Re: Optional TLS

[OBATA Akio]

Cyrus IMAP supports both (plain port & SSL port).
(BIn plain port connection, you can use STARTTLS command and 
(Bchange to TLS (SSL) connection.
(BIMAP c-client library (used by PHP imap extension) support
(BTLS, but PHP don't support. So, connection is failed.
(B
(BI don't now TWING, but probably do like a
(B imap_open("{localhost:143/imap}INBOX", "username", "password");
(Bchange to
(B imap_open("{localhost:143/imap/notls}INBOX", "username", "password");
(Bor, change your configuration to do so.
(B
(BQuoting Mobeen Azhar <[EMAIL PROTECTED]>:
(B
(B> I have Cyrus IMAPD version 2.1.12 running on FreeBSD 4.7.  I recently
(B> enabled TLS.  Everything works fine and I can successfully connect to
(B> the
(B> IMAP server via IMAPS (port 993) from mail clients such as Outlook.
(B> However, I also run TWIG (a web based mail/groupware front-end written
(B> in
(B> PHP) on the same server and use TWIG to present email to users. 
(B> Apparently
(B> TWIG is not capable of using IMAPS and requires just plain IMAP.  Also
(B> once
(B> I enabled TLS, the server now seems to require it and plain IMAP
(B> clients
(B> cannot connect to it.  Is it possible to have Cyrus IMAPD allow both,
(B> plain
(B> IMAP on port 143 and secure IMAP on port 993 at the same time?
(B> 
(B> Thanks in advance for any help,
(B> --Moby
(B> 
(B> 
(B> They that can give up essential liberty to obtain a little temporary
(B> safety
(B> deserve neither liberty nor safety.  -- Benjamin Franklin
(B> 
(B> 
(B
(B-- 
(BOBATA Akio / [EMAIL PROTECTED]

Optional TLS

[Mobeen Azhar]

I have Cyrus IMAPD version 2.1.12 running on FreeBSD 4.7.  I recently
enabled TLS.  Everything works fine and I can successfully connect to the
IMAP server via IMAPS (port 993) from mail clients such as Outlook.
However, I also run TWIG (a web based mail/groupware front-end written in
PHP) on the same server and use TWIG to present email to users.  Apparently
TWIG is not capable of using IMAPS and requires just plain IMAP.  Also once
I enabled TLS, the server now seems to require it and plain IMAP clients
cannot connect to it.  Is it possible to have Cyrus IMAPD allow both, plain
IMAP on port 143 and secure IMAP on port 993 at the same time?

Thanks in advance for any help,
--Moby


They that can give up essential liberty to obtain a little temporary safety
deserve neither liberty nor safety.  -- Benjamin Franklin

Testing

[devel]

Test 

Re: cyrus 2.2 from yesterday cvs

[Igor Brezac]

On Sun, 23 Feb 2003, Jure Pecar wrote:

> On Sun, 23 Feb 2003 15:55:14 -0500 (EST)
> Igor Brezac <[EMAIL PROTECTED]> wrote:
>
> > Do you get a syslog entry for each failed authentication from
> > saslauthd: AUTHFAIL: [EMAIL PROTECTED] service=pop3...?  If this is
> > the case, things are working fine.
>
> no, i get AUTHFAIL: user=test service=imap realm= [internal error ]
> when using [EMAIL PROTECTED] as username.

Can you show imtest/telnet telemetry?

-- 
Igor

SSL Update due to Security Advisory

[Peter Lawler]

For those who may have missed it, 
http://www.openssl.org/news/secadv_20030219.txt

Re: IMAPD-2.2 imapd: Too many open files

[Rob Siemborski]

On Sun, 23 Feb 2003, Mike O'Rourke wrote:

> The "setrlimit(RLIMIT_NOFILE, {rlim_cur=0, rlim_max=0}) = 0" seemed a
> little low to me, so I went to line 622 of master.c and changed "s->maxfds"
> to a hard 256 and the error went bye-bye. The server seems to be
> functioning normally now; although it is a test machine and not at all
> heavily loaded, except for some complaints about a DBERROR listing log
> files (they simply don't exist and cyrus seems not to want to create them
> -- this is a new install).

Could you try again?  It looks like a merge-forward got confused due to
context or something.

-Rob

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper

Re: IMAPD-2.2 imapd: Too many open files

[Mike O'Rourke]

Hi All,

I compiled and installed the 2.2 branch on my Alpha Server (SuSE Linux 
7.1). When I start cyradm, imtest, or telnet to the imap port, the log gets 
these entries:
Feb 23 18:08:36 laudare master[18187]: about to exec /usr/cyrus/bin/imapd
Feb 23 18:08:36 laudare master[18187]: couldn't exec /usr/cyrus/bin/imapd: 
Too many open files
Feb 23 18:08:36 laudare master[18178]: unrecognized message for service 
'imap':15d0

I was able to catch this with strace (I never know how much of these to 
include, so here is all of it):

close(6)= 0
setuid(96)= 0
dup2(9, 3)  = 3
dup2(7, 4)  = 4
fcntl(3, F_GETFD)   = 0
fcntl(3, F_SETFD, 0)= 0
fcntl(4, F_GETFD)= 0
fcntl(3, F_SETFD, 0)   = 0
close(7)   = 0
close(8)   = 0
close(9)   = 0
close(10)   = 0
close(11)   = 0
close(12) = 0
close(13)  = 0
close(14)   = 0
close(15) = 0
setrlimit(RLIMIT_NOFILE, {rlim_cur=0, rlim_max=0}) = 0
gettimeofday({1046012551, 826501}, NULL) = 0
getxpid() = 10728
rt_sigaction(SIGPIPE, {0x243b430, [], 0}, {SIG_DFL}, 8, 0) = 0
send(5, "<183>Feb 23 16:02:31 master[1072"..., 70, 0) = 70
rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8, 0) = 0
send(5, "<183>Feb 23 16:02:31 master[1072"..., 70, 0) = 70
rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8, 0) = 0
execve("/usr/cyrus/bin/imapd", ["imapd"], [/* 51 vars */]) = -1 EMFILE (Too 
many open files)
gettimeofday({1046012551, 832044}, NULL) = 0
getxpid() = 10728
rt_sigaction(SIGPIPE, {0x243b430, [], 0}, {SIG_DFL}, 8, 0) = 0
send(5, "<179>Feb 23 16:02:31 master[1072"..., 91, 0) = 91
rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8, 0) = 0
write(3, "\207\342X>", 4) = 4
exit(71)= ?

The "setrlimit(RLIMIT_NOFILE, {rlim_cur=0, rlim_max=0}) = 0" seemed a 
little low to me, so I went to line 622 of master.c and changed "s->maxfds" 
to a hard 256 and the error went bye-bye. The server seems to be 
functioning normally now; although it is a test machine and not at all 
heavily loaded, except for some complaints about a DBERROR listing log 
files (they simply don't exist and cyrus seems not to want to create them 
-- this is a new install).

Re: IMAPD-2.2 on SuSE Alpha Linux

[Mike O'Rourke]

Mike O'Rourke already wrote:

<<<.>>>

After a couple of stratigically placed fprintf's, I determined that the 
function hash_insert () was _never_ being called! I saw where it was 
passing "partition_default" as the key and "/var/spool/imap" as the 
newval, but the fprintf to verify these values that I put immediately 
after the variable declarations in hash.c / hash_insert () never printed 
anything!

It turns out that mysql (3.23.53 here) has a hash_insert function that 
expects the hash table as the first argument and not the last as in the 
cyrus implementation. Without recompiling mysql to put a fprintf statement 
in it's hash_insert () function, I can't verify that cyrus is trying to 
use that one, but the assumption seems reasonable.

Why do I have "-lmysqlclient" in the $LIBS variable in the first place??? 
I compiled SASL 2.1.12 with mysql support, and cyrus-imapd fails with 
undefined symbols (all from the libmysqlclient) if I do not include it.

Suggestions??

Mike.
That seems to be it. I changed all of the hash_insert to cyrus_hash_insert 
and master was happy. Anybody know how to avoid this kind of confusion with 
compiler options, put this before that in ld.so.conf, etc.? And will any 
solution for cyrus likely break future mysql compiles on the machine?

Once cyrus-imapd was running, up came problem 2 ... the dreaded Too many 
files open error. See my next message.

Mike.

Re: cyrus 2.2 from yesterday cvs

[Jure Pecar]

On Sun, 23 Feb 2003 15:55:14 -0500 (EST)
Igor Brezac <[EMAIL PROTECTED]> wrote:

> Do you get a syslog entry for each failed authentication from
> saslauthd: AUTHFAIL: [EMAIL PROTECTED] service=pop3...?  If this is
> the case, things are working fine.

no, i get AUTHFAIL: user=test service=imap realm= [internal error ]
when using [EMAIL PROTECTED] as username.

-- 

Jure Pecar

Testing

[devel]

Test 

Re: cyrus 2.2 from yesterday cvs

[Igor Brezac]

On Sun, 23 Feb 2003, Jure Pecar wrote:

>
> I hit another problem:
>
> I have a mysql plugin for saslauthd, which i put together (and posted here
> about half a year ago). Among the first lines of auth_mysql() i print out
> the values i get for login and realm.
>
> If i test it with testsaslauthd, i get [EMAIL PROTECTED] as the login and
> empty realm, which i then split internally and insert into mysql query i
> read from conf file. It works perfectly.
>
> However, using imtest or telnet to pop3/imap ports, i see that i get test as
> login and empty realm. So something between imapd and saslauthd eats away
> the @domain part.
>
> This only happens if enable virtdomains in imapd.conf. If i turn it off, i
> get @domain part in the login as expected.
>

It should work fine.  I use cyrus 2.2 with virtdomains turned on and
saslauthd/ldap with no problems.  It works fine with fully qualified
usernames ([EMAIL PROTECTED]) and partially qualified usernames (test,
example.com is determined by cyrus).

Do you get a syslog entry for each failed authentication from
saslauthd: AUTHFAIL: [EMAIL PROTECTED] service=pop3...?  If this is
the case, things are working fine.

-- 
Igor

Re: mixed delivery to imap and non-imap mailboxes

[Jerome M Berkman]

Robert,

We do something similar - most of our users are in the IMAP mailstore 
(an old derivation of Cyrus) plus a few admins using /var/spool/mail.
We use a database to differentiate, and have sendmail rules to pick
the appropriate MDA, in our case, the "local" delivery agent or "sms"
delivery agent.

- Jerry

On Sun, 23 Feb 2003, Robert Urban wrote:

> Hello imappers,
> 
> apparently the standard installation of cyrus imap entails changing
> themail config such that local delivery is performed exclusively to
> IMAP mailboxes.
> 
> I'm trying to configure a system on which some users should have mail
> delivered to IMAP mailboxes, others however to their regular unix
> mailboxes.
> 
> I can imagine that others have also had to solve this problem,
> particularly considering there are some accounts that require
> exceptions to the usual delivery rules. In particular the "root"
> account springs to mind.
> 
> Before I install procmail as my MDA and handle it that way, I wanted
> to ask this community if there is a simpler way.  It would seem
> reasonable for "deliver" to deliver to a unix mailbox if no such
> cyrus user exists. Since I couldn't find anything about this in the
> docs, I presume it doesn't behave this way.
> 
> Any comments or simpler solutions?
> 
> thanks,
> 
> Rob Urban

Re: cyrus 2.2 from yesterday cvs

[Jure Pecar]

I hit another problem:

I have a mysql plugin for saslauthd, which i put together (and posted here
about half a year ago). Among the first lines of auth_mysql() i print out
the values i get for login and realm.

If i test it with testsaslauthd, i get [EMAIL PROTECTED] as the login and
empty realm, which i then split internally and insert into mysql query i
read from conf file. It works perfectly.

However, using imtest or telnet to pop3/imap ports, i see that i get test as
login and empty realm. So something between imapd and saslauthd eats away
the @domain part.

This only happens if enable virtdomains in imapd.conf. If i turn it off, i
get @domain part in the login as expected.

Ken?


-- 

Jure Pecar

Re: mixed delivery to imap and non-imap mailboxes

[Rob Siemborski]

On Sun, 23 Feb 2003, Robert Urban wrote:

> Before I install procmail as my MDA and handle it that way, I wanted
> to ask this community if there is a simpler way.  It would seem
> reasonable for "deliver" to deliver to a unix mailbox if no such
> cyrus user exists. Since I couldn't find anything about this in the
> docs, I presume it doesn't behave this way.
>
> Any comments or simpler solutions?

This is an MTA problem, so it should be solved at your MTA.  (e.g. the MTA
detects the appropriate delivery method to use for each account, and uses
it).  There's no reason to use procmail at all.

-Rob

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper

mixed delivery to imap and non-imap mailboxes

[Robert Urban]

Hello imappers,

apparently the standard installation of cyrus imap entails changing
themail config such that local delivery is performed exclusively to
IMAP mailboxes.

I'm trying to configure a system on which some users should have mail
delivered to IMAP mailboxes, others however to their regular unix
mailboxes.

I can imagine that others have also had to solve this problem,
particularly considering there are some accounts that require
exceptions to the usual delivery rules. In particular the "root"
account springs to mind.

Before I install procmail as my MDA and handle it that way, I wanted
to ask this community if there is a simpler way.  It would seem
reasonable for "deliver" to deliver to a unix mailbox if no such
cyrus user exists. Since I couldn't find anything about this in the
docs, I presume it doesn't behave this way.

Any comments or simpler solutions?

thanks,

Rob Urban

Re: Fw: PATCH: have lmtpd report sieve script file errors

[Luca Olivetti]

Jay Levitt wrote:
I forgot to CC you on this question...
Strange, I didn't see this message on info-cyrus, anyway:

Also, the reason I discovered this is that Mandrake's "msec"
security-auditing process automatically chowns /usr/sieve to root.root
several times a day.  Luca, do you think this is something that the RPMs
should override in /etc/security/perm.local to cyrus.mail, either
automatically or (if such a thing is possible) after prompting?  I'm of
The RPM uses /var/lib/imap/sieve by default, and that isn't affected by 
msec, at least it isn't on my two systems, one 8.2 and the other 9.0, 
both with security level 3 (implying CHECK_PERMS=yes).
I've checked the perm configuration files for all levels and none of 
them touches anything under /var/lib.

Bye
--
Luca Olivetti