Re: Summary/Confirmation - RedHat sasl libraries don't work with 2.2.x

[Joe Rhett]

Sorry, you are right -- I failed to qualify that.

On Wed, Oct 01, 2003 at 08:50:00AM +0200, Simon Matter wrote:
> Joe Rhett schrieb:
> > 
> > I'd like to note for the record (and anyone else searching) that the sasl
> > that ships with Redhat WILL NOT work with 2.2.1.  It returns OK with an
> > empty realm.  For unknown reasons, Cyrus then returns an
> > "Login failed: can't request info until later in exchange"
> > 
> > I'm not sure why Cyrus 2.2.1 is unhappy with the OK response, but it is.
> 
> IIRC this is only the case when authenticating using saslauthd, not when
> using sasldb.
> 
> Simon
> 
> > 
> > As per the only thread I could find on this subject, upgrading to sasl 2.1.15
> > solved the problem.  I left the Redhat plugins and saslauthd in place, just
> > replaced the shared library and it works.  So Rob's suggestion was correct.
> > (Sorry, can't find the original thread handy)
> > 
> > Can someone with a RedHat contract persuade them to provide updates from
> > 2.1.10-3 to 2.1.15 ?
> > 
> > As stated above, I'm just reaffirming this for other searchers.  When I'm
> > searching for solutions to problems, I always appreciate finding confirmation
> > that a problem was replicable.
> > 
> > --
> > Joe Rhett  Chief Geek
> > [EMAIL PROTECTED]  Isite Services, Inc.

-- 
Joe Rhett  Chief Geek
[EMAIL PROTECTED]  Isite Services, Inc.

Re: What do you call the layer that Cyrus IMAP fills?

[Wil Cooley]

On Wed, 2003-10-01 at 15:19, Pat Lashley wrote:
> 'Mail spool' is usually used to indicate storage of outgoing messages;
> or incoming messages that are awaiting relay or final delivery.  I believe
> that 'mail store' is the more accurate term.

I agree about 'mail spool', but 'mail store' itself I think describes a
component of the MPA--how the MPA stores and indexes the mail, be it the
Cyrus databases, Maildir, mbox, an SQL database, etc.

Wil
-- 
Wil Cooley [EMAIL PROTECTED]
Naked Ape Consultinghttp://nakedape.cc
* * * * Linux, UNIX, Networking and Security Solutions * * * *
* Tired of spam and viruses in your e-mail?  Get the *
* Naked Ape Mail Defender! http://nakedape.cc/r/maildefender *


signature.asc
Description: This is a digitally signed message part

Re: What do you call the layer that Cyrus IMAP fills?

[Pat Lashley]

--On Wednesday, October 01, 2003 18:49:12 -0300 Henrique de Moraes Holschuh 
<[EMAIL PROTECTED]> wrote:

On Wed, 01 Oct 2003, Wil Cooley wrote:
In common parlance, we have the MTA, the LDA, and the MUA, but we don't
seem to have a name or TLA for the layer between the LDA and the
MUA--the POP or IMAP server.  At least, I don't know of one.  Or is it
really the LDA?
Well, I call it "the mail spool" in all my design documents...
'Mail spool' is usually used to indicate storage of outgoing messages;
or incoming messages that are awaiting relay or final delivery.  I believe
that 'mail store' is the more accurate term.


-Pat

Re: What do you call the layer that Cyrus IMAP fills?

[Henrique de Moraes Holschuh]

On Wed, 01 Oct 2003, Wil Cooley wrote:
> In common parlance, we have the MTA, the LDA, and the MUA, but we don't
> seem to have a name or TLA for the layer between the LDA and the
> MUA--the POP or IMAP server.  At least, I don't know of one.  Or is it
> really the LDA?

Well, I call it "the mail spool" in all my design documents...

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Re: Murder Authentication Methods

[anthony mayes]

Rob Siemborski wrote:

  On Wed, 1 Oct 2003, anthony mayes wrote:

  
  
We would like to implement a murder including 2 frontends and 3+
backends in a switched (or vpn) environment.  After reading the
cyrus-info archives and the documents included in the Cyrus source, we
are unclear about the authentication process between the front and the
back ends.  We would like to avoid using Kerberos if at all possible
being as we do not have an existing Kerberos installation.  What
authentication methods would be best suited for this environment?

  
  
Kerberos is best suited to this enviornment.  Seriously, it's deseigned to
let services authenticate to eachother.  The murder has also been
extensively tested in a Kerberos enviornment, and testing in other
enviornments has been incidental at best.

Failing that, DIGEST-MD5 or PLAIN+TLS (in Cyrus 2.2) are your best bets.


  

Since we are in a sealed environment, we would like to try using
DIGEST-MD5 (at least for testing).  It would be very much appreciated
if someone would share their configuration files with us.  Thanks in
advance.

-- 
Anthony Mayes
UNIX Server Administration
Southern Illinois University Edwardsville
[EMAIL PROTECTED]

Re: Murder Authentication Methods

[Rob Siemborski]

On Wed, 1 Oct 2003, Etienne Goyer wrote:

> Replace 'backend1' and 'backend2' with the actual name of your backend.
> Also, the user specified in 'proxy_authname' must be authenticable on
> the backend (by auxprop, most likely, since it connect with DIGEST-MD5).
>
> A question : is the 'proxy_authname' required to be admin on the
> backend?  Could it be just in proxyservers ?

Yes.  That's the idea, in fact.

However this causes some design headaches (regarding the treatment of
admin users).  Namely, top level creates need to be issued directly to the
appropriate backend.

-Rob

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper

Re: Murder Authentication Methods

[Etienne Goyer]

On Wed, Oct 01, 2003 at 02:24:04PM -0500, anthony mayes wrote:
> We would like to implement a murder including 2 frontends and 3+ 
> backends in a switched (or vpn) environment.  After reading the 
> cyrus-info archives and the documents included in the Cyrus source, we 
> are unclear about the authentication process between the front and the 
> back ends.  We would like to avoid using Kerberos if at all possible 
> being as we do not have an existing Kerberos installation.  What 
> authentication methods would be best suited for this environment?

The frontend authenticate to the backend as a special users, defined as
the 'proxy_authname' on the frontend.  The revelant part of imapd.conf
on the frontend would look like :

proxy_authname: proxy
backend1_password: *
backend1_mechs: DIGEST-MD5
backend2_password: *
backend2_mechs: DIGEST-MD5

Replace 'backend1' and 'backend2' with the actual name of your backend.
Also, the user specified in 'proxy_authname' must be authenticable on
the backend (by auxprop, most likely, since it connect with DIGEST-MD5).

A question : is the 'proxy_authname' required to be admin on the
backend?  Could it be just in proxyservers ?

-- 
Etienne GoyerLinux Québec Technologies Inc.
http://www.LinuxQuebec.com   [EMAIL PROTECTED]

Re: Murder Authentication Methods

[Rob Siemborski]

On Wed, 1 Oct 2003, anthony mayes wrote:

> We would like to implement a murder including 2 frontends and 3+
> backends in a switched (or vpn) environment.  After reading the
> cyrus-info archives and the documents included in the Cyrus source, we
> are unclear about the authentication process between the front and the
> back ends.  We would like to avoid using Kerberos if at all possible
> being as we do not have an existing Kerberos installation.  What
> authentication methods would be best suited for this environment?

Kerberos is best suited to this enviornment.  Seriously, it's deseigned to
let services authenticate to eachother.  The murder has also been
extensively tested in a Kerberos enviornment, and testing in other
enviornments has been incidental at best.

Failing that, DIGEST-MD5 or PLAIN+TLS (in Cyrus 2.2) are your best bets.

-Rob

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper

Murder Authentication Methods

[anthony mayes]

We would like to implement a murder including 2 frontends and 3+ 
backends in a switched (or vpn) environment.  After reading the 
cyrus-info archives and the documents included in the Cyrus source, we 
are unclear about the authentication process between the front and the 
back ends.  We would like to avoid using Kerberos if at all possible 
being as we do not have an existing Kerberos installation.  What 
authentication methods would be best suited for this environment?

--
Anthony Mayes
UNIX Server Administration
Southern Illinois University Edwardsville
[EMAIL PROTECTED]

RE: reconstrucing mailbox ?

[Michael Sims]

Etienne Goyer wrote:
> All the file in a particuliar mailbox, including indexes, had been
> deleted by hand, so that the directory in the spool
> (/var/imap/spool/part1/user/test) is empty.
[...]
> sudo -u cyrus /usr/cyrus/bin/reconstruct
> /var/imap/spool/part1/user/test 
> 
> but the cyrus.[cache|header|index] does reappear.  Did I missed
> something ?

See this thread, it may help you:

http://marc.theaimsgroup.com/?l=info-cyrus&m=106209239511551&w=2

___
Michael Sims
Project Analyst - Information Technology
Crye-Leike Realtors
Office: (901)758-5648  Pager: (901)769-3722
___

reconstrucing mailbox ?

[Etienne Goyer]

Here's an easy question ...

All the file in a particuliar mailbox, including indexes, had been 
deleted by hand, so that the directory in the spool
(/var/imap/spool/part1/user/test) is empty.  Obviously, this break many
thing and cyradm refuse to delete this mailbox with a IO error.  My 
guess was that reconstruct was that the tool to use to rebuild the lost 
index.  I tried :

sudo -u cyrus /usr/cyrus/bin/reconstruct /var/imap/spool/part1/user/test

but the cyrus.[cache|header|index] does reappear.  Did I missed
something ?

-- 
Etienne GoyerLinux Québec Technologies Inc.
http://www.LinuxQuebec.com   [EMAIL PROTECTED]

What do you call the layer that Cyrus IMAP fills?

[Wil Cooley]

In common parlance, we have the MTA, the LDA, and the MUA, but we don't
seem to have a name or TLA for the layer between the LDA and the
MUA--the POP or IMAP server.  At least, I don't know of one.  Or is it
really the LDA?

Hm, a little Google turned up this message[1] calling it an MPA--"mail
presentation agent".  However, subsequent searches for "mail
presentation agent" yield minimal results, and no results when searching
for both MPA and "mail presentation agent".  Searching the Zvon[2] RFC
archive similarly yields nothing related (although there are uses of the
"MPA" acronym, but in context of MPEG and ATM).

1. http://dovecot.procontrol.fi/list/dovecot/2003-August/002114.html
2. http://www.zvon.org/tmRFC/RFC_share/Output/index.html

So clearly "MPA" isn't in wide use.  Should it be?  If so, why isn't it?

Wil
-- 
Wil Cooley [EMAIL PROTECTED]
Naked Ape Consultinghttp://nakedape.cc
* * * * * *  Linux Services for Small Businesses  * * * * * *
*   Easy, reliable solutions for small businesses   *
*Naked Ape Business Server http://nakedape.cc/r/sms *


signature.asc
Description: This is a digitally signed message part

Re: Problematic error checking in lmtpd.c

[Rob Siemborski]

On Wed, 1 Oct 2003, Michael Bacon wrote:

> The following is a diff against 2.0.17, just because it was what I had
> handy, but the code appears to be roughly the same in the current CVS.
> This seems to fix it, but there may be better ways to go about it that I
> haven't considered.

Yeah, this is a bug.

I'm going to change the fix though -- instead I'm going to have
open_sendmail set sm to NULL if sm_pid < 0.  That way there's still only
one error condition for the caller to check... Though probably it should
always return -1 in case of failure and we should check that instead.

Patch will be in CVS shortly.

-Rob

Index: lmtpd.c
===
RCS file: /afs/andrew.cmu.edu/system/cvs/src/cyrus/imap/lmtpd.c,v
retrieving revision 1.118
diff -u -r1.118 lmtpd.c
--- lmtpd.c 13 Aug 2003 18:39:38 -  1.118
+++ lmtpd.c 1 Oct 2003 18:15:53 -
@@ -384,7 +384,14 @@
printf("451 lmtpd: didn't exec?!?\r\n");
fatal("couldn't exec", EC_OSERR);
 }
-/* i'm the parent */
+
+if(p < 0) {
+   /* failure */
+   *sm = NULL;
+   return p;
+}
+
+/* parent */
 close(fds[0]);
 ret = fdopen(fds[1], "w");
 *sm = ret;

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper

Problematic error checking in lmtpd.c

[Michael Bacon]

Hello, folks,

We've got a post office that sporadically goes into states where it gets 
about 4 or 5 lmtpd processes eating huge amounts of CPU time.  After 
spending some quality time with my debugger and a stack of core files, I 
think I've found the issue.  Somehow, we're getting into a state where the 
fork() call in open_sendmail() [lmtpd.c] fails and returns -1, but the 
subsequent fdopen() succeeds and returns something other than NULL.  The 
return values of these two functions get passed back to the calling 
funciton as sm_pid and sm, respectively.  In the three instances where 
open_sendmail() is called, the calling function checks to ensure that sm is 
not NULL, but does not check to ensure that sm_pid is positive.  As such, 
in the instances of the runaway lmtpds that we've seen, sm_pid comes back 
as -1, and is subsequently passed to waitpid().  Because of the special 
symantecs of waitpid(), this causes the process to request status for any 
child in the same process group as init.  No wonder it's eating so much CPU 
time!

The following is a diff against 2.0.17, just because it was what I had 
handy, but the code appears to be roughly the same in the current CVS. 
This seems to fix it, but there may be better ways to go about it that I 
haven't considered.

Thanks,
Michael Bacon
OIT Systems and Core Services
Duke University
diff -u -r1.63.2.2 lmtpd.c
--- lmtpd.c 21 Aug 2001 17:50:12 -  1.63.2.2
+++ lmtpd.c 1 Oct 2003 17:49:56 -
@@ -498,7 +498,7 @@
smbuf[4] = rejto;
smbuf[5] = NULL;
sm_pid = open_sendmail(smbuf, &sm);
-if (sm == NULL) {
+if ( (sm == NULL) || (sm_pid < 1) ) {
   return -1;
}
@@ -582,7 +582,7 @@
smbuf[5] = NULL;
sm_pid = open_sendmail(smbuf, &sm);
-if (sm == NULL) {
+if ( (sm == NULL) || (sm_pid < 1) ) {
   return -1;
}
@@ -827,7 +827,7 @@
smbuf[4] = src->addr;
smbuf[5] = NULL;
sm_pid = open_sendmail(smbuf, &sm);
-if (sm == NULL) {
+if ( (sm == NULL) || (sm_pid < 1) ) {
   *errmsg = "Could not spawn sendmail process";
   return -1;
}

Re: Sieve outgoing mail sorting question.

[Rob Siemborski]

On Wed, 1 Oct 2003, Denis V. Suhanov wrote:

> Is there a way to use sieve for sorting an outgoing mail? For example, I
> have  folders  user.test.work.received  and user.test.work.sent and want
> all  work-related  incoming  mail  to  go to the user.test.work.received
> (this  part  works  just  fine)  but  also  all  outgoing  mail to go to
> user.test.work.sent?  I  am  not  sure what is the right way to do it. I
> tried something like this:
>
> if allof(header :contains "from" "[EMAIL PROTECTED]",
>  header :contains "to" "workdomain.com") {
>fileinto "work.sent";
> }

If you can configure your MUA to do it without sieve, do that...

Otherwise, you might be able to simulate it by configuring your MUA to
send you a copy of the message like

To: [EMAIL PROTECTED]
Bcc: [EMAIL PROTECTED]

and then have sieve filter on that address.  It's clunky but its the only
way to get sieve to do this (it only filters on mail delivered via
LMTP--not IMAP).

-Rob

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper

Re: SASL mechanism PLAIN advertising in IMAP capabilites

[Rob Siemborski]

PLAIN is not allowed to be advertised without a security layer present.

Start a TLS session and it should be advertised.

On Wed, 1 Oct 2003, Earl R Shannon wrote:

> Hello,
>
> I'm getting confused. I'm trying to have AUTH=PLAIN show
> up in the response to a capability query of the IMAP server.
> Here is what I currently get:
>
> /var/log # telnet uni99map 143
> Trying 152.1.4.242...
> Connected to uni99map.unity.ncsu.edu.
> Escape character is '^]'.
> * OK uni99map.unity.ncsu.edu Cyrus IMAP4 v2.1.13 server ready
> 0 capability
> * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
> NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
> THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS
> MUPDATE=mupdate://uni99map.unity.ncsu.edu/ AUTH=GSSAPI AUTH=KERBEROS_V4
> LISTEXT LIST-SUBSCRIBED ANNOTATEMORE
> 0 OK Completed
>
> Note that only GSSAPI and KERBEROS_V4 show up.
>
> In the imapd.conf file I have:
>
> sasl_pwcheck_method: saslauthd
> sasl_saslauthd_path: /local/sasl/var/mux
> sasl_mech_list: PLAIN GSSAPI KERBEROS_V4
> allowplaintext: yes
>
> Libraries in /usr/lib/sasl2 are:
> /usr/lib # ls /usr/lib/sasl2/
> .   libcrammd5.so.2 libgssapiv2.so.2.0.10
> liblogin.so.2.0.0   libplain.so.2
> ..  libcrammd5.so.2.0.13libgssapiv2.so.2.0.13
> liblogin.so.2.0.10  libplain.so.2.0.0
> libanonymous.la libdigestmd5.la libkerberos4.la
> libotp.la   libplain.so.2.0.10
> libanonymous.so libdigestmd5.so libkerberos4.so
> libotp.so   libplain.so.2.0.13
> libanonymous.so.2   libdigestmd5.so.2   libkerberos4.so.2
> libotp.so.2 libsasldb.la
> libanonymous.so.2.0.0   libdigestmd5.so.2.0.13  libkerberos4.so.2.0.0
> libotp.so.2.0.0 libsasldb.so
> libanonymous.so.2.0.10  libgssapiv2.la  libkerberos4.so.2.0.10
> libotp.so.2.0.10libsasldb.so.2
> libanonymous.so.2.0.13  libgssapiv2.so  liblogin.la
> libotp.so.2.0.13libsasldb.so.2.0.10
> libcrammd5.la   libgssapiv2.so.2liblogin.so libplain.la
>  libsasldb.so.2.0.13
> libcrammd5.so   libgssapiv2.so.2.0.0liblogin.so.2 libplain.so
>
> If I remove the sasl_mech_list line from the imapd.conf file
> DIGEST-MD5, CRAM-MD5, and OTP are also advertised:
>
> var/log # telnet uni99map 143
> Trying 152.1.4.242...
> Connected to uni99map.unity.ncsu.edu.
> Escape character is '^]'.
> * OK uni99map.unity.ncsu.edu Cyrus IMAP4 v2.1.13 server ready
> 0 capability
> * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
> NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
> THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS
> MUPDATE=mupdate://uni99map.unity.ncsu.edu/ AUTH=DIGEST-MD5 AUTH=CRAM-MD5
> AUTH=GSSAPI AUTH=KERBEROS_V4 AUTH=OTP LISTEXT LIST-SUBSCRIBED ANNOTATEMORE
> 0 OK Completed
>
> But still no PLAIN.
>
> Heres a uname -a:
> SunOS uni99map.unity.ncsu.edu 5.7 Generic_106541-15 sun4u sparc
> SUNW,Ultra-1 IMAP version is 2.1.13 (as in the capability response )
> and sasl is 2.1.13
>
> Am I missing something here?
>
> Regards,
> Earl Shannon
>
>
>

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper

SASL mechanism PLAIN advertising in IMAP capabilites

[Earl R Shannon]

Hello,

I'm getting confused. I'm trying to have AUTH=PLAIN show
up in the response to a capability query of the IMAP server.
Here is what I currently get:
/var/log # telnet uni99map 143
Trying 152.1.4.242...
Connected to uni99map.unity.ncsu.edu.
Escape character is '^]'.
* OK uni99map.unity.ncsu.edu Cyrus IMAP4 v2.1.13 server ready
0 capability
* CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS 
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT 
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS 
MUPDATE=mupdate://uni99map.unity.ncsu.edu/ AUTH=GSSAPI AUTH=KERBEROS_V4 
LISTEXT LIST-SUBSCRIBED ANNOTATEMORE
0 OK Completed

Note that only GSSAPI and KERBEROS_V4 show up.

In the imapd.conf file I have:

sasl_pwcheck_method: saslauthd
sasl_saslauthd_path: /local/sasl/var/mux
sasl_mech_list: PLAIN GSSAPI KERBEROS_V4
allowplaintext: yes
Libraries in /usr/lib/sasl2 are:
/usr/lib # ls /usr/lib/sasl2/
.   libcrammd5.so.2 libgssapiv2.so.2.0.10 
liblogin.so.2.0.0   libplain.so.2
..  libcrammd5.so.2.0.13libgssapiv2.so.2.0.13 
liblogin.so.2.0.10  libplain.so.2.0.0
libanonymous.la libdigestmd5.la libkerberos4.la 
libotp.la   libplain.so.2.0.10
libanonymous.so libdigestmd5.so libkerberos4.so 
libotp.so   libplain.so.2.0.13
libanonymous.so.2   libdigestmd5.so.2   libkerberos4.so.2 
libotp.so.2 libsasldb.la
libanonymous.so.2.0.0   libdigestmd5.so.2.0.13  libkerberos4.so.2.0.0 
libotp.so.2.0.0 libsasldb.so
libanonymous.so.2.0.10  libgssapiv2.la  libkerberos4.so.2.0.10 
libotp.so.2.0.10libsasldb.so.2
libanonymous.so.2.0.13  libgssapiv2.so  liblogin.la 
libotp.so.2.0.13libsasldb.so.2.0.10
libcrammd5.la   libgssapiv2.so.2liblogin.so libplain.la 
libsasldb.so.2.0.13
libcrammd5.so   libgssapiv2.so.2.0.0liblogin.so.2 libplain.so

If I remove the sasl_mech_list line from the imapd.conf file
DIGEST-MD5, CRAM-MD5, and OTP are also advertised:
var/log # telnet uni99map 143
Trying 152.1.4.242...
Connected to uni99map.unity.ncsu.edu.
Escape character is '^]'.
* OK uni99map.unity.ncsu.edu Cyrus IMAP4 v2.1.13 server ready
0 capability
* CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS 
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT 
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS 
MUPDATE=mupdate://uni99map.unity.ncsu.edu/ AUTH=DIGEST-MD5 AUTH=CRAM-MD5 
AUTH=GSSAPI AUTH=KERBEROS_V4 AUTH=OTP LISTEXT LIST-SUBSCRIBED ANNOTATEMORE
0 OK Completed

But still no PLAIN.

Heres a uname -a:
SunOS uni99map.unity.ncsu.edu 5.7 Generic_106541-15 sun4u sparc 
SUNW,Ultra-1 IMAP version is 2.1.13 (as in the capability response )
and sasl is 2.1.13

Am I missing something here?

Regards,
Earl Shannon

Re: Sieve interface for spam filtering scripts?

[Alexandros Vellis]

On Wed, 1 Oct 2003 17:30:07 +0100
Patrick Welche <[EMAIL PROTECTED]> wrote:

> Just one note for avelsieve,


Yes, that is also in the TODO, but let's not get that off-topic here,
squirrelmail-plugins is the place. :)

Cheers,
Alexandros

Sieve outgoing mail sorting question.

[Denis V. Suhanov]

Hello,

Is there a way to use sieve for sorting an outgoing mail? For example, I
have  folders  user.test.work.received  and user.test.work.sent and want
all  work-related  incoming  mail  to  go to the user.test.work.received
(this  part  works  just  fine)  but  also  all  outgoing  mail to go to
user.test.work.sent?  I  am  not  sure what is the right way to do it. I
tried something like this:

if allof(header :contains "from" "[EMAIL PROTECTED]",
 header :contains "to" "workdomain.com") {
   fileinto "work.sent";
}

(I  am  using  altnamespace,  so INBOX.work.sent is not supposed to work
here, right?)

but  it  does  not work, the mail still appears in default 'Sent' folder
(the on is used by MUA).

Thanks a lot for your comments.

Sincerely yours,
Denis

Re: Sieve interface for spam filtering scripts?

[Patrick Welche]

On Wed, Oct 01, 2003 at 12:33:01PM +0300, Alexandros Vellis wrote:
> On Wed, 1 Oct 2003 00:33:33 +0100 (BST)
> "Mike Brodbelt" <[EMAIL PROTECTED]> wrote:
> 
> > > Squirrelmail has a sieve plugin. Maybe give that a try ;)
> > 
> > I'll second that. I'm using Squirrelmail and the sieve plugin in
> > production, and can vouch for it.
> 
> In my TODO list there has been an entry for "ready-made" rules for a
> long time; I'm planning to implement this probably in the next (major?)
> release. It will essentially let the user click on "Add Spam Rule" or
> something equivalent, and an administrator-defined spam rule will be
> created in a snap.
> 
> I'm still looking into the options that this kind of simplified rule
> could offer to Joe User, or any other possibilities for "ready-made",
> site-specific rules, for that matter.

Now realise I sent a pointless reply to an earlier message..

Just one note for avelsieve, the original poster mentioned "X-Spam-Status: Yes"
and X-Spam-Status doesn't appear in the headers array of config.php, at
least not the version I have. So, for those who don't feel like editing
config.php, could a text box for typing the header name be feasible in
avelsieve, rather than just the drop down menu for headers?

Cheers,

Patrick

Re: Sieve interface for spam filtering scripts?

[Patrick Welche]

On Tue, Sep 30, 2003 at 12:44:12PM -0700, Pat Lashley wrote:
.. 
> I'll also be checking out Websieve, Smartsieve, and "damn, none of
> these do what I want so I'll have to roll my own".

.. and the avelsieve plugin to squirrelmail..

Cheers,

Patrick

Problem Make perl imap ld

[Frederic Perrouin]

Is there anybody to help me ??

I try to compile Cyrus 2.2.1 on AIX 5.2.

I got this error in perl/imap :

Running Mkbootstrap for Cyrus::IMAP ()
chmod 644 IMAP.bs
rm -f blib/arch/auto/Cyrus/IMAP/IMAP.so
LD_RUN_PATH="/lib:/usr/local/lib:/opt/freeware/lib" ld  -bhalt:4
-bM:SRE -bI:/usr/opt/perl5/lib/5.8.0/aix-thread-multi/CORE/perl.exp
-bE:IMAP.exp -bnoentry -lpthreads -lc_r IMAP.o  -o
blib/arch/auto/Cyrus/IMAP/IMAP.so ../../lib/libcyrus.a
../../lib/libcyrus_min.a  -ldb-3.3 -L/usr/local/lib -lsasl2
-L/opt/freeware/lib -L/opt/freeware/lib -lssl -lcrypto
ld: 0711-317 ERROR: Undefined symbol: .__eprintf
ld: 0711-345 Use the -bloadmap or -bnoquiet option to obtain more
information.
make: 1254-004 The error code from the last command is 8.


I haven't found anything about this !

Fred

Re: mailboxes.db problem cont.

[Hank Beatty]

Many thanks to Scott Adkins and Joe Hrbek for all of their help.

Here are a couple of scripts that I wrote to rebuild the mailboxes.db.
The scripts do not take into account default domain, basic or no
directory hashing, multiple partitions, and possibly other things, but I
figured they might give someone a head start if they run into this
problem.

shell script "repairMBoxDB"

#!/bin/sh
#stop Cyrus imapd before running this script

#get the directories
ls -R /var/spool/imap/* | grep "/" > /bin/scripts/mboxRepair/directories

#run perl repair script (this doesn't actually do any repairing)
/bin/scripts/mboxRepair/mboxRepair.pl

#cp the file to Cyrus' home directory and change the ownership
cp /bin/scripts/mboxRepair/newMBoxList /home/cyrus/
chown cyrus:mail /home/cyrus/newMBoxList

#save off the current mailboxes.db 
mv /var/imap/mailboxes.db /var/imap/mailboxes.db.backup

#import the new mailbox list
su - cyrus -c "umask 077 ; /usr/cyrus/bin/ctl_mboxlist -u <
/home/cyrus/newMBoxList"

#EOF

perl script mboxRepair.pl

#!/usr/bin/perl

&openDirectoriesFile;

&rewriteFormat;

&scriptExit;

sub openDirectoriesFile {
   my ($lSuccess, $lName);

   $lName = "directories";
   $lSuccess = open (fhDirectories, "/bin/scripts/mboxRepair/$lName");
   if (!$lSuccess) {
  print "Didn't open " . $lName . ": $!\n";
  &scriptExit ();
   }
}

sub scriptExit {
   close (fhDirectories);
   close (fhNewMBoxList);
   exit();
}

sub rewriteFormat {
   my ($lSuccess, $lNewLine, $lCount, $lArrayCount, $lSortedCount);
   my (@lArray, @lUnsortedArray, @lSortedArray);

   $lName = "newMBoxList";
   $lSuccess = open (fhNewMBoxList, ">/bin/scripts/mboxRepair/$lName");
   if (!$lSuccess) {
  print "Didn't open " . $lName . ": $!\n";
  &scriptExit ();
   }
   $lArrayCount = 0;
   while(){
  chomp; # no newline
  s/#.*//;   # no comments
  s/^\s+//;  # no leading white
  s/\s+$//;  # no trailing white
  next if ($_ =~ m/\/mail:$/);   # no lines ending with
/mail:
  s/:$//;# no ending colons
  s/^\/var\/spool\/imap\///; # no /var/spool/imap/
  next if ($_ !~ m/\//); # get rid of any line that
doesn't
have a /
s/domain\/[A-Z]//; # get rid of domain/A, domain/B,
domain/C, etc.
  s/^\///;   # no / at the beginning of
a line
  next if ($_ !~ m/\//); # get rid of any line that
doesn't
have a /
  next if ($_ !~ m/\/user\//);   # get rid of any line that
doesn't
have /user
  next unless length;# anything left?
  @lArray = split ("/", $_);
  $lNewLine = sprintf ("%s!%s.%s", $lArray[0], $lArray[2],
$lArray[3]);
  $lCount = 4;
  while ($lArray[$lCount]) {
 $lNewLine = sprintf ("%s.%s", $lNewLine, $lArray[$lCount]);
 $lCount++;
  }
  #now we are going to put it into an array so we can sort it
  $lUnsortedArray[$lArrayCount] = $lNewLine;
  $lArrayCount++;
   }
   @lSortedArray = sort { $a cmp $b } @lUnsortedArray;

   #now take the sorted array and put it in the proper format and
   #write it to a file
   while ($lSortedArray[$lSortedCount]) {
  @lArray = split (/\./, $lSortedArray[$lSortedCount]);
  $lArray[2] =~ s/\^/\./;
  my @lDomain = split (/!/, $lSortedArray[$lSortedCount]);
  $lNewLine = sprintf ("[EMAIL PROTECTED]",
$lSortedArray[$lSortedCount], $lArray[2], $lDomain[0]);
  print fhNewMBoxList "" . $lNewLine . "\n";# write to a new
file
  $lSortedCount++;
   }
}

On Mon, 2003-09-29 at 08:52, Hank Beatty wrote:
> It was indeed the tab at the end of each line that caused the problem. I
> added the tab to the end of each line and implemented it about 3 PM
> Saturday afternoon and brought the server back on line.
> 
> On Sun, 2003-09-28 at 12:14, Rob Siemborski wrote:
> > On Sat, 27 Sep 2003, Hank Beatty wrote:
> > 
> > > Took dir.txt and converted it to the format of mboxlist file (except for
> > > the tab on the end of each line. Not sure if this caused a problem)
> > 
> > This will likely cause a problem with the ACLs.
> > 
> > > The above steps got POP working, but IMAP gives ???Mailbox does not
> > > exist??? when trying to select the ???INBOX??? using squirrelmail.
> > 
> > I suspect this can be caused by a munged ACL.
> > 
> > > I also tried using the reconstruct command before and after moving the
> > > mailboxes.db to no avail. At this point I???m thinking of writing the
> > > ???m option of reconstruct unless anyon

Re: Sieve interface for spam filtering scripts?

[Alexandros Vellis]

On Wed, 1 Oct 2003 00:33:33 +0100 (BST)
"Mike Brodbelt" <[EMAIL PROTECTED]> wrote:

> > Squirrelmail has a sieve plugin. Maybe give that a try ;)
> 
> I'll second that. I'm using Squirrelmail and the sieve plugin in
> production, and can vouch for it.

In my TODO list there has been an entry for "ready-made" rules for a
long time; I'm planning to implement this probably in the next (major?)
release. It will essentially let the user click on "Add Spam Rule" or
something equivalent, and an administrator-defined spam rule will be
created in a snap.

I'm still looking into the options that this kind of simplified rule
could offer to Joe User, or any other possibilities for "ready-made",
site-specific rules, for that matter.


-- 
Alexandros Vellis   University of Athens
[EMAIL PROTECTED] Network Operations Centre
http://www.noc.uoa.gr/~avel/
Public Key: http://www.noc.uoa.gr/~avel/gpgkey.asc


pgp0.pgp
Description: PGP signature

Problems with pop access

[Ramprasad A Padmanabhan]

I am using cyrus imapd 2.1.13 on redhat 9.0 with saslauthd and pam_ldap for authentication

Most of my users are using pop access but sometimes the server just refuses connection, or accepts connection and delivers mail but does not delete mail from the server.
I restart cyrus and things start working fine

If such a thing happens 
How do I start cyrus in a debug mode so that I can see what is going wrong



Thanks
Ram

Re: Summary/Confirmation - RedHat sasl libraries don't work with 2.2.x

[Simon Matter]

Joe Rhett schrieb:
> 
> I'd like to note for the record (and anyone else searching) that the sasl
> that ships with Redhat WILL NOT work with 2.2.1.  It returns OK with an
> empty realm.  For unknown reasons, Cyrus then returns an
> "Login failed: can't request info until later in exchange"
> 
> I'm not sure why Cyrus 2.2.1 is unhappy with the OK response, but it is.

IIRC this is only the case when authenticating using saslauthd, not when
using sasldb.

Simon

> 
> As per the only thread I could find on this subject, upgrading to sasl 2.1.15
> solved the problem.  I left the Redhat plugins and saslauthd in place, just
> replaced the shared library and it works.  So Rob's suggestion was correct.
> (Sorry, can't find the original thread handy)
> 
> Can someone with a RedHat contract persuade them to provide updates from
> 2.1.10-3 to 2.1.15 ?
> 
> As stated above, I'm just reaffirming this for other searchers.  When I'm
> searching for solutions to problems, I always appreciate finding confirmation
> that a problem was replicable.
> 
> --
> Joe Rhett  Chief Geek
> [EMAIL PROTECTED]  Isite Services, Inc.