Re: SASL2+POSTFIX PAM authentication failure

[John A. Tamplin]

k1680792 wrote:


Hi all,
I am going to use SASL  pam method to complete Postfix's authentication.
I compiled Cyrus-sasl-2.1.10 with the following options.
--disable-sample
--disable-saslauthd
--disable-cram
--disable-digest
--disable-krb4
--disable-gssapi
--disable-anon
--enable-plain
--enable-login
--enable-pwcheck
--disable-otp
--with-pam
I created the file smtpd.conf  under /usr/lib/sasl.(the link of
/usr/local/lib/sasl2)
pwcheck_method:pam
I also created the smtp under /etc/pam.d
#%PAM-1.0
auth   required /lib/security/pam_stack.so service=system-auth
accountrequired /lib/security/pam_stack.so service=system-auth
I compiled Cyrus-sasl-1.5.28 and postfix-1.1.12 with the about
configuration and it works well,but it fails in Cyrsu-sasl-2.1.10 +
Postfix-2.0.2.Would anyone give me some hints?
And the maillog is
SASL authentication problem:unknown password verifier
postfix/smtpd[15914]: warning: SASL authentication failure:
Password verification failed
 

If you want to use PAM, you need to use saslauthd and run it with 
saslauthd -a pam.  I don't use postfix, but for IMAP you specify 
sasl_pwcheck_method: saslauthd in /etc/imapd.conf, so perhaps you need 
pwcheck_method: saslauthd.

--
John A. Tamplin
Unix Systems Administrator

SASL2+POSTFIX PAM authentication failure

[k1680792]

Hi all,
 I am going to use SASL  pam method to complete Postfix's authentication.
 I compiled Cyrus-sasl-2.1.10 with the following options.
--disable-sample
--disable-saslauthd
--disable-cram
--disable-digest
--disable-krb4
--disable-gssapi
--disable-anon
--enable-plain
--enable-login
--enable-pwcheck
--disable-otp
--with-pam
 I created the file smtpd.conf  under /usr/lib/sasl.(the link of
/usr/local/lib/sasl2)
pwcheck_method:pam
 I also created the smtp under /etc/pam.d
#%PAM-1.0
auth   required /lib/security/pam_stack.so service=system-auth
accountrequired /lib/security/pam_stack.so service=system-auth
 I compiled Cyrus-sasl-1.5.28 and postfix-1.1.12 with the about
configuration and it works well,but it fails in Cyrsu-sasl-2.1.10 +
Postfix-2.0.2.Would anyone give me some hints?
 And the maillog is
SASL authentication problem:unknown password verifier
postfix/smtpd[15914]: warning: SASL authentication failure:
Password verification failed


  Thanks a lot !
-
Kai



__
Do You Yahoo!?
Yahoo! BB is Broadband by Yahoo!  http://bb.yahoo.co.jp/

Re: cyrus as trusted user in sendmail

[Igor Brezac]

On Sun, 19 Jan 2003 [EMAIL PROTECTED] wrote:

> Hello,
>
> Do I need to put my cyrus user in the trusted users list of Sendmail ? If

Only if sendmail references files owned by the cyrus username.  lmtp
socket may qualify depending on your setup.

> yes would that be in the sendmail daemon config or in the MSP ? I suppose
> the MSP...

The same rule applies, but most likely you do not need to do anything in
the MSP config.

Check out $sendmail_src/doc/op/op.txt, you'll find answers to pretty much
all your sendmail questions.

-- 
Igor

cyrus auto-generated failure message from address

[marc . bigler]

Hello,

When Cyrus generates a failure message for example because someone sent a
mail to an unexisting IMAP account then that auto-generated mail contains
the following From header:

From:   Mail Delivery Subsystem 

As you can see the domain is "unspecified-domain" and I wanted to know if
it is possible to change that ? if yes where ?

Thanks

cyrus as trusted user in sendmail

[marc . bigler]

Hello,

Do I need to put my cyrus user in the trusted users list of Sendmail ? If
yes would that be in the sendmail daemon config or in the MSP ? I suppose
the MSP...

Regards

cyradm segfaults in Cyrus::IMAP::Shell

[Ken Witherow]

I'm trying to setup Cyrus IMAP on a linux box built from scratch. It seems
as though I have everything running and working right, but I keep getting
a segfault when I try to run cyradm to setup accounts.

I'm using kernel 2.4.21-pre3, glibc 2.3.1, perl 5.8.0

[cyrus@death root]$ imtest -m login -p imap localhost
S: * OK servername Cyrus IMAP4 v2.1.11 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN cyrus {7}
S: + go ahead
C: 
S: L01 OK User logged in
Authenticated.
Security strength factor: 0
C: Q01 LOGOUT
* BYE LOGOUT received
Q01 OK Completed
Connection closed.
[cyrus@death root]$ cyradm localhost
IMAP Password:

Segmentation fault
[cyrus@death root]$

[root@death root]# gdb -c core
GNU gdb 5.2.1
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details.
This GDB was configured as "i686-pc-linux-gnu".
Core was generated by `perl -MCyrus::IMAP::Shell -e shell -- localhost'.
Program terminated with signal 11, Segmentation fault.
#0  0x400c1fd7 in ?? ()
(gdb) bt
#0  0x400c1fd7 in ?? ()
#1  0x40304ccc in ?? ()
#2  0x402ff112 in ?? ()
#3  0x402e4a1f in ?? ()
#4  0x080b3117 in ?? ()
#5  0x080ad8d8 in ?? ()
#6  0x0805f2c4 in ?? ()
#7  0x0805f0be in ?? ()
#8  0x0805c7c3 in ?? ()
#9  0x40073f14 in ?? ()


-- 
   Ken Witherow 
   ICQ: 21840670  AIM: phantomlordken
   http://www.krwtech.com/ken

Re: Websieve and Cyrus 2.1.11 (smartsieve doesn't work neither)

[Ken Murchison]

[EMAIL PROTECTED] wrote:
> 
> >Check the user's sieve directory (eg /usr/sieve/k/ken), and make sure
> >there is a link from 'default' to an actual script file.  You should see
> >something like:
> 
> >lrwxrwxrwx1 cyrusmail   10 Nov 10  2001 default ->
> >ken.script
> >-rw---1 cyrusmail 8877 Jan  8 16:19 ken.script
> 
> I've checked and this gets done correctly, now I think I found out my
> problem. When I did my tests I used the same account to send mail to myself
> and it looks like this doesn't trigger the vacation. This time I tryed to
> send me a mail from another test account and then it worked !!

Yeah, Sieve checks to make sure that you're not sending a vacation
message to yourself to prevent mail loops.  And besides, if you're on
vacation, you probably already know it  :)


> I just saw another behaviour where I would like to know if this is normal
> or not. So in my case I've got vacation activated and also a normal filter
> which says "if subject = something then REJECT mail". The filter works when
> the vacation is deactivated but when I activate the vacation this reject
> filter doesn't work. Is that the normal behaviour ?

Yes, reject isn't allowed in combination with other actions (see RFC3028
section 2.10.4).

-- 
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26  Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp

Re: Latest on Cyrus and GFS?

[marc . bigler]

>i'm doing one of these 'shared' storage setups these days too. the
solution i
>chose is kimberlite, well, RH advanced server actually, where i have only
one
>box using the storage at a time. the other box can still be usefull, for
>example chewing mails with spamassassin. in case there is some problem
with
>either of the boxen, the healty one can take over the service.

Hi, can you tell me a bit more about this setup which you would like to do
? So you are going to share a SCSI bus between two HA cluster nodes and
also use multi-initiator SCSI, right ? I am quite interested in which
hardware you will use exactly to acheive that. And why did you choose
kimberlite instead of heartbeat from linux-ha.org ?

Thanks

Regards

Re: Websieve and Cyrus 2.1.11 (smartsieve doesn't work neither)

[marc . bigler]

>Check the user's sieve directory (eg /usr/sieve/k/ken), and make sure
>there is a link from 'default' to an actual script file.  You should see
>something like:

>lrwxrwxrwx1 cyrusmail   10 Nov 10  2001 default ->
>ken.script
>-rw---1 cyrusmail 8877 Jan  8 16:19 ken.script

I've checked and this gets done correctly, now I think I found out my
problem. When I did my tests I used the same account to send mail to myself
and it looks like this doesn't trigger the vacation. This time I tryed to
send me a mail from another test account and then it worked !!

I just saw another behaviour where I would like to know if this is normal
or not. So in my case I've got vacation activated and also a normal filter
which says "if subject = something then REJECT mail". The filter works when
the vacation is deactivated but when I activate the vacation this reject
filter doesn't work. Is that the normal behaviour ?

Regards