Re: sieve authentication
Am Thursday 14 September 2006 22:18 schrieb Mike Husmann:
> > Show your configuration imapd.conf, cyrus.conf. Hmm, maybe
> > hosts.allow/hosts.deny, too.
>
> imapd.conf
>
> # server conf
> servername: rusty.morningside.edu
> umask: 077
> reject8bit: no
> quotawarn: 90
> timeout: 30
> poptimeout: 10
> # singleinstancestore: yes
>
> username_to_lower: yes
> lmtp_downcase_rcpt: yes
> lmtp_over_quota_perm_failure: yes
>
> altnamespace: yes
>
> # user conf
> postmaster: postmaster
> admins: cyrus cyrusadm
>
> # directory and file locations
> configdirectory: /var/spool/cyrus-imap
> partition-default: /var/spool/cyrus-imap
> sievedir: /var/spool/cyrus-imap/sieve
> sendmail: /usr/sbin/sendmail
>
> # authentication
> allowanonymouslogin: no
> allowplaintext: yes
> sasl_mech_list: plain
> sasl_minimum_layer: 0
> sasl_pwcheck_method: saslauthd
>
> # new user automated creates
> autocreate_sieve_script: /var/spool/cyrus-imap/sieve/phpscript
> autocreate_sieve_compiledscript: /var/spool/cyrus-imap/sieve/phpscript.bc
> generate_compiled_sieve_script: yes
> sieve_maxscriptsize: 64
> sieve_maxscripts: 50
>
> autocreateinboxfolders: Spam
> autosubscribeinboxfolders: Spam
> autocreatequota: 51200
> createonpost: yes
>
> # security certificate information
> tls_cert_file: /etc/ssl/certs/imap.morningside.edu.crt
> tls_key_file: /etc/ssl/certs/imap.morningside.edu.key
> tls_ca_file: /etc/ssl/certs/imap.morningside.edu.ca-bundle
> ---
> cyrus.conf
> ---
> # standard standalone server implementation
>
> START {
> # do not delete this entry!
> recover cmd="ctl_cyrusdb -r"
>
> # this is only necessary if using idled for IMAP IDLE
> # idledcmd="idled"
> }
>
> # UNIX sockets start with a slash and are put into
> /var/spool/cyrus-imap/socket SERVICES {
> # add or remove based on preferences
> imap cmd="imapd" listen="imap" prefork=0
> imaps cmd="imapd -s" listen="imaps" prefork=0
> pop3 cmd="pop3d" listen="pop3" prefork=0
> pop3s cmd="pop3d -s" listen="pop3s" prefork=0
> sieve cmd="timsieved" listen="sieve" prefork=0
>
> # at least one LMTP is required for delivery
> # lmtp cmd="lmtpd" listen="lmtp" prefork=0
> lmtpunix cmd="lmtpd" listen="/var/spool/cyrus-imap/socket/lmtp"
> prefork=0
>
> # this is only necessary if using notifications
> # notify cmd="notifyd" listen="/var/spool/cyrus-imap/socket/notify"
> proto="udp" prefork=1
> }
>
> EVENTS {
> # this is required
> checkpointcmd="ctl_cyrusdb -c" period=15
>
> # this is only necessary if using duplicate delivery suppression
> delprune cmd="ctl_deliver -E 3" at=0400
>
> # this is only necessary if caching TLS sessions
> tlsprune cmd="tls_prune" at=0400
> }
> ---
> hosts.allow and hosts.deny are both empty.
> ---
Hmm, I don't see a reason, why sieve-logins from a Remote-Machine can fail.
Except for the Remote-Machine(s) itself. You have the Server configured to
offer "PLAIN" to the Clients. Check if the Clients have the Cyrus-SASL
Mechanism PLAIN (libplain.*) installed.
If PLAIN is installed, the next step would be to use a network-sniffer and
look for the Dialog between Server and Client.
--
Andreas
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Deferred email with remote protocol error in reply
Am Friday 15 September 2006 04:52 schrieb Hardi Gunawan: > My email server experiencing a delivery problem. > Here's the log: > relay=/var/lib/imap/socket/lmtp[/var/lib/imap/socket/lmtp], > delay=0, status=deferred (remote protocol error in > reply from > /var/lib/imap/socket/lmtp[/var/lib/imap/socket/lmtp] > while sending end of data -- message may be sent more > than once) > > I've searched the net, but can't find a definite > answer to this. But seems that some people are > experiencing the same problem, and they've the same > cyrus version as mine. I'm using Cyrus-Imapd 2.1.12 > and BDB 4.3. Hmm, it seems, that Server (Cyrus lmtpd) and Client (Postfix lmtp) are out of sync. I've never seen that on Unix-Sockets. Turn on verbose Logging in Postfix. master.cf: lmtp . lmtp -v or lmtp . lmtp -v -v And show the conservation. > Secondly, how do I find out whether the email has > reached the user (especially with multiple recipients > in the system). Can I just do a "find" in the > /var/spool/imap of a particular user? What do the Logs say on the Cyrus-Side? You can run a grep/find for the MessageId. -- Andreas Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
RE: Backing up of a group of users mailboxes
> Subject: Re: Backing up of a group of users mailboxes > > > Hi, > > > > What is the correct way to backup a couple of users' > > mailboxes? [...] > > If you have configured single instance store, Cyrus will > hardlink those files. Now when you backup using tar, [...] If it's only a few users why not have them use the MUA? In Outlook one can create local (read: on the hdd) .pst files as exports of an IMAP folder. I think in Mozilla Thunderbird one can also "drag/drop" messages from IMAP to "Local Folders". Only catch is of course the fact that you'll have to use the same type of MUA to read the archives; Modern Outlook (2003 at least) can open Outlook 98 .pst files without any problems... Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Deferred email with remote protocol error in reply
On 2006-09-14 at 19:52 -0700, Hardi Gunawan wrote: > I've searched the net, but can't find a definite > answer to this. But seems that some people are > experiencing the same problem, and they've the same > cyrus version as mine. I'm using Cyrus-Imapd 2.1.12 > and BDB 4.3. You do not mention which OS you are using, so we can't suggest which tool to use to try to capture a traffic dump from the Unix socket (if such a dump is even possible on your OS). The only time that I know of when Cyrus does something "awkward" is that it refuses messages with embedded literal NUL characters; if it's quoted-printable or base64, that's obviously okay. If Cyrus rejects the message quickly whilst the MTA is still sending and the MTA gets upset, that might explain what you're seeing. That idea contains a lot of speculation and wild-arsed guessing. -- "Everything has three factors: politics, money, and the right way to do it. In that order." -- Gary Donahue Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Backing up of a group of users mailboxes
Ciprian Vizitiu wrote: If it's only a few users why not have them use the MUA? In Outlook one can create local (read: on the hdd) .pst files as exports of an IMAP folder. I think in Mozilla Thunderbird one can also "drag/drop" messages from IMAP to "Local Folders". Only catch is of course the fact that you'll have to use the same type of MUA to read the archives; Modern Outlook (2003 at least) can open Outlook 98 .pst files without any problems... An alternative could be to set up an IMAP server that writes to mbox, and use imapsync or something similar to transfer the messages. Then all you need to do is copy the mbox files to the DVD. This way, you can store the DVDs as you wish, and read them using anything from simple command line mail tools to full blown MUAs (and even mount them to be readable by an mbox-based IMAP server, in case they ever need to be accessed remotely). There may even be a tool that will connect to Cyrus and download the messages into a corresponding mbox structure. The result is a nonproprietary set of files that is archive-friendly (future-proof, MUA independent, and highly compressable). Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sieve authentication
> > Hmm, I don't see a reason, why sieve-logins from a Remote-Machine can fail. > > Except for the Remote-Machine(s) itself. You have the Server configured to > offer "PLAIN" to the Clients. Check if the Clients have the Cyrus-SASL > Mechanism PLAIN (libplain.*) installed. > > If PLAIN is installed, the next step would be to use a network-sniffer and > look for the Dialog between Server and Client. This is where things get weird.. If I do a sivtest from a remote machine, here is the result: --- sivtest -a bebo -u bebo imap.morningside.edu S: "IMPLEMENTATION" "Cyrus timsieved v2.2.12" S: "SASL" "PLAIN" S: "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex" S: "STARTTLS" S: OK Authentication failed. no mechanism available Security strength factor: 0 C: LOGOUT Connection closed. --- On the local machine, this works fine, and prompts for a password. But from what I'm seeing here, it's dropping the connection because it doesn't think there are any auth mechs available...? sieveshell has a similar result: --- \>sieveshell -a bebo -u bebo imap.morningside.edu connecting to imap.morningside.edu unable to connect to server at /usr/bin/sieveshell line 169. --- This is different from the others that include a line about (password). Once again, the server drops the connection before it has a chance to authenticate. My /etc/pam.d/sieve looks like: #%PAM-1.0 auth required pam_nologin.so auth sufficient pam_ldap.so auth required pam_pwdb.so shadow nodelay accountrequired pam_pwdb.so sessionrequired pam_pwdb.so And the strangest part of this whole deal is that it has worked flawlessly, as it is set up now, since April. Mike Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Integrted tool for adminstering Cyrus IMAP and LDAP.
On Sep 13, 2006, at 8:29 AM, Alexander Dalloz wrote: AndrXs Tarallo schrieb: I have to deploy an Email Server based on Cyrus IMAP, Postfix and LDAP. This is no problem, I have done it before.However our customer requests for a web based tool for administering user accounts and quotas. We found tools capable of administering accounts in the LDAP Server (ie LDAPmyADMIN) or cyrus accounts, but not an integrated tool.We want a tool where you can create a Cyrus account with LDAP autentication filling one web based form, Same with modifications and deletions. ISPman - http://www.ispman.net/ - does all this. It is an integrated solution and does not just do the LDAP administration through a web interface. Does someone has something to recomend? Thanks in advance. OSX server. you may need to recompile postfix to add ldap support but after that, your off to the races. A/P Andres Tarallo Alexander Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sieve authentication
> Except for the Remote-Machine(s) itself. You have the Server configured to > offer "PLAIN" to the Clients. Check if the Clients have the Cyrus-SASL > Mechanism PLAIN (libplain.*) installed. > That's the ticket.. I installed the extra library on my test system and found that indeed network auth had never been broken! A simple upgrade of my squirrelmail plugin made it compatible with the php upgrade that had just happned a couple days ago. I'm off and running again. Thanks so much, Mike > > -- > Andreas > > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
