sasl_pwcheck_method: auxprop
Hi, I have just upgraded to latest CVS SASL and IMAPD (2.2 branch). Now, when I try to authenticate through cyradm or pop3 or imap using sasl_pwcheck_method: auxprop in imapd.conf, I can not authenticate and I get this into auth log: Sep 30 11:12:34 auth:debug imap: imap[32561]: could not find auxprop plugin, was searching for \'[all]\' Sep 30 11:12:34 auth:debug imap: imap[32561]: could not find auxprop plugin, was searching for \'[all]\' I'm using DB4.0 and all libs seem to be linked right: ldd /usr/cyrus/bin/imapd libsasl2.so.2 = /usr/include/db4/lib/libsasl2.so.2 (0x40016000) libssl.so.0.9.6 = /usr/include/db4/lib/libssl.so.0.9.6 (0x40029000) libcrypto.so.0.9.6 = /usr/include/db4/lib/libcrypto.so.0.9.6 (0x40056000) libdb-4.0.so = /usr/include/db4/lib/libdb-4.0.so (0x40114000) libresolv.so.2 = /lib/libresolv.so.2 (0x401a3000) libcom_err.so.2 = /lib/libcom_err.so.2 (0x401b4000) libc.so.6 = /lib/libc.so.6 (0x401b7000) libdl.so.2 = /lib/libdl.so.2 (0x402e8000) /lib/ld-linux.so.2 = /lib/ld-linux.so.2 (0x4000) sasl plugins are into /usr/lib/sasl2 /usr/include/db4/lib is a symlink to /usr/lib (as db4 libs are there) SASLDB seems to work, as saslpasswd2 and sasldblistusers2 work: sasldblistusers2 mailadmin@atlas: userPassword ls -al /usr/lib/sasl2/ total 264 drwxr-xr-x2 root root 4096 Sep 30 02:00 . drwxr-xr-x 41 root root12288 Sep 30 11:00 .. -rw-r--r--1 root root11780 Sep 30 02:00 libanonymous.a -rwxr-xr-x1 root root 724 Sep 30 02:00 libanonymous.la lrwxrwxrwx1 root root 21 Sep 30 02:00 libanonymous.so - libanonymous.so.2.0.7 lrwxrwxrwx1 root root 21 Sep 30 02:00 libanonymous.so.2 - libanonymous.so.2.0.7 -rwxr-xr-x1 root root15478 Sep 30 02:00 libanonymous.so.2.0.7 -rw-r--r--1 root root14390 Sep 30 02:00 libcrammd5.a -rwxr-xr-x1 root root 710 Sep 30 02:00 libcrammd5.la lrwxrwxrwx1 root root 19 Sep 30 02:00 libcrammd5.so - libcrammd5.so.2.0.7 lrwxrwxrwx1 root root 19 Sep 30 02:00 libcrammd5.so.2 - libcrammd5.so.2.0.7 -rwxr-xr-x1 root root18443 Sep 30 02:00 libcrammd5.so.2.0.7 -rw-r--r--1 root root46230 Sep 30 02:00 libdigestmd5.a -rwxr-xr-x1 root root 742 Sep 30 02:00 libdigestmd5.la lrwxrwxrwx1 root root 21 Sep 30 02:00 libdigestmd5.so - libdigestmd5.so.2.0.7 lrwxrwxrwx1 root root 21 Sep 30 02:00 libdigestmd5.so.2 - libdigestmd5.so.2.0.7 -rwxr-xr-x1 root root47581 Sep 30 02:00 libdigestmd5.so.2.0.7 -rw-r--r--1 root root12074 Sep 30 02:00 libplain.a -rwxr-xr-x1 root root 704 Sep 30 02:00 libplain.la lrwxrwxrwx1 root root 17 Sep 30 02:00 libplain.so - libplain.so.2.0.7 lrwxrwxrwx1 root root 17 Sep 30 02:00 libplain.so.2 - libplain.so.2.0.7 -rwxr-xr-x1 root root15792 Sep 30 02:00 libplain.so.2.0.7 -rw-r--r--1 root root16500 Sep 30 02:00 libsasldb.a -rwxr-xr-x1 root root 753 Sep 30 02:00 libsasldb.la lrwxrwxrwx1 root root 18 Sep 30 02:00 libsasldb.so - libsasldb.so.2.0.7 lrwxrwxrwx1 root root 18 Sep 30 02:00 libsasldb.so.2 - libsasldb.so.2.0.7 -rwxr-xr-x1 root root18649 Sep 30 02:00 libsasldb.so.2.0.7 It seems that SASL don't see SASLDB as auxprop method? Any help would be apreciated. Regards, Carlos Velasco
Re: User mailbox renames
Quoting Roland Pope [EMAIL PROTECTED]: Hi, I am running cyrus-imapd 2.1.9 and I would like to be able to rename a user's mailbox. When I try a rename using cyradm, it tells me Operation is not supported on mailbox. From having a look at the source, it appears you can only rename a top level mailbox when using murder. Is this the case? Actually, in a Murder, the user's mailboxes are XFERd between servers. User RENAMEs are enabled in 2.2, if you want to try it. I tried creating the new destination mailbox and copying the original users files across to this and running reconstruct. The problem I have then is that I loose the original subscriptions and seen states? I can fiddle the user subscription file, but the seen states are stored in a skiplist DB and I'm not sure how to go about converting this file for the renamed mailbox. You shouldn't have to convert it. Each mailbox has a unique id which stays constant once the mailbox is created. Just copy /var/imap/user/f/foo.seen to /var/imap/user/b/bar.seen. Anybody out there got a solution to this, maybe a malbox rename script?? You'll also want to move the user's quota file(s) and any Sieve scripts. The biggest problem you're going to have is that the ACLs on the user's mailboxes are going to have to be changed so that the new user has access to them. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Rename bug more serious than thought...
Using cyrus 2.1.9, it seems that each time you rename a folder, it adds to any quota that folder is under... Connected to xyz.com. Escape character is '^]'. * OK xyz.com Cyrus IMAP4 v2.1.9 server ready . login blah blah . OK User logged in . getquotaroot inbox * QUOTAROOT inbox user.blah * QUOTA user.blah (STORAGE 36915 409600) . OK Completed . rename inbox.Saved inbox.Saved2 . OK Completed . getquotaroot inbox * QUOTAROOT inbox user.blah * QUOTA user.blah (STORAGE 42518 409600) . OK Completed . rename inbox.Saved2 inbox.Saved . OK Completed . getquotaroot inbox * QUOTAROOT inbox user.blah * QUOTA user.blah (STORAGE 48122 409600) . OK Completed I'm not sure if this is fixed in CVS, but this seems a pretty serious bug... Rob
Re: Can't authorize via postfix
On Mon, Sep 30, 2002 at 09:04:40AM -0300, Henrique de Moraes Holschuh wrote: On Sun, 29 Sep 2002, Galen Johnson wrote: Actually, I was wondering when the Debian chroot of postfix would rear it's ugly head. There is really no reason to chroot postfix. Just edit Of course there is: Security. Watch as I try to find a way to chroot Cyrus as well... (it should actually be quite doable, master can run outside the chroot, and services can be selectively chrooted by master when started -- it depends on how much information from outside the chroot the services would need...) Postfix I run chrooted, especially on boxes where user accounts exist. I don't know if I would bother running Cyrus in chroot since it's a closed box application anyway. Sure, in theory chroot is 'more secure' regardless but often there is a trade off between security and connivance. I can seriously increase the security on any box I own by unplugging it from the network, but that wouldn't be very convenient for me, or the users. :) -- Scott Russell ([EMAIL PROTECTED]) Linux Technology Center, System Admin, RHCE. Dial 877-735-8200 then ask for 919-543-9289 (TTY)
Re: Rename bug more serious than thought...
On Mon, Sep 30, 2002 at 10:26:10PM +1000, Rob Mueller wrote: Using cyrus 2.1.9, it seems that each time you rename a folder, it adds to any quota that folder is under... Connected to xyz.com. Escape character is '^]'. * OK xyz.com Cyrus IMAP4 v2.1.9 server ready . login blah blah . OK User logged in . getquotaroot inbox * QUOTAROOT inbox user.blah * QUOTA user.blah (STORAGE 36915 409600) . OK Completed . rename inbox.Saved inbox.Saved2 . OK Completed . getquotaroot inbox * QUOTAROOT inbox user.blah * QUOTA user.blah (STORAGE 42518 409600) . OK Completed . rename inbox.Saved2 inbox.Saved . OK Completed . getquotaroot inbox * QUOTAROOT inbox user.blah * QUOTA user.blah (STORAGE 48122 409600) . OK Completed Why aren't the numbers even multiples? There is a 5603 byte difference between the first getquota and the second one issued. There is a 5604 byte difference between the second getquota command and the third one issued. Did the user receive additional mail while you were running this test? -- Scott Russell ([EMAIL PROTECTED]) Linux Technology Center, System Admin, RHCE. Dial 877-735-8200 then ask for 919-543-9289 (TTY)
outlook 2000 imap delivery problem
Hello, I have cyrus-imap running on linux and appr 70 win98 client machines with outlook 2000. I'm not quite sure wether its outlook or imap server problem. I have tracked down that sometimes when outlook is running and after message arrives to imap server , outlook is unable to get message from server (SendReceive preforms its action but delivers no new messages). Although reading message same time with some other imap client shows that message is there. When I close outlook and rerun it works fine again. Btw, most of the time it deliveres messages immediately.. I have seeked lot but find nothing yet, maybe someone here has experienced that kind of problem and knows answer?
Re: outlook 2000 imap delivery problem
I had exactely the same problem , especially with people who had or a slow PC or a whole lot of different E-mail folders on the IMAP server ( Or a combination of both ) , I replaced outlook with Mozilla 1.1 or Netscape mail client and the problem was solved, I tried Outlook 2000 with and without every possible patch and even tried Outlook XP , But al gave the same result . Netscape / Mozilla mailcient have imho a very decent IMAP implementation and you can also choose to sync all your folders for offline usage , which you cannot do with outlook 2000 when using an IMAP server ( only Outlook XP supports this - with some application crashes ) Regards, Tijl Valmar Joandi wrote: Hello, I have cyrus-imap running on linux and appr 70 win98 client machines with outlook 2000. I'm not quite sure wether its outlook or imap server problem. I have tracked down that sometimes when outlook is running and after message arrives to imap server , outlook is unable to get message from server (SendReceive preforms its action but delivers no new messages). Although reading message same time with some other imap client shows that message is there. When I close outlook and rerun it works fine again. Btw, most of the time it deliveres messages immediately.. I have seeked lot but find nothing yet, maybe someone here has experienced that kind of problem and knows answer?
Re: Rename bug more serious than thought...
Rob Mueller wrote: Using cyrus 2.1.9, it seems that each time you rename a folder, it adds to any quota that folder is under... Connected to xyz.com. Escape character is '^]'. * OK xyz.com Cyrus IMAP4 v2.1.9 server ready . login blah blah . OK User logged in . getquotaroot inbox * QUOTAROOT inbox user.blah * QUOTA user.blah (STORAGE 36915 409600) . OK Completed . rename inbox.Saved inbox.Saved2 . OK Completed . getquotaroot inbox * QUOTAROOT inbox user.blah * QUOTA user.blah (STORAGE 42518 409600) . OK Completed . rename inbox.Saved2 inbox.Saved . OK Completed . getquotaroot inbox * QUOTAROOT inbox user.blah * QUOTA user.blah (STORAGE 48122 409600) . OK Completed I'm not sure if this is fixed in CVS, but this seems a pretty serious bug... My guess is that it has been introduced fairly recently. Does the old mailbox actually get deleted? What happens if you rename a folder outside of the same hierarchy? -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Can't authorize via postfix
On Mon, 30 Sep 2002, Scott Russell wrote: I don't know if I would bother running Cyrus in chroot since it's a closed box application anyway. You certainly could. It limits the damage one could cause by crashing cyrus... the security on any box I own by unplugging it from the network, but that wouldn't be very convenient for me, or the users. :) I believe choice is a good thing. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh
Re: SETACL on user mailbox
On Mon, 30 Sep 2002, Rob Mueller wrote: Now I argued that the current behaviour was actually against the RFC's description of what the 'a' right meant, mostly because this is the behaviour we want to see :). Others argued that because at CMU there's lots of shared folders that users want to alter, they would leave it as it is. Actually it's the user's own folders that cause the problem. Shared folders people wind up screwing themselves on ;) Since the actual meaning then of what people want seems to be site dependent, why not create a configuration option for it? Something like below perhaps? Your patch isn't complete, because it doesn't affect some implicit administrative rights that are granted in user mailbox spaces, (see, for example, mboxlist_mycreatemailbox where is_admin gets set if the user owns the mailbox, and therefore the acl is ignored). -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: SETACL on user mailbox
Rob Siemborski wrote: On Mon, 30 Sep 2002, Rob Mueller wrote: Now I argued that the current behaviour was actually against the RFC's description of what the 'a' right meant, mostly because this is the behaviour we want to see :). Others argued that because at CMU there's lots of shared folders that users want to alter, they would leave it as it is. Actually it's the user's own folders that cause the problem. Shared folders people wind up screwing themselves on ;) Since the actual meaning then of what people want seems to be site dependent, why not create a configuration option for it? Something like below perhaps? Your patch isn't complete, because it doesn't affect some implicit administrative rights that are granted in user mailbox spaces, (see, for example, mboxlist_mycreatemailbox where is_admin gets set if the user owns the mailbox, and therefore the acl is ignored). Yes, it is more complex than just one check. I have a patch floating around from the first time your guys brought this up. I can dust it off and see if its complete. IIRC, I was blocking on input/review from Larry on my patch. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
need help with notify_no.c
I'm trying to get my cyrus-imapd-2.0.16 installation to call a php script on incomming mails. I've added something like: system ( /notify.php user mailbox message ); to the imap/notify_no.c but now sendmail always says cyrus exited with EX_TEMPFAIL. How can I get notify_no.c to call my script without EX_TEMPFAILING? And is there a way to check how many messages are in the mailbox cyrus is delivering to? It would be nice if I could only call my PHP script for the first message that is in the mailbox. Thanks.
Converting email from a bsd style email box
To all, Is it possible to read am email message from an existing BSD style mbox file and use the cyrus deliver agent to inject the mail verses simple copying the file into the specific folder: cat {message} | formail s /usr/libexec/deliver m . {userid} {return} When I do this, I get invalid header ?!? I am looking at this because there Might be existing email in the account so I do not want to overwrite any.. Any additional thoughts would be great!! Vernon Vernon A. Fort (Andy) Provident Solutions LLC. (615) 406-5540 http://www.provident-solutions.com
Problems with IMAPS and POPS
Hello! I'm actually using Cyrus 2.1.8 with SASL 2.1.7, and I have some problems to config my Cyrus to accept SSL connections. Here is my 3 first lines of netstat -at Proto Recv-Q Send-Q Local Address Foreign Address State tcp0 0 *:imaps *:* LISTEN tcp0 0 *:pop3s *:* LISTEN -- And my /usr/local/etc/saslauhtd.conf ldap_servers: ldap://upsoluciones.palermo.edu/ ldap_bind_dn: uid=cyrus,ou=people,dc=palermo,dc=edu ldap_bind_pw: ldap_search_base: ou=people,dc=palermo,dc=edu ldap_tls_check_peer: yes ldap_tls_cacert_file: palermoca.pem ldap_tls_cacert_dir: /usr/share/ssl/certs/ Changing 2 last lines for this lines... ldap_tls_cacert_file: /usr/share/ssl/certs/palermoca.pem #ldap_tls_cacert_dir: /usr/share/ssl/certs/ I have the same problem... IMAPPOP works fine, but IMAPSPOPS not. /var/log/errors shows this: Oct 2 13:09:00 upsoluciones su(pam_unix)[12631]: session closed for user root Oct 2 13:09:33 upsoluciones su(pam_unix)[12740]: session opened for user root by felix(uid=500) Oct 2 13:12:58 upsoluciones su(pam_unix)[12740]: session closed for user root Oct 2 13:18:05 upsoluciones su(pam_unix)[12841]: session opened for user root by felix(uid=500) Oct 2 13:20:23 upsoluciones ctl_mboxlist: ctl_mboxlist -c is deprecated: use ctl_cyrusdb -c instead^H Oct 2 13:20:24 upsoluciones ctl_mboxlist[12882]: checkpointing mboxlist - What's wrong??, I'm actually using Netscape 4.79 (for Linux) to check POPS mail, and Netscape run in the machine that I'm running LDAP, CYRUS and SASL. [Yes I know... my computer date is wrong :-)] Can you help me? thanks a lot, and sorry for my poor english, Felix
Re: Rename bug more serious than thought...
On Mon, 30 Sep 2002, Ken Murchison wrote: My guess is that it has been introduced fairly recently. I've attached a patch to correct the problem (which has also been committed to cvs, and I assume will be in the 2.2 branch as well later today). Any problems let me know (or reopen bug #1425). -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: Sieve Vacation syntax
On Fri, 27 Sep 2002, Ken Murchison wrote: [] ALL of the relevent specifications (RFCs, IDs, etc) are listed in doc/specs.html I start to wonder why I keep this up to date if nobody is going to look at it :( Ken, Here's a little happier spin for you... some people do read them and they are so good, those people have no questions and you never hear from them. Someone like me, for example. :) I've done two successful Cyrus installations now. While it wasn't without a few little bumps along the way, overall it went smoothly and the docs were a BIG help. So, thanks to you and the entire Cyrus team! Well Done! Sincerely, Greg
Re: outlook 2000 imap delivery problem
I do not see how a patch can solve bad client side implementation of microsoft IMAP client , Even if this patch solves the problem Netscape Mail client if a far better and more reliable choice. Luc Germain wrote: Hi! Are you using idled on your server? If yes, you might want to try the patch described in this message: http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrusmsg=17 144 It solved a similar problem for me. Luc. -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]De la part de Valmar Joandi Envoyé : 30 septembre 2002 09:25 À : [EMAIL PROTECTED] Objet : outlook 2000 imap delivery problem Hello, I have cyrus-imap running on linux and appr 70 win98 client machines with outlook 2000. I'm not quite sure wether its outlook or imap server problem. I have tracked down that sometimes when outlook is running and after message arrives to imap server , outlook is unable to get message from server (SendReceive preforms its action but delivers no new messages). Although reading message same time with some other imap client shows that message is there. When I close outlook and rerun it works fine again. Btw, most of the time it deliveres messages immediately.. I have seeked lot but find nothing yet, maybe someone here has experienced that kind of problem and knows answer?
Re: Problems with IMAPS and POPS
First of all, it looks like you did not update your cyrus.conf from a 2.0 version. That is the cause of the ctl_mboxlist vs ctl_cyrusdb error message in the log. Sorry, I cannot help with the secure shell part. c* - Original Message - From: Felix Cuello [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, September 30, 2002 2:26 PM Subject: Problems with IMAPS and POPS Hello! I'm actually using Cyrus 2.1.8 with SASL 2.1.7, and I have some problems to config my Cyrus to accept SSL connections. Here is my 3 first lines of netstat -at Proto Recv-Q Send-Q Local Address Foreign Address State tcp0 0 *:imaps *:* LISTEN tcp0 0 *:pop3s *:* LISTEN -- And my /usr/local/etc/saslauhtd.conf ldap_servers: ldap://upsoluciones.palermo.edu/ ldap_bind_dn: uid=cyrus,ou=people,dc=palermo,dc=edu ldap_bind_pw: ldap_search_base: ou=people,dc=palermo,dc=edu ldap_tls_check_peer: yes ldap_tls_cacert_file: palermoca.pem ldap_tls_cacert_dir: /usr/share/ssl/certs/ Changing 2 last lines for this lines... ldap_tls_cacert_file: /usr/share/ssl/certs/palermoca.pem #ldap_tls_cacert_dir: /usr/share/ssl/certs/ I have the same problem... IMAPPOP works fine, but IMAPSPOPS not. /var/log/errors shows this: Oct 2 13:09:00 upsoluciones su(pam_unix)[12631]: session closed for user root Oct 2 13:09:33 upsoluciones su(pam_unix)[12740]: session opened for user root by felix(uid=500) Oct 2 13:12:58 upsoluciones su(pam_unix)[12740]: session closed for user root Oct 2 13:18:05 upsoluciones su(pam_unix)[12841]: session opened for user root by felix(uid=500) Oct 2 13:20:23 upsoluciones ctl_mboxlist: ctl_mboxlist -c is deprecated: use ctl_cyrusdb -c instead^H Oct 2 13:20:24 upsoluciones ctl_mboxlist[12882]: checkpointing mboxlist - What's wrong??, I'm actually using Netscape 4.79 (for Linux) to check POPS mail, and Netscape run in the machine that I'm running LDAP, CYRUS and SASL. [Yes I know... my computer date is wrong :-)] Can you help me? thanks a lot, and sorry for my poor english, Felix
RE: outlook 2000 imap delivery problem
Hi! Are you using idled on your server? If yes, you might want to try the patch described in this message: http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrusmsg=17 144 It solved a similar problem for me. Luc. -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]De la part de Valmar Joandi Envoyé : 30 septembre 2002 09:25 À : [EMAIL PROTECTED] Objet : outlook 2000 imap delivery problem Hello, I have cyrus-imap running on linux and appr 70 win98 client machines with outlook 2000. I'm not quite sure wether its outlook or imap server problem. I have tracked down that sometimes when outlook is running and after message arrives to imap server , outlook is unable to get message from server (SendReceive preforms its action but delivers no new messages). Although reading message same time with some other imap client shows that message is there. When I close outlook and rerun it works fine again. Btw, most of the time it deliveres messages immediately.. I have seeked lot but find nothing yet, maybe someone here has experienced that kind of problem and knows answer?
Re: Problems with IMAPS and POPS
Were Can I find the newest and most generic cyrus.conf or/and documentation to make cyrus.conf from scratch Thanks Felix --- Felix Cuello [EMAIL PROTECTED] Qodiga/its http://www.qodiga.com Santa Fe 882 - Piso 13 - Of.E Buenos Aires, ARGENTINA quote who=Connie Starr Fensky First of all, it looks like you did not update your cyrus.conf from a 2.0 version. That is the cause of the ctl_mboxlist vs ctl_cyrusdb error message in the log. Sorry, I cannot help with the secure shell part. c*
Re: Problems with IMAPS and POPS
It should be in cyrus-imapd base directory/master/conf directory of distribution. I use normal.conf, and just copy it to my /etc directory as cyrus.conf. Does this help? c* - Original Message - From: Felix Cuello [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, September 30, 2002 3:09 PM Subject: Re: Problems with IMAPS and POPS Were Can I find the newest and most generic cyrus.conf or/and documentation to make cyrus.conf from scratch Thanks Felix --- Felix Cuello [EMAIL PROTECTED] Qodiga/its http://www.qodiga.com Santa Fe 882 - Piso 13 - Of.E Buenos Aires, ARGENTINA quote who=Connie Starr Fensky First of all, it looks like you did not update your cyrus.conf from a 2.0 version. That is the cause of the ctl_mboxlist vs ctl_cyrusdb error message in the log. Sorry, I cannot help with the secure shell part. c*
Re: Problems with IMAPS and POPS
Yes!!!... it is working! I've just added this three lines to my /etc/imapd.conf tls_cert_file: /usr/share/ssl/certs/cert.pem tls_key_file: /usr/share/ssl/certs/cert.key tls_require_cert: 0 And IMAPS POPS (pops not tested yet) works fine!! thanks a lot! Felix --- Felix Cuello [EMAIL PROTECTED] Qodiga/its http://www.qodiga.com Santa Fe 882 - Piso 13 - Of.E Buenos Aires, ARGENTINA Do 'man imapd.conf' and search for tls_(cert|key)_file and possibly tls_ca_(file|path) params. You can also find info in $cyrus-imapd/doc/install-configure.html#open. Hope this helps. -Igor
Problems with GSSAPI authentication?
I'm having some bizarre issues with krb 5 authentication and Cyrus imapd v2.1.9. The really odd this about this is I get different behavior when I try from my user account and when I try from root. Here's the output of imtest -m GSSAPI mail as root: S: * OK mail.paradoxical.net Cyrus IMAP4 v2.1.9 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=GSSAPI S: C01 OK Completed C: A01 AUTHENTICATE GSSAPI S: + C: ZIICWAYJKoZIhvcSAQICAQBuggJHMIICQ6ADAgEFoQMCAQ6iBwMFACCjggFnYYIBYzCCAV+gAwIBBaERGw9QQVJBRE9YSUNBTC5ORVSiJzAloAMCAQOhHjAcGwRpbWFwGxRtYWlsLnBhcmFkb3hpY2FsLm5ldKOCARowggEWoAMCARChAwIBBKKCAQgEggEEOjp0YQAF2/kBgARDKi9TPkO9hS1PTewJ+hZl7XcZ0fddqDQoP4iTc01Sg6LH+RufqQ18lwmdCzt4ppQhYneIbACmR66PEokvSlFaNxvThf7RwvMW3x2xQ1TTk+/6Ge9ZAEk3sbQjADjWz6YQW2hv0ymxig+RUDU21lqUMX6wlMYOj70p/f9NWT7cgmVMqGr7Cppz9xuoOQpMKgrkSsV30f0IAEuY+7GtU2bs6j+2OqV6NzpLVWMbbaX6ob4OtuXjaJLm2DMV/jx52mqHxY41XY3Hhd5ZKSfFjTO07pcqRLWNmyCdaboXcSrOqnXBjDROBpbyDePpEoG3/9/Ahc8CfmwZ16qkgcIwgb+gAwIBEKKBtwSBtLgzSku+Lgv9rOnJVVjAhhse3ZNV2P7yZu3pBsMLe3CotavsnG5S4CzVH9yj9hbbnaUiRdzTxkHaS7tPrG8rp4k2xTExo4t8sb5n40l7YHFfVQLGPFELK5ReXqdVbUvEWUmGrkGCALNcE7VoUhgtTE4zY6PtDqqZn5vKz6bcPK75RY5jq5qnFe1FZ/UX+QhiqEVtMuYQyk8ZyzWq8qSM402Ycsvp7Cu8rw3iIsuZvUlKFzd1sg== delay of a couple seconds S: A01 NO Error authenticating Authentication failed. generic failure Security strength factor: 0 Here's the output from my lowly user account: S: * OK mail.paradoxical.net Cyrus IMAP4 v2.1.9 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=GSSAPI S: C01 OK Completed C: A01 AUTHENTICATE GSSAPI S: + Segmentation fault /etc/imapd.conf: # imap setup configdirectory: /var/imap partition-default: /var/spool/imap admins: admin sasl_pwcheck_method: auxprop keytab: /etc/imap.keytab /etc/cyrus.conf: # standard standalone server implementation START { # do not delete this entry! recover cmd=ctl_cyrusdb -r # this is only necessary if using idled for IMAP IDLE # idledcmd=idled } # UNIX sockets start with a slash and are put into /var/imap/socket SERVICES { # add or remove based on preferences imap cmd=imapd listen=imap prefork=0 imaps cmd=imapd -s listen=imaps prefork=0 # pop3 cmd=pop3d listen=pop3 prefork=0 # pop3scmd=pop3d -s listen=pop3s prefork=0 sieve cmd=timsieved listen=sieve prefork=0 # at least one LMTP is required for delivery # lmtp cmd=lmtpd listen=lmtp prefork=0 lmtpunix cmd=lmtpd listen=/var/imap/socket/lmtp prefork=0 # this is only necessary if using notifications # notify cmd=notifyd listen=/var/imap/socket/notify proto=udp prefork=1 } EVENTS { # this is required checkpointcmd=ctl_cyrusdb -c period=30 # this is only necessary if using duplicate delivery suppression delprune cmd=ctl_deliver -E 3 period=1440 # this is only necessary if caching TLS sessions tlsprune cmd=tls_prune period=1440 } Here's the output in /var/log/imapd.log when the login fails (as root): Oct 1 00:03:10 mail imapd[14807]: badlogin: mail.paradoxical.net[192.168.0.5] GSSAPI [SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context] And here's the output in /var/log/auth.log (as root): Oct 1 00:01:40 mail imapd[14781]: GSSAPI Failure: gss_accept_sec_context The corresponding output in auth.log from when I'm running as my user account is: Oct 1 00:07:21 mail imtest: Bad IPLOCALPORT value If I already have principals in the krb5 database for users (I do) should there be additional setup required to allow them to use the IMAP server? That's not quite clear to me, unfortunately. Software involved: MIT Kerberos V5 1.2.5 SASL 2.1.2 OpenLDAP 2.0.23 (for user group information) OpenAFS 1.2.6 (for user home directories) Another question I have, which I can't seem to find an answer to is would it be possible to store mailboxes on an afs filesystem? I'm not doing this yet, but I may in the future if it's supported. Thanks for any help you can provide, -- Josh Huber
Re: User mailbox renames
- Original Message - From: Ken Murchison [EMAIL PROTECTED] Sent: Tuesday, October 01, 2002 12:15 AM The problem I have then is that I lose the original subscriptions and seen states? I can fiddle the user subscription file, but the seen states are stored in a skiplist DB and I'm not sure how to go about converting this file for the renamed mailbox. You shouldn't have to convert it. Each mailbox has a unique id which stays constant once the mailbox is created. Just copy /var/imap/user/f/foo.seen to /var/imap/user/b/bar.seen. The problem I had with seen state appeared to go like this. 1) cp -a /var/spool/imap/user/foo - /var/spool/imap/user/bar 2) Create new user 'bar' 3) reconstruct -rf user.bar 4) Login as 'bar' and all the flags and seen states are reset. The problem resolved itself when I did it as follows. 1) Create new user 'bar' 2) rm -Rf /var/spool/imap/user/bar 3) cp -a /var/spool/imap/user/foo - /var/spool/imap/user/bar 4) reconstruct -rf user.bar I guess creating the new mailbox after I had copied the old user's files was overwriting the cyrus.* files and resetting the UID for the INBOX. You'll also want to move the user's quota file(s) and any Sieve scripts. Thanks, yes, I am already migrating quota and sieve files successfully The biggest problem you're going to have is that the ACLs on the user's mailboxes are going to have to be changed so that the new user has access to them. As for ACL's, I am now only copying the users top level mailbox and doing imap renames on all the subfolders. Then, before I delete the old mailbox, I list all the ACL's on 'user.foo' (except the one for 'foo') and add them to 'user.bar'. Thanks Roland Pope