RE: c-client on Solaris 10 SPARC
Just to confirm, that gives me a clean build with no problems I just have to sort SSL out and rebuild Thanks very much Mark Jim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mark Crispin Sent: 06 December 2004 17:33 To: Jim Cc: [EMAIL PROTECTED] Subject: Re: c-client on Solaris 10 SPARC On Mon, 6 Dec 2004, Jim wrote: > Has anyone yet been able to compile c-client or imap-2004a on Solaris 10 > SPARC ? It's fixed in the imap-2004b development snapshot. ftp://ftp.cac.washington.edu/mail/imap-2004b.DEV.tar.Z -- Mark -- http://staff.washington.edu/mrc Science does not emerge from voting, party politics, or public debate. Si vis pacem, para bellum. --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.805 / Virus Database: 547 - Release Date: 03/12/2004 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.805 / Virus Database: 547 - Release Date: 03/12/2004
c-client on Solaris 10 SPARC
Has anyone yet been able to compile c-client or imap-2004a on Solaris 10 SPARC ? on a 'make gso' I keep encountering osdep.h:64 error: conflicting types for `scandir' /usr/include/dirent.h:92 error: previous decleration of `scandir' ***Error code 1 make: Fatal error: Command failed for target `osdep.o' not being a coder in any sense of the word I'm at a loss to sort this one so any pointers would be appreciated Thanks Jim --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.805 / Virus Database: 547 - Release Date: 03/12/2004 -- -- For information about this mailing list, and its archives, see: http://www.washington.edu/imap/c-client-list.html --
Re: strip @domain from usernames
On 11 Oct, 2004, at 15:32, Phil wrote: Jim Riggs wrote: In other words, if a user's client sends "USER [EMAIL PROTECTED]" I'd like them to simply be authenticated as "user" Is there a patch or some other simple modification that can be made to achieve this? Not very robust, but this should do what you want: Thanks, I'll give this a try. Out of curiosity, what makes this "not very robust?" It's just fairly stupid. ;-) All it looks for is an '@' in the username. It doesn't check for a valid domain name or anything like that...just the '@'. It should be fine for what you are trying to do, though. - Jim
Re: strip @domain from usernames
In other words, if a user's client sends "USER [EMAIL PROTECTED]" I'd like them to simply be authenticated as "user" Is there a patch or some other simple modification that can be made to achieve this? Not very robust, but this should do what you want: --- ipop3d.c~ Mon Jun 21 19:58:07 2004 +++ ipop3d.c Mon Oct 11 13:58:13 2004 @@ -268,6 +268,10 @@ host = cpystr (t);/* copy host name */ user = cpystr (s);/* copy user name */ } + else if (s = strchr (t,'@')) { + *s = '\0'; /* tie off user name */ + user = cpystr (t);/* copy user name */ + } /* local user name */ else user = cpystr (t); PSOUT ("+OK User name accepted, password please\015\012");
Re: imap server and S/MIME issues with attachments
On 21 Sep, 2004, at 12:17, Noam Bernstein wrote: Hi - I'm having problems reading S/MIME signed e-mail with attachments when I get the mail through the UW imap daemon. The server is a SuSE 9.0 machine running imap-2002d-55. The client is a Mac OS 10.3 running Thunderbird 0.8. I have no problems with S/MIME in my setup: Server: darwin 6.6/imap-2002e Client: Mac OS X (10.3) Mail
Re: Using existing web server cert with ipop ssl
Randall Perry <[EMAIL PROTECTED]> wrote: > > Is there a FAQ showing how to do this? I tried about a year ago but gave up > do to lack of information. I don't know if there's a FAQ, but there were these recent posts on the issue to the mailing list: | From: Kai Lanz <[EMAIL PROTECTED]> | Subject: UW imapd and InstantSSL certs | | | We currently run imapd-2002e and support SSL authentication using | a certificate from Verisign. That cert is about to expire, and we're | replacing it with certs from InstantSSL (much much cheaper). | | It was easy to prepare the Verisign certs for use with imapd -- just | concatenate the server private key and the host certificate into | a file called imapd.pem and stick that in /local/ssl/certs/: | | cat server.key pangea.crt > imapd.pem | | InstantSSL gives us *two* certificates: a host certificate and a CA | certificate, i.e. a Comodo intermediate certificate. Can the UW imapd | work with this certificate-plus-intermediate configuration? What do | I need to do to prepare our new imapd.pem? | | -- Kai Lanz [EMAIL PROTECTED] | From: Mark Crispin <[EMAIL PROTECTED]> | Subject: Re: UW imapd and InstantSSL certs | | On Thu, 1 Jul 2004, Kai Lanz wrote: | > InstantSSL gives us *two* certificates: a host certificate and a CA | > certificate, i.e. a Comodo intermediate certificate. Can the UW imapd | > work with this certificate-plus-intermediate configuration? What do | > I need to do to prepare our new imapd.pem? | | I don't know enough about this to give a guaranteed answer. Hey, I just | wrote the code, what makes anyone thing I know anything! :-) | | But anyway, it sounds to me that your host certificate is what would | become your imapd.pem (and is a private key for imapd). | | Separately, you want to install the CA certificate, including making the | funny symlink via | ln -s Comodo.pem `/usr/local/ssl/bin/openssl x509 -noout -hash < Comodo.pem`.0 | (substitute the CA certificate's file name for "Comodo.pem") which will | make a symlink with an 8-digit hex value and an extension of .0 that | points to the CA certificate's PEM file | | The CA certificate is for Pine to be able to validate what IMAP offers; so | the CA certificate should be publicly-readable and the imapd.pem should be | read-protected. | | -- Mark -- | From: [EMAIL PROTECTED] (Jim Seymour) | Subject: Re: UW imapd and InstantSSL certs | | Kai Lanz <[EMAIL PROTECTED]> wrote: | > | > | [snip] | > | > InstantSSL gives us *two* certificates: a host certificate and a CA | > certificate, i.e. a Comodo intermediate certificate. Can the UW imapd | > work with this certificate-plus-intermediate configuration? What do | > I need to do to prepare our new imapd.pem? | | Luckily (for you) I just went through this. (UW IMAP's pop3d and | Postfix SMTP-AUTH/TLS/STARTTLS) | | There will be four components to what you'll have to put in imapd.pem, | when using InstantSSL/Comodo certs: | |Server private key |Your server cert. |N-year Comodo intermediate cert. |GTE N-year root (?) cert. | | I don't know if the order's important, but that's the order I put them | in. | | Hope this helped. | | (Btw: I've been quite pleased with InstantSSL.) | | Jim | | From: Kai Lanz <[EMAIL PROTECTED]> | Subject: SUMMARY: UW imapd and InstantSSL certs | | | Thanks to Mark Crispin and Jim Seymour for their quick responses. | I had asked about setting up the imapd.pem file using the several | certificates we get from InstantSSL. | | Jim's suggestion seems to be working for us: | | >There will be four components to what you'll have to put in imapd.pem, | >when using InstantSSL/Comodo certs: | > | > Server private key | > Your server cert. | > N-year Comodo intermediate cert. | > GTE N-year root (?) cert. | | I catted these four files into a new imapd.pem for our server: | | # cat server.key ourhost_domain_edu.crt ComodoSecurityServicesCA.crt \ | GTECyberTrustGlobalRoot.crt > imapd.pem.new | | Tests with Eudora and the MacOS X Mail.app clients worked as expected. | I'll probably set up the symlink Mark mentioned as well. | So there you go, Randall, hope this helps. Jim
Re: Help Running UW-IMAPD Under Cygwin
I'm trying to get an IMAP server running, and it seems my only option today is uw-imapd. The cygwin package for that is installed, and I created an 'imap' file under xinetd.d with the following: But I cannot make any connection to localhost:143 (nothing listening). I can connect to the other xinetd services fine (ftp), just not this one, and I've checked that 'imap' was in /etc/services. I've done a ton of searching to get where I am, but now I'm at a dead end. Any ideas? Did you restart or kill -HUP xinetd after creating the imap file? What do the xinetd log entries in syslog say? It should pick up the new imap service... - Jim
Re: UW imapd and InstantSSL certs
Kai Lanz <[EMAIL PROTECTED]> wrote: > > [snip] > > InstantSSL gives us *two* certificates: a host certificate and a CA > certificate, i.e. a Comodo intermediate certificate. Can the UW imapd > work with this certificate-plus-intermediate configuration? What do > I need to do to prepare our new imapd.pem? Luckily (for you) I just went through this. (UW IMAP's pop3d and Postfix SMTP-AUTH/TLS/STARTTLS) There will be four components to what you'll have to put in imapd.pem, when using InstantSSL/Comodo certs: Server private key Your server cert. N-year Comodo intermediate cert. GTE N-year root (?) cert. I don't know if the order's important, but that's the order I put them in. Hope this helped. (Btw: I've been quite pleased with InstantSSL.) Jim
UW IMAPd cluster, traditional UNIX spool format, options?
Hi c-client readers - We're attempting to replace our existing mail server here with a cluster of Linux nodes running sendmail/procmail/UW IMAPd. The Linux nodes use are attached to shared storage (SAN) and using Sistina's GFS to manage the locking. The locking appears to be working just fine - no mailboxes are getting stepped on, no mail is getting lost. However, we are running into a problem where an old stale imapd is running, and new ones can't start up. (e.g. someone left their MUA running at the office, now they're at home trying to check their mail with another MUA.) The new IMAP client is able to log in and check their mail, but they're stuck read-only - they can't get read-write mode like we could when all the imapds were on the same host. In searching through the code, I can see that when imapd can't get a RW lock on the mailbox, it looks for the other imapd's PID and sends the "kiss-of-death" (SIGUSR2). The other imapd is supposed to give up the lock, then the first imapd can get it. Of course, this doesn't work when the imapds are on separate hosts. :-) So, we see that we have at least 2 options: - Move to a different mailbox format, one that supports multiple access (mbx). Frankly, this scares us, since we have around 40,000 users - this is going to be a complex enough conversion as it is. - Alter unix.c and other files to send the kiss-of-death to the actual host the imapd is running on. (Anyone done this already?) Does anyone have any other suggestions about these, or other options we should consider? We realize we could do some type of proxy-based or DNS-based routing of users to specific mail hosts, but we'd like to avoid that if possible... -- Jim Lawson University of Vermont -- -- For information about this mailing list, and its archives, see: http://www.washington.edu/imap/c-client-list.html --
Re: Compile error(s) on Solaris 9
Eric Izenas <[EMAIL PROTECTED]> wrote: > > > Hi, > > I'm trying to compile imap-2002e on a Solaris 9 box. > > When I run 'make gso' the compile starts but exits with the following > error(s): [snip] > ARCHIVE: ar: not found [snip] > ARCHIVE: ar: not found [snip] > > > Can anyone help me here? Any info is appreciated. Maybe find out where "ar" lives and make sure said directory is in your $PATH? $ uname -a SunOS jimsun 5.7 Generic_106541-27 sun4u sparc SUNW,UltraSPARC-IIi-Engine $ whence ar /usr/ccs/bin/ar -- Jim Seymour| Spammers sue anti-spammers: [EMAIL PROTECTED] | http://www.LinxNet.com/misc/spam/slapp.php http://jimsun.LinxNet.com | Please donate to the SpamCon Legal Fund: | http://www.spamcon.org/legalfund/
Re: Using imapd on ports 143 & 993 (SSL) simultaneously?
Is it possible to compile imapd so that it will accept unencrypted logins and sessions on port 143 and also encrypted sessions via SSL on port 993, and if so how? Look through docs/SSLBUILD in the source distribution. It describes the process in detail. Make sure you set up your inetd/xinetd config properly (assuming a Unix-type system).
Which Tarball?
Okay, maybe I'm blind or stupid ;), but which IMAP tarball should I download? The FTP directory shows an imapd-2002d.tar.Z, dated 07/15/03, and an imap.tar.Z dated 06/16/03. I'm *guessing* the latter, but lacking a revision number... Which is recommended for production environments? Thanks, Jim -- Jim Seymour | PGP Public Key available at: [EMAIL PROTECTED] | http://www.uk.pgp.net/pgpnet/pks-commands.html http://jimsun.LinxNet.com| -- -- For information about this mailing list, and its archives, see: http://www.washington.edu/imap/c-client-list.html --
Re: Cyrus SASL Authenticator
I received several notes regarding interest in this, so I have posted a README and the code. Please let me know if you come across any problems with it. http://jimandlissa.com/darwin/auth_cyr/ - Jim Having had this need/desire for quite some time (and having seen similar requests in the list archives), this past weekend I finally sat down and pounded out a c-client server AUTHENTICATOR that authenticates imapd/ipop[23]d using Cyrus SASL. Why? Well, I am using Postfix + Cyrus SASL for SMTP authentication, and keeping cram-md5.pwd in sync with Cyrus's DB has proven to be a pain. This way, one sasldb or mysql table or whatever Cyrus SASL is using can authenticate POP, IMAP, and SMTP via SASL, something I have wanted for a long time. Since Cyrus SASL dynamically loads mechanisms, I had to do some special handling to get c-client to essentially dynamically load them as well (which it doesn't technically support). It also handles plain text and APOP authentication with a couple of changes to ipop3d.c and osdep/*/env_*.c. I have done testing with plain, APOP, LOGIN, CRAM-MD5, and DIGEST-MD5 on Darwin, and all seems to be working properly; however, this has not been stress-tested and should be considered beta quality at best. If you think this could be useful, please provide feedback and help me with testing. If anyone is interested in more details and/or the code, I can post more information on the list or on a website. Just let me know.... - Jim
Cyrus SASL Authenticator
Having had this need/desire for quite some time (and having seen similar requests in the list archives), this past weekend I finally sat down and pounded out a c-client server AUTHENTICATOR that authenticates imapd/ipop[23]d using Cyrus SASL. Why? Well, I am using Postfix + Cyrus SASL for SMTP authentication, and keeping cram-md5.pwd in sync with Cyrus's DB has proven to be a pain. This way, one sasldb or mysql table or whatever Cyrus SASL is using can authenticate POP, IMAP, and SMTP via SASL, something I have wanted for a long time. Since Cyrus SASL dynamically loads mechanisms, I had to do some special handling to get c-client to essentially dynamically load them as well (which it doesn't technically support). It also handles plain text and APOP authentication with a couple of changes to ipop3d.c and osdep/*/env_*.c. I have done testing with plain, APOP, LOGIN, CRAM-MD5, and DIGEST-MD5 on Darwin, and all seems to be working properly; however, this has not been stress-tested and should be considered beta quality at best. If you think this could be useful, please provide feedback and help me with testing. If anyone is interested in more details and/or the code, I can post more information on the list or on a website. Just let me know.... - Jim -- -- For information about this mailing list, and its archives, see: http://www.washington.edu/imap/c-client-list.html --
Re: ipop[23]d and NIS+?
> > > > [snip] > > > > If Pegasus is not using SSL or TLS encryption, that is probably the > > problem; the default build does not allow plaintext password > > authentication except in SSL or TLS encrypted sessions. > > I was just getting to those bits in the docs/BUILD file. That's > most likely it. Thanks. [snip] That was it all right, Mark. Sorry to bother the list with something that was documented :(. And thanks again for the help. Thanks, Jim -- Jim Seymour | PGP Public Key available at: [EMAIL PROTECTED] | http://www.uk.pgp.net/pgpnet/pks-commands.html http://jimsun.LinxNet.com|
Re: ipop[23]d and NIS+?
> [snip] > > If Pegasus is not using SSL or TLS encryption, that is probably the > problem; the default build does not allow plaintext password > authentication except in SSL or TLS encrypted sessions. I was just getting to those bits in the docs/BUILD file. That's most likely it. Thanks. > > If you gave the exact text of the error message from the server, it'd be > possible to determine this for sure. A 'snoop" revealed "-ERR Unknown AUTHORIZATION state command." Is this what you're looking for? I imagine I need to rebuild with "SSLTYPE=none" to "fix" this? Thanks, Jim -- Jim Seymour | PGP Public Key available at: [EMAIL PROTECTED] | http://www.uk.pgp.net/pgpnet/pks-commands.html http://jimsun.LinxNet.com|
ipop[23]d and NIS+?
Hi There, We are running Sparc Solaris 2.5.1 and using NIS+. I just built and installed imap-2002b at work. /etc/services, services.org_dir and /etc/inetd.conf all set. imapd, ipop[23]d in place with ownerships and perms all good. Yet when somebody on a POP client (happens to be Pegasus) tried to fetch their email, they got an "invalid password" type response from the uw-imap POP daemon. Any ideas? Thanks, Jim -- Jim Seymour | PGP Public Key available at: [EMAIL PROTECTED] | http://www.uk.pgp.net/pgpnet/pks-commands.html http://jimsun.LinxNet.com| -- -- For information about this mailing list, and its archives, see: http://www.washington.edu/imap/c-client-list.html --