how to secure authentication ?
Dear list , SSL encryption is working now :-) the next step of security is securing the authentication. I am using PLAIN and LOGIN. is it secure ? How to securely authenticate ? please enlighten me ? here is my /etc/imapd.conf --- configdirectory: /var/lib/imap partition-default: /var/spool/imap sievedir: /var/lib/sieve admins: cyrus allowplaintext: yes sasl_minimum_layer: 0 sasl_mech_list: LOGIN PLAIN allowanonymouslogin: no autocreatequota: 1 reject8bit: no quotawarn: 90 timeout: 30 poptimeout: 10 dracinterval: 0 drachost: localhost sasl_pwcheck_method: saslauthd #auxprop saslauthd #sasl_auxprop_plugin: sasldb2 servername: linux.kolkatainfoservices.in lmtp_overquota_perm_failure: no lmtp_downcase_rcpt: yes # # if you want TLS, you have to generate certificates and keys # tls_cert_file: /etc/openldap/myca/servercert.pem tls_key_file: /etc/openldap/myca/serverkey.pem tls_ca_file: /etc/openldap/myca/cacert.pem tls_ca_path: /etc/openldap/myca/ #tls_require_cert: no #tlscache_db: berkeley unixhierarchysep: yes virtdomains: yes defaultdomain: kolkatainfoservices.in loginrealms: kolkatainfoservices.in hashimapspool: true lmtpsocket: /var/lib/imap/socket/lmtp Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
sieve is working with allowplaintext: yes
OK list, finally I have solved it. in /etc/imapd.cong I have modified allowplaintext: yes sasl_minimum_layer: 0 sasl_mech_list: LOGIN PLAIN and now sieve is working well. but I like to know how [allowplaintext: yes] can effect my security than [allowplaintext: no] ? thanks Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus, postfix and NFS
> Hi, > > I am currently trying to gather informations on the cyrus vs NFS > situation. I'm sorry if this has been asked several times on the mailing > list, what I need is some details, to understand correctly the situation > and evaluate the viability of some projects. > > The FAQ and some messages mention that it is unsafe, for ex: > http://www.irbs.net/internet/info-cyrus/0503/0238.html > http://kolab.org/pipermail/kolab-devel/2005-July/004033.html > > As I understand, there are two problems: > * using locks is unsafe on NFS, especially for db files > * some problems with mmap > > It seems that recent changes (say, last 4-6 months) in the linux kernel > have been made to try to solve this problem. > > Some informations: > - linux/debian etch (kernel 2.6.18) > - postfix (2.3) + cyrus-murder + cyrus imap (2.2.10) > - backend would be connected to a NAS. It could get up to 10k IMAP > connections (simultaneous), while the postfix could receive 500k mails > per day > > So, here are my questions: > - did the situation change ? > - is it possible to know precisely if a backend will work or not with > NFS ? Known working (or not-working) situations ? > - is there a way to avoid the problem, or to test if it is still > present ? There has been some discussion about using NFSv4 with cyrus on this list recently. At least on Linux I think nobody had success, and we are still waiting to test with a current Solaris version. Maybe someone tried it in the mean time and is able to report. Simon Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: ptloader
On Wed, Apr 04, 2007 at 05:56:12PM +0100, Bernhard D Rohrer wrote: > Hi folks > > I am trying to authorise ldap groups with cyrus for use in public > folders. now looking though the mailing list has led me to finding > that ptloader is responsible for this. > > I have not been able to find any documentation for this on my > computer, even though the doc package is installed. > > I also have not found a library for this :( > > distro is ubuntu dapper. > > could you point me at a starting point or two please? Your imapd must be builded with --with-ldap option. After that, you get file (path for FreeBSD) /usr/local/cyrus/bin/ptloader. host2# ldd /usr/local/cyrus/bin/ptloader | grep ldap libldap-2.3.so.2 => /usr/local/lib/libldap-2.3.so.2 (0x28131000) imapd.conf(5) have quite enough information, when package builded with ldap support enabled. WBR Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
ptloader
Hi folks I am trying to authorise ldap groups with cyrus for use in public folders. now looking though the mailing list has led me to finding that ptloader is responsible for this. I have not been able to find any documentation for this on my computer, even though the doc package is installed. I also have not found a library for this :( distro is ubuntu dapper. could you point me at a starting point or two please? thanks Bernhard -- Graylion's Fetish & Fashion Store Goth and Kinky Boots, Clothing and Jewellery http://www.graylion.net Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
cyrus, postfix and NFS
Hi, I am currently trying to gather informations on the cyrus vs NFS situation. I'm sorry if this has been asked several times on the mailing list, what I need is some details, to understand correctly the situation and evaluate the viability of some projects. The FAQ and some messages mention that it is unsafe, for ex: http://www.irbs.net/internet/info-cyrus/0503/0238.html http://kolab.org/pipermail/kolab-devel/2005-July/004033.html As I understand, there are two problems: * using locks is unsafe on NFS, especially for db files * some problems with mmap It seems that recent changes (say, last 4-6 months) in the linux kernel have been made to try to solve this problem. Some informations: - linux/debian etch (kernel 2.6.18) - postfix (2.3) + cyrus-murder + cyrus imap (2.2.10) - backend would be connected to a NAS. It could get up to 10k IMAP connections (simultaneous), while the postfix could receive 500k mails per day So, here are my questions: - did the situation change ? - is it possible to know precisely if a backend will work or not with NFS ? Known working (or not-working) situations ? - is there a way to avoid the problem, or to test if it is still present ? Thanks Regards, Pierre Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Bare newlines problem
Paul van der Vlis wrote: It's a big message with foto's, 3.5 MB. I am not sure this warning is correct. I hope somebody can tell me how I can remove the bare newline(s) in the message. I've had to deal with this issue when moving such a message between accounts, in my case from a UW-IMAP server using mbx to a Cyrus 2.3 server. While forwarding the message usually works, it's inelegant. Oddly, I've found that simply copying it to temporary folder on the UW-IMAP server before copying it to Cyrus is often all that's needed for the operation to be successful. YMMV. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Bare newlines problem
Joseph Brennan schreef: > > > --On Tuesday, April 3, 2007 13:27 +0200 Paul van der Vlis > <[EMAIL PROTECTED]> wrote: > >> Hello, >> >> When I move a message to another mailbox, I get a warning about bare >> newlines. How can I remove these bare newlines? >> >> It's a big message with foto's, 3.5 MB. I am not sure this warning is >> correct. >> >> I allready tried a perl-script of Joseph Brennan what I found in this >> list, but it did not change the message (checked with diff). > > The script prepares mbox-format mailboxes for mailutil, which complains > if there are CR characters (\015) in the mbox-format files. It changes > CRLF to LF and then changes remaining CR to LF. Bare LF is normal for > unix files. > > Are you sure it says "bare newlines"? Newline is an ambiguous term. Yes. The warning is: "Message contains bare newlines." It's Cyrus 2.1. I hope somebody can tell me how I can remove the bare newline(s) in the message. With regards, Paul van der Vlis. > Joseph Brennan > Lead Email Systems Engineer > Columbia University Information Technology > > > > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -- http://www.vandervlis.nl/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Murder / frontend does not connect to backend
Selon Andrew Morgan <[EMAIL PROTECTED]>: > On Tue, 3 Apr 2007, [EMAIL PROTECTED] wrote: > > > Hello, > > > > I'm setting up a cyrus murder in a lab and I'm facing a problem. > > The architecture is quite simple : 1 frontend, 1 backend and a mupdate > master > > > > We are using cyrus 2.2.13-10 on Debian etch. > > > > The Mupdate seems OK, I can LIST from everywhere. If I create a mailbox on > the > > backend I can see it with mupdatetest on the frontend quickly. > > > > But I cannot make a single IMAP SELECT command on the frontend. > > This problem can be tracked with cyradm. > > When I try to create a mailbox. I've this strange message and there is NO > trafic > > between frontend and backend. The same message arises when connecting with > a > > IMAP client > > > > localhost> cm user.user1.tutu > > createmailbox: Server(s) unavailable to complete operation > > > > Log line associated : > > Mar 23 00:01:31 proxy1 cyrus/proxyd[12155]: connect(default) failed: > Invalid > > argument > > --- > > But if I try to delete a mailbox I can see trafic between front and back > > servers. > > > > So my (maybe first) question is : > > Why there is no communication when connecting to IMAP ? > > What does mean "connect(default) failed: Invalid argument" in the log > > Everything I found was related to authentication but this does not seem an > issue > > in my setup. > > > > Thanks in advance > > In my experience, you cannot create a mailbox when connected to a frontend > server. Your environment with 1 backend makes it seem silly, but in the > case with multiple backends you would need some way to specify where to > create the mailbox. In our case, our script randomly picks a backend, > connects to it, and creates the mailbox. > > Andy > Thanks for your answer, I use 1 frontend because it's a test lab. Cyradm was just an example tool. My main question was "How to troubleshoot IMAP connection to backend". I am unable to make a SELECT with imtest or any IMAP client. See below the results with imtest. [snip] S: L01 OK User logged in Authenticated. Security strength factor: 0 a SELECT INBOX a NO Server(s) unavailable to complete operation b SELECT user.user1.INBOX b NO Server(s) unavailable to complete operation and the log Mar 23 09:50:44 proxy1 cyrus/proxyd[12409]: connect(imapback.rescom.mi) failed: Invalid argument Why there is no communication when connecting to IMAP ? What does mean "connect(default) failed: Invalid argument" in the log ? Thanks Arnaud Brugnon Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
