Re: upgrade from Cyrus 2.1.15 to cyrus 2.2.3 breaks LDAP auxprop authentication.

2004-02-11 Thread Igor Brezac


On Wed, 11 Feb 2004, Edward Rudd wrote:

> OpenLDAP 2.1.22, LDAP AuxProp CVS release 1.1.2.3, I had tried updating
> to a newer release but it broke things due to the handling of the LDAP
> v4 PROXY_AUTHZ control in openldap (you directed me to the bug report
> about it), Cyrus SASL 2.1.15 (2.1.17 causes SLAPD to crash completely).
> sample client and server work fine, as does postfix. It's just cyrus
> IMAPd 2.2.3.

Your cyrus.c looks good.  My guess is that if you debug ldapdb.c you'll
find 'no worthy mechs' error which means that the ldapdb auxprop is not
using your new libldap.

> What did they change from 2.1.x to 2.2.x? Can I roll back those changes?

I have to look, but my guess is that too many changes took place.  I can
write a quick patch for this, but the libldap fix works just as well.

>
> On Wed, 2004-02-11 at 19:51, Igor Brezac wrote:
> > Hmm... Can you email me your libraries/libldap/cyrus.c?  What version of
> > openldap do you use?  I use the latest ldapdb  auxprop and
> > OPENLDAP_REL_ENG_2_1 (which is 2.1.26 + some patches)
> > Does ldapdb auxprop work with sample(client|server)?
> >
> > -Igor
> >
> > On Wed, 11 Feb 2004, Edward Rudd wrote:
> >
> > > OK I patched my OpenLDAP and recompiled, installed restarted postfix,
> > > cyrus imapd, and started up ldap. And it still retuns "user not found"
> > > when I try to login to cyrus imap. But the auth.log now shows something
> > > different..
> > > --- auth.log ---
> > > Feb 11 19:19:46 devel imtest: DIGEST-MD5 client step 2
> > > Feb 11 19:19:53 devel imtest: DIGEST-MD5 client step 2
> > > Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 server step 2
> > > Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2
> > > Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2
> > > Feb 11 19:19:53 devel imap[2282]: bad userid authenticated
> > > Feb 11 19:19:53 devel imap[2282]: no secret in database
> > > 
> > > And my ldap.log shows this (loglevel 255)
> > > --- ldap.log ---
> > > Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12
> > > Feb 11 19:19:53 devel slapd[2053]: connection_get(12)
> > > Feb 11 19:19:53 devel slapd[2053]: connection_get(12): got connid=5
> > > Feb 11 19:19:53 devel slapd[2053]: connection_read(12): checking for
> > > input on id=5
> > > Feb 11 19:19:53 devel slapd[2053]: ber_get_next on fd 12 failed errno=11
> > > (Resource temporarily unavailable)
> > > Feb 11 19:19:53 devel slapd[2065]: connection_operation: error: SASL
> > > bind in progress (tag=66).
> > > Feb 11 19:19:53 devel slapd[2053]: daemon: select: listen=6
> > > active_threads=1 tvp=NULL
> > > Feb 11 19:19:53 devel slapd[2065]: send_ldap_result: conn=5 op=1 p=3
> > > Feb 11 19:19:53 devel slapd[2053]: daemon: activity on 1 descriptors
> > > Feb 11 19:19:53 devel slapd[2065]: send_ldap_result: err=1 matched=""
> > > text="SASL bind in progress"
> > > Feb 11 19:19:53 devel slapd[2053]: daemon: activity on:
> > > Feb 11 19:19:53 devel slapd[2065]: send_ldap_response: msgid=0 tag=48
> > > err=1
> > > Feb 11 19:19:53 devel slapd[2053]:  12r
> > > Feb 11 19:19:53 devel slapd[2065]: connection_closing: readying conn=5
> > > sd=12 for close
> > > Feb 11 19:19:53 devel slapd[2053]:
> > > Feb 11 19:19:53 devel slapd[2065]: connection_resched: attempting
> > > closing conn=5 sd=12
> > > Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12
> > > Feb 11 19:19:53 devel slapd[2065]: connection_close: conn=5 sd=12
> > > Feb 11 19:19:53 devel slapd[2065]: daemon: removing 12
> > > Feb 11 19:19:53 devel slapd[2053]: connection_get(12)
> > > Feb 11 19:19:53 devel slapd[2053]: connection_get(12): connection not
> > > used
> > > Feb 11 19:19:53 devel slapd[2053]: connection_read(12): no connection!
> > > Feb 11 19:19:53 devel slapd[2053]: daemon: removing 12
> > > Feb 11 19:19:53 devel slapd[2053]: daemon: closing 12
> > >
> > > On Wed, 2004-02-11 at 07:56, Igor Brezac wrote:
> > > > Check
> > > > http://www.openldap.org/its/index.cgi/Software%20Bugs?id=2926;selectid=2926
> > > >
> > > > Cyrus-imap needs to be fixed, but it was easier to change openldap api.
> > > >
> > > > -Igor
> > > >
> > > > On Wed, 11 Feb 2004, Edward Rudd wrote:
> > > >
> > > > > I'm using the ldapdb auxprop plugin that comes with OpenLDAP 2.1.22 with
> > > > > cyrus sasl 2.1.15, which works perfectly with the sasl2 sample server
> > > > > and client programs, postfix 1.1.12, postfix 2.0.16, and cyrus imapd
> > > > > 2.1.13 to cyrus imapd 2.1.15..   However when I upgraded to cyrus imapd
> > > > > 2.2.3 (all of these are using Simon Matter's wonderful RPMS), I always
> > > > > get user not found when trying to login as any user.. (fully qualified
> > > > > user like [EMAIL PROTECTED] or the "cyrus" admin user).
> > > > >
> > > > > And my ldap logs show nothing going on.. literally.. I see a connection
> > > > > coming in from sasl, and then disconnecting.. no other activity is
> > > > > logged. And I have the loglevel for openldap set to 255.
> > > > >
> > > > > My auth.l

[Fwd: Re: serious over quota problem]

2004-02-11 Thread Joao Pedras
The cc: didn't seem to work so here it goes.

 Original Message 
Subject: 	Re: serious over quota problem
Date: 	Wed, 11 Feb 2004 11:19:57 -0800
From: 	Joao Pedras <[EMAIL PROTECTED]>
To: 	David R Bosso <[EMAIL PROTECTED]>
CC: 	[EMAIL PROTECTED]
References: 	<[EMAIL PROTECTED]> 
<[EMAIL PROTECTED]> <[EMAIL PROTECTED]> 
<[EMAIL PROTECTED]>



So one possible solution for the problem would be to create separate 
quotas for the
sub-folders, instead of dealing with one massive quota root.

Would this be correct?

David R Bosso wrote:

See:

Cyrus IMAP uses a 32bit int to store quota in bytes internally, this 
causes problems with large quotas.  While the bug says 2GB, from what 
I saw in the code a while back it's an unsigned long which should max 
out at 4GB.

Can one of the developers clarify 2/4GB as the maximum?

-David

--On Tuesday, February 10, 2004 4:36 PM -0800 Joao Pedras 
<[EMAIL PROTECTED]> wrote:

Hello Ken,

Ken Murchison wrote:

Joao Pedras wrote:

Hi all!

I have this user's box which is NOT over quota but Cyrus insists on
saying that it is to sendmail. Also
I am not able to drag messages into it.
I have ran 'reconstruct' on the the folder with '-r -f' and 'cyrquota
-f' also. I have increased/decreased the quota...
The problem does not go away.

Could someone please provide some insight on this issue?


How do you know for a fact that the user is not over quota?


Well... the a 'du' on the filesystem shows the usage around 2Gb. The
quota root was
set to 5,000,000. Plus 'cyrquota' would report around 40% usage which
agrees with
the number I just gave you.
Keep in mind that a quotaroot includes ALL submailboxes.


And that is the reason why I check 'du' on filesystem folder.

  Are there \Deleted messages which have not been expunged?


Not quite sure. Wouldn't these count?

  Is the MUA using a Trash folder?


In the user's inbox? Yes, but that one is empty. Wouldn't that also add
up to the
quota root?
Two additional details:
1) it's cyrus 2.0.17
2)  I attempted to set the quota to 50,000,000 and the problem went 
away.
With that
quota value the usage is down to 4%.

Thanks Ken!!!
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html





---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Re: SIEVE weirdness

2004-02-11 Thread Simon Matter
> A friend of mine has tried to get Cyrus 2.1.5 running on RHEL 3 and all
> works except sieve.
>
> Doing something like 'sieveshell -u cyrus -a cyrus' prompts for the
> password over and over.
>
> The error message I get is
> Feb  5 17:09:48 agentsmith timsieved[4172]: unable to open Berkeley db
> /etc/sasldb2: Invalid argument
> Feb  5 17:09:48 agentsmith timsieved[4172]: unable to open Berkeley db
> /etc/sasldb2: Invalid argument
> Feb  5 17:09:48 agentsmith timsieved[4172]: no secret in database
> Feb  5 17:09:48 agentsmith timsieved[4172]: badlogin:
> localhost.localdomain[127.0.0.1] DIGEST-MD5 authentication failure
>
> Seems like a problem with the auth method, but when I look in
> /etc/imapd.conf he's using saslauthd ...
>
> postmaster: postmaster
> configdirectory: /var/lib/imap/
> partition-default: /var/spool/imap
> admins: cyrus
> allowanonymouslogin: no
> allowplaintext: yes
> sasl_mech_list: PLAIN DIGEST-MD5 shadow pwcheck
  ^^^
What exactly do you want here? Since you are using saslauthd as
sasl_pwcheck_method, you very likely use PAM/shadow to authenticate. Then,
just use 'sasl_mech_list: PLAIN'. IIRC sieveshell is different from the
other cyrus tools when it comes to using different mechs. Of course you
need /etc/pam.d/sieve with proper config.

Simon

> servername: agentsmith.novussententia.com
> autocreatequota: 1
> reject8bit: no
> quotawarn: 90
> timeout: 30
> poptimeout: 10
> sasl_pwcheck_method: saslauthd
> sievedir: /usr/sieve
> sendmail: /usr/sbin/sendmail
> sieve_maxscriptsize: 32
> sieveuserhomedir: no
> sieve_maxscripts: 5
> tls_ca_file: /var/lib/imap/cacert.pem
> tls_cert_file: /var/lib/imap/server.crt
> tls_key_file: /var/lib/imap/server.key
>
> His cyrus.conf:
>
> START {
>   # do not delete this entry!
>   mboxlist  cmd="ctl_cyrusdb -r"
>   deliver   cmd="ctl_deliver -r"
>   recover   cmd="ctl_cyrusdb -r"
>
>   # this is only necessary if using idled for IMAP IDLE
> #  idledcmd="idled"
> }
>
> # UNIX sockets start with a slash and are put into /var/lib/imap/sockets
> SERVICES {
>   # add or remove based on preferences
>   imap  cmd="imapd" listen="imap" prefork=5
>   imaps cmd="imapd -s" listen="imaps" prefork=1
>   #pop3 cmd="pop3d" listen="pop3" prefork=3
>   #pop3scmd="pop3d -s" listen="pop3s" prefork=1
>   sieve cmd="timsieved" listen="localhost:sieve" prefork=0
>   lmtpunix  cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=0
>
>   # this is only necessary if using notifications
> #  notify   cmd="notifyd" listen="/var/lib/imap/socket/notify"
> proto="udp" prefork=1
> }
>
> EVENTS {
>   # this is required
>   checkpointcmd="ctl_cyrusdb -c" period=30
>
>   # this is only necessary if using duplicate delivery suppression
>   delprune  cmd="ctl_deliver -E 3" at=0400
>
>   # this is only necessary if caching TLS sessions
>   tlsprune  cmd="tls_prune" at=0400
>   squatter  cmd="squatter -r user" period=1440
> }
>
> He can login via IMAP just fine.  I even see in the logs where it accepts
> the password as type 'plain'.  Below is a strace where we try to
> authenticate via sieveshell.  I see it trying to open /etc/shadow, but not
> sasldb
>
> [pid  4163] <... accept resumed> {sa_family=AF_UNIX, [EMAIL PROTECTED], [2]) = 7
> [pid  4163] fcntl64(6, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0,
> len=1} 
> [pid  4162] <... fcntl64 resumed> ) = 0
> [pid  4163] <... fcntl64 resumed> ) = 0
> [pid  4162] accept(5,  
> [pid  4163] read(7, "\0\6", 2)  = 2
> [pid  4163] read(7, "csmith", 6)= 6
> [pid  4163] read(7, "\0\5", 2)  = 2
> [pid  4163] read(7, "fr00t", 5) = 5
> [pid  4163] read(7, "\0\4", 2)  = 2
> [pid  4163] read(7, "smtp", 4)  = 4
> [pid  4163] read(7, "\0\0", 2)  = 2
> [pid  4163] socket(PF_UNIX, SOCK_STREAM, 0) = 8
> [pid  4163] connect(8, {sa_family=AF_UNIX, path="/var/run/.nscd_socket"},
> 110) = -1 ENOENT (No such file or directory)
> [pid  4163] close(8)= 0
> [pid  4163] open("/etc/nsswitch.conf", O_RDONLY) = 8
> [pid  4163] fstat64(8, {st_mode=S_IFREG|0644, st_size=1686, ...}) = 0
> [pid  4163] mmap2(NULL, 4096, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb75ea000
> [pid  4163] read(8, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1686
> [pid  4163] read(8, "", 4096)   = 0
> [pid  4163] close(8)= 0
> [pid  4163] munmap(0xb75ea000, 4096)= 0
> [pid  4163] open("/etc/ld.so.cache", O_RDONLY) = 8
> [pid  4163] fstat64(8, {st_mode=S_IFREG|0644, st_size=38297, ...}) = 0
> [pid  4163] old_mmap(NULL, 38297, PROT_READ, MAP_PRIVATE, 8, 0) =
> 0xb75e1000
> [pid  4163] close(8)= 0
> [pid  4163] open("/lib/libnss_files.so.2", O_RDONLY) = 8
> [pid  4163] read(8,
> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\\35\0"..., 512) = 512
> [pid  4163] fstat64(8, {st_mode=S_IFREG|07

cyrus-imapd-2.2.x and web-cyradm+pam_mysql+saslauthd?

2004-02-11 Thread Khalid Mehmood
Does web-cyradm + mysql + pam_mysql +
cyrus-imapd-2.2.3-4 combination work anymore, or
should I change the authentication mechanism? Any help
would be greatly appreciated.

Thanks

Khan  

__
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online.
http://taxes.yahoo.com/filing.html
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


RE: upgrade from Cyrus 2.1.15 to cyrus 2.2.3 breaks LDAPauxpropauthentication.

2004-02-11 Thread Howard Chu
It looks like the ldapdb plugin sent an Unbind immediately after sending the
first SASL Bind request. It seems that the SASL client library didn't like
the challenge it got from the slapd server. At this point it would have been
helpful to enable LDAP debugging in the ldapdb plugin, but I never coded an
option to do that. You could hardcode a call to ldap_set_option() to enable
this yourself. You'll also need to add a call to extract the error message
string so you can see whatever message the SASL library produced. Or you
could file an enhancement request in the OpenLDAP ITS suggesting some that a
debug option be added... At any rate, this is only going to tell you that
something went wrong inside the SASL library, and whatever that problem is
will still need to be fixed.

  -- Howard Chu
  Chief Architect, Symas Corp.   Director, Highland Sun
  http://www.symas.com   http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Edward Rudd
> Sent: Wednesday, February 11, 2004 6:54 PM
> To: Howard Chu
> Cc: 'Igor Brezac'; 'Cyrus-SASL'; 'Cyrus-IMAP'
> Subject: RE: upgrade from Cyrus 2.1.15 to cyrus 2.2.3 breaks
> LDAPauxpropauthentication.
>
>
> Here is the "nohup slapd -d 255" file. and the entries from auth.log
> when running
> "imtest -a cyrus -u cyrus -m login devel"
>
> Feb 11 20:48:13 devel slapd[2927]: auxpropfunc error -7
> Feb 11 20:48:13 devel slapd[2927]: _sasl_plugin_load failed on
> sasl_auxprop_plug_init for plugin: ldapdb
> Feb 11 20:48:20 devel imap[2922]: DIGEST-MD5 client step 2
> Feb 11 20:48:20 devel imap[2922]: DIGEST-MD5 client step 2
> Feb 11 20:48:20 devel imap[2922]: bad userid authenticated
>
> There is no step 1 in there.. How odd..
>
> On Wed, 2004-02-11 at 19:58, Howard Chu wrote:
> > > -Original Message-
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] Behalf
> Of Edward Rudd
> >
> > > OK I patched my OpenLDAP and recompiled, installed
> restarted postfix,
> > > cyrus imapd, and started up ldap. And it still retuns
> "user not found"
> > > when I try to login to cyrus imap. But the auth.log now shows
> > > something different..
> > > --- auth.log ---
> > > Feb 11 19:19:46 devel imtest: DIGEST-MD5 client step 2
> > > Feb 11 19:19:53 devel imtest: DIGEST-MD5 client step 2
> > > Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 server step 2
> > > Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2
> > > Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2
> > > Feb 11 19:19:53 devel imap[2282]: bad userid authenticated
> > > Feb 11 19:19:53 devel imap[2282]: no secret in database
> > > 
> >
> > What happened to step 1?
> >
> > > And my ldap.log shows this (loglevel 255)
> > > --- ldap.log ---
> > > Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12
> > > Feb 11 19:19:53 devel slapd[2053]: connection_get(12)
> > > Feb 11 19:19:53 devel slapd[2053]: connection_get(12):
> got connid=5
> > > Feb 11 19:19:53 devel slapd[2053]: connection_read(12):
> checking for
> > > input on id=5
> >
> > OpenLDAP's syslog output is not useful for debugging; it's
> mainly for
> > reporting normal operational status. You need to run slapd
> in debug mode and
> > save the output from stderr when you actually want to chase a bug.
> >
> > In this case, both your auth.log and your ldap.log indicate
> that a SASL Bind
> > has been performed in an improper sequence (i.e., step 1
> doesn't appear in
> > the log, and it seems that some other request has been made
> before the SASL
> > Bind properly completed.). To see exactly what happened,
> you'll need the
> > debug trace from slapd.
> >
> >   -- Howard Chu
> >   Chief Architect, Symas Corp.   Director, Highland Sun
> >   http://www.symas.com   http://highlandsun.com/hyc
> >   Symas: Premier OpenSource Development and Support
> >
> --
> Edward Rudd <[EMAIL PROTECTED]>
> Website http://outoforder.cc/
>

---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


RE: upgrade from Cyrus 2.1.15 to cyrus 2.2.3 breaks LDAP auxpropauthentication.

2004-02-11 Thread Edward Rudd
Here is the "nohup slapd -d 255" file. and the entries from auth.log
when running
"imtest -a cyrus -u cyrus -m login devel"

Feb 11 20:48:13 devel slapd[2927]: auxpropfunc error -7 
Feb 11 20:48:13 devel slapd[2927]: _sasl_plugin_load failed on
sasl_auxprop_plug_init for plugin: ldapdb 
Feb 11 20:48:20 devel imap[2922]: DIGEST-MD5 client step 2
Feb 11 20:48:20 devel imap[2922]: DIGEST-MD5 client step 2
Feb 11 20:48:20 devel imap[2922]: bad userid authenticated

There is no step 1 in there.. How odd..

On Wed, 2004-02-11 at 19:58, Howard Chu wrote:
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] Behalf Of Edward Rudd
> 
> > OK I patched my OpenLDAP and recompiled, installed restarted postfix,
> > cyrus imapd, and started up ldap. And it still retuns "user not found"
> > when I try to login to cyrus imap. But the auth.log now shows
> > something different..
> > --- auth.log ---
> > Feb 11 19:19:46 devel imtest: DIGEST-MD5 client step 2
> > Feb 11 19:19:53 devel imtest: DIGEST-MD5 client step 2
> > Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 server step 2
> > Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2
> > Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2
> > Feb 11 19:19:53 devel imap[2282]: bad userid authenticated
> > Feb 11 19:19:53 devel imap[2282]: no secret in database
> > 
> 
> What happened to step 1?
> 
> > And my ldap.log shows this (loglevel 255)
> > --- ldap.log ---
> > Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12
> > Feb 11 19:19:53 devel slapd[2053]: connection_get(12)
> > Feb 11 19:19:53 devel slapd[2053]: connection_get(12): got connid=5
> > Feb 11 19:19:53 devel slapd[2053]: connection_read(12): checking for
> > input on id=5
> 
> OpenLDAP's syslog output is not useful for debugging; it's mainly for
> reporting normal operational status. You need to run slapd in debug mode and
> save the output from stderr when you actually want to chase a bug.
> 
> In this case, both your auth.log and your ldap.log indicate that a SASL Bind
> has been performed in an improper sequence (i.e., step 1 doesn't appear in
> the log, and it seems that some other request has been made before the SASL
> Bind properly completed.). To see exactly what happened, you'll need the
> debug trace from slapd.
> 
>   -- Howard Chu
>   Chief Architect, Symas Corp.   Director, Highland Sun
>   http://www.symas.com   http://highlandsun.com/hyc
>   Symas: Premier OpenSource Development and Support
> 
-- 
Edward Rudd <[EMAIL PROTECTED]>
Website http://outoforder.cc/


ldaplog.gz
Description: GNU Zip compressed data


Re: upgrade from Cyrus 2.1.15 to cyrus 2.2.3 breaks LDAP auxprop authentication.

2004-02-11 Thread Edward Rudd
OpenLDAP 2.1.22, LDAP AuxProp CVS release 1.1.2.3, I had tried updating
to a newer release but it broke things due to the handling of the LDAP
v4 PROXY_AUTHZ control in openldap (you directed me to the bug report
about it), Cyrus SASL 2.1.15 (2.1.17 causes SLAPD to crash completely).
sample client and server work fine, as does postfix. It's just cyrus
IMAPd 2.2.3.
What did they change from 2.1.x to 2.2.x? Can I roll back those changes?

On Wed, 2004-02-11 at 19:51, Igor Brezac wrote:
> Hmm... Can you email me your libraries/libldap/cyrus.c?  What version of
> openldap do you use?  I use the latest ldapdb  auxprop and
> OPENLDAP_REL_ENG_2_1 (which is 2.1.26 + some patches)
> Does ldapdb auxprop work with sample(client|server)?
> 
> -Igor
> 
> On Wed, 11 Feb 2004, Edward Rudd wrote:
> 
> > OK I patched my OpenLDAP and recompiled, installed restarted postfix,
> > cyrus imapd, and started up ldap. And it still retuns "user not found"
> > when I try to login to cyrus imap. But the auth.log now shows something
> > different..
> > --- auth.log ---
> > Feb 11 19:19:46 devel imtest: DIGEST-MD5 client step 2
> > Feb 11 19:19:53 devel imtest: DIGEST-MD5 client step 2
> > Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 server step 2
> > Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2
> > Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2
> > Feb 11 19:19:53 devel imap[2282]: bad userid authenticated
> > Feb 11 19:19:53 devel imap[2282]: no secret in database
> > 
> > And my ldap.log shows this (loglevel 255)
> > --- ldap.log ---
> > Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12
> > Feb 11 19:19:53 devel slapd[2053]: connection_get(12)
> > Feb 11 19:19:53 devel slapd[2053]: connection_get(12): got connid=5
> > Feb 11 19:19:53 devel slapd[2053]: connection_read(12): checking for
> > input on id=5
> > Feb 11 19:19:53 devel slapd[2053]: ber_get_next on fd 12 failed errno=11
> > (Resource temporarily unavailable)
> > Feb 11 19:19:53 devel slapd[2065]: connection_operation: error: SASL
> > bind in progress (tag=66).
> > Feb 11 19:19:53 devel slapd[2053]: daemon: select: listen=6
> > active_threads=1 tvp=NULL
> > Feb 11 19:19:53 devel slapd[2065]: send_ldap_result: conn=5 op=1 p=3
> > Feb 11 19:19:53 devel slapd[2053]: daemon: activity on 1 descriptors
> > Feb 11 19:19:53 devel slapd[2065]: send_ldap_result: err=1 matched=""
> > text="SASL bind in progress"
> > Feb 11 19:19:53 devel slapd[2053]: daemon: activity on:
> > Feb 11 19:19:53 devel slapd[2065]: send_ldap_response: msgid=0 tag=48
> > err=1
> > Feb 11 19:19:53 devel slapd[2053]:  12r
> > Feb 11 19:19:53 devel slapd[2065]: connection_closing: readying conn=5
> > sd=12 for close
> > Feb 11 19:19:53 devel slapd[2053]:
> > Feb 11 19:19:53 devel slapd[2065]: connection_resched: attempting
> > closing conn=5 sd=12
> > Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12
> > Feb 11 19:19:53 devel slapd[2065]: connection_close: conn=5 sd=12
> > Feb 11 19:19:53 devel slapd[2065]: daemon: removing 12
> > Feb 11 19:19:53 devel slapd[2053]: connection_get(12)
> > Feb 11 19:19:53 devel slapd[2053]: connection_get(12): connection not
> > used
> > Feb 11 19:19:53 devel slapd[2053]: connection_read(12): no connection!
> > Feb 11 19:19:53 devel slapd[2053]: daemon: removing 12
> > Feb 11 19:19:53 devel slapd[2053]: daemon: closing 12
> >
> > On Wed, 2004-02-11 at 07:56, Igor Brezac wrote:
> > > Check
> > > http://www.openldap.org/its/index.cgi/Software%20Bugs?id=2926;selectid=2926
> > >
> > > Cyrus-imap needs to be fixed, but it was easier to change openldap api.
> > >
> > > -Igor
> > >
> > > On Wed, 11 Feb 2004, Edward Rudd wrote:
> > >
> > > > I'm using the ldapdb auxprop plugin that comes with OpenLDAP 2.1.22 with
> > > > cyrus sasl 2.1.15, which works perfectly with the sasl2 sample server
> > > > and client programs, postfix 1.1.12, postfix 2.0.16, and cyrus imapd
> > > > 2.1.13 to cyrus imapd 2.1.15..   However when I upgraded to cyrus imapd
> > > > 2.2.3 (all of these are using Simon Matter's wonderful RPMS), I always
> > > > get user not found when trying to login as any user.. (fully qualified
> > > > user like [EMAIL PROTECTED] or the "cyrus" admin user).
> > > >
> > > > And my ldap logs show nothing going on.. literally.. I see a connection
> > > > coming in from sasl, and then disconnecting.. no other activity is
> > > > logged. And I have the loglevel for openldap set to 255.
> > > >
> > > > My auth.log shows "no worthy mechs found" and nothing in my imapd.log
> > > >
> > > > What changed in relation to SASL configuration from Cyrus IMAPD 2.1.x to
> > > > 2.2.x??
> > > >
> > > > Here is my relavent imapd.conf
> > > >
> > > > sasl_pwcheck_method: auxprop
> > > > sasl_auxprop_plugin: ldapdb
> > > > sasl_mech_list:  plain digest-md5 cram-md5 ntlm
> > > >
> > > > sasl_ldapdb_uri: ldap:///
> > > > sasl_ldapdb_id: auxprop_user
> > > > sasl_ldapdb_pw: password_for_said_user
> > > > sasl_ldapdb_mech: DIGEST-MD5
> > > >
> > > > Which

RE: upgrade from Cyrus 2.1.15 to cyrus 2.2.3 breaks LDAP auxpropauthentication.

2004-02-11 Thread Edward Rudd
Step one is there just before the imtest: DIGEST-MD5 client step 2..
forgot to copy it in there..


On Wed, 2004-02-11 at 19:58, Howard Chu wrote:
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] Behalf Of Edward Rudd
> 
> > OK I patched my OpenLDAP and recompiled, installed restarted postfix,
> > cyrus imapd, and started up ldap. And it still retuns "user not found"
> > when I try to login to cyrus imap. But the auth.log now shows
> > something different..
> > --- auth.log ---
> > Feb 11 19:19:46 devel imtest: DIGEST-MD5 client step 2
> > Feb 11 19:19:53 devel imtest: DIGEST-MD5 client step 2
> > Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 server step 2
> > Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2
> > Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2
> > Feb 11 19:19:53 devel imap[2282]: bad userid authenticated
> > Feb 11 19:19:53 devel imap[2282]: no secret in database
> > 
> 
> What happened to step 1?
> 
> > And my ldap.log shows this (loglevel 255)
> > --- ldap.log ---
> > Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12
> > Feb 11 19:19:53 devel slapd[2053]: connection_get(12)
> > Feb 11 19:19:53 devel slapd[2053]: connection_get(12): got connid=5
> > Feb 11 19:19:53 devel slapd[2053]: connection_read(12): checking for
> > input on id=5
> 
> OpenLDAP's syslog output is not useful for debugging; it's mainly for
> reporting normal operational status. You need to run slapd in debug mode and
> save the output from stderr when you actually want to chase a bug.
> 
> In this case, both your auth.log and your ldap.log indicate that a SASL Bind
> has been performed in an improper sequence (i.e., step 1 doesn't appear in
> the log, and it seems that some other request has been made before the SASL
> Bind properly completed.). To see exactly what happened, you'll need the
> debug trace from slapd.
> 
>   -- Howard Chu
>   Chief Architect, Symas Corp.   Director, Highland Sun
>   http://www.symas.com   http://highlandsun.com/hyc
>   Symas: Premier OpenSource Development and Support
> 
-- 
Edward Rudd <[EMAIL PROTECTED]>
Website http://outoforder.cc/

---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Re: upgrade from Cyrus 2.1.15 to cyrus 2.2.3 breaks LDAP auxprop authentication.

2004-02-11 Thread Igor Brezac

Hmm... Can you email me your libraries/libldap/cyrus.c?  What version of
openldap do you use?  I use the latest ldapdb  auxprop and
OPENLDAP_REL_ENG_2_1 (which is 2.1.26 + some patches)
Does ldapdb auxprop work with sample(client|server)?

-Igor

On Wed, 11 Feb 2004, Edward Rudd wrote:

> OK I patched my OpenLDAP and recompiled, installed restarted postfix,
> cyrus imapd, and started up ldap. And it still retuns "user not found"
> when I try to login to cyrus imap. But the auth.log now shows something
> different..
> --- auth.log ---
> Feb 11 19:19:46 devel imtest: DIGEST-MD5 client step 2
> Feb 11 19:19:53 devel imtest: DIGEST-MD5 client step 2
> Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 server step 2
> Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2
> Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2
> Feb 11 19:19:53 devel imap[2282]: bad userid authenticated
> Feb 11 19:19:53 devel imap[2282]: no secret in database
> 
> And my ldap.log shows this (loglevel 255)
> --- ldap.log ---
> Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12
> Feb 11 19:19:53 devel slapd[2053]: connection_get(12)
> Feb 11 19:19:53 devel slapd[2053]: connection_get(12): got connid=5
> Feb 11 19:19:53 devel slapd[2053]: connection_read(12): checking for
> input on id=5
> Feb 11 19:19:53 devel slapd[2053]: ber_get_next on fd 12 failed errno=11
> (Resource temporarily unavailable)
> Feb 11 19:19:53 devel slapd[2065]: connection_operation: error: SASL
> bind in progress (tag=66).
> Feb 11 19:19:53 devel slapd[2053]: daemon: select: listen=6
> active_threads=1 tvp=NULL
> Feb 11 19:19:53 devel slapd[2065]: send_ldap_result: conn=5 op=1 p=3
> Feb 11 19:19:53 devel slapd[2053]: daemon: activity on 1 descriptors
> Feb 11 19:19:53 devel slapd[2065]: send_ldap_result: err=1 matched=""
> text="SASL bind in progress"
> Feb 11 19:19:53 devel slapd[2053]: daemon: activity on:
> Feb 11 19:19:53 devel slapd[2065]: send_ldap_response: msgid=0 tag=48
> err=1
> Feb 11 19:19:53 devel slapd[2053]:  12r
> Feb 11 19:19:53 devel slapd[2065]: connection_closing: readying conn=5
> sd=12 for close
> Feb 11 19:19:53 devel slapd[2053]:
> Feb 11 19:19:53 devel slapd[2065]: connection_resched: attempting
> closing conn=5 sd=12
> Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12
> Feb 11 19:19:53 devel slapd[2065]: connection_close: conn=5 sd=12
> Feb 11 19:19:53 devel slapd[2065]: daemon: removing 12
> Feb 11 19:19:53 devel slapd[2053]: connection_get(12)
> Feb 11 19:19:53 devel slapd[2053]: connection_get(12): connection not
> used
> Feb 11 19:19:53 devel slapd[2053]: connection_read(12): no connection!
> Feb 11 19:19:53 devel slapd[2053]: daemon: removing 12
> Feb 11 19:19:53 devel slapd[2053]: daemon: closing 12
>
> On Wed, 2004-02-11 at 07:56, Igor Brezac wrote:
> > Check
> > http://www.openldap.org/its/index.cgi/Software%20Bugs?id=2926;selectid=2926
> >
> > Cyrus-imap needs to be fixed, but it was easier to change openldap api.
> >
> > -Igor
> >
> > On Wed, 11 Feb 2004, Edward Rudd wrote:
> >
> > > I'm using the ldapdb auxprop plugin that comes with OpenLDAP 2.1.22 with
> > > cyrus sasl 2.1.15, which works perfectly with the sasl2 sample server
> > > and client programs, postfix 1.1.12, postfix 2.0.16, and cyrus imapd
> > > 2.1.13 to cyrus imapd 2.1.15..   However when I upgraded to cyrus imapd
> > > 2.2.3 (all of these are using Simon Matter's wonderful RPMS), I always
> > > get user not found when trying to login as any user.. (fully qualified
> > > user like [EMAIL PROTECTED] or the "cyrus" admin user).
> > >
> > > And my ldap logs show nothing going on.. literally.. I see a connection
> > > coming in from sasl, and then disconnecting.. no other activity is
> > > logged. And I have the loglevel for openldap set to 255.
> > >
> > > My auth.log shows "no worthy mechs found" and nothing in my imapd.log
> > >
> > > What changed in relation to SASL configuration from Cyrus IMAPD 2.1.x to
> > > 2.2.x??
> > >
> > > Here is my relavent imapd.conf
> > >
> > > sasl_pwcheck_method: auxprop
> > > sasl_auxprop_plugin: ldapdb
> > > sasl_mech_list:  plain digest-md5 cram-md5 ntlm
> > >
> > > sasl_ldapdb_uri: ldap:///
> > > sasl_ldapdb_id: auxprop_user
> > > sasl_ldapdb_pw: password_for_said_user
> > > sasl_ldapdb_mech: DIGEST-MD5
> > >
> > > Which is the same configuration as sample.conf (for the sample server
> > > and client) and smtpd.conf (for postfix). Except those files don't have
> > > the sasl_ prefix to the configuration directives..
> > >
> > >
>

-- 
Igor
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


RE: upgrade from Cyrus 2.1.15 to cyrus 2.2.3 breaks LDAP auxpropauthentication.

2004-02-11 Thread Howard Chu
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Edward Rudd

> OK I patched my OpenLDAP and recompiled, installed restarted postfix,
> cyrus imapd, and started up ldap. And it still retuns "user not found"
> when I try to login to cyrus imap. But the auth.log now shows
> something different..
> --- auth.log ---
> Feb 11 19:19:46 devel imtest: DIGEST-MD5 client step 2
> Feb 11 19:19:53 devel imtest: DIGEST-MD5 client step 2
> Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 server step 2
> Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2
> Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2
> Feb 11 19:19:53 devel imap[2282]: bad userid authenticated
> Feb 11 19:19:53 devel imap[2282]: no secret in database
> 

What happened to step 1?

> And my ldap.log shows this (loglevel 255)
> --- ldap.log ---
> Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12
> Feb 11 19:19:53 devel slapd[2053]: connection_get(12)
> Feb 11 19:19:53 devel slapd[2053]: connection_get(12): got connid=5
> Feb 11 19:19:53 devel slapd[2053]: connection_read(12): checking for
> input on id=5

OpenLDAP's syslog output is not useful for debugging; it's mainly for
reporting normal operational status. You need to run slapd in debug mode and
save the output from stderr when you actually want to chase a bug.

In this case, both your auth.log and your ldap.log indicate that a SASL Bind
has been performed in an improper sequence (i.e., step 1 doesn't appear in
the log, and it seems that some other request has been made before the SASL
Bind properly completed.). To see exactly what happened, you'll need the
debug trace from slapd.

  -- Howard Chu
  Chief Architect, Symas Corp.   Director, Highland Sun
  http://www.symas.com   http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Re: upgrade from Cyrus 2.1.15 to cyrus 2.2.3 breaks LDAP auxprop authentication.

2004-02-11 Thread Edward Rudd
OK I patched my OpenLDAP and recompiled, installed restarted postfix,
cyrus imapd, and started up ldap. And it still retuns "user not found"
when I try to login to cyrus imap. But the auth.log now shows something
different..
--- auth.log ---
Feb 11 19:19:46 devel imtest: DIGEST-MD5 client step 2
Feb 11 19:19:53 devel imtest: DIGEST-MD5 client step 2
Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 server step 2
Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2
Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2
Feb 11 19:19:53 devel imap[2282]: bad userid authenticated
Feb 11 19:19:53 devel imap[2282]: no secret in database

And my ldap.log shows this (loglevel 255)
--- ldap.log ---
Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12 
Feb 11 19:19:53 devel slapd[2053]: connection_get(12) 
Feb 11 19:19:53 devel slapd[2053]: connection_get(12): got connid=5 
Feb 11 19:19:53 devel slapd[2053]: connection_read(12): checking for
input on id=5 
Feb 11 19:19:53 devel slapd[2053]: ber_get_next on fd 12 failed errno=11
(Resource temporarily unavailable) 
Feb 11 19:19:53 devel slapd[2065]: connection_operation: error: SASL
bind in progress (tag=66). 
Feb 11 19:19:53 devel slapd[2053]: daemon: select: listen=6
active_threads=1 tvp=NULL 
Feb 11 19:19:53 devel slapd[2065]: send_ldap_result: conn=5 op=1 p=3 
Feb 11 19:19:53 devel slapd[2053]: daemon: activity on 1 descriptors 
Feb 11 19:19:53 devel slapd[2065]: send_ldap_result: err=1 matched=""
text="SASL bind in progress" 
Feb 11 19:19:53 devel slapd[2053]: daemon: activity on:
Feb 11 19:19:53 devel slapd[2065]: send_ldap_response: msgid=0 tag=48
err=1 
Feb 11 19:19:53 devel slapd[2053]:  12r
Feb 11 19:19:53 devel slapd[2065]: connection_closing: readying conn=5
sd=12 for close 
Feb 11 19:19:53 devel slapd[2053]:  
Feb 11 19:19:53 devel slapd[2065]: connection_resched: attempting
closing conn=5 sd=12 
Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12 
Feb 11 19:19:53 devel slapd[2065]: connection_close: conn=5 sd=12 
Feb 11 19:19:53 devel slapd[2065]: daemon: removing 12 
Feb 11 19:19:53 devel slapd[2053]: connection_get(12) 
Feb 11 19:19:53 devel slapd[2053]: connection_get(12): connection not
used 
Feb 11 19:19:53 devel slapd[2053]: connection_read(12): no connection! 
Feb 11 19:19:53 devel slapd[2053]: daemon: removing 12 
Feb 11 19:19:53 devel slapd[2053]: daemon: closing 12 

On Wed, 2004-02-11 at 07:56, Igor Brezac wrote:
> Check
> http://www.openldap.org/its/index.cgi/Software%20Bugs?id=2926;selectid=2926
> 
> Cyrus-imap needs to be fixed, but it was easier to change openldap api.
> 
> -Igor
> 
> On Wed, 11 Feb 2004, Edward Rudd wrote:
> 
> > I'm using the ldapdb auxprop plugin that comes with OpenLDAP 2.1.22 with
> > cyrus sasl 2.1.15, which works perfectly with the sasl2 sample server
> > and client programs, postfix 1.1.12, postfix 2.0.16, and cyrus imapd
> > 2.1.13 to cyrus imapd 2.1.15..   However when I upgraded to cyrus imapd
> > 2.2.3 (all of these are using Simon Matter's wonderful RPMS), I always
> > get user not found when trying to login as any user.. (fully qualified
> > user like [EMAIL PROTECTED] or the "cyrus" admin user).
> >
> > And my ldap logs show nothing going on.. literally.. I see a connection
> > coming in from sasl, and then disconnecting.. no other activity is
> > logged. And I have the loglevel for openldap set to 255.
> >
> > My auth.log shows "no worthy mechs found" and nothing in my imapd.log
> >
> > What changed in relation to SASL configuration from Cyrus IMAPD 2.1.x to
> > 2.2.x??
> >
> > Here is my relavent imapd.conf
> >
> > sasl_pwcheck_method: auxprop
> > sasl_auxprop_plugin: ldapdb
> > sasl_mech_list:  plain digest-md5 cram-md5 ntlm
> >
> > sasl_ldapdb_uri: ldap:///
> > sasl_ldapdb_id: auxprop_user
> > sasl_ldapdb_pw: password_for_said_user
> > sasl_ldapdb_mech: DIGEST-MD5
> >
> > Which is the same configuration as sample.conf (for the sample server
> > and client) and smtpd.conf (for postfix). Except those files don't have
> > the sasl_ prefix to the configuration directives..
> >
> >
-- 
Edward Rudd <[EMAIL PROTECTED]>
Website http://outoforder.cc/

---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


rename problems with murder

2004-02-11 Thread Mike Smith
I've pretty much got most of processes working, the problem that I am
having is that when I try to move a mail box from one backend to another
using rename. In cyradm the command that I used is
rename user.dragon user.dragon 2  
or 
rename user.dragon user.dragon mailbackend2.{mydomain}.com

 I get the error on the frontend:
 renamemailbox: Server(s) unavailable to complete operation

this happens if I try to move the mailbox between backends or partitions
on the same backend

the log that I get from the backend is:
Feb 11 16:53:53 mailbackend1 imap[15992]: login: mailfront1.bhfc.net
[10.4.9.3] cyrus PLAIN+TLS User logged in
Feb 11 16:53:53 mailbackend1 imap[15992]: getaddrinfo(2) failed: Name or
service not known
Feb 11 16:53:53 mailbackend1 imap[15992]: Could not move mailbox:
user.dragon, Initial backend connect failed


I can do cm, dm, lam, and sam on mailboxes just problems with rename

here is the ver info from cyradm

name   : Cyrus IMAPD
version: v2.2.3 2004/01/14 02:11:03
vendor : Project Cyrus
support-url: http://asg.web.cmu.edu/cyrus
os : Linux
os-version : 2.6.3-rc2
environment: Built w/Cyrus SASL 2.1.15
 Running w/Cyrus SASL 2.1.15
 Built w/Sleepycat Software: Berkeley DB 4.1.25: (October
24, 2003)
 Running w/Sleepycat Software: Berkeley DB 4.1.25: (October
24, 2003)
 Built w/OpenSSL 0.9.7a Feb 19 2003
 Running w/OpenSSL 0.9.7a Feb 19 2003
 CMU Sieve 2.2
 TCP Wrappers
 mmap = shared
 lock = fcntl
 nonblock = fcntl
 auth = unix
 idle = poll
backend-url:

any ideas?

Thanks


-- 
Mike Smith

---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Re: login problem

2004-02-11 Thread Christian Beilstein
> Hi,
>
> When try connect me from MUA in messages log through this error:
>
> Feb 11 17:11:40 mymachine imap(pam_unix)[3395]: could not identify user (from 
> getpwnam(user.domain.cl))
>
> Exist any way that cyrus take users created in mysql and not mapped over linux 
> users??

yes, there is a way (using pam): use the module pam_mysql (google knows where to find 
it ;-)

set in /etc/imapd.conf:

imapsasl_pwcheck_method: saslauthd

start:
saslauthd -a pam

and configure pam_mysql the way you want to use it, eg in /etc/pam.d/imap

#%PAM-1.0
auth sufficient pam_mysql.souser=username passwd=mysecret host=localhost 
db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=1 
logtable=log logmsgcolumn=msg
logusercolumn=user loghostcolumn=host
account  required   pam_mysql.souser=username passwd=mysecret host=localhost 
db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=1 
logtable=log logmsgcolumn=msg
logusercolumn=user loghostcolumn=host

I would recommend to read the Postfix-Cyrus-Web-cyradmin-Howto; i've taken my 
configuration from there (and im using SuSE8.2, so the paths are takem from there)

greez

Chris
>
> Thanks in advance.
>
> Arturo
>
> ---
> Home Page: http://asg.web.cmu.edu/cyrus
> Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html




---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Re: SIEVE weirdness

2004-02-11 Thread Stefan Nitz
dear listeners,
Am Mittwoch, 11. Februar 2004 15:34 schrieb Brian:
> Doing something like 'sieveshell -u cyrus -a cyrus' prompts for the
> password over and over.
Is there a file /etc/sasldb2 ?
If not create it with saslpasswd2 ... (see help)

peace & luck
Stefan


---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


login problem

2004-02-11 Thread Arturo Mardones
Hi,

When try connect me from MUA in messages log through this error:

Feb 11 17:11:40 mymachine imap(pam_unix)[3395]: could not identify user
(from getpwnam(user.domain.cl))

Exist any way that cyrus take users created in mysql and not mapped over
linux users??

Thanks in advance.

Arturo

---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


autentication problemq

2004-02-11 Thread Arturo Mardones
Hi!...

I cant autenticate to my imap... and found this mail...
> Meantime I found the source of the problem.
> Before I had started with src.rpm version I tried to install from
sources.
> A residue of this attempt was lmtpd deamon still running.
> To make long story short; postfix used one socket, cyrus listening an
other
> and all configuration files were pointing to new socket (of course).
> 
> How to detect ?
> 
> lsof -U|grep cyrus
> 
> cyrus-master and lmtpd should point to the same location.

Anyone can explain please??? If I use the command lsof...

master1652root   71u  unix 0xf793c080   1918
private/old-cyrus
master1652root   74u  unix 0xf7941080   1922 private/cyrus
master2792   cyrus5u  unix 0xc3ab7a80  16864 socket
master2792   cyrus   22u  unix 0xf3ebe080  16888
/var/imap/socket/lmtp

it really necessary that third line and fourth point to same location?
If answer is yes... how?

Thanks in advance...

Arturo

-Mensaje original-
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] En nombre de Andrew J
Caird
Enviado el: Miércoles, 11 de Febrero de 2004 13:41
Para: [EMAIL PROTECTED]
CC: Shelley Waltz
Asunto: Re: saslauthd and ldap and ??? pam

On Wed, 11 Feb 2004, Igor Brezac wrote:
>
> On Wed, 11 Feb 2004, Shelley Waltz wrote:
>
> > I am interested in knowing the difference and/or advantages
> > of the ways one can use ldap authentication with sasl.
> >
> > One way is to use saslauthd -a ldap, which uses the auth_ldap
> > module for saslauthd.
> >
> > Another way is to use saslauthd -a pam and then specify ldap
> > as the auth mechanism in the various pam.d services such as
> > smtp or imap.
> >
>
> saslauthd/ldap combination will give you better performance and in
general
> it is more stable.  Some pam implementations/modules leak memory.

  And without PAM it's one less layer to debug.  And you will be
debugging.  Cyrus IMAP and SASL are great, but they are not simple.
As always, Occam's Razor is a handy tool.  If you don't have a clear
need
for PAM integration with SASL, eliminate it.

  Good luck.
--
Andrew
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Re: saslauthd and ldap and ??? pam

2004-02-11 Thread Andrew J Caird
On Wed, 11 Feb 2004, Igor Brezac wrote:
>
> On Wed, 11 Feb 2004, Shelley Waltz wrote:
>
> > I am interested in knowing the difference and/or advantages
> > of the ways one can use ldap authentication with sasl.
> >
> > One way is to use saslauthd -a ldap, which uses the auth_ldap
> > module for saslauthd.
> >
> > Another way is to use saslauthd -a pam and then specify ldap
> > as the auth mechanism in the various pam.d services such as
> > smtp or imap.
> >
>
> saslauthd/ldap combination will give you better performance and in general
> it is more stable.  Some pam implementations/modules leak memory.

  And without PAM it's one less layer to debug.  And you will be
debugging.  Cyrus IMAP and SASL are great, but they are not simple.
As always, Occam's Razor is a handy tool.  If you don't have a clear need
for PAM integration with SASL, eliminate it.

  Good luck.
--
Andrew
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Re: serious over quota problem

2004-02-11 Thread David R Bosso
See:

Cyrus IMAP uses a 32bit int to store quota in bytes internally, this causes 
problems with large quotas.  While the bug says 2GB, from what I saw in the 
code a while back it's an unsigned long which should max out at 4GB.

Can one of the developers clarify 2/4GB as the maximum?

-David

--On Tuesday, February 10, 2004 4:36 PM -0800 Joao Pedras 
<[EMAIL PROTECTED]> wrote:

Hello Ken,

Ken Murchison wrote:

Joao Pedras wrote:

Hi all!

I have this user's box which is NOT over quota but Cyrus insists on
saying that it is to sendmail. Also
I am not able to drag messages into it.
I have ran 'reconstruct' on the the folder with '-r -f' and 'cyrquota
-f' also. I have increased/decreased the quota...
The problem does not go away.

Could someone please provide some insight on this issue?


How do you know for a fact that the user is not over quota?


Well... the a 'du' on the filesystem shows the usage around 2Gb. The
quota root was
set to 5,000,000. Plus 'cyrquota' would report around 40% usage which
agrees with
the number I just gave you.
Keep in mind that a quotaroot includes ALL submailboxes.
And that is the reason why I check 'du' on filesystem folder.

  Are there \Deleted messages which have not been expunged?
Not quite sure. Wouldn't these count?

  Is the MUA using a Trash folder?


In the user's inbox? Yes, but that one is empty. Wouldn't that also add
up to the
quota root?
Two additional details:
1) it's cyrus 2.0.17
2)  I attempted to set the quota to 50,000,000 and the problem went away.
With that
quota value the usage is down to 4%.
Thanks Ken!!!
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Re: wiki suggestion: integrated products bundling Cyrus IMAPd

2004-02-11 Thread Avtar Gill
Craig Ringer wrote:
Hi folks

I thought it might be an idea to start a wiki page tracking products
that ship an integrated Cyrus IMAPd. This would be useful in (a) saving
people who don't want to roll their own a lot of frustration and (b)
potentially saving the mailing list participants a lot of repeat
questions and issues.
I suggest an entry, possibly on the main wiki page, along the lines of
"Integrated products including Cyrus". A FAQ entry along the lines of
"this is too fiddly - isn't there an easier way to make this all just
go?" that refers to the aforementioned page might be a good idea, too.
Sound sensible?

Here's my suggested beginning for the product list:

[Free]
Simon's RPMs - not really integrated mail system, but make setup a bit
easier
[Commercial]
SuSE OpenExchange
http://www.suse.de/en/business/products/suse_business/openexchange/
Apple MacOS X Server
http://www.apple.com/server/macosx/
Here are some more possible additions..

[Free]
Cyrus 2.1 packages for Debian stable. Add the following lines to
/etc/apt/sources.list ..
deb http://people.debian.org/~hmh/woody/ hmh/cyrus/
deb http://people.debian.org/~hmh/woody/ hmh/misc/
[Commercial]
Bynari Insight Server
http://www.bynari.net/index.php?id=501
SUSE LINUX Standard Server 8
http://www.suse.com/us/business/products/server/standard/features.html
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Re: saslauthd and ldap and ??? pam

2004-02-11 Thread Igor Brezac

On Wed, 11 Feb 2004, Shelley Waltz wrote:

> I am interested in knowing the difference and/or advantages
> of the ways one can use ldap authentication with sasl.
>
> One way is to use saslauthd -a ldap, which uses the auth_ldap
> module for saslauthd.
>
> Another way is to use saslauthd -a pam and then specify ldap
> as the auth mechanism in the various pam.d services such as
> smtp or imap.
>

saslauthd/ldap combination will give you better performance and in general
it is more stable.  Some pam implementations/modules leak memory.

-- 
Igor
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


SIEVE weirdness

2004-02-11 Thread Brian
A friend of mine has tried to get Cyrus 2.1.5 running on RHEL 3 and all
works except sieve.

Doing something like 'sieveshell -u cyrus -a cyrus' prompts for the
password over and over.

The error message I get is
Feb  5 17:09:48 agentsmith timsieved[4172]: unable to open Berkeley db
/etc/sasldb2: Invalid argument
Feb  5 17:09:48 agentsmith timsieved[4172]: unable to open Berkeley db
/etc/sasldb2: Invalid argument
Feb  5 17:09:48 agentsmith timsieved[4172]: no secret in database
Feb  5 17:09:48 agentsmith timsieved[4172]: badlogin:
localhost.localdomain[127.0.0.1] DIGEST-MD5 authentication failure

Seems like a problem with the auth method, but when I look in
/etc/imapd.conf he's using saslauthd ...

postmaster: postmaster
configdirectory: /var/lib/imap/
partition-default: /var/spool/imap
admins: cyrus
allowanonymouslogin: no
allowplaintext: yes
sasl_mech_list: PLAIN DIGEST-MD5 shadow pwcheck
servername: agentsmith.novussententia.com
autocreatequota: 1
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
sasl_pwcheck_method: saslauthd
sievedir: /usr/sieve
sendmail: /usr/sbin/sendmail
sieve_maxscriptsize: 32
sieveuserhomedir: no
sieve_maxscripts: 5
tls_ca_file: /var/lib/imap/cacert.pem
tls_cert_file: /var/lib/imap/server.crt
tls_key_file: /var/lib/imap/server.key

His cyrus.conf:

START {
  # do not delete this entry!
  mboxlist  cmd="ctl_cyrusdb -r"
  deliver   cmd="ctl_deliver -r"
  recover   cmd="ctl_cyrusdb -r"

  # this is only necessary if using idled for IMAP IDLE
#  idledcmd="idled"
}

# UNIX sockets start with a slash and are put into /var/lib/imap/sockets
SERVICES {
  # add or remove based on preferences
  imap  cmd="imapd" listen="imap" prefork=5
  imaps cmd="imapd -s" listen="imaps" prefork=1
  #pop3 cmd="pop3d" listen="pop3" prefork=3
  #pop3scmd="pop3d -s" listen="pop3s" prefork=1
  sieve cmd="timsieved" listen="localhost:sieve" prefork=0
  lmtpunix  cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=0

  # this is only necessary if using notifications
#  notify   cmd="notifyd" listen="/var/lib/imap/socket/notify"
proto="udp" prefork=1
}

EVENTS {
  # this is required
  checkpointcmd="ctl_cyrusdb -c" period=30

  # this is only necessary if using duplicate delivery suppression
  delprune  cmd="ctl_deliver -E 3" at=0400

  # this is only necessary if caching TLS sessions
  tlsprune  cmd="tls_prune" at=0400
  squatter  cmd="squatter -r user" period=1440
}

He can login via IMAP just fine.  I even see in the logs where it accepts
the password as type 'plain'.  Below is a strace where we try to
authenticate via sieveshell.  I see it trying to open /etc/shadow, but not
sasldb

[pid  4163] <... accept resumed> {sa_family=AF_UNIX, [EMAIL PROTECTED], [2]) = 7
[pid  4163] fcntl64(6, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0,
len=1} 
[pid  4162] <... fcntl64 resumed> ) = 0
[pid  4163] <... fcntl64 resumed> ) = 0
[pid  4162] accept(5,  
[pid  4163] read(7, "\0\6", 2)  = 2
[pid  4163] read(7, "csmith", 6)= 6
[pid  4163] read(7, "\0\5", 2)  = 2
[pid  4163] read(7, "fr00t", 5) = 5
[pid  4163] read(7, "\0\4", 2)  = 2
[pid  4163] read(7, "smtp", 4)  = 4
[pid  4163] read(7, "\0\0", 2)  = 2
[pid  4163] socket(PF_UNIX, SOCK_STREAM, 0) = 8
[pid  4163] connect(8, {sa_family=AF_UNIX, path="/var/run/.nscd_socket"},
110) = -1 ENOENT (No such file or directory)
[pid  4163] close(8)= 0
[pid  4163] open("/etc/nsswitch.conf", O_RDONLY) = 8
[pid  4163] fstat64(8, {st_mode=S_IFREG|0644, st_size=1686, ...}) = 0
[pid  4163] mmap2(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb75ea000
[pid  4163] read(8, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1686
[pid  4163] read(8, "", 4096)   = 0
[pid  4163] close(8)= 0
[pid  4163] munmap(0xb75ea000, 4096)= 0
[pid  4163] open("/etc/ld.so.cache", O_RDONLY) = 8
[pid  4163] fstat64(8, {st_mode=S_IFREG|0644, st_size=38297, ...}) = 0
[pid  4163] old_mmap(NULL, 38297, PROT_READ, MAP_PRIVATE, 8, 0) = 0xb75e1000
[pid  4163] close(8)= 0
[pid  4163] open("/lib/libnss_files.so.2", O_RDONLY) = 8
[pid  4163] read(8,
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\\35\0"..., 512) = 512
[pid  4163] fstat64(8, {st_mode=S_IFREG|0755, st_size=51924, ...}) = 0
[pid  4163] old_mmap(NULL, 46720, PROT_READ|PROT_EXEC, MAP_PRIVATE, 8, 0)
= 0xb73ce000
[pid  4163] old_mmap(0xb73d9000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED, 8, 0xa000) = 0xb73d9000
[pid  4163] close(8)= 0
[pid  4163] munmap(0xb75e1000, 38297)   = 0
[pid  4163] open("/etc/passwd", O_RDONLY) = 8
[pid  4163] fcntl64(8, F_GETFD) = 0
[pid  4163] fcntl64(8, F_SETFD, FD_CLOEXEC) = 0
[pid  4163] fstat64(8, {st_mode=S_IFREG|0644, st_size=2261, ...}) = 0
[pid  4163] mmap2(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =

Re: upgrade from Cyrus 2.1.15 to cyrus 2.2.3 breaks LDAP auxprop authentication.

2004-02-11 Thread Rob Siemborski
On Wed, 11 Feb 2004, Edward Rudd wrote:

> I'm using the ldapdb auxprop plugin that comes with OpenLDAP 2.1.22 with
> cyrus sasl 2.1.15, which works perfectly with the sasl2 sample server
> and client programs, postfix 1.1.12, postfix 2.0.16, and cyrus imapd
> 2.1.13 to cyrus imapd 2.1.15..   However when I upgraded to cyrus imapd
> 2.2.3 (all of these are using Simon Matter's wonderful RPMS), I always
> get user not found when trying to login as any user.. (fully qualified
> user like [EMAIL PROTECTED] or the "cyrus" admin user).

We've seen some problems with how 2.2 initilizes SASL and working with the
LDAPDB plugin.

It is not an immediately trivial fix, but I've documented it as Bug 2366.

-Rob

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper

---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Need help with cyrus.logwatch.tgz

2004-02-11 Thread Eddy Beliveau



Hi! networkers,
 
I'm using imapd-cyrus 2.1.15-2 on RedHat 
9
 
I did the following commands:
 
# cd  /tmp
# wget http://acs-wiki.andrew.cmu.edu/twiki/pub/Cyrus/Logwatch/cyrus.logwatch.tgz
# gunzip  cyrus.logwatch.tgz
# cd  /
# tar  -xvf  
/tmp/cyrus.logwatch.tar
# logwatch --service  
cyrus  --range  all  --detail high --print
 
but the output is 
empty
 
Did I missed something ?
 
Thanks,
Eddy
--
 
[EMAIL PROTECTED]Telephone: 
514-340-6073
 
Analyste - Applications ReseauHEC 
Montreal3000 Chemin de la Cote Sainte-CatherineMontreal  
(Quebec)Canada H3T 2A7
 
Any horizontal surface soon tends to be piled 
up


Re: upgrade from Cyrus 2.1.15 to cyrus 2.2.3 breaks LDAP auxprop authentication.

2004-02-11 Thread Igor Brezac

Check
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=2926;selectid=2926

Cyrus-imap needs to be fixed, but it was easier to change openldap api.

-Igor

On Wed, 11 Feb 2004, Edward Rudd wrote:

> I'm using the ldapdb auxprop plugin that comes with OpenLDAP 2.1.22 with
> cyrus sasl 2.1.15, which works perfectly with the sasl2 sample server
> and client programs, postfix 1.1.12, postfix 2.0.16, and cyrus imapd
> 2.1.13 to cyrus imapd 2.1.15..   However when I upgraded to cyrus imapd
> 2.2.3 (all of these are using Simon Matter's wonderful RPMS), I always
> get user not found when trying to login as any user.. (fully qualified
> user like [EMAIL PROTECTED] or the "cyrus" admin user).
>
> And my ldap logs show nothing going on.. literally.. I see a connection
> coming in from sasl, and then disconnecting.. no other activity is
> logged. And I have the loglevel for openldap set to 255.
>
> My auth.log shows "no worthy mechs found" and nothing in my imapd.log
>
> What changed in relation to SASL configuration from Cyrus IMAPD 2.1.x to
> 2.2.x??
>
> Here is my relavent imapd.conf
>
> sasl_pwcheck_method: auxprop
> sasl_auxprop_plugin: ldapdb
> sasl_mech_list:  plain digest-md5 cram-md5 ntlm
>
> sasl_ldapdb_uri: ldap:///
> sasl_ldapdb_id: auxprop_user
> sasl_ldapdb_pw: password_for_said_user
> sasl_ldapdb_mech: DIGEST-MD5
>
> Which is the same configuration as sample.conf (for the sample server
> and client) and smtpd.conf (for postfix). Except those files don't have
> the sasl_ prefix to the configuration directives..
>
>

-- 
Igor
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Sieve not working (Fedora / Cyrus (RPMS)

2004-02-11 Thread David Smith
Hello,

Been tinkering around with Cyrus now for 4 days, all the mail side of
things seem to be ok, the major fly in the ointment (and in fact the
reason I moved to cyrus) is that sieve doesn't want to seem to work at
all...

I've done a fair bit of googling and hunting around to try and work out
the solution and before I loose the remaining shred of my sanity I
thought it was time to cry for help.

So I installed Cyrus using the RPMS from here
http://www.invoca.ch/pub/packages/cyrus-imapd/

and things seemed to be going well, got everything working and i'm using
fetchmail to collect my mail from various POP accounts and get it onto
Cyrus...

The problem is sieve, not matter what I've tried it's not working there
are no directories in the sieve's dir for users I've created, .sieve
files in the users home dir don't work and I seem to be going round in
circles, I think the problem is to do with authentication with Sieve and
doing

# sivtest -u david -a david localhost

gets me

S : "IMPLEMENTATION" "Cyrus timsieved v2.2.3-Invoca-RPM-2.2.3-4"
S: "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational 
regex"
S: "STARTTLS"
S: OK
Authentication failed. generic failure
Security strength factor: 0
C: LOGOUT

so any thoughts / help much appreciated

Regards
Dave



signature.asc
Description: This is a digitally signed message part


saslauthd and ldap and ??? pam

2004-02-11 Thread Shelley Waltz
I am interested in knowing the difference and/or advantages
of the ways one can use ldap authentication with sasl.

One way is to use saslauthd -a ldap, which uses the auth_ldap
module for saslauthd.

Another way is to use saslauthd -a pam and then specify ldap
as the auth mechanism in the various pam.d services such as
smtp or imap.

Shelley Waltz


---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


wiki suggestion: integrated products bundling Cyrus IMAPd

2004-02-11 Thread Craig Ringer
Hi folks

I thought it might be an idea to start a wiki page tracking products
that ship an integrated Cyrus IMAPd. This would be useful in (a) saving
people who don't want to roll their own a lot of frustration and (b)
potentially saving the mailing list participants a lot of repeat
questions and issues.

I suggest an entry, possibly on the main wiki page, along the lines of
"Integrated products including Cyrus". A FAQ entry along the lines of
"this is too fiddly - isn't there an easier way to make this all just
go?" that refers to the aforementioned page might be a good idea, too.

Sound sensible?

Here's my suggested beginning for the product list:

[Free]
Simon's RPMs - not really integrated mail system, but make setup a bit
easier

[Commercial]
SuSE OpenExchange
http://www.suse.de/en/business/products/suse_business/openexchange/
Apple MacOS X Server
http://www.apple.com/server/macosx/

---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Re: lmtp permision denied

2004-02-11 Thread Edward J. Shornock
Rafel Amer wrote:

Hi,

I have installed debian gnu/linux sarge and postfix/cyrus mail server.
When I trie to send an e-mail, I get the following error in the mail.log
Feb 10 17:46:47 claimcenter postfix/lmtp[19109]: B6D0EDB: 
to=<[EMAIL PROTECTED]>, relay=none, delay=0, status=deferred 
(connect to /var/lib/cyrus/socket/lmtp[/var/lib/cyrus/socket/lmtp]: 
Permission denied)

Does anybody know how I can solve this problem?


What are your permissions on /var/lib/cyrus/socket/lmtp?  What version 
of Cyrus?  If it's Debian version 2.1.16-*, did you happen to read 
/usr/share/doc/cyrus21-doc/README.postfix.gz ?  If you didn't, you might 
want to do so now, otherwise you'll probably miss other important 
things, besides:


WARNING:  Since Cyrus pre-auths anything coming through the Unix socket, 
anyone
who can write to it will be able to inject email into Cyrus directly.

Use dpkg-statoverride to make sure your configuration for the socket
permissions will not be overwritten by the Cyrus packages.  Do remember that
Postfix usually runs the LMTP transport as user "postfix" (configurable in
/etc/postfix/master.cf).  Also, do not run the postfix lmtp transport 
chrooted
if the socket is not inside the chroot.

1. Create a lmtp group:
   # addgroup lmtp
2. Put user postfix in that group:
   # adduser postfix lmtp
3. Fix the socket directory permissions:
   # dpkg-statoverride --force --update --add \
 cyrus lmtp 750 /var/run/cyrus/socket
4. Restart Postfix and Cyrus IMAPd
   # /etc/init.d/postfix restart
   # /etc/init.d/cyrus21 restart


I highly recommend reading the documentation in 
/usr/share/doc/cyrus21-docs.  I just installed Cyrus-Imapd with Postfix, 
Maia, Web-Cyradm, and Amavisd-New last week and I didn't have any 
problems after RTFM'ing.

HTH

Ed
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Re: ldap/cyrus server

2004-02-11 Thread Troels Arvin
On Tue, 10 Feb 2004 10:06:38 +0100, Lindner wrote:

> I recommend the kolab-server which was designed to replace Exchange. The
> project is still relatively young but it is free and I am satisfied with
> it. It's VERY easy to install /maintain and the KDE 3.2 comes with a
> prerelease of "Kontact" which is a nice Client-Software for that server.
> Give it a try.   :-)

Kolab looks promising. I tested it lately, but had to drop it again, for
the time being:
1. It stores passwords in plain text.
2. I couldn't make it accept a set of relatively simple
   virtual host related requirements that I had.

I think that at least the first item has already been covered in the
developer-version of Kolab(?), so I'm eager to try the next release.

-- 
Greetings from Troels Arvin, Copenhagen, Denmark


---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


lmtp permision denied

2004-02-11 Thread Rafel Amer
Hi,

I have installed debian gnu/linux sarge and postfix/cyrus mail server.
When I trie to send an e-mail, I get the following error in the mail.log
Feb 10 17:46:47 claimcenter postfix/lmtp[19109]: B6D0EDB: 
to=<[EMAIL PROTECTED]>, relay=none, delay=0, status=deferred 
(connect to /var/lib/cyrus/socket/lmtp[/var/lib/cyrus/socket/lmtp]: 
Permission denied)

Does anybody know how I can solve this problem?

Thanks.

R. Amer

---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html