capability
Hi, Is there a way that I can prevent the proxies on the front end of my Murder cluster from advertising MAILBOX-REFERRALS in the CAPABILITY string? Or from issuing referrals? -- Ian Eiloart IT Services, University of Sussex x3148 Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
offering limited pop access
Hi, I offer an IMAP service to 12000 users, but we don't offer POP3. However, we have a blind person who has a braille computer, with POP3 client, but no IMAP client. I've configured a perdition proxy which can give him POP, but not IMAP access. However, we're moving toward using Cyrus proxyd front end, with LDAP authentication (through SASL). Is there a way I can configure my murder cluster to perform a different IMAP lookup for POP3 authentication, compared to IMAP authentication. Or, is there some other way that I can restrict POP3 access to certain users? I've got configuration files at /local/cyrus-sasl-2.1.22/lib/sasl2/imap.conf which just says: pwcheck_method: saslauthd mech_list: plain I presume I need a pop.conf file that's similar, but can't find any documentation. and /local/cyrus-sasl-2.1.22/etc/saslauthd.conf which specifies how to access the LDAP servers. I want everything the same, but with a different value for ldap_filter. Can I just override this in pop3.conf? Or do I set sasl_ldap_filter my cyrus configuration, instead? -- Ian Eiloart IT Services, University of Sussex x3148 Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: capability
On 29 Oct 2008, at 09:18, Ian Eiloart wrote: Is there a way that I can prevent the proxies on the front end of my Murder cluster from advertising MAILBOX-REFERRALS in the CAPABILITY string? Or from issuing referrals? There doesn't appear to be a way to disable advertising MAILBOX- REFERRALS, but you can set proxyd_disable_mailbox_referrals to turn them off. Seems wrong, doesn't it? Like the capability should be removed with that option as well, right? :wes Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: capability
--On 29 October 2008 11:25:04 -0400 Wesley Craig [EMAIL PROTECTED] wrote: On 29 Oct 2008, at 09:18, Ian Eiloart wrote: Is there a way that I can prevent the proxies on the front end of my Murder cluster from advertising MAILBOX-REFERRALS in the CAPABILITY string? Or from issuing referrals? There doesn't appear to be a way to disable advertising MAILBOX-REFERRALS, but you can set proxyd_disable_mailbox_referrals to turn them off. Seems wrong, doesn't it? Like the capability should be removed with that option as well, right? :wes That should work nicely. I'll have to upgrade from 2.3.8 to do that. -- Ian Eiloart IT Services, University of Sussex x3148 Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: offering limited pop access
--On 29 October 2008 16:21:34 +0100 Christiaan den Besten [EMAIL PROTECTED] wrote: Hi ! Can't you handle this in de search filter in perdition ? ... so run perdition for pop with a different configuration file then for imap. And add some specific field to ldap to search on for pop3 access I can, but I'm switching to Cyrus IMAP proxy (to enable sharing of mailboxes across backends), and would like to abandon perdition if possible. I don't want to maintain a whole set of software just to support one user. bye, Chris - Original Message - From: Ian Eiloart [EMAIL PROTECTED] To: info-cyrus@lists.andrew.cmu.edu Sent: Wednesday, October 29, 2008 2:36 PM Subject: offering limited pop access Hi, I offer an IMAP service to 12000 users, but we don't offer POP3. However, we have a blind person who has a braille computer, with POP3 client, but no IMAP client. I've configured a perdition proxy which can give him POP, but not IMAP access. However, we're moving toward using Cyrus proxyd front end, with LDAP authentication (through SASL). Is there a way I can configure my murder cluster to perform a different IMAP lookup for POP3 authentication, compared to IMAP authentication. Or, is there some other way that I can restrict POP3 access to certain users? I've got configuration files at /local/cyrus-sasl-2.1.22/lib/sasl2/imap.conf which just says: pwcheck_method: saslauthd mech_list: plain I presume I need a pop.conf file that's similar, but can't find any documentation. and /local/cyrus-sasl-2.1.22/etc/saslauthd.conf which specifies how to access the LDAP servers. I want everything the same, but with a different value for ldap_filter. Can I just override this in pop3.conf? Or do I set sasl_ldap_filter my cyrus configuration, instead? -- Ian Eiloart IT Services, University of Sussex x3148 Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -- Ian Eiloart IT Services, University of Sussex x3148 Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: offering limited pop access
You can run two saslauthd's, with separate configurations and separate sockets. The one for pop would use the special ldap filter, presumably looking for an attribute or something that only users authorized to use POP would have. :wes On 29 Oct 2008, at 09:36, Ian Eiloart wrote: I offer an IMAP service to 12000 users, but we don't offer POP3. However, we have a blind person who has a braille computer, with POP3 client, but no IMAP client. I've configured a perdition proxy which can give him POP, but not IMAP access. However, we're moving toward using Cyrus proxyd front end, with LDAP authentication (through SASL). Is there a way I can configure my murder cluster to perform a different IMAP lookup for POP3 authentication, compared to IMAP authentication. Or, is there some other way that I can restrict POP3 access to certain users? I've got configuration files at /local/cyrus-sasl-2.1.22/lib/sasl2/imap.conf which just says: pwcheck_method: saslauthd mech_list: plain I presume I need a pop.conf file that's similar, but can't find any documentation. and /local/cyrus-sasl-2.1.22/etc/saslauthd.conf which specifies how to access the LDAP servers. I want everything the same, but with a different value for ldap_filter. Can I just override this in pop3.conf? Or do I set sasl_ldap_filter my cyrus configuration, instead? Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: offering limited pop access
I offer an IMAP service to 12000 users, but we don't offer POP3. However, we have a blind person who has a braille computer, with POP3 client, but no IMAP client. I've configured a perdition proxy which can give him POP, but not IMAP access. However, we're moving toward using Cyrus proxyd front end, with LDAP authentication (through SASL). Is there a way I can configure my murder cluster to perform a different IMAP lookup for POP3 authentication, compared to IMAP authentication. Or, is there some other way that I can restrict POP3 access to certain users? I've got configuration files at /local/cyrus-sasl-2.1.22/lib/sasl2/imap.conf which just says: pwcheck_method: saslauthd mech_list: plain I presume I need a pop.conf file that's similar, but can't find any documentation. and /local/cyrus-sasl-2.1.22/etc/saslauthd.conf which specifies how to access the LDAP servers. I want everything the same, but with a different value for ldap_filter. Can I just override this in pop3.conf? Or do I set sasl_ldap_filter my cyrus configuration, instead? If you want to use ldap for both cases, you have to use two diffrent saslauthd's running. I would think about a diffrent auxprop Backend for example sasldb with only one entry for this User. Use the well hidden feature in your imapd.conf and separate them with: # SASL-COnfig only for pop3 Daemon pop3_sasl_pwcheck_method: auxprop pop3_sasl_auxprop_plugin: sasldb pop3_sasl_mech_list: plain login cram-md5 digest-md5 and # SASL-Config for all other Daemons sasl_pwcheck_method: saslauthd sasl_mech_list: plain login or you can use just: sasl_pwcheck_method: auxprop saslauthd sasl_auxprop_plugin: sasldb This would look in both backends. If you don't want to use sasldb and insist in using saslauthd, then something like: pop3_sasl_saslauthd_path: /path/to/second/saslauthd/mux and configure a second independent instance of saslauthd with it's own Configuration for this one User. -- Andreas Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus IMAPd 2.3.13 Released
Hi, Recently updated to Cyrus IMAPd 2.3.13 with Gentoo, and ahem i'm having a unreliable connection on 1 account getting in with sieveshell. There is no decent way for me to debug this at this time except strace (gdb was not very useful). One account that has an active sieve script can login, however an account with a no sieve script... cannot login Dirty fix, copy the sieve.bc and sieve script from that user, ln -sf defaultbc it... login it works. Otherwise, it just sits there hanging at the prompt... Thanks, Scott M. Likens syslog here. Oct 29 21:25:27 desolation master[28464]: about to exec /usr/lib/cyrus/ timsieved Oct 29 21:25:27 desolation sieve[28464]: executed Oct 29 21:25:27 desolation sieve[28464]: accepted connection Oct 29 21:25:27 desolation perl: DIGEST-MD5 client step 2 Oct 29 21:25:39 desolation sieve[28464]: login: localhost[127.0.0.1] scott DIGEST-MD5 User logged in Oct 29 21:25:39 desolation perl: DIGEST-MD5 client step 3 I did try and nuke my mailboxes.db thinking that was related, nah... not even close. // [EMAIL PROTECTED] /usr/lib/cyrus $ strace -p 28464 Process 28464 attached - interrupt to quit select(1, [0], NULL, NULL, {215992, 633000}) = 1 (in [0], left {215987, 975000}) read(0, {352+}\r\n..., 4096) = 8 select(1, [0], NULL, NULL, {216000, 0}) = 1 (in [0], left {215999, 96}) read(0, dXNlcm5hbWU9InNjb3R0IixyZWFsbT0iZ..., 4096) = 354 open(/etc/sasl2/sasldb2, O_RDONLY)= 12 fstat(12, {st_mode=S_IFREG|0600, st_size=12398, ...}) = 0 flock(12, LOCK_SH|LOCK_NB) = 0 read(12, \316\232W\23\0\20\0\0\0\20\0\0\0\0\0\0\0\20\0\0\t \0\0\0\0\20\0\0\246\0\0\0\0..., 72) = 72 read(12, \0 \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0..., 4024) = 4024 lseek(12, 4096, SEEK_SET) = 4096 read(12, \0 \0\0\0\0\0\0\0 \0\0\0\0\0\0\0 \0\0\0\0\0\0\0 \0\0\0\0\0\0\0..., 4096) = 4096 brk(0x734000) = 0x734000 brk(0x755000) = 0x755000 brk(0x776000) = 0x776000 lseek(12, 8192, SEEK_SET) = 8192 read(12, \1 \0\0\0\0\0\0\0\222\17\0\0\0\0\0\0n0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0..., 4096) = 4096 lseek(12, 12324, SEEK_SET) = 12324 read(12, scott\0desolation\0userPasswordjade..., 37) = 37 flock(12, LOCK_UN) = 0 close(12) = 0 brk(0x72b000) = 0x72b000 brk(0x729000) = 0x729000 brk(0x728000) = 0x728000 open(/etc/sasl2/sasldb2, O_RDONLY)= 12 fstat(12, {st_mode=S_IFREG|0600, st_size=12398, ...}) = 0 flock(12, LOCK_SH|LOCK_NB) = 0 read(12, \316\232W\23\0\20\0\0\0\20\0\0\0\0\0\0\0\20\0\0\t \0\0\0\0\20\0\0\246\0\0\0\0..., 72) = 72 read(12, \0 \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0..., 4024) = 4024 lseek(12, 4096, SEEK_SET) = 4096 read(12, \0 \0\0\0\0\0\0\0 \0\0\0\0\0\0\0 \0\0\0\0\0\0\0 \0\0\0\0\0\0\0..., 4096) = 4096 brk(0x749000) = 0x749000 brk(0x76a000) = 0x76a000 brk(0x78b000) = 0x78b000 lseek(12, 8192, SEEK_SET) = 8192 read(12, \1 \0\0\0\0\0\0\0\222\17\0\0\0\0\0\0n0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0..., 4096) = 4096 flock(12, LOCK_UN) = 0 close(12) = 0 brk(0x72b000) = 0x72b000 brk(0x729000) = 0x729000 brk(0x728000) = 0x728000 socket(PF_FILE, SOCK_STREAM, 0) = 12 fcntl(12, F_SETFL, O_RDWR|O_NONBLOCK) = 0 connect(12, {sa_family=AF_FILE, path=/var/run/nscd/socket...}, 110) = -1 ENOENT (No such file or directory) close(12) = 0 socket(PF_FILE, SOCK_STREAM, 0) = 12 fcntl(12, F_SETFL, O_RDWR|O_NONBLOCK) = 0 connect(12, {sa_family=AF_FILE, path=/var/run/nscd/socket...}, 110) = -1 ENOENT (No such file or directory) close(12) = 0 open(/etc/ld.so.cache, O_RDONLY) = 12 fstat(12, {st_mode=S_IFREG|0644, st_size=102465, ...}) = 0 mmap(NULL, 102465, PROT_READ, MAP_PRIVATE, 12, 0) = 0x7fa5e4099000 close(12) = 0 open(/lib/libnss_compat.so.2, O_RDONLY) = 12 read(12, \177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0 \0\1\0\0\0\320\22\0\0\0\0\0\0@..., 832) = 832 fstat(12, {st_mode=S_IFREG|0755, st_size=40294, ...}) = 0 mmap(NULL, 2127088, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 12, 0) = 0x7fa5dea74000 mprotect(0x7fa5dea7b000, 2093056, PROT_NONE) = 0 mmap(0x7fa5dec7a000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED| MAP_DENYWRITE, 12, 0x6000) = 0x7fa5dec7a000 close(12) = 0 open(/lib/libnsl.so.1, O_RDONLY) = 12 read(12, \177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\0\1\0\0\@ \0\0\0\0\0\0@..., 832) = 832 fstat(12, {st_mode=S_IFREG|0755, st_size=108430, ...}) = 0 mmap(NULL, 219,