Re: lmtpd rejecting valid messages
Ken Murchison --> info-cyrus (2004-07-07 20:45:54 -0400): > This is a bug in Cyrus. Getting it to accept these messages is trivial, > getting the rest of the code to treat the message correctly (missing > body rather than empty body) is not. > > I'll bugzilla this and take a look. Thanks. Regards, Jukka -- bashian roulette: $ ((RANDOM%6)) || rm -rf ~ --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus IMAP, sendmail and LDAP
AJ wrote: Thanks. I have reviewed the sendmail page numerous times, but my question is what is the difference between the way I have things set up now, i.e just using cyrus as a local mailer, as opposed to ldap_routing. I am not sure why one would go one way or the other, just trying to clarify. Using cyrus as local mailer makes sendmail accept messages to non existing cyrus mailboxes (accept now, send bounce later) UNLESS you use RTCyrus2. http://anfi.homeunix.net/sendmail/rtcyrus2.html I personnaly suggest keeping mailbox data in one place (LDAP). It allows to avoid "lost data synchronization" problem. "Inbox autocreate" patch simplifies further the administration. P.S. Some spammers send "dictionary recipient" spam so "accept now, send bounce later" may consume a lot of your server resources and keep a lot of bounce messages in your server queue. -- Andrzej [en:Andrew] Adam Filip [EMAIL PROTECTED] [EMAIL PROTECTED] http://anfi.homeunix.net/ http://slashdot.org/~anfi --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: unable to login
On Wed, 7 Jul 2004, Wil Cooley wrote: > On Wed, 2004-07-07 at 12:45, Mike Beattie wrote: > > > And I hate to point out, but then, if a malicious user manages to find a > > flaw in cyrus they could hypothetically use that flaw to get a copy of > > /etc/shadow. (If I'm mistaken, *please* correct me) > > > > Only the second worst thing after actually getting a root shell, IMO. > > Well, I suppose it's possible, but it's better than giving all SASL > applications read access to /etc/shadow, because there's far less code > to review and audit in saslauthd than Cyrus IMAP, Postfix, OpenLDAP, > etc. Not to mention that applications communicate with saslauthd over a > socket protocol, which one hopes goes to great lengths sanitize input. Wil nailed it dead on. At some level, *something* is going to have to read /etc/shadow if that is how you are doing your authentication. Saslauthd limits the amount of code that needs to access that file (and thus the amount of code to verify). -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: [unix socket] header
On Wed, 7 Jul 2004, Cameron Knowlton wrote: > actually, it's my own home brewed applescript, but that's not > important... I'd like to remove the header if possible. > > any ideas? Change the source code in lmtpengine.c to say what you need. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus IMAP, sendmail and LDAP
Thanks, I understand, but now, how can I go about setting up sendmail/ldap to deliver to my cyrus server, which happens to be the same name as my sendmail server.. i.e.: server name is: rabbit.domain.com my email address is: [EMAIL PROTECTED] I have an ldap entry for the user john.smith, and a cyrus mailbox for the user john.smith. If I set up ldap w/ a mailHost of rabbit.domain.com and a mailLocalAddress or mailRoutingAddress of [EMAIL PROTECTED], won't it just loop? How can I configure sendmail to deliver to my cyrus box on the same system. Am I missing an ldap attribute? Thanks. AJ John Arthur wrote: The way you have it setup now Sendmail accepts all mail before trying to deliver it via cyrus (just like most secondary and some primary mx servers do). So if I send 1000 emails to non existant users your sendmail will accept them all (regardless of weather they exist or not) before trying to deliver them to cyrus. Because I'm a spammer I've used fake return addresses so you now have 1000 bounces sitting in your mail queue (which Sendmail keeps trying to resend every hour)until they expire putting a strain on your resources. Every time I have setup LDAP routing for a domain (primarily on the mx servers but also on the cyrus system) it has resulted in a 80% to 90% reduction in mail traffic and server load. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of AJ Sent: Thursday, 8 July 2004 8:21 AM To: [EMAIL PROTECTED] Subject: Re: Cyrus IMAP, sendmail and LDAP Thanks. I have reviewed the sendmail page numerous times, but my question is what is the difference between the way I have things set up now, i.e just using cyrus as a local mailer, as opposed to ldap_routing. I am not sure why one would go one way or the other, just trying to clarify. Thanks. AJ Andrzej Filip wrote: AJ wrote: My setup is cyrus, sendmail and openldap for all users data. The way I have things set up now is sendmail use cyrus local mailer, and is not compile w/ LDAP support, so if a mailbox does not exist in cyrus, it gets bounced. Sendmail does not do user/mailbox lookups via LDAP. This seems to work ok, but on the net I have been reading most people set up sendmail to look at ldap for users, rather than cyrus. Can some people share their setups on how they implement these three together? * LDAP ROUTING (sendmail) http://www.sendmail.org/m4/ldap_routing.html * Autocreate INBOX patch for Cyrus http://email.uoa.gr/projects/cyrus/autocreate/index.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
RE: Cyrus IMAP, sendmail and LDAP
> Thanks.. is there any LDAP attribute that will tell sendmail what server > and cyrus mailbox to deliver to. Yes, mailLocalAddress -- Addresses to accept email to (as many as you want) mailRoutingAddress -- The address to send the mail to mailHost -- The host to deliver mail to >It seems that using ldap routing w/ > mailLocalAddress and mailHost will cause a loop if everything is all one > one server. You're not giving Sendmail enough credit ;-) IF mailHost == local-host-name sendmail delivers localy. No loop. John --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
RE: Cyrus IMAP, sendmail and LDAP
The way you have it setup now Sendmail accepts all mail before trying to deliver it via cyrus (just like most secondary and some primary mx servers do). So if I send 1000 emails to non existant users your sendmail will accept them all (regardless of weather they exist or not) before trying to deliver them to cyrus. Because I'm a spammer I've used fake return addresses so you now have 1000 bounces sitting in your mail queue (which Sendmail keeps trying to resend every hour)until they expire putting a strain on your resources. Every time I have setup LDAP routing for a domain (primarily on the mx servers but also on the cyrus system) it has resulted in a 80% to 90% reduction in mail traffic and server load. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of AJ Sent: Thursday, 8 July 2004 8:21 AM To: [EMAIL PROTECTED] Subject: Re: Cyrus IMAP, sendmail and LDAP Thanks. I have reviewed the sendmail page numerous times, but my question is what is the difference between the way I have things set up now, i.e just using cyrus as a local mailer, as opposed to ldap_routing. I am not sure why one would go one way or the other, just trying to clarify. Thanks. AJ Andrzej Filip wrote: > AJ wrote: > >> My setup is cyrus, sendmail and openldap for all users data. >> The way I have things set up now is sendmail use cyrus local mailer, >> and is not compile w/ LDAP support, so if a mailbox does not exist in >> cyrus, it gets bounced. Sendmail does not do user/mailbox lookups >> via LDAP. >> This seems to work ok, but on the net I have been reading most people >> set up sendmail to look at ldap for users, rather than cyrus. >> Can some people share their setups on how they implement these three >> together? > > > * LDAP ROUTING (sendmail) > http://www.sendmail.org/m4/ldap_routing.html > * Autocreate INBOX patch for Cyrus > http://email.uoa.gr/projects/cyrus/autocreate/index.html > --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus IMAP, sendmail and LDAP
On Thu, 8 Jul 2004, Andrzej Filip wrote: > AJ wrote: > > My setup is cyrus, sendmail and openldap for all users data. > > The way I have things set up now is sendmail use cyrus local mailer, and > > is not compile w/ LDAP support, so if a mailbox does not exist in cyrus, > > it gets bounced. Sendmail does not do user/mailbox lookups via LDAP. > > This seems to work ok, but on the net I have been reading most people > > set up sendmail to look at ldap for users, rather than cyrus. > > Can some people share their setups on how they implement these three > > together? > > * LDAP ROUTING (sendmail) > http://www.sendmail.org/m4/ldap_routing.html > * Autocreate INBOX patch for Cyrus > http://email.uoa.gr/projects/cyrus/autocreate/index.html > You can also use ldap for virtuser/mailer maps. -- Igor --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Deliver can't connect to lmtpd
This is just frustrating. I've put off the authentication headaches for now, in favor of actually getting mail delivered, which is proving difficult. maillog indicates procmail is failing with EX_TEMPFAIL, the procmial log shows the following: procmail: Executing "/usr/local/cyrus/bin/deliver,-q,-a,leblanc,leblanc" couldn't connect to lmtpd: Bad file descriptor procmail: Program failure (75) of "/usr/local/cyrus/bin/deliver" procmail: Assigning "LASTFOLDER=/usr/local/cyrus/bin/deliver -q -a leblanc leblanc" procmail: Assigning "EXITCODE=75" One would think the lmtpd socket is botched, but not so: # file /var/imap/socket/lmtp /var/imap/socket/lmtp: socket And, sockstat -u included this: cyrusmaster 11480 19 stream /var/imap/socket/lmtp so the socket is there, it's a socket, and master is listening on it. I'm probably just doing something stupid that should be obvious, but I'm not seeing it. Any ideas? TIA Lou -- Louis LeBlanc [EMAIL PROTECTED] Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ Knowledge, sir, should be free to all! -- Harry Mudd, "I, Mudd", stardate 4513.3 --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: lmtpd rejecting valid messages
Jukka Salmi wrote: Hello, I'm using Cyrus IMAPd 2.2.6. Cyrus' lmtpd seems to reject header-only messages, i.e. messages which don't have a blank line (CRLF) after the last header line. AFAICT such messages should be accepted, at least they're valid according to RFC 2822. The problem is that the MTA accepts header-only messages, delivers them to Cyrus lmtpd which rejects them with "Message has no header/body separator", and generates a bounce because of the delivery failure. (The original sender probably supplied Joe's address as the envelope sender, and Joe receives the bounce...) Is this intended behaviour, or am I missing something? This is a bug in Cyrus. Getting it to accept these messages is trivial, getting the rest of the code to treat the message correctly (missing body rather than empty body) is not. I'll bugzilla this and take a look. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus IMAP, sendmail and LDAP
Thanks.. is there any LDAP attribute that will tell sendmail what server and cyrus mailbox to deliver to. It seems that using ldap routing w/ mailLocalAddress and mailHost will cause a loop if everything is all one one server. AJ Wil Cooley wrote: On Wed, 2004-07-07 at 15:51, AJ wrote: Thanks. I have reviewed the sendmail page numerous times, but my question is what is the difference between the way I have things set up now, i.e just using cyrus as a local mailer, as opposed to ldap_routing. I am not sure why one would go one way or the other, just trying to clarify. If you use LDAP routing (or any other form of recipient verification) you can reject bogus messages during the SMTP conversation. Puts less work on your server and your postmaster, because he doesn't have to deal with the double-bounces caused by viruses and spammers sending mail to a non-existent address from a non-existent address. Wil --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus IMAP, sendmail and LDAP
On Wed, 2004-07-07 at 15:51, AJ wrote: > Thanks. I have reviewed the sendmail page numerous times, but my > question is what is the difference between the way I have things set up > now, i.e just using cyrus as a local mailer, as opposed to ldap_routing. > I am not sure why one would go one way or the other, just trying to clarify. If you use LDAP routing (or any other form of recipient verification) you can reject bogus messages during the SMTP conversation. Puts less work on your server and your postmaster, because he doesn't have to deal with the double-bounces caused by viruses and spammers sending mail to a non-existent address from a non-existent address. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc signature.asc Description: This is a digitally signed message part
Re: Cyrus IMAP, sendmail and LDAP
Basically, i have sendmail, cyrus and ldap all on the same box, so I am not sure I need ldap routing in sendmail. What do you think? Andrzej Filip wrote: > AJ wrote: > >> My setup is cyrus, sendmail and openldap for all users data. >> The way I have things set up now is sendmail use cyrus local mailer, >> and is not compile w/ LDAP support, so if a mailbox does not exist in >> cyrus, it gets bounced. Sendmail does not do user/mailbox lookups >> via LDAP. >> This seems to work ok, but on the net I have been reading most people >> set up sendmail to look at ldap for users, rather than cyrus. >> Can some people share their setups on how they implement these three >> together? > > > * LDAP ROUTING (sendmail) > http://www.sendmail.org/m4/ldap_routing.html > * Autocreate INBOX patch for Cyrus > http://email.uoa.gr/projects/cyrus/autocreate/index.html > --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
lmtpd rejecting valid messages
Hello, I'm using Cyrus IMAPd 2.2.6. Cyrus' lmtpd seems to reject header-only messages, i.e. messages which don't have a blank line (CRLF) after the last header line. AFAICT such messages should be accepted, at least they're valid according to RFC 2822. The problem is that the MTA accepts header-only messages, delivers them to Cyrus lmtpd which rejects them with "Message has no header/body separator", and generates a bounce because of the delivery failure. (The original sender probably supplied Joe's address as the envelope sender, and Joe receives the bounce...) Is this intended behaviour, or am I missing something? Comments are welcome! TIA, Jukka -- bashian roulette: $ ((RANDOM%6)) || rm -rf ~ --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus IMAP, sendmail and LDAP
Thanks. I have reviewed the sendmail page numerous times, but my question is what is the difference between the way I have things set up now, i.e just using cyrus as a local mailer, as opposed to ldap_routing. I am not sure why one would go one way or the other, just trying to clarify. Thanks. AJ Andrzej Filip wrote: AJ wrote: My setup is cyrus, sendmail and openldap for all users data. The way I have things set up now is sendmail use cyrus local mailer, and is not compile w/ LDAP support, so if a mailbox does not exist in cyrus, it gets bounced. Sendmail does not do user/mailbox lookups via LDAP. This seems to work ok, but on the net I have been reading most people set up sendmail to look at ldap for users, rather than cyrus. Can some people share their setups on how they implement these three together? * LDAP ROUTING (sendmail) http://www.sendmail.org/m4/ldap_routing.html * Autocreate INBOX patch for Cyrus http://email.uoa.gr/projects/cyrus/autocreate/index.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus IMAP, sendmail and LDAP
AJ wrote: My setup is cyrus, sendmail and openldap for all users data. The way I have things set up now is sendmail use cyrus local mailer, and is not compile w/ LDAP support, so if a mailbox does not exist in cyrus, it gets bounced. Sendmail does not do user/mailbox lookups via LDAP. This seems to work ok, but on the net I have been reading most people set up sendmail to look at ldap for users, rather than cyrus. Can some people share their setups on how they implement these three together? * LDAP ROUTING (sendmail) http://www.sendmail.org/m4/ldap_routing.html * Autocreate INBOX patch for Cyrus http://email.uoa.gr/projects/cyrus/autocreate/index.html -- Andrzej [en:Andrew] Adam Filip [EMAIL PROTECTED] [EMAIL PROTECTED] http://anfi.homeunix.net/ http://slashdot.org/~anfi --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus IMAP, sendmail and LDAP
Hi, My setup is cyrus, sendmail and openldap for all users data. The way I have things set up now is sendmail use cyrus local mailer, and is not compile w/ LDAP support, so if a mailbox does not exist in cyrus, it gets bounced. Sendmail does not do user/mailbox lookups via LDAP. This seems to work ok, but on the net I have been reading most people set up sendmail to look at ldap for users, rather than cyrus. Can some people share their setups on how they implement these three together? Thanks. AJ --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: unable to login
On Wed, 2004-07-07 at 12:45, Mike Beattie wrote: > And I hate to point out, but then, if a malicious user manages to find a > flaw in cyrus they could hypothetically use that flaw to get a copy of > /etc/shadow. (If I'm mistaken, *please* correct me) > > Only the second worst thing after actually getting a root shell, IMO. Well, I suppose it's possible, but it's better than giving all SASL applications read access to /etc/shadow, because there's far less code to review and audit in saslauthd than Cyrus IMAP, Postfix, OpenLDAP, etc. Not to mention that applications communicate with saslauthd over a socket protocol, which one hopes goes to great lengths sanitize input. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc signature.asc Description: This is a digitally signed message part
Re: [unix socket] header
actually, it's my own home brewed applescript, but that's not important... I'd like to remove the header if possible. any ideas? thanks in advance guys, cameron >I don't know why this is messing up your SpamCop reporting; I have the same >thing, and the SpamCop report ignores it completely. > >Mark J. Nernberg > >> From: Cameron Knowlton <[EMAIL PROTECTED]> >> Date: Wed, 7 Jul 2004 11:19:51 -0700 > > To: [EMAIL PROTECTED] >> Subject: [unix socket] header >> >> total Cyrus newbie, so please bear with me. I >> couldn't find this on the engines anywhere. >> >> how would I go about removing the ([unix socket]) >> Cyrus header below? it really does mess up my >> spam cop process, and causes confusion. >> >> thanks! >> cameron >> >> >> Return-Path: <[EMAIL PROTECTED]> >> Received: from stats.igods.com ([unix socket]) >> by stats.igods.com (Cyrus v2.1.13) with >> LMTP; Tue, 06 Jul 2004 09:46:00 -0700 >> X-Sieve: CMU Sieve 2.2 >> Received: from igods.com (dialup-208-157-46-73.mho.net [208.157.46.73]) >> by stats.igods.com (Postfix) with ESMTP id E29C146798 >> for <[EMAIL PROTECTED]>; Tue, 6 Jul 2004 09:45:19 -0700 (PDT) >> From: [EMAIL PROTECTED] >> To: [EMAIL PROTECTED] >> >> -- >> >> >>> On Tuesday, July 06, 2004 at 19:44 CEST, >>> Cameron Knowlton <[EMAIL PROTECTED]> wrote: >>> I'm getting an odd receive chain in messages being received at postfix... what is ([unix socket]) below? (I'm running Mac OS X 10.3.4). >>> >>> You're delivering mail to Cyrus via LMTP and a Unix socket. The Cyrus >>> delivery agent adds the header. >>> I guess ideally I'd like to avoid this header, as it seemed extraneous, and throws a wrench into my spam cop script. >>> >>> Normally, header_checks and the IGNORE action can be used to remove >>> unwanted Received headers, but this time the header is added by the >>> delivery agent after processing header_checks. >>> >>> -- > >> Magnus Bäck -- --- Cameron Knowlton iGods Internet Marketing [EMAIL PROTECTED] www.igods.com P: 250.382.0226 --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: unable to login
On Wed, Jul 07, 2004 at 10:47:39AM -0700, Wil Cooley wrote: > No, saslauthd runs as root--it's role is to provide authentication > services, often for PAM or shadow authentication, which requires root > access. It's a much better solution than creating a 'shadow' group and > making /etc/shadow readable by it and putting cyrus into that group. And I hate to point out, but then, if a malicious user manages to find a flaw in cyrus they could hypothetically use that flaw to get a copy of /etc/shadow. (If I'm mistaken, *please* correct me) Only the second worst thing after actually getting a root shell, IMO. Mike. -- Mike Beattie <[EMAIL PROTECTED]> UNIX Systems Engineer, ITS Ph: +64 3 479 8597 Fax: +64 3 479 5080 Cell: +64 27 44 80386 * Opinions expressed are my own, not those of the University of Otago * --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: unable to login
On Wed, Jul 07, 2004 at 07:19:11PM +0200, Dudi Goldenberg wrote: > Thank you all people! > > The problem was that /etc/default/saslauthd was reset to default values > after a apt-get update. > > Once I noticed that saslauthd was not running it didn't take much to > find & fix it. Speaking with my Debian hat on, that's a bug - please file one! (If you're using the official Debian packages, that is). Mike. -- Mike Beattie <[EMAIL PROTECTED]> UNIX Systems Engineer, ITS Ph: +64 3 479 8597 Fax: +64 3 479 5080 Cell: +64 27 44 80386 * Opinions expressed are my own, not those of the University of Otago * --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
[unix socket] header
Title: [unix socket] header total Cyrus newbie, so please bear with me. I couldn't find this on the engines anywhere. how would I go about removing the ([unix socket]) Cyrus header below? it really does mess up my spam cop process, and causes confusion. thanks! cameron Return-Path: <[EMAIL PROTECTED]> Received: from stats.igods.com ([unix socket]) by stats.igods.com (Cyrus v2.1.13) with LMTP; Tue, 06 Jul 2004 09:46:00 -0700 X-Sieve: CMU Sieve 2.2 Received: from igods.com (dialup-208-157-46-73.mho.net [208.157.46.73]) by stats.igods.com (Postfix) with ESMTP id E29C146798 for <[EMAIL PROTECTED]>; Tue, 6 Jul 2004 09:45:19 -0700 (PDT) From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] -- On Tuesday, July 06, 2004 at 19:44 CEST, Cameron Knowlton <[EMAIL PROTECTED]> wrote: > I'm getting an odd receive chain in messages being received at > postfix... what is ([unix socket]) below? (I'm running Mac OS X > 10.3.4). You're delivering mail to Cyrus via LMTP and a Unix socket. The Cyrus delivery agent adds the header. > I guess ideally I'd like to avoid this header, as it seemed > extraneous, and throws a wrench into my spam cop script. Normally, header_checks and the IGNORE action can be used to remove unwanted Received headers, but this time the header is added by the delivery agent after processing header_checks. -- Magnus Bäck -- --- Cameron Knowlton iGods Internet Marketing [EMAIL PROTECTED] www.igods.com P: 250.382.0226
Re: unable to login
On Wed, 2004-07-07 at 08:44, Patrick Welche wrote: > > What about saslauthd? > > I don't actually use saslauthd, but assume that it too will become user cyrus.. No, saslauthd runs as root--it's role is to provide authentication services, often for PAM or shadow authentication, which requires root access. It's a much better solution than creating a 'shadow' group and making /etc/shadow readable by it and putting cyrus into that group. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc signature.asc Description: This is a digitally signed message part
Re: cyrus IMAP4 v2.1.16 and TLS
On Wed, 2004-07-07 at 15:25, victor wrote: > I try to use tls but I have some problems. > The log error: > Jul 7 15:14:03 mail68 imapd[17167]: accepted connection > Jul 7 15:14:03 mail68 imaps[17168]: executed > Jul 7 15:14:11 mail68 imapd[17167]: imaps TLS negotiation failed: > dgfp.ambra.ro[80.97.24.235] > Jul 7 15:14:11 mail68 imapd[17167]: Fatal error: tls_start_servertls() > failed > Jul 7 15:14:11 mail68 cyrus-master[17057]: process 17167 exited, status 75 > > But when I do telnet everything seems to be OK: Try using the 's_client' in OpenSSL: $ openssl s_client -connect localhost:imaps Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc signature.asc Description: This is a digitally signed message part
Re: unable to login
Am Mi, den 07.07.2004 schrieb Louis LeBlanc um 17:09: > > > This kinda begs the question, what exactly *should* the permissions be > > > for sasldb2.db? > > > > > > Lou > > > > chown root:root /etc/sasldb2 > > chmod 600 /etc/sasldb2 > > > > (the database has no .db ending) > > It appears that the port on FreeBSD does use the .db extension. Ok, interesting to know. I must confess that I accidentally thought I would answer a question on the Fedora list, so it didn't came to my mind that other systems handle that different. > Another poster suggested making it owned by cyrus:mail. I assume your > imapd is run as root? No, the cyrus-imapd is running as user cyrus. For authentification the saslauthd is use, which runs as root, and has the necessary permissions to read either a sasldb or the shadow file. Back to the more basic question: it is just important that the user which needs to read the sasldb has permissions on it, but no other user, because the auth data is stored in plain format in there. > Lou Alexander -- Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13 Fedora GNU/Linux Core 2 (Tettnang) on Athlon CPU kernel 2.6.6-1.435.2.3 Serendipity 18:16:09 up 24 min, 9 average: 2.10, 1.53, 0.86 signature.asc Description: Dies ist ein digital signierter Nachrichtenteil
Sasl-cvs
Here is a casino giving away $25 Free when you sign up an account. No credit card required http://acecasino.cls2.org/iwin.html James
RE: unable to login
Thank you all people! The problem was that /etc/default/saslauthd was reset to default values after a apt-get update. Once I noticed that saslauthd was not running it didn't take much to find & fix it. Regards, Dudi --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: unable to login
On Wed, Jul 07, 2004 at 11:10:48AM -0400, Louis LeBlanc wrote: > > > On 07/07/04 02:29 PM, Patrick Welche sat at the `puter and typed: > > I happen to use > > > > -rw--- 1 cyrus mail 24576 May 10 23:43 /etc/sasldb2 > > This is helpful. I guess you're running imapd as cyrus:mail? Well, I run /usr/cyrus/bin/master as root, it subsequently drops its privileges and runs as cyrus: USER PID %CPU %MEMVSZRSS TT STAT STARTED TIME COMMAND cyrus 508 0.0 0.0164 1032 ?? SsSun01PM0:16.37 /usr/cyrus/bin/master -d > What about saslauthd? I don't actually use saslauthd, but assume that it too will become user cyrus.. Cheers, Patrick --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: unable to login
On 07/07/04 03:25 PM, Patrick Welche sat at the `puter and typed: > On Wed, Jul 07, 2004 at 09:56:31AM -0400, Louis LeBlanc wrote: > > On 07/07/04 02:29 PM, Patrick Welche sat at the `puter and typed: > > > On Wed, Jul 07, 2004 at 12:03:12AM +0200, Dudi Goldenberg wrote: > > > > Jul 6 23:58:32 mail cyrus/imapd[2205]: badlogin: localhost[127.0.0.1] > > > > Any hint what to look for? > > > > > > Clues in /var/log/authlog ? file permissions on /etc/sasldb2 ? > > > capability string when trying to connect with imtest ? > > > (Just guessing really..) > > > > This kinda begs the question, what exactly *should* the permissions be > > for sasldb2.db? > > I happen to use > > -rw--- 1 cyrus mail 24576 May 10 23:43 /etc/sasldb2 This is helpful. I guess you're running imapd as cyrus:mail? What about saslauthd? Thank you Lou -- Louis LeBlanc [EMAIL PROTECTED] Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ Patageometry, n.: The study of those mathematical properties that are invariant under brain transplants. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: unable to login
On 07/07/04 04:29 PM, Alexander Dalloz sat at the `puter and typed: > Am Mi, den 07.07.2004 schrieb Louis LeBlanc um 15:56: > > > This kinda begs the question, what exactly *should* the permissions be > > for sasldb2.db? > > > > Lou > > chown root:root /etc/sasldb2 > chmod 600 /etc/sasldb2 > > (the database has no .db ending) It appears that the port on FreeBSD does use the .db extension. Another poster suggested making it owned by cyrus:mail. I assume your imapd is run as root? Lou -- Louis LeBlanc [EMAIL PROTECTED] Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ Fourth Law of Revision: It is usually impractical to worry beforehand about interferences -- if you have none, someone will make one for you. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: unable to login
Am Mi, den 07.07.2004 schrieb Louis LeBlanc um 15:56: > This kinda begs the question, what exactly *should* the permissions be > for sasldb2.db? > > Lou chown root:root /etc/sasldb2 chmod 600 /etc/sasldb2 (the database has no .db ending) Alexander -- Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13 Fedora GNU/Linux Core 2 (Tettnang) on Athlon CPU kernel 2.6.6-1.435.2.3 Serendipity 16:27:18 up 2 days, 16:09, load average: 0.40, 0.26, 0.23 signature.asc Description: Dies ist ein digital signierter Nachrichtenteil
Re: unable to login
On Wed, Jul 07, 2004 at 09:56:31AM -0400, Louis LeBlanc wrote: > On 07/07/04 02:29 PM, Patrick Welche sat at the `puter and typed: > > On Wed, Jul 07, 2004 at 12:03:12AM +0200, Dudi Goldenberg wrote: > > > Jul 6 23:58:32 mail cyrus/imapd[2205]: badlogin: localhost[127.0.0.1] > > > Any hint what to look for? > > > > Clues in /var/log/authlog ? file permissions on /etc/sasldb2 ? > > capability string when trying to connect with imtest ? > > (Just guessing really..) > > This kinda begs the question, what exactly *should* the permissions be > for sasldb2.db? I happen to use -rw--- 1 cyrus mail 24576 May 10 23:43 /etc/sasldb2 Cheers, Patrick --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: unable to login
On 07/07/04 02:29 PM, Patrick Welche sat at the `puter and typed: > On Wed, Jul 07, 2004 at 12:03:12AM +0200, Dudi Goldenberg wrote: > > Jul 6 23:58:32 mail cyrus/imapd[2205]: badlogin: localhost[127.0.0.1] > > Any hint what to look for? > > Clues in /var/log/authlog ? file permissions on /etc/sasldb2 ? > capability string when trying to connect with imtest ? > (Just guessing really..) This kinda begs the question, what exactly *should* the permissions be for sasldb2.db? Lou -- Louis LeBlanc [EMAIL PROTECTED] Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ The speed of anything depends on the flow of everything. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: High availability ... again
On Tue, 6 Jul 2004, Kevin Baker wrote: How would we indicate our interest to the development team? How are updates and future development project priorities decided? Several methods.. Supplied patches often get a high priority (though not in this case, since we have a patch that is very complicated and not easy to apply since it is based off of different implementations of the expunge code that is in the 2.3 CVS). Quite honestly, development priorities are most often (Though not always) set around what CMU needs most at the time. Sort of selfish, but very true. Things like virtual domains got implemented because Ken was bored though. Another way to indicate your interest is with a hefty donation to CMU, of course :) -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: unable to login
On Wed, Jul 07, 2004 at 12:03:12AM +0200, Dudi Goldenberg wrote: > Jul 6 23:58:32 mail cyrus/imapd[2205]: badlogin: localhost[127.0.0.1] > Any hint what to look for? Clues in /var/log/authlog ? file permissions on /etc/sasldb2 ? capability string when trying to connect with imtest ? (Just guessing really..) Patrick --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus IMAP4 v2.1.16 and TLS
On Wed, Jul 07, 2004 at 03:25:47PM -0700, victor wrote: > I try to use tls but I have some problems. > The log error: > Jul 7 15:14:03 mail68 imapd[17167]: accepted connection > Jul 7 15:14:03 mail68 imaps[17168]: executed > Jul 7 15:14:11 mail68 imapd[17167]: imaps TLS negotiation failed: > dgfp.ambra.ro[80.97.24.235] > Jul 7 15:14:11 mail68 imapd[17167]: Fatal error: tls_start_servertls() > failed > Jul 7 15:14:11 mail68 cyrus-master[17057]: process 17167 exited, status 75 > > But when I do telnet everything seems to be OK: Try imtest. See imtest --help for more information, and its manpage. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Secure Password Authentication
On Wed, Jul 07, 2004 at 12:28:11PM -0700, victor wrote: > I don't have AUTH=NTLM. > This is strange. > Is there something wrong with the mandrake 10 rpm's? Do you have the ntlm sasl plugin installed in /usr/lib/sasl2? You will also need an auxprop plugin (sasldb for passwords stored in /etc/sasldb2, for example). --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: High availability ... again
On Tue, 6 Jul 2004, Kevin Baker wrote: > The cyrus/replication would be amazing. Application level > replication seems to be the best option if the setup is > straight forward. > > How would we indicate our interest to the development > team? How are updates and future development project > priorities decided? I am sure they will take a very hard look at it if you pay for the feature. ;-) -- Igor --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
cyrus IMAP4 v2.1.16 and TLS
I try to use tls but I have some problems. The log error: Jul 7 15:14:03 mail68 imapd[17167]: accepted connection Jul 7 15:14:03 mail68 imaps[17168]: executed Jul 7 15:14:11 mail68 imapd[17167]: imaps TLS negotiation failed: dgfp.ambra.ro[80.97.24.235] Jul 7 15:14:11 mail68 imapd[17167]: Fatal error: tls_start_servertls() failed Jul 7 15:14:11 mail68 cyrus-master[17057]: process 17167 exited, status 75 But when I do telnet everything seems to be OK: [EMAIL PROTECTED] etc]# telnet 127.0.0.1 143 Trying 127.0.0.1... Connected to localhost (127.0.0.1). Escape character is '^]'. * OK cyrus.ambranet.com Cyrus IMAP4 v2.1.16-Mandrake-RPM-2.1.16-5mdk server ready 1 capability * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS AUTH=NTLM LISTEXT LIST-SUBSCRIBED ANNOTATEMORE X-NETSCAPE 1 OK Completed 2 STARTTLS 2 OK Begin TLS negotiation now --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Perl-Cyrus-SIEVE-managesieve
Hi Etienne, I'd be interested in having a peek at those mods for SASL if you still have them.. I have been away from the websieve project for a while but I'm sure a few people might be interested and I could add it to the CVS storage on Sourceforge. http://sourceforge.net/project/showfiles.php?group_id=34008 Alain Turbide - Original Message - From: "Etienne Goyer" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, November 20, 2003 10:36 AM Subject: Re: Perl-Cyrus-SIEVE-managesieve > Are you talking about the Perl that come with websieve ? If not, I > would like to hear about this project ... > > I have made modification to the Net::Sieve module that come with > websieve to implement a few SASL authentication method and REFERRAL. If > anybody is interested, I am willing to share my patch. > > On Thu, Nov 20, 2003 at 08:23:31AM -, Allister Gearon wrote: > > Hi, > > does anybody know if there is any documentation on how to use this > > package to implement mail filtering. The documentation is not very > > forthcoming, and the only hits from google are from different flavours of > > the rpm. > > TIA > > Al > > -- > Etienne GoyerLinux Québec Technologies Inc. > http://www.LinuxQuebec.com [EMAIL PROTECTED] > > --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: encoded packet size too big
Rob Siemborski --> cyrus-sasl (2004-07-06 17:57:23 -0400): > After talking with Sam Hartman, it became apparent that MIT gets the > implementation of gss_wrap_size_limit right and Heimdal gets it > oh...so...wrong. > > I've committed a patch that should make this work in both cases, however. I'm using Heimdal and the patch seems to work fine, at least it solved my original problem. Thanks a lot! Cheers, Jukka -- bashian roulette: $ ((RANDOM%6)) || rm -rf ~ --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Secure Password Authentication
I don't have AUTH=NTLM. This is strange. Is there something wrong with the mandrake 10 rpm's? [EMAIL PROTECTED] imap]# telnet 127.0.0.1 143 Trying 127.0.0.1... Connected to localhost (127.0.0.1). Escape character is '^]'. * OK cyrus.ambranet.com Cyrus IMAP4 v2.2.6 server ready . CAPABILITY * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE STARTTLS . OK Completed Pascal Gienger wrote: I have a Mandrake 10 distribution and the packages: libsasl2-plug-ntlm-2.1.15-10mdk.i586.rpm libsasl2 cyrus-sasl And I compiled cyrus-imapd-2.2.6. When I try to login using SPA - The mail client(Outlook) says: "General authentication failure. None of the authentication methods supported by your IMAP server(if any) are supported on this computer" Try ". CAPABILITY" after doing a telnet to your IMAP Server, Port 143. It should read something like this: schnucki:~ pascal$ telnet localhost 143 Trying ::1... Connected to localhost. Escape character is '^]'. * OK schnucki Cyrus IMAP4 v2.2.3 server ready . CAPABILITY * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=OTP AUTH=NTLM AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR . OK Completed You *MUST* see an "AUTH=NTLM". Some people reported that some versions of Outlook Express and Outlook only accept NTLM if it's presented as the first choice. Since I don't use Windows and therefore does not have Outlook nor Outlook Express, others must confirm this. Pascal --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Secure Password Authentication
I have a Mandrake 10 distribution and the packages: libsasl2-plug-ntlm-2.1.15-10mdk.i586.rpm libsasl2 cyrus-sasl And I compiled cyrus-imapd-2.2.6. When I try to login using SPA - The mail client(Outlook) says: "General authentication failure. None of the authentication methods supported by your IMAP server(if any) are supported on this computer" If I try without the SPA, the login is succesfully. Thank you. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
