Re: cyradm authentication error
Kevin Williams wrote: My imapd.conf file looks as follows: configdirectory: /var/imap partition-default: /var/spool/imap admins: cyrus root sasl_pwcheck_method: saslauthd I can successfully authenticate using the imtest command. When I tried to use cyradm, I originally got a can't locat Cyrus/IMAP/Shell.pm in @INC. I moved all necessary (I think) folders from the folder they were installed in (/user/local/lib instead of /user/lib) to be included in the path. Now when I run cyradm, the program just hangs and I get the following error in my imapd.log file: badlogin: web01[127.0.0.1] DOGEST-MD% [SASL(-13): authentication failure: client response doesn't match what we generated]. When I enter the sasldblistuser2 command, I get the following: [EMAIL PROTECTED]: userPassword. I had this problem too. The answer is actually in the docs (install-auth), but it can take days before you find it :( The whole authentication business is pretty badly documented, IMHO. use sasl_pwcheck_method: auxprop in imapd.conf (which is the default) and both imtest and cyradm should used sasldb2. Rob Urban
libcyrus and the imap proto
Overall I see that you send commands to the imap server using imclient_send, the last argument of which is essentially the text of the imap command. You register callbacks based on keyword, so that when the server sends you a reply, the function registered gets called. I suspect I am getting confused between tagged and untagged. The following is fine, and I think that . capability - sent with imclient_send * CAPABILITY IMAP4 IMAP4rev1 ... - untagged? capability response picked up by callback based on keyword CAPABILITY . OK Completed - tagged? ok response picked up by imclient_send's finishproc but now for the problem . examine inbox- sent with imclient_send * FLAGS (\Answered \Flagged ...- untaged flags response, callback_flags * OK [PERMANENTFLAGS ()] - untagged ok response, callback_ok * 13 EXISTS * What about these two? * 1 RECENT * untagged responses with no keyword? * OK [UNSEEN 13] - untagged ok response, callback_ok * OK [UIDVALIDITY 1043953684] - untagged ok response, callback_ok * OK [UIDNEXT 15] - untagged ok response, callback_ok . OK [READ-ONLY] Completed - tagged? ok response picked up by imclient_send's finishproc same for eg . fetch 1 (internaldate) * 1 FETCH (INTERNALDATE 30-Jan-2003 19:23:41 +) . OK Completed How can I see the result of fetch? Cheers, Patrick
Re: libcyrus and the imap proto
Patrick Welche wrote:
Overall I see that you send commands to the imap server using imclient_send,
the last argument of which is essentially the text of the imap command.
You register callbacks based on keyword, so that when the server sends you
a reply, the function registered gets called. I suspect I am getting confused
between tagged and untagged. The following is fine, and I think that
. capability - sent with imclient_send
* CAPABILITY IMAP4 IMAP4rev1 ... - untagged? capability response
picked up by callback based on
keyword CAPABILITY
. OK Completed - tagged? ok response picked up by
imclient_send's finishproc
but now for the problem
. examine inbox- sent with imclient_send
* FLAGS (\Answered \Flagged ...- untaged flags response, callback_flags
* OK [PERMANENTFLAGS ()] - untagged ok response, callback_ok
* 13 EXISTS * What about these two?
* 1 RECENT * untagged responses with no keyword?
* OK [UNSEEN 13] - untagged ok response, callback_ok
* OK [UIDVALIDITY 1043953684] - untagged ok response, callback_ok
* OK [UIDNEXT 15] - untagged ok response, callback_ok
. OK [READ-ONLY] Completed - tagged? ok response picked up by
imclient_send's finishproc
same for eg
. fetch 1 (internaldate)
* 1 FETCH (INTERNALDATE 30-Jan-2003 19:23:41 +)
. OK Completed
How can I see the result of fetch?
I have not used the C library, but the perl interface is similar so I
suspect this approach will work for you. What I did was add a callback
with an empty string for a trigger. The callback gets called on every
line, and you can parse it as you please.
$imap-addcallback({-trigger='',-callback=sub {
my [EMAIL PROTECTED];
if($a{-text}=~ /RFC822\.SIZE\s+(\d+)/i) {
$totmsg++;
$totbytes+=$1;
if($110) {
$largemsg++;
$largebytes+=$1;
}
$largest=$1 if($1$largest);
}
}});
($rc,$text)=$imap-send('','','FETCH 1:* RFC822.SIZE',$mbx);
--
John A. Tamplin Unix System Administrator
Emory University, School of Public Health +1 404/727-9931
Few questions on deliver
Hi again all, Yesterday I got my shared folders setup working. Thanks to Ken Earl for their thoughts. Found out that Outlook others don't care about not having an Inbox. Later on last night I got the CyrusBB support going in Postfix. A few questions though... 1. Deliver's manpage states that if the user doesn't have posting ACL rights to the folder the message is to be delivered to, then it rejects, no problem. Yet the user to match off of is controlled supposedly by the -a switch to the deliver command. This feels like it almost certainly has to be hard-coded into my MTA setup (Postfix). Has anyone ever gotten Postfix configured in a way that it feeds in something from the message, say the username portion of the From: header, as the switch to -a for deliver, so I can have some real per-user posting rights? 2. Since this is a mostly shared-folder setup... Is there any way that deliver, or again maybe Postfix, to modify or suppress some headers? Specifically I'd at least like a Reply-To header changed, so that if a user clicks Reply, they reply to the submission address of the shared folder, not reply to the original poster's personal email address. Also, I'd like to, if possible, suppress the To and Cc headers. The personal email addresses of other users or such are shown when a message is viewed, which could be a privacy concern in my case. For example, if a message is sent to [EMAIL PROTECTED], [EMAIL PROTECTED], and [EMAIL PROTECTED] (the submission address), when anyone views that message, it'll have headers stating that it was sent to foo, blah, and the discussion board. 3. Finally, and this is off-topic I'm sorry (:D), but has anyone *ever* gotten Outlook to thread IMAP, whether through a patch or module or anything. Outlook Express does it fabulously. It seems absolutely stupid that M$ would put a desired function in their free version, but not their for-pay version. Yes, I know Exchange MAPI public folders do thread. But that's a different protocol and server. Hrm... Hidden sleight of hand by M$ to force you to buy Exchange? Thanks again for any replies! -- Scott Balmos
Vacation and non-ASCII characters
Hi,
as the reason string of a vacation command in SIEVE is considered to be in
UTF-8 in absence of the :mime Parameter (see the Internet Draft) wouldn't it
be correct, to set the MIME-Version and Content-Type Headers accordingly,
when sending then vacation response?
The attached diff was made against cyrus-imapd 2.1.9 and does exactly this.
Please consinder including it into your cvs.
--
regards,
Ralf Haferkamp
SuSE Linux AG- The Linux Experts -
Deutschherrnstrasse 15-19 http://www.suse.com
D-90429 Nuernberg, GermanyTel: +49-911-74053-0
--- imap/lmtpd.c2003/02/26 08:39:34 1.1
+++ imap/lmtpd.c2003/02/26 10:21:08
@@ -914,6 +914,9 @@
fprintf(sm, \r\nThis is a MIME-encapsulated message\r\n\r\n);
fprintf(sm, --%d/%s\r\n, (int) p, config_servername);
} else {
+ fprintf(sm, MIME-Version: 1.0\r\n);
+ fprintf(sm, Content-Type: text/plain; charset=utf-8\r\n);
+ fprintf(sm, Content-Transfer-Encoding: 8bit\r\n);
fprintf(sm, \r\n);
}
Conversion script for sieve?
Does anyone know of a script to convert mozilla/netscape local filters to sieve scripts? Thanks. John Lederer
Re: Vacation and non-ASCII characters
Ralf Haferkamp wrote: Hi, as the reason string of a vacation command in SIEVE is considered to be in UTF-8 in absence of the :mime Parameter (see the Internet Draft) wouldn't it be correct, to set the MIME-Version and Content-Type Headers accordingly, when sending then vacation response? Its been a while since I looked at or worked on this part of the code, but IIRC, the MIME headers are expected to be included as part of the :mime response in the Sieve script. In theory (and I've actually tested it), the response doesn't have to be text, it could be a JPEG or something, so hardcoding the content as text/plain is not a good idea. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Vacation and non-ASCII characters
On Thu, Feb 27, 2003 at 11:51:13AM -0500, Ken Murchison wrote: Ralf Haferkamp wrote: Hi, as the reason string of a vacation command in SIEVE is considered to be in UTF-8 in absence of the :mime Parameter (see the Internet Draft) wouldn't it be correct, to set the MIME-Version and Content-Type Headers accordingly, when sending then vacation response? Its been a while since I looked at or worked on this part of the code, but IIRC, the MIME headers are expected to be included as part of the :mime response in the Sieve script. In theory (and I've actually tested it), the response doesn't have to be text, it could be a JPEG or something, so hardcoding the content as text/plain is not a good idea. That's why the patch only adds the headers in cases where there is no :mime parameter in the vacation statement. This is what the ID states: 3.4. MIME Parameter The :mime parameter, if supplied, specifies that the reason string is, in fact, a MIME part, including MIME headers (see section 2.4.2.4 of [SIEVE]). If the optional :mime parameter is not supplied, the reason string is considered to be a UTF-8 string. -- regards, Ralf
Re: cyradm authentication error
Robert thanks for the help, After changing the imapd.conf file as you directed (and rebooting to make sure the changes took affect), I still got the error when running cyradm --user cyrus localhost. I noticed in my auth.log file that the following messages occurred when trying to log in: Feb 27 08:52:56 web01 perl: No worthy mechs found I'm not sure what this means, but upon looking up this message in the archive I was told to use cyradm --user cyrus -auth login localhost. This DID work. I'm ASSUMING this means I am trying to login in via plaintext instead of DIGEST-MD5. (I have no clue why it won't work via DIGEST-MD5). I was able to create a mailbox in my cyradm tool, but still got the following messages in my imapd.conf file: Feb 27 08:56:03 web01 imapd[1229]: accepted connection Feb 27 08:56:48 web01 imapd[1229]: badlogin: web01[127.0.0.1] PLAIN [SASL(-4): no mechanism available: security flags do not match required] Feb 27 08:57:00 web01 imapd[1229]: badlogin: web01[127.0.0.1] plaintext cyrus SASL(-13): authentication failure: checkpass failed Feb 27 08:57:10 web01 imapd[1229]: accepted connection Feb 27 08:57:14 web01 imapd[1229]: login: web01[127.0.0.1] cyrus plaintext. Why am I getting these error messages? And as a newbie, I am COMPLETELY confused as to the differences between auxprop, saslauthd, login, and plain (those are the ones I have found so far...), and how they all relate regarding sasl2. Does anyone know why I am getting these messages in my log files (specifically no worthy mechs found in my auth log, and badlogin: web01[127.0.0.1] PLAIN... in my imapd.log). Also, is there any *good* documentation out there explaining the differences between these login mechanisms, and how they all relate? I'd love to buy a good book on all this stuff! Thanks in advance, Kevin Williams -- Original Message -- From: Robert Urban [EMAIL PROTECTED] Date: Thu, 27 Feb 2003 13:23:15 +0100 Kevin Williams wrote: My imapd.conf file looks as follows: configdirectory: /var/imap partition-default: /var/spool/imap admins: cyrus root sasl_pwcheck_method: saslauthd I can successfully authenticate using the imtest command. When I tried to use cyradm, I originally got a can't locat Cyrus/IMAP/Shell.pm in @INC. I moved all necessary (I think) folders from the folder they were installed in (/user/local/lib instead of /user/lib) to be included in the path. Now when I run cyradm, the program just hangs and I get the following error in my imapd.log file: badlogin: web01[127.0.0.1] DOGEST-MD% [SASL(-13): authentication failure: client response doesn't match what we generated]. When I enter the sasldblistuser2 command, I get the following: [EMAIL PROTECTED]: userPassword. I had this problem too. The answer is actually in the docs (install-auth), but it can take days before you find it :( The whole authentication business is pretty badly documented, IMHO. use sasl_pwcheck_method: auxprop in imapd.conf (which is the default) and both imtest and cyradm should used sasldb2. Rob Urban
Re: Vacation and non-ASCII characters
Ralf Haferkamp wrote: On Thu, Feb 27, 2003 at 11:51:13AM -0500, Ken Murchison wrote: Ralf Haferkamp wrote: Hi, as the reason string of a vacation command in SIEVE is considered to be in UTF-8 in absence of the :mime Parameter (see the Internet Draft) wouldn't it be correct, to set the MIME-Version and Content-Type Headers accordingly, when sending then vacation response? Its been a while since I looked at or worked on this part of the code, but IIRC, the MIME headers are expected to be included as part of the :mime response in the Sieve script. In theory (and I've actually tested it), the response doesn't have to be text, it could be a JPEG or something, so hardcoding the content as text/plain is not a good idea. That's why the patch only adds the headers in cases where there is no :mime parameter in the vacation statement. This is what the ID states: Sorry, I didn't look at your patch close enough (I missed the 'else') -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: cyradm authentication error
On Thu, 27 Feb 2003, Robert Urban wrote: I had this problem too. The answer is actually in the docs (install-auth), but it can take days before you find it :( The whole authentication business is pretty badly documented, IMHO. If you have suggestions, we do take reasonably-written patches. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: Deleting records from db
I encountered this exact situation (directories manually deleted, leading to an unreconstructable mailbox) about a month ago. The solution we chose was to export the mailboxes db (ctl_mboxlist -d), delete the bogus entries from the textfile, then import it back in. However, this may not be the Right Way to fix it. In our case the server was down anyway (the damaged mailbox had killed an overnight quota check and corrupted the quota db), so this brute force and ignorance approach made sense at the time. I would mkdir the appropriate directories. This will let reconstruct run correctly. You can then delete the mailboxes. So: % mkdir /var/spool/imap/user/leg % cyradm localhost cyradm reconstruct user.leg cyradm sam user.leg admin all cyradm dm user.leg Larry
Re: libcyrus and the imap proto
On Thu, Feb 27, 2003 at 09:53:57AM -0500, John Alton Tamplin wrote:
Patrick Welche wrote:
...
same for eg
. fetch 1 (internaldate)
* 1 FETCH (INTERNALDATE 30-Jan-2003 19:23:41 +)
. OK Completed
How can I see the result of fetch?
I have not used the C library, but the perl interface is similar so I
suspect this approach will work for you. What I did was add a callback
with an empty string for a trigger. The callback gets called on every
line, and you can parse it as you please.
...
Great idea - I kept thinking 14 RECENT was keyword RECENT.. but evidently
not..
imclient_addcallback(imp, , /* keyword */
NULL, /* flags */
callback_all, /* proc*/
NULL, /* rock*/
NULL);
did the trick. Incidentally, I didn't receive the messages if I set the
CALLBACK_NOLITERAL flag. What does it do? (I thought it meant don't use
eg. {42} followed by 42 characters, but in eg. 14 RECENT, no literal is used,
yet I didn't see those messages either)
Cheers,
Patrick
Re: Cyrus process model...
On Wed, 26 Feb 2003, Rob Mueller wrote: [ Continued from an off mailing list conversation about killing Cyrus lmtpd processes when they go haywire, and cyrus process accounting ] Actually, cyrus-devel would have probably been an even better place to put this (and I'm cross-posting there). Would the cyrus team think it worthwhile to consider refactoring to use the new Apache 2 APR modules? I know off hand that it would be a lot of work, but it could be a gradual re-factoring process, and the idea of actually reusing code between projects would be *really* nice. I'm definitely in agreement about refactoring (indeed, your original Sieve issue just went away in 2.2, since we gutted most of the sieve framework to use compiled bytecode instead). I am nervous every time someone suggests adding a dependency, however. As it is, Cyrus has a larger-than-average [potential] number of dependencies: Berkeley DB Kerberos / GSSAPI AFS (in 2.2) OpenLDAP Perl OpenSSL Cyrus SASL which in turn can potentially depend on [in addition to some items above]: GDBM/NDBM MySQL Probably more which escape me at the moment. The fact is, given the number of problems people already have getting the dependencies to play nicely together, I am hesitant to add another. Additionally, its hard enough to keep up with the changes between every version of Berkeley DB (which are basically limited to 1 file in IMAPd, and 2-3 in SASL), I can't imagine what it would be like if we had to do that for most of (more than?) the functionality currently provided by libcyrus. As for your comments about the age of Cyrus's code, yes, that's true, there are portions that show their age more than others (non-ANSI prototypes, use of strcpy, strcat, etc). However, we clean up the non-ANSI stuff as we see it, and Security Appraisers and Bynari are currently helping us clean up the string manipulation routines to be more modern (along with other potential security issues). As far as memory allocation, libcyrus has memory pool routines, and we use them where there is an efficiency benefit to do so (maybe we could do better, I don't know). It is not entirely clear to me that we should use them in a global way, especially on long-running connections (apache can use them globally, since HTTP connections are typically short-lived). In any case, we're always open to listening to new design ideas (that doesn't mean we will automatically do whatever is suggested of course ;). -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: More NTLM headaches with OE6
How have others dealt with this problem (aside from switching clients)? IMAP over SSL on port 993 Yeah, that's the direction I'm leaning in as well. Does performance suffer at all from the encryption? I'm in the process of setting up OpenSSL but haven't got very far yet. That's my one big concern. Ideally, I'd like to set an allowplaintextnotincludingjayshomenetworkwhichofcourseissecurefrompacketsni fferssincehelivesalone: no option in imapd.conf. Jay
unable to send emails to Yahoo
I am having a weird situation in the fact that on occasion we are unable to send emails to recipients at Yahoo. The error we are getting is: host mx2.mail.yahoo.com[64.156.215.6] said: 552 Put ,E=\r\n at the end of Mether, Mtcp, or Msmtp in sendmail.cf if you are using Solaris 2.5 (fixed in 2.5.1). I cannot accept messages with stray newlines. Many SMTP servers will time out waiting for \r\n.\r\n. We are running on RedHat with Cyrus and Postfix. Anyone ideas from anyone would be greatly appreciated. The tough thing is that it does not happen every time. Thanks for any help, -Andreas
Re: Vacation and non-ASCII characters
Hi, I have posted an almost identical patch as part of a suggested fix for [Bug 1723] Sieve notifications containing UTF-8 are not MIME encoded though no one seems to be doing anything with it. I added a check to see if the reason contained 8bit and added the headers in only that case. I saw no need to label something with only ASCII as UTF-8. Fixing notifications with out also fixing vacation as well seemed to be silly; though, I probably should have filed it as a separate bug. There are several other internationalization issues with sieve scripts as well as the sieve/lmtpd generated notification and vacation messages. They are documented in Bugzilla: #1710, #1721 - #1725. These probably aren't exhaustive; but, reflect only the problems that have been reported to me. Regards, Mark Keasling [EMAIL PROTECTED]
Re: unable to send emails to Yahoo
On 27 February 2003, Andreas Freyvogel [EMAIL PROTECTED] wrote: I am having a weird situation in the fact that on occasion we are unable to send emails to recipients at Yahoo. The error we are getting is: host mx2.mail.yahoo.com[64.156.215.6] said: 552 Put ,E=\r\n at the end of Mether, Mtcp, or Msmtp in sendmail.cf if you are using Solaris 2.5 (fixed in 2.5.1). I cannot accept messages with stray newlines. Many SMTP servers will time out waiting for \r\n.\r\n. We are running on RedHat with Cyrus and Postfix. Anyone ideas from anyone would be greatly appreciated. The tough thing is that it does not happen every time. This has nothing to do with Cyrus. Record a faulty SMTP conversation with tcpdump, like this: tcpdump -w /file/name -s 2000 host mx2.mail.yahoo.com and port 25 then put the resulting file somewhere on the web for reference, and post the URL, a description of your problem, relevant logs, and the output of postconf -n to the Postfix list. This is likely to be a pipelining problem at Yahoo, but you should check with the Postfix list anyway. Regards, Liviu Daia -- Dr. Liviu Daia e-mail: [EMAIL PROTECTED] Institute of Mathematics web page: http://www.imar.ro/~daia of the Romanian Academy PGP key: http://www.imar.ro/~daia/daia.asc
altnamespace question
Does subaddressing work when altnamespace is enabled ? I am sending to [EMAIL PROTECTED] But the message ends up users inbox. Folder exists, and it has the correct name, the case is right and I have lmtp downcase on anyway.
