can't login in cyrus-imapd
Hi. I'm not a newbie. I've been using cyrus-imapd since 1.5.19. I successfully installed cyrus-imapd-16.19 rpm for rh6.2 Now I wanted to install it in a rh7.1 box but after solving many problems now I'm facing one I can't manage. I have: cyrus-sasl-1.5.24-17 cyrus-imapd-2.0.9-3 Now I just can't login using cyradm localhost nor telnetting to port 110. I've spent many hours searching mail archives and google and I'm about to give up. Please someone give me a hint. I'm sure I'm missing something obvious. Thank you for your time. I see messages like this: Sep 27 10:46:55 gaherma master[19344]: about to exec /usr/cyrus/bin/imapd Sep 27 10:46:55 gaherma service-/usr/cyrus/bin/imapd[19344]: executed Sep 27 10:46:55 gaherma imapd[19344]: accepted connection imap(pam_unix)[19421]: authentication failure; logname= uid=76 euid=76 tty= ruser= rhost= user=root ##/etc/imapd.conf configdirectory: /var/imap partition-default: /var/spool/imap admins: cyrus root eva allowanonymouslogin: no #sasl_pwcheck_method: sasldb sasl_pwcheck_method: pam #I tried method: passwd, shadow, pam, sasld.# My cyrus user: uid=76(cyrus) gid=12(mail) grupos=12(mail),0(root),76(shadow) The shadow and sasld files: -rw-r-1 root mail 1905 sep 27 08:33 /etc/shadow -rw-r--r--1 cyrusroot12288 sep 27 11:02 /etc/sasldb #/etc/cyrus.conf START { # do not delete these entries! mboxlist cmd=ctl_mboxlist -r deliver cmd=ctl_deliver -r } SERVICES { # add or remove based on preferences imap cmd=/usr/cyrus/bin/imapd listen=imap prefork=0 imaps cmd=/usr/cyrus/bin/imapd -s listen=imaps prefork=0 pop3 cmd=/usr/cyrus/bin/pop3d listen=pop3 prefork=0 pop3s cmd=/usr/cyrus/bin/pop3d -s listen=pop3s prefork=0 sieve cmd=/usr/cyrus/bin/timsieved listen=sieve prefork=0 lmtpunix cmd=/usr/cyrus/bin/lmtpd listen=/var/imap/socket/lmtp prefor k=0 } EVENTS { checkpointcmd=ctl_mboxlist -c period=30 } #/etc/pam.d/imap## #%PAM-1.0 auth required /lib/security/pam_stack.so service=system-auth accountrequired /lib/security/pam_stack.so service=system-auth #/etc/pam.d/pop### #%PAM-1.0 auth required /lib/security/pam_stack.so service=system-auth accountrequired /lib/security/pam_stack.so service=system-auth -- --Frankie
back to lmtpd problems
I've discussed this problem some time ago, known as forking problem. Turned out to be db3 locking problem or whatever. Anyway, here's something I experience right now: Let me begin with my system description. It's Linux RedHat 7.0 with kernel 2.4.2-0.1.28smp running at dual p3/550 with 768 mb ram and several scsi hdds. There are 10 registered users in the system, however only half are active. Currently I am running: 1) cyrus-imapd 2.0.16 2) pam_mysql 3) libdb-3.3 4) sendmail 8.12.0 5) kaspersky avp for linux 6) poprelay Sendmail works in queue mode, -q1m During that minute it is queuing e-mails everything is fine -- e-mails are checked for viruses and if everything is fine, placed in queue. At peak time, the system receives up to 300-400 e-mails per that minute. Once it starts to deliver the e-mails locally, the problems begin. sendmail opens huge number of connections to localhost, which look like that: ... sendmail: ./f8RAK8Jw015602 localhost: client DATA sta sendmail: ./f8RAJ81C015613 localhost: client DATA sta sendmail: ./f8RAJ8WU015726 localhost: client DATA sta sendmail: ./f8RAJ8Vm015734 localhost: client DATA sta sendmail: ./f8RAK372016522 localhost: client DATA sta sendmail: ./f8RAK6pN016557 localhost: client DATA sta sendmail: ./f8RAK6fs016567 localhost: client DATA sta ... and the system launches approx the same number of lmtpds. The e-mails are being delivered, but EXTREMELY slow. I don't know where the problem is, however the system is unable to deliver more than 100-200 e-mails per minute. As you understand, while it is delivering 100-200 e-mails from queue, 300-400 new e-mails come. At next minute it opens even more lmtpds and within 30-40 minutes it just dies with memory overflow message. I've tried everything, but don't know where the problem is. Here are my config files: cyrus.conf: START { mboxlist cmd=ctl_mboxlist -r deliver cmd=ctl_deliver -r } SERVICES { imap cmd=/usr/cyrus/bin/imapd listen=imap prefork=1 pop3 cmd=/usr/cyrus/bin/pop3d listen=pop3 prefork=1 sieve cmd=/usr/cyrus/bin/timsieved listen=sieve prefork=0 lmtpunix cmd=/usr/cyrus/bin/lmtpd listen=/var/imap/socket/lmtp prefork=1 maxchild=50 } EVENTS { checkpointcmd=ctl_mboxlist -c period=30 #delprune cmd=ctl_deliver -E 3 period=1440 } imapd.conf: configdirectory: /var/imap partition-default: /inbox1 partition-usr2: /inbox2 partition-usr3: /inbox3 partition-usr4: /inbox4 partition-usr5: /inbox5 admins: support allowanonymouslogin: no autocreatequota: 5000 quotawarn: 90 defaultacl: lrswipcda sievedir: /var/imap/sieve postmaster: support reject8bit: no sasl_pwcheck_method: pam sendmail.mc: include(`/usr/lib/sendmail-cf/m4/cf.m4') VERSIONID(`linux setup for Red Hat Linux')dnl OSTYPE(`linux') define(`confDEF_USER_ID',``8:12'')dnl undefine(`UUCP_RELAY')dnl undefine(`BITNET_RELAY')dnl define(`confTO_CONNECT', `1m')dnl define(`confBIND_OPTS',`-DNSRCH -DEFNAMES')dnl define(`confTRY_NULL_MX_LIST',true)dnl define(`confDONT_PROBE_INTERFACES',true)dnl define(`confTO_IDENT',`0')dnl define(`confLOCAL_MAILER',`cyrus')dnl define('ALIAS_FILE','/etc/aliases')dnl define(`STATUS_FILE', `/var/log/sendmail.st')dnl define('AVP_LOCAL_HACK')dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl FEATURE(`mailertable',`hash -o /etc/mail/mailertable')dnl FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable')dnl FEATURE(redirect)dnl FEATURE(always_add_domain)dnl FEATURE(use_cw_file)dnl FEATURE(`access_db')dnl FEATURE(`blacklist_recipients')dnl FEATURE(dnsbl, `blackholes.mail-abuse.org', `Rejected - see http://www.mail-abuse.org/rbl/')dnl FEATURE(dnsbl, `dialups.mail-abuse.org', `Dialup - see http://www.mail-abuse.org/dul/')dnl FEATURE(dnsbl, `relays.mail-abuse.org', `Open spam relay - see http://www.mail-abuse.org/rss/')dnl FEATURE(`delay_checks')dnl Klocalip hash -aMATCH /etc/mail/localip Kpopip hash -aMATCH /etc/mail/popip FEATURE(`accept_unresolvable_domains')dnl MAILER(avpkeeper)dnl MAILER(smtp)dnl MAILER(local)dnl MAILER_DEFINITIONS Mcyrus, P=[IPC], F=lsDFMnqA5@/:|SmXz, E=\r\n, S=EnvFromL, R=EnvToL/HdrToL, T=DNS/RFC822/X-Unix, A=FILE /var/imap/socket/lmtp LOCAL_RULE_0 Rbb + $+ @ $=w . $#cyrus $: + $1 LOCAL_RULESETS # if there's a plus part, we want to directly deliver it SLocal_localaddr R$+ + $*$#cyrus $@ $: $1 + $2 SLocal_check_rcpt # Put the address into cannonical form (even if it doesn't resolve to an MX). R$* $: $Parse0 $3 $1 R$* $* $* $: $1 $2 . $3 Pretend it's canonical. R$* $* . . $* $1 $2 . $3 Remove extra dots. # Allow relaying if the connected host is a local IP address. R$*
Re: back to lmtpd problems
Nick Ustinov ha escrito: It's Linux RedHat 7.0 with kernel 2.4.2-0.1.28smp running at dual p3/550 and the system launches approx the same number of lmtpds. The e-mails are being delivered, but EXTREMELY slow. I don't know where the problem is, however the system is unable to deliver more than 100-200 e-mails per minute. As you understand, while it is delivering 100-200 Hi Nick. I've had no such scenario but let me guess something (that could be completely wrong). My bet is your problem is in disk speed. You have a limit of concurrent delivering caused by your drive. When it reaches that limit it gets worse. I'd try to set a max number of concurrent delivering lmtpd processes in sendmail. I'd also buy faster scsi drives. Another thing you could consider is replace sendmail and start using postfix. I've seen reports of incredible number of mails delivered and I've been using it in many servers happilly. It supports cyrus, lmtpd and avp. In the postfix mailing list I've seen people who have a lot of users like you. Maybe you should check the postfix archives or subscribe to the list. ( low noise ). -- --Frankie
RE: back to lmtpd problems
Francesc, Thanks for the idea, however the tests show that disk speed is quite enough (and I guess there are no much faster drives I can get on the market right now :). The problem could be in db3 locking or something like that, which is linux specific. As for sendmail--postfix change -- I might want to try that, however I am not experienced in postfix and the system is quite critical, it's not that easy. Anyway, this looks like cyrus problem -- the fact is that sendmail works FASTER than lmtpd causes the bottlenecks. Nick. -Original Message- From: Francesc Guasch [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 13:20 Cc: '[EMAIL PROTECTED]' Subject: Re: back to lmtpd problems Nick Ustinov ha escrito: It's Linux RedHat 7.0 with kernel 2.4.2-0.1.28smp running at dual p3/550 and the system launches approx the same number of lmtpds. The e-mails are being delivered, but EXTREMELY slow. I don't know where the problem is, however the system is unable to deliver more than 100-200 e-mails per minute. As you understand, while it is delivering 100-200 Hi Nick. I've had no such scenario but let me guess something (that could be completely wrong). My bet is your problem is in disk speed. You have a limit of concurrent delivering caused by your drive. When it reaches that limit it gets worse. I'd try to set a max number of concurrent delivering lmtpd processes in sendmail. I'd also buy faster scsi drives. Another thing you could consider is replace sendmail and start using postfix. I've seen reports of incredible number of mails delivered and I've been using it in many servers happilly. It supports cyrus, lmtpd and avp. In the postfix mailing list I've seen people who have a lot of users like you. Maybe you should check the postfix archives or subscribe to the list. ( low noise ). -- --Frankie
quota abstraction idea, comments ?
Hi, I was thinking about creating a deamon that would do quota operations in the cyrus system. One could then write the functions used by deamon for seting and reading the quota. In such a configuration one could store the information in: - files as it happens now - SQL database and so on. Such a setup would for example allow for storing quota information in the central database for separate servers. Do you have any comments, maybe somebody is working on something like this ? Helmut Apfelholz __ Do You Yahoo!? Listen to your Yahoo! Mail messages from any phone. http://phone.yahoo.com
Re: What's better or new in ver 2.1?
Horst Lederhaas wrote: Hello ! I've heard much from the new Cyrus 2.1, but what's new or better in this version? Are there more features? Where can i read something about ver. 2.1? Here's a brief list that I threw together into doc/change.html. I'm sure that Larry will expound on these terse descriptions before 2.1 is released. Changes to the Cyrus IMAP Server since 2.0.16 altnamespace unixhierarchysep SSL/TLS session caching support for IMAP CHILDREN LISTEXT extensions check recipient quota ACL at time of RCPT TO: support for LMTP STARTTLS SIZE extensions unified deliver.db (using cyrusdb interface) fixed STORE FLAGS () bug fixed SEARCH SUBJECT vs. SEARCH HEADER SUBJECT bug users without an INBOX can have subscriptions added cyrusdb_db3_nosync backend do setgid and initgroups in master configure now checks for DB3.3 SQUAT (Rob O'Callahan) change SEARCH HEADER to SEARCH where possible (Rob O'Callahan) improved directory hashing (Gary Mills ) use of EGD for SSL/TLS (Amos Gouaux ) separate certs/keys for services (Henning P. Schmiedehausen ) ability to force ipurge to traverse personal folders (Carsten Hoeger ) fixed zero quota bugs in cyradm (Leena Heino ) ignore trailing whitespace in imapd.conf Received: header (with TLS and AUTH info) added '-i' switch to sendmail command line for SIEVE reject, redirect and vacation reconstruct -m works again??? -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Eudora and ssl/tls and cyrus
On Thu, 27 Sep 2001 01:05:53 -0400, Nick Simicich [EMAIL PROTECTED] (ns) writes: ns I did some searches in the archives. If there is anything similar, ns searching on Eudora and ssl or tls didn't find it. Eudora will not ns complete TLS negotiation with Cyrus. Are you attempting to use the 'alternate port' configuration, or the 'starttls' configuration? I ask because we were able to get the 'alternate port' configuration to work, but not the other. Turns out that Eudora actually tries to do 'startssl' instead of 'starttls'. (No, 'startssl' doesn't exist.) If this sounds like it might be your situation, either use the 'alternate port' or make a small change to the Cyrus code (I forget exactly where) so that it will tolerate this non-standard 'startssl'. I understand this has been reported to Eudora. -- Amos
Microsoft Outlook Express Logon using Secure Password Authentication option.
Can the above option be used with cyrus imap ? If so, how ? Cheers James -- Nothing in this world is exactly what it appears to be.
Cyrus with Exim: Sieve problems
Hi, I use cyrus-imap-2.0.16 with Exim 3.32 on Linux with LMTP delivery via localhost. It works but when it comes to Sieve there's a problem. When lmtpd detects in a user's sieve script a redirect (or vacation) action it calls /usr/lib/sendmail -f from-address -- to-address and pipes the messages to it (as I read lmtpd.c right). In my installation this sendmail is exim actually. When to-address is an external address it works as expected. When to-address is a local address, the message is given from exim to LMTP for this user and weird things happen: an empty line occures in the header part - so the message is broken (no duplicate delivery suppression -dangerous-, as the Message-Id is after the empty line!). I detected that lmtpd gives the message to sendmail (exim in my case) with CRLF on line ends. This causes the problem with exim - I added exim's -dropcr flag and it works. So, where is the problem - when is the extra line feed added? Does anyone have an idea how to track this down? Should lmtpd pipe the message without CRLF to the local sendmail command? Thanks, Frank -- Email: [EMAIL PROTECTED] http://www.tu-chemnitz.de/~fri/ Work: Computing Services, Chemnitz University of Technology, Germany
Re: back to lmtpd problems (ot)
and I've been using it in many servers happilly. It supports cyrus, lmtpd and avp. Note however that you should not use avpkeeper, but instead the programe avcheck made by Ralf Hildebrandt. It offers better performance and higher security. Also, I only had problems combining avpkeeper and postfix, but using avcheck with kavdaemon works like a charm. Tarjei In the postfix mailing list I've seen people who have a lot of users like you. Maybe you should check the postfix archives or subscribe to the list. ( low noise ). -- --Frankie
Re: AARRGGGHHHHHHH!!!! deliver - lmtp - cyrus still not working!
Now that all is working well, would you mind making a brief sumary to what is needed (deliverymethods, account ACL's etc. ) to make plussed users work? I'd like to add it to the faq. Tarjei Louis LeBlanc wrote: On 09/26/01 07:09 PM, Ken Murchison sat at the `puter and typed: all p this *should* be 'anyone', NOT 'all' as has been stated before. THHWWAACK!! (a good wack upside the head) You know, I just can't even tell you how *mortified* I am that I could make such a STUPID mistake! I mean, I knew it would turn out to be some dumb little thing, but this gets it. I apologise profusely for taking your precious time to help me with such a DUNCE mistake, and I appreciate that you were willing to do so. Of course, your solution is correct. All works as hoped. Thanks! Lou -- Louis LeBlanc [EMAIL PROTECTED] Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://acadia.ne.mediaone.net ԿԬ genealogy, n.: An account of one's descent from an ancestor who did not particularly care to trace his own. -- Ambrose Bierce
RE: What is the best way to backup the email boxes in cyrus imap.
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Michael Salmon Sent: 26 September 2001 08:17 To: [EMAIL PROTECTED] Subject: Re: What is the best way to backup the email boxes in cyrus imap. On Friday, September 21, 2001 07:40:50 PM +0100 James Courtier-Dutton [EMAIL PROTECTED] wrote: +-- | Hello | What is the best way to backup email boxes in cyrus imap? I think that you are confusing cyrus with UW. The message files aren't ever changed and hence cannot be corrupted, the cyrus.* files change but as there aren't any tools to merge 2 copies they aren't worth backing up. That just leaves the mailbox file which only changes when you change acl's. Once again this would be a difficult file to recover but it is too important to ignore. /Michael So if I only backup the message files and the acl's. When I restore everything on a new machine, will the cyrus.* files create themselves ? The backup I want is just so that in a disaster situation, I can reload all the email from backup onto a new machine. Cheers James
Re: back to lmtpd problems (ot)
AFAIK it only works with the postfix filtering code, but I think you could write sendmailrules for it (you can do anything w/sendmail ;) . Tarjei Nick Ustinov wrote: Should I use avcheck instead of avpkeeper with sendmail as well, or that's just for postfix? -Original Message- From: Tarjei Huse [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 17:15 To: Francesc Guasch Cc: '[EMAIL PROTECTED]' Subject: Re: back to lmtpd problems (ot) and I've been using it in many servers happilly. It supports cyrus, lmtpd and avp. Note however that you should not use avpkeeper, but instead the programe avcheck made by Ralf Hildebrandt. It offers better performance and higher security. Also, I only had problems combining avpkeeper and postfix, but using avcheck with kavdaemon works like a charm. Tarjei In the postfix mailing list I've seen people who have a lot of users like you. Maybe you should check the postfix archives or subscribe to the list. ( low noise ). -- --Frankie
Re: Eudora and ssl/tls and cyrus
I apologize that this is a FAQ and will now scurry off to recompile. Yep, that does it, it established a sslV3 connection immediately, authenticated without a problem. Are there more Eudora related questions in this 2.1 FAQ? Is it available anywhere? Ah, you said it was available in CVS, I'll try to figure out how to access it, I'm not a CVS maven by any stretch of the imagination, I think I used it from a cookbook once several years ago. I will write a note to their tech support. RFC2246 describes TLS. It looks like the Standards Track RFC that requires TLS for the STARTTLS command is RFC2595, specifically section 2.1, Cipher Suite Requirements. So it looks like they are in violation of 2595. Perhaps the FAQ should be updated to point to 2595, the requirement that TLS is a requirement for implementation of the STARTTLS command is very clear there. At 08:16 AM 9/27/2001 -0400, Ken Murchison wrote: Nick Simicich wrote: I did some searches in the archives. If there is anything similar, searching on Eudora and ssl or tls didn't find it. Eudora will not complete TLS negotiation with Cyrus. I am running Redhat Roswell (the current Redhat Beta, 7.1+) on an Intel box. I am running cyrus-imapd-2.0.15-HIERSEP-r2, and (from the Redhat rpm) openssl-0.9.6b-7. I have generated a server key that works with Eudora 5.1 when I use it to communicate with smtp and Postfix. It is not signed by a known CA but Eudora allows you to trust a particular certificate. smtp goes through the postfix use of the SSL library. However, when I use that same key to connect to imap on the alternate port, things just don't work. The message (from Eudora) is: SSL Negotiation failed: You have configured the personality/protocol to reject any exchange key lengths below 0. But the negotiated exchange key length is -1. Hence this established secure channel is unacceptable. Connection will be dropped. Cause: (-6996) From doc/faq.html in CVS (to be inluded in the 2.1 release): Q: Eudora 5.x can't connect using STARTTLS (SSL Neogotiation Failed). What should I do? A: First, complain to QUALCOMM because their STARTTLS implementation is broken. Eudora doesn't support TLSv1 (per RFC2246) and Cyrus requires it. If you really need this before it is fixed in Eudora, remove or comment out the following lines in tls.c: if (tlsonly) { off |= SSL_OP_NO_SSLv2; off |= SSL_OP_NO_SSLv3; } FYI, I have complained to QUALCOMM with no response. Perhaps if more people complain, they will do something about it. After all, the command IS called STARTTLS and not STARTSSL. -- We often hear of war described as if it were some kind of impersonal affliction, such as the Black Plague or famine.The fact is that war is not just something that happens, it is something that people make happen, and they make it happen for reasons. As Clausewitz said, war is the continuation of politics by other means. Exactly. War is neither a hurricane nor a flood. It is, on the contrary, the cutting edge of ideology. -- Jeff Cooper Nick Simicich - [EMAIL PROTECTED] - http://scifi.squawk.com/njs.html
mailbox migration
Hi, I have to admit a fair amount of greenness in this so bear with me. I'm trying to migrate the mailboxes from a solaris 7 box running Cyrus IMAP 1.5.19 to a FreeBSD 4.4 box running Cyrus 2.0.14. If anyone has a guide or a URL to do this I'd be extremely grateful for any knowledge anyone can lend. Thanks in advance. Jesse Ahrens Unix Systems Administrator Meridian Advertising 4850 G St. Omaha, NE 68117 402-733-6400 x266
Re: mailbox migration
This morning, I just finished completing exactly what you are doing (except we use FreeBSD on both systems) by migrating from 1.5.19 to 2.0.14. Here is a quick guide (I wrote everything down...): Copy the 'mailboxes' file from the old Cyrus 1.5.19 to the new machine somewhere. Run the command: su cyrus_user -c "/path/to/cyrus-2.0.14/bin/ctl_mboxlist -u /path/to/old/cyrus/mailboxes" This command creates a mailboxes.db with the information from the old mailboxes file. I created a dot-patch (user/ instead of user.) a while ago for my customers, which means I had to edit the 'mailboxes' file and replace all dots with slashes before I could import it into Cyrus 2.0.14. You can safely skip any modifications to the 'mailboxes' file. Tar up your mailstore on the old server. ie: tar -zcvf cyrus-mboxes.tar.gz /path/to/cyrus-1.5.19_partitions Tar up your quotas if you have them. ie: tar -zcvf cyrus-quotas.tar.gz /path/to/cyrus-1.5.19/quota ftp or scp the cyrus-mboxes.tar.gz and cyrus-quotas.tar.gz to the new server. Untar the mailstore to the proper location, and ensure that your new imapd.conf correctly reflects the old partition scheme. The partition scheme must be identical, or you're going to find yourself making changes to the mailboxes.db and quotas. Untar the quotas to the proper location ie: the imapd.conf's config_directory/quota . Reconstruct your mailbox headers and quotas for to ensure integrity. su cyrus_user -c "/path/to/cyrus-2.0.14/bin/reconstruct" su cyrus_user -c "/path/to/cyrus-2.0.14/bin/quota -f" Start the 'master' process... Cross your fingers and test some mailboxes! Hope that helps! -David Fuchs Jesse Ahrens wrote: [EMAIL PROTECTED]"> Hi, I have to admit a fair amount of greenness in this so bear with me. I'm trying to migrate the mailboxes from a solaris 7 box running Cyrus IMAP 1.5.19 to a FreeBSD 4.4 box running Cyrus 2.0.14. If anyone has a guide or a URL to do this I'd be extremely grateful for any knowledge anyone can lend. Thanks in advance. Jesse Ahrens Unix Systems Administrator Meridian Advertising 4850 G St. Omaha, NE 68117 402-733-6400 x266
SOS: Cyrus 2.0.16 with RedHat 7.1
Hi, I need help! I'm trying to install Cyrus 2.0.16 on Red Hat 7.1. I keep getting Invalid login errors when trying to connect from pop or imap. I've set-up Cyrus to use PAM for authentication but it seems to try looking for a sasldb file. I DO NOT want to use sasldb, I have already a huge passwd/shadow database and I'm not planning to convert it to sasldb. I've tried lots and lots of things like changing the permission of the shadow file, changing some pam.d settings, recompiling cyrus with unix authenication, etc... But I still CANNOT authenticate any users. I can however use cyradm and create new mailboxes with the cyrus password stored either in the shadow password file or in the sasldb. I also tried to follow the instructions shown at http://rmrpms.tripod.com/cyrus-imapd/ but it still does not work. Thanks in advance for your help! Eric
Re: SOS: Cyrus 2.0.16 with RedHat 7.1
Try renaming your /etc/sasldb.db to something else - that seemed to do the trick for us. johnh... On Thu, 27 Sep 2001, Eric L'Heureux wrote: Date: Thu, 27 Sep 2001 15:45:15 -0400 From: Eric L'Heureux [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: SOS: Cyrus 2.0.16 with RedHat 7.1 Hi, I need help! I'm trying to install Cyrus 2.0.16 on Red Hat 7.1. I keep getting Invalid login errors when trying to connect from pop or imap. I've set-up Cyrus to use PAM for authentication but it seems to try looking for a sasldb file. I DO NOT want to use sasldb, I have already a huge passwd/shadow database and I'm not planning to convert it to sasldb. I've tried lots and lots of things like changing the permission of the shadow file, changing some pam.d settings, recompiling cyrus with unix authenication, etc... But I still CANNOT authenticate any users. I can however use cyradm and create new mailboxes with the cyrus password stored either in the shadow password file or in the sasldb. I also tried to follow the instructions shown at http://rmrpms.tripod.com/cyrus-imapd/ but it still does not work. Thanks in advance for your help! Eric
Re: SOS: Cyrus 2.0.16 with RedHat 7.1
Hi John, I've tried to delete the /etc/sasld.db file and it still does not work!! Anything else?? Thanks Eric John Hayward wrote: Try renaming your /etc/sasldb.db to something else - that seemed to do the trick for us. johnh... On Thu, 27 Sep 2001, Eric L'Heureux wrote: Date: Thu, 27 Sep 2001 15:45:15 -0400 From: Eric L'Heureux [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: SOS: Cyrus 2.0.16 with RedHat 7.1 Hi, I need help! I'm trying to install Cyrus 2.0.16 on Red Hat 7.1. I keep getting Invalid login errors when trying to connect from pop or imap. I've set-up Cyrus to use PAM for authentication but it seems to try looking for a sasldb file. I DO NOT want to use sasldb, I have already a huge passwd/shadow database and I'm not planning to convert it to sasldb. I've tried lots and lots of things like changing the permission of the shadow file, changing some pam.d settings, recompiling cyrus with unix authenication, etc... But I still CANNOT authenticate any users. I can however use cyradm and create new mailboxes with the cyrus password stored either in the shadow password file or in the sasldb. I also tried to follow the instructions shown at http://rmrpms.tripod.com/cyrus-imapd/ but it still does not work. Thanks in advance for your help! Eric
Re: Cyrus 2.0.16 with RedHat 7.1
Eric L'Heureux wrote: I need help! I'm trying to install Cyrus 2.0.16 on Red Hat 7.1. I keep getting Invalid login errors when trying to connect from pop or imap. I've set-up Cyrus to use PAM for authentication but it seems to try looking for a sasldb file. I DO NOT want to use sasldb, I have already a huge passwd/shadow database and I'm not planning to convert it to sasldb. What configure command did you use? What do your cyrus.conf and imapd.conf files look like? What is in your imap log when you fail to authenticate?
netscape can't read imap folders created by gnus
Gnus is a great imap client! Really great! In my case, netscape doesn't see new folders created by gnus. Gnus sees them, they are on the imap server, and gnus can see new folders created by netscape. Here's what I have: emacs20.4/gnus5.8.8 netscape(messenger)4.73 cyrus-imapd-2.0.14-namespace-r2 Has anybody else seen this? Any solution? Thanks. Chris
Re: Microsoft Outlook Express Logon using Secure Password Authentication option.
James Courtier-Dutton wrote: Can the above option be used with cyrus imap ? If so, how ? I believe that it is proprietary. How ever you can enable SSL in OE, which works with Cyrus fine.
Re: quota abstraction idea, comments ?
Helmut Apfelholz wrote: I was thinking about creating a deamon that would do quota operations in the cyrus system. One could then write the functions used by deamon for seting and reading the quota. In such a configuration one could store the information in: - files as it happens now - SQL database and so on. Such a setup would for example allow for storing quota information in the central database for separate servers. Sounds great. If you do this, have a look at unix_notify.c to see in general how to get Cyrus to call out to a daemon during a delivery phase. Consider implementing a quota check in a similar way--eg a compile time hook that can be easily configured, with a specific hook included that does the Unix socket daemon callout.
temporarily unavailable
I am running cyrus-imapd-1.6.19 along with postfix under Red Hat Linux 6.2. Most of the time it works flawlessly, but occasionally a delivery dies with a log entry like the following: Sep 27 15:00:56 atenas deliver[977]: checkdelivered: error opening delivered database: /var/imap/deliverdb/deliver-a.db: Resource temporarily unavailable This only occurs when a mail is being sent to multiple local users. The mail is actually successfully delivered. A web search revealed that several sites had experienced Resource temporarily unavailable errors associated with a failure to fork, and were able to fix them by increasing the allowed number of user processes. But my error says nothing about a failure to fork, and I have not set any limit on the number of user processes. Can someone suggest what might be going on and how to fix it? Anderson Ferreira Analista de Suporte APPI Informática LTDA. Av. Atáufo de Paiva nº 135/1410 Leblon - Rio de janeiro Tel - 55 21 2529-5600 Fax - 55 21 2511-0785
Re: temporarily unavailable
That happens when you have a db mismatch. You might want to run ldd deliver to find out what libdb libraries it's linked to as well as the other programs.. Make sure they are all compiled agains the same library. I had the problem before and had to recompile and make sure that cyrus imap included the proper headers. Alain Turbide - Original Message - From: Anderson Ferreira [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 27, 2001 6:07 PM Subject: temporarily unavailable I am running cyrus-imapd-1.6.19 along with postfix under Red Hat Linux 6.2. Most of the time it works flawlessly, but occasionally a delivery dies with a log entry like the following: Sep 27 15:00:56 atenas deliver[977]: checkdelivered: error opening delivered database: /var/imap/deliverdb/deliver-a.db: Resource temporarily unavailable This only occurs when a mail is being sent to multiple local users. The mail is actually successfully delivered. A web search revealed that several sites had experienced Resource temporarily unavailable errors associated with a failure to fork, and were able to fix them by increasing the allowed number of user processes. But my error says nothing about a failure to fork, and I have not set any limit on the number of user processes. Can someone suggest what might be going on and how to fix it? Anderson Ferreira Analista de Suporte APPI Informática LTDA. Av. Atáufo de Paiva nº 135/1410 Leblon - Rio de janeiro Tel - 55 21 2529-5600 Fax - 55 21 2511-0785
Re: mailbox migration
I thought I'd follow up on this thread, as I just this weekend performed such a migration, myself, except I was migrating from Red Hat Linux 6.2 to Slackware Linux Current (pre-8.0), where both systems were cyrus-imap-2.0.15 systems and both systems had Berkeley db-3.2.9. I not only tarred up my mailspool (/var/spool/imap), but also my sieve directory structure (/var/spool/sieve) and my imap databases directory (/var/imap) and copied them over to the new machine, where I untarred them into the same directory structure. Config files were exactly the same on both systems. I ran ctl_mailbox -r and reconstruct -r after the migration, started master, and everything seems to have migrated perfectly. None of my users has had a complaint yet. So, it would seem, from my experience, that migration from and to identical system types, with the same versions of both cyrus-imap and db-3.2.9 presents no major obstacles. The only problem we encountered was with our sasldb passwords and our mailman passwords, which was likely to have been caused by different salt values (or whatever randomizer is used). However, we maintain a store of our users passwords in plain text, and I was able to use an expect script in conjunction with a shell script I wrote to automatically reset the users passwords to their expected values. Hope this helps, Will --On Thursday, 27 September, 2001 12:16 -0700 David Fuchs [EMAIL PROTECTED] wrote: This morning, I just finished completing exactly what you are doing (except we use FreeBSD on both systems) by migrating from 1.5.19 to 2.0.14. Here is a quick guide (I wrote everything down...):* Copy the 'mailboxes' file from the old Cyrus 1.5.19 to the new machine somewhere.* Run the command: su cyrus_user -c /path/to/cyrus-2.0.14/bin/ctl_mboxlist -u /path/to/old/cyrus/mailboxes * This command creates a mailboxes.db with the information from the old mailboxes file. * I created a dot-patch (user/ instead of user.) a while ago for my customers, which means I had to edit the 'mailboxes' file and replace all dots with slashes before I could import it into Cyrus 2.0.14. You can safely skip any modifications to the 'mailboxes' file. * Tar up your mailstore on the old server. ie: tar -zcvf cyrus-mboxes.tar.gz /path/to/cyrus-1.5.19_partitions* Tar up your quotas if you have them. ie: tar -zcvf cyrus-quotas.tar.gz /path/to/cyrus-1.5.19/quota * ftp or scp the cyrus-mboxes.tar.gz and cyrus-quotas.tar.gz to the new server.* Untar the mailstore to the proper location, and ensure that your new imapd.conf correctly reflects the old partition scheme. * The partition scheme must be identical, or you're going to find yourself making changes to the mailboxes.db and quotas. * Untar the quotas to the proper location ie: the imapd.conf's config_directory/quota . * Reconstruct your mailbox headers and quotas for to ensure integrity. * su cyrus_user -c /path/to/cyrus-2.0.14/bin/reconstruct * su cyrus_user -c /path/to/cyrus-2.0.14/bin/quota -f * Start the 'master' process... * Cross your fingers and test some mailboxes! Hope that helps! -David Fuchs Jesse Ahrens wrote: Hi, I have to admit a fair amount of greenness in this so bear with me. I'm trying to migrate the mailboxes from a solaris 7 box running Cyrus IMAP 1.5.19 to a FreeBSD 4.4 box running Cyrus 2.0.14. If anyone has a guide or a URL to do this I'd be extremely grateful for any knowledge anyone can lend. Thanks in advance. Jesse Ahrens Unix Systems Administrator Meridian Advertising 4850 G St. Omaha, NE 68117 402-733-6400 x266 William K. Hardeman [EMAIL PROTECTED] http://www.wkh.org Always listen to experts. They'll tell you what can't be done and why. Then do it. --Robert A. Heinlein
Re: Eudora and ssl/tls and cyrus
At 07:46 AM 9/27/2001 -0500, Amos Gouaux wrote: On Thu, 27 Sep 2001 01:05:53 -0400, Nick Simicich [EMAIL PROTECTED] (ns) writes: ns I did some searches in the archives. If there is anything similar, ns searching on Eudora and ssl or tls didn't find it. Eudora will not ns complete TLS negotiation with Cyrus. Are you attempting to use the 'alternate port' configuration, or the 'starttls' configuration? I ask because we were able to get the 'alternate port' configuration to work, but not the other. Turns out that Eudora actually tries to do 'startssl' instead of 'starttls'. (No, 'startssl' doesn't exist.) I had actually posted a trace of one of the sessions, extracted from ethereal (before it started working). As you can see, the verb being used in, in fact, STARTSSL. So I am of the opinion that if eudora was mistakenly using a STARTSSL verb, that they are now using STARTTLS (and, after that, refusing to actually start a TLS session - when I made the code change to turn not reject negotiation of SSL v2 and V3, it began negotiating a SSL V3 session rather than failing to negotiate a TLS session). But I had actually attempted both the alternate port configuration and the main-port-with-startssl configuration, and they both failed in the same way - it is that Eudora does ot support TLS. I have not looked at the details of the negotiation since examining the differences between SSL V2 and SSL V3 closely when trying to determine why socksified connections to SSL V3 servers sometimes failed while SSL V2 connections always worked (some early SSL V3 implementations could not fallback when the cached secret on the server was not known to the client because it was not, in fact, the same client even though it came from the same IP address, the bypass was, in many cases, to force V2). So I don't know what, if any, advantages there are from forcing TLS, or why someone would not want to go ahead and fall back to SSL V3 other than it adheres to standards. The code change that was suggested to not force TLS but to accept the use of either TLS or SSL V2/V3 allowed things to work. * OK parrot.squawk.com Cyrus IMAP4 v2.0.15-HIERSEP-r2 server ready 0 CAPABILITY * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 0 OK Completed 1 STARTTLS 1 OK Begin TLS negotiation now Then some binary gets put in here... 1 NO Starttls failed * BAD Invalid tag * BAD Invalid tag and a short binary burst here... If this sounds like it might be your situation, either use the 'alternate port' or make a small change to the Cyrus code (I forget exactly where) so that it will tolerate this non-standard 'startssl'. I understand this has been reported to Eudora. The client that I have had to force to use alternate ports is Lookout. I have not bothered to investigate why in those cases. -- We often hear of war described as if it were some kind of impersonal affliction, such as the Black Plague or famine.The fact is that war is not just something that happens, it is something that people make happen, and they make it happen for reasons. As Clausewitz said, war is the continuation of politics by other means. Exactly. War is neither a hurricane nor a flood. It is, on the contrary, the cutting edge of ideology. -- Jeff Cooper Nick Simicich - [EMAIL PROTECTED] - http://scifi.squawk.com/njs.html
Eudora and ssl/tls and cyrus
I just successfully got Eudora to negotiate TLS with Cyrus. This applies to Eudora 5.1. A log extract which shows that I was able to connect in TLS is below --- you will have to trust me that I did it from Eudora. The way to accomplish this is to stop Eudora, and using an editor like emacs or notepad, edit the eudora.ini file. In the [Settings] part of the file, find a entry labeled SSLReceiveVersion If it is there, change the value specified to 0. If it is not there, add a line reading SSLReceiveVersion=0 Then start Eudora again. This parameter defaults to 6, which allows SSL Version 3 only. A setting of 0 allows any of the settings it will speak. 7 forces TLS 1.0, other settings force various other combinations. But 0 makes Eudora permissive and allows it to speak what the other end wants to speak, thus allowing it to use TLS version 1.0. Why Eudora decided to make this parameter default to 6, I have no idea. I believe that this will allow Eudora 5.1 to talk to an unmodified Cyrus. The FAQ should probably be changed to mention this parameter -- and maybe when people contact Eudora it should be to ask that the parameter be changed. Sep 27 22:37:40 parrot master[30495]: about to exec /usr/cyrus/bin/imapd Sep 27 22:37:40 parrot service-imaps[30495]: executed Sep 27 22:37:40 parrot imapd[30495]: accepted connection Sep 27 22:37:44 parrot imapd[30495]: starttls: TLSv1 with cipher DES-CBC3-SHA (1 68/168 bits) no authentication Sep 27 22:37:45 parrot imapd[30495]: login: glock.squawk.com[208.176.124.157] ni ck CRAM-MD5+TLS User logged in Sep 27 22:37:45 parrot imapd[30495]: seen_db: user nick opened /var/imap/user/n/ nick.seen Sep 27 22:37:45 parrot imapd[30495]: open: user nick opened INBOX -- We often hear of war described as if it were some kind of impersonal affliction, such as the Black Plague or famine.The fact is that war is not just something that happens, it is something that people make happen, and they make it happen for reasons. As Clausewitz said, war is the continuation of politics by other means. Exactly. War is neither a hurricane nor a flood. It is, on the contrary, the cutting edge of ideology. -- Jeff Cooper Nick Simicich - [EMAIL PROTECTED] - http://scifi.squawk.com/njs.html
Re: Eudora and ssl/tls and cyrus
At 07:37 PM 9/27/2001 -0400, Nick Simicich wrote: I had actually posted a trace of one of the sessions, extracted from ethereal (before it started working). As you can see, the verb being used in, in fact, STARTSSL. So I am of the opinion I meant to type STARTTLS above, not STARTSSL. Just shoot me now. The final solution was to change a parameter in the eudora.ini file to allow it to negotiate tls. -- We often hear of war described as if it were some kind of impersonal affliction, such as the Black Plague or famine.The fact is that war is not just something that happens, it is something that people make happen, and they make it happen for reasons. As Clausewitz said, war is the continuation of politics by other means. Exactly. War is neither a hurricane nor a flood. It is, on the contrary, the cutting edge of ideology. -- Jeff Cooper Nick Simicich - [EMAIL PROTECTED] - http://scifi.squawk.com/njs.html