Re: PATCH: setting explicit sasl_realm
--On Tuesday, 2002 January 29 15:30 +0100 Andreas Piesk [EMAIL PROTECTED] wrote: i'm building a mailsystem using postfix and cyrus-imap/qpopper. authentication will be completely handled by SASL. i want to use different SASL realms for the different applications (one realm for smtp, one for imap/pop). setting a SASL realm in postfix is no problem, but in Cyrus-IMAP it's not possible AFAIK. after a look in the code i saw, that 'sasl_server_new' is called with NULL for user_realm. so i decided to introduce a new config parameter, called 'local_sasl_realm' and made some minor modifications will the patch break something? is it useful or nonsense? any comments are welcome. This type of patch has proved useful to us for this and other reasons (like being able to choose a realm that is independent of the hostname). Since you sound like you have implemented this yourself, it may be too late to point out that there were two separate patches posted to the cyrus-sasl list that accomplish exactly this (see Re: setting default realm on 2002/01/07 and 2001/10/02). The one we implemented has worked out just fine over the past 6 months. Cheers, Mark
Re: RE: PATCH: setting explicit sasl_realm
From: Mark Derbyshire [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 30, 2002 10:59 AM --On Tuesday, 2002 January 29 15:30 +0100 Andreas Piesk [EMAIL PROTECTED] wrote: will the patch break something? is it useful or nonsense? any comments are welcome. This type of patch has proved useful to us for this and other reasons (like being able to choose a realm that is independent of the hostname). Since you sound like you have implemented this yourself, it may be too late to point out that there were two separate patches posted to the cyrus-sasl list that accomplish exactly this (see Re: setting default realm on 2002/01/07 and 2001/10/02). The one we implemented has worked out just fine over the past 6 months. thanks for the info. when i have searched for already available patches the cyrus-sasl archive was down (from my POV). i found the messages you mentioned and will look at it. ciao -ap System Administration VIRBUS AG Fon +49(0)341-979-7424 Fax +49(0)341-979-7409 [EMAIL PROTECTED] www.virbus.de
Cyrus qmail
Dear All, Would you please guide me , where can I find info on how I should configure my qmail to work with cyrus (2.0.16)? Maybe I should ask it in qmail list. Any tip or info is greatly appriciated. With thanks --Fatemeh T.
imapd hungs
Hi:
I'm testing cyrus 2.0.15 (apllying it a mail stress tool) and imapd
process hungs...
It hangs always when the server has between 145 and 155 imapd
processes...
When I say hungs I mean that, for instance, if I make a connection to
port 143, the imapd process doesn't responds properly...
[root@cyrus2 bin]# telnet localhost 143
Trying 127.0.0.1...
Connected to cyrus2.
Escape character is '^]'
In this situation the server has a lot of memory available, has no
uptime and it seems that is doing nothing...
If the stress is not very hihgh... the cyrus works perfectly...
I have configured the imapd process in order to server until 500 childs
with the maxchild directive..
cyrus.conf looks like this:
# standard standalone server implementation
START {
# do not delete these entries!
mboxlist cmd=ctl_mboxlist -r
deliver cmd=ctl_deliver -r
# this is only necessary if using idled for IMAP IDLE
# idledcmd=idled
}
# UNIX sockets start with a slash and are put into /var/imap/sockets
SERVICES {
# add or remove based on preferences
imap cmd=imapd listen=imap prefork=20 maxchild=500
# imaps cmd=imapd -s listen=imaps prefork=1
pop3 cmd=pop3d listen=pop3 prefork=10 maxchild=50
# pop3s cmd=pop3d -s listen=pop3s prefork=1
sieve cmd=timsieved listen=sieve prefork=0
# at least one LMTP is required for delivery
# lmtp cmd=lmtpd listen=lmtp prefork=0
lmtpunix cmd=lmtpd listen=/var/imap/socket/lmtp prefork=5
}
EVENTS {
# this is required
checkpointcmd=ctl_mboxlist -c period=30
# this is only necessary if using duplicate delivery suppression
delprune cmd=ctl_deliver -E 3 period=1440
}
Any iadea ?
Regards...
Enric
Auxprop plugin for mysql and ldap
I did send this the other day to the list but that message was probably too big to get through without been moderated. anyway a patch to add a mysql auxprop and ldap auxprop plugins is availble from : http://www.surf.org.uk/downloads/ YOu will probably need to run automake -i autoconf before configure will recognise --with-ldapauxprop --with-mysqlauxprop. The ldap version is not compatiable with openldap compiled with saslv1 support (clashes in namespace). read doc/sysadmin.html on how to configure. It could do with a bit of testing. -- Simon Loader (unemployed)
RE: imapd hungs
Hi Enric,
I'm curious what tool you are using to test the imapd?
-Kiarna
-Original Message-
From: Enric Ramos [SMTP:[EMAIL PROTECTED]]
Sent: Wednesday, January 30, 2002 8:17 AM
To: [EMAIL PROTECTED]
Subject:imapd hungs
Hi:
I'm testing cyrus 2.0.15 (apllying it a mail stress tool) and imapd
process hungs...
It hangs always when the server has between 145 and 155 imapd
processes...
When I say hungs I mean that, for instance, if I make a connection to
port 143, the imapd process doesn't responds properly...
[root@cyrus2 bin]# telnet localhost 143
Trying 127.0.0.1...
Connected to cyrus2.
Escape character is '^]'
In this situation the server has a lot of memory available, has no
uptime and it seems that is doing nothing...
If the stress is not very hihgh... the cyrus works perfectly...
I have configured the imapd process in order to server until 500 childs
with the maxchild directive..
cyrus.conf looks like this:
# standard standalone server implementation
START {
# do not delete these entries!
mboxlist cmd=ctl_mboxlist -r
deliver cmd=ctl_deliver -r
# this is only necessary if using idled for IMAP IDLE
# idledcmd=idled
}
# UNIX sockets start with a slash and are put into /var/imap/sockets
SERVICES {
# add or remove based on preferences
imap cmd=imapd listen=imap prefork=20 maxchild=500
# imaps cmd=imapd -s listen=imaps prefork=1
pop3 cmd=pop3d listen=pop3 prefork=10 maxchild=50
# pop3s cmd=pop3d -s listen=pop3s prefork=1
sieve cmd=timsieved listen=sieve prefork=0
# at least one LMTP is required for delivery
# lmtp cmd=lmtpd listen=lmtp prefork=0
lmtpunix cmd=lmtpd listen=/var/imap/socket/lmtp prefork=5
}
EVENTS {
# this is required
checkpointcmd=ctl_mboxlist -c period=30
# this is only necessary if using duplicate delivery suppression
delprune cmd=ctl_deliver -E 3 period=1440
}
Any iadea ?
Regards...
Enric
How to shrink /var/spool/imap/db/* ...
Is it possible? total 13032 -rw--- 1 cyrus mail 8192 Jan 30 10:44 __db.001 -rw--- 1 cyrus mail270336 Jan 30 10:44 __db.002 -rw--- 1 cyrus mail 98304 Jan 30 10:44 __db.003 -rw--- 1 cyrus mail 16064512 Jan 30 10:44 __db.004 -rw--- 1 cyrus mail 24576 Jan 30 10:44 __db.005 -rw--- 1 cyrus mail553922 Jan 30 10:43 log.02 -rw--- 1 cyrus mail 2003662 Jan 17 10:34 log.01 rapmweb# ls -lt .. total 24 drwxr-xr-x 2 cyrus mail512 Jan 30 10:43 proc drwxr-xr-x 2 cyrus mail512 Jan 17 10:50 db drwx-- 2 cyrus mail512 Jan 17 10:50 socket drwxr-xr-x 3 cyrus mail 1024 Jan 17 10:50 deliverdb -rw--- 1 cyrus mail 16384 Sep 4 13:12 mailboxes.db drwxr-xr-x 28 cyrus mail512 Jun 8 2001 quota drwxr-xr-x 28 cyrus mail512 Jun 8 2001 user drwxr-xr-x 2 cyrus mail512 Oct 29 2000 log drwxr-xr-x 2 cyrus mail512 Oct 29 2000 msg rapmweb# pwd /var/spool/imap/db rapmweb# My /var/spool/mail directory is smaller then /var/spool/imap: rapmweb# du -sk /var/spool/mail 111 /var/spool/mail rapmweb# du -sk /var/spool/imap 14057 /var/spool/imap And doing a 'strings' on __db.004 shows its empty: rapmweb# strings __db.002 0 default admin lrswipcda user.admin.sent-mail 0 default admin lrswipcda cyrus lrswipcda user.admin 0 default cweberman lrswipcda cyrus lrswipcda user.cweberman 0 default andy lrswipcda cyrus lrswipcda user.andy- 0 default sysadmin lrswipcda cyrus lrswipcda user.sysadmin. 0 default webmaster lrswipcda cyrus lrswipcda user.webmaster 0 default sales lrswipcda cyrus lrswipcda user.sales 0 default sec lrswipcda cyrus lrswipcda user.sec 0 default help lrswipcda cyrus lrswipcda user.help) 0 default info lrswipcda cyrus lrswipcda user.info 0 default cyrus lrswipcda user.cyrus /var/spool/imap/mailboxes.db rapmweb# strings __db.004 rapmweb# Seems a waste of 16meg for nothing ... no? System is Cyrus IMAP 2.0.16 ... Thanks ...
quota -f question
I suspect this has been answered elsewhere, but I haven't been able to find it. So, apologies in advance. The man page for the quota command states that running quota with both the -f option and a mailbox name specified is not recommended. Why is this, and how should I go about modifying a user's quota information after a single folder restore from backup? What sort of catastrophe might ensue if I do something like quota -f user.jdoe? I'm running cyrus 2.0.12 (with an upgrade planned for the near future) on Solaris 2.6, Veritas filesystems. Thanks. -- Matt Allen Messaging Team UITS
Re: How to shrink /var/spool/imap/db/* ...
Marc G. Fournier wrote: Is it possible? http://www.sleepycat.com/docs/utility/db_archive.html FYI, we are working on adding functionality like this to ctl_cyrusdb. total 13032 -rw--- 1 cyrus mail 8192 Jan 30 10:44 __db.001 -rw--- 1 cyrus mail270336 Jan 30 10:44 __db.002 -rw--- 1 cyrus mail 98304 Jan 30 10:44 __db.003 -rw--- 1 cyrus mail 16064512 Jan 30 10:44 __db.004 -rw--- 1 cyrus mail 24576 Jan 30 10:44 __db.005 -rw--- 1 cyrus mail553922 Jan 30 10:43 log.02 -rw--- 1 cyrus mail 2003662 Jan 17 10:34 log.01 rapmweb# ls -lt .. total 24 drwxr-xr-x 2 cyrus mail512 Jan 30 10:43 proc drwxr-xr-x 2 cyrus mail512 Jan 17 10:50 db drwx-- 2 cyrus mail512 Jan 17 10:50 socket drwxr-xr-x 3 cyrus mail 1024 Jan 17 10:50 deliverdb -rw--- 1 cyrus mail 16384 Sep 4 13:12 mailboxes.db drwxr-xr-x 28 cyrus mail512 Jun 8 2001 quota drwxr-xr-x 28 cyrus mail512 Jun 8 2001 user drwxr-xr-x 2 cyrus mail512 Oct 29 2000 log drwxr-xr-x 2 cyrus mail512 Oct 29 2000 msg rapmweb# pwd /var/spool/imap/db rapmweb# My /var/spool/mail directory is smaller then /var/spool/imap: rapmweb# du -sk /var/spool/mail 111 /var/spool/mail rapmweb# du -sk /var/spool/imap 14057 /var/spool/imap And doing a 'strings' on __db.004 shows its empty: rapmweb# strings __db.002 0 default admin lrswipcda user.admin.sent-mail 0 default admin lrswipcda cyrus lrswipcda user.admin 0 default cweberman lrswipcda cyrus lrswipcda user.cweberman 0 default andy lrswipcda cyrus lrswipcda user.andy- 0 default sysadmin lrswipcda cyrus lrswipcda user.sysadmin. 0 default webmaster lrswipcda cyrus lrswipcda user.webmaster 0 default sales lrswipcda cyrus lrswipcda user.sales 0 default sec lrswipcda cyrus lrswipcda user.sec 0 default help lrswipcda cyrus lrswipcda user.help) 0 default info lrswipcda cyrus lrswipcda user.info 0 default cyrus lrswipcda user.cyrus /var/spool/imap/mailboxes.db rapmweb# strings __db.004 rapmweb# Seems a waste of 16meg for nothing ... no? System is Cyrus IMAP 2.0.16 ... Thanks ... -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: How to shrink /var/spool/imap/db/* ...
Ken Murchison wrote: Marc G. Fournier wrote: Is it possible? http://www.sleepycat.com/docs/utility/db_archive.html FYI, we are working on adding functionality like this to ctl_cyrusdb. Did I get that right? What I did: -- 1. -- binky:/var/imap/db # /etc/init.d/cyrus-imapd stop -- 2. -- binky:/var/imap/db # du -s /var/imap/ 11510 /var/imap binky:/var/imap/db # du -s /var/spool/imap/ 6175/var/spool/imap binky:/var/imap/db # l total 14797 drwxr-xr-x2 cyrusmail 185 Jan 30 18:55 ./ drwxr-x--- 11 cyrusmail 331 Jan 24 11:47 ../ -rw---1 cyrusmail 8192 Jan 30 16:27 __db.001 -rw---1 cyrusmail 11550720 Jan 30 16:27 __db.002 -rw---1 cyrusmail98304 Jan 30 16:27 __db.003 -rw---1 cyrusmail 270336 Jan 30 16:27 __db.004 -rw---1 cyrusmail24576 Jan 30 16:27 __db.005 -rw---1 cyrusmail 3595221 Jan 30 18:55 log.01 Yup, same situation. -- 3. -- binky:/var/imap/db # db_archive -s deliver.db mailboxes.db tls_sessions.db So /var/imap/db/* are obsolete files, right? Let's see... -- 4. -- binky:/var/imap/db # rm * binky:/var/imap/db # l total 1 drwxr-xr-x2 cyrusmail 35 Jan 30 18:58 ./ drwxr-x--- 11 cyrusmail 331 Jan 24 11:47 ../ -- 5. -- binky:/var/imap/db # /etc/init.d/cyrus-imapd start Initializing Cyrus IMAPD: done -- 6. -- binky:/var/imap/db # l total 11161 drwxr-xr-x2 cyrusmail 185 Jan 30 18:58 ./ drwxr-x--- 11 cyrusmail 331 Jan 24 11:47 ../ -rw---1 cyrusmail 8192 Jan 30 18:58 __db.001 -rw---1 cyrusmail 11550720 Jan 30 18:58 __db.002 -rw---1 cyrusmail98304 Jan 30 18:58 __db.003 -rw---1 cyrusmail 270336 Jan 30 18:58 __db.004 -rw---1 cyrusmail24576 Jan 30 18:58 __db.005 -rw---1 cyrusmail 333 Jan 30 18:58 log.01 I really did not win much space here, but at least the log file has gone. -- 7. -- binky:/var/imap/db # db_archive -s deliver.db tls_sessions.db Why is it no longer necessary to back up mailboxes.db? At least all IMAP folders and messages seem to be there... Olaf
Re: How to shrink /var/spool/imap/db/* ...
Olaf Zaplinski wrote: Ken Murchison wrote: Marc G. Fournier wrote: Is it possible? http://www.sleepycat.com/docs/utility/db_archive.html FYI, we are working on adding functionality like this to ctl_cyrusdb. Did I get that right? What I did: -- 1. -- binky:/var/imap/db # /etc/init.d/cyrus-imapd stop -- 2. -- binky:/var/imap/db # du -s /var/imap/ 11510 /var/imap binky:/var/imap/db # du -s /var/spool/imap/ 6175/var/spool/imap binky:/var/imap/db # l total 14797 drwxr-xr-x2 cyrusmail 185 Jan 30 18:55 ./ drwxr-x--- 11 cyrusmail 331 Jan 24 11:47 ../ -rw---1 cyrusmail 8192 Jan 30 16:27 __db.001 -rw---1 cyrusmail 11550720 Jan 30 16:27 __db.002 -rw---1 cyrusmail98304 Jan 30 16:27 __db.003 -rw---1 cyrusmail 270336 Jan 30 16:27 __db.004 -rw---1 cyrusmail24576 Jan 30 16:27 __db.005 -rw---1 cyrusmail 3595221 Jan 30 18:55 log.01 Yup, same situation. -- 3. -- binky:/var/imap/db # db_archive -s deliver.db mailboxes.db tls_sessions.db So /var/imap/db/* are obsolete files, right? Let's see... NO! 'db_archive -s' tells you which databases should be archived, it does NOT tell you to delete anything. If you're looking to archive/remove log files, you just want to do 'db_archive' (no options). The listed files can be archived/removed. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: How to shrink /var/spool/imap/db/* ...
Date: Wed, 30 Jan 2002 11:49:46 -0400 (AST) From: Marc G. Fournier [EMAIL PROTECTED] Is it possible? [...] Seems a waste of 16meg for nothing ... no? The large files are used for inter-process synchronization in Berkeley db. They may not be removed when the server is running. 16 megs is equivalent to, what, 5 cents? Note that these files (unlike the log files) never grow, so it's a constant amount of disk space. The log files can be periodically removed by doing cd /var/imap/db ; rm `db_archive` Larry
Re: timsieved plaintext auth
I'm having a similar problem. I was using 2.0.15 with sasl_pwcheck_method: pam, and just upgraded to 2.1.1 with SASL 2.1.0 on RedHat 7.0. I have set up saslauthd to use pam, and changed imapd.conf to sasl_pwcheck_method: saslauthd. imapd authenticates fine through that, but I can't seem to get timsieved authenticating properly. It looks like it's not allowing PLAIN auth type. I added allowplaintext: yes to the imapd.conf file, but I still get this: $ imtest -m plain localhost C: C01 CAPABILITY S: * OK cronus Cyrus IMAP4 v2.1.1 server ready S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=DIGEST-MD5 AUTH=CRAM-MD5 S: C01 OK Completed C: A01 AUTHENTICATE PLAIN S: A01 NO Error authenticating Authentication failed. generic failure Security strength factor: 0 I did create the symlink as advised in the docs: # ls -l /usr/lib/sasl2 lrwxrwxrwx1 root root 20 Jan 29 15:47 /usr/lib/sasl2 - /usr/local/lib/sasl2 And it looks like the libraries for plain auth are in this directory: # cd /usr/lib/sasl2 # ls -l libplain* -rwxr-xr-x1 root root 685 Jan 25 23:38 libplain.la lrwxrwxrwx1 root root 17 Jan 25 23:38 libplain.so - libplain.so.2.0.0 lrwxrwxrwx1 root root 17 Jan 25 23:38 libplain.so.2 - libplain.so.2.0.0 -rwxr-xr-x1 root root73124 Jan 25 23:38 libplain.so.2.0.0 I probably missed some key point in the documentation, but I just can't find it. Any suggestions? -Jules On Tue, 2002-01-15 at 10:44, Ferdinand Goldmann wrote: Hello again... On Sat, 5 Jan 2002, Ken Murchison wrote: Quoting Ferdinand Goldmann [EMAIL PROTECTED]: On Fri, 4 Jan 2002, Lawrence Greenfield wrote: try: ln -s /usr/local/lib/sasl /usr/lib/sasl libsasl looks in /usr/lib/sasl for the plugins but installs them into /usr/local/lib/sasl. Yes, I know, I already did this after SASL installation: # ls -l /usr/lib/sasl lrwxrwxrwx 1 root system19 Oct 23 12:46 /usr/lib/sasl - /usr/local/lib/sasl # ls /usr/local/lib/sasl libanonymous.a libcrammd5.alibdigestmd5.a libplain.a libanonymous.la libcrammd5.la libdigestmd5.la libplain.la libanonymous.so.1 libcrammd5.so.1 libdigestmd5.so.0 libplain.so.1 libanonymous.so.1.0.15 libcrammd5.so.1.0.15libdigestmd5.so.0.0.17 libplain.so.1.0.14 I still have no idea, why my plugins are not detected, or why SASL does not anounce anything when connecting to imapd or popd. Still, everyone can log in fine to their POP3/IMAP accounts, I guess because I am running a pwcheck daemon. The reason that your users can login to IMAP and POP3 is probably because they are not using the AUTHENTICATE or AUTH commands (ie, SASL) respectively. IMAP and POP3 each have their own built-in plaintext commands (LOGIN and USER/PASS). I finally found the time to dig a little bit into this problem: SASL expects DLL files which end in '.so'. However, AIX seems to be a bit tricky here. In my installation, I had only .a and .so.versionnumber files. So I did the following: I symlinked the .a files to .so files and edited the respective .la-files (which hold the configuration information for libtool): library_names='libplain.so.1.0.14 libplain.so.1 libplain.a libplain.so' ^^^ and added another name so the libtool wrapper can find the library under this name. And: # telnet localhost sieve Trying... Connected to localhost Escape character is '^]'. IMPLEMENTATION Cyrus timsieved v1.0.0 SASL PLAIN SIEVE fileinto reject envelope vacation imapflags notify subaddress regex OK So am finally seeing some plugins. Now I am running into a different problem: I created a user 'test' using saslpasswd: # sasldblistusers user: test realm: yoda mech: CRAM-MD5 user: test realm: yoda mech: PLAIN user: test realm: yoda mech: DIGEST-MD5 auth.debug: Jan 15 19:18:59 yoda syslog: PLAIN: set secret for test Jan 15 19:18:59 yoda syslog: DIGEST-MD5: set secret for test Jan 15 19:18:59 yoda syslog: CRAM-MD5: set secret for test However, upon connecting to the imap port, I don't see CRAM-MD5/DIGEST-MD5 announced: C01 CAPABILITY * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=PLAIN X-NETSCAPE C01 OK Completed I created a symlink from /usr/local/etc/sasldb to /etc/sasldb (since this location is mentioned in the manpage), but with no success so far. Any ideas where I might continue looking? BTW, what is the correct realm to set in sasldb? The FQDN of my IMAP server? Kind regards, Ferdinand
Shared address books problemmoving from MD imspd to Cyrus imspd
We currently run MD's imsp and a number of users have shared address books. We want to move to the Cyrus imsp (1.6a3) for a number of reasons: SASL We have the source Better Mulberry support We find that the shared address books are not visible when using the Cyrus server (and using exactly the same data as MD's). Do we need to add ACLs to the abooks file or is the problem more complex? Thanks to anyone who has any ideas/suggestions. -- Alan Thew [EMAIL PROTECTED] Computing Services,University of Liverpool Fax: +44 151 794-4442
Re: dothack and cyrus 2.0.16
I'll take a shot at it (it being an interim tool). Is this basically what people are looking for? a saslpasswd that does it's operations on both /etc/sasldb (old sasl) and /etc/sasldb2 (new sasl) Yeppers. a sasldblistusers that will list from either Not so important for us, and may be very confusing. I would say #1 has priority, because we can teach the admins how to query both. a saslconv to convert from one to the other - this would be a no go if the data encryption changed (not just stored different) Yeppers. -- Joe Rhett Chief Geek [EMAIL PROTECTED] ISite Services, Inc.
Re: dothack and cyrus 2.0.16
There might be a little bit of pain involved for large sites to migrate to IMAP 2.1/SASL 2.x, but there aren't any showstoppers that I'm aware of. If CMU can do it (and yes, they are using Sendmail 8.12.x with SMTP AUTH), then any site should be able to do it. I have asked several times on the list, and nobody has told us of a way to handle the dual environment using the sasldb as the database. -- Joe Rhett Chief Geek [EMAIL PROTECTED] ISite Services, Inc.
Re: timsieved plaintext auth
Hi everyone, Maybe I should be a little more specific about the exact symptoms of the problem. Imapd 2.1.1 authenticates just fine using saslauthd, which is set up to use pam, which connects to an LDAP server. As I understand it, imapd/pop3d will use the LOGIN mechanism, and timsieved will use the PLAIN mechanism. Is that the only difference between the way these servers authenticate users? The following messages are logged when someone tries to connect to timsieved: Jan 30 16:23:16 cronus timsieved[7018]: authentication failed Jan 30 16:23:16 cronus timsieved[7018]: Password verification failed Jan 30 16:23:16 cronus timsieved[7018]: badlogin: sirius.pcf.com[10.10.1.140] PLAIN authentication failure but both pop3d and imapd work fine with login: Jan 29 16:23:15 cronus pop3d[32095]: login:brentssff.pcf.com[10.10.1.50] heat plaintext I would be very grateful if someone could give me a direction to look in. I have a big passel of users who all suddenly need to update their vacation notices, and I'm tired of typing them in manually. :-) Thanks in advance! -Jules Agee On Wed, 2002-01-30 at 10:44, julesa wrote: I'm having a similar problem. I was using 2.0.15 with sasl_pwcheck_method: pam, and just upgraded to 2.1.1 with SASL 2.1.0 on RedHat 7.0. I have set up saslauthd to use pam, and changed imapd.conf to sasl_pwcheck_method: saslauthd. imapd authenticates fine through that, but I can't seem to get timsieved authenticating properly. It looks like it's not allowing PLAIN auth type. I added allowplaintext: yes to the imapd.conf file, but I still get this: $ imtest -m plain localhost C: C01 CAPABILITY S: * OK cronus Cyrus IMAP4 v2.1.1 server ready S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=DIGEST-MD5 AUTH=CRAM-MD5 S: C01 OK Completed C: A01 AUTHENTICATE PLAIN S: A01 NO Error authenticating Authentication failed. generic failure Security strength factor: 0 I did create the symlink as advised in the docs: # ls -l /usr/lib/sasl2 lrwxrwxrwx1 root root 20 Jan 29 15:47 /usr/lib/sasl2 - /usr/local/lib/sasl2 And it looks like the libraries for plain auth are in this directory: # cd /usr/lib/sasl2 # ls -l libplain* -rwxr-xr-x1 root root 685 Jan 25 23:38 libplain.la lrwxrwxrwx1 root root 17 Jan 25 23:38 libplain.so - libplain.so.2.0.0 lrwxrwxrwx1 root root 17 Jan 25 23:38 libplain.so.2 - libplain.so.2.0.0 -rwxr-xr-x1 root root73124 Jan 25 23:38 libplain.so.2.0.0 I probably missed some key point in the documentation, but I just can't find it. Any suggestions? -Jules On Tue, 2002-01-15 at 10:44, Ferdinand Goldmann wrote: Hello again... On Sat, 5 Jan 2002, Ken Murchison wrote: Quoting Ferdinand Goldmann [EMAIL PROTECTED]: On Fri, 4 Jan 2002, Lawrence Greenfield wrote: try: ln -s /usr/local/lib/sasl /usr/lib/sasl libsasl looks in /usr/lib/sasl for the plugins but installs them into /usr/local/lib/sasl. Yes, I know, I already did this after SASL installation: # ls -l /usr/lib/sasl lrwxrwxrwx 1 root system19 Oct 23 12:46 /usr/lib/sasl - /usr/local/lib/sasl # ls /usr/local/lib/sasl libanonymous.a libcrammd5.alibdigestmd5.a libplain.a libanonymous.la libcrammd5.la libdigestmd5.la libplain.la libanonymous.so.1 libcrammd5.so.1 libdigestmd5.so.0 libplain.so.1 libanonymous.so.1.0.15 libcrammd5.so.1.0.15libdigestmd5.so.0.0.17 libplain.so.1.0.14 I still have no idea, why my plugins are not detected, or why SASL does not anounce anything when connecting to imapd or popd. Still, everyone can log in fine to their POP3/IMAP accounts, I guess because I am running a pwcheck daemon. The reason that your users can login to IMAP and POP3 is probably because they are not using the AUTHENTICATE or AUTH commands (ie, SASL) respectively. IMAP and POP3 each have their own built-in plaintext commands (LOGIN and USER/PASS). I finally found the time to dig a little bit into this problem: SASL expects DLL files which end in '.so'. However, AIX seems to be a bit tricky here. In my installation, I had only .a and .so.versionnumber files. So I did the following: I symlinked the .a files to .so files and edited the respective .la-files (which hold the configuration information for libtool): library_names='libplain.so.1.0.14 libplain.so.1 libplain.a libplain.so' ^^^ and added another name so the libtool wrapper can find the library under this name. And: # telnet localhost sieve Trying... Connected to localhost Escape character is '^]'.
Re: timsieved plaintext auth
From: julesa [EMAIL PROTECTED] Date: 30 Jan 2002 15:57:53 -0800 Hi everyone, Maybe I should be a little more specific about the exact symptoms of the problem. Imapd 2.1.1 authenticates just fine using saslauthd, which is set up to use pam, which connects to an LDAP server. As I understand it, imapd/pop3d will use the LOGIN mechanism, and timsieved will use the PLAIN mechanism. Is that the only difference between the way these servers authenticate users? . Is your LDAP server being contacted? . Is your PAM subsystem logging anything? I'd suspect that PAM isn't correctly configured to check LDAP for sieve authentication requests. Larry
