Upgrade path fom 2.1.4 rpm to 2.1.12 tarball?
Are there any pitfalls with upgrading from 2.1.4 to 2.1.12? Well my case is more special than that... I was using 2.1.4 from Luca Olivetti's rpm's for Mandrake and plan to use the source tarballs direct from carnegie mellon... The one thing I see that might be non-standard is that Luca had some patches to cyrus-imapd that I have no clue if they're included or not. Namely he had: 2.0.5-mandir.patch 2.0.9-cflags.patch 2.0.12-deliverman.patch 2.0.12-cyradm_man_sec.patch 2.1.3-service-path.patch And I see in 2.1.12 he has Mdk9.0perl-patch (not applicable to me) Logident.patch I wasn't using anything special from that setup except unixhierarchsep. Thx, Jeff
RE: "." in foldername
in all versions of cyrus-imapd AFTER 2.0.16 you can use the imapd.conf setting of 'unixhierarchysep: yes' that will change the mail folders from being called 'user.johnsmith' to 'user/johnsmith' so then you can use dots in the name... like [EMAIL PROTECTED] would be 'user/john.smith'... note that the folder on the drive is saved as /var/spool/imap/j/user/john^smith/ Jeff > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Carsten > Burghardt > Sent: Wednesday, May 22, 2002 10:47 PM > To: [EMAIL PROTECTED] > Subject: "." in foldername > > > Hi, > > I noticed that some MUA's can create folders with a dot (.) in > the name and > some not (they create subfolders as a result). So I wonder if there's a > general rule for this. Is it possible to create a folder "new.folder" and > how? > > Thanks, > > Carsten > -- > Carsten Burghardt > email: [EMAIL PROTECTED] > WWW: http://www.magic-shop.de > PGP: http://www.magic-shop.de/Carsten_Burghardt.asc > >
RE: SSL/TLS
i looked in the compile notes for 2.0.16 and I think maybe you have the option wrong... maybe you should try: --with-openssl=/usr/local/ssl and not --with-ssl Jeff > -Original Message- > From: Lee Hoffman [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, May 22, 2002 4:50 PM > To: 'Jeff Bert'; 'Ken Murchison' > Cc: 'Cyrus Mailing List' > Subject: RE: SSL/TLS > > > So when I restart cyrus I get the same as jeff when I run netstat. > > I'm beginning to wonder if this maybe a compile issue. I just tried > recompiling without --with-ssl, didn't change anything. I also tried a > bunch of different compile time options, nothing helps. My original > configure was: > > ./configure --with-cyrus-group=cyrus --with-cyrus-user=cyrus > --with-sasldir=/usr/local --with-dbdir=/usr/local/BerkeleyDB.3.3 > --with-ssl=/usr/local/ssl > > I then started to look through the config.log file, and I noticed the > following error: > > configure:3631: gcc -o conftest -g -O2 > -I/usr/local/BerkeleyDB.3.3/include -I/usr/local/include > -L/usr/local/BerkeleyDB.3.3/lib -Wl,-rpath,/usr/local/BerkeleyDB.3.3/lib > -L/usr/local/BerkeleyDB.3.3/lib -L/usr/local/lib > -Wl,-rpath,/usr/local/lib conftest.c -lssl -lcrypto -lfl -ldb-3 1>&5 > /usr/bin/ld: cannot find -lssl > > I tried adding /usr/local/ssl/lib to ld.so.conf, but ofcourse that didnt > change anything because that's only for runtime. > > Does any of the above spark any insights with anyone? > > Thanks, > Lee > > -Original Message- > From: Jeff Bert [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, May 22, 2002 4:36 PM > To: Lee Hoffman > Cc: 'Cyrus Mailing List' > Subject: RE: SSL/TLS > > also, i'd do a 'netstat -an | grep 993' to see if anything is listening > on that port... i get: > > tcp 0 0.0.0.0:993 0.0.0.0:* LISTEN > > and my imaps port works. > > Jeff > > > -Original Message- > > From: Jeff Bert [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, May 22, 2002 1:16 PM > > To: Lee Hoffman > > Cc: 'Cyrus Mailing List' > > Subject: RE: SSL/TLS > > > > > > maybe you should look in /etc/xinetd.d/ and see if there is an imaps > > file floating unwarranted in there. maybe some other process is > > intercepting > > it... i know this is a wild guess > > > > jeff > > > > > -Original Message- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED]]On Behalf Of Ken > Murchison > > > Sent: Wednesday, May 22, 2002 12:35 PM > > > To: Lee Hoffman > > > Cc: 'Cyrus Mailing List' > > > Subject: Re: SSL/TLS > > > > > > > > > > > > > > > Lee Hoffman wrote: > > > > > > > > The log was already at local6.debug. When I try to login, no imapd > -s > > > > process is spawned, and the logs show nothing at all (atleast > > that I can > > > > discern, there are a number of users logging in and out, so > > theres a lot > > > > of stuff being printed). > > > > > > > > It seems to me that it's a problem with master not spawning > > (it listens, > > > > but then doesn't spawn). > > > > > > If its listening but not spawning, master probably thinks there is a > > > process already running which can service this. The 'available' > count > > > can get screwed up if a process gets killed but master doesn't know > > > about it. > > > > > > I would try restarting master. > > > > > > > Im going to try a recompile without the --with-ssl, any other > ideas > > > > before I do so (Im trying to avoid it since this is a live > server)? > > > > > > This probably won't make a difference. imapd would complain if your > > > tried to do SSL/TLS and it wasn't compiled with it. > > > > > > > > > > > > > -Original Message- > > > > From: Ken Murchison [mailto:[EMAIL PROTECTED]] > > > > Sent: Wednesday, May 22, 2002 3:13 PM > > > > To: Lee Hoffman > > > > Cc: 'Cyrus Mailing List' > > > > Subject: Re: SSL/TLS > > > > > > > > Lee Hoffman wrote: > > > > > > > > > > Im not sure if its being caused by login attempts via ssl > > (although it > > > > > seems to happen when I try to login via ssl from a mail > > client or when > > &g
RE: SSL/TLS
also, i'd do a 'netstat -an | grep 993' to see if anything is listening on that port... i get: tcp 0 0.0.0.0:993 0.0.0.0:* LISTEN and my imaps port works. Jeff > -Original Message- > From: Jeff Bert [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, May 22, 2002 1:16 PM > To: Lee Hoffman > Cc: 'Cyrus Mailing List' > Subject: RE: SSL/TLS > > > maybe you should look in /etc/xinetd.d/ and see if there is an imaps > file floating unwarranted in there. maybe some other process is > intercepting > it... i know this is a wild guess > > jeff > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]On Behalf Of Ken Murchison > > Sent: Wednesday, May 22, 2002 12:35 PM > > To: Lee Hoffman > > Cc: 'Cyrus Mailing List' > > Subject: Re: SSL/TLS > > > > > > > > > > Lee Hoffman wrote: > > > > > > The log was already at local6.debug. When I try to login, no imapd -s > > > process is spawned, and the logs show nothing at all (atleast > that I can > > > discern, there are a number of users logging in and out, so > theres a lot > > > of stuff being printed). > > > > > > It seems to me that it's a problem with master not spawning > (it listens, > > > but then doesn't spawn). > > > > If its listening but not spawning, master probably thinks there is a > > process already running which can service this. The 'available' count > > can get screwed up if a process gets killed but master doesn't know > > about it. > > > > I would try restarting master. > > > > > Im going to try a recompile without the --with-ssl, any other ideas > > > before I do so (Im trying to avoid it since this is a live server)? > > > > This probably won't make a difference. imapd would complain if your > > tried to do SSL/TLS and it wasn't compiled with it. > > > > > > > > > -Original Message- > > > From: Ken Murchison [mailto:[EMAIL PROTECTED]] > > > Sent: Wednesday, May 22, 2002 3:13 PM > > > To: Lee Hoffman > > > Cc: 'Cyrus Mailing List' > > > Subject: Re: SSL/TLS > > > > > > Lee Hoffman wrote: > > > > > > > > Im not sure if its being caused by login attempts via ssl > (although it > > > > seems to happen when I try to login via ssl from a mail > client or when > > > I > > > > run the command below), but imapd prints the following: > > > > > > > > May 22 14:55:51 servername master[18641]: process 28462 > exited, status > > > 0 > > > > > > > > Yes, imaps is listed in /etc/services > > > > > > Alright. Crank the imap logging level up to local6.debug and restart > > > syslogd. > > > > > > Try to make another connection, and see if an 'imapd -s' gets spawned. > > > Look in imapd.log and do a 'ps -f -u cyrus'. > > > > > > If you have a running 'imapd -s', then do an strace on it to > see what it > > > is doing. > > > > > > Ken > > > > > > > -Original Message- > > > > From: Ken Murchison [mailto:[EMAIL PROTECTED]] > > > > Sent: Wednesday, May 22, 2002 2:52 PM > > > > To: Lee Hoffman > > > > Cc: 'Cyrus Mailing List' > > > > Subject: Re: SSL/TLS > > > > > > > > Lee Hoffman wrote: > > > > > > > > > > When I run /usr/local/ssl/bin/openssl s_client -connect > > > localhost:993 > > > > > > > > > > The following is printed: > > > > > > > > > > CONNECTED(0003) > > > > > > > > > > Then it just hangs. > > > > > > > > Check imapd.log for errors. Is "imaps" listed in /etc/services? > > > > > > > > Ken > > > > -- > > > > Kenneth Murchison Oceana Matrix Ltd. > > > > Software Engineer 21 Princeton Place > > > > 716-662-8973 x26 Orchard Park, NY 14127 > > > > --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp > > > > > > -- > > > Kenneth Murchison Oceana Matrix Ltd. > > > Software Engineer 21 Princeton Place > > > 716-662-8973 x26 Orchard Park, NY 14127 > > > --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp > > > > -- > > Kenneth Murchison Oceana Matrix Ltd. > > Software Engineer 21 Princeton Place > > 716-662-8973 x26 Orchard Park, NY 14127 > > --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp > >
RE: SSL/TLS
maybe you should look in /etc/xinetd.d/ and see if there is an imaps file floating unwarranted in there. maybe some other process is intercepting it... i know this is a wild guess jeff > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Ken Murchison > Sent: Wednesday, May 22, 2002 12:35 PM > To: Lee Hoffman > Cc: 'Cyrus Mailing List' > Subject: Re: SSL/TLS > > > > > Lee Hoffman wrote: > > > > The log was already at local6.debug. When I try to login, no imapd -s > > process is spawned, and the logs show nothing at all (atleast that I can > > discern, there are a number of users logging in and out, so theres a lot > > of stuff being printed). > > > > It seems to me that it's a problem with master not spawning (it listens, > > but then doesn't spawn). > > If its listening but not spawning, master probably thinks there is a > process already running which can service this. The 'available' count > can get screwed up if a process gets killed but master doesn't know > about it. > > I would try restarting master. > > > Im going to try a recompile without the --with-ssl, any other ideas > > before I do so (Im trying to avoid it since this is a live server)? > > This probably won't make a difference. imapd would complain if your > tried to do SSL/TLS and it wasn't compiled with it. > > > > > -Original Message- > > From: Ken Murchison [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, May 22, 2002 3:13 PM > > To: Lee Hoffman > > Cc: 'Cyrus Mailing List' > > Subject: Re: SSL/TLS > > > > Lee Hoffman wrote: > > > > > > Im not sure if its being caused by login attempts via ssl (although it > > > seems to happen when I try to login via ssl from a mail client or when > > I > > > run the command below), but imapd prints the following: > > > > > > May 22 14:55:51 servername master[18641]: process 28462 exited, status > > 0 > > > > > > Yes, imaps is listed in /etc/services > > > > Alright. Crank the imap logging level up to local6.debug and restart > > syslogd. > > > > Try to make another connection, and see if an 'imapd -s' gets spawned. > > Look in imapd.log and do a 'ps -f -u cyrus'. > > > > If you have a running 'imapd -s', then do an strace on it to see what it > > is doing. > > > > Ken > > > > > -Original Message- > > > From: Ken Murchison [mailto:[EMAIL PROTECTED]] > > > Sent: Wednesday, May 22, 2002 2:52 PM > > > To: Lee Hoffman > > > Cc: 'Cyrus Mailing List' > > > Subject: Re: SSL/TLS > > > > > > Lee Hoffman wrote: > > > > > > > > When I run /usr/local/ssl/bin/openssl s_client -connect > > localhost:993 > > > > > > > > The following is printed: > > > > > > > > CONNECTED(0003) > > > > > > > > Then it just hangs. > > > > > > Check imapd.log for errors. Is "imaps" listed in /etc/services? > > > > > > Ken > > > -- > > > Kenneth Murchison Oceana Matrix Ltd. > > > Software Engineer 21 Princeton Place > > > 716-662-8973 x26 Orchard Park, NY 14127 > > > --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp > > > > -- > > Kenneth Murchison Oceana Matrix Ltd. > > Software Engineer 21 Princeton Place > > 716-662-8973 x26 Orchard Park, NY 14127 > > --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp > > -- > Kenneth Murchison Oceana Matrix Ltd. > Software Engineer 21 Princeton Place > 716-662-8973 x26 Orchard Park, NY 14127 > --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp >
RE: SSL/TLS
well i don't have a CA either but I found that i'd get a little more of a delay without those extra lines in there pointing the ca to the same file that contains the key/cert and some errors in the log file... did you try compiling cyrus-imapd without --with-openssl yet? i know it sounds funny but in my 2.0.15 install I had STARTTLS working without that configure option. Jeff > -Original Message- > From: Lee Hoffman [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, May 22, 2002 7:41 AM > To: 'Scott M Likens'; 'Jeff Bert'; [EMAIL PROTECTED] > Subject: RE: SSL/TLS > > > This is VERY weird!!! When I telnet into the mailserver on 993: > > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > . logout > ^X > > No commands works, yet it says that its connected! '. logout' does > nothing, '. starttls' does nothing etc... I checked inetd, and other > services running, and none bind to 993. Could the master process be > listening on 993 and then *not* spawning a new imapd -s when a > connection comes in?? > > BTW, I did restart, many times, since trying everything. > > I also don't have a CA. > > Lee > > -Original Message- > From: Scott M Likens [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, May 22, 2002 2:41 AM > To: Lee Hoffman; 'Jeff Bert'; [EMAIL PROTECTED] > Subject: RE: SSL/TLS > > *sigh* > > Telnet to your imap port and please verify that the STARTTLS command > exists... > > Easiest way to do that instead of doing . logout > > do . starttls > > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > * OK shell Cyrus IMAP4 v2.1.4 server ready > . starttls > . OK Begin TLS negotiation now > > like that > > *bleh* > > Stop using imtest like a golden rule folks. Use an ACTUAL mail client > to > test things!!! > > --On Wednesday, May 22, 2002 12:58 AM -0400 Lee Hoffman > <[EMAIL PROTECTED]> wrote: > > > Here is my imapd.conf: > > > > configdirectory: /var/imap > > partition-default: /var/spool/imap > > admins: adminuser > > sasl_pwcheck_method: PAM > > > > tls_cert_file: /var/imap/server.pem > > tls_key_file: /var/imap/server.pem > > > > (/var/imap/server.pem exists and is readable by the cyrus user) > > > > ok running: 'imtest -t "" -u lee -a lee -r servername.com > > servername.com' gets auth working, but still no STARTTLS: > > > > C: C01 CAPABILITY > > S: * OK servername.com Cyrus IMAP4 v2.0.16 server ready > > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS > ID > > NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT > > THREAD=REFERENCES IDLE > > S: C01 OK Completed > > Password: > > C: L01 LOGIN lee {8} > > + go ahead > > C: > > L01 OK User logged in > > Authenticated. > > Security strength factor: 0 > > > > Any other ideas? > > > > Lee > > > > > > -Original Message- > > From: Jeff Bert [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, May 22, 2002 12:28 AM > > To: Lee Hoffman; [EMAIL PROTECTED] > > Subject: RE: SSL/TLS > > > > did you add these to your imapd.conf: > > > > tls_ca_path: /path-to-ca-folder/ > > tls_ca_file: /path-to-ca-file/ > > tls_cert_file: /path-to-cert-file/ > > tls_key_file: /path-to-key-file/ > > > > ? > > > >> -Original Message- > >> From: [EMAIL PROTECTED] > >> [mailto:[EMAIL PROTECTED]]On Behalf Of Lee > Hoffman > >> Sent: Tuesday, May 21, 2002 8:21 PM > >> To: [EMAIL PROTECTED] > >> Subject: SSL/TLS > >> > >> > >> Hey all, > >> I'm trying to get SSL/TLS working on cyrus 2.0.16. I followed the > >> instructions to a "T" to create the certificate. I also compiled > cyrus > >> -with-ssl=/usr/local/ssl (the latest version of openssl is installed, > >> and working with the sshd daemon). Anyway, cyrus (which is > >> authenticating off PAM/ldap) works fine. However, as soon as I try to > >> enable ssl from my email client, the client is unable to connect to > > the > >> server. I tried telneting into the box on port 993 and cyrus does > >> answer. > >> > >> Here is the output from imtest: > >> > >> Server-name:~# imtest -t "" -u lee server-name.com > >> C: C01 CAPABILITY > >> S: * OK server-name.com Cyrus IMAP4 v2.0.16 serve
RE: SSL/TLS
did you restart cyrus-imapd after putting the tls options in the imapd.conf (not a reload but a restart)? reload just reloads the /etc/cyrus.conf file AFAIK also, as I recall I got it to work fine with 2.0.15 without compiling --with-ssl... maybe you should try recompiling without that option. maybe there's a conflict with SSL and TLS... dunno for sure but it's worth a try. lastly, i remember I had to put in tls_ca_path: tls_ca_file: into imapd.conf to get it working... maybe you should try that first.. then try the re-compile. jeff > -Original Message- > From: Lee Hoffman [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, May 21, 2002 9:59 PM > To: 'Jeff Bert'; [EMAIL PROTECTED] > Subject: RE: SSL/TLS > > > Here is my imapd.conf: > > configdirectory: /var/imap > partition-default: /var/spool/imap > admins: adminuser > sasl_pwcheck_method: PAM > > tls_cert_file: /var/imap/server.pem > tls_key_file: /var/imap/server.pem > > (/var/imap/server.pem exists and is readable by the cyrus user) > > ok running: 'imtest -t "" -u lee -a lee -r servername.com > servername.com' gets auth working, but still no STARTTLS: > > C: C01 CAPABILITY > S: * OK servername.com Cyrus IMAP4 v2.0.16 server ready > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID > NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT > THREAD=REFERENCES IDLE > S: C01 OK Completed > Password: > C: L01 LOGIN lee {8} > + go ahead > C: > L01 OK User logged in > Authenticated. > Security strength factor: 0 > > Any other ideas? > > Lee > > > -Original Message- > From: Jeff Bert [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, May 22, 2002 12:28 AM > To: Lee Hoffman; [EMAIL PROTECTED] > Subject: RE: SSL/TLS > > did you add these to your imapd.conf: > > tls_ca_path: /path-to-ca-folder/ > tls_ca_file: /path-to-ca-file/ > tls_cert_file: /path-to-cert-file/ > tls_key_file: /path-to-key-file/ > > ? > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]On Behalf Of Lee Hoffman > > Sent: Tuesday, May 21, 2002 8:21 PM > > To: [EMAIL PROTECTED] > > Subject: SSL/TLS > > > > > > Hey all, > > I'm trying to get SSL/TLS working on cyrus 2.0.16. I followed the > > instructions to a "T" to create the certificate. I also compiled cyrus > > -with-ssl=/usr/local/ssl (the latest version of openssl is installed, > > and working with the sshd daemon). Anyway, cyrus (which is > > authenticating off PAM/ldap) works fine. However, as soon as I try to > > enable ssl from my email client, the client is unable to connect to > the > > server. I tried telneting into the box on port 993 and cyrus does > > answer. > > > > Here is the output from imtest: > > > > Server-name:~# imtest -t "" -u lee server-name.com > > C: C01 CAPABILITY > > S: * OK server-name.com Cyrus IMAP4 v2.0.16 server ready > > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS > ID > > NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT > > THREAD=REFERENCES IDLE > > S: C01 OK Completed > > Password: > > C: L01 LOGIN root {8} > > + go ahead > > C: > > L01 NO Login failed: authentication failure > > Authentication failed. generic failure > > Security strength factor: 0 > > > > > > What really worries me is that STARTTLS is even listed in CAPABILITIES > > (it should be shouldn't it?). > > > > My cyrus.conf file: > > > > # standard standalone server implementation > > > > START { > > # do not delete these entries! > > mboxlist cmd="ctl_mboxlist -r" > > deliver cmd="ctl_deliver -r" > > > > # this is only necessary if using idled for IMAP IDLE > > # idledcmd="idled" > > } > > > > # UNIX sockets start with a slash and are put into /var/imap/sockets > > SERVICES { > > # add or remove based on preferences > > imap cmd="imapd" listen="imap" prefork=5 > > imaps cmd="imapd -s" listen="imaps" prefork=1 > > # pop3 cmd="pop3d" listen="pop3" prefork=3 > > # pop3scmd="pop3d -s" listen="pop3s" prefork=1 > > # sievecmd="timsieved" listen="sieve" prefork=0 > > > > # at least one LMTP is required for delivery > > # lmtp cmd="lmtpd" listen="lmtp" prefork=0 > > lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=1 > > } > > > > EVENTS { > > # this is required > > checkpointcmd="ctl_mboxlist -c" period=30 > > > > # this is only necessary if using duplicate delivery suppression > > delprune cmd="ctl_deliver -E 3" period=1440 > > } > > > > > > Any ideas? > > > > Thanks, > > Lee > > > > > > >
RE: SSL/TLS
also, you should use: # imtest -t "" -u lee -a lee -r server-name.com servername.com Jeff > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Lee Hoffman > Sent: Tuesday, May 21, 2002 8:21 PM > To: [EMAIL PROTECTED] > Subject: SSL/TLS > > > Hey all, > I'm trying to get SSL/TLS working on cyrus 2.0.16. I followed the > instructions to a "T" to create the certificate. I also compiled cyrus > -with-ssl=/usr/local/ssl (the latest version of openssl is installed, > and working with the sshd daemon). Anyway, cyrus (which is > authenticating off PAM/ldap) works fine. However, as soon as I try to > enable ssl from my email client, the client is unable to connect to the > server. I tried telneting into the box on port 993 and cyrus does > answer. > > Here is the output from imtest: > > Server-name:~# imtest -t "" -u lee server-name.com > C: C01 CAPABILITY > S: * OK server-name.com Cyrus IMAP4 v2.0.16 server ready > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID > NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT > THREAD=REFERENCES IDLE > S: C01 OK Completed > Password: > C: L01 LOGIN root {8} > + go ahead > C: > L01 NO Login failed: authentication failure > Authentication failed. generic failure > Security strength factor: 0 > > > What really worries me is that STARTTLS is even listed in CAPABILITIES > (it should be shouldn't it?). > > My cyrus.conf file: > > # standard standalone server implementation > > START { > # do not delete these entries! > mboxlist cmd="ctl_mboxlist -r" > deliver cmd="ctl_deliver -r" > > # this is only necessary if using idled for IMAP IDLE > # idledcmd="idled" > } > > # UNIX sockets start with a slash and are put into /var/imap/sockets > SERVICES { > # add or remove based on preferences > imap cmd="imapd" listen="imap" prefork=5 > imaps cmd="imapd -s" listen="imaps" prefork=1 > # pop3 cmd="pop3d" listen="pop3" prefork=3 > # pop3scmd="pop3d -s" listen="pop3s" prefork=1 > # sievecmd="timsieved" listen="sieve" prefork=0 > > # at least one LMTP is required for delivery > # lmtp cmd="lmtpd" listen="lmtp" prefork=0 > lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=1 > } > > EVENTS { > # this is required > checkpointcmd="ctl_mboxlist -c" period=30 > > # this is only necessary if using duplicate delivery suppression > delprune cmd="ctl_deliver -E 3" period=1440 > } > > > Any ideas? > > Thanks, > Lee > >
RE: SSL/TLS
did you add these to your imapd.conf: tls_ca_path: /path-to-ca-folder/ tls_ca_file: /path-to-ca-file/ tls_cert_file: /path-to-cert-file/ tls_key_file: /path-to-key-file/ ? > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Lee Hoffman > Sent: Tuesday, May 21, 2002 8:21 PM > To: [EMAIL PROTECTED] > Subject: SSL/TLS > > > Hey all, > I'm trying to get SSL/TLS working on cyrus 2.0.16. I followed the > instructions to a "T" to create the certificate. I also compiled cyrus > -with-ssl=/usr/local/ssl (the latest version of openssl is installed, > and working with the sshd daemon). Anyway, cyrus (which is > authenticating off PAM/ldap) works fine. However, as soon as I try to > enable ssl from my email client, the client is unable to connect to the > server. I tried telneting into the box on port 993 and cyrus does > answer. > > Here is the output from imtest: > > Server-name:~# imtest -t "" -u lee server-name.com > C: C01 CAPABILITY > S: * OK server-name.com Cyrus IMAP4 v2.0.16 server ready > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID > NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT > THREAD=REFERENCES IDLE > S: C01 OK Completed > Password: > C: L01 LOGIN root {8} > + go ahead > C: > L01 NO Login failed: authentication failure > Authentication failed. generic failure > Security strength factor: 0 > > > What really worries me is that STARTTLS is even listed in CAPABILITIES > (it should be shouldn't it?). > > My cyrus.conf file: > > # standard standalone server implementation > > START { > # do not delete these entries! > mboxlist cmd="ctl_mboxlist -r" > deliver cmd="ctl_deliver -r" > > # this is only necessary if using idled for IMAP IDLE > # idledcmd="idled" > } > > # UNIX sockets start with a slash and are put into /var/imap/sockets > SERVICES { > # add or remove based on preferences > imap cmd="imapd" listen="imap" prefork=5 > imaps cmd="imapd -s" listen="imaps" prefork=1 > # pop3 cmd="pop3d" listen="pop3" prefork=3 > # pop3scmd="pop3d -s" listen="pop3s" prefork=1 > # sievecmd="timsieved" listen="sieve" prefork=0 > > # at least one LMTP is required for delivery > # lmtp cmd="lmtpd" listen="lmtp" prefork=0 > lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=1 > } > > EVENTS { > # this is required > checkpointcmd="ctl_mboxlist -c" period=30 > > # this is only necessary if using duplicate delivery suppression > delprune cmd="ctl_deliver -E 3" period=1440 > } > > > Any ideas? > > Thanks, > Lee > >
RE: HORRIBLE SASL Auth Probs!!
bummer, i know I'm repeating myself somewhat but here we go: 0) add debug logs to syslog: local6.debug-/var/log/imapd.log auth.debugy -/var/log/saslauthd.log # /etc/init.d/syslog restart 1) start saslauthd # saslauthd -a pam & 2) edit /etc/imapd.conf sasl_pwcheck_method: sasldb allowplaintext: yes 3) start cyrus-imapd 4) create a user # saslpasswd -c test 5) check their domain # sasldblistusers 6) chown the sasldb file # chown cyrus.mail /etc/sasldb (or your path to it) 7) try cyradm # cyradm --user test --server 8) IF THAT FAILS... crap. # tail /var/log/imapd.log # tail /var/log/saslauthd.log post the output... also, what version of berkeley db are you using? Jeff > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Phil Dibowitz > Sent: Tuesday, May 21, 2002 6:06 PM > To: [EMAIL PROTECTED] > Subject: Re: HORRIBLE SASL Auth Probs!! > > > Jeff Bert wrote: > > > Did you compile cyrus-imapd-2.0.16 with the '--with-auth=unix' > option... if > > not that will explain it all. > > > > I just recompiled and reinstalled with the '--with-auth=unix' > option - same > exact deal. > > Any ideas? > > Phil > -- > "They that can give up essential liberty to obtain a little > temporary safety > deserve neither liberty nor safety." > -Benjamin Franklin, 1759 > >
RE: HORRIBLE SASL Auth Probs!!
Sure but one question to make your life worse... why didn't your try the RPM's for redhat for versions 7.2cyrus-imapd-2.1.4 cyrus-sasl-2.1-2 that Simon Matter did? http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&search term=rpm&msg=14163 Jeff > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Phil Dibowitz > Sent: Tuesday, May 21, 2002 5:51 PM > To: [EMAIL PROTECTED] > Subject: Re: HORRIBLE SASL Auth Probs!! > > > Jeff Bert wrote: > > > > > Did you compile cyrus-imapd-2.0.16 with the '--with-auth=unix' > option... if > > not that will explain it all. > > > AHA! That must be it. > > I'll let you know. Thanks Jeff. > > > Phil > > -- > "They that can give up essential liberty to obtain a little > temporary safety > deserve neither liberty nor safety." > -Benjamin Franklin, 1759 > >
RE: HORRIBLE SASL Auth Probs!!
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Phil Dibowitz > Sent: Tuesday, May 21, 2002 5:10 PM > To: [EMAIL PROTECTED] > Subject: HORRIBLE SASL Auth Probs!! > > > Gah! > > I'm pulling my hair out trying to get this sasl stuff to work!! > I've removed > /etc/sasldb and recreated it using saslpasswd... > > I've tried explicitly giving all information (i.e. > saslpasswd -u 'localhost' -c test > saslpasswd -u 'bonanza' -c test) > > (I'd remove the localhost one before trying bonanza). > > I've tried providing as littls as possible: > saslpasswd test > > Coresponding with the attempts above I've tried: > imtest -a test -u test -r localhost localhost > imtest -a test -u test -r bonanza bonanza > imtest -a test -u test -r bonanza localhost > imtest -a test -u test -r localhost bonanza > > above with '-m > login' then each one of those above with '-m login -p imap'> > > then > # su test > $ imtest localhost > imtest -m login locahost > imtest -p login localhost > imtest -m login -p imap localhost > > The saslauthd that Jeff suggested seems to be a part of the 2.1.2 > branch of > sasl... which I'm not using. Not fully, the way I used to startup saslauthd in cyrus-sasl-1.5.24 was: # saslauthd -a pam also, I never forced the hostname (realm) i just used: # saslpasswd -c cyrususer then checked what the hostname (realm) was by: # sasldblistusers and i only ever used my FQDN so I don't know if the aliases for the host work or not. Did you compile cyrus-imapd-2.0.16 with the '--with-auth=unix' option... if not that will explain it all. Jeff > > Any help would be MUCH appreciated. Here is some last bit of info for you: > > Cyrus 2.0.16 compiled from Source > # rpm -qa | grep -i sasl > cyrus-sasl-1.5.24-17 > cyrus-sasl-devel-1.5.24-17 > # rpm -qa | grep -i cyrus > cyrus-sasl-1.5.24-17 > cyrus-sasl-devel-1.5.24-17 > perl-Cyrus-2.0.16-3rm > > > My only thought now is that that "perl-Cyrus" rpm may be messing > with things > (it's from before when I had installed Cyrus imap from RPM) - but > I'm worried > to uninstall it for fear if needing it... > > Phil > -- > "They that can give up essential liberty to obtain a little > temporary safety > deserve neither liberty nor safety." > -Benjamin Franklin, 1759 > >
RE: Secure Imap Problems
when you use '-m login' imtest bypasses the sasldb and goes straight for your shadow file. did you try that with a valid linux user? also, you might try starting saslauthd: # saslauthd -a pam & in imapd.conf sasl_passwd_check: sasldb # saslpasswd -c cyrususer # sasldblistusers *** NOTE WHAT REALM THE PASSWORDS ARE IN *** # imtest -a cyrususer -u cyrususer -r REALM REALM Jeff > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Phil Dibowitz > Sent: Tuesday, May 21, 2002 3:18 PM > To: [EMAIL PROTECTED] > Subject: Re: Secure Imap Problems > > > Alright, brand-spankin' new Cyrus-imap 2.0.16 installed from source. > > I want to get regular imap working before secure imap. I got my > imapd.conf > file set, and my cyrus.conf file set. I have two users (cyrus and > test) who > both have real accounts, and sasldb accounts. > > I can't authenticate. > > I've tried > sasl_passwd_check: sasldb > sasl_passwd_check: passwd > sasl_passwd_check: shadow > > And I've restarted 'master' each time and onery attempt to > login gives me: > > C: L01 LOGIN test {13} > + go ahead > C: > L01 NO Login failed: authentication failure > Authentication failed. generic failure > Security strength factor: 0 > > That's from imtest. (imtest -m login -p imap localhost) > > Maybe this is more helpful - when I try to use cyradm localhost I get: > > Login failed: authentication failure at > /usr/lib/perl5/site_perl/5.6.0/i386-linux/Cyrus/IMAP/Admin.pm line 78 > cyradm: cannot authenticate to server with as test > > The users I'm trying are 'cyrus' and 'test.' Cyrus is an 'admin' in > imapd.conf, while test is not. > > GAH! > > Phil > -- > "They that can give up essential liberty to obtain a little > temporary safety > deserve neither liberty nor safety." > -Benjamin Franklin, 1759 > >
RE: Compiling (was secure imap)
We feel... felt your pain... btw here's a pretty good HOWTO I used back when I compiled 2.0.15... note it has some differences since it includes the HIERSEP patch. http://dudle.linuxroot.org/docs/postfix_cyrus/ Jeff > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Phil Dibowitz > Sent: Tuesday, May 21, 2002 2:28 PM > To: [EMAIL PROTECTED] > Subject: Re: Compiling (was secure imap) > > > Phil Dibowitz wrote: > > > ./configure ran fine > > make depend ran fine > > make all CFLAGS=-O however, gives: > > I was able to get around this by replacing > /usr/local/share/bison.simple with > /usr/lib/bison.simple in the sieve/Makefile. > > Then I got com_err.h not found from imapd.c - I replaced > #include > with #include > > Isn't that what automake is for? Stupid autoconf > > Gr. now index.c needs com_err.h I'm gonna link the damn thing. > > Phil > -- > "They that can give up essential liberty to obtain a little > temporary safety > deserve neither liberty nor safety." > -Benjamin Franklin, 1759 > >
unixhierarchy/altnamespace & IMAP folders, bug?
When I use the unixhierarchy/altnamespace options in imapd.conf I can't create sub-folders in the main inbox but I can create folders outside the main inbox and then create subfolders in those. When I turn unixhierarchy/altnamespace off then I can create subfolders in the main inbox but not outside of it. I'm pretty new to imap... is this correct behaviour? Jeff
RE: What is wrong with ASMTP with SASLv2?
my <1 cent> is that I use plaintext passwords and don't like the idea that their password is transmitted whenever they're sending mail. I only use POP3S/IMAPS. I messed around with SMTPS but that was back in my totally newbie days (now I'm a newbie+) and never got it working so I just moved onto the pop-before-smtp idea. If you could let me in on the workings or SMTPS and SMTP AUTH I'd be willing to give it a try again. Jeff > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Scott M > Likens > Sent: Monday, May 20, 2002 9:19 AM > To: Ron Kuris; Henrique de Moraes Holschuh > Cc: [EMAIL PROTECTED] > Subject: What is wrong with ASMTP with SASLv2? (Was Re: FYI: > pop-before-smtp works with cyrus-imapd-2.1.4) > > > <10 cents> > I'll be honest I had the relay problem, so i just enabled ASMTP with > SASLv2, and after figuring out all the options. > > It works GREAT! All my users can relay without me adding 1 > single rule for > insecurity. I believe most E-Mail Clients that are WYSWIG or GUI Support > ASMTP, unfortunatly i'm not sure pine/mutt does so you gotta set > your email > address right becuause those usually sendmail so it's not an > issue as much. > But of course you can configure postfix to relay against only 1 > server and > use TLS/ASMTP if you so choose. > > Point is this, Relaying is a MTA/MUA thing and i see no use to using the > extra process when you can use the internal ASMTP in postfix and be happy. > > I'm also quite aware that the SASLv2 patch works for sendmail. > > Thanks for my 10cents > > > > Scott > > --On Monday, May 20, 2002 8:51 AM -0700 Ron Kuris <[EMAIL PROTECTED]> wrote: > > > Hi, > > > > Yes, this is a better solution than my hack, although I wish it weren't > > a separate process. > > > > Ron > > > > On Sun, 2002-05-19 at 15:56, Henrique de Moraes Holschuh wrote: > >> On Sun, 19 May 2002, Amos Gouaux wrote: > >> > Precisely why we use DRAC. > >> > > >> > rk> My recent patch just updates access.db directly. No separate > >> > process is rk> required. > >> > > >> > While a separate process is required for DRAC, the nice thing about > >> > it is that it will clear out entries after some configurable amount > >> > of time. > >> > >> And it will work on Murder clusters just as well, which made > it suitable > >> for default inclusion in Cyrus IMAPd for Debian, too. > >> > >> -- > >> "One disk to rule them all, One disk to find them. One disk to bring > >> them all and in the darkness grind them. In the Land of Redmond > >> where the shadows lie." -- The Silicon Valley Tarot > >> Henrique Holschuh > >> > >> > > > > > > > > --- > > "If Thyne Eyes Deceivee Thee, Pluck Them Out". > >
RE: Cyrus 2.1.4 :Autentication problems
Margartia, 1) when you compiled cyrus-sasl did you compile with the option: --with-saslauthd ? 2) what are the contents of your /etc/pam.d/imap and /etc/pam.d/pop files? Jeff > -Original Message- > From: Margarita Sanz [mailto:[EMAIL PROTECTED]] > Sent: Monday, May 20, 2002 5:37 AM > To: Jeff Bert > Subject: Re: Cyrus 2.1.4 :Autentication problems > > > Hi, Jeff. > Sorry, I forget to include my imapd.conf: > > configdirectory: /eui/adm/imap > partition-default: /var/spool/imap > allowanonymouslogin: no >allowplaintext:yes >admins: cyrus >#sasl_pwcheck_method: sasldb >sasl_pwcheck_method: saslauthd > > My saslauthd isn't run because when I write: > # saslauthd -a pam & > I get : > /var/state/saslauthd: No such file or directory > > I have created /var /state/saslauthd and saslauthd woks... > I run > $ /usr/local/bin/imtest -u marga -a marga cartero > and after write my password (marga) y get: > > C: C01 CAPABILITY > S: * OK cartero.eui.upm.es Cyrus IMAP4 v2.1.4 server ready > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ > MAILBOX-REFERRALS NAMESPACE > UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT > THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=OTP AUTH=DIGEST-MD5 > AUTH=CRAM-MD5 > S: C01 OK Completed > C: A01 AUTHENTICATE DIGEST-MD5 > S: + > bm9uY2U9InB2MDFMOERjRFBhWTVRK0l4eWdrcXhHVlVSOHdVa3ZWb21ZWUNnSUVjR2 > 89IixyZWFsbT0iY2FydGVyby5ldWkudXBtLmVzIixxb3A9ImF1dGgsYXV0aC1pbnQs > YXV0aC1jb25mIixjaXBoZXI9InJjNC00MCxyYzQtNTYscmM0LGRlcywzZGVzIixjaG > Fyc2V0PXV0Zi04LGFsZ29yaXRobT1tZDUtc2Vzcw== > > Please enter your password: > C: > dXNlcm5hbWU9Im1hcmdhIixyZWFsbT0iY2FydGVyby5ldWkudXBtLmVzIixub25jZT > 0icHYwMUw4RGNEUGFZNVErSXh5Z2txeEdWVVI4d1VrdlZvbVlZQ2dJRWNHbz0iLGNu > b25jZT0iZ0IrbFZlU0RvYnBqRzYzUzdvd1hqUm5uanBxVkZJT25KOFVaRGZBOGdiZz > 0iLG5jPTAwMDAwMDAxLHFvcD1hdXRoLWNvbmYsY2lwaGVyPSJyYzQiLGNoYXJzZXQ9 > dXRmLTgsZGlnZXN0LXVyaT0iaW1hcC9jYXJ0ZXJvLmV1aS51cG0uZXMiLHJlc3Bvbn > NlPThkNzE3ZDU0YjU5MzBiMjVkNjJjYTZmOWUzMmMzZjcw > > S: + cnNwYXV0aD1hZmE3MWE5ZGEwOGM2M2QxMDlkYTE4MTJjMTRhMWI0Yw== > C: > S: A01 OK Success (privacy protection) > Authenticated. > Security strength factor: 128 > > I was very happy, but when I try to connect into IMAP server from Outlock > Express then I have the same problem:"Connection refused". > I Know that is because in Out. Express I can not select CRAN-MD5 > or DIGEST-MD5 > (with K-Mail I can connect into IMAP server and get mail). > This is the reason because I need work in plain-text... > > Thanks > Marga. > > > Jeff Bert wrote: > > > Margarita, > > > > Are you sure saslauthd is running? > > > > What authentication method are you using in your imapd.conf file: > > > > sasl_pwcheck_method = ? > > > > If you have imapd.conf: > > > > sasl_pwcheck_method: saslauthd > > > > and you started saslauthd with: > > > > # saslauthd -a pam& > > > > then try this against a real linux user: > > > > # imtest -m login -u -a -r > > > > and if you've added someone to the sasldb via: > > > > # saslpasswd2 -c > > > > then try: > > > > # imtest -u -a -r > > > > Jeff > > > > > -Original Message- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED]]On Behalf Of Margarita > > > Sanz > > > Sent: Friday, May 17, 2002 3:48 AM > > > To: [EMAIL PROTECTED] > > > Subject: Cyrus 2.1.4 :Autentication problems > > > > > > > > > Hi, > > > I have just installed Cyrus 2.1.4 and Cyrus SASL 2.1.2 > > > If I connect into the IMAP server, all is OK: > > > > > > > > >Trying 138.100.xx.39... > > >Connected to cartero. > > >Escape character is '^]'. > > >* OK cartero Cyrus IMAP4 v2.1.4 server ready > > > > > > I have created a Cyrus user named "marga", and she is in the password > > > database (/etc/sasldb2). > > > > > > When I try to connect into IMAP server from Outlook Express, I get an > > > error message: "Connection refused". > > > > > > I have used "imtest" to test logging: > > > > > > /usr/local/bin/imtest -u marga cartero > > > > > > Then, I get the next message: > > > > > > C: C01 CAPABILITY > > > S: * OK cartero.eui.upm.es Cyrus IMAP4 v2.1.4 server ready > > > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS &
RE: FYI: pop-before-smtp works with cyrus-imapd-2.1.4
oops, forgot to set a flag, my bad. jeff > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Jeff Bert > Sent: Sunday, May 19, 2002 7:22 PM > To: Amos Gouaux; [EMAIL PROTECTED] > Subject: RE: FYI: pop-before-smtp works with cyrus-imapd-2.1.4 > > > Drac, isn't too Linux Mandrake friendly: > > make chokes on missing header files: > > netdir.h > netconfig.h (I have gnetconfig.h but not sure if that will work) > sys/systeminfo.h (tried sys/sysinfo.h but make died saying too many > arguments in function) > > and none of those header files exist in any of my rpm's that are available > on the distribution disks. > > Jeff > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]On Behalf Of Amos Gouaux > > Sent: Sunday, May 19, 2002 2:40 PM > > To: [EMAIL PROTECTED] > > Subject: Re: FYI: pop-before-smtp works with cyrus-imapd-2.1.4 > > > > > > >>>>> On 19 May 2002 14:38:52 -0700, > > >>>>> Ron Kuris <[EMAIL PROTECTED]> (rk) writes: > > > > rk> While this script works most of the time, it wasn't very > > reliable during > > rk> log rollovers. Try continuously rolling over the log to > reproduce the > > rk> problem. Also, parsing log entries takes a lot more CPU than > > the patch > > rk> I provided recently. > > > > Precisely why we use DRAC. > > > > rk> My recent patch just updates access.db directly. No separate > > process is > > rk> required. > > > > While a separate process is required for DRAC, the nice thing about > > it is that it will clear out entries after some configurable amount > > of time. > > > > -- > > Amos > > > > > >
RE: FYI: pop-before-smtp works with cyrus-imapd-2.1.4
Drac, isn't too Linux Mandrake friendly: make chokes on missing header files: netdir.h netconfig.h (I have gnetconfig.h but not sure if that will work) sys/systeminfo.h (tried sys/sysinfo.h but make died saying too many arguments in function) and none of those header files exist in any of my rpm's that are available on the distribution disks. Jeff > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Amos Gouaux > Sent: Sunday, May 19, 2002 2:40 PM > To: [EMAIL PROTECTED] > Subject: Re: FYI: pop-before-smtp works with cyrus-imapd-2.1.4 > > > > On 19 May 2002 14:38:52 -0700, > > Ron Kuris <[EMAIL PROTECTED]> (rk) writes: > > rk> While this script works most of the time, it wasn't very > reliable during > rk> log rollovers. Try continuously rolling over the log to reproduce the > rk> problem. Also, parsing log entries takes a lot more CPU than > the patch > rk> I provided recently. > > Precisely why we use DRAC. > > rk> My recent patch just updates access.db directly. No separate > process is > rk> required. > > While a separate process is required for DRAC, the nice thing about > it is that it will clear out entries after some configurable amount > of time. > > -- > Amos > >
RE: Patch for SMTP after IMAP
Any tips on how I can patch my rpm build? I've never patched a src rpm before. I have the source RPM from Luca Olivetti (thanks Luca) and want to try Ron's patch. Seems like a good idea to build this directly into cyrus-imapd. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Ron Kuris > Sent: Saturday, May 18, 2002 6:11 PM > To: [EMAIL PROTECTED] > Subject: Patch for SMTP after IMAP > > > Hi, > > I whipped this up because I needed this functionality. I have no idea > if it's suitable for general use. Here is what it does: > > A new configuration value of 'relaydb' is added to /etc/imapd.conf as > follows: > > relaydb: /etc/mail/access.db > > Then, whenever someone successfully logs into POP or IMAP, their IP > address is added as a RELAY into the sendmail access db, using the db3 > database routines. > > It's not the most elegant solution but it worked fine for me, so you may > wish to include it in the main product (or not, in which case I'll keep > the patch). > > The patch can be found at: > > http://secondwivescafe.com/cyrus-imap-POPB4SMTP-patch.txt > > Ron >
FYI: pop-before-smtp works with cyrus-imapd-2.1.4
I just wanted to let people know that the postfix addon software "pop-before-smtp" works seamlessly with cyrus-imapd-2.1.4 It's a great little script that checks the imapd log for valid pop3/imap logins and then writes the users IP to a hashed file that the smtpd daemon can check to validate a relay. Jeff
RE: does cvt_cyrusdb work? is it normal to have "DBERRORS db3: x lockers" messages?
> Luca Olivetti wrote: > Is that example configuration not good? > Dunno for sure. I tend to change something and test... change and test... change and test... but I didn't write everything down so I have to admit I'm not sure how I got rid of those db3 errors... I had them too but don't now... it might be how I compiled postfix that solved it: # make -f Makefile.init makefiles \ CCARGS="-DHAS_MYSQL -I/usr/local/mysql/include \ -DHAS_DB -I/usr/include/db3" \ AUXLIBS="-L/usr/local/mysql/lib -lmysqlclient -lz -lm \ -L/usr/lib -ldb-3.3" And then installed cyrus-sasl and cyrus-imapd. When I first installed the cyrus rpms I got those db errors also and then starting messing with stuff and finally got rid of them. Maybe it was the postfix compile. As you know I'm not anywhere near an expert... I just trying to relate my experience. Since we use similar systems in Linux-Mandrake I thought that mine might shed some light on yours. Jeff > > > > # standard standalone server implementation > > > > START { > > # do not delete this entry! > >recover cmd="ctl_cyrusdb -r" > >mboxlist cmd="ctl_mboxlist -r" > >deliver cmd="ctl_deliver -r" > > according to the manpage ctl_mboxlist and ctl_deliver don't have an -r > option now, this functionality is included in ctl_cyrusdb. > > [] yes, when you run the command it says it's depricated but if you are logging via 'local6.debug' for cyrus you'll see that the ctl_mboxlist does run and completes. > > > EVENTS { > > # this is required > > # checkpoint cmd="ctl_cyrusdb -c" period=30 > >checkpoint cmd="ctl_mboxlist -c" period=30 > > ctl_mboxlist doesn't have a -c option now. Its functionality is in > ctl_cyrusdb. > same as above, you get a report that it's depricated but it runs and reports in the log file but, I'm going to put my cyrus.conf back to using the ctl_cyrusdb for both STARTUP and EVENTS and see if I have any problems.
RE: does cvt_cyrusdb work? is it normal to have "DBERRORS db3: x lockers" messages?
Luca, When I built the cyrus-sasl-2.1.2 rpm from your source files I noticed that the "make" output never had a "-I/usr/include/db3" which is where the include files for BerkeleyDB3.3 are stored from the Mandrake RPM's. I added a "CPPFLAGS=-I/usr/include/db3" in the cyrus-sasl.spec file before compiling... but not sure if it made a differece because: Also, I modified the cyrus.conf file to be more like the older version instead of the newer ones... here's mine... not sure which solved the problem, the .spec file mod or the .conf file mod: # standard standalone server implementation START { # do not delete this entry! recover cmd="ctl_cyrusdb -r" mboxlist cmd="ctl_mboxlist -r" deliver cmd="ctl_deliver -r" } # UNIX sockets start with a slash and are put into /var/lib/imap/sockets SERVICES { # add or remove based on preferences imap cmd="imapd" listen="imap" prefork=5 imaps cmd="imapd -s" listen="imaps" prefork=1 pop3 cmd="pop3d" listen="pop3" prefork=3 pop3s cmd="pop3d -s" listen="pop3s" prefork=1 sieve cmd="timsieved" listen="sieve" prefork=0 # at least one LMTP is required for delivery lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1 } EVENTS { # this is required # checkpoint cmd="ctl_cyrusdb -c" period=30 checkpoint cmd="ctl_mboxlist -c" period=30 # this is only necessary if using duplicate delivery suppression delprune cmd="ctl_deliver -E 3" period=1440 # this is only necessary if caching TLS sessions tlsprune cmd="tls_prune" period=1440 } Jeff > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Luca Olivetti > Sent: Thursday, May 16, 2002 1:48 PM > To: [EMAIL PROTECTED] > Subject: does cvt_cyrusdb work? is it normal to have "DBERRORS db3: x > lockers" messages? > > > Hi, > in an attempt to see if it solved the mozilla unseen problem (see > http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cy rus&msg=13859) > I compiled cyrus with db3 as the seen db. I quickly went back to flat > because I saw much more "DBERRORS db3: x lockers" than normal (btw, is > it normal to see these messages?). > Anyway, before using the new imapd, I converted the seen db for myself > (/var/lib/imap/user/l/luca.seen) with cvt_cyrusdb, but *all* messages > appeared as unseen. > Is cvt_cyrusdb supposed to work for the seen.db? > > TIA > -- > Luca Olivetti > >
RE: PAM Authentication
what's your /etc/imapd.conf set to for sasl_pwcheck_method? what's your /etc/pam.d/imap set to? we need to know those to help trouble shoot... but... if in /etc/imapd.conf reads... ... sasl_pwcheck_method: saslauthd and your /etc/pam.d/imap is: # begin authrequired /lib/security/pam_stack.so service=system-auth account required /lib/secruity/pam_stack.so service=system-auth # end then you can try this: 1) make dchait a valid user on your system via useradd and give that user a password. 2) make sure saslauthd is running... 3) run: [root] # imtest -m login -a dchait -u dchait -r and that will test the shadow password checking... 4) run: [root] # saslpasswd2 -c dchait Password: Again (for verification): [root] # imtest -a dchait -u dchait -r and you should be able to authenticate in both circumstances. if you read the docs, the '-m login' bypasses the auth mechanism and goes straight for the shadow passes (AFAICS) Jeff > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of David Chait > Sent: Wednesday, May 15, 2002 9:37 PM > To: 'Michael Bacon'; 'Ken Murchison' > Cc: [EMAIL PROTECTED] > Subject: RE: PAM Authentication > > > May 15 20:41:43 bonmaildev saslauthd[19131]: AUTHFAIL: user=dchait > service=imap realm= [PAM auth error] > > This is what I received using the saslauthd -a pam option (pam didn't > work at all). Any ideas? I can't seem to find a reference for this error > anywhere. > > -Original Message- > From: Michael Bacon [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, May 15, 2002 6:08 PM > To: Ken Murchison; David Chait > Cc: [EMAIL PROTECTED] > Subject: Re: PAM Authentication > > Or, if you're in 2.0, > > sasl_pwcheck_method: pam > > should work fine. > > Michael > > --On Wednesday, May 15, 2002 1:50 PM -0400 Ken Murchison > <[EMAIL PROTECTED]> > wrote: > > > What version of Cyrus? Assuming that you are using v2.1.x, set > > > > sasl_pwcheck_method: saslauthd > > > > and start saslauthd with the '-a pam' option. > > > > > > > > David Chait wrote: > >> > >> Greetings, > >> I am currently attempting to make Cyrus authenticate via a > PAM > >> library (like our Courier-IMAP system did), but have yet been > >> able to accomplish this. The following is my imapd.conf file and > >> cyrus.conf file. The MTA I am using is Postfix, but that seems to be > >> functional. > >> > >> Cheers, > >> David > >> > >> Imapd > >> > >> configdirectory: /var/imap > >> partition-default: /home/mail > >> admins: root cyrus > >> # srvtab: /var/imap/srvtab > >> allowanonymouslogin: no > >> sasl_pwcheck_method: pwcheck > >> > >> Cyrus > >> > >> # standard standalone server implementation > >> > >> START { > >> # do not delete this entry! > >> recover cmd="ctl_cyrusdb -r" > >> > >> # this is only necessary if using idled for IMAP IDLE > >> # idledcmd="idled" > >> } > >> > >> # UNIX sockets start with a slash and are put into /var/imap/socket > >> SERVICES { > >> # add or remove based on preferences > >> imap cmd="imapd" listen="imap" prefork=0 > >> imaps cmd="imapd -s" listen="imaps" prefork=0 > >> # pop3 cmd="pop3d" listen="pop3" prefork=0 > >> # pop3scmd="pop3d -s" listen="pop3s" prefork=0 > >> sieve cmd="timsieved" listen="sieve" prefork=0 > >> > >> # at least one LMTP is required for delivery > >> # lmtp cmd="lmtpd" listen="lmtp" prefork=0 > >> lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0 > >> > >> # this is only necessary if using notifications > >> # notify cmd="notifyd" listen="/var/imap/socket/notify" > >> # proto="udp" > >> prefork=1 > >> } > >> > >> EVENTS { > >> # this is required > >> checkpointcmd="ctl_cyrusdb -c" period=30 > >> > >> # this is only necessary if using duplicate delivery suppression > >> delprune cmd="ctl_deliver -E 3" period=1440 > >> > >> # this is only necessary if caching TLS sessions > >> tlsprune cmd="tls_prune" period=1440 > >> } > > > > -- > > Kenneth Murchison Oceana Matrix Ltd. > > Software Engineer 21 Princeton Place > > 716-662-8973 x26 Orchard Park, NY 14127 > > --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp > > > > > > > >
RE: TLS error? cyrus-imapd-2.1.4
> If you look in the Archive thru whatever web mailing list you wish, there > was someone who had mentioned using openssl how to create the CA, > the key, > and cert. > > Look it up, it'd be worth your time. > No thanks, I wasn't asking for a HOWTO but for others' experiences. I had already read the cyrus-imapd documentation and it only recommends using: tls_cert_file: /var/imap/cyrus-imapd.pem tls_key_file: /var/imap/cyrus-imapd.pem but I have found that if I add: tls_ca_file: /var/imap/cyrus-imapd.pem with the way I created the cert it works flawlessly. Jeff > --On Tuesday, May 14, 2002 7:33 PM -0700 jeff bert > <[EMAIL PROTECTED]> wrote: > > > I've gotten cyrus-imapd-2.1.4 working with the unencrypted > ports and have > > now moved to getting the secure ports working. I created a self-signed > > certificate using: > > > > [root@jabba imap]# openssl req -new -x509 -days 365 -nodes -config > > /usr/lib/ssl/openssl.cnf -out cyrus-imapd.pem -keyout cyrus-imapd.pem > > > > and entering the information. > > > > My imapd.conf file has: > > > > tls_cert_file: /var/imap/cyrus-imapd.pem > > tls_key_file: /var/imap/cyrus-imapd.pem > > > > And it seems to work but there is a delay of about 30 seconds when I > > connect for the first time in an email clients session in my imapd log > > file: > > > > May 14 19:20:33 jabba imap3d[2648]: TLS engine: cannot load CA data > > > > after that it works... > > > > Is this an error I need to be concerned about or is this just the result > > of self-siging the certificate? > > > > Thanks, > > > > Jeff Bert > > > > > > > >
TLS error? cyrus-imapd-2.1.4
I've gotten cyrus-imapd-2.1.4 working with the unencrypted ports and have now moved to getting the secure ports working. I created a self-signed certificate using: [root@jabba imap]# openssl req -new -x509 -days 365 -nodes -config /usr/lib/ssl/openssl.cnf -out cyrus-imapd.pem -keyout cyrus-imapd.pem and entering the information. My imapd.conf file has: tls_cert_file: /var/imap/cyrus-imapd.pem tls_key_file: /var/imap/cyrus-imapd.pem And it seems to work but there is a delay of about 30 seconds when I connect for the first time in an email clients session in my imapd log file: May 14 19:20:33 jabba imap3d[2648]: TLS engine: cannot load CA data after that it works... Is this an error I need to be concerned about or is this just the result of self-siging the certificate? Thanks, Jeff Bert
RE: cyradm problem?... cyrus-imapd-2.1.4
> > jeff bert wrote: > > > > So, is this a bug in my system or a "feature" of 2.1.4? Any > ideas? Or have > > they actually implemented the man page's warning that Tcl short style > > options may be done away with? > > I fell for that too (first tried with -u and didn't work), but the > current manpage doesn't mention short style options at all, so I think > they're gone. > BTW, I'm preparing new rpms for cyrus-sasl, since the current one > doesn't install the manpages (or rather cyrus-sasl's make install > doesn't, is that normal?) and doesn't include the sasldb > conversion utility. > > Bye > -- > Luca Olivetti > > Luca, I've compiled your cyrus-sasl-2.1.2-2.src.rpm and installed it. I didn't test "imtest" before I upgraded it but did afterwards and can't authenticate. if I type: # cyradm --user cyrus -s my.host.com it works but if I type: # imtest -m login -u cyrus -a cyrus -r my.host.com my.host.com It telnets into the imap server ok but won't authenticate (screen results): # imtest -m login -u cyrus -a cyrus -r my.host.com my.host.com C: C01 CAPABILITY S: * OK my.host.com Cyrus IMAP4 v2.1.4 server ready S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=CRAM-MD5 X-NETSCAPE S: C01 OK Completed Password: C: L01 LOGIN cyrus {6} + go ahead C: L01 NO Login failed: authentication failure Authentication failed. generic failure Security strength factor: 0 # more /etc/pam.d/imap #%PAM-1.0 auth required /lib/security/pam_stack.so service=system-auth accountrequired /lib/security/pam_stack.so service=system-auth # # # tail /var/log/saslauthd.log May 13 10:22:56 jabba saslauthd[2787]: START: saslauthd 2.1.2 May 13 10:22:56 jabba saslauthd[2792]: master PID is: 2792 May 13 10:22:56 jabba saslauthd[2792]: daemon started, listening on /var/lib/sasl2/mux May 13 10:23:01 jabba saslauthd[2793]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure May 13 10:23:01 jabba saslauthd[2793]: AUTHFAIL: user=cyrus service=imap realm= [PAM auth error] # Do you get the same or similar results? What does your /etc/pam.d/imap file look like? Thanks, Jeff
cyradm problem?... cyrus-imapd-2.1.4
I installed cyrus-imap-2.1.4 and have found a quirk that I don't know if it's a bug, change in feature or what. When I try to connect to the cyrus server via the command (same I successfully used in 2.0.15): # cyradm -u cyrus -s my.host.com it hangs up and won't connect... but if I run it with: # cyradm --user cyrus -s my.host.com Password: my.host.com> success. This install is on a totally fresh system on which I just re-installed Linux (heh, because I accidently typed "rm -fr" in the wrong terminal window a couple of days ago! luckily it's just the box i use for testing and evaluation so no biggie). Here's my details: Linux-Mandrake 8.1 (kernel 2.4.8) BerkeleyDB3.3 cyrus-imapd-2.1.4 (installed from Luca Olivetti's src.rpm) cyrus-sasl-2.1.2 (installed from Luca Olivetti's src.rpm) gcc-2.96 perl-5.601 So, is this a bug in my system or a "feature" of 2.1.4? Any ideas? Or have they actually implemented the man page's warning that Tcl short style options may be done away with? If they have done away with them, how does that affect the perl programming side? thanks, Jeff
RE: saslauthd: /var/state/saslauthd: No such file or directory
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Simon Matter > Sent: Tuesday, May 07, 2002 1:30 AM > To: jeff bert > Cc: [EMAIL PROTECTED] > Subject: Re: saslauthd: /var/state/saslauthd: No such file or directory > > > jeff bert schrieb: > > > > After installing cyrus-imapd-2.1.4 and cyrus-sasl-2.1.2 and > trying to start > > up saslauthd I get this error message: > > > > saslauthd: /var/state/saslauthd: No such file or directory > > Hi, > > You really don't give us much info about your system. > It seems your init script for saslauthd tried to write to /var/state > directory which does no longer exist on many systems like newer linux > systems. > > Simon > Nope it's not the init script it's the binary... if I call it using: # /usr/sbin/saslauthd -a pam& which gives that error. My configure/make sequence for cyrus-sasl-2.1.2: # ./configure \ --disable-anon \ --enable-plain \ --disable-krb4 \ --with-saslauthd \ --with-pam # make # make install # ln -s /usr/local/lib/sasl2 /usr/lib/sasl2 # /usr/sbin/saslauthd -a -pam& saslauthd: /var/state/saslauthd: No such file or directory # mkdir /var/state/saslauthd # /usr/sbin/saslauthd -a pam& # ll /var/state/saslauthd srwxrwxrwx 1 root root 0 May 7 00:06 mux= -rw--- 1 root root 0 May 7 00:06 mux.accept -rw--- 1 root root 0 May 7 00:06 mux.pid # I've realized that it's the --with-saslauthd option that puts this stuff in there and it's not a problem. Sorry to bother you all. Jeff
saslauthd: /var/state/saslauthd: No such file or directory
After installing cyrus-imapd-2.1.4 and cyrus-sasl-2.1.2 and trying to start up saslauthd I get this error message: saslauthd: /var/state/saslauthd: No such file or directory so I created that directory manuall and don't get the error any longer but I was curious does this show a sympton that something is wrong in my compile? Everything went fine configuring, making and installing. Just curious. Thanks, Jeff
RE: New RPMs
> Simon wrote: > > Did you install on RedHat 7.2? If yes, make sure you have current > updates installed, if no, I don't know. > No I use Linux Mandrake 8.1 > This is what I have installed: > > [root@dhcp-141-104 SRPMS]# rpm -qa | grep cyrus > cyrus-imapd-devel-2.1.4-1 > cyrus-sasl-md5-2.1.2-1 > cyrus-imapd-2.1.4-1 > cyrus-imapd-utils-2.1.4-1 > cyrus-sasl-devel-2.1.2-1 > cyrus-sasl-plain-2.1.2-1 > cyrus-sasl-2.1.2-1 > [root@dhcp-141-104 SRPMS]# rpm -qa | grep openssl > openssl-devel-0.9.6b-8 > openssl-0.9.6b-8 > would you please run: # rpm -qa --filesbypkg | grep libssl.so.2 # rpm -qa --filesbypkg | grep libcrypto.so.2 and tell me what is shows? that would tell me what package(s) contain those files. Thanks, Jeff
RE: New RPMs
I'm trying to install this and it's saying that to files are required: libcrypto.so.2 libssl.so.2 but openssl is only up to verion 0.96d so is this just a linked name to libssl.so.0 ? Jeff > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Simon Matter > Sent: Monday, May 06, 2002 12:10 AM > To: info-cyrus > Subject: New RPMs > > > I have upgraded my Cyrus RPMs to cyrus-imapd-2.1.4 / cyrus-sasl-2.1.2. > The binary packages have been compiled on RedHat 7.2. For those > interested, here are the links: > > http://home.teleport.ch/simix/Cyrus-sasl/ > http://home.teleport.ch/simix/Cyrus-imapd/ > > Simon > > > > > >
RE: New RPMs
I've gotten 5 copies of this same email... am I the only one who got this many? > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Simon Matter > Sent: Monday, May 06, 2002 12:10 AM > To: info-cyrus > Subject: New RPMs > > > I have upgraded my Cyrus RPMs to cyrus-imapd-2.1.4 / cyrus-sasl-2.1.2. > The binary packages have been compiled on RedHat 7.2. For those > interested, here are the links: > > http://home.teleport.ch/simix/Cyrus-sasl/ > http://home.teleport.ch/simix/Cyrus-imapd/ > > Simon > > > > > > >
RE: New RPMs
No need to answer this... I d/l the 2.1.4 tarball and read the changes.html doc: Changes to the Cyrus IMAP Server since 2.0.16 ... - altnamespace: it is now possible to display user mailboxes as siblings to the INBOX at the top-level (Ken Murchison) - unixhierarchysep: it is now possible possible to use slash as the hierarchy seperator, instead of a period. (Ken Murchison, inspired by David Fuchs, [EMAIL PROTECTED]) ... Coolio! Jeff > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of jeff bert > Sent: Monday, May 06, 2002 12:50 AM > To: info-cyrus > Subject: RE: New RPMs > > > does this version allow the admin to setup mailboxes in the hiersep manner > like that patch to 2.0.15 so that you can store mailboxes as > [EMAIL PROTECTED] ? > > and thanks for making them into RPM's. I had to do a bunch of > voodoo to get > the tarball cyrus-imap to install with my RPM installs of cyrus-sasl in > cyrus-imap-2.0.15 > > Jeff > > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]On Behalf Of Simon Matter > > Sent: Monday, May 06, 2002 12:10 AM > > To: info-cyrus > > Subject: New RPMs > > > > > > I have upgraded my Cyrus RPMs to cyrus-imapd-2.1.4 / cyrus-sasl-2.1.2. > > The binary packages have been compiled on RedHat 7.2. For those > > interested, here are the links: > > > > http://home.teleport.ch/simix/Cyrus-sasl/ > > http://home.teleport.ch/simix/Cyrus-imapd/ > > > > Simon > > > > > > > >
RE: New RPMs
does this version allow the admin to setup mailboxes in the hiersep manner like that patch to 2.0.15 so that you can store mailboxes as [EMAIL PROTECTED] ? and thanks for making them into RPM's. I had to do a bunch of voodoo to get the tarball cyrus-imap to install with my RPM installs of cyrus-sasl in cyrus-imap-2.0.15 Jeff > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Simon Matter > Sent: Monday, May 06, 2002 12:10 AM > To: info-cyrus > Subject: New RPMs > > > I have upgraded my Cyrus RPMs to cyrus-imapd-2.1.4 / cyrus-sasl-2.1.2. > The binary packages have been compiled on RedHat 7.2. For those > interested, here are the links: > > http://home.teleport.ch/simix/Cyrus-sasl/ > http://home.teleport.ch/simix/Cyrus-imapd/ > > Simon > > >
v2.1.2 upgrade
I'm currently using cyrus version 2.0.15 with the HIERSEP patch. with cyrus-sasl-1.5.27 What pitfalls can I expect to encounter if I upgrade to cyrus-2.1.2? Do I need to remove cyrus-sasl-1.5.27 in order to install SASLv2? Thanks, Jeff
RE: outlook and closed connections
All I can add is that I saw this behaviour with Outlook 2000 and cyrus versions 2.0.15 and 2.0.16. I then changed all accounts to POP accounts since no one was really using the IMAP features and if they wanted their msgs stored all they had to do was unset "delete messages on server after downloading". Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Justin Wood Sent: Monday, April 22, 2002 3:01 PM To: [EMAIL PROTECTED] Subject: outlook and closed connections We have some users here using Outlook2000. They are having problems with Outlook closing connections to the cyrus server and going into offline mode. The error they see is: Your IMAP server has closed the connection. This may occur if you have left the connection idle for too long. I'm using cyrus-imapd-2.1.3 on FreeBSD-4.5-RELEASE. Has anyone else seen this behavior, and have you found a fix for it? I'm guessing that it's just a 'feature' of Outlook, but I can still hope. -Justin. -- -- Justin Wood [EMAIL PROTECTED] Systems Administrator FlipDog.com http://www.flipdog.com/ --
RE: cyrs-imapd HIERSEP?
thanks, yeah that was the link, the oceana ftp site. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Ken Murchison > Sent: Sunday, March 10, 2002 5:45 PM > To: [EMAIL PROTECTED] > Subject: Re: cyrs-imapd HIERSEP? > > > Quoting Jeff Bert <[EMAIL PROTECTED]>: > > > can anyone point me to where i can d/l this? the link on the > howto page at > > http://dudle.linuxroot.org/docs/postfix_cyrus/ is broken. > > If you mean the link to oceana.com, I purposely removed the > altnamespace and > hiersep distros because we (CMU and I) are trying to "push" > people towards v2.1. > > I also believe that there were a few bugs that I fixed after the last > 2.0.15-hiersep beta release. > > Ken > -- > Kenneth Murchison Oceana Matrix Ltd. > Software Engineer 21 Princeton Place > 716-662-8973 x26 Orchard Park, NY 14127 > --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp >
cyrs-imapd HIERSEP?
can anyone point me to where i can d/l this? the link on the howto page at http://dudle.linuxroot.org/docs/postfix_cyrus/ is broken. sorry if you think I've been flooding info-cyrus lately with all my questions... all have been answered except for this one. thanks all, Jeff
RE: adding users via script
Ok, i figured this out, i'm such a bonehead!!! The big problem was that I had commented out the non-TLS pop and imap lines in cyrus.conf. when I do that and don't specify a working port it gets a connection refused. DOH! now that I know what has been going on. I was thinking this was an install problem (as I kept using my first cyrus.conf that I editted and never copied over it) and re-installed cyrus about 20 times. too d*** funny... i guess i deserver that pain but now i've learned. phew! your script works fine. thanks! Jeff > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Jeff Bert > Sent: Sunday, March 10, 2002 4:39 AM > To: [EMAIL PROTECTED] > Subject: RE: adding users via script > > > Birger, the script worked after I changed the method of how I > installed the > Cyrus IMAP server. Sadly, I was only able to connect to it once and after > that locked out. Dunno what to do other than start a new thread. > > Jeff > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]On Behalf Of Birger > > Toedtmann > > Sent: Saturday, March 09, 2002 6:27 AM > > To: Jeff Bert > > Cc: [EMAIL PROTECTED] > > Subject: Re: adding users via script > > > > > > Jeff Bert schrieb am Fri, Mar 08, 2002 at 11:04:43AM -0800: > > > Thanks all but it looks like the perl stuff is somewhat broken, > > cyradm works > > > from the command line but everytime I run any of the scripts > > I've been sent > > > I get this error: > > > > > > "Use of uninitialized value in subroutine entry at > > > /usr/lib/perl5/site_perl/5.6.1/i386-linux/Cyrus/IMAP/Admin.pm > line 78." > > > > > > One thing to note, when I compiled and installed > > cyrus-imapd-2.0.16 the perl > > > modules Cyrus:IMAP ended up in /usr/local/lib/ but my perl is > > > /usr/lib/perl5/... and cyradm didn't work until I copied the > > Cyrus folder > > > with IMAP.pm etc. over to my perl install. > > > > > > so after I manually moved the modules then i could get cyradm > > to work. but > > > the perl scripts trying to access the Cyrus::IMAP modules > don't seem to. > > > > Are you sure? The > > > > "Use of uninitialized value in subroutine entry" > > > > is just a warning and may (!) not say anything about the work done by > > the script. Did you try to add a user and have a look at the cyrus > > structures afterwards? > > > > > > Regards, > > > > Birger > > > >
RE: sasldb odd location (non-html)
Disregard this. I used the HOW-TO at http://dudle.linuxroot.org/docs/postfix_cyrus/ and used all the tarballs so now my sasldb is in the /etc/ folder. thanks. Jeff > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Jeff Bert > Sent: Saturday, March 09, 2002 5:49 PM > To: [EMAIL PROTECTED] > Subject: sasldb odd location (non-html) > > > my sasldb is called sasl.db and installed into /var/lib/sasl/ > > is there something I need to set for cyradm to see this? > > I've been having problems with cyradm connecting to the > server and it never asks me for a password even tho' > my mail admin is in the sasl db. > > i set it up like this: > > #./configure --without-notify --with-auth=unix --with-perl=/usr/bin/perl > --disable-sieve > > and no compile errors noted. > > #cyradm -u admin localhost > > hangs for awhile then : > > #cyradm: cannont connect to server > > is returned > > and > > #cyradm -u admin my.own.box (the boxes host name) > > returns > > cyradm: cannot connect to server > > immediately. > > #sasldblistusers > user: admin realm: my.own.box mech: PLAIN > > any ideas to help me? I really like Cyrus and want to get > it up and running. > > Thanks, > > Jeff >
RE: adding users via script
Birger, the script worked after I changed the method of how I installed the Cyrus IMAP server. Sadly, I was only able to connect to it once and after that locked out. Dunno what to do other than start a new thread. Jeff > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Birger > Toedtmann > Sent: Saturday, March 09, 2002 6:27 AM > To: Jeff Bert > Cc: [EMAIL PROTECTED] > Subject: Re: adding users via script > > > Jeff Bert schrieb am Fri, Mar 08, 2002 at 11:04:43AM -0800: > > Thanks all but it looks like the perl stuff is somewhat broken, > cyradm works > > from the command line but everytime I run any of the scripts > I've been sent > > I get this error: > > > > "Use of uninitialized value in subroutine entry at > > /usr/lib/perl5/site_perl/5.6.1/i386-linux/Cyrus/IMAP/Admin.pm line 78." > > > > One thing to note, when I compiled and installed > cyrus-imapd-2.0.16 the perl > > modules Cyrus:IMAP ended up in /usr/local/lib/ but my perl is > > /usr/lib/perl5/... and cyradm didn't work until I copied the > Cyrus folder > > with IMAP.pm etc. over to my perl install. > > > > so after I manually moved the modules then i could get cyradm > to work. but > > the perl scripts trying to access the Cyrus::IMAP modules don't seem to. > > Are you sure? The > > "Use of uninitialized value in subroutine entry" > > is just a warning and may (!) not say anything about the work done by > the script. Did you try to add a user and have a look at the cyrus > structures afterwards? > > > Regards, > > Birger >
RE: Cyrus IMSP / ACAP
Disregard, I read the manual and now understand these. Jeff > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Jeff Bert > Sent: Friday, March 08, 2002 9:17 PM > To: [EMAIL PROTECTED] > Subject: Cyrus IMSP / ACAP > > > what does these do and are either req'd for cyrus-imapd-2.0.16 ? > > Jeff >
sasldb odd location (non-html)
my sasldb is called sasl.db and installed into /var/lib/sasl/ is there something I need to set for cyradm to see this? I've been having problems with cyradm connecting to the server and it never asks me for a password even tho' my mail admin is in the sasl db. i set it up like this: #./configure --without-notify --with-auth=unix --with-perl=/usr/bin/perl --disable-sieve and no compile errors noted. #cyradm -u admin localhost hangs for awhile then : #cyradm: cannont connect to server is returned and #cyradm -u admin my.own.box (the boxes host name) returns cyradm: cannot connect to server immediately. #sasldblistusers user: admin realm: my.own.box mech: PLAIN any ideas to help me? I really like Cyrus and want to get it up and running. Thanks, Jeff
sasldb odd location
my sasldb is called sasl.db and installed into /var/lib/sasl/ is there something I need to set for cyradm to see this? I've been having problems with cyradm connecting to the server and it never asks me for a password even tho' my mail admin is in the sasl db. i set it up like this: #./configure --without-notify --with-auth=unix --with-perl=/usr/bin/perl --disable-sieve and no compile errors noted. #cyradm -u admin localhost hangs for awhile then : #cyradm: cannont connect to server is returned and #cyradm -u admin my.own.box (the boxes host name) returns cyradm: cannot connect to server immediately. #sasldblistusers user: admin realm: my.own.box mech: PLAIN any ideas to help me? I really like Cyrus and want to get it up and running. Thanks, Jeff
Cyrus IMSP / ACAP
what does these do and are either req'd for cyrus-imapd-2.0.16 ? Jeff
cyrus admin
when I set cyrus up with SASL auth everything works well. then when I reboot I can't login under my cyrus admin any longer. I check the sasldbuserslist and the admin is still there. but the cyrus mail system is still working. the cyrus admin is not a real user on my system, does "he" need to be? any ideas? Jeff
RE: starting cyrus at boot?
Thankyou kind sir. Works great! regards, Jeff > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Darin > Perusich > Sent: Friday, March 08, 2002 5:52 AM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Re: starting cyrus at boot? > > > here's a script i use for starting/stopping/restart cyrus on my redhat > server. > > copy and paste this into a file in /etc/init.d or /etc/rc.d/init.d > depending on you system, call the file cyrus or whatever makes you > happy. > > chown root.root /etc/init.d/cyrus > chmod u+x /etc/init.d/cyrus > cd /etc/rc3.d > ln -s ../init.d/cyrus S99cyrus > ln -s ../init.d/cyrus K99cyrus > > you might need to modify some of the path names if you've installed > cyrus outside of the default locations. if you where running this on a > solaris 7 or 8 system you could use /usr/bin/pkill instead of > /usr/bin/killall and you'd want to place the rc script in /etc/rc2.d > instead of rc3.d. > > enjoy > > --BEGIN COPY-- > #!/bin/sh > # > # Start/Shut for cyrus master server process > # > > case "$1" in > 'start') > if [ -f /etc/cyrus.conf ] ; then > echo "Starting Cyrus Master Process" > /usr/cyrus/bin/master 1> /dev/console 2>&1 & > fi > ;; > > 'stop') > echo "Shutting down Cyrus Master Process" > /usr/bin/killall master 1>/dev/console 2>&1 > ;; > > 'restart') > echo "Restarting Cyrus Master Process" > /usr/bin/killall -HUP master 1>/dev/console 2>&1 > ;; > > *) > echo "Usage: $0 { start | restart | stop }" > ;; > esac > exit 0 > > --END COPY-- > > Jeff Bert wrote: > > > > I know this is a newbie question but with all I had to do to get cyrus > > installed my brain hurts... what's a good way to get cyrus > started at boot? > > > > thanks, > > > > Jeff > > -- > Darin Perusich > Unix Systems Administrator > Cognigen Corp. > [EMAIL PROTECTED] >
RE: adding users via script
Thanks all but it looks like the perl stuff is somewhat broken, cyradm works from the command line but everytime I run any of the scripts I've been sent I get this error: "Use of uninitialized value in subroutine entry at /usr/lib/perl5/site_perl/5.6.1/i386-linux/Cyrus/IMAP/Admin.pm line 78." One thing to note, when I compiled and installed cyrus-imapd-2.0.16 the perl modules Cyrus:IMAP ended up in /usr/local/lib/ but my perl is /usr/lib/perl5/... and cyradm didn't work until I copied the Cyrus folder with IMAP.pm etc. over to my perl install. so after I manually moved the modules then i could get cyradm to work. but the perl scripts trying to access the Cyrus::IMAP modules don't seem to. Jeff > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Steven M > Bloomfield > Sent: Friday, March 08, 2002 8:49 AM > To: Birger Toedtmann; Jeff Bert > Cc: [EMAIL PROTECTED] > Subject: Re: adding users via script > > > here's something really simple i threw together, hope it helps. > > #!/usr/local/bin/perl -w > # Really simple create mailbox script > # by Steven Bloomfield - [EMAIL PROTECTED] > # > # This script only creates a new mailbox, I use MySQL for authentication > # to execute from command line > # perl /path/to/adduser.pl username > # to execute within a PHP script > # > # I used $login as a variable passed from a form > # To see this script in action visit http://mail.manchester.com > # Thanks to david eitzinger for help with authenticating > pam->mysql database > > use Cyrus::IMAP::Admin; > > # hostname of IMAP server > $server = "localhost"; > > # user and password for cyradm > $user = "cyrususername"; > $pass = "cyruspassword"; > > # Authenticate > my $cyrus = Cyrus::IMAP::Admin->new($server); > $cyrus->authenticate(-mechanism => 'login', -user => $user, -password => > $pass); > die $cyrus->error if $cyrus->error; > > $adduser = $ARGV[0]; > $quota = "2000"; > my $mbox = 'user.' . $adduser; > > # Create the account > print STDERR "Creating $mbox on \n" if $debug; > $cyrus->createmailbox($mbox); > warn $cyrus->error if $cyrus->error; > # Set the quota > if ($quota) > { > print STDERR "Setting quota for $mbox to $quota\n" if $debug; > $cyrus->setquota($mbox, 'STORAGE', $quota); > warn $cyrus->error if $cyrus->error; > } > > > - Original Message - > From: "Birger Toedtmann" <[EMAIL PROTECTED]> > To: "Jeff Bert" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Friday, March 08, 2002 4:30 PM > Subject: Re: adding users via script > > > Jeff Bert schrieb am Fri, Mar 08, 2002 at 08:02:44AM -0800: > > I'm trying to find a script that will allow me to add users via a single > > command line entry. > > > > I found "imapcreate.pl" at sourceforge but it seems to choke on > every call > > to the Cyrus::IMAP libraries. > > > > Has anyone done something like this or modified this perl > script to work? > > I had this tiny one for testing, maybe you find it useful (but is perl as > well and uses Cyrus::IMAP, so if they are broken, you're lost) > > > Regards, > > Birger > > > >
adding users via script
I'm trying to find a script that will allow me to add users via a single command line entry. I found "imapcreate.pl" at sourceforge but it seems to choke on every call to the Cyrus::IMAP libraries. Has anyone done something like this or modified this perl script to work? Jeff
RE: starting cyrus at boot?
Tried that and didn't find one for cyrus-imapd > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Alain Tesio > Sent: Friday, March 08, 2002 1:34 AM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Re: starting cyrus at boot? > > > On Fri, 8 Mar 2002 01:03:01 -0800 > "Jeff Bert" <[EMAIL PROTECTED]> wrote: > > > Sure, I have: > > > > Linux Mandrake 8.1, kernel 2.4.8 > > > > I installed cyrus-imapd-2.0.16 from the tarball > > that I downloaded from the cyrus site. > > > > Jeff > > Go to rpmfind.net, download a rpm package for mandrake > and install it, it should be easier. > > Alain >
RE: starting cyrus at boot?
Sure, I have: Linux Mandrake 8.1, kernel 2.4.8 I installed cyrus-imapd-2.0.16 from the tarball that I downloaded from the cyrus site. Jeff > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Friday, March 08, 2002 12:56 AM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Re: starting cyrus at boot? > > > Hi, > > Please give us some more info, > > did you > - install from source? > - on what os? > - what cyrus version? > > Tarjei > > Jeff Bert wrote: > > >I know this is a newbie question but with all I had to do to get cyrus > >installed my brain hurts... what's a good way to get cyrus > started at boot? > > > >thanks, > > > >Jeff > > > > >
RE: cyrus and SSL/stunnel
Thanks, I got it to work finally, created the cert via: openssl req -new -x509 -days 365 -nodes -config /usr/lib/ssl/openssl.cnf \ -out /usr/cyrus/cyrus.pem -keyout /usr/cyrus/cyrus.pem then added these lines to my imapd.conf file: tls_ca_path: /usr/cyrus tls_ca_file: /usr/cyrus/cyrus.pem tls_cert_file: /usr/cyrus/cyrus.pem tls_key_file: /usr/cyrus/cyrus.pem and boom, it's working this way... now i have another question but I'll put that in another topic.. thanks all, good group here Jeff > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] > Sent: Thursday, March 07, 2002 11:14 PM > To: [EMAIL PROTECTED] > Subject: RE: cyrus and SSL/stunnel > > > On Thu, 7 Mar 2002, Jeff Bert wrote: > > > darnit, now you've got my curiosity peeked again ;) > > > > my "man imapd.conf" has no information about the tls_key_file > > stuff. > > > > any recommendations on type of cert/key to make? RSA? > > Have a short look on the file install-configure.html of the > doc-Directory in > your Cyrus-Source-Directory. > There is a short paragraph about Cyrus with TLS/SSL - how to create the > Certs and how to configure. > > HTH > Marko D. > > -- > GMX - Die Kommunikationsplattform im Internet. > http://www.gmx.net > >
starting cyrus at boot?
I know this is a newbie question but with all I had to do to get cyrus installed my brain hurts... what's a good way to get cyrus started at boot? thanks, Jeff
RE: cyrus and SSL/stunnel
darnit, now you've got my curiosity peeked again ;) my "man imapd.conf" has no information about the tls_key_file stuff. any recommendations on type of cert/key to make? RSA? Jeff > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Amos Gouaux > Sent: Thursday, March 07, 2002 10:13 PM > To: [EMAIL PROTECTED] > Subject: Re: cyrus and SSL/stunnel > > > >>>>> On Thu, 7 Mar 2002 21:40:50 -0800, > >>>>> Jeff Bert <[EMAIL PROTECTED]> (jb) writes: > > jb> I'm trying to get cyrus secured via SSL using stunnel and haven't been > jb> successful yet... this is what I've tried: > > jb> editted cyrus.conf: > > jb> SERVICES { > jb> ... > jb> ... > jb> pop3 cmd="/usr/sbin/stunnel -p > /etc/stunnel/stunnel.pem -l pop3d" > jb> listen="pop3" prefork=0 > jb> ... > jb> ... > jb> } > > jb> is anything like this possible? i need it secured via SSL for > Windoze users. > > You're working too hard. You can provide SSL (TLS) alternatives > like this: > > SERVICES { > ... > imaps cmd="imapd -s" listen="imaps" prefork=0 > ... > pop3s cmd="pop3d -s" listen="pop3s" prefork=0 > ... > } > > Then tell Cyrus where to find the certs using the imapd.conf > settings tls_key_file, tls_cert_file, tls_ca_path, and tls_ca_file. > See imapd.conf(5) for more info. Oh, and don't forget to list the > ports in /etc/services: > > imaps 993/tcp # imap via ssl > pop3s 995/tcp # pop via ssl > > > -- > Amos > >
cyrus and SSL/stunnel
I'm trying to get cyrus secured via SSL using stunnel and haven't been successful yet... this is what I've tried: editted cyrus.conf: SERVICES { ... ... pop3cmd="/usr/sbin/stunnel -p /etc/stunnel/stunnel.pem -l pop3d" listen="pop3" prefork=0 ... ... } is anything like this possible? i need it secured via SSL for Windoze users. Jeff