Re: Cyrus Imap Authentication Problems
hi, try installing the sasl authentification packages ... i had the same thing ... cyrus-sasl-md5 cyrus-sasl-plain cyrus-sasl-ntlm cyrus-sasl-gssapi plain is the minimum install ... cheers chalres On Sun, 2005-09-25 at 21:31 +0200, evildad wrote: HI there, i'd like to set-up an working IMAP Server on my Gentoo System. I used the Postfix-Cyrus-Web-cyradm-HOWTO from http://www.delouw.ch/linux/Postfix-Cyrus-Web-cyradm-HOWTO/html/index.html Because I use Gentoo, I compiled all the packages with the „emerge“ command. Here are the versions for my installed packages: cyrus-sasl-2.1.21-r1 cyrus-imapd-2.2.12 postfix-2.1.5-r2 pam_mysql-0.6.0 mysql-4.0.25-r2 web-cyradm-0.5.4.1 They all compiled without errors but after i wanted to create the user cyrus with the command # saslpasswd2 -c cyrus Password: Again (for verification): ... the following errors appear in /var/log/messages: Sep 25 17:21:01 evildad saslpasswd2: sql_select option missing Sep 25 17:21:01 evildad saslpasswd2: auxpropfunc error no mechanism available Sep 25 17:21:01 evildad saslpasswd2: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql Sep 25 17:21:05 evildad saslpasswd2: setpass succeeded for cyrus Sep 25 17:21:05 evildad saslpasswd2: error deleting entry from sasldb: DB_NOTFOUND: No matching key/data pair found Sep 25 17:21:05 evildad saslpasswd2: error deleting entry from sasldb: DB_NOTFOUND: No matching key/data pair found Sep 25 17:21:05 evildad saslpasswd2: error deleting entry from sasldb: DB_NOTFOUND: No matching key/data pair found I don't understand why sasl won't find the DB. Another Problem is the command to connect to the Server. When i type in the following command to the Server I get the following output: # cyradm --user cyrus --server localhost --auth plain Password: IMAP Password: Login failed: authentication failure at /usr/lib/perl5/site_perl/5.8.6/x86_64-linux/Cyrus/IMAP/Admin.pm line 118 cyradm: cannot authenticate to server with plain as cyrus and in /var/log/messages: Sep 25 21:18:26 evildad master[7102]: about to exec /usr/lib/cyrus/imapd Sep 25 21:18:26 evildad imap[7102]: executed Sep 25 21:18:26 evildad imap[7102]: sql auxprop plugin using mysql engine Sep 25 21:18:26 evildad imap[7102]: accepted connection Sep 25 21:18:37 evildad imap[7102]: badlogin: localhost [127.0.0.1] PLAIN [SASL(-16): encryption needed to use mechanism: security flags do not match required] Sep 25 21:18:40 evildad perl: No worthy mechs found Sep 25 21:18:44 evildad imap[7102]: sql plugin Parse the username cyrus Sep 25 21:18:44 evildad imap[7102]: sql plugin try and connect to a host Sep 25 21:18:44 evildad imap[7102]: sql plugin trying to open db 'mail' on host 'localhost' Sep 25 21:18:44 evildad imap[7102]: sql plugin Parse the username cyrus Sep 25 21:18:44 evildad imap[7102]: sql plugin try and connect to a host Sep 25 21:18:44 evildad imap[7102]: sql plugin trying to open db 'mail' on host 'localhost' Sep 25 21:18:44 evildad saslauthd[6930]: DEBUG: auth_pam: pam_acct_mgmt failed: User account has expired Sep 25 21:18:44 evildad saslauthd[6930]: do_auth : auth failure: [user=cyrus] [service=imap] [realm=] [mech=pam] [reason=PAM acct error] Sep 25 21:18:44 evildad imap[7102]: badlogin: localhost [127.0.0.1] plaintext cyrus SASL(-13): authentication failure: checkpass failed Sep 25 21:19:47 evildad master[20809]: process 7102 exited, status 0 Hope anyone can help me to get the authentication work... And i don't know why the User account has been expired though it has never worked before... Thanks in advance, Evildad ___ Was denken Sie über E-Mail? Wir hören auf Ihre Meinung: http://surveylink.yahoo.com/wix/p0379378.aspx Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -- simplified chinese is not nearly as easy as they would have you believe ... a superlative oxymoron --anonymous Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
RE: Cyrus Imap Authentication Problems
Hi, First of all try to post this question to web-cyradm list, I'm too on their list and if you have further questions we'll try to help you. It may be related to creation of the file /etc/pam.d/imap with the following entries: -- #%PAM-1.0 auth sufficient pam_mysql.so user=mail passwd=secret host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=1 logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host logpidcolumn=pid logtimecolumn=time sqllog=yes # auth sufficient pam_unix_auth.so account required pam_mysql.so user=mail passwd=secret host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=1 logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host logpidcolumn=pid logtimecolumn=time # account sufficient pam_unix_acct.so - Regards, Leon Kolchinsky -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of evildad Sent: Sunday, September 25, 2005 10:31 PM To: info-cyrus@lists.andrew.cmu.edu Subject: Cyrus Imap Authentication Problems HI there, i'd like to set-up an working IMAP Server on my Gentoo System. I used the Postfix-Cyrus-Web-cyradm-HOWTO from http://www.delouw.ch/linux/Postfix-Cyrus-Web-cyradm-HOWTO/html/index.html Because I use Gentoo, I compiled all the packages with the „emerge“ command. Here are the versions for my installed packages: cyrus-sasl-2.1.21-r1 cyrus-imapd-2.2.12 postfix-2.1.5-r2 pam_mysql-0.6.0 mysql-4.0.25-r2 web-cyradm-0.5.4.1 They all compiled without errors but after i wanted to create the user cyrus with the command # saslpasswd2 -c cyrus Password: Again (for verification): ... the following errors appear in /var/log/messages: Sep 25 17:21:01 evildad saslpasswd2: sql_select option missing Sep 25 17:21:01 evildad saslpasswd2: auxpropfunc error no mechanism available Sep 25 17:21:01 evildad saslpasswd2: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql Sep 25 17:21:05 evildad saslpasswd2: setpass succeeded for cyrus Sep 25 17:21:05 evildad saslpasswd2: error deleting entry from sasldb: DB_NOTFOUND: No matching key/data pair found Sep 25 17:21:05 evildad saslpasswd2: error deleting entry from sasldb: DB_NOTFOUND: No matching key/data pair found Sep 25 17:21:05 evildad saslpasswd2: error deleting entry from sasldb: DB_NOTFOUND: No matching key/data pair found I don't understand why sasl won't find the DB. Another Problem is the command to connect to the Server. When i type in the following command to the Server I get the following output: # cyradm --user cyrus --server localhost --auth plain Password: IMAP Password: Login failed: authentication failure at /usr/lib/perl5/site_perl/5.8.6/x86_64-linux/Cyrus/IMAP/Admin.pm line 118 cyradm: cannot authenticate to server with plain as cyrus and in /var/log/messages: Sep 25 21:18:26 evildad master[7102]: about to exec /usr/lib/cyrus/imapd Sep 25 21:18:26 evildad imap[7102]: executed Sep 25 21:18:26 evildad imap[7102]: sql auxprop plugin using mysql engine Sep 25 21:18:26 evildad imap[7102]: accepted connection Sep 25 21:18:37 evildad imap[7102]: badlogin: localhost [127.0.0.1] PLAIN [SASL(-16): encryption needed to use mechanism: security flags do not match required] Sep 25 21:18:40 evildad perl: No worthy mechs found Sep 25 21:18:44 evildad imap[7102]: sql plugin Parse the username cyrus Sep 25 21:18:44 evildad imap[7102]: sql plugin try and connect to a host Sep 25 21:18:44 evildad imap[7102]: sql plugin trying to open db 'mail' on host 'localhost' Sep 25 21:18:44 evildad imap[7102]: sql plugin Parse the username cyrus Sep 25 21:18:44 evildad imap[7102]: sql plugin try and connect to a host Sep 25 21:18:44 evildad imap[7102]: sql plugin trying to open db 'mail' on host 'localhost' Sep 25 21:18:44 evildad saslauthd[6930]: DEBUG: auth_pam: pam_acct_mgmt failed: User account has expired Sep 25 21:18:44 evildad saslauthd[6930]: do_auth : auth failure: [user=cyrus] [service=imap] [realm=] [mech=pam] [reason=PAM acct error] Sep 25 21:18:44 evildad imap[7102]: badlogin: localhost [127.0.0.1] plaintext cyrus SASL(-13): authentication failure: checkpass failed Sep 25 21:19:47 evildad master[20809]: process 7102 exited, status 0 Hope anyone can help me to get the authentication work... And i don't know why the User account has been expired though it has never worked before... Thanks in advance, Evildad ___ Was denken Sie über E-Mail? Wir hören auf Ihre Meinung: http://surveylink.yahoo.com/wix/p0379378.aspx Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ:
renaming mailboxes
Hello, we would like to have rename mailbox funcionality in Cyrus IMAPD. Plain cyrus-imapd refuses to rename mailbox, so I would like to know if there was something done on that field? Like 3rd party patches, 2.3.x branch whatever. If not do you have any hints where to start? (If cyrus imap is able to move mailboxes between murder backends, then it should not be _that_ hard to write rename functionality.) Ondrej. -- Ondrej Sury [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
I receive all emails of this list twice
hi list-members, i receive all emails of this list twice. i already made a new subscription, but with the new subscription i still have the same problem. is this a list-problem ? thx! rolf suennen -- makeit-online.de - easy content management http://www.makeit-online.de Rolf Suennen Grunerstrasse 25 40239 Duesseldorf Tel.: 0211 - 6169 17 50 Fax.: 0211 - 6169 17 75 Mob.: 0177 - 213 44 24 email: [EMAIL PROTECTED] Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
High-Availability IMAP server
Hello, I have a 'pseudo' High Availability SMTP system consisting in two servers running cyrus 2.2.5. The main problem I have is that only one of the two nodes can access to the mailboxes in order to keep the integrity of the cyrus databases despite the filesystem (GFS) has support to allow to two different servers access in R/W mode. I've read about cyrus-murder which allows to distribute mailboxes along different servers but if the server that has the mailbox for [EMAIL PROTECTED] goes offline, this mailbox is not available. With maildir/mailbox format, there is no additional integrity mechanism so any server with R/W access to the filesystem can provide the mailbox via POP3/IMAP, etc. Is there any way to achieve this goal using cyrus? Which is the best approach to this scenario? Run daily imapsync via cron and a Load Balancer forward the requests to the active one? Any help would be appreciated. Regards, David Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: High-Availability IMAP server
On 9/26/05, David [EMAIL PROTECTED] wrote: Is there any way to achieve this goal using cyrus? Which is the best approach to this scenario? Run daily imapsync via cron and a Load Balancer forward the requests to the active one? Any help would be appreciated. There is replication code in the 2.3 branch; though from what I can tell it hasn't been touched in a few months and makes me wonder if it's being actively developed still. Nevertheless, in my exhaustive search for any and all information on IMAP replication, I came across a few list posts detailing the 2.3 replication code in production, without many issues, for over a year. I would be eternally grateful if someone on the list more knowledgeable detailed their experiences with replication. regards, aaron.glenn Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Converting deliver.db from berkely-nosync to skiplist
Skiplist doesn't have fast lookups? I admit to not knowing the intricacies of the various formats, but i thought skiplist and Berkeley were at least comparable, as the opinion i've seen has been that skiplist is better, especially when encountering corruption with berkeley. Also, that is not an option, since i wish not to get woken up every other night because mail isn't being delivered due to this problem. -Brenden --On Sunday, September 25, 2005 11:08:28 AM +0200 [EMAIL PROTECTED] wrote: Brenden Conte wrote: Using RPM version of 2.2.10 and Berkeley DB 4.1.25... We've run into problems the last few nights with corruption of the duplicate delivery database (delivery.db). I tried disabling it, however that caused processes to fail to communicate to the local lmtp sockets for some reason. We do enjoy this feature, and disabling it was no the optimal solution, so we would like to convert it to skiplist. Don't, you need fast lookups. When this file gets corrupted just move it out of the way between a stop and start. Also, I noted in the man page that it also includes sieve in the description for that option. I was unaware of any sieve database - where is it (or is it old, left over from previous versions)? Thanks, Brenden Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Henk -- Henk Roose [EMAIL PROTECTED] CWI - Centrum voor Wiskunde en Informatica Centre for Mathematics and Computer Science Amsterdam (NL) Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Converting deliver.db from berkely-nosync to skiplist
Brenden Conte wrote: Skiplist doesn't have fast lookups? I admit to not knowing the intricacies of the various formats, but i thought skiplist and Berkeley were at least comparable, as the opinion i've seen has been that skiplist is better, especially when encountering corruption with berkeley. For random lookups, such as deliver.db and tls_sessions.db, berkeley is faster. For enumerating the database, such as performing an IMAP LIST command, skiplist is faster. --On Sunday, September 25, 2005 11:08:28 AM +0200 [EMAIL PROTECTED] wrote: Brenden Conte wrote: Using RPM version of 2.2.10 and Berkeley DB 4.1.25... We've run into problems the last few nights with corruption of the duplicate delivery database (delivery.db). I tried disabling it, however that caused processes to fail to communicate to the local lmtp sockets for some reason. We do enjoy this feature, and disabling it was no the optimal solution, so we would like to convert it to skiplist. Don't, you need fast lookups. When this file gets corrupted just move it out of the way between a stop and start. Also, I noted in the man page that it also includes sieve in the description for that option. I was unaware of any sieve database - where is it (or is it old, left over from previous versions)? Thanks, Brenden Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Henk -- Henk Roose [EMAIL PROTECTED] CWI - Centrum voor Wiskunde en Informatica Centre for Mathematics and Computer Science Amsterdam (NL) Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 2495 Main St. - Suite 401 716-604-0088 x26 Buffalo, NY 14214 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: High-Availability IMAP server
--On Monday, September 26, 2005 6:45 PM +0200 David [EMAIL PROTECTED] wrote: Hello, I have a 'pseudo' High Availability SMTP system consisting in two servers running cyrus 2.2.5. The main problem I have is that only one of the two nodes can access to the mailboxes in order to keep the integrity of the cyrus databases despite the filesystem (GFS) has support to allow to two different servers access in R/W mode. I am curious about this statement... What kind of locking is being used on GFS that prevents two nodes from accessing mailboxes without destroying the integrity of the cyrus database? In our environment, we have a cluster of 4 Alpha machines, two of them are ES40's and two of them are ES80's. They run Tru64 5.1 (TruCluster) and are attached to an HA San using AdvFS. All the members of the cluster can see all the filesystems and can access all the files and directories. We are currently only running Cyrus on the two ES80 machines, but we could easily run them on all four cluster members if we wanted too... we don't because we do run other things (i.e. Sendmail) and it is better not to mix Cyrus and Sendmail on the same machines in our environment. That being said... the mailboxes are all available from the Cyrus servers running on any cluster member. We don't see any integrity issues and it seems to run pretty good. Since Tru64 and Alpha's are on their way out the door, we are looking for a future solution that would give us the as much of the same capabilities our current environment has. This is most likely going to include Linux, but that then means we need to find a suitable cluster-like file system to replace AdvFS, which could be GFS. Anyways, I am interested in the shortcomings that you guys have encountered with reliability and integrity when trying to run an HA Cyrus server... Thanks, Scott -- +---+ Scott W. Adkinshttp://www.cns.ohiou.edu/~sadkins/ UNIX Systems Engineer mailto:[EMAIL PROTECTED] ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 +---+ PGP Public Key available at http://www.cns.ohiou.edu/~sadkins/pgp/ pgpktJjzewxXD.pgp Description: PGP signature Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: High-Availability IMAP server
Is there any way to achieve this goal using cyrus? Which is the best approach to this scenario? Run daily imapsync via cron and a Load Balancer forward the requests to the active one? Here's my approach: setup heartbeat with two ethernet heartbeats, shared storage (SAN), and pray a bunch that split-brain doesn't happen. :) John -- John Madden UNIX Systems Engineer Ivy Tech Community College of Indiana [EMAIL PROTECTED] Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Ant: RE: Cyrus Imap Authentication Problems
Hi, i had created the file /etc/pam.d/imap with the following entries: auth sufficient pam_mysql.so user=mail passwd=secret host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=1 logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host logpidcolumn=pid logtimecolumn=time account required pam_mysql.so user=mail passwd=secret host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=1 logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host logpidcolumn=pid logtimecolumn=time And i have also posted this Problem in the web-cyradm list with the hope to get the answers i need. Thanks, Evil --- [EMAIL PROTECTED] schrieb: Hi, First of all try to post this question to web-cyradm list, I'm too on their list and if you have further questions we'll try to help you. It may be related to creation of the file /etc/pam.d/imap with the following entries: -- #%PAM-1.0 auth sufficient pam_mysql.so user=mail passwd=secret host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=1 logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host logpidcolumn=pid logtimecolumn=time sqllog=yes # auth sufficient pam_unix_auth.so account required pam_mysql.so user=mail passwd=secret host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=1 logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host logpidcolumn=pid logtimecolumn=time # account sufficient pam_unix_acct.so - Regards, Leon Kolchinsky -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of evildad Sent: Sunday, September 25, 2005 10:31 PM To: info-cyrus@lists.andrew.cmu.edu Subject: Cyrus Imap Authentication Problems HI there, i'd like to set-up an working IMAP Server on my Gentoo System. I used the Postfix-Cyrus-Web-cyradm-HOWTO from http://www.delouw.ch/linux/Postfix-Cyrus-Web-cyradm-HOWTO/html/index.html Because I use Gentoo, I compiled all the packages with the âemergeâ command. Here are the versions for my installed packages: cyrus-sasl-2.1.21-r1 cyrus-imapd-2.2.12 postfix-2.1.5-r2 pam_mysql-0.6.0 mysql-4.0.25-r2 web-cyradm-0.5.4.1 They all compiled without errors but after i wanted to create the user cyrus with the command # saslpasswd2 -c cyrus Password: Again (for verification): ... the following errors appear in /var/log/messages: Sep 25 17:21:01 evildad saslpasswd2: sql_select option missing Sep 25 17:21:01 evildad saslpasswd2: auxpropfunc error no mechanism available Sep 25 17:21:01 evildad saslpasswd2: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql Sep 25 17:21:05 evildad saslpasswd2: setpass succeeded for cyrus Sep 25 17:21:05 evildad saslpasswd2: error deleting entry from sasldb: DB_NOTFOUND: No matching key/data pair found Sep 25 17:21:05 evildad saslpasswd2: error deleting entry from sasldb: DB_NOTFOUND: No matching key/data pair found Sep 25 17:21:05 evildad saslpasswd2: error deleting entry from sasldb: DB_NOTFOUND: No matching key/data pair found I don't understand why sasl won't find the DB. Another Problem is the command to connect to the Server. When i type in the following command to the Server I get the following output: # cyradm --user cyrus --server localhost --auth plain Password: IMAP Password: Login failed: authentication failure at /usr/lib/perl5/site_perl/5.8.6/x86_64-linux/Cyrus/IMAP/Admin.pm line 118 cyradm: cannot authenticate to server with plain as cyrus and in /var/log/messages: Sep 25 21:18:26 evildad master[7102]: about to exec /usr/lib/cyrus/imapd Sep 25 21:18:26 evildad imap[7102]: executed Sep 25 21:18:26 evildad imap[7102]: sql auxprop plugin using mysql engine Sep 25 21:18:26 evildad imap[7102]: accepted connection Sep 25 21:18:37 evildad imap[7102]: badlogin: localhost [127.0.0.1] PLAIN [SASL(-16): encryption needed to use mechanism: security flags do not match required] Sep 25 21:18:40 evildad perl: No worthy mechs found Sep 25 21:18:44 evildad imap[7102]: sql plugin Parse the username cyrus Sep 25 21:18:44 evildad imap[7102]: sql plugin try and connect to a host Sep 25 21:18:44 evildad imap[7102]: sql plugin trying to open db 'mail' on host 'localhost' Sep 25 21:18:44 evildad imap[7102]: sql plugin Parse the username cyrus Sep 25 21:18:44 evildad imap[7102]: sql plugin try and connect to a host Sep 25 21:18:44 evildad imap[7102]: sql plugin trying to open db 'mail' on host 'localhost' Sep 25 21:18:44 evildad saslauthd[6930]: DEBUG: auth_pam: pam_acct_mgmt failed: User account has expired Sep 25 21:18:44 evildad saslauthd[6930]: do_auth : auth failure: [user=cyrus] [service=imap] [realm=] [mech=pam] [reason=PAM acct error]
Re: Converting deliver.db from berkely-nosync to skiplist
--On September 26, 2005 2:15:01 PM -0400 Brenden Conte [EMAIL PROTECTED] wrote: Skiplist doesn't have fast lookups? I admit to not knowing the intricacies of the various formats, but i thought skiplist and Berkeley were at least comparable, as the opinion i've seen has been that skiplist is better, especially when encountering corruption with berkeley. Also, that is not an option, since i wish not to get woken up every other night because mail isn't being delivered due to this problem. Skiplist is good for things requiring enumeration. Berkeleydb has much faster random lookups. I'd suggest finding out what's causing your berkeleydb corruption. You might just need to upgrade the version of BDB libs in your system. I run BDB based deliver.db, etc, on several large mail clusters (1million+/day each delivered) and have no corruption issues whatsoever. Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Problems installing ssl certificate for cyrus imap
Hi Cristian, usually if the server has SSL/TLS capability it advertises that in the response to the 'capability' IMAP command: We have telnet disabled so I can't try this. try to remove the password from the certificate key file, just as easy as : openssl rsa -in imap-server.key -out imap-server.noPass.key If it asks for a password, then just press enter. I tried this, and pointed my configuration file to use the new key file without the password. This got me a little further. I am still seeing some errors like unable to verify first certificate. The certificate that we purchased has an intermediate certificate. Have you ever dealt with an intermediate certificate before? I tried to replace the tls_ca_file value with a file containing that intermediate certificate that I recived with the signed certificate, and I didn't see the error anymore. I don't know if that is going to cause any problems though. This is the error I get when I try tls_ca_file points to the ca_bundle file that comes with openssl. [EMAIL PROTECTED] certs]# openssl s_client -connect imap1:993 CONNECTED(0003) depth=0 /C=US/2.5.4.17=13244/ST=NY/L=Syracuse/2.5.4.9=250 A Machinery Hall/O=Syracuse University/OU=CMS/OU=InstantSSL/CN=imap1 verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /C=US/2.5.4.17=13244/ST=NY/L=Syracuse/2.5.4.9=250 A Machinery Hall/O=Syracuse University/OU=CMS/OU=InstantSSL/CN=imap1 verify error:num=27:certificate not trusted verify return:1 depth=0 /C=US/2.5.4.17=13244/ST=NY/L=Syracuse/2.5.4.9=250 A Machinery Hall/O=Syracuse University/OU=CMS/OU=InstantSSL/CN=imap1 verify error:num=21:unable to verify the first certificate verify return:1 This is what I get when I replace tls_ca_file with the intermediate certficiate: [EMAIL PROTECTED] certs]# openssl s_client -connect imap:993 CONNECTED(0003) depth=2 /C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root verify error:num=19:self signed certificate in certificate chain verify return:0 --- Thank you so much for your suggestions. Nicole Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Problems installing ssl certificate for cyrus imap
Hi Andy, Right now I'm trying to solve the problem of why I get see the unable to get local issuer certificate messages when running the openssl s_client command. I'm not that familiar with ssl (or imap) and I don't know if this is normal or not, or if ssl is working properly. Comodo sent an intermediate CA certificate along with the signed ssl certificate, that I don't know what to do with. Thanks, Nicole Andrew Morgan [EMAIL PROTECTED] 09/26/05 5:11 PM On Mon, 26 Sep 2005, Nicole Skyrca wrote: Hi Cristian, usually if the server has SSL/TLS capability it advertises that in the response to the 'capability' IMAP command: We have telnet disabled so I can't try this. try to remove the password from the certificate key file, just as easy as : openssl rsa -in imap-server.key -out imap-server.noPass.key If it asks for a password, then just press enter. I tried this, and pointed my configuration file to use the new key file without the password. This got me a little further. I am still seeing some errors like unable to verify first certificate. The certificate that we purchased has an intermediate certificate. Have you ever dealt with an intermediate certificate before? I tried to replace the tls_ca_file value with a file containing that intermediate certificate that I recived with the signed certificate, and I didn't see the error anymore. I don't know if that is going to cause any problems though. This is the error I get when I try tls_ca_file points to the ca_bundle file that comes with openssl. [EMAIL PROTECTED] certs]# openssl s_client -connect imap1:993 CONNECTED(0003) depth=0 /C=US/2.5.4.17=13244/ST=NY/L=Syracuse/2.5.4.9=250 A Machinery Hall/O=Syracuse University/OU=CMS/OU=InstantSSL/CN=imap1 verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /C=US/2.5.4.17=13244/ST=NY/L=Syracuse/2.5.4.9=250 A Machinery Hall/O=Syracuse University/OU=CMS/OU=InstantSSL/CN=imap1 verify error:num=27:certificate not trusted verify return:1 depth=0 /C=US/2.5.4.17=13244/ST=NY/L=Syracuse/2.5.4.9=250 A Machinery Hall/O=Syracuse University/OU=CMS/OU=InstantSSL/CN=imap1 verify error:num=21:unable to verify the first certificate verify return:1 This is what I get when I replace tls_ca_file with the intermediate certficiate: [EMAIL PROTECTED] certs]# openssl s_client -connect imap:993 CONNECTED(0003) depth=2 /C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root verify error:num=19:self signed certificate in certificate chain verify return:0 --- Thank you so much for your suggestions. What is the actual problem you are trying to solve? I have an SSL certificate signed by Thawte that I am using with Cyrus IMAP. It gives me the same messages as you when I use openssl s_client against it, but everything is working fine for me. Sorry if I missed earlier parts of this thread. Andy Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
duplicate messages in Microsoft Outlook
we are using cyrus-imap-2.2.12-*. when users connect via POP3 set to leave mail on the server, they receive duplicate copies of each email. over and over again. is this a known problem? is there a solution? thanks bz Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Problems installing ssl certificate for cyrus imap
On Mon, 26 Sep 2005, Nicole Skyrca wrote: Hi Andy, Right now I'm trying to solve the problem of why I get see the unable to get local issuer certificate messages when running the openssl s_client command. I'm not that familiar with ssl (or imap) and I don't know if this is normal or not, or if ssl is working properly. Comodo sent an intermediate CA certificate along with the signed ssl certificate, that I don't know what to do with. Short answer: IMAPS should be working fine on your server. Long answer: The CA certificate is used to verify the authenticity of your SSL certificate (which has been signed by the CA certificate). The CA certificate is needed on the client side of the connection, not the server side, so there is no need to place it anywhere in the context of your Cyrus imapd.conf file. If Comodo is a generally recognized Certificate Authority, then their CA certificate should already be distributed with most web browsers, email clients, etc. To summarize: The CA certificate is only needed by SSL clients, not SSL servers. Let me know if you have any more questions, Andy Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: High-Availability IMAP server
On Mon, 2005-09-26 at 10:03 -0700, Aaron Glenn wrote: On 9/26/05, David [EMAIL PROTECTED] wrote: Is there any way to achieve this goal using cyrus? Which is the best approach to this scenario? Run daily imapsync via cron and a Load Balancer forward the requests to the active one? Any help would be appreciated. There is replication code in the 2.3 branch; though from what I can tell it hasn't been touched in a few months and makes me wonder if it's being actively developed still. Nevertheless, in my exhaustive search for any and all information on IMAP replication, I came across a few list posts detailing the 2.3 replication code in production, without many issues, for over a year. I would be eternally grateful if someone on the list more knowledgeable detailed their experiences with replication. I would be very interested in this solution as well. -- Ow Mun Heng Gentoo/Linux on DELL D600 1.4Ghz 1.5GB RAM 98% Microsoft(tm) Free!! Neuromancer 08:51:25 up 2 days, 13:37, 7 users, load average: 0.31, 0.31, 1.33 Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: frequent mupdate master mailboxes.db corruption, anyone else?
Sergio Devojno Bruder wrote: João Assad wrote: Sergio Devojno Bruder wrote: AHA: Sep 21 09:08:49 mupdate mupdate[17026]: IOERROR: mapping /var/lib/imap/mailboxes.db file: Cannot allocate memory Sep 21 09:08:49 mupdate mupdate[17026]: failed to mmap /var/lib/imap/mailboxes.db file I remember Joao Assad had the same problem, no? -- Sergio Devojno Bruder Sorry , I missed the original post. Is the original poster using Fedora or RHEL ? CentOS 3.0 (migrating today to CentOS 4.1 x86-64 bits), ie, RHEL. -- Sergio Devojno Bruder I belive I found a mmap bug on Fedora Core 2 and RHEL. I never got a confirmation that it is indeed a bug, since at the time support for fedora core 2 ended and the fedora devs decided to move the bug to devel. Anyway, I wrote a patch that changes the way cyrus use mmap. Instead of doing a munmap and a new mmap when needed, my patch changes it so it calls mremap instead. It has been working here ever since, never had the corruption again. You can find the patch and somewhat detailed information about the problem in the end of the bugzilla report here - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152548 . a copy of the patch is also posted on cyrus bugzilla - http://bugzilla.andrew.cmu.edu/show_bug.cgi?id=2640 I hope that helps you. and please review my code because as it's stated in the bugzilla report Im not a very good C programmer ;-) Best regards, João Assad Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html