Re: How to test timsieved
Paul van der Vlis wrote: > C: AUTHENTICATE "PLAIN" {16+} > AHBhdWwAZXJ1NGJj I hope you changed your password after you posted that ;-) > S: NO "Authentication Error" > Authentication failed. generic failure > Security strength factor: 0 PvdV> Anybody here knows how to find-out why the PvdV> authentication does not work? Assuming the Debian default logging config, have a look in /var/log/mail.log for lines containing both "sieve" and "badlogin". If that looks OK apart from "authentication failure", look at /var/log/auth.log. PvdV> On another machine (with Cyrus 2.2) everything works fine. Then you can use the two configurations to compare. Does IMAP authentication on the _same_ machine work? What settings are you using for (sieve_)allowplaintext and tls_*? What is your authentication backend? Cheers Duncan -- Duncan Gibb - Technical Director Sirius Corporation plc - control through freedom http://www.siriusit.co.uk/ || t: +44 870 608 0063 Debian Cyrus Team - https://alioth.debian.org/projects/pkg-cyrus-imapd/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Need advice on building a Cyrus IMAP cluster
Michael Sims wrote: > Hi Dave, > > Dave McMurtrie wrote: >> As of Cyrus 2.3, the code supports the notion of application-level >> replication. It's near real-time replication of all the application >> data, but one copy of the data isn't live. This is more of an >> active/passive solution, since you have to do something to make cyrus >> aware of the 2nd copy of the data if you suffer some type of failure >> of >> the first copy. > > Quick question on this. If I setup an active/passive cluster and put the > mail spool AND all of the application data on a SAN that both nodes have > access to (not simultaneously, of course), doesn't that bypass the need for > using "mupdate_config: replicated"? Thanks... What you're proposing is to set up an active/passive cluster that will cover you in the event of server hardware failure, and that's fine. You don't need to enable replication for this to work. Doing data replication will help you if you suffer a catastrophic data loss, as well. It's just a second copy of all your mail data, so think of it like an online backup. We do replication in addition to backups right now simply because the path to recovery would be much faster. Thanks, Dave Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: How to test timsieved
Duncan Gibb schreef: > Paul van der Vlis wrote: > >> C: AUTHENTICATE "PLAIN" {16+} >> AHBhdWwAZXJ1NGJj > > I hope you changed your password after you posted that ;-) > >> S: NO "Authentication Error" >> Authentication failed. generic failure >> Security strength factor: 0 > > PvdV> Anybody here knows how to find-out why the > PvdV> authentication does not work? > > Assuming the Debian default logging config, have a look in > /var/log/mail.log for lines containing both "sieve" and "badlogin". Aug 13 11:27:40 sigmund cyrus/timsieved[16455]: badlogin: localhost[127.0.0.1] PLAIN authentication failure > If > that looks OK apart from "authentication failure", look at > /var/log/auth.log. Aug 13 11:27:40 sigmund saslauthd[12960]: do_auth : auth failure: [user=root] [service=sieve] [realm=] [mech=pam] [reason=PAM auth error] > PvdV> On another machine (with Cyrus 2.2) everything works fine. > > Then you can use the two configurations to compare. Yes, there is no big difference. > Does IMAP authentication on the _same_ machine work? Yes. > What settings are you using for (sieve_)allowplaintext and tls_*? I don't have a "sieve_allowplaintext", I have tried it with "yes", but it did not help. allowplaintext: yes I have the same problems with "tls_sieve_cert_file: disabled" or not, so I think the problem is not tls-related. > What is your authentication backend? saslauthd -> pam -> unix In the pam modules for both imap and sieve I have: @include common-auth @include common-account Thanks for your help. With regards, Paul van der Vlis. -- http://www.vandervlis.nl/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: How to test timsieved
On 13/08/09 12:01 +0200, Paul van der Vlis wrote: Duncan Gibb schreef: Paul van der Vlis wrote: C: AUTHENTICATE "PLAIN" {16+} AHBhdWwAZXJ1NGJj I hope you changed your password after you posted that ;-) Let me echo that statement, since it looks like you're logging in as root! Your password is now publicly known. Aug 13 11:27:40 sigmund cyrus/timsieved[16455]: badlogin: localhost[127.0.0.1] PLAIN authentication failure Aug 13 11:27:40 sigmund saslauthd[12960]: do_auth : auth failure: [user=root] [service=sieve] [realm=] [mech=pam] [reason=PAM auth error] Try: testsaslauthd -u username -p password testsaslauthd -u username -p password -s sieve testsaslauthd -u username -p password -s imap Do you get different answers? If not, can you include the output of 'grep sasl /etc/imapd.conf'? (assuming there is no sensitive information), and the contents of your /etc/default/saslauthd? What is your authentication backend? saslauthd -> pam -> unix In the pam modules for both imap and sieve I have: @include common-auth @include common-account -- Dan White signature.asc Description: Digital signature Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: How to test timsieved
On Thu, Aug 13, 2009 at 10:18:33AM +0100, Duncan Gibb wrote: > Paul van der Vlis wrote: > > > C: AUTHENTICATE "PLAIN" {16+} > > AHBhdWwAZXJ1NGJj > > I hope you changed your password after you posted that ;-) eru4bc - at least it's stronger than the average crappy passwords you see floating around. All lowercase though, and only one number... mine at least has an uppercase in there :) Bron ( just making the point that your password really was in the clear there, even if it looks obscured ) Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: How to test timsieved
Dan White schreef: > On 13/08/09 12:01 +0200, Paul van der Vlis wrote: >> Duncan Gibb schreef: >>> Paul van der Vlis wrote: >>> C: AUTHENTICATE "PLAIN" {16+} AHBhdWwAZXJ1NGJj >>> >>> I hope you changed your password after you posted that ;-) > > Let me echo that statement, since it looks like you're logging in as root! > Your password is now publicly known. I did change the password (and it was not the root-password). >> Aug 13 11:27:40 sigmund cyrus/timsieved[16455]: badlogin: >> localhost[127.0.0.1] PLAIN authentication failure >> >> Aug 13 11:27:40 sigmund saslauthd[12960]: do_auth : auth >> failure: [user=root] [service=sieve] [realm=] [mech=pam] [reason=PAM >> auth error] >> > > Try: > > testsaslauthd -u username -p password > testsaslauthd -u username -p password -s sieve > testsaslauthd -u username -p password -s imap > > Do you get different answers? No, they give all: 0: OK "Success." when I do it as root or as user cyrus. But when I execute "testsaslauthd" as another user, it fails with a "connect() : Permission denied". But this is also the case on the other machine what works correct. > If not, can you include the output of 'grep sasl /etc/imapd.conf'? > (assuming there is no sensitive information), and the contents of your > /etc/default/saslauthd? sasl_mech_list: PLAIN sasl_minimum_layer: 0 #sasl_maximum_layer: 256 sasl_pwcheck_method: saslauthd #sasl_auxprop_plugin: sasldb sasl_auto_transition: no /etc/default/saslauthd: START=yes MECHANISMS="pam" MECH_OPTIONS="" THREADS=5 OPTIONS="-c" Maybe this is important: sigmund:~# ls -ld /var/run/saslauthd lrwxrwxrwx 1 root root 37 2009-07-22 14:01 /var/run/saslauthd -> /var/spool/postfix/var/run/saslauthd/ sigmund:~# ls -ld /var/spool/postfix/var/run/saslauthd/ drwx--x--- 2 root sasl 200 2009-07-22 14:02 /var/spool/postfix/var/run/saslauthd/ sigmund:~# ls -l /var/spool/postfix/var/run/saslauthd/ total 929 -rw--- 1 root root 0 2009-07-22 14:02 cache.flock -rw--- 1 root root 945152 2009-07-22 14:02 cache.mmap srwxrwxrwx 1 root root 0 2009-07-22 14:02 mux -rw--- 1 root root 0 2009-07-22 14:02 mux.accept -rw--- 1 root root 6 2009-07-22 14:02 saslauthd.pid Thanks for your help! With regards, Paul van der Vlis. -- http://www.vandervlis.nl/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: How to test timsieved
On Thu, Aug 13, 2009 at 08:58:50AM -0500, Dan White wrote: > On 13/08/09 12:01 +0200, Paul van der Vlis wrote: > >Duncan Gibb schreef: > >>Paul van der Vlis wrote: > >> > >>>C: AUTHENTICATE "PLAIN" {16+} > >>>AHBhdWwAZXJ1NGJj > >> > >>I hope you changed your password after you posted that ;-) > > Let me echo that statement, since it looks like you're logging in as root! > Your password is now publicly known. How did you get that? That decodes to username "paul". > >Aug 13 11:27:40 sigmund cyrus/timsieved[16455]: badlogin: > >localhost[127.0.0.1] PLAIN authentication failure > > > >Aug 13 11:27:40 sigmund saslauthd[12960]: do_auth : auth > >failure: [user=root] [service=sieve] [realm=] [mech=pam] [reason=PAM > >auth error] Oh yeah, this bit. Guess something's not configured correctly to talk with PAM. Bron. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: How to test timsieved
On 13/08/09 16:56 +0200, Paul van der Vlis wrote: Aug 13 11:27:40 sigmund saslauthd[12960]: do_auth : auth failure: [user=root] [service=sieve] [realm=] [mech=pam] [reason=PAM auth error] testsaslauthd -u username -p password testsaslauthd -u username -p password -s sieve testsaslauthd -u username -p password -s imap Do you get different answers? No, they give all: 0: OK "Success." when I do it as root or as user cyrus. But when I execute "testsaslauthd" as another user, it fails with a "connect() : Permission denied". But this is also the case on the other machine what works correct. It looks like you're configured to allow members of the sasl group to access the saslauthd mux, so that error is to be expected. sasl_mech_list: PLAIN sasl_minimum_layer: 0 #sasl_maximum_layer: 256 sasl_pwcheck_method: saslauthd #sasl_auxprop_plugin: sasldb sasl_auto_transition: no /etc/default/saslauthd: START=yes MECHANISMS="pam" MECH_OPTIONS="" THREADS=5 OPTIONS="-c" Maybe this is important: sigmund:~# ls -ld /var/run/saslauthd lrwxrwxrwx 1 root root 37 2009-07-22 14:01 /var/run/saslauthd -> /var/spool/postfix/var/run/saslauthd/ sigmund:~# ls -ld /var/spool/postfix/var/run/saslauthd/ drwx--x--- 2 root sasl 200 2009-07-22 14:02 /var/spool/postfix/var/run/saslauthd/ sigmund:~# ls -l /var/spool/postfix/var/run/saslauthd/ total 929 -rw--- 1 root root 0 2009-07-22 14:02 cache.flock -rw--- 1 root root 945152 2009-07-22 14:02 cache.mmap srwxrwxrwx 1 root root 0 2009-07-22 14:02 mux -rw--- 1 root root 0 2009-07-22 14:02 mux.accept -rw--- 1 root root 6 2009-07-22 14:02 saslauthd.pid Looks fine. I wonder if timsieved is calling saslauthd with different options, like with a realm. I'd be curious what you're seeing when saslauthd is in debug mode. -- Dan White signature.asc Description: Digital signature Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Multiple instance Howto?
Is there a howto for setting up multiple cyrus instances? I have created two sets of: startup scripts cyrus.conf files (each process told to use the corresponding config file and IP) imapd.conf files /var/spool/imap directories /var/lib/imap directories I thought I had everything running fine (imap/pop works) until I tried to deliver mail to LMTP and found that if both instances were running that LMTP would refuse connections. If someone has a proven howto, I'd appreciate being able to review it. Thanks, --Blake Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html