sasl_pwcheck_method: auxprop

[Carlos Velasco]

Hi,

I have just upgraded to latest CVS SASL and IMAPD (2.2 branch).
Now, when I try to authenticate through cyradm or pop3 or imap using 
sasl_pwcheck_method: auxprop in imapd.conf, I can not authenticate and I get this into 
auth log:

Sep 30 11:12:34 auth:debug imap: imap[32561]: could not find auxprop plugin, was 
searching for \'[all]\'
Sep 30 11:12:34 auth:debug imap: imap[32561]: could not find auxprop plugin, was 
searching for \'[all]\'


I'm using DB4.0 and all libs seem to be linked right:

 ldd /usr/cyrus/bin/imapd 
libsasl2.so.2 = /usr/include/db4/lib/libsasl2.so.2 (0x40016000)
libssl.so.0.9.6 = /usr/include/db4/lib/libssl.so.0.9.6 (0x40029000)
libcrypto.so.0.9.6 = /usr/include/db4/lib/libcrypto.so.0.9.6 (0x40056000)
libdb-4.0.so = /usr/include/db4/lib/libdb-4.0.so (0x40114000)
libresolv.so.2 = /lib/libresolv.so.2 (0x401a3000)
libcom_err.so.2 = /lib/libcom_err.so.2 (0x401b4000)
libc.so.6 = /lib/libc.so.6 (0x401b7000)
libdl.so.2 = /lib/libdl.so.2 (0x402e8000)
/lib/ld-linux.so.2 = /lib/ld-linux.so.2 (0x4000)

sasl plugins are into /usr/lib/sasl2
/usr/include/db4/lib is a symlink to /usr/lib (as db4 libs are there)


SASLDB seems to work, as saslpasswd2 and sasldblistusers2 work:

 sasldblistusers2 
mailadmin@atlas: userPassword


 ls -al /usr/lib/sasl2/
total 264
drwxr-xr-x2 root root 4096 Sep 30 02:00 .
drwxr-xr-x   41 root root12288 Sep 30 11:00 ..
-rw-r--r--1 root root11780 Sep 30 02:00 libanonymous.a
-rwxr-xr-x1 root root  724 Sep 30 02:00 libanonymous.la
lrwxrwxrwx1 root root   21 Sep 30 02:00 libanonymous.so - 
libanonymous.so.2.0.7
lrwxrwxrwx1 root root   21 Sep 30 02:00 libanonymous.so.2 - 
libanonymous.so.2.0.7
-rwxr-xr-x1 root root15478 Sep 30 02:00 libanonymous.so.2.0.7
-rw-r--r--1 root root14390 Sep 30 02:00 libcrammd5.a
-rwxr-xr-x1 root root  710 Sep 30 02:00 libcrammd5.la
lrwxrwxrwx1 root root   19 Sep 30 02:00 libcrammd5.so - 
libcrammd5.so.2.0.7
lrwxrwxrwx1 root root   19 Sep 30 02:00 libcrammd5.so.2 - 
libcrammd5.so.2.0.7
-rwxr-xr-x1 root root18443 Sep 30 02:00 libcrammd5.so.2.0.7
-rw-r--r--1 root root46230 Sep 30 02:00 libdigestmd5.a
-rwxr-xr-x1 root root  742 Sep 30 02:00 libdigestmd5.la
lrwxrwxrwx1 root root   21 Sep 30 02:00 libdigestmd5.so - 
libdigestmd5.so.2.0.7
lrwxrwxrwx1 root root   21 Sep 30 02:00 libdigestmd5.so.2 - 
libdigestmd5.so.2.0.7
-rwxr-xr-x1 root root47581 Sep 30 02:00 libdigestmd5.so.2.0.7
-rw-r--r--1 root root12074 Sep 30 02:00 libplain.a
-rwxr-xr-x1 root root  704 Sep 30 02:00 libplain.la
lrwxrwxrwx1 root root   17 Sep 30 02:00 libplain.so - 
libplain.so.2.0.7
lrwxrwxrwx1 root root   17 Sep 30 02:00 libplain.so.2 - 
libplain.so.2.0.7
-rwxr-xr-x1 root root15792 Sep 30 02:00 libplain.so.2.0.7
-rw-r--r--1 root root16500 Sep 30 02:00 libsasldb.a
-rwxr-xr-x1 root root  753 Sep 30 02:00 libsasldb.la
lrwxrwxrwx1 root root   18 Sep 30 02:00 libsasldb.so - 
libsasldb.so.2.0.7
lrwxrwxrwx1 root root   18 Sep 30 02:00 libsasldb.so.2 - 
libsasldb.so.2.0.7
-rwxr-xr-x1 root root18649 Sep 30 02:00 libsasldb.so.2.0.7


It seems that SASL don't see SASLDB as auxprop method?

Any help would be apreciated.

Regards,
Carlos Velasco

Re: User mailbox renames

[Ken Murchison]

Quoting Roland Pope [EMAIL PROTECTED]:

 Hi,
 
 I am running cyrus-imapd 2.1.9 and I would like to be able to rename a
 user's mailbox.
 When I try a rename using cyradm, it tells me Operation is not supported
 on
 mailbox. From having a look at the source, it appears you can only rename
 a
 top level mailbox when using murder. Is this the case?

Actually, in a Murder, the user's mailboxes are XFERd between servers.  User 
RENAMEs are enabled in 2.2, if you want to try it.

 I tried creating the new destination mailbox and copying the original users
 files across to this and running reconstruct. The problem I have then is
 that I loose the original subscriptions and seen states?
 I can fiddle the user subscription file, but the seen states are stored in
 a
 skiplist DB and I'm not sure how to go about converting this file for the
 renamed mailbox.

You shouldn't have to convert it.  Each mailbox has a unique id which stays 
constant once the mailbox is created.  Just copy /var/imap/user/f/foo.seen to 
/var/imap/user/b/bar.seen.

 Anybody out there got a solution to this, maybe a malbox rename script??

You'll also want to move the user's quota file(s) and any Sieve scripts.  The 
biggest problem you're going to have is that the ACLs on the user's mailboxes 
are going to have to be changed so that the new user has access to them.

Ken
-- 
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26  Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp

Rename bug more serious than thought...

[Rob Mueller]

Using cyrus 2.1.9, it seems that each time you rename a folder, it adds to
any quota that folder is under...

Connected to xyz.com.
Escape character is '^]'.
* OK xyz.com Cyrus IMAP4 v2.1.9 server ready
. login blah blah
. OK User logged in
. getquotaroot inbox
* QUOTAROOT inbox user.blah
* QUOTA user.blah (STORAGE 36915 409600)
. OK Completed
. rename inbox.Saved inbox.Saved2
. OK Completed
. getquotaroot inbox
* QUOTAROOT inbox user.blah
* QUOTA user.blah (STORAGE 42518 409600)
. OK Completed
. rename inbox.Saved2 inbox.Saved
. OK Completed
. getquotaroot inbox
* QUOTAROOT inbox user.blah
* QUOTA user.blah (STORAGE 48122 409600)
. OK Completed

I'm not sure if this is fixed in CVS, but this seems a pretty serious bug...

Rob

Re: Can't authorize via postfix

[Scott Russell]

On Mon, Sep 30, 2002 at 09:04:40AM -0300, Henrique de Moraes Holschuh wrote:
 On Sun, 29 Sep 2002, Galen Johnson wrote:
  Actually, I was wondering when the Debian chroot of postfix would rear 
  it's ugly head.  There is really no reason to chroot postfix.  Just edit 
 
 Of course there is: Security.   Watch as I try to find a way to chroot Cyrus
 as well...
 
 (it should actually be quite doable, master can run outside the chroot, and
 services can be selectively chrooted by master when started -- it depends on
 how much information from outside the chroot the services would need...)

Postfix I run chrooted, especially on boxes where user accounts exist.
I don't know if I would bother running Cyrus in chroot since it's  a
closed box application anyway.

Sure, in theory chroot is 'more secure' regardless but often there is
a trade off between security and connivance. I can seriously increase
the security on any box I own by unplugging it from the network, but
that wouldn't be very convenient for me, or the users. :)

-- 
  Scott Russell ([EMAIL PROTECTED])
  Linux Technology Center, System Admin, RHCE.
  Dial 877-735-8200 then ask for 919-543-9289 (TTY)

Re: Rename bug more serious than thought...

[Scott Russell]

On Mon, Sep 30, 2002 at 10:26:10PM +1000, Rob Mueller wrote:
 Using cyrus 2.1.9, it seems that each time you rename a folder, it adds to
 any quota that folder is under...
 
 Connected to xyz.com.
 Escape character is '^]'.
 * OK xyz.com Cyrus IMAP4 v2.1.9 server ready
 . login blah blah
 . OK User logged in
 . getquotaroot inbox
 * QUOTAROOT inbox user.blah
 * QUOTA user.blah (STORAGE 36915 409600)
 . OK Completed
 . rename inbox.Saved inbox.Saved2
 . OK Completed
 . getquotaroot inbox
 * QUOTAROOT inbox user.blah
 * QUOTA user.blah (STORAGE 42518 409600)
 . OK Completed
 . rename inbox.Saved2 inbox.Saved
 . OK Completed
 . getquotaroot inbox
 * QUOTAROOT inbox user.blah
 * QUOTA user.blah (STORAGE 48122 409600)
 . OK Completed

Why aren't the numbers even multiples? There is a 5603 byte difference
between the first getquota and the second one issued. There is a 5604
byte difference between the second getquota command and the third one
issued. Did the user receive additional mail while you were running
this test?

-- 
  Scott Russell ([EMAIL PROTECTED])
  Linux Technology Center, System Admin, RHCE.
  Dial 877-735-8200 then ask for 919-543-9289 (TTY)

outlook 2000 imap delivery problem

[Valmar Joandi]

Hello,


 I have cyrus-imap running on linux and appr 70 win98 client machines with
 outlook 2000. I'm not quite sure wether its outlook or imap server
 problem.

 I have tracked down that sometimes when outlook is running and after
 message arrives to imap server , outlook is unable to
 get message from server (SendReceive preforms its action but delivers
 no new messages). Although reading message same time with some
 other imap client shows that message is there.
 When I close outlook and rerun it works fine again.
 Btw, most of the time it deliveres messages immediately..


 I have seeked lot  but find nothing yet, maybe someone here has
 experienced that kind of problem and knows answer?

Re: outlook 2000 imap delivery problem

[Tijl Dullers]

I had exactely the same problem , especially with people who had or a 
slow PC or a whole lot of different E-mail folders on the IMAP server ( 
Or a combination of both ) , 
I replaced outlook with Mozilla 1.1 or Netscape mail client and the 
problem was solved,

I tried Outlook 2000 with and without every possible patch and even 
tried Outlook XP , But al gave the same result .

Netscape / Mozilla mailcient have imho a very decent IMAP implementation 
and you can also choose to sync all your folders for offline usage , 
which you cannot do with outlook 2000 when using an IMAP server ( only 
Outlook XP supports this - with some application crashes )

Regards,

Tijl




Valmar Joandi wrote:

Hello,


 I have cyrus-imap running on linux and appr 70 win98 client machines with
 outlook 2000. I'm not quite sure wether its outlook or imap server
 problem.

 I have tracked down that sometimes when outlook is running and after
 message arrives to imap server , outlook is unable to
 get message from server (SendReceive preforms its action but delivers
 no new messages). Although reading message same time with some
 other imap client shows that message is there.
 When I close outlook and rerun it works fine again.
 Btw, most of the time it deliveres messages immediately..


 I have seeked lot  but find nothing yet, maybe someone here has
 experienced that kind of problem and knows answer?



  

Re: Rename bug more serious than thought...

[Ken Murchison]

Rob Mueller wrote:
 
 Using cyrus 2.1.9, it seems that each time you rename a folder, it adds to
 any quota that folder is under...
 
 Connected to xyz.com.
 Escape character is '^]'.
 * OK xyz.com Cyrus IMAP4 v2.1.9 server ready
 . login blah blah
 . OK User logged in
 . getquotaroot inbox
 * QUOTAROOT inbox user.blah
 * QUOTA user.blah (STORAGE 36915 409600)
 . OK Completed
 . rename inbox.Saved inbox.Saved2
 . OK Completed
 . getquotaroot inbox
 * QUOTAROOT inbox user.blah
 * QUOTA user.blah (STORAGE 42518 409600)
 . OK Completed
 . rename inbox.Saved2 inbox.Saved
 . OK Completed
 . getquotaroot inbox
 * QUOTAROOT inbox user.blah
 * QUOTA user.blah (STORAGE 48122 409600)
 . OK Completed
 
 I'm not sure if this is fixed in CVS, but this seems a pretty serious bug...

My guess is that it has been introduced fairly recently.

Does the old mailbox actually get deleted?  What happens if you rename a
folder outside of the same hierarchy?

-- 
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26  Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp

Re: Can't authorize via postfix

[Henrique de Moraes Holschuh]

On Mon, 30 Sep 2002, Scott Russell wrote:
 I don't know if I would bother running Cyrus in chroot since it's  a
 closed box application anyway.

You certainly could.  It limits the damage one could cause by crashing
cyrus...

 the security on any box I own by unplugging it from the network, but
 that wouldn't be very convenient for me, or the users. :)

I believe choice is a good thing.

-- 
  One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie. -- The Silicon Valley Tarot
  Henrique Holschuh

Re: SETACL on user mailbox

[Rob Siemborski]

On Mon, 30 Sep 2002, Rob Mueller wrote:

 Now I argued that the current behaviour was actually against the RFC's
 description of what the 'a' right meant, mostly because this is the
 behaviour we want to see :). Others argued that because at CMU there's lots
 of shared folders that users want to alter, they would leave it as it is.

Actually it's the user's own folders that cause the problem.  Shared
folders people wind up screwing themselves on ;)

 Since the actual meaning then of what people want seems to be site
 dependent, why not create a configuration option for it? Something like
 below perhaps?

Your patch isn't complete, because it doesn't affect some implicit
administrative rights that are granted in user mailbox spaces, (see, for
example, mboxlist_mycreatemailbox where is_admin gets set if the user owns
the mailbox, and therefore the acl is ignored).

-Rob

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper

Re: SETACL on user mailbox

[Ken Murchison]

Rob Siemborski wrote:
 
 On Mon, 30 Sep 2002, Rob Mueller wrote:
 
  Now I argued that the current behaviour was actually against the RFC's
  description of what the 'a' right meant, mostly because this is the
  behaviour we want to see :). Others argued that because at CMU there's lots
  of shared folders that users want to alter, they would leave it as it is.
 
 Actually it's the user's own folders that cause the problem.  Shared
 folders people wind up screwing themselves on ;)
 
  Since the actual meaning then of what people want seems to be site
  dependent, why not create a configuration option for it? Something like
  below perhaps?
 
 Your patch isn't complete, because it doesn't affect some implicit
 administrative rights that are granted in user mailbox spaces, (see, for
 example, mboxlist_mycreatemailbox where is_admin gets set if the user owns
 the mailbox, and therefore the acl is ignored).

Yes, it is more complex than just one check.  I have a patch floating
around from the first time your guys brought this up.  I can dust it off
and see if its complete.  IIRC, I was blocking on input/review from
Larry on my patch.

Ken
-- 
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26  Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp

need help with notify_no.c

[Christoph R]

I'm trying to get my cyrus-imapd-2.0.16 installation to call a php
script
on incomming mails.

I've added something like:
system ( /notify.php user mailbox message );
to the imap/notify_no.c but now sendmail always says cyrus exited with
EX_TEMPFAIL.
How can I get notify_no.c to call my script without EX_TEMPFAILING?

And is there a way to check how many messages are in the mailbox cyrus
is delivering to?
It would be nice if I could only call my PHP script for the first
message that is
in the mailbox.

Thanks.

Converting email from a bsd style email box

[Vernon A. Fort]

To all,

 Is it possible to
read am email message from an existing BSD style mbox
file and use the cyrus
deliver agent to inject the mail verses simple copying the file into the
specific folder:



 cat {message} | formail s /usr/libexec/deliver m . {userid} {return}



When I do this, I get invalid header ?!?



I am looking at this because there Might be
existing email in the account so I do not want to overwrite any..



Any additional thoughts would be great!!



Vernon





Vernon A. Fort (Andy)

Provident Solutions LLC.

(615) 406-5540 http://www.provident-solutions.com

Problems with IMAPS and POPS

[Felix Cuello]

Hello!

I'm actually using Cyrus 2.1.8 with SASL 2.1.7, and I have some
problems to config my Cyrus to accept SSL connections.

Here is my 3 first lines of netstat -at

Proto Recv-Q Send-Q Local Address   Foreign Address State
tcp0  0 *:imaps *:* LISTEN
tcp0  0 *:pop3s *:* LISTEN
--

And my /usr/local/etc/saslauhtd.conf

ldap_servers: ldap://upsoluciones.palermo.edu/
ldap_bind_dn: uid=cyrus,ou=people,dc=palermo,dc=edu
ldap_bind_pw: 
ldap_search_base: ou=people,dc=palermo,dc=edu
ldap_tls_check_peer: yes
ldap_tls_cacert_file: palermoca.pem
ldap_tls_cacert_dir: /usr/share/ssl/certs/



Changing 2 last lines for this lines...

ldap_tls_cacert_file: /usr/share/ssl/certs/palermoca.pem
#ldap_tls_cacert_dir: /usr/share/ssl/certs/

I have the same problem... IMAPPOP works fine, but IMAPSPOPS not.



/var/log/errors shows this:

Oct  2 13:09:00 upsoluciones su(pam_unix)[12631]: session closed for user
root
Oct  2 13:09:33 upsoluciones su(pam_unix)[12740]: session opened for user
root by felix(uid=500)
Oct  2 13:12:58 upsoluciones su(pam_unix)[12740]: session closed for user
root
Oct  2 13:18:05 upsoluciones su(pam_unix)[12841]: session opened for user
root by felix(uid=500)
Oct  2 13:20:23 upsoluciones ctl_mboxlist: ctl_mboxlist -c is deprecated:
use ctl_cyrusdb -c instead^H
Oct  2 13:20:24 upsoluciones ctl_mboxlist[12882]: checkpointing mboxlist

-

What's wrong??, I'm actually using Netscape 4.79 (for Linux) to check POPS
mail, and Netscape run in the machine that I'm running LDAP, CYRUS and
SASL.

[Yes I know... my computer date is wrong :-)]


Can you help me?

thanks a lot,

and sorry for my poor english,


Felix

Re: Rename bug more serious than thought...

[Rob Siemborski]

On Mon, 30 Sep 2002, Ken Murchison wrote:

 My guess is that it has been introduced fairly recently.

I've attached a patch to correct the problem (which has also been
committed to cvs, and I assume will be in the 2.2 branch as well later
today).  Any problems let me know (or reopen bug #1425).

-Rob

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper

Re: Sieve Vacation syntax

[Greg Roberts]

On Fri, 27 Sep 2002, Ken Murchison wrote:

[]
 ALL of the relevent specifications (RFCs, IDs, etc) are listed in 
 doc/specs.html
 
 I start to wonder why I keep this up to date if nobody is going to look at it  
 :(

Ken,

Here's a little happier spin for you... some people do read them and they 
are so good, those people have no questions and you never hear from them.

Someone like me, for example. :)  I've done two successful Cyrus 
installations now.  While it wasn't without a few little bumps along the 
way, overall it went smoothly and the docs were a BIG help.

So, thanks to you and the entire Cyrus team!  Well Done!

Sincerely,
Greg

Re: outlook 2000 imap delivery problem

[Tijl Dullers]

I do not see how a patch can solve bad client side implementation of 
microsoft IMAP client , 
Even if this patch solves the problem Netscape Mail client if a far 
better and more reliable choice.


Luc Germain wrote:

Hi!

Are you using idled on your server? If yes, you might want to try the patch
described in this message:

http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrusmsg=17
144

It solved a similar problem for me.

Luc.

-Message d'origine-
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]De la part de Valmar
Joandi
Envoyé : 30 septembre 2002 09:25
À : [EMAIL PROTECTED]
Objet : outlook 2000  imap delivery problem


Hello,


 I have cyrus-imap running on linux and appr 70 win98 client machines with
 outlook 2000. I'm not quite sure wether its outlook or imap server
 problem.

 I have tracked down that sometimes when outlook is running and after
 message arrives to imap server , outlook is unable to
 get message from server (SendReceive preforms its action but delivers
 no new messages). Although reading message same time with some
 other imap client shows that message is there.
 When I close outlook and rerun it works fine again.
 Btw, most of the time it deliveres messages immediately..


 I have seeked lot  but find nothing yet, maybe someone here has
 experienced that kind of problem and knows answer?




  

Re: Problems with IMAPS and POPS

[Connie Starr Fensky]

First of all, it looks like you did not update your cyrus.conf from a 2.0
version. That is the cause of the ctl_mboxlist vs ctl_cyrusdb error message
in the log.

Sorry, I cannot help with the secure shell part.
c*
- Original Message -
From: Felix Cuello [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, September 30, 2002 2:26 PM
Subject: Problems with IMAPS and POPS



 Hello!

 I'm actually using Cyrus 2.1.8 with SASL 2.1.7, and I have some
 problems to config my Cyrus to accept SSL connections.

 Here is my 3 first lines of netstat -at
 
 Proto Recv-Q Send-Q Local Address   Foreign Address State
 tcp0  0 *:imaps *:* LISTEN
 tcp0  0 *:pop3s *:* LISTEN
 --

 And my /usr/local/etc/saslauhtd.conf
 
 ldap_servers: ldap://upsoluciones.palermo.edu/
 ldap_bind_dn: uid=cyrus,ou=people,dc=palermo,dc=edu
 ldap_bind_pw: 
 ldap_search_base: ou=people,dc=palermo,dc=edu
 ldap_tls_check_peer: yes
 ldap_tls_cacert_file: palermoca.pem
 ldap_tls_cacert_dir: /usr/share/ssl/certs/

 

 Changing 2 last lines for this lines...

 ldap_tls_cacert_file: /usr/share/ssl/certs/palermoca.pem
 #ldap_tls_cacert_dir: /usr/share/ssl/certs/

 I have the same problem... IMAPPOP works fine, but IMAPSPOPS not.

 

 /var/log/errors shows this:

 Oct  2 13:09:00 upsoluciones su(pam_unix)[12631]: session closed for user
 root
 Oct  2 13:09:33 upsoluciones su(pam_unix)[12740]: session opened for user
 root by felix(uid=500)
 Oct  2 13:12:58 upsoluciones su(pam_unix)[12740]: session closed for user
 root
 Oct  2 13:18:05 upsoluciones su(pam_unix)[12841]: session opened for user
 root by felix(uid=500)
 Oct  2 13:20:23 upsoluciones ctl_mboxlist: ctl_mboxlist -c is deprecated:
 use ctl_cyrusdb -c instead^H
 Oct  2 13:20:24 upsoluciones ctl_mboxlist[12882]: checkpointing mboxlist

 -

 What's wrong??, I'm actually using Netscape 4.79 (for Linux) to check POPS
 mail, and Netscape run in the machine that I'm running LDAP, CYRUS and
 SASL.

 [Yes I know... my computer date is wrong :-)]


 Can you help me?

 thanks a lot,

 and sorry for my poor english,


 Felix

RE: outlook 2000 imap delivery problem

[Luc Germain]

Hi!

Are you using idled on your server? If yes, you might want to try the patch
described in this message:

http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrusmsg=17
144

It solved a similar problem for me.

Luc.

-Message d'origine-
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]De la part de Valmar
Joandi
Envoyé : 30 septembre 2002 09:25
À : [EMAIL PROTECTED]
Objet : outlook 2000  imap delivery problem


Hello,


 I have cyrus-imap running on linux and appr 70 win98 client machines with
 outlook 2000. I'm not quite sure wether its outlook or imap server
 problem.

 I have tracked down that sometimes when outlook is running and after
 message arrives to imap server , outlook is unable to
 get message from server (SendReceive preforms its action but delivers
 no new messages). Although reading message same time with some
 other imap client shows that message is there.
 When I close outlook and rerun it works fine again.
 Btw, most of the time it deliveres messages immediately..


 I have seeked lot  but find nothing yet, maybe someone here has
 experienced that kind of problem and knows answer?

Re: Problems with IMAPS and POPS

[Felix Cuello]

Were Can I find the newest and most generic cyrus.conf or/and
documentation to make cyrus.conf from scratch

Thanks

Felix

---
 Felix Cuello
 [EMAIL PROTECTED]

 Qodiga/its
 http://www.qodiga.com
 Santa Fe 882 - Piso 13 - Of.E
 Buenos Aires, ARGENTINA


quote who=Connie Starr Fensky
 First of all, it looks like you did not update your cyrus.conf from a
 2.0 version. That is the cause of the ctl_mboxlist vs ctl_cyrusdb error
 message in the log.

 Sorry, I cannot help with the secure shell part.
 c*

Re: Problems with IMAPS and POPS

[Connie Starr Fensky]

It should be in cyrus-imapd base directory/master/conf directory of
distribution. I use normal.conf, and just copy it to my /etc directory as
cyrus.conf.
Does this help?
c*
- Original Message -
From: Felix Cuello [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Monday, September 30, 2002 3:09 PM
Subject: Re: Problems with IMAPS and POPS


 Were Can I find the newest and most generic cyrus.conf or/and
 documentation to make cyrus.conf from scratch

 Thanks

 Felix

 ---
  Felix Cuello
  [EMAIL PROTECTED]

  Qodiga/its
  http://www.qodiga.com
  Santa Fe 882 - Piso 13 - Of.E
  Buenos Aires, ARGENTINA


 quote who=Connie Starr Fensky
  First of all, it looks like you did not update your cyrus.conf from a
  2.0 version. That is the cause of the ctl_mboxlist vs ctl_cyrusdb error
  message in the log.
 
  Sorry, I cannot help with the secure shell part.
  c*

Re: Problems with IMAPS and POPS

[Felix Cuello]

Yes!!!... it is working!

I've just added this three lines to my /etc/imapd.conf

tls_cert_file: /usr/share/ssl/certs/cert.pem
tls_key_file: /usr/share/ssl/certs/cert.key
tls_require_cert: 0

And IMAPS  POPS (pops not tested yet) works fine!!

thanks a lot!

Felix

---
 Felix Cuello
 [EMAIL PROTECTED]

 Qodiga/its
 http://www.qodiga.com
 Santa Fe 882 - Piso 13 - Of.E
 Buenos Aires, ARGENTINA


 Do 'man imapd.conf' and search for tls_(cert|key)_file and
 possibly tls_ca_(file|path) params.  You can also find info in
 $cyrus-imapd/doc/install-configure.html#open.

 Hope this helps.

 -Igor

Problems with GSSAPI authentication?

[Josh Huber]

I'm having some bizarre issues with krb 5 authentication and Cyrus
imapd v2.1.9.

The really odd this about this is I get different behavior when I try
from my user account and when I try from root.

Here's the output of imtest -m GSSAPI mail as root:

S: * OK mail.paradoxical.net Cyrus IMAP4 v2.1.9 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS 
ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT 
THREAD=REFERENCES IDLE AUTH=GSSAPI
S: C01 OK Completed
C: A01 AUTHENTICATE GSSAPI
S: + 
C: 
ZIICWAYJKoZIhvcSAQICAQBuggJHMIICQ6ADAgEFoQMCAQ6iBwMFACCjggFnYYIBYzCCAV+gAwIBBaERGw9QQVJBRE9YSUNBTC5ORVSiJzAloAMCAQOhHjAcGwRpbWFwGxRtYWlsLnBhcmFkb3hpY2FsLm5ldKOCARowggEWoAMCARChAwIBBKKCAQgEggEEOjp0YQAF2/kBgARDKi9TPkO9hS1PTewJ+hZl7XcZ0fddqDQoP4iTc01Sg6LH+RufqQ18lwmdCzt4ppQhYneIbACmR66PEokvSlFaNxvThf7RwvMW3x2xQ1TTk+/6Ge9ZAEk3sbQjADjWz6YQW2hv0ymxig+RUDU21lqUMX6wlMYOj70p/f9NWT7cgmVMqGr7Cppz9xuoOQpMKgrkSsV30f0IAEuY+7GtU2bs6j+2OqV6NzpLVWMbbaX6ob4OtuXjaJLm2DMV/jx52mqHxY41XY3Hhd5ZKSfFjTO07pcqRLWNmyCdaboXcSrOqnXBjDROBpbyDePpEoG3/9/Ahc8CfmwZ16qkgcIwgb+gAwIBEKKBtwSBtLgzSku+Lgv9rOnJVVjAhhse3ZNV2P7yZu3pBsMLe3CotavsnG5S4CzVH9yj9hbbnaUiRdzTxkHaS7tPrG8rp4k2xTExo4t8sb5n40l7YHFfVQLGPFELK5ReXqdVbUvEWUmGrkGCALNcE7VoUhgtTE4zY6PtDqqZn5vKz6bcPK75RY5jq5qnFe1FZ/UX+QhiqEVtMuYQyk8ZyzWq8qSM402Ycsvp7Cu8rw3iIsuZvUlKFzd1sg==
delay of a couple seconds
S: A01 NO Error authenticating
Authentication failed. generic failure
Security strength factor: 0

Here's the output from my lowly user account:

S: * OK mail.paradoxical.net Cyrus IMAP4 v2.1.9 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS 
ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT 
THREAD=REFERENCES IDLE AUTH=GSSAPI
S: C01 OK Completed
C: A01 AUTHENTICATE GSSAPI
S: + 
Segmentation fault

/etc/imapd.conf:

# imap setup
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: admin
sasl_pwcheck_method: auxprop
keytab: /etc/imap.keytab

/etc/cyrus.conf:

# standard standalone server implementation

START {
  # do not delete this entry!
  recover   cmd=ctl_cyrusdb -r

  # this is only necessary if using idled for IMAP IDLE
#  idledcmd=idled
}

# UNIX sockets start with a slash and are put into /var/imap/socket
SERVICES {
  # add or remove based on preferences
  imap  cmd=imapd listen=imap prefork=0
  imaps cmd=imapd -s listen=imaps prefork=0
#  pop3 cmd=pop3d listen=pop3 prefork=0
#  pop3scmd=pop3d -s listen=pop3s prefork=0
  sieve cmd=timsieved listen=sieve prefork=0

  # at least one LMTP is required for delivery
#  lmtp cmd=lmtpd listen=lmtp prefork=0
  lmtpunix  cmd=lmtpd listen=/var/imap/socket/lmtp prefork=0

  # this is only necessary if using notifications
#  notify   cmd=notifyd listen=/var/imap/socket/notify proto=udp prefork=1
}

EVENTS {
  # this is required
  checkpointcmd=ctl_cyrusdb -c period=30

  # this is only necessary if using duplicate delivery suppression
  delprune  cmd=ctl_deliver -E 3 period=1440

  # this is only necessary if caching TLS sessions
  tlsprune  cmd=tls_prune period=1440
}


Here's the output in /var/log/imapd.log when the login fails (as
root):

Oct  1 00:03:10 mail imapd[14807]: badlogin: mail.paradoxical.net[192.168.0.5] GSSAPI 
[SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context]

And here's the output in /var/log/auth.log (as root):

Oct  1 00:01:40 mail imapd[14781]: GSSAPI Failure: gss_accept_sec_context


The corresponding output in auth.log from when I'm running as my user
account is:

Oct  1 00:07:21 mail imtest: Bad IPLOCALPORT value

If I already have principals in the krb5 database for users (I do)
should there be additional setup required to allow them to use the
IMAP server?  That's not quite clear to me, unfortunately.

Software involved:

MIT Kerberos V5 1.2.5
SASL 2.1.2
OpenLDAP 2.0.23 (for user  group information)
OpenAFS 1.2.6 (for user home directories)

Another question I have, which I can't seem to find an answer to is
would it be possible to store mailboxes on an afs filesystem?  I'm not
doing this yet, but I may in the future if it's supported.

Thanks for any help you can provide,

-- 
Josh Huber

Re: User mailbox renames

[Roland Pope]

- Original Message -
From: Ken Murchison [EMAIL PROTECTED]
Sent: Tuesday, October 01, 2002 12:15 AM
The problem I have then is
 that I lose the original subscriptions and seen states?
 I can fiddle the user subscription file, but the seen states are stored
in
 a skiplist DB and I'm not sure how to go about converting this file for
the
 renamed mailbox.
You shouldn't have to convert it.  Each mailbox has a unique id which stays
constant once the mailbox is created.  Just copy /var/imap/user/f/foo.seen
to
/var/imap/user/b/bar.seen.

The problem I had with seen state appeared to go like this.

1) cp -a /var/spool/imap/user/foo - /var/spool/imap/user/bar
2) Create new user 'bar'
3) reconstruct -rf user.bar
4) Login as 'bar' and all the flags and seen states are reset.

The problem resolved itself when I did it as follows.

1) Create new user 'bar'
2) rm -Rf /var/spool/imap/user/bar
3) cp -a /var/spool/imap/user/foo - /var/spool/imap/user/bar
4) reconstruct -rf user.bar

I guess creating the new mailbox after I had copied the old user's files was
overwriting the cyrus.* files and resetting the UID for the INBOX.

You'll also want to move the user's quota file(s) and any Sieve scripts.

 Thanks, yes, I am already migrating quota and sieve files successfully

The biggest problem you're going to have is that the ACLs on the user's
mailboxes
are going to have to be changed so that the new user has access to them.

As for ACL's, I am now only copying the users top level mailbox and doing
imap renames on all the subfolders.
Then, before I delete the old mailbox, I list all the ACL's on 'user.foo'
(except the one for 'foo') and add them to 'user.bar'.

Thanks
Roland Pope