Problem in installation in RH7.3
Hi, I am trying to install cyrus sasl and imap on RedHat 7.3 system with the of cyru-imap HOWTO i am facing some problem which are listed below 1) while doing 'make' of cyrus-sasl-2.1.10 it give error 'krb.h no such file or directory' so i configured it with `./configure --disable-krb4` (it got compiled) 2) after compiling and installing the cyrus-imap-2.1.11 and doing the neccessary configuration when i am testing it with `imtest -m login -p imap localhost` it gives following error [cyrus@localhost cyrus]$ imtest -m login -p imap localhost failure: prot layer failure Please guide me how to resolv this problem thanks in advance Regards, Mohan Cheema -- Intel engineering seem to have misheard Intel marketing strategy. The phrase was Divide and conquer not Divide and cock up (By [EMAIL PROTECTED], Alan Cox) -- Intel engineering seem to have misheard Intel marketing strategy. The phrase was Divide and conquer not Divide and cock up (By [EMAIL PROTECTED], Alan Cox)
Re: Antivirus
On Wed, 15 Jan 2003, Sebastien Marmorat wrote: Hi, What is the best antivirus solution for my mail server Cyrus/Postfix ? I'm not running a production system yet, but I have a test system running Cyrus to replace our current UWimapd based solution as soon as the new hardware for it arrives. On the test system, which is behaving very well, I have, besides Cyrus 2.1.11, Sendmail 8.12.6 and AmaVis (http://www.ijs.si/software/amavisd/) (via the milter interface), with SpamAssassin 2.43 (http://spamassassin.sourceforge.net/) and Clam AntiVirus (http://clamav.elektrapro.com/). A cronjob downloads the new virus database once a day. The new Sobig virus got first detected on Jan 14h, which is 5 days after its breakout, iirc. I have not enough experience with other anti-virus solutions to decide whether 5 days is a fast or rather a slow response. Maybe, the big commercial players have better response times. It would be nice to have a specs/features matrix of the available virus scanners. -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Piet RUYSSINCKe-mail: [EMAIL PROTECTED] Unix Systeem Administratie tel: +32 9 264 4733 Directie Informatie- en Communicatietechnologie (ICT) fax: +32 9 264 4994 Universiteit Gent (RUG) Krijgslaan 281, gebouw S9 - 9000 Gent, Belgie -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Please avoid sending me Word or PowerPoint attachments See http://www.fsf.org/philosophy/no-word-attachments.html
RE: Antivirus
I found that using content filters, such as SpamAssasin, could be used to block 95% of virii by simply blocking any file attachment type bar .zip. Things like FriendsGreetings and the like could be blocked on an ad-hoc basis as soon as the sys admin is aware of them by just adding a new rule. By doing that I kept the company virus free since implementation. Just my 2 euros worth... -Original Message- From: Piet Ruyssinck [mailto:[EMAIL PROTECTED]] Sent: 16 January 2003 10:23 To: [EMAIL PROTECTED] Subject: Re: Antivirus On Wed, 15 Jan 2003, Sebastien Marmorat wrote: Hi, What is the best antivirus solution for my mail server Cyrus/Postfix ? I'm not running a production system yet, but I have a test system running Cyrus to replace our current UWimapd based solution as soon as the new hardware for it arrives. On the test system, which is behaving very well, I have, besides Cyrus 2.1.11, Sendmail 8.12.6 and AmaVis (http://www.ijs.si/software/amavisd/) (via the milter interface), with SpamAssassin 2.43 (http://spamassassin.sourceforge.net/) and Clam AntiVirus (http://clamav.elektrapro.com/). A cronjob downloads the new virus database once a day. The new Sobig virus got first detected on Jan 14h, which is 5 days after its breakout, iirc. I have not enough experience with other anti-virus solutions to decide whether 5 days is a fast or rather a slow response. Maybe, the big commercial players have better response times. It would be nice to have a specs/features matrix of the available virus scanners. -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Piet RUYSSINCKe-mail: [EMAIL PROTECTED] Unix Systeem Administratie tel: +32 9 264 4733 Directie Informatie- en Communicatietechnologie (ICT) fax: +32 9 264 4994 Universiteit Gent (RUG) Krijgslaan 281, gebouw S9 - 9000 Gent, Belgie -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Please avoid sending me Word or PowerPoint attachments See http://www.fsf.org/philosophy/no-word-attachments.html
RE: Antivirus
I've found an excellent SPAM/Virus scanner is MailScanner (www.mailscanner.info). It plugs into sendmail very well (doesn't use the milter, just 2 instances of sendmail). Works with heaps of virus scanners and it's GPL software. Regards On Thu, 2003-01-16 at 23:57, Russell Packer wrote: I found that using content filters, such as SpamAssasin, could be used to block 95% of virii by simply blocking any file attachment type bar .zip. Things like FriendsGreetings and the like could be blocked on an ad-hoc basis as soon as the sys admin is aware of them by just adding a new rule. By doing that I kept the company virus free since implementation. Just my 2 euros worth... -Original Message- From: Piet Ruyssinck [mailto:[EMAIL PROTECTED]] Sent: 16 January 2003 10:23 To: [EMAIL PROTECTED] Subject: Re: Antivirus On Wed, 15 Jan 2003, Sebastien Marmorat wrote: Hi, What is the best antivirus solution for my mail server Cyrus/Postfix ? I'm not running a production system yet, but I have a test system running Cyrus to replace our current UWimapd based solution as soon as the new hardware for it arrives. On the test system, which is behaving very well, I have, besides Cyrus 2.1.11, Sendmail 8.12.6 and AmaVis (http://www.ijs.si/software/amavisd/) (via the milter interface), with SpamAssassin 2.43 (http://spamassassin.sourceforge.net/) and Clam AntiVirus (http://clamav.elektrapro.com/). A cronjob downloads the new virus database once a day. The new Sobig virus got first detected on Jan 14h, which is 5 days after its breakout, iirc. I have not enough experience with other anti-virus solutions to decide whether 5 days is a fast or rather a slow response. Maybe, the big commercial players have better response times. It would be nice to have a specs/features matrix of the available virus scanners. -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Piet RUYSSINCKe-mail: [EMAIL PROTECTED] Unix Systeem Administratie tel: +32 9 264 4733 Directie Informatie- en Communicatietechnologie (ICT) fax: +32 9 264 4994 Universiteit Gent (RUG) Krijgslaan 281, gebouw S9 - 9000 Gent, Belgie -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Please avoid sending me Word or PowerPoint attachments See http://www.fsf.org/philosophy/no-word-attachments.html -- Oliver Jones Senior Software Engineer Deeper Design Limited. [EMAIL PROTECTED] www.deeperdesign.com +64 (21) 41-2238
* U5 VirusKill * UW to Cyrus transition
U5 VirusKill 2.3 has modified this mail as it contained a PC-executable attachment. ~ ~ ~ ~ ~ You should probably simply ignore this mail. If you really expected somebody to send you an executable attachment please mail back to this person and ask him/her to zip the file first. Below is given the first 60 lines of the mail that was sent to you with an executable file attached. As more than 99.999% of executable attachments are viruses, U5 VirusKill 2.3 has deactivated the attachment and truncated the mail. If you haven't done it yet please read http://www.u5.com/gen/ser/u5vk.htm Best regards U5com Co Ltd. Security Division ~ ~ ~ ~ ~ Return-Path: [EMAIL PROTECTED] Received: from lists2.andrew.cmu.edu (LISTS2.andrew.cmu.edu [128.2.10.216]) by pb10.pair.com (Postfix) with ESMTP id 56254A31C4 for [EMAIL PROTECTED]; Thu, 16 Jan 2003 07:25:15 -0500 (EST) Received: (from postman@localhost) by lists2.andrew.cmu.edu (8.12.3.Beta2/8.12.0.Beta16) id h0GCK1QL014938 for info-cyrus-list; Thu, 16 Jan 2003 07:20:01 -0500 (EST) Received: from snaefell.rhi.hi.is (snaefell.rhi.hi.is [130.208.165.28]) by lists2.andrew.cmu.edu (8.12.3.Beta2/8.12.0.Beta16) with ESMTP id h0GCJvRw014934 for [EMAIL PROTECTED]; Thu, 16 Jan 2003 07:19:58 -0500 (EST) Received: from hi.is (localhost [127.0.0.1]) by snaefell.rhi.hi.is (8.12.6/8.12.3) with SMTP id h0GCEYRQ002513 for [EMAIL PROTECTED]; Thu, 16 Jan 2003 12:14:34 GMT From: [EMAIL PROTECTED] Received: from 130.208.69.197 (SquirrelMail authenticated user tosi) by webmail.hi.is with HTTP; Thu, 16 Jan 2003 12:14:34 - (GMT) Message-ID: [EMAIL PROTECTED] Date: Thu, 16 Jan 2003 12:14:34 - (GMT) Subject: UW to Cyrus transition To: [EMAIL PROTECTED] X-Priority: 3 Importance: Normal X-Mailer: SquirrelMail (version 1.2.10) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary==_20030116121434_50044 X-MailScanner: Found to be clean X-MailScanner-SpamScore: s Sender: [EMAIL PROTECTED] Precedence: bulk --=_20030116121434_50044 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Hi people, In the last week of december, I ported 1 ( c.a. ) users from UW to Cyrus. As I had a REALLY hard time finding ANY help whatsoever ( scripts etc ), I wrote some of my own. I must say, they DO take time. I was running them on a Sun Fire 880 with 4x900MHz CPUs and 8GB RAM, and all files local. It takes around 8-10 hours per 2500 users with around 20GB of data total. So for 1 users with around 80GB of data, up to 40 hours of conversion time is a fairly close estimate. I am sure that the scripts are not completely bug-free, but they did work for me. BEWARE: usernames with dots in them are NOT very well handled. Share and enjoy. -tosi
UW to Cyrus transition
Hi people, In the last week of december, I ported 1 ( c.a. ) users from UW to Cyrus. As I had a REALLY hard time finding ANY help whatsoever ( scripts etc ), I wrote some of my own. I must say, they DO take time. I was running them on a Sun Fire 880 with 4x900MHz CPUs and 8GB RAM, and all files local. It takes around 8-10 hours per 2500 users with around 20GB of data total. So for 1 users with around 80GB of data, up to 40 hours of conversion time is a fairly close estimate. I am sure that the scripts are not completely bug-free, but they did work for me. BEWARE: usernames with dots in them are NOT very well handled. Share and enjoy. -tosi CYR Description: Binary data output_mailfile Description: Binary data uw2cyr Description: Binary data
Re: UW to Cyrus transition
[EMAIL PROTECTED] wrote: In the last week of december, I ported 1 ( c.a. ) users from UW to Cyrus. As I had a REALLY hard time finding ANY help whatsoever ( scripts etc ), I wrote some of my own. I must say, they DO take time. I was running them on a Sun Fire 880 with 4x900MHz CPUs and 8GB RAM, and all files local. It takes around 8-10 hours per 2500 users with around 20GB of data total. So for 1 users with around 80GB of data, up to 40 hours of conversion time is a fairly close estimate. I am sure that the scripts are not completely bug-free, but they did work for me. BEWARE: usernames with dots in them are NOT very well handled. Did you have unixhierarchysep set? If not, then period isn't a legal character in a username. I converted 2300 users with 80G of mail over the course of 3 days, using a proxy solution. The accounts were moved over one at a time, with mail delivery held up and imap/pop login blocked while each account was moved. The proxies were a hacked perdition (to keep track of sessions so they could be killed and to treat a servername beginning with ! as a reject message to show to the client attempting to login) and a custom perl delivery agent which consulted the same database used by perdition and connected via LMTP (to procmail on the UW-IMAP side) to the two hosts. Based on the tests I had done (same V880 configuration on both old and new servers) it would have taken over 60 hours to convert everyone at once (using a hacked mboxcvt and a bunch of custom perl scripts), and that amount of downtime was unacceptable. That was also putting /var/imap on a tmpfs filesystem and striping /cyrus across 14 FC-connected drives. -- John A. Tamplin Unix System Administrator Emory University, School of Public Health +1 404/727-9931
hello list!!!
Some days ago i was re-posting two message and today, i´mstill without answer to my problems. Please, right now i haveonly one doubt, are my message arriving to the list? (sorry but i´m a newbiein this list) Can anyoneadvice me? Thanks Danny
Re: hello list!!!
Your message is getting out to the list. Do the world a favor and turn off your HTML copy of the message. We really don't need to see the same text spewed forth inside of all the html tags. --Gene Danny Garcia Hernandez made the following keystrokes: Some days ago i was re-posting two message and today, i=B4m still = without answer to my problems.=20 Please, right now i have only one doubt, are my message arriving to the = list? (sorry but i=B4m a newbie in this list) Can anyone advice me? Thanks Danny
Re: UW to Cyrus transition
Hi, Thanks for sharing this, that's really neat from you ! Can you maybe in a few words explain us the login and how your scripts works ? Also what is required (external tools if any) to get it to work ? Regards |+- || | || [EMAIL PROTECTED] | || Sent by: | || [EMAIL PROTECTED]| || ew.cmu.edu | || | || | || 16.01.2003 13:14 | || | |+- --| | | | To: [EMAIL PROTECTED] | | cc: | | Subject: UW to Cyrus transition | --| Hi people, In the last week of december, I ported 1 ( c.a. ) users from UW to Cyrus. As I had a REALLY hard time finding ANY help whatsoever ( scripts etc ), I wrote some of my own. I must say, they DO take time. I was running them on a Sun Fire 880 with 4x900MHz CPUs and 8GB RAM, and all files local. It takes around 8-10 hours per 2500 users with around 20GB of data total. So for 1 users with around 80GB of data, up to 40 hours of conversion time is a fairly close estimate. I am sure that the scripts are not completely bug-free, but they did work for me. BEWARE: usernames with dots in them are NOT very well handled. Share and enjoy. -tosi (See attached file: CYR)(See attached file: output_mailfile)(See attached file: uw2cyr) CYR Description: Binary data output_mailfile Description: Binary data uw2cyr Description: Binary data
How to get a cyrus-imapd-2.2 from CVS
Hi All, I want to download a Cyrus-imapd-2.2 from CVS and I tried the command cvs -d :pserver:[EMAIL PROTECTED]:/cvs login But I can't login. Would someone help me ? Thanks a lot. --- Kai __ Do You Yahoo!? Yahoo! BB is Broadband by Yahoo! http://bb.yahoo.co.jp/
Re: How to get a cyrus-imapd-2.2 from CVS
On 28 Feb 2003, [EMAIL PROTECTED] writes: I want to download a Cyrus-imapd-2.2 from CVS and I tried the command cvs -d :pserver:[EMAIL PROTECTED]:/cvs login But I can't login. Would someone help me ? Maybe you forgot the password of anonymous? cvs -d :pserver:anoncvs:[EMAIL PROTECTED]:/cvs login export CVSROOT=:pserver:[EMAIL PROTECTED]:/cvs cvs -z3 co -d cyrus-imapd-2.2 -r cyrus-imapd-2_2 cyrus works for me. Then cd cyrus-imapd-2.2 sh SMakefile ./configure # Add any options you need to pass to configure make and you should be all set. To generate all the documentation in HTML and as text you also need to do (cd doc ; make -f Makefile.dist) Or, if you are working in a Red Hat Linux universe and would like SRPM and binary RPMs from the 2.2 CVS, I can make mine (based very heavily on Simon Matter's RPMs for 2.1.11) available. Jonathan -- Jonathan Marsden| Internet: [EMAIL PROTECTED] | Making electronic 1252 Judson Street | Phone: +1 (909) 795-3877 | communications work Redlands, CA 92374 | Fax: +1 (909) 795-0327 | reliably for Christian USA | http://www.xc.org/jonathan| missions worldwide
Question about hash directory for builetin board folders
Hi, We use Cyrus v2.1.8 on a RedHat 7.3 server, with the following options: hashimapspool: yes unixhierarchysep: yes altnamespace: yes I observed a strange behavior for the shared mailboxes: each subdirectory of a shared mailbox is placed under a different hash letter in the mailstore. For example, we have a shared folder named test_partage containing 2 sub-folders named test and test2. Here are the associated directories in the mailstore: drwx--2 cyrusmail 4096 Jan 13 12:25 C/test_partage/ drwx--2 cyrusmail 4096 Jan 16 11:54 D/test_partage/test2/ drwx--2 cyrusmail 4096 Jan 13 09:55 I/test_partage/test/ Is it normal that each folder is placed under a different hash letter? If yes, why? That is not the case for normal users folders. Thanks. -- Luc Germain, analyste Support technique Service des technologies de l'information Université de Sherbrooke, Sherbrooke (Québec) Canada J1K 2R1 tel: 819-821-8000 ext 2866fax: 819-821-8045 email: [EMAIL PROTECTED]
disable logging
how can i disable this excessive logging to my syslog? i really can't find any debug switch in my setup. Jan 16 19:25:56 wurstbude saslauthd[2176]: dbuser changed. Jan 16 19:25:56 wurstbude saslauthd[2176]: dbpasswd changed. Jan 16 19:25:56 wurstbude saslauthd[2176]: host changed. Jan 16 19:25:56 wurstbude saslauthd[2176]: database changed. Jan 16 19:25:56 wurstbude saslauthd[2176]: table changed. ... ... Jan 16 19:26:51 wurstbude imapd[14971]: SQUAT failed to open index file Jan 16 19:26:51 wurstbude imapd[14971]: SQUAT failed Jan 16 19:26:51 wurstbude imapd[14971]: SQUAT failed to open index file Jan 16 19:26:51 wurstbude imapd[14971]: SQUAT failed Jan 16 19:26:51 wurstbude imapd[14971]: SQUAT failed to open index file Jan 16 19:26:51 wurstbude imapd[14971]: SQUAT failed ... ... thanks jens
Cyrus-IMAPd+SASL+PAM not communicating (but testsaslauthd says OK)
Hi all,
The cliffnotes version of my problem is that even though I run
/usr/local/sbin/saslauthd -a pam
and my /etc/imapd.conf contains sasl_pwcheck_method: pam
I get an auth failed when trying to login over IMAP or imtest:
$ testsaslauthd -u tico2 -p test1234 -s imap
0: OK Success.
$ testsaslauthd -u tico2 -p test1234
0: OK Success.
$ imtest -u tico2 -a tico2 -w test1234 -v -m login 192.168.1.98
S: * OK mail.test Cyrus IMAP4 v2.1.11 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=OTP AUTH=DIGEST-MD5
AUTH=CRAM-MD5
S: C01 OK Completed
C: L01 LOGIN tico2 {8}
S: + go ahead
C: omitted
S: L01 NO Login failed: no mechanism available
Authentication failed. generic failure
Security strength factor: 0
$ imtest -u tico2 -a tico2 -w test1234 -v -m plain 192.168.1.98
S: * OK mail.test.pharm-olam.com Cyrus IMAP4 v2.1.11 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=OTP AUTH=DIGEST-MD5
AUTH=CRAM-MD5
S: C01 OK Completed
C: A01 AUTHENTICATE PLAIN
S: A01 NO no mechanism available
Authentication failed. generic failure
Security strength factor: 0
/var/log/auth.log says:
Jan 16 12:59:26 frosty imapd[2968]: unknown password verifier
/var/log/imap.log says:
Jan 16 12:59:05 frosty imapd[2968]: badlogin: mail.test [192.168.1.98]
PLAIN [SASL(-4): no mechanism available: security flags do not match
required]
Jan 16 12:59:26 frosty imapd[2968]: accepted connection
Jan 16 12:59:26 frosty imapd[2968]: badlogin: mail.test [192.168.1.98]
plaintext test1 SASL(-4): no mechanism available: checkpass failed
I'm on my first Cyrus install and have RTFM all I can find, so bear with
me. I have a Redhat 7.2 box on which I'm trying to accomplish the
following:
Get Cyrus IMAPd to authenticate (via SASLv2) against PAM instead of
directly to a /etc/sasldb or a MySQL table or anything of that nature. My
users are set up in PAM using Samba/winbind modules, and they can
authenticate for anything else. Additionally, I have a few /etc/shadow
users that I've created just for testing, and behavior is the exact same no
matter which type of user I try.
Any help would be greatly appreciated!!
Regards,
Tico Hannan [CCDP,CCNP]
more notes:
Locally I can auth against any of them (winbind or /etc/shadow) since they
are in my /etc/pam.d/system-auth:
authrequired /lib/security/pam_env.so
authsufficient/lib/security/pam_winbind.so
authsufficient/lib/security/pam_unix.so likeauth nullok
authrequired /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
passwordrequired /lib/security/pam_cracklib.so retry=3 type=
passwordsufficient/lib/security/pam_unix.so nullok use_authtok md5
shadow use_first_pass
passwordrequired /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
and currently (just for testing purposes) I have everything
(including /etc/pam.d/imap) set to use:
$ cat /etc/pam.d/imap
#%PAM-1.0
auth required /lib/security/pam_stack.so service=system-auth
accountrequired /lib/security/pam_stack.so service=system-auth
I have a startup script that runs
/usr/local/sbin/saslauthd -a pam
/usr/cyrus/bin/master
and my configs are /etc/imapd.conf:
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: cyrus root
allowanonymouslogin: no
sasl_pwcheck_method: pam
defaultacl: anyone lrs
postmaster: postmaster
sendmail: /usr/sbin/sendmail.postfix
allowplaintext: yes
servername: mail.test
autocreatequota: 1
quotawarn: 90
my /etc/cyrus.conf:
START {
# do not delete these entries!
mboxlist cmd=ctl_mboxlist -r
deliver cmd=ctl_deliver -r
}
SERVICES {
imap cmd=/usr/cyrus/bin/imapd listen=imap prefork=0
imaps cmd=/usr/cyrus/bin/imapd -s listen=imaps prefork=0
pop3 cmd=/usr/cyrus/bin/pop3d listen=pop3 prefork=0
pop3s cmd=/usr/cyrus/bin/pop3d -s listen=pop3s prefork=0
sieve cmd=/usr/cyrus/bin/timsieved listen=sieve prefork=0
lmtpunix cmd=/usr/cyrus/bin/lmtpd listen=/var/imap/socket/lmtp
prefork=0
}
EVENTS {
checkpointcmd=ctl_mboxlist -c period=30
}
My installation options:
SASL:
make clean
./configure \
--with-dblib=berkeley \
--with-bdb-libdir=/usr/local/BerkeleyDB.3.1/lib \
--with-bdb-incdir=/usr/local/BerkeleyDB.3.1/include \
--with-pam=/usr/include/security \
--with-openssl=/usr/include/openssl \
--enable-plain \
--enable-krb4=no \
--without-des \
--enable-digest=no
make
make install
IMAP:
make clean
./configure \
--with-auth=unix \
--with-openssl=/usr/include/openssl \
Re: Cyrus-IMAPd+SASL+PAM not communicating (but testsaslauthd saysOK)
You want to use:
sasl_pwcheck_method: saslauthd
-Rob
On Thu, 16 Jan 2003, Thomas Hannan wrote:
Hi all,
The cliffnotes version of my problem is that even though I run
/usr/local/sbin/saslauthd -a pam
and my /etc/imapd.conf contains sasl_pwcheck_method: pam
I get an auth failed when trying to login over IMAP or imtest:
$ testsaslauthd -u tico2 -p test1234 -s imap
0: OK Success.
$ testsaslauthd -u tico2 -p test1234
0: OK Success.
$ imtest -u tico2 -a tico2 -w test1234 -v -m login 192.168.1.98
S: * OK mail.test Cyrus IMAP4 v2.1.11 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=OTP AUTH=DIGEST-MD5
AUTH=CRAM-MD5
S: C01 OK Completed
C: L01 LOGIN tico2 {8}
S: + go ahead
C: omitted
S: L01 NO Login failed: no mechanism available
Authentication failed. generic failure
Security strength factor: 0
$ imtest -u tico2 -a tico2 -w test1234 -v -m plain 192.168.1.98
S: * OK mail.test.pharm-olam.com Cyrus IMAP4 v2.1.11 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=OTP AUTH=DIGEST-MD5
AUTH=CRAM-MD5
S: C01 OK Completed
C: A01 AUTHENTICATE PLAIN
S: A01 NO no mechanism available
Authentication failed. generic failure
Security strength factor: 0
/var/log/auth.log says:
Jan 16 12:59:26 frosty imapd[2968]: unknown password verifier
/var/log/imap.log says:
Jan 16 12:59:05 frosty imapd[2968]: badlogin: mail.test [192.168.1.98]
PLAIN [SASL(-4): no mechanism available: security flags do not match
required]
Jan 16 12:59:26 frosty imapd[2968]: accepted connection
Jan 16 12:59:26 frosty imapd[2968]: badlogin: mail.test [192.168.1.98]
plaintext test1 SASL(-4): no mechanism available: checkpass failed
I'm on my first Cyrus install and have RTFM all I can find, so bear with
me. I have a Redhat 7.2 box on which I'm trying to accomplish the
following:
Get Cyrus IMAPd to authenticate (via SASLv2) against PAM instead of
directly to a /etc/sasldb or a MySQL table or anything of that nature. My
users are set up in PAM using Samba/winbind modules, and they can
authenticate for anything else. Additionally, I have a few /etc/shadow
users that I've created just for testing, and behavior is the exact same no
matter which type of user I try.
Any help would be greatly appreciated!!
Regards,
Tico Hannan [CCDP,CCNP]
more notes:
Locally I can auth against any of them (winbind or /etc/shadow) since they
are in my /etc/pam.d/system-auth:
authrequired /lib/security/pam_env.so
authsufficient/lib/security/pam_winbind.so
authsufficient/lib/security/pam_unix.so likeauth nullok
authrequired /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
passwordrequired /lib/security/pam_cracklib.so retry=3 type=
passwordsufficient/lib/security/pam_unix.so nullok use_authtok md5
shadow use_first_pass
passwordrequired /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
and currently (just for testing purposes) I have everything
(including /etc/pam.d/imap) set to use:
$ cat /etc/pam.d/imap
#%PAM-1.0
auth required /lib/security/pam_stack.so service=system-auth
accountrequired /lib/security/pam_stack.so service=system-auth
I have a startup script that runs
/usr/local/sbin/saslauthd -a pam
/usr/cyrus/bin/master
and my configs are /etc/imapd.conf:
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: cyrus root
allowanonymouslogin: no
sasl_pwcheck_method: pam
defaultacl: anyone lrs
postmaster: postmaster
sendmail: /usr/sbin/sendmail.postfix
allowplaintext: yes
servername: mail.test
autocreatequota: 1
quotawarn: 90
my /etc/cyrus.conf:
START {
# do not delete these entries!
mboxlist cmd=ctl_mboxlist -r
deliver cmd=ctl_deliver -r
}
SERVICES {
imap cmd=/usr/cyrus/bin/imapd listen=imap prefork=0
imaps cmd=/usr/cyrus/bin/imapd -s listen=imaps prefork=0
pop3 cmd=/usr/cyrus/bin/pop3d listen=pop3 prefork=0
pop3s cmd=/usr/cyrus/bin/pop3d -s listen=pop3s prefork=0
sieve cmd=/usr/cyrus/bin/timsieved listen=sieve prefork=0
lmtpunix cmd=/usr/cyrus/bin/lmtpd listen=/var/imap/socket/lmtp
prefork=0
}
EVENTS {
checkpointcmd=ctl_mboxlist -c period=30
}
My installation options:
SASL:
make clean
./configure \
--with-dblib=berkeley \
--with-bdb-libdir=/usr/local/BerkeleyDB.3.1/lib \
--with-bdb-incdir=/usr/local/BerkeleyDB.3.1/include \
--with-pam=/usr/include/security \
--with-openssl=/usr/include/openssl \
Re: Cyrus-IMAPd+SASL+PAM not communicating (but testsaslauthd says
You need to have an SSL layer established before Cyrus will offer PLAIN.
-Rob
On Thu, 16 Jan 2003, Thomas Hannan wrote:
Thanks much! (for some reason I thought the only options available were
sasldb or pam for that setting)
However, I still get errors when trying to do PLAIN auth (haven't even
tried setting up SSL yet)
# imtest -u test1 -a test1 -w 1234 -v -m PLAIN 192.168.1.98
S: * OK mail.test Cyrus IMAP4 v2.1.11 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=OTP AUTH=DIGEST-MD5
AUTH=CRAM-MD5
S: C01 OK Completed
C: A01 AUTHENTICATE PLAIN
S: A01 NO no mechanism available
Authentication failed. generic failure
Security strength factor: 0
#tail /var/log/auth.log :
Jan 16 13:42:06 frosty imapd[3037]: badlogin: frosty.test [192.168.1.98]
PLAIN [SASL(-4): no mechanism available: security flags do not match
required]
Also, could someone explain to me exactly what the difference between LOGIN
and PLAIN is? I haven't been able to see find any details in my RTFM'ing...
Can/will cyrus-imapd create a maildir (and INBOX) for a user that has
logged in for their first time?
thanks much!!
--Tico
You want to use:
sasl_pwcheck_method: saslauthd
-Rob
On Thu, 16 Jan 2003, Thomas Hannan wrote:
Hi all,
The cliffnotes version of my problem is that even though I run
/usr/local/sbin/saslauthd -a pam
and my /etc/imapd.conf contains sasl_pwcheck_method: pam
I get an auth failed when trying to login over IMAP or imtest:
$ testsaslauthd -u tico2 -p test1234 -s imap
0: OK Success.
$ testsaslauthd -u tico2 -p test1234
0: OK Success.
$ imtest -u tico2 -a tico2 -w test1234 -v -m login 192.168.1.98
S: * OK mail.test Cyrus IMAP4 v2.1.11 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=OTP
AUTH=DIGEST-MD5 AUTH=CRAM-MD5
S: C01 OK Completed
C: L01 LOGIN tico2 {8}
S: + go ahead
C: omitted
S: L01 NO Login failed: no mechanism available
Authentication failed. generic failure
Security strength factor: 0
$ imtest -u tico2 -a tico2 -w test1234 -v -m plain 192.168.1.98
S: * OK mail.test.pharm-olam.com Cyrus IMAP4 v2.1.11 server ready C:
C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=OTP
AUTH=DIGEST-MD5 AUTH=CRAM-MD5
S: C01 OK Completed
C: A01 AUTHENTICATE PLAIN
S: A01 NO no mechanism available
Authentication failed. generic failure
Security strength factor: 0
/var/log/auth.log says:
Jan 16 12:59:26 frosty imapd[2968]: unknown password verifier
/var/log/imap.log says:
Jan 16 12:59:05 frosty imapd[2968]: badlogin: mail.test [192.168.1.98]
PLAIN [SASL(-4): no mechanism available: security flags do not match
required]
Jan 16 12:59:26 frosty imapd[2968]: accepted connection
Jan 16 12:59:26 frosty imapd[2968]: badlogin: mail.test [192.168.1.98]
plaintext test1 SASL(-4): no mechanism available: checkpass failed
I'm on my first Cyrus install and have RTFM all I can find, so bear
with me. I have a Redhat 7.2 box on which I'm trying to accomplish the
following:
Get Cyrus IMAPd to authenticate (via SASLv2) against PAM instead of
directly to a /etc/sasldb or a MySQL table or anything of that nature.
My users are set up in PAM using Samba/winbind modules, and they can
authenticate for anything else. Additionally, I have a few /etc/shadow
users that I've created just for testing, and behavior is the exact
same no matter which type of user I try.
Any help would be greatly appreciated!!
Regards,
Tico Hannan [CCDP,CCNP]
more notes:
Locally I can auth against any of them (winbind or /etc/shadow) since
they are in my /etc/pam.d/system-auth:
authrequired /lib/security/pam_env.so
authsufficient/lib/security/pam_winbind.so
authsufficient/lib/security/pam_unix.so likeauth nullok
authrequired /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
passwordrequired /lib/security/pam_cracklib.so retry=3 type=
passwordsufficient/lib/security/pam_unix.so nullok use_authtok
md5 shadow use_first_pass
passwordrequired /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
and currently (just for testing purposes) I have everything
(including /etc/pam.d/imap) set to use:
$ cat /etc/pam.d/imap
#%PAM-1.0
auth required /lib/security/pam_stack.so service=system-auth
account
Re: Cyrus-IMAPd+SASL+PAM not communicating (but testsaslauthd says OK)
Thomas Hannan wrote: Hi all, The cliffnotes version of my problem is that even though I run /usr/local/sbin/saslauthd -a pam and my /etc/imapd.conf contains sasl_pwcheck_method: pam This should be sasl_pwcheck_method: saslauthd -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: disable logging
Woerns Urstmann wrote: how can i disable this excessive logging to my syslog? i really can't find any debug switch in my setup. Look at local6 in syslog.conf. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: disable logging
On Thu, Jan 16, 2003 at 07:27:27PM +0100, Woerns Urstmann wrote: how can i disable this excessive logging to my syslog? i really can't find any debug switch in my setup. from doc/install-configure.html part 3: If you do not copy the syslog/syslog.conf file to the /etc directory, be sure to add support for local6.debug. The file should include a line like: local6.debug /var/log/imapd.log You probably also want to log SASL messages with a line like: auth.debug /var/log/auth.log After installation and testing, you probably want to change the .debug component to something a little less verbose. Create the log files: touch /var/log/imapd.log /var/log/auth.log So you will want local6.info or somesuch.. Cheers, Patrick
Re: Cyrus-IMAPd+SASL+PAM not communicating (but testsaslauthd says
Thanks much! (for some reason I thought the only options available were
sasldb or pam for that setting)
However, I still get errors when trying to do PLAIN auth (haven't even
tried setting up SSL yet)
# imtest -u test1 -a test1 -w 1234 -v -m PLAIN 192.168.1.98
S: * OK mail.test Cyrus IMAP4 v2.1.11 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=OTP AUTH=DIGEST-MD5
AUTH=CRAM-MD5
S: C01 OK Completed
C: A01 AUTHENTICATE PLAIN
S: A01 NO no mechanism available
Authentication failed. generic failure
Security strength factor: 0
#tail /var/log/auth.log :
Jan 16 13:42:06 frosty imapd[3037]: badlogin: frosty.test [192.168.1.98]
PLAIN [SASL(-4): no mechanism available: security flags do not match
required]
Also, could someone explain to me exactly what the difference between LOGIN
and PLAIN is? I haven't been able to see find any details in my RTFM'ing...
Can/will cyrus-imapd create a maildir (and INBOX) for a user that has
logged in for their first time?
thanks much!!
--Tico
You want to use:
sasl_pwcheck_method: saslauthd
-Rob
On Thu, 16 Jan 2003, Thomas Hannan wrote:
Hi all,
The cliffnotes version of my problem is that even though I run
/usr/local/sbin/saslauthd -a pam
and my /etc/imapd.conf contains sasl_pwcheck_method: pam
I get an auth failed when trying to login over IMAP or imtest:
$ testsaslauthd -u tico2 -p test1234 -s imap
0: OK Success.
$ testsaslauthd -u tico2 -p test1234
0: OK Success.
$ imtest -u tico2 -a tico2 -w test1234 -v -m login 192.168.1.98
S: * OK mail.test Cyrus IMAP4 v2.1.11 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=OTP
AUTH=DIGEST-MD5 AUTH=CRAM-MD5
S: C01 OK Completed
C: L01 LOGIN tico2 {8}
S: + go ahead
C: omitted
S: L01 NO Login failed: no mechanism available
Authentication failed. generic failure
Security strength factor: 0
$ imtest -u tico2 -a tico2 -w test1234 -v -m plain 192.168.1.98
S: * OK mail.test.pharm-olam.com Cyrus IMAP4 v2.1.11 server ready C:
C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=OTP
AUTH=DIGEST-MD5 AUTH=CRAM-MD5
S: C01 OK Completed
C: A01 AUTHENTICATE PLAIN
S: A01 NO no mechanism available
Authentication failed. generic failure
Security strength factor: 0
/var/log/auth.log says:
Jan 16 12:59:26 frosty imapd[2968]: unknown password verifier
/var/log/imap.log says:
Jan 16 12:59:05 frosty imapd[2968]: badlogin: mail.test [192.168.1.98]
PLAIN [SASL(-4): no mechanism available: security flags do not match
required]
Jan 16 12:59:26 frosty imapd[2968]: accepted connection
Jan 16 12:59:26 frosty imapd[2968]: badlogin: mail.test [192.168.1.98]
plaintext test1 SASL(-4): no mechanism available: checkpass failed
I'm on my first Cyrus install and have RTFM all I can find, so bear
with me. I have a Redhat 7.2 box on which I'm trying to accomplish the
following:
Get Cyrus IMAPd to authenticate (via SASLv2) against PAM instead of
directly to a /etc/sasldb or a MySQL table or anything of that nature.
My users are set up in PAM using Samba/winbind modules, and they can
authenticate for anything else. Additionally, I have a few /etc/shadow
users that I've created just for testing, and behavior is the exact
same no matter which type of user I try.
Any help would be greatly appreciated!!
Regards,
Tico Hannan [CCDP,CCNP]
more notes:
Locally I can auth against any of them (winbind or /etc/shadow) since
they are in my /etc/pam.d/system-auth:
authrequired /lib/security/pam_env.so
authsufficient/lib/security/pam_winbind.so
authsufficient/lib/security/pam_unix.so likeauth nullok
authrequired /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
passwordrequired /lib/security/pam_cracklib.so retry=3 type=
passwordsufficient/lib/security/pam_unix.so nullok use_authtok
md5 shadow use_first_pass
passwordrequired /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
and currently (just for testing purposes) I have everything
(including /etc/pam.d/imap) set to use:
$ cat /etc/pam.d/imap
#%PAM-1.0
auth required /lib/security/pam_stack.so service=system-auth
accountrequired /lib/security/pam_stack.so service=system-auth
I have a startup script that runs
/usr/local/sbin/saslauthd -a pam
/usr/cyrus/bin/master
and my configs are /etc/imapd.conf:
configdirectory: /var/imap
Re: disable logging
Logging is done via syslog, check your syslog.conf for the following local6 facility and/or mail. You probably have them in debug, change it to something higher... Regards To: [EMAIL PROTECTED] cc: bcc: Subject: disable logging Woerns Urstmann [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 01/16/2003 07:27 PM font size=-1/font how can i disable this excessive logging to my syslog? i really can't find any debug switch in my setup. Jan 16 19:25:56 wurstbude saslauthd[2176]: dbuser changed. Jan 16 19:25:56 wurstbude saslauthd[2176]: dbpasswd changed. Jan 16 19:25:56 wurstbude saslauthd[2176]: host changed. Jan 16 19:25:56 wurstbude saslauthd[2176]: database changed. Jan 16 19:25:56 wurstbude saslauthd[2176]: table changed. ... ... Jan 16 19:26:51 wurstbude imapd[14971]: SQUAT failed to open index file Jan 16 19:26:51 wurstbude imapd[14971]: SQUAT failed Jan 16 19:26:51 wurstbude imapd[14971]: SQUAT failed to open index file Jan 16 19:26:51 wurstbude imapd[14971]: SQUAT failed Jan 16 19:26:51 wurstbude imapd[14971]: SQUAT failed to open index file Jan 16 19:26:51 wurstbude imapd[14971]: SQUAT failed ... ... thanks jens
Received: headers after LMTP delivery
I find it useful to look at the Received headers to track the path the email might have taken to get from the desktop to the mailbox when we are having problems. Particularly, I look at the delays between hops to find out if one of our machines is holding onto mail a lot longer than it should be. I know that the first hop (desktop to the server) may not reflect an accurate time, since it looks like to me that the time on the PC is what is often reflected in the first Received header. The problem I am having is determining when a message physically gets delivered by LMTP to the mailbox. I can see the last Received line in the path, which is one mail server handing the message off to the last mail server which contains the IMAP server (LMTP is running on localhost only). Then after that, I see the Return-Path line in the header, which I know gets added by LMTP when it delivers the message. What is missing is the time that this occurred, as I have no idea how long it sat in the sendmial queue on the server before it was handed to LMTP. Would it be possible to have LMTP add a similar Received line right before it adds the Return-Path line that indicates the time of delivery? I haven't read the RFC's to see if there are any specific rules for how the Received lines would look, but it would be nice to see it indicate that the message was received by LMTP for delivery at a specific time. Thoughts? Scott -- +---+ Scott W. Adkinshttp://www.cns.ohiou.edu/~sadkins/ UNIX Systems Engineer mailto:[EMAIL PROTECTED] ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 +---+ PGP Public Key available at http://www.cns.ohiou.edu/~sadkins/pgp/ msg10486/pgp0.pgp Description: PGP signature
Re: Cyrus-IMAPd+SASL+PAM not communicating (but testsaslauthd says
Thanks again --will work on that. If I compiled it w/o these options then
why the Cyrus daemon offer: AUTH=OTP AUTH=DIGEST-MD5 AUTH=CRAM-MD5
Or is that normal behavior?
-Tico
You need to have an SSL layer established before Cyrus will offer
PLAIN.
-Rob
On Thu, 16 Jan 2003, Thomas Hannan wrote:
Thanks much! (for some reason I thought the only options available
were sasldb or pam for that setting)
However, I still get errors when trying to do PLAIN auth (haven't even
tried setting up SSL yet)
# imtest -u test1 -a test1 -w 1234 -v -m PLAIN 192.168.1.98
S: * OK mail.test Cyrus IMAP4 v2.1.11 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=OTP
AUTH=DIGEST-MD5 AUTH=CRAM-MD5
S: C01 OK Completed
C: A01 AUTHENTICATE PLAIN
S: A01 NO no mechanism available
Authentication failed. generic failure
Security strength factor: 0
#tail /var/log/auth.log :
Jan 16 13:42:06 frosty imapd[3037]: badlogin: frosty.test
[192.168.1.98] PLAIN [SASL(-4): no mechanism available: security flags
do not match required]
Also, could someone explain to me exactly what the difference between
LOGIN and PLAIN is? I haven't been able to see find any details in my
RTFM'ing...
Can/will cyrus-imapd create a maildir (and INBOX) for a user that has
logged in for their first time?
thanks much!!
--Tico
You want to use:
sasl_pwcheck_method: saslauthd
-Rob
On Thu, 16 Jan 2003, Thomas Hannan wrote:
Hi all,
The cliffnotes version of my problem is that even though I run
/usr/local/sbin/saslauthd -a pam
and my /etc/imapd.conf contains sasl_pwcheck_method: pam
I get an auth failed when trying to login over IMAP or imtest: $
testsaslauthd -u tico2 -p test1234 -s imap
0: OK Success.
$ testsaslauthd -u tico2 -p test1234
0: OK Success.
$ imtest -u tico2 -a tico2 -w test1234 -v -m login 192.168.1.98 S:
* OK mail.test Cyrus IMAP4 v2.1.11 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+
MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT
CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES
IDLE AUTH=OTP
AUTH=DIGEST-MD5 AUTH=CRAM-MD5
S: C01 OK Completed
C: L01 LOGIN tico2 {8}
S: + go ahead
C: omitted
S: L01 NO Login failed: no mechanism available
Authentication failed. generic failure
Security strength factor: 0
$ imtest -u tico2 -a tico2 -w test1234 -v -m plain 192.168.1.98 S:
* OK mail.test.pharm-olam.com Cyrus IMAP4 v2.1.11 server ready C:
C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+
MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT
CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES
IDLE AUTH=OTP
AUTH=DIGEST-MD5 AUTH=CRAM-MD5
S: C01 OK Completed
C: A01 AUTHENTICATE PLAIN
S: A01 NO no mechanism available
Authentication failed. generic failure
Security strength factor: 0
/var/log/auth.log says:
Jan 16 12:59:26 frosty imapd[2968]: unknown password verifier
/var/log/imap.log says:
Jan 16 12:59:05 frosty imapd[2968]: badlogin: mail.test
[192.168.1.98] PLAIN [SASL(-4): no mechanism available: security
flags do not match required]
Jan 16 12:59:26 frosty imapd[2968]: accepted connection
Jan 16 12:59:26 frosty imapd[2968]: badlogin: mail.test
[192.168.1.98] plaintext test1 SASL(-4): no mechanism available:
checkpass failed
I'm on my first Cyrus install and have RTFM all I can find, so bear
with me. I have a Redhat 7.2 box on which I'm trying to accomplish
the following:
Get Cyrus IMAPd to authenticate (via SASLv2) against PAM instead of
directly to a /etc/sasldb or a MySQL table or anything of that
nature. My users are set up in PAM using Samba/winbind modules, and
they can authenticate for anything else. Additionally, I have a few
/etc/shadow users that I've created just for testing, and behavior
is the exact same no matter which type of user I try.
Any help would be greatly appreciated!!
Regards,
Tico Hannan [CCDP,CCNP]
more notes:
Locally I can auth against any of them (winbind or /etc/shadow)
since they are in my /etc/pam.d/system-auth:
authrequired /lib/security/pam_env.so
authsufficient/lib/security/pam_winbind.so
authsufficient/lib/security/pam_unix.so likeauth nullok
authrequired /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
passwordrequired /lib/security/pam_cracklib.so retry=3
type= passwordsufficient/lib/security/pam_unix.so nullok
use_authtok md5 shadow use_first_pass
passwordrequired /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
and currently (just for testing
Re: Received: headers after LMTP delivery
Scott Adkins wrote: I find it useful to look at the Received headers to track the path the email might have taken to get from the desktop to the mailbox when we are having problems. Particularly, I look at the delays between hops to find out if one of our machines is holding onto mail a lot longer than it should be. I know that the first hop (desktop to the server) may not reflect an accurate time, since it looks like to me that the time on the PC is what is often reflected in the first Received header. The problem I am having is determining when a message physically gets delivered by LMTP to the mailbox. I can see the last Received line in the path, which is one mail server handing the message off to the last mail server which contains the IMAP server (LMTP is running on localhost only). Then after that, I see the Return-Path line in the header, which I know gets added by LMTP when it delivers the message. What is missing is the time that this occurred, as I have no idea how long it sat in the sendmial queue on the server before it was handed to LMTP. Would it be possible to have LMTP add a similar Received line right before it adds the Return-Path line that indicates the time of delivery? I haven't read the RFC's to see if there are any specific rules for how the Received lines would look, but it would be nice to see it indicate that the message was received by LMTP for delivery at a specific time. Thoughts? It already does (as of 2.1.0). Take a look at the headers from your post: Return-Path: [EMAIL PROTECTED] Received: from mx3.andrew.cmu.edu (MX3.andrew.cmu.edu [128.2.10.113]) by mail1.andrew.cmu.edu (Cyrus v2.1.11-072) with LMTP; Thu, 16 Jan 2003 15:54:16 -0500 X-Sieve: CMU Sieve 2.2 I'm not sure why you aren't seeing this. What verision of Cyrus? Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Which DB backend to use
I've seen the advice of many on the list of using skiplist format for mboxlist but does anyone have recommendations for duplicate, seen, subs, and tls? Is there a standard answer or is this one of those 'depends on what you are doing' questions? Thanks, Chris Scott
Re: Websieve and Cyrus 2.1.11
perl is telling you precisely what the problem is -- it is looking for the file IMAP/Admin.pm (ie, the perl module IMAP::Admin), and it can't find it in any of the directories listed. If you installed it somewhere else, you will need to get perl to look for it where you installed it. If you haven't installed the module, it won't work until you do. ok right I just saw that my Admin.pm perl module is in /usr/perl5/site_perl/5.6.1/sun4-solaris-64int/Cyrus/IMAP/Admin.pm so in the file funclib.pl from Websieve I've changed the following line: use IMAP::Admin; to use Cyrus::IMAP:Admin; and I got further but now it's complaining that it cannot find IMAP/Sieve.pm and I am 100% sure this file is NOT part of Cyrus IMAPD at least not 2.1.11. Do you know where I can find it maybe ? This Websieve thing really looks old :( Regards
Re: Websieve and Cyrus 2.1.11
[EMAIL PROTECTED] wrote: I am currently trying to make Websieve run with my Cyrus 2.1.11 installation. Unfortunately this doesn't work as well as planned, I copied the files to my cgi-bin directory but now when I run http://mailserver/cgi-bin/websieve.pl I get the following error: Received a program error! Error: Can't locate IMAP/Admin.pm in @INC (@INC contains: /usr/perl5/5.6.1/lib/sun4-solaris-64int /usr/perl5/5.6.1/lib /usr/perl5/site_perl/5.6.1/sun4-solaris-64int /usr/perl5/site_perl/5.6.1 /usr/perl5/site_perl /usr/perl5/vendor_perl/5.6.1/sun4-solaris-64int /usr/perl5/vendor_perl/5.6.1 /usr/perl5/vendor_perl .) at ./funclib.pl line 5. BEGIN failed--compilation aborted at ./funclib.pl line 5. Compilation failed in require at /opt/wmapache/cgi-bin/websieve.pl line 53. BEGIN failed--compilation aborted at /opt/wmapache/cgi-bin/websieve.pl line 64. Any ideas ? I also remarked that websieve is a bit old, I think more than 1 year old, do I maybe need to patch something to make it work ? Or maybe do you have any alternatives for a web interface especially for vacation (must be LDAP capable). perl is telling you precisely what the problem is -- it is looking for the file IMAP/Admin.pm (ie, the perl module IMAP::Admin), and it can't find it in any of the directories listed. If you installed it somewhere else, you will need to get perl to look for it where you installed it. If you haven't installed the module, it won't work until you do. -- John A. Tamplin Unix System Administrator Emory University, School of Public Health +1 404/727-9931
Re: Which DB backend to use
It's definately a FAQ that I generally answer by pointing people to the archives. for example: http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrusmsg=15407 -Rob On Thu, 16 Jan 2003, Chris Scott wrote: I've seen the advice of many on the list of using skiplist format for mboxlist but does anyone have recommendations for duplicate, seen, subs, and tls? Is there a standard answer or is this one of those 'depends on what you are doing' questions? Thanks, Chris Scott -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: Websieve and Cyrus 2.1.11
[EMAIL PROTECTED] wrote: ok right I just saw that my Admin.pm perl module is in /usr/perl5/site_perl/5.6.1/sun4-solaris-64int/Cyrus/IMAP/Admin.pm so in the file funclib.pl from Websieve I've changed the following line: use IMAP::Admin; to use Cyrus::IMAP:Admin; and I got further but now it's complaining that it cannot find IMAP/Sieve.pm and I am 100% sure this file is NOT part of Cyrus IMAPD at least not 2.1.11. Do you know where I can find it maybe ? This Websieve thing really looks old :( If you want to use the Cyrus version of those modules, the name for that one is Cyrus::SIEVE::managesieve. It looks like you are using funclib.pl rather than funclib.cyrus -- the readme.txt file explains that either you need to use funclib.cyrus and use the internal Cyrus modules, or you need to install IMAP::Admin and IMAP::Sieve. The readme also tells you where to find those files if you don't want to use the Cyrus modules. As far as really old, there are many programs on my system which haven't been updated as recently as a September 2001, which is the date on websieve. -- John A. Tamplin Unix System Administrator Emory University, School of Public Health +1 404/727-9931
Re: Websieve and Cyrus 2.1.11
If you want to use the Cyrus version of those modules, the name for that one is Cyrus::SIEVE::managesieve. It looks like you are using funclib.pl rather than funclib.cyrus -- the readme.txt file explains that either you need to use funclib.cyrus and use the internal Cyrus modules, or you need to install IMAP::Admin and IMAP::Sieve. The readme also tells you where to find those files if you don't want to use the Cyrus modules. Sorry bout that, I messed up my doc, I read it to quickly :) Now it works, looks like I will need to patch it a bit to support virtual domains but already brings up an interface, will go and test it now. As far as really old, there are many programs on my system which haven't been updated as recently as a September 2001, which is the date on websieve. Strange, strange world... Regards
Websieve - vacation
Hi again, I managed to install websieve and just tested the vacation part, it does it's work by installing a default script in sieve and activating it, but unfortunately it doesn't seem to work. Here is the script that websieve generated me (from the file /var/cyrus/sieve/m/marc/default.script): # Mail rules for user marc # Created by Websieve version 0.61h require [fileinto,vacation]; vacation :days 1 :addresses [[EMAIL PROTECTED]] text: Autogenerated Message: This is a test vacation message werioweuroiweur weriuowerio werwer . ; ##PSEUDO script start #vacation1[EMAIL PROTECTED] ewriuweioruwer\nweioruweoiru\n\nwerwer\nxx\non #modebasic The script looks allright and it's active, what else can I check or test ? Regards
