: > Hello! > > Can someone help me... > > I Have a Linux server and I wanted to know if is there a way to make > Microsoft Outlook 2000 brings a list of mail server users from the Linux > server always when the client clicks on the "TO" button? > Cant you use an ldap address book in outlook for this ? -- Simon
Re: Using deliver from perl
On Tue, 2002-03-26 at 19:18, Scott Russell wrote: > Greets. > > Does anyone have any examples for using cyrus deliver from perl? I'm making > a few perl admin scripts and would like to use the deliver exec to directly > dump mail into a users mailbox. > You could use Net::LMTP instead ?? ( or support both) How to use deliver is mainly in the deliver manpage . Its really easy to use by hand. -- Simon
Re: Using deliver from perl
> > > > You could use Net::LMTP instead ?? ( or support both) > > Can Net::LMTP force a message to be delivered even if the mailbox is over > quota? Erm I think so definitely patch it in easily having had a brief look at the LMTP RFC. > > > How to use deliver is mainly in the deliver manpage . Its really > > easy to use by hand. > > > > Yeah, saw the man page. Was getting lmtp socket errors calling it from the > command line by hand. I figured I was missing something an example would be > enough to set me straight. Dont have one... to hand ( probably permissions on lmtp socket if it is a unix socket) -- Simon Loader
Re: cyrus imapd 2.1.3
this is all ok if you notice it is looking for libraries and finding
them , I cant see one it fails on.
--
Simon
>
> Got an interesting output. I hope it´s ok to post it here, sorry.
>
> execve("./master", ["./master"], [/* 48 vars */]) = 0
> open("/etc/ld.so.preload", O_RDONLY)= -1 ENOENT (No such file or directory)
> open("/usr/local/lib/i686/mmx/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or
>directory)
> stat("/usr/local/lib/i686/mmx", 0xb174) = -1 ENOENT (No such file or directory)
> open("/usr/local/lib/i686/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or
>directory)
> stat("/usr/local/lib/i686", 0xb174) = -1 ENOENT (No such file or directory)
> open("/usr/local/lib/mmx/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or
>directory)
> stat("/usr/local/lib/mmx", 0xb174) = -1 ENOENT (No such file or directory)
> open("/usr/local/lib/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
> stat("/usr/local/lib", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
> open("/usr/local/BerkeleyDB.3.1/lib/i686/mmx/libdl.so.2", O_RDONLY) = -1 ENOENT (No
>such file or directory)
> stat("/usr/local/BerkeleyDB.3.1/lib/i686/mmx", 0xb174) = -1 ENOENT (No such file
>or directory)
> open("/usr/local/BerkeleyDB.3.1/lib/i686/libdl.so.2", O_RDONLY) = -1 ENOENT (No such
>file or directory)
> stat("/usr/local/BerkeleyDB.3.1/lib/i686", 0xb174) = -1 ENOENT (No such file or
>directory)
> open("/usr/local/BerkeleyDB.3.1/lib/mmx/libdl.so.2", O_RDONLY) = -1 ENOENT (No such
>file or directory)
> stat("/usr/local/BerkeleyDB.3.1/lib/mmx", 0xb174) = -1 ENOENT (No such file or
>directory)
> open("/usr/local/BerkeleyDB.3.1/lib/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file
>or directory)
> stat("/usr/local/BerkeleyDB.3.1/lib", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
> open("/etc/ld.so.cache", O_RDONLY) = 5
> open("/lib/libdl.so.2", O_RDONLY) = 5
> open("/usr/local/lib/libdb-3.3.so", O_RDONLY) = -1 ENOENT (No such file or directory)
> open("/usr/local/BerkeleyDB.3.1/lib/libdb-3.3.so", O_RDONLY) = 5
> open("/usr/local/lib/libresolv.so.2", O_RDONLY) = -1 ENOENT (No such file or
>directory)
> open("/usr/local/BerkeleyDB.3.1/lib/libresolv.so.2", O_RDONLY) = -1 ENOENT (No such
>file or directory)
> open("/lib/libresolv.so.2", O_RDONLY) = 5
> open("/usr/local/lib/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
> open("/usr/local/BerkeleyDB.3.1/lib/libc.so.6", O_RDONLY) = -1 ENOENT (No such file
>or directory)
> open("/lib/libc.so.6", O_RDONLY)= 5
> open("/dev/null", O_RDWR) = 0
> open("/dev/null", O_RDWR) = 1
> open("/dev/null", O_RDWR) = 2
> open("/etc/localtime", O_RDONLY)= 5
> fstat64(5, {st_mode=S_IFREG|0644, st_size=837, ...}) = 0
> open("/etc/cyrus.conf", O_RDONLY) = 7
> fstat64(7, {st_mode=S_IFREG|0644, st_size=993, ...}) = 0
> --- SIGCHLD (Child exited) ---
> open("/etc/cyrus.conf", O_RDONLY) = 7
> fstat64(7, {st_mode=S_IFREG|0644, st_size=993, ...}) = 0
> open("/etc/cyrus.conf", O_RDONLY) = 7
> fstat64(7, {st_mode=S_IFREG|0644, st_size=993, ...}) = 0
> open("/etc/nsswitch.conf", O_RDONLY)= 7
> fstat64(7, {st_mode=S_IFREG|0644, st_size=1342, ...}) = 0
> open("/usr/local/lib/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or
>directory)
> open("/usr/local/BerkeleyDB.3.1/lib/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No
>such file or directory)
> open("/etc/ld.so.cache", O_RDONLY) = 7
> open("/lib/libnss_files.so.2", O_RDONLY) = 7
> open("/etc/services", O_RDONLY) = 7
> fstat64(7, {st_mode=S_IFREG|0644, st_size=209624, ...}) = 0
> open("/etc/services", O_RDONLY) = 10
> fstat64(10, {st_mode=S_IFREG|0644, st_size=209624, ...}) = 0
> open("/etc/services", O_RDONLY) = 13
> fstat64(13, {st_mode=S_IFREG|0644, st_size=209624, ...}) = 0
> open("/etc/services", O_RDONLY) = 16
> fstat64(16, {st_mode=S_IFREG|0644, st_size=209624, ...}) = 0
> open("/etc/services", O_RDONLY) = 19
> fstat64(19, {st_mode=S_IFREG|0644, st_size=209624, ...}) = 0
> open("/etc/services", O_RDONLY) = 22
> fstat64(22, {st_mode=S_IFREG|0644, st_size=209624, ...}) = 0
> open("/usr/local/lib/libnss_compat.so.2", O_RDONLY) = -1 ENOENT (
Re: problems with cyrus...
On Sun, 2002-03-31 at 03:41, damm wrote: > I've read the faq, and found this question rather unanswered > > Mar 30 18:34:42 shell imapd[8703]: [ID 254344 user.error] could not > getenv(CYRUS_SERVICE); exiting > > what exactly does that mean and how can i correct this, i've ran it from command > line... inetd is running it fine, i'm running Cyrus-imapd 2.1.3 with sasl2 2.1.2 > If I remember rightly this is because you are running cyrus out of inetd when it actually uses a process called master to do that now. (re read the install docs) -- Simon
Re: LDAP accounts for Cyrus patch questions
On Fri, 2002-04-05 at 15:27, Veigar Freyr Jökulsson wrote: > Is anyone working on an LDAP patch for sasl-2.1 ? > goto http://www.surf.org.uk/downloads/ mysql and ldap auxprop patch. -- Simon
Re: LDAP accounts for Cyrus patch questions
On Fri, 2002-04-05 at 17:10, John Amodeo wrote: > Simon Loader has a patch in progress for saslv2: > > http://www.surf.org.uk/ > > I downloaded it to do some testing, but I can't get the patch to apply to sasl > 2.1.2... > If you have any luck, please pass on your secrets... > Might have been broken for the past week :( sorry fixed now.
Re: LDAP accounts for Cyrus patch questions
On Fri, 2002-04-05 at 17:55, Ted Knab wrote: > Have you had any luck with the patch ? > > I tried the new LDAP patch without success. Am I doing something wrong ? > > cd ~/cyrus-new/cyrus-sasl-2.1.2 > > patch -p0 < ../ldap-mysql_auxprop_sasl-2/mysql+ldapauxprop.patch > > automake -i > autoconf > > ./configure --with-ldapauxprop try --with-ldapauxprop=/usr/lib How ever much I try the autoconf stuff always seems to not quite work for everyone. > Hmmm. I have ldap though ? > > /etc/alternatives/libldap.so.3 > /usr/lib/libldap.so.2 > /usr/lib/libldap.so.2.0.15 > /usr/lib/libldap.so.3 > /usr/lib/libldap_r.so.2 > /usr/lib/libldap_r.so.2.0.15 > > This is openldap yes ? What OS is this on ? -- Simon
RE: LDAP accounts for Cyrus patch questions
On Tue, 2002-04-09 at 02:27, Tim Pushor wrote: > > Stupid question alert: > > This is my first foray into LDAP. I am starting by building LDAP (which > is required by SASL, with Simon's auxprop patch), but the docs for > building LDAP say that LDAP won't be V3 compliant 'unless OpenLDAP's > configure detects a usable Cyrus SASL installation'? Chicken and egg > problem? Is V3 compliance important? > On a more amusing note openldap only supports sasl V1 not Sasl V2 and as sasl V1 and sasl V2 use the same name space it all goes wrong big time. for V3 compliance I cant see it been that important. -- Simon
Re: Fw: Alternate Namespace
On Wed, 2002-04-10 at 07:59, [EMAIL PROTECTED] wrote: > Anthony Brock schrieb am Tue, Apr 09, 2002 at 11:19:28PM -0700: > > Where would you find this patch? > > Mmmh, maybe my post was a littly fast - I was sure I saw it flying around > somewhere. However, you may begin with > > http://www.surf.org.uk/downloads/HIERSEP-r2.patch > That should apply to 2.0.16 , but it might not be all there. Cyrus do encourage movement to cyrus 2.1.x which has all these features. -- Simon
Re: LDAP accounts for Cyrus patch questions
> > form). That means if anyone ever gets access to your sasldb, you are > > hosed. Not true for an LDAP database, stores passwords in hashed form. > > There is no requirement in SASL that says that passwords must be stored in > cleartext. Yes, it is true that libsasl's sasldb does so, however this is > an easily plugable backend that can be changed for whatever type of > password database you desire, provided that someone has written an auxprop > plugin for it. > I dont see how this would work ? An auxprop plugin gets a username/ realm and a list of properties to return ? Are you saying it should return the password encrypted and then use a patch like someone did a couple of weeks ago. Or is there some other way for an auxprop to return the correct thing ? -- Simon
Re: LDAP accounts for Cyrus patch questions
O > Most of the mechanisms that can take plaintext passwords can also take the > hashes, the problem is that the type of hash they need varies based on > mechanism. > > This is, by the way, how the database conversion works. > > So, any auxprop plugin that can return either a hash of the correct format > for the mechanism via the "cmusaslsecret(MECHNAME)" properties, or a > plaintext password via the userPassword property should be doing "the > right thing" Ah I see.. the auxprop plugins I have written often get 2 properties but I thought the second was CMU specific thing. userPassword and cmusaslsecret(what ever) . So for all those people who might want to use this they just need to set a property in ldap or mysql of cmusaslsecret(MECHNAME) (in case of mysql you %p the select statement to make sure it gets the correct thing). -- Simon turned down for another job doing well thinking of writing a book how not to get a job.
Re: Postfix/Cyrus reports "temporary failure"
On Wed, 2002-04-10 at 21:59, Dustin Puryear wrote: > Any help on this one? We are quite stumped. At this point our only other > option is to drop Cyrus, which we'd rather not do. > What is the quota of the users ??? -- Simon
Re: Connection refused
On Wed, 2002-04-17 at 10:08, abarthel wrote: > Hello > > That's still what I still have this morning. > > lx93:/home/alain # /usr/cyrus/bin/master & > [1] 6137 > lx93:/home/alain # imtest -m login -a cyrus localhost > connect: Connection refused > failure: Network initialization > > Apr 17 10:45:14 lx93 master: unable to change limit of file descriptors > available > Apr 17 10:45:14 lx93 master[6137]: process started > Apr 17 10:45:14 lx93 master[6137]: ready for work > Apr 17 10:48:15 lx93 deliver[6153]: connect(/var/imap/socket/lmtp) failed: What are the permissions on /var/imap/socket/lmtp and what does deliver run as ? -- Simon
Re: problems with php-imap
On Mon, 2002-04-22 at 12:29, Tarjei Huse wrote: > Hi, > > I'm running a cuple of servers with php + mysql. Now, on one server I am > running a setup with PHP 4.0.6 (patched for security) and Cyrus Imapd > 1.5.x. I am having large problems getting this to work. The server > functions w/o problems except that it segfaults every time I use the > imap-open call. So does this use cclient as the imap support for PHP ? Personally I have found that buggy in the past try upgrading to the latest version. > > I have seen others having reproted equal problems to this list, so I am > wondering if this is a known bug or if anyone has experienced this. > > Also, I whant all possible tips for locating the error. Here is a problem I had and how I found and fixed it. Using: php,mod-ssl,apache to do webmail. Problem: It would SEGFPE every so many request (sometimes just 2 sometimes 100`s) Tried to chase in the php code where this bug was and not trying mod_ssl (encryption must use the FPU alot etc.). Eventually compiled php with -ggdb (debug symbols) setup my FreeBSD to core dump in the same area and played. After backtracing several coredump I found the this happened when the php added or subtracted 2 large numbers together. After a bit more debug the FPU was broken on the CPU and it now runs with FPU emulation and is ok. Interesting that that was the only thing that tickled the FPU. So compile php in debug mode is my advice. -- Simon
Re: using spam control tools
On Wed, 2002-04-24 at 11:46, Marcel van der Boom wrote: > In search for a spam control tool to use in combination with cyrus I > couldn't find something to our liking. you should be able to use anything as spam control should be MTA based. I have used spam assassin in the past but I don't know if there is a webfront definitely possible and to not have them to have shell accounts. > > Our first choice would be: > > mapSoN (http://mapson.sourceforge.net) > === > uses a direct delivery to mailbox (/var/spool/mail like) mechanism so > cannot be used directly with cyrus (right?) > > What we want: > - combination of *user* manageable blacklists and whitelists > - optional confirmation mechanism for first time senders > - preferably web based administration > - cyrus interoperability (initialy for users with shell account, but > later also for cyrus only users) > > Any suggestions for this? > > Thanks > > Marcel > > >
Re: usernames
On Wed, 2002-04-24 at 19:41, Luc de Louw wrote: > Hi! > > Do you know if its possible to have cyrus users like user@domain ? > If not, any suggestions? Yes. use lmtp patch at www.surf.org.uk (there are reasons not to do it though) -- Simon
Re: Sieve + RBL = SICK!
(just adding my red diesel ) Doesn't RBL check the IP address that people connect with ? Now as a SMTP server you have this implicitly , later on it would have to be taken from the headers, to find the ip. Possible bit of a pain, just need to find the received header your machine on... Definitely easier todo in the MTA. -- Simon
Re: Cyrus and MySQL HOWTO?
On Sun, 2002-04-28 at 03:22, Dustin Puryear wrote: > I installed Cyrus via ports on FreeBSD. We want to manage Postfix and Cyrus > via mysql, so we installed both with mysql support. Unfortunately, I don't > see documentation about configuring Cyrus for mysql. Is the mysql support > that comes with Cyrus in ports the same as: > http://www.dmzs.com/~dmz/projects/cyrus-sasl-mysql/ > > If so I can follow the example in: > http://www.dmzs.com/~dmz/projects/cyrus-sasl-mysql/imapd.conf. However, > that path seems to be a bit of work. > The FreeBSD port is from www.surf.org.uk and http://sourceforge.net/projects/cyrus-utils/ (there is some information there) It is based on DMZ`eds code ( it probably has the same options ). -- Simon
Re: cyrus, mysql, is anyone out there?
On Thu, 2002-05-02 at 03:48, Dustin Puryear wrote: > Okay, one final try. Is anyone in the world that happens to be on this list > using mysql with cyrus? I can't be the only one. If you do exist, and I'm > happy to see that you do, I have cyrus compiled with mysql support. > Unfortunately, when I try to auth against Cyrus via POP3 or whatever I get > an error that Cyrus can't select the mysql database. I have used it but not this version. > > I have imapd.conf with: > > sasl_pwcheck_method: mysql > sasl_mysqluser: mail > sasl_mysqlpasswd: secret > sasl_mysqlhost: localhost > sasl_mysqldatabase: mail > sasl_mysqltable: accountuser > sasl_mysqluidcol: username > sasl_mysqlpwcol: password > test this works echo "select password from accountuser where username = 'dom0001'" | mysql -u mail -p -h localhost mail (or seomthing like that) Remeber with sasl V1 it will be via plain text.
Re: Virtual Mailboxes
On Thu, 2002-05-02 at 05:56, Igor Brezac wrote: > > On Thu, 2 May 2002, Devdas Bhagat wrote: > > > > > > > I'd like to avoid this if I can, but I may have to go this route. What is > > > the cyrus mailbox name for [EMAIL PROTECTED] vs [EMAIL PROTECTED]? > > user/user.dom.ain , user/user2.dom.ain > > The rewrite code is basically s/@/./, with calls in the appropriate > > places in the authentication mechanisms. > Personally I use the alternative hierarchy separator a patch to lmtp to allow @ and of I go (this gets rid of realms in in lmtp though which Im not sure of the effect). It just means I dont have to rewrite names all the time. -- Simon
Re: update: Re: cyrus, mysql, is anyone out there?
> I have the pam solution WORKING for imap authentication, but not for pop3 > authentication. Weird, I know. First, let me show you the test connections: > you will probably find that pop3 does not allow usernames to start with numbers. Check the source or try a different username. -- Simon
Re: consistent ldap login problem
> > I do believe that you are correct about all users having to be in > the same rdn. That's not difficult to change, though. This is true but... Itis not that hard to change. Someone did change it and sent it to the mailing list ( actully I think they use clayton donleys code ? but my patch as an example??) Anyway it in the mailing list. Send me a mail if you cant find it ... -- Simon
Re: consistent ldap login problem
> Is there any particular reason to use the SASL patches and not PAM LDAP? > Performance gains? Easier configuration? > The sasl patch was written for a product which did not have PAM bundled with it. ( althought that was an option). It probably has very minor performance gains (unnoticeable on 90% of configs) , and if you know C the source is easy so could be easier to configure. Its really for people who cant use PAM or want something slightly different. -- Simon
Re: berkeley to cyrus conversion
[EMAIL PROTECTED] wrote: > > Nick Sayer writes: > > > >I wrote a perl script that takes a Unix "mbox" formatted mailbox and > >uploads it to an IMAP folder. I could post and/or e-mail it if there is > >any demand. > > Does it preserve status flags? If so, I'm certainly interested. > Otherwise, I'll just use procmail/formail. > With IMAP you have a great advantage. What I tend to do is have 2 imap servers running and tell people to drag and drop mail from there current folders to there new IMAP server. (this has the second advantage of making people sort there boxes out) Note: I dont have that many users so this does not become a major pain. -- Simon
Re: renaming users
Patrick Childers wrote: > > I was having troube renaming users. > I wanted to rename users from user.patrickc to user.PatrickC > > Is this possible? there is some code sent to a the list check the archives. -- Simon
Re: netscape 4.77 and filters
Sam Smith wrote: > > The filters work on my old UW imap server. On the cyrus server, I can create a > filter and save it. If I look again - it's not there. This is on Windows 2000. > Anybody else seen this problem? > Filters are not saved on the IMAP server (AFAICR) I have had filiters working in previous times cyrus 1.5.xx and netscape 4.xx. -- Simon
[OT] Outlook Express: altnamespace issue
> IMHO, the architecture is correct (similar to other commercial variants > of Cyrus) and the problem lies completely with OE. > Out of interest what are the commercial variants of cyrus ? The only one I think I know of is some Canadian company of which the name escapes me. -- Simon
Re: CERT with two IPs ????
> > The server you are connecting to is using a security > certificate which is expired or is not yet valid. > Do you wish to continue using this server? > > I think the problem might be that the servers > certificate is tied to the external IP address. If I > do a nslookup here on the LAN for mailhost both the > routable and non-routable IPs will be returned. Can > someone help me out with a solution of work around on > this. I would greatly apreciate it. > Thanks > Certs are connected to domain. HTH
Re: LMTPD signaled to death by 11 - neverending story [the end]
Lawrence Greenfield wrote: > >Date: Mon, 1 Oct 2001 11:00:22 +0200 >From: Szymon Juraszczyk <[EMAIL PROTECTED]> > > I just changed > >sprintf >(messageToSend,"%s\n%s\n%s\n%s\n%s\n",class,instance,user,mailbox,message); > > to > >sprintf (messageToSend,"%s\n%s\n%s\n%s\n",class,instance,user,mailbox); >cnt = write(sock, messageToSend, strlen(messageToSend)); >cnt += write(sock, message, strlen(message)); >cnt += write(sock, &newline, 1); This doesnt fix the buiffer overrun. messageToSend is still 2K and can be overwritten howabout snprintf(messageToSend,sizeof(messageToSend) -1,"%s blah blah blha) -- Simon
Re: Sieve error in :matches clause
Ken Murchison <[EMAIL PROTECTED]> writes: >> I suspect you're right, William. AFAICT this goes against the RFC however, >> since you should only get regex when you use the :regex comparator. >> >> Ken--is this a bug... a feature... a misdiagnosis...? > > It appears to be a bug caused by using fnmatch(3) to perform the match. > fnmatch(3) performs glob-style matching, which treats '?', '*' AND '[' > as special -- see glob(7). The workaround is to escape the []: > > header :matches "subject" "*\\[spam score 10.0/10.0 -pobox\\]*" > > Feel free to bugzilla this, but I doubt it'll be at the top of anyone's > list, since using fnmatch(3) is just too convenient. Maybe a quick workaround could be to, in the Cyrus Sieve code, replace [ with \[ in the string that is passed to fnmatch()? Then you don't need to rewrite fnmatch.
Re: Locking problem in Cyrus 2.0.16 Revisited
>
> This doesn't seem to be the offending process; it's the open
> demonstrating the symptom, but much more important is the process that
> is holding the lock that it can't get.
>
> lsof on the file that it is attempting to lock ("print filename" from
> gdb) will show what process is actually holding the lock.
Just to get this correct this is a problem not seen
at CMU ?
--
Simon
Re: Virus Scanner 4 BSD
cyrus-mailinglist wrote: > > Hi Folks! > > One Question! > > What is the best virusscanner 4 FreeBSD? > This all depends on opinon there are several out there and if you run in linux comaptabilty mode you can find even more. Sophos is quite good. I like f-prot which is doing a free beta test of there linux version. Here are just a couple. www.sophos.com www.f-prot.com www.free-av.com www.hbedv.com -- Simon Loader
Re: [POLL] Cyrus v2.1 and SASL v2
Ken Murchison <[EMAIL PROTECTED]> writes: > The biggest (only?) downside for existing installations is that any > secrets stored in sasldb would have to migrated to the new format. This > will require resetting all of the users passwords because they can not > be extracted from the old sasldb (unless you have been using my APOP > patch). Is it possible to extract users' passwords from the new format, so that we don't have to experience this problem again?
Re: [POLL] Cyrus v2.1 and SASL v2
Ken Murchison wrote: > > Cyrus users, > > We are getting close to releasing Cyrus v2.1 (yeah, I know I've said > this a bunch of times already) and we are leaning towards making it > dependent on SASL v2. We would like to do this for a number of reasons: > > 1. Take advantage of the benefits of SASL v2 (improvements in memory > management, support for additional plugin types, simplified database > support, and improved error reporting). > Hopefully I should be able to get an LDAP (mysql possibly) plugin to work soon and a mysql one possibly I did start some code but finding a job gave presidence. (now given up). I think it would aid alot of things moving especial better support for different auth systems. -- Simon
Re: Aliases and virtual domain hosting
Henrique de Moraes Holschuh wrote:
>
> On Sat, 24 Nov 2001, Kevin J. Menard, Jr. wrote:
> > Tuesday, November 06, 2001, 7:44:04 AM, you wrote:
> > MF> If you decide that 1 IP per domain is not acceptable, which
> > MF> anybody who does lots of virtual hosting generally does, then
> > MF> I recommend you apply the sep-heirarchy patch which will
> > MF> allow you to use straight email addresses as account names.
> >
> > This is true, but lmtpd will not. It splits on '@' for Kerberos realms or
> > something.
>
> That is a serious limitation. Does lmtp allow one to send to it 'quoted'
> addresses? something like foo\@virtual.domain.org to skip the kerberos
> realm check?
The part where it check for user existence does the @ split its self
It seems to work when taken out.
change lmtpengine.c
line 936 from
while ( *addr != '@' && *addr != '>') {
to
while ( *addr != '>') {
The kerberos realm seems to be seprate.
It does work.
( I must learn kerberos some day).
--
Simon
Re: SASL LDAP patch - way to specify multiple servers?
> > We use SASL1->LDAP in a clusterd HA environment with the LDAP patch supplied by > http://www.surf.org.uk/src/cyrussasl.html which AFAIK does not support multiple > LDAP servers. We are at the moment suggensting a switch to SASL1->PAM->LDAP, > which is not as fast, but will support multiple LDAP servers the way noted above. > > We would be pleased if someone could implement this feature on a standard base > not by exploiting a "feature" in the current OpenLDAP libs (which we think wasn't > originally intended by the OpenLDAP folks). > erm I lost this thread a bit , did kevin say he was going to do this ? Anyway I knocked up a version (well autoconf took its time again) for 1.5.27 patch version its at surf.org.uk now and go on to sourceforge at the moment. totatlly unrelated but ... Can auxprops on sasl v2 be used to authenticate ??? Can I get the users password to be able to bind with ? or should I just do anonymous ? -- Simon
Re: Impact of SSL and Stunnel on Cyrus
Gary Flynn <[EMAIL PROTECTED]> writes: > I'd be interested in hearing about others' experiences on > the impact of stunnel or SASL on server resources. Any > thoughts on the relative merits of either architecture > of providing SSL sessions would also be appreciated. We'll > need to protect both the IMAP and IMSP sessions. > > Some background: > > 1) We're running an older version of Cyrus and, for a variety >of reasons, are hesitant about upgrading to the 2.x version >at this point in time if we can implement SSL sessions robustly >without doing the upgrade. > > 2) We have about 4000 simultaneous users at peak times. Two years >ago, we saw peak authentication request rates of 18/second. Its >likely higher now. > > 3) We've had CPU utilization issues in the past attributed to >authentication overhead on HPUX. Hardware is an HP V2250 running >hpux 11 with 4 CPUs and 6GB of memory. I believe TLS would eat non-neglible amount of CPU for your setup. I would split your users to multiple servers to start with. Or use front ends which is the TLS endpoint, and proxies the session to the right server, then the mail server doesn't need to do TLS as well.
Re: [PATCH] daemonization support for master
Henrique de Moraes Holschuh wrote:
>
> This patch should be applied on top of the previous one in this thread (in
> message <20011128123038.K13192@khazad-dum>).
>
> It adds configure support for --enable-pidfile (which enables pidfile and
> daemon mode). The full filename (with path info) for the pidfile can be sent
> as the optional argument for --enable-pidfile.
>
> The default is the old behaviour (no pidfile). The default pidfile is
> /var/run/cyrus-master.pid (unlikely to cause colisions).
just a quicky I currently use a shell script like this :-
#!/bin/sh
case "$1" in
start)
if [ -x /usr/cyrus/bin/master ]
then
/usr/cyrus/bin/master &
echo $! > /var/run/cyrus.pid
echo -n " Cyrus Master"
fi
;;
stop)
if [ -e /var/run/cyrus.pid ]
then
kill `cat /var/run/cyrus.pid`
rm /var/run/cyrus.pid
fi
;;
*)
echo "usage: $0 {start|stop}" 1>&2
exit 64
;;
esac
which sort gives the same control.
--
Simon loader
yes I do need a job.
Re: [PATCH] daemonization support for master
Henrique de Moraes Holschuh wrote: > > On Tue, 04 Dec 2001, Simon Loader wrote: > > /usr/cyrus/bin/master & > > echo $! > /var/run/cyrus.pid > > > > which sort gives the same control. > > Well, it depends. The pidfile support inside master allows it to fork() at > will and still keep the pidfile current. This way, we can setsid() without > any sort of trouble... so it has its advantages. > I do agree just thought Id show a way to do it now. (i amazed more services dont come with scripts like this). -- Simon
Re: [CYRUS] My folders are gone, Please read!
Todd Nemanich wrote: > > I would recommend two things to figure out what's > going on. First, under your configdirectory (mine > is /var/imap/) create a logs/dudle/ directory. > That should let you see the commands being sent > back and forth between the client and server while > you work on it. I've seen a problem with mozilla > where it ignores the seperator specified by the > server when sending a sub command, which could be > why you are having trouble subscribing to folders > under netscape. > The second thing I would recommend, is going into > your server preferences on your client, and > deselect the "show only subscribed folders". This > should let you look at all your folders so you can > see where your mail actually went. > Also check actual file repository/partation where ever the files are actully stored to make sure its all there. run reconstruct (man reconstruct) and see if that fixes things. -- Simon Loader poor unemployed. http://www.surf.org.uk/ to offer me work, will do freelance or anything that is going.
Cluster support in Cyrus IMAPD?
It is cheaper to buy another PC than to buy another CPU and add the CPU to your existing PC, so I would like to have two Cyrus IMAPD servers that mirror each other. Is this possible? Is the "Cyrus murder" related to this? From what I remember, it was only a front-end to multiple but separate servers, but I didn't really install and use it so I may be wrong. It is also better from a fail-over point of view, I want my mail server completely mirrored in two different physical locations. Right now, if my IMAP server crashes, I lose. Receiving mail is not a problem, sendmail queues them up fine and I can have backup-MX's, but I can't read my mail until the server is up. I'm thinking about a daemon that synchronizes the /var/spool/imap directory tree between machines, either with cooperation with Cyrus IMAPD or not. You probably don't need to hook into Cyrus IMAPD, but perhaps the performance can be increased if you do. It feels like a weekend hack, which is about the amount of time I have for it. :-)
Re: Cluster support in Cyrus IMAPD?
Ken Murchison <[EMAIL PROTECTED]> writes: > Well, you'd also have to sync /var/imap so you'd keep the mailbox db, > seen state, subscriptions and quotas in sync. You'd probably have to > quiesce Cyrus so that no mail gets delivered, read, moved, etc. > > You could use rsync to do the replication or I believe that there are > some network RAID1 solutions out there. > > If I was going to do this myself, I'd get myself a dual ported FC RAID5 > box, and setup a SAN with my 2 servers both talking the RAID5. You'd > need some SAN software to share the filesystem. Something like SGI's > CXFS *should* work nicely. I was thinking of doing more distributed mirroring, I want one mail server in one end of the country and another in the other end of the country and they should be synced. I could setup two iSCSI devices (SCSI over IP), one on each machine, and then run software RAID-1 on them from the two places. I wonder if there is a free or open source file system that could handle concurrent access? This would actually be a much more clean approach than using rsync, which I've also been thinking about.
Re: Cyrus IMAP v2.1.0 BETA released
Lawrence Greenfield <[EMAIL PROTECTED]> writes: > I'm pleased to announce Cyrus IMAP 2.1.0. I guess this is CVS tag cyrus-release-2-1-0, but where does development for future 2.1 versions take place? HEAD?
Re: Webmail for Cyrus Imap ?
This was a interesting thread, and I was happy to see that at least one suggestion, Jawmail, supported WAP, but it caused my stock RedHat 7.1 Apache/PHP build to crash when I ran "install.php"... So, are there any other IMAP interfaces with WML support? Any experiences?
Re: Netscape: Copying message to Sent folder: permission denied
>It wsa the cyrus admin user that did this. > >I tried to delete the folders with cyradmin but it says: > >rm: cannot remove `Drafts': Permission denied > >same for the Sent Items and INBOX fodlers that Outlook Express >automatically vreated when the admin user loged in. You need to add permission setacl Drafts c (or something like that Im not near a computer as such at the moment) -- Simon
Re: ssl-certificates per hosted domain
At 02:08 AM 1/2/2002 +0100, Peter Pilsl wrote: >Is it possibly to provide more than one ssl-certificate on one >imap-server ? > >I host several domains here and each domain gets its imap domainname >for fetching their mails like imap.customer1.com imap.customer2.com >... > >And I want give any of the the possibility to use SSL-secured >connections when fetching their mails. You would need one IP per ssl cert. and config cyrus to run a different config for each IP. This an SSL restriction the same is true for https. ( think about the ssl is done and it make sense) >ps: Do I have troubles with this list or wasnt there any traffic for >days now ? NO traffic it been that time of year.
Re: Reliable mailstore
[EMAIL PROTECTED] writes: > We also built HA for each mailstore, such that it are in fact two > systems clustered by the kimberlite software mounting a shared > RAID in a failover situation. See > > http://oss.missioncriticallinux.com/projects/kimberlite/ > > for details. Did you considered more decentralized fail-over? I'm thinking about having synchronized IMAP servers present at physically separate locations. Any thoughts on this?
Re: cyradm authentication
Daniel Yu schrieb: > > Try cyradm --user mailadmin --auth login localhost or cyradm --user > mailadmin --auth plain localhost Authtype LOGIN is not supported according to the FAQ and it seems that whenever LOGIN works, it also works with PLAIN. Is it the same in the end? Simon > > -Original Message- > From: Justin Wood [mailto:[EMAIL PROTECTED]] > Sent: Monday, February 11, 2002 5:45 PM > To: [EMAIL PROTECTED] > Subject: cyradm authentication > > I just blew away my 2.0.16 install and replaced it with 2.1.1. I am > using saslauthd with pam to authenticate, and have it working fine for > imapd and timsieved. However, I can't authenticate to cyradm. I get > the following in syslog: > > Feb 11 15:36:20 fs1 imapd[4913]: badlogin: fs1.p.flipdog.com[10.69.2.71] > plaintext cyradm SASL(-13): authentication failure: checkpass failed > > My pam is configured to use ldap to authenticate, and I see in my ldap > logs that it's finding the user cyradm just fine. Am I missing > something simple here? Has anyone else had this problem? > > Thanks in advance, > Justin. > -- > -- > Justin Wood [EMAIL PROTECTED] > Systems Administrator > FlipDog.comhttp://www.flipdog.com/ > --
Re: cyradm authentication
"Justin G. Wood" schrieb: > > I tried both, to no avail. I've included some lines from auth.log that I forgot > to paste last time. Also, FYI, I'm using FreeBSD 4.5. > > --- login attempts --- > bash-2.05a$ cyradm --user cyradm --auth login localhost Are you sure your cyrus user is cyradm? Can you try cyradm --user cyrus --auth login localhost or cyradm --user cyrus --auth plain localhost And if it fails, did you set a password for the cyrus user? HTH -Simon > IMAP Password: > Login failed: authentication failure at > /usr/local/lib/perl5/site_perl/5.6.1/mach/Cyrus/IMAP/Admin.pm line 78 > cyradm: cannot authenticate to server with login as cyradm > bash-2.05a$ cyradm --user cyradm --auth plain localhost > Password: > IMAP Password: > Login failed: authentication failure at > /usr/local/lib/perl5/site_perl/5.6.1/mach/Cyrus/IMAP/Admin.pm line 78 > cyradm: cannot authenticate to server with plain as cyradm > perl in free(): warning: chunk is already free > > --- auth.log corresponding lines --- > Feb 12 08:07:51 fs1 saslauthd[4368]: DEBUG: auth_pam: pam_acct_mgmt failed: User > not known to the underlying authentication module > Feb 12 08:07:51 fs1 saslauthd[4368]: AUTHFAIL: user=cyradm service=imap realm= > [PAM acct error] > Feb 12 08:07:51 fs1 imapd[31372]: authentication failed > Feb 12 08:08:13 fs1 perl: All-whitespace username. > Feb 12 08:08:13 fs1 perl: No worthy mechs found > Feb 12 08:08:16 fs1 saslauthd[4369]: DEBUG: auth_pam: pam_acct_mgmt failed: User > not known to the underlying authentication module > Feb 12 08:08:16 fs1 saslauthd[4369]: AUTHFAIL: user=cyradm service=imap realm= > [PAM acct error] > Feb 12 08:08:16 fs1 imapd[31378]: authentication failed > > Quoting Daniel Yu <[EMAIL PROTECTED]>: > > > Try cyradm --user mailadmin --auth login localhost or cyradm --user > > mailadmin --auth plain localhost > > > > -Original Message- > > From: Justin Wood [mailto:[EMAIL PROTECTED]] > > Sent: Monday, February 11, 2002 5:45 PM > > To: [EMAIL PROTECTED] > > Subject: cyradm authentication > > > > > > I just blew away my 2.0.16 install and replaced it with 2.1.1. I am > > using saslauthd with pam to authenticate, and have it working fine for > > imapd and timsieved. However, I can't authenticate to cyradm. I get > > the following in syslog: > > > > Feb 11 15:36:20 fs1 imapd[4913]: badlogin: > > fs1.p.flipdog.com[10.69.2.71] > > plaintext cyradm SASL(-13): authentication failure: checkpass failed > > > > My pam is configured to use ldap to authenticate, and I see in my ldap > > logs that it's finding the user cyradm just fine. Am I missing > > something simple here? Has anyone else had this problem? > > > > Thanks in advance, > > Justin. > > -- > > -- > > Justin Wood [EMAIL PROTECTED] > > Systems Administrator > > FlipDog.com >http://www.flipdog.com/ > > -- > > > > > > > > --- > Justin Wood [EMAIL PROTECTED] > Systems Administrator > FlipDog.com http://www.flipdog.com/ > --- -- Simon Matter Tel: +41 61 695 57 35 Fr.Sauter AG / CITFax: +41 61 695 53 30 Im Surinam 55 CH-4016 Basel [mailto:[EMAIL PROTECTED]]
Re: cyradm authentication
Justin Wood schrieb: > > Yes, I'm sure my cyrus user is cyradm. I reset the password just in > case as well. It appears to be finding the user from ldap properly: > > Feb 12 08:08:16 fs1 slapd[4498]: conn=29 op=1 SEARCH RESULT tag=101 > err=0 text= > Feb 12 08:08:16 fs1 slapd[4498]: conn=29 op=2 BIND > dn="UID=CYRADM,OU=ADMINISTRATIVE,DC=FLIPDOG,DC=COM" method=128 Hm, and your PAM LDAP configuration is okay? Because you get ..User not known to the underlying authentication module Does authentication work for other sessions like pop-3? > > -Justin. > > On Tue, 2002-02-12 at 08:37, Simon Matter wrote: > > "Justin G. Wood" schrieb: > > > > > > I tried both, to no avail. I've included some lines from auth.log that I forgot > > > to paste last time. Also, FYI, I'm using FreeBSD 4.5. > > > > > > --- login attempts --- > > > bash-2.05a$ cyradm --user cyradm --auth login localhost > > > > Are you sure your cyrus user is cyradm? Can you try > > > > cyradm --user cyrus --auth login localhost > > > > or > > > > cyradm --user cyrus --auth plain localhost > > > > And if it fails, did you set a password for the cyrus user? > > > > HTH > > -Simon > > > > > IMAP Password: > > > Login failed: authentication failure at > > > /usr/local/lib/perl5/site_perl/5.6.1/mach/Cyrus/IMAP/Admin.pm line 78 > > > cyradm: cannot authenticate to server with login as cyradm > > > bash-2.05a$ cyradm --user cyradm --auth plain localhost > > > Password: > > > IMAP Password: > > > Login failed: authentication failure at > > > /usr/local/lib/perl5/site_perl/5.6.1/mach/Cyrus/IMAP/Admin.pm line 78 > > > cyradm: cannot authenticate to server with plain as cyradm > > > perl in free(): warning: chunk is already free > > > > > > --- auth.log corresponding lines --- > > > Feb 12 08:07:51 fs1 saslauthd[4368]: DEBUG: auth_pam: pam_acct_mgmt failed: User > > > not known to the underlying authentication module > > > Feb 12 08:07:51 fs1 saslauthd[4368]: AUTHFAIL: user=cyradm service=imap realm= > > > [PAM acct error] > > > Feb 12 08:07:51 fs1 imapd[31372]: authentication failed > > > Feb 12 08:08:13 fs1 perl: All-whitespace username. > > > Feb 12 08:08:13 fs1 perl: No worthy mechs found > > > Feb 12 08:08:16 fs1 saslauthd[4369]: DEBUG: auth_pam: pam_acct_mgmt failed: User > > > not known to the underlying authentication module > > > Feb 12 08:08:16 fs1 saslauthd[4369]: AUTHFAIL: user=cyradm service=imap realm= > > > [PAM acct error] > > > Feb 12 08:08:16 fs1 imapd[31378]: authentication failed > > > > > > Quoting Daniel Yu <[EMAIL PROTECTED]>: > > > > > > > Try cyradm --user mailadmin --auth login localhost or cyradm --user > > > > mailadmin --auth plain localhost > > > > > > > > -Original Message- > > > > From: Justin Wood [mailto:[EMAIL PROTECTED]] > > > > Sent: Monday, February 11, 2002 5:45 PM > > > > To: [EMAIL PROTECTED] > > > > Subject: cyradm authentication > > > > > > > > > > > > I just blew away my 2.0.16 install and replaced it with 2.1.1. I am > > > > using saslauthd with pam to authenticate, and have it working fine for > > > > imapd and timsieved. However, I can't authenticate to cyradm. I get > > > > the following in syslog: > > > > > > > > Feb 11 15:36:20 fs1 imapd[4913]: badlogin: > > > > fs1.p.flipdog.com[10.69.2.71] > > > > plaintext cyradm SASL(-13): authentication failure: checkpass failed > > > > > > > > My pam is configured to use ldap to authenticate, and I see in my ldap > > > > logs that it's finding the user cyradm just fine. Am I missing > > > > something simple here? Has anyone else had this problem? > > > > > > > > Thanks in advance, > > > > Justin. > > > > -- > > > > -- > > > > Justin Wood [EMAIL PROTECTED] > > > > Systems Administrator > > > > FlipDog.com > > >http://www.flipdog.com/ > > > > -- > > > > > > > > > > > > > > > > > > --- > > > Justin Wood [EMAIL PROTECTED] > > > Systems Administrator > > > FlipDog.com http://www.flipdog.com/ > > > --- > > > > -- > > Simon Matter Tel: +41 61 695 57 35 > > Fr.Sauter AG / CITFax: +41 61 695 53 30 > > Im Surinam 55 > > CH-4016 Basel [mailto:[EMAIL PROTECTED]] > > > > > -- > -- > Justin Wood [EMAIL PROTECTED] > Systems Administrator > FlipDog.comhttp://www.flipdog.com/ > -- -- Simon Matter Tel: +41 61 695 57 35 Fr.Sauter AG / CITFax: +41 61 695 53 30 Im Surinam 55 CH-4016 Basel [mailto:[EMAIL PROTECTED]]
Re: user administration scripts
Steven M Bloomfield schrieb: > > hi, > Does anyone know if there are any good user administration scripts? > I would like to add users, set quotas etc. preferably in a web interface. > i'm wondering if i need to re-compile cyrus to use a mysql database for > authentication, is this a good idea? > do i need to re-compile? There are so many different ways to do this so it's a difficult question. There are tools like www.ispman.org where they use LDAP and nice Webinterfaces but I didn't try something like that. Anyway, if you use PAM for authentication you can just use any method which PAM knows to use with PAM. Simon > > cheers, > > Steven M Bloomfield > Webmaster, Virtual Manchester www.manchester.com > 0161 228 6155
Re: sieveshell not working with saslauthd
Ken Murchison schrieb: > > Simon Matter wrote: > > > > I'm using cyrus-imapd-2.1.1 and cyrus-sasl-2.1.1 and I'm not able to get > > sieveshell working. I'm using saslauthd to authenticate against PAM and > > it does work so far for POP3/IMAP and I finally found the trick to use > > cyradm. But I don't get sieveshell work as expected. > > > > timsieved is running: > > > > [root@dhcp-141-104 root]# telnet localhost sieve > > Trying 127.0.0.1... > > Connected to localhost. > > Escape character is '^]'. > > "IMPLEMENTATION" "Cyrus timsieved v1.1.0" > > "SASL" "DIGEST-MD5 CRAM-MD5 PLAIN LOGIN" > > "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress > > regex" > > "STARTTLS" > > OK > > > > I tried: > > > > [root@dhcp-141-104 root]# sieveshell --user=test localhost > > connecting to localhost > > Please enter your password: > > nable to connect to server: Authentication error at /usr/bin/sieveshell > > line 170, line 1. > > [root@dhcp-141-104 root]# > > > > /var/log/messages shows: > > > > Feb 11 15:48:55 dhcp-141-104 timsieved[12953]: Could not open > > /etc/sasldb2: gdbm_errno=3 > > Feb 11 15:48:55 dhcp-141-104 timsieved[12953]: Could not open > > /etc/sasldb2: gdbm_errno=3 > > Feb 11 15:48:55 dhcp-141-104 timsieved[12953]: no secret in database > > Feb 11 15:48:55 dhcp-141-104 timsieved[12953]: badlogin: > > localhost.localdomain[127.0.0.1] DIGEST-MD5 authentication failure > > > > Any ideas what I did wrong or is it a new 'feature'? > > Thanks! > > The problem is that timsieved is advertising DIGEST and CRAM, which > sieveshell will try to use before any plaintext mechanism. An --auth > option needs to be added to sieveshell (like cyradm) to get around > this. I plan on looking into this. > > If you don't need shared secret mechanisms for any part of your Cyrus > installation, you can either remove these plugins from /usr/lib/sasl2 or > add 'sasl_mech_list: plain' to imapd.conf. Thank you very much! It works again. I also tried to list different mechs but PLAIN first, but it does not check in the listed order so I really have only PLAIN now which is okay for me. I still don't really understand the SASL thing. Since I'm using PAM for authentication it seems that it is only one more layer between the application and PAM. The PLAIN mech is not a problem for me since I have a sealed server, right? If I configure PAM to use a remote LDAP server with TLS, I should also be secure concerning the network wire. Or do I miss something very important here? Simon > > Ken > -- > Kenneth Murchison Oceana Matrix Ltd. > Software Engineer 21 Princeton Place > 716-662-8973 x26 Orchard Park, NY 14127 > --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: sieveshell not working with saslauthd
Daniel Yu schrieb: > > New sieveshell uses sieve service name instead of imap. Try > cp /etc/pam.d/imap /etc/pam.d/sieve I'm using saslauthd, and it seems it uses shadow directly at the moment. Now I'm confused a bit because I have /etc/pam.d/imap and /etc/pam.d/pop but it has no effect I guess because saslauthd uses /etc/shadow, right? If I configure saslauthd to use PAM, which facility does it use? Simon > > -Original Message- > From: Simon Matter [mailto:[EMAIL PROTECTED]] > Sent: Monday, February 11, 2002 9:53 AM > To: info-cyrus > Subject: sieveshell not working with saslauthd > > I'm using cyrus-imapd-2.1.1 and cyrus-sasl-2.1.1 and I'm not able to get > sieveshell working. I'm using saslauthd to authenticate against PAM and > it does work so far for POP3/IMAP and I finally found the trick to use > cyradm. But I don't get sieveshell work as expected. > > timsieved is running: > > [root@dhcp-141-104 root]# telnet localhost sieve > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > "IMPLEMENTATION" "Cyrus timsieved v1.1.0" > "SASL" "DIGEST-MD5 CRAM-MD5 PLAIN LOGIN" > "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress > regex" "STARTTLS" OK > > I tried: > > [root@dhcp-141-104 root]# sieveshell --user=test localhost connecting to > localhost Please enter your password: nable to connect to server: > Authentication error at /usr/bin/sieveshell line 170, line 1. > [root@dhcp-141-104 root]# > > /var/log/messages shows: > > Feb 11 15:48:55 dhcp-141-104 timsieved[12953]: Could not open > /etc/sasldb2: gdbm_errno=3 > Feb 11 15:48:55 dhcp-141-104 timsieved[12953]: Could not open > /etc/sasldb2: gdbm_errno=3 > Feb 11 15:48:55 dhcp-141-104 timsieved[12953]: no secret in database Feb > 11 15:48:55 dhcp-141-104 timsieved[12953]: badlogin: > localhost.localdomain[127.0.0.1] DIGEST-MD5 authentication failure > > Any ideas what I did wrong or is it a new 'feature'? > Thanks! > > Simon
Re: Intermittent mailbox lockups
Hi I'm using Cyrus 2.1.1 on XFS on Software RAID with XFS enabled 2.4.9 RedHat Kernel. No problems so far but I can't really tell since it is not heavy loaded. It's just a test machine. Anyway I suspect you should upgrade to the 2.4.9 Kernel since the 2.4.3 has not passed my stress test which 2.4.9 passes very fine. Simon julesa schrieb: > > We've been living with this problem for some time, but it seems to be > occurring more often as we add users. It's still very intermittent, it > hits about three users a week. What happens is one of their mailboxes > just locks up and will not accept any new mail. Killing the master and > restarting it has no effect, but reconstruct -r user.[uid] fixes the > problem. > > We've upgraded from 2.0.15-HIERSEP to 2.1.1 and still have the problem. > We're using the RedHat db3 RPM version 3.1.17-5. We are also running the > Linus 2.4.3 kernel and using software RAID to mirror the message store > filesystem. I'm starting to suspect the problem's related to the kernel, > or perhaps to using Linux' software RAID. I should probably upgrade the > kernel anyway (to RedHat's 2.4.9 release, I'm thinking), but I'm > wondering if this problem will remain if I don't move the filesystem to > a non-mirrored drive. > > Is anyone else using the Linux kernel RAID with a Cyrus message store? > Any experiences, good or bad?
Re: Problem with sieve
Steve Wright schrieb:
>
> Hi
>
> I am running cyrus & have had for quite sometime with no problems.
>
> I would now like to use sieve with websieve as a gui.
> I have installed websieve but can not login.
> Websieve returns;
> System Error: IMAP::Sieve [ Login incorrect while connecting to localhost ]:
> NO ("SASL" "no mechanism available") "Authentication error"
The problem comes with the IMAP::Sieve module. I have it up and running
again. The problem is that if you use PLAIN auth, IMAP::Sieve does not
use it. I had to put the is my imapd.conf:
sasl_mech_list: PLAIN
I guess your problem is similar.
-Simon
>
> I have rtfm & searched google however the only relevant information I can
> find is from the cyrus docs (that come with cyrus) telling me if I telnet to
> the sieve port I should be greeted with;
>
> Connected to cyrus-dev.andrew.cmu.edu.
>Escape character is '^]'.
>"CMU Experimental Sieved version 0.99" "SASL={GSSAPI, ANONYMOUS, PLAIN,
> KERBEROS_V4}"
>
> This is not happening I am greeted with;
> Connected to localhost.
> Escape character is '^]'.
> "IMPLEMENTATION" "Cyrus timsieved v1.0.0"
> "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress regex"
> OK
>
> Providing no SASL information ??
> Is this correct ???
>
> Is there anyway I can login / authenticate to sieve via telnet to prove if
> the problem is with cyrus or something I have not done with websieve ??
>
> With Thanks,
> Steve.
Re: [Fwd: Vacation.. yes again..]
Tyrone Vaughn schrieb:
>
> Come on y'all.. I know you are better than this! :-) Only one reply?
> Doesn't anyone else have anything to contribute? It's still broken.
>
> Do I need to completely destroy and rebuild deliver.db ? Do I need to
> archive and rebuild every single mailbox?
>
> I have already rebuild 2.0.16 three times, rebuilt sieve more times than I
> care to admit, used twp different versions of sendmail .. and still no
> vacation messages being sent out...
>
> I'm beggin here help! :-)
Hey, I was having the same problem. I knew it was working and did not
anymore. In the end I took some time, removed the hole postfix and cyrus
stuff (rpm -e), removed the var dirs by hand, installed the rpm's again,
configured, tried it and it worked. Just try it. In my case the problem
was between the chair and the keyboard :-)
Simon
>
> Tyrone
>
> Original Message
> Subject: Vacation.. yes again..
> Date: Tue, 12 Feb 2002 12:43:23 -0600
> From: Tyrone Vaughn <[EMAIL PROTECTED]>
> Organization: Amicus, Inc.
> To: [EMAIL PROTECTED]
>
> Okay. The pertinent information up front (besides it ain't workin! :-).
>
> --- system ---
> Sendmail 8.11.3 (w/ Milter)
> RAV Antivirus
> Cyrus 2.0.16 (compiled)
> SASL 1.5.24 from Mandrake 8.0 RPM's.
>
> imapd.conf
> configdirectory: /var/imap
> defaultpartition: default
> partition-default: /var/spool/imap
> admins: x
> quotawarn: 75
> autocreatequota: 1
> singleinstancestore: yes
> sasl_pwcheck_method: PAM
> sieveusehomedir: false
> sievedir: /var/imap/sieve
> sendmail: /usr/sbin/sendmail
>
> cyrus.conf
> # standard standalone server implementation
>
> START {
> # do not delete these entries!
> mboxlist cmd="ctl_mboxlist -r"
> deliver cmd="ctl_deliver -r"
>
> # this is only necessary if using idled for IMAP IDLE
> # idledcmd="idled"
> }
>
> # UNIX sockets start with a slash and are put into /var/imap/socket
> SERVICES {
> # add or remove based on preferences
> imap cmd="imapd" listen="imap" prefork=0
> pop3 cmd="pop3d" listen="pop3" prefork=0
> sieve cmd="timsieved" listen="sieve" prefork=0
>
> # at least one LMTP is required for delivery
> lmtp cmd="lmtpd -a" listen="localhost:lmtp"
> # lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
> }
>
> EVENTS {
> # this is required
> checkpointcmd="ctl_mboxlist -c" period=30
>
> # this is only necessary if using duplicate delivery suppression
> delprune cmd="ctl_deliver -E 3" period=1440
> }
>
> sendmail.cf (pertinent part) --
> Mcyrus, P=[IPC], F=lsDFwMnqA@/:|SmXz, E=\r\n,
> S=EnvFromL, R=EnvToL/HdrToL, T=DNS/RFC822/X-Unix,
> #A=FILE /var/imap/socket/lmtp
> A=TCP [localhost] lmtp
>
> and finally
> -- example sieve vacation filter --
> require ["fileinto"];
>
> require ["reject"];
>
> require ["vacation"];
>
> # %VACATION_START%
> vacation
> :days 1
> :subject "Out to lunch"
> # %VAC_TEXT_START%
> "Always";
> # %VAC_TEXT_END%
> # %VACATION_END%
>
> ---
>
> Okay, now having said all of that, vacation QUIT WORKING. It was working
> as of last Friday, and has since quit. I have recompiled, re-installed,
> re-configured, un-configured, changed delivery, etc. I can't use just the
> deliver program because of other known issues, so I deliver via lmtp.
>
> You will notice the "w" flag has been added to the mailer so that people
> can use their '.forward' file, but that has always heen there. I added it
> on a test system, as the standard .mc file does not have it, and it
> stopped sending vacation replies as well. Subsequent removal of it does
> not make the problem go away... and besides that, it worked with that flag
> there for almost six months before breaking for some unknown reason.
>
> Help? Please.. :-)
>
> Tyrone
>
> --
> ///
> \\ Tyrone T. Vaughn\\ (512)531-3400 fax(512)531-3401 \\
> // Manager, Systems Administration // 3410 Far West Blvd, Ste 300//
> \\ Amicus, Inc.\\ Austin, Tx 78731 \\
> ///
Re: unable to create lmtpunix listener socket
Manuel Hendel schrieb: > > On Thu, Feb 21, 2002 at 10:29:53PM +0100, Manuel Hendel wrote: > > How can I solve this problem? I'm trying to use procmail to filter and > > the cyrus deliver program to deliver the mail. > > > > :0: > > * ^To: [EMAIL PROTECTED] > > | /usr/local/cyrus/bin/deliver user > > > > It seams that the rule is working, but not the lmtp stuff. The > > following lines are in my cyrus.conf: > > > > # lmtp cmd="lmtpd" listen="lmtp" prefork=0 > > lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0 > ^ > > > > Which one is better to use or doesn't make it any difference? > > I already solved this problem, but I got a new one! The problem was, > that I changed the marked path. > My new problem is the following error message in the imapd.log: > > Feb 21 23:28:35 he0 deliver[44874]: > connect(/usr/local/etc/imap/socket/lmtp) failed: Permission denied What are the permissions of /usr/local/etc/imap/socket/lmtp? In my situation they are srwxrwxrwx1 root root0 Feb 20 14:17 lmtp -Simon > > What's wrong here? > > Thanks, > Manuel > > -- > Women who seek equality with men, lack ambition.
Re: unable to create lmtpunix listener socket
Manuel Hendel schrieb: > > On Fri, Feb 22, 2002 at 07:35:55AM +0100, Simon Matter wrote: > > What are the permissions of /usr/local/etc/imap/socket/lmtp? > > In my situation they are > > srwxrwxrwx1 root root0 Feb 20 14:17 lmtp > > They are > srwxrwxrwx 1 root cyrus0 Feb 21 23:27 lmtp > I think that's ok. What about directory permissions? > > Manuel > > -- > We must learn not to disassociate the airy flower from the earthy root, for > the flower that is cut off from its root fades, and its seeds are barren, > whereas the root, secure in mother earth, can produce flower after flower and > bring their fruit to maturity. > -Kabbalah
Re: unable to create lmtpunix listener socket
Manuel Hendel schrieb: > > On Fri, Feb 22, 2002 at 08:18:38AM +0100, Simon Matter wrote: > > > They are > > > srwxrwxrwx 1 root cyrus0 Feb 21 23:27 lmtp > > > I think that's ok. > > > > What about directory permissions? > > drwxr-x--- 10 cyrus cyrus512 Feb 21 14:10 imap > That is as it should be from the documentation. > > drwxr-xr-x 2 cyrus cyrus512 Feb 21 23:27 socket > This is as cyrus made it. Seems wrong to me. Both Cyrus and your MTA need access to lmtp. I have drwxr-x---2 cyrusmail 103 Feb 20 14:17 socket drwxr-x--- 11 cyrusmail 4096 Feb 20 13:48 imap /etc/groups: mail:x:12:mail,postfix /etc/passwd: postfix:x:89:89:Postfix MTA:/var/spool/postfix:/bin/true cyrus:x:76:12:Cyrus IMAP Server:/var/lib/imap:/bin/bash -Simon > > Manuel > > -- > I got real close to seeing Elvis but my shovel broke. > (contributed by Frank v Waveren)
cyrus and db4 gives me DBERROR db3: 7 lockers
I have upgraded to db4 today, db3 libs are still there for other applications. I have then recompiled my cyrus-imapd RPM version 2.1.2. So far it seems to work fine but I get error messages and I don't know how to resolve the issue. Feb 22 10:06:45 dhcp-141-104 cyrus-master: setrlimit: Unable to set file descriptors limit to -1: Operation not permitted Feb 22 10:06:45 dhcp-141-104 master[2126]: process started Feb 22 10:06:45 dhcp-141-104 ctl_cyrusdb[2128]: recovering cyrus databases Feb 22 10:06:46 dhcp-141-104 ctl_cyrusdb[2128]: done recovering cyrus databases Feb 22 10:06:46 dhcp-141-104 master[2126]: ready for work Feb 22 10:06:46 dhcp-141-104 ctl_cyrusdb[2129]: checkpointing cyrus databases Feb 22 10:06:46 dhcp-141-104 ctl_cyrusdb[2129]: done checkpointing cyrus databases Feb 22 10:06:46 dhcp-141-104 imapd[2133]: DBERROR db3: 5 lockers Feb 22 10:06:46 dhcp-141-104 imapd[2132]: DBERROR db3: 6 lockers Feb 22 10:06:46 dhcp-141-104 tls_prune[2131]: tls_prune: purged 0 out of 0 entries Feb 22 10:06:46 dhcp-141-104 ctl_deliver[2130]: duplicate_prune: pruning back 3 days Feb 22 10:06:46 dhcp-141-104 ctl_deliver[2130]: duplicate_prune: purged 0 out of 3 entries Feb 22 10:06:46 dhcp-141-104 pop3d[2135]: DBERROR db3: 8 lockers Feb 22 10:06:46 dhcp-141-104 pop3d[2136]: DBERROR db3: 9 lockers Feb 22 10:06:46 dhcp-141-104 pop3d[2139]: DBERROR db3: 10 lockers Feb 22 10:06:47 dhcp-141-104 cyrus-imapd: succeeded Feb 22 10:07:13 dhcp-141-104 imapd[2132]: login: support.cad.sba[10.1.200.117] simix plaintext Feb 22 10:07:13 dhcp-141-104 imapd[2149]: DBERROR db3: 14 lockers I have tried reconstruct -f but I guess it has nothing to do with the db files. I also tried db_upgrade on the db files with no result. Can anyone shed some light on whats going on here? -Simon
Re: unable to create lmtpunix listener socket
Manuel Hendel schrieb: > > On Fri, Feb 22, 2002 at 08:35:38AM +0100, Simon Matter wrote: > > Seems wrong to me. Both Cyrus and your MTA need access to lmtp. I have > > drwxr-x---2 cyrusmail 103 Feb 20 14:17 socket > > drwxr-x--- 11 cyrusmail 4096 Feb 20 13:48 imap > > > > /etc/groups: > > mail:x:12:mail,postfix > > > > /etc/passwd: > > postfix:x:89:89:Postfix MTA:/var/spool/postfix:/bin/true > > cyrus:x:76:12:Cyrus IMAP Server:/var/lib/imap:/bin/bash > > I changed the owner priviliges to cyrus mail but this doesn't change > anything! Which process gives you permission denied? Is it your MTA (Sendmail, Postfix), your MDA (procmail) or what? This process has to be able to access lmtp. > > Manuel > > -- > Beware of your habits. The better they are the more surely they will be your > undoing. > -Holbrook Jackson, "Platitudes in the Making"
howto use the skiplist backend
How do I compile and use the new skiplist backend? I want to try it but I don't know how. Simon
Re: cyrus and db4 gives me DBERROR db3: 7 lockers
Thanks for your explanation. It's good to know that it's not my fault and I will ignore the messages. At least it is now in the archives. I gave up trying the new skiplist backend because I couldn't figure out how to set it up. -Simon Amos Gouaux schrieb: > > >>>>> On Fri, 22 Feb 2002 10:09:37 +0100, > >>>>> Simon Matter <[EMAIL PROTECTED]> (sm) writes: > > sm> I have upgraded to db4 today, db3 libs are still there for other > sm> applications. I have then recompiled my cyrus-imapd RPM version 2.1.2. > > sm> Feb 22 10:06:46 dhcp-141-104 pop3d[2135]: DBERROR db3: 8 lockers > sm> Feb 22 10:06:46 dhcp-141-104 pop3d[2136]: DBERROR db3: 9 lockers > sm> Feb 22 10:06:46 dhcp-141-104 pop3d[2139]: DBERROR db3: 10 lockers > sm> Feb 22 10:07:13 dhcp-141-104 imapd[2149]: DBERROR db3: 14 lockers > > To some extent these are normal for BDB. I'm not sure why Sleepycat > chose to log these at error level. I've also never been able to > figure out exactly what trips this message to be logged. Very > roughly there should be somewhere around as many lockers as Cyrus > processes. This will vary somewhat depending on whether you're > using SSL/TLS or not. > > Here's my understanding of things. The lmtpd process will typically > have two read locks: one for deliver.db and another for mailboxes.db. > Other Cyrus processes can have: one for mailboxes.db and another for > tls_sessions.db, depending on whether SSL/TLS is being used. Then > any of these processes can open write locks (via cursor) to update > these db files. > > You can check the current status of lockers by using the db_stat > command. First become the "cyrus" user, then cd to the "db" > directory where the "__db.*" files are at, typically "/var/imap/db". > Then you can run db_stat with the -c option: > > $ /usr/local/BerkeleyDB.4.0/bin/db_stat -c > 18898 Last allocated locker ID. > 9 Number of lock modes. > 5 Maximum number of locks possible. > 5 Maximum number of lockers possible. > 5 Maximum number of objects possible. > 216MCurrent locks. > 4294M Maximum number of locks so far. > 2147Current number of lockers. > 2152Maximum number lockers so far. > 0 Current number lock objects. > 16 Maximum number of lock objects so far. > 274MNumber of lock requests. > 274MNumber of lock releases. > 0 Number of lock requests that would have waited. > 1188Number of lock conflicts. > 2 Number of deadlocks. > 0 Number of transaction timeouts. > 0 Number of lock timeouts. > 19MB 624KB Lock region size (20561920 bytes). > 267MThe number of region locks granted after waiting. > 2271M The number of region locks granted without waiting. > > You might see a rise in lockers if you experience a lot of Cyrus > processes that crash unexpectedly. Search your logs for the string > 'exited, signaled'. > > Now, 2.1.2 goes a long way to improve the run-away lockers I was > seeing previously. However, I *think* there still might be a tiny > leak somewhere. I'm not sure if it is something stupid I'm doing, a > leak elsewhere in the code, or something crashing my Cyrus > processes. One thing I have observed is that someone using Mozilla > periodically seems to generate an 'exited, signaled to death by 10' > when using SSL with POP. What's odd is that it doesn't seem to > happen all the time, just occasionally. Though, I'm not entirely > sure that alone is the cause of the rising lockers since the number > of lockers seems to be growing faster than his 'death by 10' > incidents. Still looking into it. > > -- > Amos -- Simon Matter Tel: +41 61 695 57 35 Fr.Sauter AG / CITFax: +41 61 695 53 30 Im Surinam 55 CH-4016 Basel [mailto:[EMAIL PROTECTED]]
Re: A few emails escaping Sieve
Christopher Wong schrieb: > > On Fri, 22 Feb 2002, Christopher Wong wrote: > > I am using Cyrus-IMAP 2.0.16 with Sieve enabled, and managing it with > > websieve. For this mailing list, I set up the following rule using > > websieve (as displayed by the "current rules" page): > > > > IF 'To' contains 'info-cyrus' OR field: 'CC' contains 'info-cyrus' THEN > > File Into 'INBOX.Cyrus-IMAP' > > > > This rule works most of the time. What puzzles me is that some emails do > > not get filtered. That is, instead of getting filed into the Cyrus-IMAP > > mailbox, occasional emails get past Sieve and end up in my INBOX. Here is > > one recent email that got past it: > > On second thought, I think I should include the full headers. One of the > unfiltered emails' headers follow below. One thing different between the > unfiltered emails and other emails on the list is the presence of a > Received line prefixed by a ">" coming from the sauter-bc.com domain. > Could this be messing up Sieve? Does that prefix belong in the headers? It seems that lizard.webland.de is the culprit, a host where we are sending mail to via UUCP. I don't have access to this machine unfortunately. -Simon > > Chris > > - > >From [EMAIL PROTECTED] Fri Feb 22 11:12:07 2002 > Return-Path: <[EMAIL PROTECTED]> > X-Sieve: cmu-sieve 2.0 > Received: from ui.csports.com (ui.csports.com [207.180.74.4]) > by lfps.csports.com (Postfix) with ESMTP id 07A2CDBF1 > for <[EMAIL PROTECTED]>; Fri, 22 Feb 2002 07:43:37 -0500 (EST) > Received: by ui.csports.com (Postfix) > id D9490102E2; Fri, 22 Feb 2002 07:43:36 -0500 (EST) > Delivered-To: [EMAIL PROTECTED] > Received: from lists2.andrew.cmu.edu (LISTS2.ANDREW.CMU.EDU [128.2.10.216]) > by ui.csports.com (Postfix) with ESMTP id A6040102B2 > for <[EMAIL PROTECTED]>; Fri, 22 Feb 2002 07:43:36 -0500 (EST) > Received: (from postman@localhost) > by lists2.andrew.cmu.edu (8.12.0.Beta16/8.12.2.Beta3) id > g1MCXCk4023451 > for info-cyrus-list; Fri, 22 Feb 2002 07:33:12 -0500 (EST) > Received: from mx.de.kpnqwest.net (mx.de.kpnqwest.net [193.141.40.5]) > by lists2.andrew.cmu.edu (8.12.0.Beta16/8.12.2.Beta3) with ESMTP id > g1MCX9iB023447 > for <[EMAIL PROTECTED]>; Fri, 22 Feb 2002 07:33:09 -0500 (EST) > Received: from lizard.webland.de (lizard.webland.de [194.122.76.201]) > by mx.de.kpnqwest.net (Postfix (mx14)) with ESMTP id 4947EC28E > for <[EMAIL PROTECTED]>; Fri, 22 Feb 2002 13:33:09 +0100 (MET) > (envelope-from [EMAIL PROTECTED]) > Received: (from uucp@localhost) > by lizard.webland.de (8.8.8/8.8.7) id NAA02968 > for [EMAIL PROTECTED]; Fri, 22 Feb 2002 13:33:09 +0100 (MET) > >Received: from mobile.sauter-bc.com (unknown [10.1.6.21]) > by basel1.sauter-bc.com (Postfix) with ESMTP id B880A57306 > for <[EMAIL PROTECTED]>; Fri, 22 Feb 2002 13:32:32 +0100 (CET) > Received: from ch.sauter-bc.com (support.cad.sba [10.1.200.117]) > by mobile.sauter-bc.com (Postfix) with ESMTP id A8C3B25835 > for <[EMAIL PROTECTED]>; Fri, 22 Feb 2002 13:32:32 +0100 (CET) > Message-ID: <[EMAIL PROTECTED]> > Date: Fri, 22 Feb 2002 13:32:32 +0100 > From: Simon Matter <[EMAIL PROTECTED]> > Organization: Sauter AG, Basel > X-Mailer: Mozilla 4.77 [de] (X11; U; Linux 2.2.19-6.2.12 i686) > X-Accept-Language: de-CH, en > MIME-Version: 1.0 > To: info-cyrus <[EMAIL PROTECTED]> > Subject: howto use the skiplist backend > Content-Transfer-Encoding: 7bit > Content-Type: text/plain; charset=us-ascii > Sender: [EMAIL PROTECTED] > Precedence: bulk
Re: sieveshell authentication failed on Solaris
As you mentioned you have started saslauthd to use PAM. Therefore you need to have the different configs in PAM. If timsieved needs authentication, it sends the request to saslauthd with service sieve, saslauthd send the auth request to PAM with service sieve. That's why you need a sieve config in PAM. -Simon Keith Kee schrieb: > > I don't quite understand why I should bother about pam.conf if the > pwcheck_method is saslauthd? Should all the authentications are done through > saslauthd for imapd, popd, and timsieved? Here is my /etc/imapd.conf: > > configdirectory: /ext/imap/config > partition-default: /ext/imap/mailboxes > servername: bragi.netsco.com > admins: root cyrus > sasl_pwcheck_method: saslauthd > allowplaintext: yes > allowanonymouslogin: no > autocreatequota: 20 > sendmail: /usr/lib/sendmail > timeout: 30 > imapidlepoll: 60 > impaidreponse: yes > umask: 077 > sieveuserhomedir: false > sievedir: /ext/imap/sieve > sasl_auto_transition: yes > postuser: bb > lmtpsocket: /var/cyrus/socket/lmtp > idlesocket: /var/cyrus/socket/idle > dracinterval: 30 > drachost: localhost > altnamespace: yes > userprefix: Other Users > sharedprefix: Shared Folders > logtimestamps: yes > sasl_mech_list: plain > sasl_sasldb_path: /etc/sasldb2 > > Running sieveshell returns authentication error with not much detailed > information: > bash-2.03# /usr/local/bin/sieveshell --user=keith --authname=keith mailhost > connecting to mailhost > Please enter your password: > unable to connect to server: Authentication Error at > /usr/local/bin/sieveshell line 172, chunk 1. > > peeking in /var/adm/messages shows: > Feb 25 23:48:45 bragi timsieved[1459]: [ID 702911 auth.notice] Password > verification failed > > and /var/log/imapd.log shows: > Feb 25 23:46:49 bragi master[1434]: [ID 392559 local6.debug] about to exec > /usr/ > local/cyrus/bin/timsieved > Feb 25 23:46:49 bragi sieve[1434]: [ID 518349 local6.debug] executed > Feb 25 23:46:49 bragi sieve[1434]: [ID 921384 local6.debug] accepted > connection > Feb 25 23:46:52 bragi timsieved[1434]: [ID 656617 local6.notice] badlogin: > local > host[127.0.0.1] PLAIN authentication failure > Feb 25 23:46:52 bragi master[1365]: [ID 310780 local6.debug] process 1434 > exited > , status 75 > > Thanks > keith > > > -Original Message- > > From: Ken Murchison [mailto:[EMAIL PROTECTED]] > > Sent: Monday, February 25, 2002 8:24 PM > > To: Keith Kee > > Cc: Cyrus Info > > Subject: Re: sieveshell authentication failed on Solaris > > > > > > > > > > Keith Kee wrote: > > > > > > Hi: > > >I am running cyrus-imap 2.1.2 and cyrus-sasl 2.1.1 on > > Solaris 8, and I am > > > having problem getting timsieved to authenticate right. Following the > > > instructions written in "installing sieve" in the docs included with the > > > source, I should be able to check my login to timsieved using > > > sieveshell --user=keith --authname=keith localhost. However, I > > am getting an > > > error: unable to connect to server: Authentication Error at > > > /usr/local/bin/sieveshell line 172, chunk 1. > > > > > >I am using saslauthd as my pwcheck_method, and started > > saslauthd -a pam. > > > I was able to login to the imap server but not the timsieved. Reading > > > through the posting in this mailing list archive, there was some mention > > > about having to copying pam.d/imap to pam.d/timsieved. I believe this > > > applies to linux only? I don't find a pamd.d directory in Solaris 8. > > > Besides, I did not edit pam.conf file to make imap server authenticate > > > correctly. Also, I have sasl_mech_list set to plain in /etc/imapd.conf. > > > > Whether you have one big pam.conf or separate files under pam.d, you > > need to have a 'sieve' config which can be a copy of your 'imap' or > > 'pop' config. > > > > Ken > > -- > > Kenneth Murchison Oceana Matrix Ltd. > > Software Engineer 21 Princeton Place > > 716-662-8973 x26 Orchard Park, NY 14127 > > --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp > > > >
Re: sieveshell authentication failed on Solaris
Hm, sorry, I don't know whats wrong with your setup. IIRC when you have more than PLAIN in your mechlist, sieveshell can not use PLAIN. This only works with cyradm by now. - Can you use pop-3 with user keith ? - what do you get when telnet mailhost 2000 ? This is what works for me here: [root@dhcp-141-104 root]# cat /etc/imapd.conf configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus allowanonymouslogin: no sieveuserhomedir: no sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem [root@dhcp-141-104 root]# cat /etc/pam.d/sieve #%PAM-1.0 auth required /lib/security/pam_stack.so service=system-auth accountrequired /lib/security/pam_stack.so service=system-auth [root@dhcp-141-104 root]# telnet localhost 2000 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. "IMPLEMENTATION" "Cyrus timsieved v1.1.0" "SASL" "PLAIN" "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress regex" "STARTTLS" OK logout Ok "Logout Complete" Connection closed by foreign host. [root@dhcp-141-104 root]# sieveshell --user=simix --authname=simix localhost connecting to localhost Please enter your password: > quit [/var/log/messages] Feb 26 15:21:20 dhcp-141-104 timsieved[12244]: login: localhost.localdomain[127.0.0.1] simix PLAIN User logged in Anything more you want to know? -Simon Keith Kee schrieb: > > Simon, >I tried add the entry in pam.conf and it is still not working. I think > something else is wrong. Syslog register such an entry when I issue the > command, /usr/local/bin/sieveshell --user=keith --authname=keith mailhost. > > Feb 26 07:29:58 bragi timsieved[2817]: [ID 656617 local6.notice] badlogin: > localhost[127.0.0.1] PLAIN invalid parameter supplied. > > Thanks, > keith > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > > Behalf Of Simon Matter > > Sent: Tuesday, February 26, 2002 2:38 AM > > To: Keith Kee > > Cc: Ken Murchison; Cyrus Info > > Subject: Re: sieveshell authentication failed on Solaris > > > > > > As you mentioned you have started saslauthd to use PAM. Therefore you > > need to have the different configs in PAM. If timsieved needs > > authentication, it sends the request to saslauthd with service sieve, > > saslauthd send the auth request to PAM with service sieve. That's why > > you need a sieve config in PAM. > > > > -Simon > > > > Keith Kee schrieb: > > > > > > I don't quite understand why I should bother about pam.conf if the > > > pwcheck_method is saslauthd? Should all the authentications are > > done through > > > saslauthd for imapd, popd, and timsieved? Here is my /etc/imapd.conf: > > > > > > configdirectory: /ext/imap/config > > > partition-default: /ext/imap/mailboxes > > > servername: bragi.netsco.com > > > admins: root cyrus > > > sasl_pwcheck_method: saslauthd > > > allowplaintext: yes > > > allowanonymouslogin: no > > > autocreatequota: 20 > > > sendmail: /usr/lib/sendmail > > > timeout: 30 > > > imapidlepoll: 60 > > > impaidreponse: yes > > > umask: 077 > > > sieveuserhomedir: false > > > sievedir: /ext/imap/sieve > > > sasl_auto_transition: yes > > > postuser: bb > > > lmtpsocket: /var/cyrus/socket/lmtp > > > idlesocket: /var/cyrus/socket/idle > > > dracinterval: 30 > > > drachost: localhost > > > altnamespace: yes > > > userprefix: Other Users > > > sharedprefix: Shared Folders > > > logtimestamps: yes > > > sasl_mech_list: plain > > > sasl_sasldb_path: /etc/sasldb2 > > > > > > Running sieveshell returns authentication error with not much detailed > > > information: > > > bash-2.03# /usr/local/bin/sieveshell --user=keith > > --authname=keith mailhost > > > connecting to mailhost > > > Please enter your password: > > > unable to connect to server: Authentication Error at > > > /usr/local/bin/sieveshell line 172, chunk 1. > > > > > > peeking in /var/adm/messages shows: > > > Feb 25 23:48:45 bragi timsieved[1459]: [ID 702911 auth.notice] Password > > > verification failed > > > > > > and /var/log/imapd.log shows: > > > Feb 25 23:46:49 bragi master[1434]: [ID 392559 local6.debug] > > about to exec
Re: sieveshell authentication failed on Solaris
Simon Matter <[EMAIL PROTECTED]> writes:
> >Received: from mobile.sauter-bc.com (unknown [10.1.6.21])
> by basel1.sauter-bc.com (Postfix) with ESMTP
> id D4BA757306; Tue, 26 Feb 2002 15:32:25 +0100 (CET)
...
> Sender: [EMAIL PROTECTED]
I was wondering why all copies from Simon Matter on this list ended up
in my junk folder instead of my info-cyrus folder, and it seems to be
because S.M.'s messages contain invalid RFC 2822 header lines
(">Received:"), thereby presumably indicating the end of the RFC 2822
header and not allow the Sieve parser to reach the Sender: header I
match on.
However, Cyrus IMAPD doesn't seem to use the same RFC 2822 header/body
splitting parser so the message shows up OK anyway.
Aside from fixing mobile.sauter-bc.com not to corrupt emails, should
Sieve's and/or Cyrus IMAPD RFC 2822 parser be modified?
Re: sieveshell authentication failed on Solaris
Keith Kee schrieb:
> Hi Simon,
>I can pop-3 with keith and telnet to mailhost 2000 without a problem.
Okay, you can login but what does timsieved tell you? In my case it says
something like:
"SASL" "PLAIN"
So, it will accept PLAIN authentication.
Now, I guess your timsieved is not correctly compiled to allow PLAIN auth.
The configure part of my RPM spec file looks something like this:
%configure \
--enable-netscapehack \
--without-ucdsnmp \
--with-krb=%{_prefix}/kerberos \
--with-perl=%{__perl} \
--with-libwrap=%{_prefix} \
--with-openssl=%{_prefix} \
--with-cyrus-prefix=%{_cyrexecdir} \
--with-auth=unix
-Simon
>
> Somehow, it does not like plain as the authentication method. I was
> successfully authenticated if I remove the sasl_mech_list, which sieveshell
> will then use MD5-CRAM to authenticate me against /etc/sasldb2. That worked,
> but then imap and pop will not authentication correctly.
>Is it possible for me to use sieve despite the fact that I cannot login
> to timsieved?
>
> Thanks
> keith
>
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
> > Behalf Of Simon Matter
> > Sent: Tuesday, February 26, 2002 9:32 AM
> > To: Keith Kee
> > Cc: Ken Murchison; Cyrus Info
> > Subject: Re: sieveshell authentication failed on Solaris
> >
> >
> > Hm, sorry, I don't know whats wrong with your setup. IIRC when you have
> > more than PLAIN in your mechlist, sieveshell can not use PLAIN. This
> > only works with cyradm by now.
> >
> > - Can you use pop-3 with user keith ?
> > - what do you get when telnet mailhost 2000 ?
> >
> > This is what works for me here:
> >
> > [root@dhcp-141-104 root]# cat /etc/imapd.conf
> > configdirectory: /var/lib/imap
> > partition-default: /var/spool/imap
> > admins: cyrus
> > allowanonymouslogin: no
> > sieveuserhomedir: no
> > sievedir: /var/lib/imap/sieve
> > sendmail: /usr/sbin/sendmail
> > hashimapspool: true
> > sasl_pwcheck_method: saslauthd
> > sasl_mech_list: PLAIN
> > tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem
> > tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem
> >
> > [root@dhcp-141-104 root]# cat /etc/pam.d/sieve
> > #%PAM-1.0
> > auth required /lib/security/pam_stack.so service=system-auth
> > accountrequired /lib/security/pam_stack.so service=system-auth
> >
> > [root@dhcp-141-104 root]# telnet localhost 2000
> > Trying 127.0.0.1...
> > Connected to localhost.
> > Escape character is '^]'.
> > "IMPLEMENTATION" "Cyrus timsieved v1.1.0"
> > "SASL" "PLAIN"
> > "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress
> > regex"
> > "STARTTLS"
> > OK
> > logout
> > Ok "Logout Complete"
> > Connection closed by foreign host.
> >
> > [root@dhcp-141-104 root]# sieveshell --user=simix --authname=simix
> > localhost
> > connecting to localhost
> > Please enter your password:
> > > quit
> >
> > [/var/log/messages]
> > Feb 26 15:21:20 dhcp-141-104 timsieved[12244]: login:
> > localhost.localdomain[127.0.0.1] simix PLAIN User logged in
> >
> > Anything more you want to know?
> >
> > -Simon
> >
> > Keith Kee schrieb:
> > >
> > > Simon,
> > >I tried add the entry in pam.conf and it is still not
> > working. I think
> > > something else is wrong. Syslog register such an entry when I issue the
> > > command, /usr/local/bin/sieveshell --user=keith
> > --authname=keith mailhost.
> > >
> > > Feb 26 07:29:58 bragi timsieved[2817]: [ID 656617
> > local6.notice] badlogin:
> > > localhost[127.0.0.1] PLAIN invalid parameter supplied.
> > >
> > > Thanks,
> > > keith
> > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
> > > > Behalf Of Simon Matter
> > > > Sent: Tuesday, February 26, 2002 2:38 AM
> > > > To: Keith Kee
> > > > Cc: Ken Murchison; Cyrus Info
> > > > Subject: Re: sieveshell authentication failed on Solaris
> > > >
> > > >
> > > > As you mentioned you have started saslauthd to use PAM. Therefore you
> > > > need to have the different configs in PAM. If timsieved needs
> > > > authentication, it sends the request to saslauthd with service sieve,
> > &
Re: ldap auth or sasldb auth
Hi Dave C schrieb: > All, > > I am wondering if I have this process right, I want to > use LDAP with cyrus so do I store everythign in ldap > or just all the user information and the password is > stored in /etc/sasldb? if so then i'd assume the > pwcheck_method: sasldd. I am ok with either storing > everything in ldap or just storing the user info, I > just want to be sure to do it properly, also in > several documents i've noticed the tls setup in > imapd.conf, another in the postfix/main.cf and another > in the slapd.conf what is the proper place to put the > tls certfile information? > > as it stands now my imapd.conf looks like: > > configdirectory: /var/imap > partition-default: /var/spool/imap > admins: cyrus root > allowanonymouslogin: no > sasl_pwcheck_method: ldap > sasl_ldap_basedn: dc=temperagen,dc=com > sasl_ldap_search_base: dc=temperagen,dc=com > sasl_ldap_server_host: localhost > sasl_ldap_server_port: 389 > sasl_ldap_query_filter: (mailacceptinggeneralid=%s) > sasl_ldap_result_attribute: mailacceptinggeneralid > tls_ca_path: /usr/share/ssl/certs > tls_ca_file: /usr/share/ssl/certs/eragen.crt > tls_key_file: /usr/share/ssl/certs/eragen.key > tls_cert_file: /usr/share/ssl/certs/eragen.crt Location of certfiles depend on the kind of OS. For RedHat Linux your path is okay as I think it is according to the current FHS. > > > the slapd.conf looks like: > > include /etc/openldap/schema/core.schema > include /etc/openldap/schema/myPostfix.schema > include /etc/openldap/schema/misc.schema > pidfile /var/run/slapd.pid > argsfile/var/run/slapd.args > databaseldbm > suffix "dc=temperagen,dc=com" > rootdn "cn=Manager,dc=temperagen,dc=com" > rootpw > directory /var/lib/ldap > index objectClass eq > # > #TLSCertificateFile /etc/openldap/eragen.crt > #TLSCertificateKeyFile /etc/openldap/eragen.key > #TLSCACertificateFile/etc/openldap/eragen.crt > #TLSCipherSuite DES-CBC3-SHA > > any help is appreciated > > __ > Do You Yahoo!? > Yahoo! Sports - Coverage of the 2002 Olympic Games > http://sports.yahoo.com
Re: Newbie: cyradm login fails
Volker Hutten schrieb: > > Hi, > > I am completely new to Cyrus, installed cyrus-sasl-2.1.0 and > cyrus-imapd-2.1.2 on my RH6.2 with kernel 2.2.19. > I started imapd with /usr/cyrus/bin/master & and can connect via telnet to > both, pop3 and imap. > > When I try to use cyradm the following message comes up after entering my > password: > > [cyrus@pilatus cyrus]$ /usr/bin/cyradm localhost Try cyradm --user cyrus --auth login localhost -Simon > IMAP Password: > Login failed: no mechanism available at > /usr/lib/perl5/site_perl/5.005/i386-linux/Cyrus/IMAP/Admin.pm line 109 > cyradm: cannot authenticate to server with as cyrus > > What mechanism is meant here? > When I compile cyradm, there is a message telling me: > IMAP.xs: In function `get_password': > IMAP.xs:195: warning: assignment makes pointer from integer without a cast > > I am NO programmer so it's hard for me to see the problem of my own. Can > anyone out there tell me what to do? :-) > > Thank you very much!!! > > Volker
Re: Newbie: cyradm login fails
Volker Hutten schrieb: > > On Wed, 27 Feb 2002, Darin Perusich wrote: > > did you set the cyrus users password? if your not sure then probably > > not. you can check by running the sasldblistusers. set the password by > > running "saslpasswd cyrus" (w/o quotes) then they run "cyradm -user > > cyrus `hostname`" (w/o quotes). > > Password is set, /etc/sasldb2 exists and owner:group are cyrus:mail > (permissions 0750) > > Some more hints? There is a program "imtest" to test authentication and don't know what else. I don't know how to use it but maybe you should look at it. BTW: Do you have "admins: cyrus" in your /etc/imapd.conf ? -Simon > > Volker
Re: Newbie: cyradm login fails
Volker Hutten schrieb: > > I now took a look into /var/log/messages and there I found the following > lines (after I built cyrus-sasl and cyrus-imapd again following the > instructions of Rob Siemborski from December 7, 2001 concerning > saslauthd): > > Feb 27 17:59:52 mail imapd[6675]: unknown password verifier saslauthd Now I don't understand. In your previous mail you said > Yes, there are cyrus and root. My imapd.conf looks as follows: > > configdirectory: /var/imap > partition-default: /var/spool/imap > admins: cyrus root > allowanonymouslogin: no > sasl_pwcheck_method: sasldb > tls_cert_file: /var/imap/server.pem > tls_key_file: /var/imap/server.pem > but now you say something about saslauthd. Can you put this in your imapd.conf: sasl_pwcheck_method: saslauthd And if you let saslauthd authenticate against pam, then you may also put sasl_mech_list: PLAIN -Simon > Feb 27 17:59:52 mail imapd[6675]: badlogin: localhost.localdomain[127.0.0.1] >plaintext user > SASL(-4): no mechanism available: checkpass failed > > The first line is the same no matter if pam, sasldb or something like > that. > > Does this help anyone to give me some more hints? > > Volker
RPMs for cyrus-imapd and cyrus-sasl
I'm in the process to create clean, FHS compliant RPM packages of Cyrus IMAPD. It seems that many people are struggling to get things work as I did when I started. One reason is that it's not trivial to compile all nedded packages and it can be difficult to get it up and running first time. WARNING: These packages are work in progress! Things can change in future versions, like the database backends. For instance I have now db3, I made new db4 based packages but this seems no better. I'll change to skiplist when it's ready to use. If I change something and you're upgrading, be sure to manually convert your DB files. The packages are built on RedHat 7.2. Rebuilding should be fine on any 7.x, rebuilding on 6.x may require some updates of your system. For now, find the packages here http://home.teleport.ch/simix/ Any suggestions are welcome -Simon
Re: starting cyrus at boot?
Jeff Bert schrieb: > > I know this is a newbie question but with all I had to do to get cyrus > installed my brain hurts... what's a good way to get cyrus started at boot? This depends on the OS and cyrus version you are using. If you use RPM on Linux or a port on *BSD, initscripts should be in the package. -Simon > > thanks, > > Jeff
Re: installsieve error
[EMAIL PROTECTED] schrieb: > > Hello, This is Takehiro Maeda. > > I want to use sieve, but I have an error > message from installsieve like that: > > $ installsieve localhost > Unable to connect to server at /usr/bin/installsieve line 121 > > When I telnet sieve, it works fine, > > $ telnet localhost sieve > Trying 127.0.0.1... > Connected to imap.test.maeda.co.jp. > Escape character is '^]'. > "IMPLEMENTATION" "Cyrus timsieved v1.0.0" > "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress > regex" > OK > logout > Ok "Logout Complete" > Connection closed by foreign host. I don't know why but I get a SASL line with telnet: [simix@support simix]$ telnet dhcp-141-104 2000 Trying 10.1.141.104... Connected to dhcp-141-104.cad.sba (10.1.141.104). Escape character is '^]'. "IMPLEMENTATION" "Cyrus timsieved v1.1.0" "SASL" "PLAIN" "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress regex" "STARTTLS" OK logout OK "Logout Complete" Connection closed by foreign host. Is it possible that you forgot something when compiling (./configure --someoption) ? -Simon > > I tried with a option, but failed. > > $ installsieve -u cyrus localhost > Unable to connect to server at /usr/bin/installsieve line 121. > > Do you have any hints to fix it ? > > Thanks,
Re: installsieve error
[EMAIL PROTECTED] schrieb: > > Hello, This is Takehiro. > > Simon, thank you for your advice. > > My server is: > RetHat Linux 7.1J > Kernel 2.4.18 > cyrus-imapd-2.0.16 > > I installed cyrus-imapd-2.0.16 by rebuilding > cyrus-imapd-2.0.16-5rm.src.rpm, after I updated > from cyrus-sasl-1.5.24-17 and cyrus-sasl-devel-1.5.24-17 > to cyrus-sasl*2.1.1. Well, I'm using cyrus-imapd-2.1.3 with cyrus-sasl-2.1.1 so I don't know exactly what configuration you need. Anyway, why do you try to run installsieve? If you installed via RPM everything should be set up by the package and you should just be able to use sieveshell, or am I wrong here? IIRC I have never used installsieve and sieve is working here. -Simon > > I didn't use any options, (to tell the truth I didn't > know how) > > My /etc/imapd.conf is: > > $ cat /etc/imapd.conf > configdirectory: /var/imap > partition-default: /var/spool/imap > admins: cyrus > allowanonymouslogin: no > > # To use the PAM for authentication (but not /etc/passwd or shadow), change > # the following line to specify "pam" instead of "sasldb". > sasl_pwcheck_method: pam > sievedir: /var/imap/sieve > > Would you like to give me more infos? > > Thanks, > > >>Hello, This is Takehiro Maeda. > >> > >>I want to use sieve, but I have an error > >>message from installsieve like that: > >> > >>$ installsieve localhost > >>Unable to connect to server at /usr/bin/installsieve line 121 > >> > >>When I telnet sieve, it works fine, > >> > >>$ telnet localhost sieve > >>Trying 127.0.0.1... > >>Connected to imap.test.maeda.co.jp. > >>Escape character is '^]'. > >>"IMPLEMENTATION" "Cyrus timsieved v1.0.0" > >>"SIEVE" "fileinto reject envelope vacation imapflags notify subaddress > >>regex" > >>OK > >>logout > >>Ok "Logout Complete" > >>Connection closed by foreign host. > >> > > > > I don't know why but I get a SASL line with telnet: > > > > [simix@support simix]$ telnet dhcp-141-104 2000 > > Trying 10.1.141.104... > > Connected to dhcp-141-104.cad.sba (10.1.141.104). > > Escape character is '^]'. > > "IMPLEMENTATION" "Cyrus timsieved v1.1.0" > > "SASL" "PLAIN" > > "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress > > regex" > > "STARTTLS" > > OK > > logout > > OK "Logout Complete" > > Connection closed by foreign host. > > > > Is it possible that you forgot something when compiling (./configure > > --someoption) ? > > > > -Simon > > -- Simon Matter Tel: +41 61 695 57 35 Fr.Sauter AG / CITFax: +41 61 695 53 30 Im Surinam 55 CH-4016 Basel [mailto:[EMAIL PROTECTED]]
Re: installsieve error
[EMAIL PROTECTED] schrieb: > > This is Takehiro, > > Thank you for your advice. > > >Well, I'm using cyrus-imapd-2.1.3 with cyrus-sasl-2.1.1 > >so I don't know > >exactly what configuration you need. > >Anyway, why do you try to run installsieve? If you >installed via RPM > >everything should be set up by the package and you should > >just be able to use sieveshell, or am I wrong here? IIRC > >I have never used > >installsieve and sieve is working here. > > > >-Simon > > Sorry, I didn't know that. But when I run sieveshell, > I get this error. > > $ sieveshell localhost > connecting to localhost > Use of uninitialized value in concatenation (.) at /usr/bin/sieveshell line > 149. > unable to connect to server: at /usr/bin/sieveshell line 149. > I use this and it works: sieveshell --user=username --authname=username localhost > I found acapserver in "sieveshell". Do I need to do > something else? What is acapserver? > > Anyway, when I telneted localhost, I couldn't find > any sasl line. I think this causes this trouble. > > How did you install cyrus-imap? >From my RPM's at http://home.teleport.ch/simix/ If you don't run RedHat Linux, sorry. HTH Simon > > Thanks,
Re: multiple cyruses via SAN
Jeremy Howard schrieb: > > Amos Gouaux wrote: > > ><...> > > > >Though, I will say > >this: we recently switched to skiplist for mailboxes.db and at least > >so far, it beats the pants off of Berkeley DB. > > > Ditto. We switched to skiplist last week (from BDB3), and the > performance improvement is amazing! Plus of course, no more deadlocks... > > Oh, and the upgrade process couldn't have been simpler. :-) OT, but did you upgrade all dbs from DB3 to skiplist? Is it possible at all? I'm not sure about this but as I understand the configure script it should be possible now to use skiplist for every db. So my question is whether this is true, if yes then it means we can compile cyrus without depending on any DB[3,4] whathever, right? I'd like this idea because building RPM (or other bin packages) is much easier if you don't depend on too many libs. -Simon
Re: good IMAP server
unplug schrieb: > > HI all, > > What is the different between cyrus and courier? Which one would you > choose mostly? Hm, since this is the cyrus list, I guess most people suggest using cyrus :) I'm using cyrus for years now and I still like it very much. It's a powerful package and has nice features like sieve, a server side mail filtering subsystem. You can use cyrus without having system accounts for every mail account and authentication is very flexible. To be frank, I have just once compiled courier imap and tested it. It is nice and worked well but lacked some features I really wanted. -Simon > > Rgds, > unplug
Re: Cyrus 2.x HOWTO for Linux?
Ramiro Morales schrieb: > > FYI, Simon Matter announced his WIP RPM packages of > Cyrus 2.1.x in thsi last back in February. I have updated to cyrus imapd 2.1.3. The database backends are now configurable at compile. I'm still using db3 as default because db4 has generated error messages and I build on RedHat 7.2 at the moment. db3 is "standard" on 7.2, I guess db4 will be in for 7.3/8.0. I'll test it on skipjack-beta1 when I find some time. -Simon > > The URL for downlading them is > > http://home.teleport.ch/simix/ > > On 28 Mar 2002 at 8:58, Jonathan Marsden wrote about "Cyrus 2.x HOWTO for Linux? ": > > > On 28 Mar 2002, Clifford Thurber writes: > > > > > Wow great thanks. I did this last summer but I lost my notes on > > > getting this working so this helps. Are you using cyrus with > > > sendmail? > > > > Yes. > > > > > Did you manage to get the TLS working as mentioned in that article? > > > Curious? > > > > Not quite yet, but I'm very close... I seem to have some permissions > > issues with the certificate files right now. I'll document the > > process, once it actually works for me. This is sendmail-8.12.2-11 > > (built from the SRPM from Red Hat 'rawhide') on Red Hat 7.2 on x86 > > hardware. > > > > > Again thanks. I am thinking of writing up a how to on installing > > > cyrus since it seems like many people are having problems with the > > > BerkeleyDB on linux and cyrus finding the distro shipped verion of > > > the db. > > > > Not a bad plan! Though some of the "solutions" I have seen for that > > issue on this list look a little manual and unpolished. I think this > > is more an issue with Cyrus IMAPd 2.1.x -- can you confirm this? With > > 2.0.16, rebuilding the SRPM by Ramiro Morales seems to work fine. At > > least until I have SSL/STARTTLS working well for me with 2.0.16 (for > > IMAP and SMTP), I have no real drive/need to get involved with 2.1.x > > -- though the altnamespace stuff would definitely be nice to have. > > > > As you probably know, there is an existing "Cyrus IMAP HOWTO" at > > http://www.linuxdoc.org/HOWTO/Cyrus-IMAP.html but it was written in > > 2000 and so is for 1.6.24, which is now pretty obsolete. I suggest > > you contact its author and perhaps work with him if you want to update > > it for 2.0.16. I'd suggest doing that, and then updating again for > > 2.1.x, that way there will be a version for each major version of > > cyrus-imapd (1.6.x, 2.0.x, 2.1.x). > > > > My own inclination would be to work instead on packaging the new 2.1.x > > version as an RPM for Red Hat 7.2, fixing or working around any > > configure.in buglets discovered along the way, and so making the > > installation a lot easier for many Linux users. But I don't know if I > > will need/want this badly enough to make the time to do it -- maybe > > one of the folks who created cyrus-imapd 2.0.x RPMs will work on this > > before I get there. > > > > Jonathan > > > > -- > Ramiro
