capability
Hi, Is there a way that I can prevent the proxies on the front end of my Murder cluster from advertising MAILBOX-REFERRALS in the CAPABILITY string? Or from issuing referrals? -- Ian Eiloart IT Services, University of Sussex x3148 Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
offering limited pop access
Hi, I offer an IMAP service to 12000 users, but we don't offer POP3. However, we have a blind person who has a braille computer, with POP3 client, but no IMAP client. I've configured a perdition proxy which can give him POP, but not IMAP access. However, we're moving toward using Cyrus proxyd front end, with LDAP authentication (through SASL). Is there a way I can configure my murder cluster to perform a different IMAP lookup for POP3 authentication, compared to IMAP authentication. Or, is there some other way that I can restrict POP3 access to certain users? I've got configuration files at /local/cyrus-sasl-2.1.22/lib/sasl2/imap.conf which just says: pwcheck_method: saslauthd mech_list: plain I presume I need a pop.conf file that's similar, but can't find any documentation. and /local/cyrus-sasl-2.1.22/etc/saslauthd.conf which specifies how to access the LDAP servers. I want everything the same, but with a different value for ldap_filter. Can I just override this in pop3.conf? Or do I set sasl_ldap_filter my cyrus configuration, instead? -- Ian Eiloart IT Services, University of Sussex x3148 Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: capability
On 29 Oct 2008, at 09:18, Ian Eiloart wrote: Is there a way that I can prevent the proxies on the front end of my Murder cluster from advertising MAILBOX-REFERRALS in the CAPABILITY string? Or from issuing referrals? There doesn't appear to be a way to disable advertising MAILBOX- REFERRALS, but you can set proxyd_disable_mailbox_referrals to turn them off. Seems wrong, doesn't it? Like the capability should be removed with that option as well, right? :wes Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: capability
--On 29 October 2008 11:25:04 -0400 Wesley Craig [EMAIL PROTECTED] wrote: On 29 Oct 2008, at 09:18, Ian Eiloart wrote: Is there a way that I can prevent the proxies on the front end of my Murder cluster from advertising MAILBOX-REFERRALS in the CAPABILITY string? Or from issuing referrals? There doesn't appear to be a way to disable advertising MAILBOX-REFERRALS, but you can set proxyd_disable_mailbox_referrals to turn them off. Seems wrong, doesn't it? Like the capability should be removed with that option as well, right? :wes That should work nicely. I'll have to upgrade from 2.3.8 to do that. -- Ian Eiloart IT Services, University of Sussex x3148 Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: offering limited pop access
--On 29 October 2008 16:21:34 +0100 Christiaan den Besten [EMAIL PROTECTED] wrote: Hi ! Can't you handle this in de search filter in perdition ? ... so run perdition for pop with a different configuration file then for imap. And add some specific field to ldap to search on for pop3 access I can, but I'm switching to Cyrus IMAP proxy (to enable sharing of mailboxes across backends), and would like to abandon perdition if possible. I don't want to maintain a whole set of software just to support one user. bye, Chris - Original Message - From: Ian Eiloart [EMAIL PROTECTED] To: info-cyrus@lists.andrew.cmu.edu Sent: Wednesday, October 29, 2008 2:36 PM Subject: offering limited pop access Hi, I offer an IMAP service to 12000 users, but we don't offer POP3. However, we have a blind person who has a braille computer, with POP3 client, but no IMAP client. I've configured a perdition proxy which can give him POP, but not IMAP access. However, we're moving toward using Cyrus proxyd front end, with LDAP authentication (through SASL). Is there a way I can configure my murder cluster to perform a different IMAP lookup for POP3 authentication, compared to IMAP authentication. Or, is there some other way that I can restrict POP3 access to certain users? I've got configuration files at /local/cyrus-sasl-2.1.22/lib/sasl2/imap.conf which just says: pwcheck_method: saslauthd mech_list: plain I presume I need a pop.conf file that's similar, but can't find any documentation. and /local/cyrus-sasl-2.1.22/etc/saslauthd.conf which specifies how to access the LDAP servers. I want everything the same, but with a different value for ldap_filter. Can I just override this in pop3.conf? Or do I set sasl_ldap_filter my cyrus configuration, instead? -- Ian Eiloart IT Services, University of Sussex x3148 Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -- Ian Eiloart IT Services, University of Sussex x3148 Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: offering limited pop access
You can run two saslauthd's, with separate configurations and separate sockets. The one for pop would use the special ldap filter, presumably looking for an attribute or something that only users authorized to use POP would have. :wes On 29 Oct 2008, at 09:36, Ian Eiloart wrote: I offer an IMAP service to 12000 users, but we don't offer POP3. However, we have a blind person who has a braille computer, with POP3 client, but no IMAP client. I've configured a perdition proxy which can give him POP, but not IMAP access. However, we're moving toward using Cyrus proxyd front end, with LDAP authentication (through SASL). Is there a way I can configure my murder cluster to perform a different IMAP lookup for POP3 authentication, compared to IMAP authentication. Or, is there some other way that I can restrict POP3 access to certain users? I've got configuration files at /local/cyrus-sasl-2.1.22/lib/sasl2/imap.conf which just says: pwcheck_method: saslauthd mech_list: plain I presume I need a pop.conf file that's similar, but can't find any documentation. and /local/cyrus-sasl-2.1.22/etc/saslauthd.conf which specifies how to access the LDAP servers. I want everything the same, but with a different value for ldap_filter. Can I just override this in pop3.conf? Or do I set sasl_ldap_filter my cyrus configuration, instead? Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: offering limited pop access
I offer an IMAP service to 12000 users, but we don't offer POP3. However, we have a blind person who has a braille computer, with POP3 client, but no IMAP client. I've configured a perdition proxy which can give him POP, but not IMAP access. However, we're moving toward using Cyrus proxyd front end, with LDAP authentication (through SASL). Is there a way I can configure my murder cluster to perform a different IMAP lookup for POP3 authentication, compared to IMAP authentication. Or, is there some other way that I can restrict POP3 access to certain users? I've got configuration files at /local/cyrus-sasl-2.1.22/lib/sasl2/imap.conf which just says: pwcheck_method: saslauthd mech_list: plain I presume I need a pop.conf file that's similar, but can't find any documentation. and /local/cyrus-sasl-2.1.22/etc/saslauthd.conf which specifies how to access the LDAP servers. I want everything the same, but with a different value for ldap_filter. Can I just override this in pop3.conf? Or do I set sasl_ldap_filter my cyrus configuration, instead? If you want to use ldap for both cases, you have to use two diffrent saslauthd's running. I would think about a diffrent auxprop Backend for example sasldb with only one entry for this User. Use the well hidden feature in your imapd.conf and separate them with: # SASL-COnfig only for pop3 Daemon pop3_sasl_pwcheck_method: auxprop pop3_sasl_auxprop_plugin: sasldb pop3_sasl_mech_list: plain login cram-md5 digest-md5 and # SASL-Config for all other Daemons sasl_pwcheck_method: saslauthd sasl_mech_list: plain login or you can use just: sasl_pwcheck_method: auxprop saslauthd sasl_auxprop_plugin: sasldb This would look in both backends. If you don't want to use sasldb and insist in using saslauthd, then something like: pop3_sasl_saslauthd_path: /path/to/second/saslauthd/mux and configure a second independent instance of saslauthd with it's own Configuration for this one User. -- Andreas Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus IMAPd 2.3.13 Released
Hi,
Recently updated to Cyrus IMAPd 2.3.13 with Gentoo, and ahem i'm
having a unreliable connection on 1 account getting in with sieveshell.
There is no decent way for me to debug this at this time except strace
(gdb was not very useful).
One account that has an active sieve script can login, however an
account with a no sieve script... cannot login
Dirty fix, copy the sieve.bc and sieve script from that user, ln -sf
defaultbc it... login it works.
Otherwise, it just sits there hanging at the prompt...
Thanks,
Scott M. Likens
syslog here.
Oct 29 21:25:27 desolation master[28464]: about to exec /usr/lib/cyrus/
timsieved
Oct 29 21:25:27 desolation sieve[28464]: executed
Oct 29 21:25:27 desolation sieve[28464]: accepted connection
Oct 29 21:25:27 desolation perl: DIGEST-MD5 client step 2
Oct 29 21:25:39 desolation sieve[28464]: login: localhost[127.0.0.1]
scott DIGEST-MD5 User logged in
Oct 29 21:25:39 desolation perl: DIGEST-MD5 client step 3
I did try and nuke my mailboxes.db thinking that was related, nah...
not even close.
//
[EMAIL PROTECTED] /usr/lib/cyrus $ strace -p 28464
Process 28464 attached - interrupt to quit
select(1, [0], NULL, NULL, {215992, 633000}) = 1 (in [0], left
{215987, 975000})
read(0, {352+}\r\n..., 4096) = 8
select(1, [0], NULL, NULL, {216000, 0}) = 1 (in [0], left {215999,
96})
read(0, dXNlcm5hbWU9InNjb3R0IixyZWFsbT0iZ..., 4096) = 354
open(/etc/sasl2/sasldb2, O_RDONLY)= 12
fstat(12, {st_mode=S_IFREG|0600, st_size=12398, ...}) = 0
flock(12, LOCK_SH|LOCK_NB) = 0
read(12, \316\232W\23\0\20\0\0\0\20\0\0\0\0\0\0\0\20\0\0\t
\0\0\0\0\20\0\0\246\0\0\0\0..., 72) = 72
read(12,
\0
\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0...,
4024) = 4024
lseek(12, 4096, SEEK_SET) = 4096
read(12, \0 \0\0\0\0\0\0\0 \0\0\0\0\0\0\0 \0\0\0\0\0\0\0
\0\0\0\0\0\0\0..., 4096) = 4096
brk(0x734000) = 0x734000
brk(0x755000) = 0x755000
brk(0x776000) = 0x776000
lseek(12, 8192, SEEK_SET) = 8192
read(12,
\1
\0\0\0\0\0\0\0\222\17\0\0\0\0\0\0n0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0...,
4096) = 4096
lseek(12, 12324, SEEK_SET) = 12324
read(12, scott\0desolation\0userPasswordjade..., 37) = 37
flock(12, LOCK_UN) = 0
close(12) = 0
brk(0x72b000) = 0x72b000
brk(0x729000) = 0x729000
brk(0x728000) = 0x728000
open(/etc/sasl2/sasldb2, O_RDONLY)= 12
fstat(12, {st_mode=S_IFREG|0600, st_size=12398, ...}) = 0
flock(12, LOCK_SH|LOCK_NB) = 0
read(12, \316\232W\23\0\20\0\0\0\20\0\0\0\0\0\0\0\20\0\0\t
\0\0\0\0\20\0\0\246\0\0\0\0..., 72) = 72
read(12,
\0
\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0...,
4024) = 4024
lseek(12, 4096, SEEK_SET) = 4096
read(12, \0 \0\0\0\0\0\0\0 \0\0\0\0\0\0\0 \0\0\0\0\0\0\0
\0\0\0\0\0\0\0..., 4096) = 4096
brk(0x749000) = 0x749000
brk(0x76a000) = 0x76a000
brk(0x78b000) = 0x78b000
lseek(12, 8192, SEEK_SET) = 8192
read(12,
\1
\0\0\0\0\0\0\0\222\17\0\0\0\0\0\0n0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0...,
4096) = 4096
flock(12, LOCK_UN) = 0
close(12) = 0
brk(0x72b000) = 0x72b000
brk(0x729000) = 0x729000
brk(0x728000) = 0x728000
socket(PF_FILE, SOCK_STREAM, 0) = 12
fcntl(12, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(12, {sa_family=AF_FILE, path=/var/run/nscd/socket...}, 110)
= -1 ENOENT (No such file or directory)
close(12) = 0
socket(PF_FILE, SOCK_STREAM, 0) = 12
fcntl(12, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(12, {sa_family=AF_FILE, path=/var/run/nscd/socket...}, 110)
= -1 ENOENT (No such file or directory)
close(12) = 0
open(/etc/ld.so.cache, O_RDONLY) = 12
fstat(12, {st_mode=S_IFREG|0644, st_size=102465, ...}) = 0
mmap(NULL, 102465, PROT_READ, MAP_PRIVATE, 12, 0) = 0x7fa5e4099000
close(12) = 0
open(/lib/libnss_compat.so.2, O_RDONLY) = 12
read(12, \177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0
\0\1\0\0\0\320\22\0\0\0\0\0\0@..., 832) = 832
fstat(12, {st_mode=S_IFREG|0755, st_size=40294, ...}) = 0
mmap(NULL, 2127088, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
12, 0) = 0x7fa5dea74000
mprotect(0x7fa5dea7b000, 2093056, PROT_NONE) = 0
mmap(0x7fa5dec7a000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|
MAP_DENYWRITE, 12, 0x6000) = 0x7fa5dec7a000
close(12) = 0
open(/lib/libnsl.so.1, O_RDONLY) = 12
read(12, \177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\0\1\0\0\@
\0\0\0\0\0\0@..., 832) = 832
fstat(12, {st_mode=S_IFREG|0755, st_size=108430, ...}) = 0
mmap(NULL, 219,
