Authentication by certificate
hi, is it possible to authenticate users by certificate ? thanks Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Anyone use MAIL::IMAPClient?
I know this is a perl question and not an imap-specific question,
but I don't have access to my perl lists from this computer.
The script below compiles and seems to run just fine, but the
message flags are not set to \\Seen in the line
$imap-see(@msgs);
Is there something I'm missing?
Mike
-
#!/usr/bin/perl
#$Id$
# copied from cyrus_expunge.pl
# given a date on the command line
# select all messages in all folders before that date
# set the \Seen flag on all selected messages
# :!perl -d % -v three days ago
# :!perl -d % -v yesterday midnight
# :!perl -d % -v two hours ago
# :!perl -d % -v '12/07/07'
use Date::Manip;
use Mail::IMAPClient;
use IO::File;
use Getopt::Std;
# parse the command line
our($opt_v, $opt_s) = (0, 0);
getopts('sv') or die usage: $0 [-v];
$opt_s = 1 if $opt_v;
my $start = time;
# parse the command-line date
my $bdatestr = join(' ', @ARGV);
my $bdate = ParseDate($bdatestr);
my $bsecs = UnixDate($bdate, '%s');
# Change the following line (or replace it with something better):
my($h, $u, $p) = ('imap.example.com', 'cyrus','secret');
my $imap = Mail::IMAPClient-new(
Server = $h, # imap
host
User= $u,
# $u,
Password= $p,
# $p,
Uid = 1,
# True value
Port= 143,
# Cyrus
Debug = 0,
# True value
Buffer = 4096*10,
# True value
Fast_io = 1,
# True value
Timeout = 30,
# True value
# Debug_fh=
IO::File-new('/tmp/imap.out'), # fhandle
)
or die $@;
my $rfc2060date = $imap-Rfc2060_date($bsecs);
our($folder, $nchanged) = ('', 0);
our($nfolders, $nmessages, $ntotchanged) = (0, 0, 0);
for my $f ( $imap-folders ) {
$folder = $f;
next unless $f =~ /user.mikee.sales/oi;
$nfolders++;
unless ($imap-select($f) ) {
$imap-setacl($f, $u, 'lrswipcda') or warn Cannot setacl for
$f: [EMAIL PROTECTED] and next;
$imap-select($f) or warn Cannot select $f: $@ and next;
}
my @msgs = $imap-before($rfc2060date);
my $messages_before = $imap-message_count($f);
if(defined($messages_before)) {
$imap-see(@msgs) or warn $0: cannot set \\Seen flag on
messages in folder '$f': $@;
$nchanged = scalar(@msgs);
$ntotchanged += $nchanged;
}
write if $opt_v;
}
# write a summary
if($opt_s) {
my $stop = time;
print \nSummary:\n;
print Elapsed Seconds: , ($stop - $start), \n;
print Total Folders: $nfolders\n;
print Total Messages: $nmessages\n;
print Total Changed: $ntotchanged\n;
}
format STDOUT =
@ @
$folder, $nchanged
.
format STDOUT_TOP =
FolderReset
- --
.
-
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus IMAPd 2.3.11 Released
I am pleased to announce the release of Cyrus IMAPd 2.3.11. This release should be considered production quality. Noteworthy changes: * Fixed several skiplist bugs -- courtesy of Fastmail.fm. * Add robustness to skiplist recovery -- courtesy of Fastmail.fm. * Added support for modification sequences to replication protocol (for CONDSTORE) -- courtesy of David Carter. * Fixed delayed delete replication -- courtesy of Fastmail.fm. * Allow [un]deleting of user INBOXes (renaming to/from deleted hierarchy) to work when using delayed delete -- courtesy of Simon Matter. * Prevented SSL_accept() from blocking indefinitely when using TLS/SSL. For full details, please see doc/changes.html and doc/install-upgrade.html which are included in the distribution. URLs for this release: ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.3.11.tar.gz or http://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.3.11.tar.gz Questions and comments can be directed to info-cyrus@lists.andrew.cmu.edu (public list), or [EMAIL PROTECTED] -- Kenneth Murchison Systems Programmer Project Cyrus Developer/Maintainer Carnegie Mellon University Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Authentication by certificate
Matthieu Hallouin free wrote: hi, is it possible to authenticate users by certificate ? thanks If you mean by TLS client certificate, yes. The client must present the certificate to the server with the user's credentials, and then authenticate using the 'EXTERNAL' SASL mechanism. -- Kenneth Murchison Systems Programmer Project Cyrus Developer/Maintainer Carnegie Mellon University Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Anyone use MAIL::IMAPClient?
Hi, Cyrus keeps the \Seen status for each user that has read acces to a Mailbox. So the user to login anf change the \Seen flag has to be the same as the one who checking the status afterwards. In 2.3.10 there is a shared seen status which might be usefull. Quoting Mike Eggleston [EMAIL PROTECTED]: I know this is a perl question and not an imap-specific question, but I don't have access to my perl lists from this computer. The script below compiles and seems to run just fine, but the message flags are not set to \Seen in the line $imap-see(@msgs); Is there something I'm missing? Mike M.Menge Tel.: (49) 7071/29-70316 Universitaet Tuebingen Fax.: (49) 7071/29-5912 Zentrum fuer Datenverarbeitung mail: [EMAIL PROTECTED] Waechterstrasse 76 72074 Tuebingen Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Anyone use MAIL::IMAPClient?
On Mon, 10 Dec 2007, Michael Menge might have said: Hi, Cyrus keeps the \Seen status for each user that has read acces to a Mailbox. So the user to login anf change the \Seen flag has to be the same as the one who checking the status afterwards. In 2.3.10 there is a shared seen status which might be usefull. Quoting Mike Eggleston [EMAIL PROTECTED]: I know this is a perl question and not an imap-specific question, but I don't have access to my perl lists from this computer. The script below compiles and seems to run just fine, but the message flags are not set to \Seen in the line $imap-see(@msgs); Is there something I'm missing? So I am not able to set \Seen as the cyrus user in a normal user's account and have that normal user seen the setting of the \Seen flag? If so, I can see where that makes sense, but *really* what I need at the moment. I had a glitch this morning and all *.seen files were corrputed. I shutdown the server, removed the *.seen files, started the server, and now want to reset \Seen for all my users. Mike Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Authentication by certificate
Ken Murchison a écrit : Matthieu Hallouin free wrote: hi, is it possible to authenticate users by certificate ? thanks If you mean by TLS client certificate, yes. The client must present the certificate to the server with the user's credentials, and then authenticate using the 'EXTERNAL' SASL mechanism. Thank you. I've got a problem with the SASL EXTERNAL. I can not find documentation or implementation on the web ... :-[ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Authentication by certificate
Matthieu Hallouin free wrote: Ken Murchison a écrit : Matthieu Hallouin free wrote: hi, is it possible to authenticate users by certificate ? thanks If you mean by TLS client certificate, yes. The client must present the certificate to the server with the user's credentials, and then authenticate using the 'EXTERNAL' SASL mechanism. Thank you. I've got a problem with the SASL EXTERNAL. I can not find documentation or implementation on the web ... :-[ RFC 4222 -- Kenneth Murchison Systems Programmer Project Cyrus Developer/Maintainer Carnegie Mellon University Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Anyone use MAIL::IMAPClient?
On Dec 10, 2007 8:29 PM, Mike Eggleston [EMAIL PROTECTED] wrote: On Mon, 10 Dec 2007, Michael Menge might have said: Hi, Cyrus keeps the \Seen status for each user that has read acces to a Mailbox. So the user to login anf change the \Seen flag has to be the same as the one who checking the status afterwards. In 2.3.10 there is a shared seen status which might be usefull. Quoting Mike Eggleston [EMAIL PROTECTED]: I know this is a perl question and not an imap-specific question, but I don't have access to my perl lists from this computer. The script below compiles and seems to run just fine, but the message flags are not set to \Seen in the line $imap-see(@msgs); Is there something I'm missing? So I am not able to set \Seen as the cyrus user in a normal user's account and have that normal user seen the setting of the \Seen flag? If so, I can see where that makes sense, but *really* what I need at the moment. I had a glitch this morning and all *.seen files were corrputed. I shutdown the server, removed the *.seen files, started the server, and now want to reset \Seen for all my users. SASL and imap let you login as a user using the cyrus (or any admin) credential, but I dont know how you do that using perl! try # imtest -u [EMAIL PROTECTED] -a [EMAIL PROTECTED] localhost Mike Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -- Alain Spineux aspineux gmail com May the sources be with you Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: mixing versions in murder
On Wed, 21 Nov 2007, Andrew Morgan wrote: Are there any DOs or DON'Ts when mixing different versions of Cyrus in a traditional murder? Specifically, I have a murder at version 2.2.13, and I'd like to upgrade to version 2.3.10. Can I upgrade the frontends first? Do I need to upgrade all of them at once? I proceeded assuming I could have a v2.3.10 frontend with older v2.2.13 backends. However, I was unable to get the APPEND command to work. With telemetry logging enabled, I discovered that a 2.3 frontend issues the IMAP command Localappend to a backend. However, my v2.2.13 backend does not recognize Localappend as a valid command (and it is not present in the source code). If the email client supports referrals (and I wanted to allow referrals), then the client is referred to the correct backend, issues the Append command to the backend, and all is well. I guess I'll have to upgrade the backends first. :( Has anyone else done an upgrade of a Cyrus Murder from v2.2 to v2.3? What steps did you take? Thanks, Andy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
autosieve compilation ignores sieve_extensions setting
Hello University of Athens NOC Development Team, First, thanks for the Cyrus imapd autocreate patches; they've proven to be very useful. I noticed there is a bug in the is_script_parsable() function. Specifically, is_script_parsable() does not obey the sieve_extensions setting in imapd.conf(5); instead, it registers a predefined list of sieve functions. This can lead to two problems: 1. is_script_parsable() can reject as invalid a sieve script that sieve_generate_bytecode() has no issues with. 2. is_script_parsable() can accept as valid a sieve script that sieve_generate_bytecode() will fail. As an example of #1, consider these imapd.conf(5) settings: sieve_extensions: copy envelope fileinto imapflags include notify regex relational subaddress vacation autosievefolders: Junk autocreate_sieve_script: /usr/share/cyrus-imapd/sieve/default Let's say that /usr/share/cyrus-imapd/sieve/default contains: require [include]; include :global spam-auto-file; This script is valid, because sieve_extensions contains include, but is_script_parsable() rejects it, because it doesn't register the include function: Dec 10 20:02:02 example imap[14059]: autocreate_sieve: Error while parsing script script errors: line 1: unsupported feature . As an example of #2, note that since we deliberately exclude reject from sieve_extensions (users always seem to want to use it to reject spam, which is very bad, because doing so generates backscatter), a script that calls reject will fail, even though is_script_parsable() will pass it. It's possible to work around this bug by compiling the Sieve script in advance with sievec, and then setting (e.g.): autocreate_sieve_script: /usr/share/cyrus-imapd/sieve/default autocreate_sieve_compiledscript: /usr/share/cyrus-imapd/sieve/default.bc This does the right thing; the user gets the byte-compiled version of the script installed and activated, but also gets the plain-text version (so they can edit it to customize it). And it's arguably better to do it this way, as then one eliminates the overhead of performing the byte-compile for all newly-created Inboxes. But, still, is_script_parsable() really should obey the sieve_extensions setting... Is this a known issue? If not, although we are in the process of migrating from Cyrus to Exchange (alas), I think I could come up with a patch for this without too much difficulty... Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: mixing versions in murder
UMich continues to run 2.2.x frontends mupdate master with 2.3.x backends. We did successfully xfer all of our user data from 2.2.x backends to 2.3.x backends, after some small adjustments to the code (contributed). :wes On 10 Dec 2007, at 20:55, Andrew Morgan wrote: Has anyone else done an upgrade of a Cyrus Murder from v2.2 to v2.3? What steps did you take? Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
