Re: Shared folders with unixhierarchysep and altnamespace
Sebastian Hagedorn wrote: Hi, I've got the following settings in imapd.conf: unixhierarchysep: yes altnamespace: yes userprefix: user I can create top level mailboxes that are presented in the Shared Folders namespace. However, I haven't been able to find a way for one user to access another user's mailboxes, even if its ACLs would allow it. Can this be achieved with altnamespace? Yes. What IMAP client are you trying to use? The client may be stupid/broken. Here's some imtest output on my test config which proves that it works: [EMAIL PROTECTED] ken]$ imtest -p 9143 -t '' -m login localhost S: * OK eagle.oceana.com Cyrus IMAP4 v2.2.prealpha server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS LOGINDISABLED AUTH=CRAM-MD5 AUTH=NTLM AUTH=OTP AUTH=DIGEST-MD5 AUTH=SRP LISTEXT LIST-SUBSCRIBED ANNOTATEMORE X-NETSCAPE S: C01 OK Completed C: S01 STARTTLS S: S01 OK Begin TLS negotiation now verify error:num=19:self signed certificate in certificate chain TLS connection established: TLSv1 with cipher DES-CBC3-SHA (168/168 bits) C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS AUTH=CRAM-MD5 AUTH=NTLM AUTH=OTP AUTH=DIGEST-MD5 AUTH=LOGIN AUTH=PLAIN AUTH=SRP LISTEXT LIST-SUBSCRIBED ANNOTATEMORE X-NETSCAPE S: C01 OK Completed Please enter your password: C: L01 LOGIN ken {7} S: + go ahead C: omitted S: L01 OK User logged in Authenticated. Security strength factor: 168 . NAMESPACE * NAMESPACE (( /)) ((user/ /)) ((shared/ /)) . OK Completed . LIST user/% * LIST (\HasChildren) / user/test . OK Completed (0.000 secs 6 calls) . MYRIGHTS user/test * MYRIGHTS user/test lrs . OK Completed . EXAMINE user/annie * FLAGS (\Answered \Flagged \Draft \Deleted \Seen) * OK [PERMANENTFLAGS ()] * 1 EXISTS * 1 RECENT * OK [UNSEEN 1] * OK [UIDVALIDITY 874939759] * OK [UIDNEXT 2919] . OK [READ-ONLY] Completed C: Q01 LOGOUT Connection closed. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Shared folders with unixhierarchysep and altnamespace
--On Mittwoch, 12. März 2003 10:29 Uhr -0500 Ken Murchison [EMAIL PROTECTED] wrote: Can this be achieved with altnamespace? Yes. What IMAP client are you trying to use? The client may be stupid/broken. Thanks for your reply. I tried it the same way you did. It does not work for me. Either I'm doing something stupid or this is a difference between 2.1 and 2.2? Here's some imtest output on my test config which proves that it works: [EMAIL PROTECTED] ken]$ imtest -p 9143 -t '' -m login localhost S: * OK eagle.oceana.com Cyrus IMAP4 v2.2.prealpha server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS LOGINDISABLED AUTH=CRAM-MD5 AUTH=NTLM AUTH=OTP AUTH=DIGEST-MD5 AUTH=SRP LISTEXT LIST-SUBSCRIBED ANNOTATEMORE X-NETSCAPE S: C01 OK Completed C: S01 STARTTLS S: S01 OK Begin TLS negotiation now verify error:num=19:self signed certificate in certificate chain TLS connection established: TLSv1 with cipher DES-CBC3-SHA (168/168 bits) C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS AUTH=CRAM-MD5 AUTH=NTLM AUTH=OTP AUTH=DIGEST-MD5 AUTH=LOGIN AUTH=PLAIN AUTH=SRP LISTEXT LIST-SUBSCRIBED ANNOTATEMORE X-NETSCAPE S: C01 OK Completed Please enter your password: C: L01 LOGIN ken {7} S: + go ahead C: omitted S: L01 OK User logged in Authenticated. Security strength factor: 168 . NAMESPACE * NAMESPACE (( /)) ((user/ /)) ((shared/ /)) . OK Completed . LIST user/% * LIST (\HasChildren) / user/test . OK Completed (0.000 secs 6 calls) . MYRIGHTS user/test * MYRIGHTS user/test lrs . OK Completed . EXAMINE user/annie * FLAGS (\Answered \Flagged \Draft \Deleted \Seen) * OK [PERMANENTFLAGS ()] * 1 EXISTS * 1 RECENT * OK [UNSEEN 1] * OK [UIDVALIDITY 874939759] * OK [UIDNEXT 2919] . OK [READ-ONLY] Completed C: Q01 LOGOUT Connection closed. Here's mine: [EMAIL PROTECTED] root]# imtest -u hgd -a hgd cyrus S: * OK cyrus.rrz.uni-koeln.de Cyrus IMAP4 v2.1.12-Invoca-RPM-2.1.12-3 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS LOGINDISABLED AUTH=NTLM AUTH=DIGEST-MD5 AUTH=CRAM-MD5 LISTEXT LIST-SUBSCRIBED ANNOTATEMORE X-NETSCAPE S: C01 OK Completed C: A01 AUTHENTICATE DIGEST-MD5 ... S: A01 OK Success (privacy protection) Authenticated. Security strength factor: 128 . list user/% . OK Completed (0.070 secs 1 calls) . examine user/a0620 . NO Mailbox does not exist . examine a0620 . NO Mailbox does not exist . namespace * NAMESPACE (( /)) ((user/ /)) ((Shared Folders/ /)) . OK Completed . examine Shared Folders/mailmigration * FLAGS (\Answered \Flagged \Draft \Deleted \Seen) * OK [PERMANENTFLAGS ()] * 0 EXISTS * 0 RECENT * OK [UIDVALIDITY 1047462499] * OK [UIDNEXT 1] . OK [READ-ONLY] Completed . myrights Shared Folders/mailmigration * MYRIGHTS Shared Folders/mailmigration lrs . OK Completed When I log in as a0620, it looks like this: [EMAIL PROTECTED] root]# imtest -u a0620 -a a0620 cyrus S: * OK cyrus.rrz.uni-koeln.de Cyrus IMAP4 v2.1.12-Invoca-RPM-2.1.12-3 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS LOGINDISABLED AUTH=NTLM AUTH=DIGEST-MD5 AUTH=CRAM-MD5 LISTEXT LIST-SUBSCRIBED ANNOTATEMORE X-NETSCAPE S: C01 OK Completed C: A01 AUTHENTICATE DIGEST-MD5 ... S: A01 OK Success (privacy protection) Authenticated. Security strength factor: 128 . list * * LIST (\Noinferiors) / INBOX * LIST (\HasNoChildren) / EntwAPw-rfe * LIST (\HasNoChildren) / Gesendete Objekte * LIST (\HasNoChildren) / Mailmigration * LIST (\HasNoChildren) / Wido MAPY-rsheim * LIST (\HasNoChildren) / test * LIST (\HasNoChildren) / Shared Folders/mailmigration . OK Completed (0.090 secs 8 calls) As the admin user *only* am I able to see all mailboxes: [EMAIL PROTECTED] root]# imtest -u cyrus -a cyrus cyrus S: * OK cyrus.rrz.uni-koeln.de Cyrus IMAP4 v2.1.12-Invoca-RPM-2.1.12-3 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS LOGINDISABLED AUTH=NTLM AUTH=DIGEST-MD5 AUTH=CRAM-MD5 LISTEXT LIST-SUBSCRIBED ANNOTATEMORE X-NETSCAPE S: C01 OK Completed C: A01 AUTHENTICATE DIGEST-MD5 ... S: A01 OK Success (privacy protection) Authenticated. Security strength factor: 128 . list user/a0620 * LIST (\HasChildren) / user/a0620 . OK Completed (0.000 secs 7 calls) Do I misunderstand something here?? Thanks,
Re: Shared folders with unixhierarchysep and altnamespace
Sebastian Hagedorn wrote: --On Mittwoch, 12. März 2003 10:29 Uhr -0500 Ken Murchison [EMAIL PROTECTED] wrote: Can this be achieved with altnamespace? Yes. What IMAP client are you trying to use? The client may be stupid/broken. Thanks for your reply. I tried it the same way you did. It does not work for me. Either I'm doing something stupid or this is a difference between 2.1 and 2.2? No, it works the same for 2.1. What is the ACL set on user/a0620? In order for hdg to LIST the mailbox, you need the 'l' (lowercase L) right, in order to SELECT/EXAMINE the mailbox you need 'r'. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Outlook Express and Seen database - And Outlook Express and Cyrusin general
There was some discussion on the list in the past about problems with Outlook Express not interoperating well with Cyrus due to it corrupting the seen database by using multiple concurrent connections, confusing the caching model in Cyrus. Our desktop support people are trying to stump up support for making Outlook Express on Windows be the preferred email client - which at the moment is more or less Eudora. Does anyone have opinions about whether Outlook Express 6 still causes the seen database corruption with Cyrus 2.1.10 or later? Also if anyone has any other bad (or good) experiences with Outlook Express as a client with Cyrus I'd like to hear about them. Thanks.
deliver on one host, master on the other
Can deliver be invoked to deliver messages on another host where master is running? Or do I need to forward things to the correct host via smtp and then invoke deliver there? If it is possible, does anyone know the specifics? Jon Rowell
Re: Outlook Express and Seen database - And Outlook Express and Cyrus in general
On Wed, 12 Mar 2003, Steve Hanson wrote: There was some discussion on the list in the past about problems with Outlook Express not interoperating well with Cyrus due to it corrupting the seen database by using multiple concurrent connections, confusing the caching model in Cyrus. Apply the patches for that issue (search the list archives for them). They seem to work, but they will slowdown Cyrus a bit. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh
Re: Outlook Express and Seen database - And Outlook Express and Cyrusin general
Steve Hanson wrote: There was some discussion on the list in the past about problems with Outlook Express not interoperating well with Cyrus due to it corrupting the seen database by using multiple concurrent connections, confusing the caching model in Cyrus. Our desktop support people are trying to stump up support for making Outlook Express on Windows be the preferred email client - which at the moment is more or less Eudora. Does anyone have opinions about whether Outlook Express 6 still causes the seen database corruption with Cyrus 2.1.10 or later? Also if anyone has any other bad (or good) experiences with Outlook Express as a client with Cyrus I'd like to hear about them. I don't know of any discussion of database corruption, but the problem is that Outlook would be confused about the seen flags since it uses two different IMAP connections to process them and Cyrus keeps all that in memory per-process. The only corruption issue I have seen is that twice we had a user being unable to delete messages from a folder that was perfectly fine (and other IMAP clients could delete messages without a problem), and after deleting the subscription and resubscribing the problem went away. Research suggested this was a race condition in OE that had nothing to do with the IMAP server other than perhaps participation in the timing aspects of the race condition. It was not reproducable and has not happened in over 2 months. (This is with a user base of 2300 users, ~250 connected at any one time, and 90G spool space). Most of our users use OE6, and there have been no issues I am aware of in the 3.5 months we have been running it since I applied my patch for flushing the in-memory seen flags state to disk whenever it changes and checking the seen flags on disk for updates before replying to the client. This is with 2.1.11 and 2.1.12, and if you need the patch I would be happy to send it to you. Note that this will increase I/O traffic so you may not want to apply the patch if you have little margin for I/O bandwidth. Our server is so lightly loaded (it was sized to handle the load when we were running UW-IMAP) we didn't see any noticable difference, but I know the traffic will be higher. -- John A. Tamplin Unix System Administrator Emory University, School of Public Health +1 404/727-9931
ctl_deliver and DBERROR
We are getting pounded with the following error about 20-40 times a second in syslog, if anyone has any insight on this, i would be very grateful. ctl_deliver[28012]: mydelete: starting txn 2157053321 ctl_deliver[28012]: mydelete: aborting txn 2157053321 ctl_deliver[28012[: DBERROR: mydelete: error deleteting [EMAIL PROTECTED]: DB_NOTFOUND: No matching key/data pair found. Any clues on this one? Andrew Brink
pam_mysql and cyrus_sasl
Hello! I have a running Cyrus 2.1.12, Postfix 2.0.5 and cyrus-sasl.2.1.12. I set up php-webcyradm with database mail. postfix delivers mail to cyrus without a problem. I cannot get the mail with squirrelmail or sylpheed. eta:/var/log # sasldblistusers2 [EMAIL PROTECTED]: userPassword [EMAIL PROTECTED]: userPassword [EMAIL PROTECTED]: cmusaslsecretOTP [EMAIL PROTECTED]: cmusaslsecretOTP eta:/var/log # telnet localhost 143 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * OK localhost Cyrus IMAP4 v2.1.12 server ready . login cyrus cyruspass . OK User logged in . logout * BYE LOGOUT received . OK Completed Connection closed by foreign host. eta:/var/log # telnet localhost 143 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * OK localhost Cyrus IMAP4 v2.1.12 server ready . login karl karlpass . NO Login failed: authentication failure . logout * BYE LOGOUT received . OK Completed Connection closed by foreign host. The according log: eta saslauthd[983]: pam_sm_authenticate called. eta saslauthd[983]: dbuser changed. eta saslauthd[983]: dbpasswd changed. eta saslauthd[983]: host changed. eta saslauthd[983]: database changed. eta saslauthd[983]: table changed. eta saslauthd[983]: usercolumn changed. eta saslauthd[983]: passwdcolumn changed. eta saslauthd[983]: crypt changed. eta saslauthd[983]: db_connect called. eta saslauthd[983]: returning 0 . eta saslauthd[983]: db_checkpasswd called. eta saslauthd[983]: pam_mysql: where clause = eta saslauthd[983]: SELECT password FROM accountuser WHERE username='cyrus' eta saslauthd[983]: sqlLog called. eta saslauthd[983]: pam_mysql: error: sqllog set but logtable not set eta saslauthd[983]: pam_mysql: error: sqllog set but logmsgcolumn not set eta saslauthd[983]: pam_mysql: error: sqllog set but logusercolumn not set eta saslauthd[983]: pam_mysql: error: sqllog set but loghostcolumn not set eta saslauthd[983]: pam_mysql: error: sqllog set but logtimecolumn not set eta saslauthd[983]: returning 0 . eta saslauthd[983]: returning 0. eta saslauthd[982]: pam_sm_authenticate called. eta saslauthd[982]: dbuser changed. eta saslauthd[982]: dbpasswd changed. eta saslauthd[982]: host changed. eta saslauthd[982]: database changed. eta saslauthd[982]: table changed. eta saslauthd[982]: usercolumn changed. eta saslauthd[982]: passwdcolumn changed. eta saslauthd[982]: crypt changed. eta saslauthd[982]: db_connect called. eta saslauthd[982]: returning 0 . eta saslauthd[982]: db_checkpasswd called. eta saslauthd[982]: pam_mysql: where clause = eta saslauthd[982]: SELECT password FROM accountuser WHERE username='karl' eta saslauthd[982]: pam_mysql: select returned more than one result eta saslauthd[982]: returning 7 after db_checkpasswd. eta saslauthd[982]: AUTHFAIL: user=karl service=imap realm= [PAM auth error] I made so many tests and roundabouts, I do not longer understand what is going on. The users cyrus and karl exist in sasldb2 and also in the database mail (MySQL) with clearpassword. eta:/var/log # saslpasswd2 -c andreas Password: Again (for verification): eta:/var/log # telnet localhost 143 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * OK localhost Cyrus IMAP4 v2.1.12 server ready . login cyrus cyruspass . OK User logged in . login andreas andreaspass # same as the cyruspass . BAD Already logged in . logout * BYE LOGOUT received . OK Completed Connection closed by foreign host. Why is andreas already logged in? due to the same passwd like cyrus? Any help appreciated. Completly clueless. -- Andreas Meyer Object Class Common Name userPassword posixAccount andreas {SSHA}hpyqObx1/BXbKFgXoqCayoGsvIgPYiVc
Re: pam_mysql and cyrus_sasl
Andreas Meyer wrote: eta saslauthd[982]: pam_mysql: where clause = eta saslauthd[982]: SELECT password FROM accountuser WHERE username='karl' eta saslauthd[982]: pam_mysql: select returned more than one result eta saslauthd[982]: returning 7 after db_checkpasswd. eta saslauthd[982]: AUTHFAIL: user=karl service=imap realm= [PAM auth error] It looks like you have multiple rows in your accountuser table that have username='karl' (you should probably have a unique index on it anyway), or else accountuser is a view that is matching more than one row. The error message is telling you exactly what the problem is -- when it looks up the username in your mysql table, it is getting more than one row so it doesn't know what to use to validate the login. -- John A. Tamplin Unix System Administrator Emory University, School of Public Health +1 404/727-9931
Re: delayed response from pop3d
Same problem here, but in my case it didn't help to restart sasl or cyrus either ... (I'm not using pop3s either) After changing the file config.h.in: #define DEV_RANDOM /dev/random to #define DEV_RANDOM /dev/urandom and rebuilt/reinstalled the SASL software, pop3 now seems OK. [very strange...] Regards bryntez - Original Message - From: Jon Rowell [EMAIL PROTECTED] To: Sebastian Hagedorn [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, March 11, 2003 9:47 PM Subject: Re: delayed response from pop3d : : On Tuesday, March 11, 2003, at 01:40 PM, Sebastian Hagedorn wrote: : : -- Jon Rowell [EMAIL PROTECTED] is rumored to have mumbled on : Dienstag, 11. März 2003 12:24 Uhr -0600 regarding Re: delayed response : from pop3d: : : On Friday, March 7, 2003, at 12:40 PM, Rob Siemborski wrote: : : On Fri, 7 Mar 2003, Jon Rowell wrote: : : Since the upgrade, I am getting a delayed response from my pop3d. I : have pop3 running on port 10110 and imap running on 10443 (as stated : in : cyrus.conf). If I startup master and then do telnet localhost : 10110 : I get the usual telnet stuff about connected to localhost and : Escape : character but instead of getting the usual +OK hostname Cyrus POP3 : v2.1.12 server ready ... stuff it just sits there. The greeting : message does come up but it takes 5 minutes. After the greeting : comes : up, the server works fine. : : Imap appears to work fine. There is a split second delay that I : don't : remember being there but otherwise it is fine. : : Run the strace/truss equivilant on the processes and see whats taking : them : so long. : : Offhand, it sounds like a /dev/random problem (not enough entropy), : in : which case the solution is to link /dev/urandom to /dev/random. : : Linking /dev/random to /dev/urandom fixed the problem but it made my : machine fail when it booted because of a device checking mechanism in : the : boot process. : : Is there a way I can force cyrus to use /dev/urandom instead of : /dev/random? : : Hmm this sounds awfully similar to a problem I described this : afternoon, but: : : if I understand you correctly, you're not doing an SSL connection, are : you? If so, why should /dev/random make a difference? Also, *my* : version of Cyrus seems to be already using /dev/urandom (it appeared : later in the strace output). I haven't been able to reproduce this, : but I expect it to return after some time: : : : Correct. I am not doing an ssl connection. I'm not sure why : /dev/random makes a difference but apparently it does. According to : truss, pop3d looks at /dev/random and then goes to sleep. It will : return eventually... 5 or 10 minutes later. I find it odd that imapd : does not behave the same way but it doesn't. : : Jon Rowell : : [EMAIL PROTECTED] root]# pop3test -s -m PLAIN -a a0620 -u a0620 : pop.uni-koeln.de : : When I do that command, nothing happens for several minutes. I did an : strace on the process: : : [EMAIL PROTECTED] root]# strace -p 9959 : select(0, NULL, NULL, NULL, {0, 68}) = 0 (Timeout) : select(0, NULL, NULL, NULL, {1, 0}) = 0 (Timeout) : (many more lines like that) : open(/var/lib/imap/tls_sessions.db, : O_RDWR|O_CREAT|O_EXCL|O_LARGEFILE, : 0664) = -1 EEXIST (File exists) brk(0x8097000) := : 0x8097000 : time([1047377450]) = 1047377450 : getpid()= 9959 : : From that point onwards everything is fine, but it takes literally : minutes to get there. Restarting master gets rid of the problem, but : that's not really a solution ;-) : -- : Sebastian Hagedorn M.A. - RZKR-R1 (Flachbau), Zi. 18, Robert-Koch-Str. : 10 : Zentrum für angewandte Informatik - Universitätsweiter Service RRZK : Universität zu Köln / Cologne University - Tel. : +49-221-478-5587mime-attachment : :
ctl_cyrusdb: unable to init environment
Anyone know why I would get a ctl_cyrusdb: unable to init environment everytime i start the master process? Andrew Brink, CCNA, WCSP NetStandard, Inc. 913-262-3888
Re: delayed response from pop3d
Jon Rowell wrote: On Tuesday, March 11, 2003, at 01:40 PM, Sebastian Hagedorn wrote: -- Jon Rowell [EMAIL PROTECTED] is rumored to have mumbled on Dienstag, 11. März 2003 12:24 Uhr -0600 regarding Re: delayed response from pop3d: On Friday, March 7, 2003, at 12:40 PM, Rob Siemborski wrote: On Fri, 7 Mar 2003, Jon Rowell wrote: Since the upgrade, I am getting a delayed response from my pop3d. I have pop3 running on port 10110 and imap running on 10443 (as stated in cyrus.conf). If I startup master and then do telnet localhost 10110 I get the usual telnet stuff about connected to localhost and Escape character but instead of getting the usual +OK hostname Cyrus POP3 v2.1.12 server ready ... stuff it just sits there. The greeting message does come up but it takes 5 minutes. After the greeting comes up, the server works fine. Imap appears to work fine. There is a split second delay that I don't remember being there but otherwise it is fine. Run the strace/truss equivilant on the processes and see whats taking them so long. Offhand, it sounds like a /dev/random problem (not enough entropy), in which case the solution is to link /dev/urandom to /dev/random. Linking /dev/random to /dev/urandom fixed the problem but it made my machine fail when it booted because of a device checking mechanism in the boot process. Is there a way I can force cyrus to use /dev/urandom instead of /dev/random? Hmm this sounds awfully similar to a problem I described this afternoon, but: if I understand you correctly, you're not doing an SSL connection, are you? If so, why should /dev/random make a difference? Also, *my* version of Cyrus seems to be already using /dev/urandom (it appeared later in the strace output). I haven't been able to reproduce this, but I expect it to return after some time: Correct. I am not doing an ssl connection. I'm not sure why /dev/random makes a difference but apparently it does. According to truss, pop3d looks at /dev/random and then goes to sleep. It will return eventually... 5 or 10 minutes later. I find it odd that imapd does not behave the same way but it doesn't. Its because pop3d is trying to create an APOP challenge for the banner. If you don't want it to do this then recompile SASL with --disable-checkapop. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: pam_mysql and cyrus_sasl
Hello! Am Wed, 12 Mar 2003 15:01:36 -0500 schrieb John Alton Tamplin: eta saslauthd[982]: pam_mysql: where clause = eta saslauthd[982]: SELECT password FROM accountuser WHERE username='karl' eta saslauthd[982]: pam_mysql: select returned more than one result eta saslauthd[982]: returning 7 after db_checkpasswd. eta saslauthd[982]: AUTHFAIL: user=karl service=imap realm= [PAM auth error] It looks like you have multiple rows in your accountuser table that have username='karl' (you should probably have a unique index on it anyway), or else accountuser is a view that is matching more than one row. The error message is telling you exactly what the problem is -- when it looks up the username in your mysql table, it is getting more than one row so it doesn't know what to use to validate the login. ok, I installed the database newly according to the docs of php-webcyradm and the problem pam_mysql: select returned more than one result is gone. Seems I was reading an obsolete docu. But the problem with squirrelmail or another MUA is still there: eta imapd[2041]: accepted connection eta imapd[2041]: badlogin: localhost[127.0.0.1] plaintext andreas SASL(-13): \ authentication failure: checkpass failed eta master[968]: process 2041 exited, status 0 eta master[2050]: about to exec /usr/cyrus/bin/imapd eta imap[2050]: executed eta imapd[2050]: accepted connection eta imapd[2050]: badlogin: localhost[127.0.0.1] plaintext karl SASL(-13): \ authentication failure: checkpass failed sigh, don't know what to do. Postfix delivers without a problem. Return-Path: [EMAIL PROTECTED] Received: from eta.meyer.home ([unix socket]) by eta.meyer.home (Cyrus v2.1.12) with LMTP; Wed, 12 Mar 2003 23:32:08 +0100 X-Sieve: CMU Sieve 2.2 Received: from lo (localhost [127.0.0.1]) by eta.meyer.home (Postfix 2.0.5 on eta.meyer.home) with ESMTP id 138898825 for [EMAIL PROTECTED]; Wed, 12 Mar 2003 23:31:44 +0100 (CET) Message-Id: [EMAIL PROTECTED] Date: Wed, 12 Mar 2003 23:31:45 +0100 (CET) From: [EMAIL PROTECTED] To: undisclosed-recipients:; asdf Postfix is using the same database in mysql and also is using saslauthd. If I only knew how to track this problem down. # telnet localhost 143 Connected to localhost. Escape character is '^]'. * OK eta.meyer.home Cyrus IMAP4 v2.1.12 server ready . login andreas andreaspass . NO Login failed: authentication failure What do I not understand here? Is this kind of authetication not using saslauthd? I have this entry in imapd.conf: sasl_pwcheck_method: saslauthd allowplaintext: yes sasl_mech_list: PLAIN servername: localhost eta:/etc # /usr/local/bin/imtest -m login -a andreas localhost S: * OK eta.meyer.home Cyrus IMAP4 v2.1.12 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS \ NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN \ MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE S: C01 OK Completed Please enter your password: C: L01 LOGIN andreas {8} S: + go ahead C: omitted S: L01 NO Login failed: authentication failure Authentication failed. generic failure Security strength factor: 0 Postfix clearly has tables to look in for delivery. hm this seems to become a sysyphuswork. Problem seems to be with pam although I cannot see where. -- Andreas Meyer Object Class Common Name userPassword posixAccount andreas {SSHA}hpyqObx1/BXbKFgXoqCayoGsvIgPYiVc
Problem with upper/downer letters in emailadresses
Hello, I am using Postfix and Cyrus. If I send a local mail to [EMAIL PROTECTED], everything works fine, but if I send to [EMAIL PROTECTED], the mail is not delivered and I get the message Mailbox does not exist. Is there any possibility to let postfix rewrite the address to lower letters, or to let Cyrus ignore upper letters? Thanks for any help Christian Neugebauer
I am very confused with postfix-cyrus-imap-mysql-sleepycatDB4 auth progress....
Hi, all I install postfix 2.0.4 cyrus-imapd 2.1.12 cyrus-sasl 2.1.12 and DB 4.1.25 by tarball package in Redhat 7.2, with mysql original rpm of rh 7.2. I followed the article http://www.delouw.ch/linux/Postfix-Cyrus-Web-cyradm-HOWTO/html/index.html and now I can receive email by a defaut account cyrus but every time postfix denied to send email by smtp-auth with sasl. and that is the logs: Mar 13 08:23:53 mx postfix/smtpd[11617]: warning: unknown[192.168.0.3]: SASL LOGIN authentication failed Mar 13 08:23:54 mx postfix/smtpd[11617]: lost connection after AUTH from unknown[192.168.0.3] and now I am very much confused with the auth progress, what is the usage of sleepycat DB4?? and is DB4 a copy of username and password ? and what is the usage of sasl ? a cache of username and password in order to reduce the works of mysql? or just a hiberarchy between mysql and postfix? and is there a article for whole auth progress for postfix ? I am confused with so many path--- for example: hash:/...path... mysql:/... file:/. and even something else... what is the working progress ?? and what is the ranking of alias and local and virtual and destination these concepts drive me mad. and following is my mysql tables content: accountuser table: +--+---++-+ | username | password | prefix | domain_name | +--+---++-+ | cyrus| f9/8ICFGnvzis | hehe | test.com | +--+---++-+ alias table: ++--+--++ | alias | dest | username | status | ++--+--++ | test.com | NULL | cyrus| 1 | ++--+--++ virtual table: ++--+--++ | alias | dest | username | status | ++--+--++ | test.com | NULL | cyrus| 1 | ++--+--++ domain table: +-++-+---+---+ | domain_name | prefix | maxaccounts | quota | transport | +-++-+---+---+ | test.com | hehe | 40 | 24000 | cyrus | +-++-+---+---+ Thanks for your attention.
Re: Problem with upper/downer letters in emailadresses
On Thu, 13 Mar 2003, Christian Neugebauer wrote: I am using Postfix and Cyrus. If I send a local mail to [EMAIL PROTECTED], everything works fine, but if I send to [EMAIL PROTECTED], the mail is not delivered and I get the message Mailbox does not exist. Is there any possibility to let postfix rewrite the address to lower letters, or to let Cyrus ignore upper letters? I've sent a patch to this mailing list to downcase the LMTP recipient. Search for it in the archives. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh
Sieveshell problems....
Hi, Like the subject says I'm having problems with sieveshell. This isn't the first time I've had trouble with sieveshell but I can't find the problem here. I've tryed googling and searching the archives but I'm stumped. Anyhow, I run the following command and get the following result.. # sieveshell -u test -a test localhost connecting to localhost Please enter your password: Please enter your password: unable to connect to server at /usr/bin/sieveshell line 174, STDIN line 2. I think timsieved is working Ok. I have cyrus configured to use LOGIN and PLAIN right now to try and tease it into working. Cyrus auths fine with either of them. IMPLEMENTATION Cyrus timsieved v2.1.11 SASL LOGIN PLAIN SIEVE fileinto reject envelope vacation imapflags notify subaddress relational regex STARTTLS OK Previously I had a funny problem where one of the libs was missing but I don't think that's the case now. # ls /usr/lib/sasl2/ libanonymous.la liblogin.la libplain.la libanonymous.so liblogin.so libplain.so libanonymous.so.2 liblogin.so.2 libplain.so.2 libanonymous.so.2.0.10 liblogin.so.2.0.10 libplain.so.2.0.10 libcrammd5.la libmysql.la libsasldb.la libcrammd5.so libmysql.so libsasldb.so libcrammd5.so.2 libmysql.so.2 libsasldb.so.2 libcrammd5.so.2.0.10libmysql.so.2.0.10 libsasldb.so.2.0.10 libdigestmd5.la libotp.la mux libdigestmd5.so libotp.so mux.accept libdigestmd5.so.2 libotp.so.2 mux.pid libdigestmd5.so.2.0.10 libotp.so.2.0.10 Any advice or hairbrained ideas welcome. Nick