Re: Best distro for Exim/Cyrus
On Thursday 20 of February 2014 05:50:21 Paul O'Rorke wrote: Hi again guys, thanks for the help thus far. I have managed to get cyrus talking with exim to deliver mail (the -a inside the quotes did this) and I have the cyrus_sasl driver authenticating using DIGEST-MD5: digest_md5_sasl_server: driver = cyrus_sasl public_name = DIGEST-MD5 server_realm = chemainus.mjbrownloos.com server_set_id = $auth1 .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}} .endif Hi, the last three lines (ifnedef - endif) can be IMHO deleted, because DIGEST-MD5 (and CRAM-MD5 and NTLM) do not send plaintext passwords, so should be allowed even on otherwise unencrypted connection. Check if user Debian-exim is member of sasl group - to get access to /etc/sasldb2. I can receive mail OK, exim passes it to cyrus and I can work with mailboxes in Thunderbird however I don't seem to be able to authenticate to the SMTP server when sending. Do I need to specify a separate auth for sending through SMTP? Thunderbird has separate auth setting for SMTP, hovewer you should specify the same user/pass as for IMAP. Check also the option auth method and set encrypted password - which is luser translation of DIGEST/CRAM-MD5. If it can authenticate for IMAP using *digest_md5_sasl_server* why would it fail when sending? Just because IMAP auth is done by cyrus and SMTP auth by exim ;) Check /var/log/exim/*log, there might be some hints... -- S pozdravem Vladislav Kurz === WebStep, s.r.o. (Ltd.) = a step to the Web === address: Mezirka 1, 602 00 Brno, CZ, tel: +420 548 214 711 === www.webstep.net === vladislav.k...@webstep.net === Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyradm cannot connect to cyrus imap server
On 02/20/14 10:35 +0100, Willy Offermans wrote: I'm setting up cyrus on my new FreeBSD 10.0 server. I have used the following package: cyrus-imapd24-2.4.17_4 If I test my setup with imtest, I get connection to the imap server. MyName@MyComputer:~$ imtest -m login -u username -a username -s localhost verify error:num=19:self signed certificate in certificate chain TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM AUTH=PLAIN AUTH=LOGIN SASL-IR] MyComputer Cyrus IMAP v2.4.17 server ready Please enter your password: C: L01 LOGIN username {13} S: + go ahead C: omitted S: L01 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY LOGINDISABLED AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM AUTH=PLAIN AUTH=LOGIN COMPRESS=DEFLATE IDLE] User logged in SESSIONID=MyComputer-11451-1392884061-1 Authenticated. Security strength factor: 256 From the message log file: Feb 19 09:00:11 MyComputer imaps[3437]: imapd:Loading hard-coded DH parameters Feb 19 09:00:11 MyComputer imaps[3437]: starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication Feb 19 09:00:11 MyComputer imaps[3437]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied Feb 19 09:00:15 MyComputer imaps[3437]: badlogin: localhost [127.0.0.1] plaintext username SASL(-13): authentication failure: checkpass failed Feb 19 09:00:30 MyComputer imaps[3437]: starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication Feb 19 09:00:30 MyComputer imaps[3437]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied Feb 19 09:00:39 MyComputer imaps[3437]: login: localhost [127.0.0.1] username plaintext+TLS User logged in SESSIONID=MyComputer-3437-1392800430-1 Feb 19 09:02:18 MyComputer imaps[3437]: USAGE username user: 0.007544 sys: 0.022632 However, if I try to connect via cyradm, I cannot login. MyName@MyComputer:~$ cyradm --user username localhost Password: verify error:num=19:self signed certificate in certificate chain cyradm: cannot authenticate to server with as username Does the output really say this (empty username)? I'm assuming you just removed it when pasting it. from the message log file: Feb 19 09:02:41 MyComputer imap[3440]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied Feb 19 09:02:48 MyComputer imap[3440]: badlogin: localhost [127.0.0.1] SCRAM-SHA-1 [SASL(-13): user not found: unable to canonify user and get auxprops] Feb 19 09:02:51 MyComputer imap[3440]: badlogin: localhost [127.0.0.1] DIGEST-MD5 [SASL(-13): user not found: unable to canonify user and get auxprops] Feb 19 09:02:55 MyComputer imap[3440]: imapd:Loading hard-coded DH parameters Feb 19 09:02:55 MyComputer imap[3440]: starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication Feb 19 09:02:55 MyComputer imap[3440]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied In imapd.conf, set: sasl_mech_list: PLAIN LOGIN EXTERNAL to remove some extraneous error messages. Try specifying a mechanism (--auth=PLAIN) in your cyradm command. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyradm cannot connect to cyrus imap server
Hello Dan and Cyrus Friends, On Thu, Feb 20, 2014 at 08:38:42AM -0600, Dan White wrote: On 02/20/14 10:35 +0100, Willy Offermans wrote: I'm setting up cyrus on my new FreeBSD 10.0 server. I have used the following package: cyrus-imapd24-2.4.17_4 If I test my setup with imtest, I get connection to the imap server. MyName@MyComputer:~$ imtest -m login -u username -a username -s localhost verify error:num=19:self signed certificate in certificate chain TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM AUTH=PLAIN AUTH=LOGIN SASL-IR] MyComputer Cyrus IMAP v2.4.17 server ready Please enter your password: C: L01 LOGIN username {13} S: + go ahead C: omitted S: L01 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY LOGINDISABLED AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM AUTH=PLAIN AUTH=LOGIN COMPRESS=DEFLATE IDLE] User logged in SESSIONID=MyComputer-11451-1392884061-1 Authenticated. Security strength factor: 256 From the message log file: Feb 19 09:00:11 MyComputer imaps[3437]: imapd:Loading hard-coded DH parameters Feb 19 09:00:11 MyComputer imaps[3437]: starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication Feb 19 09:00:11 MyComputer imaps[3437]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied Feb 19 09:00:15 MyComputer imaps[3437]: badlogin: localhost [127.0.0.1] plaintext username SASL(-13): authentication failure: checkpass failed Feb 19 09:00:30 MyComputer imaps[3437]: starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication Feb 19 09:00:30 MyComputer imaps[3437]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied Feb 19 09:00:39 MyComputer imaps[3437]: login: localhost [127.0.0.1] username plaintext+TLS User logged in SESSIONID=MyComputer-3437-1392800430-1 Feb 19 09:02:18 MyComputer imaps[3437]: USAGE username user: 0.007544 sys: 0.022632 However, if I try to connect via cyradm, I cannot login. MyName@MyComputer:~$ cyradm --user username localhost Password: verify error:num=19:self signed certificate in certificate chain cyradm: cannot authenticate to server with as username Does the output really say this (empty username)? I'm assuming you just removed it when pasting it. No Dan, I did not remove anything. I just replaced the actual username by username. There is a whitespace between with and as in the output! from the message log file: Feb 19 09:02:41 MyComputer imap[3440]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied Feb 19 09:02:48 MyComputer imap[3440]: badlogin: localhost [127.0.0.1] SCRAM-SHA-1 [SASL(-13): user not found: unable to canonify user and get auxprops] Feb 19 09:02:51 MyComputer imap[3440]: badlogin: localhost [127.0.0.1] DIGEST-MD5 [SASL(-13): user not found: unable to canonify user and get auxprops] Feb 19 09:02:55 MyComputer imap[3440]: imapd:Loading hard-coded DH parameters Feb 19 09:02:55 MyComputer imap[3440]: starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication Feb 19 09:02:55 MyComputer imap[3440]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied In imapd.conf, set: sasl_mech_list: PLAIN LOGIN EXTERNAL to remove some extraneous error messages. Try specifying a mechanism (--auth=PLAIN) in your cyradm command. -- Dan White I did this and it worked: MyName@MyComputer:~$ cyradm --user username --auth PLAIN localhost verify error:num=19:self signed certificate in certificate chain Password: localhost Many thnx for your help! -- Met vriendelijke groeten, With kind regards, Mit freundlichen Gruessen, Wiel * W.K. Offermans Home: +31 45 544 49 44 Mobile: +31 681 15 87 68 e-mail: wi...@offermans.rompen.nl Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Outlook 2013
Hello, One of my customers has bought a laptop with Outlook 2013. He says he can see his messages over IMAP, but it's a kind of read-only access. The mailserver is an old installation with Cyrus 2.2.13 (Debian Squeeze), so I need to update it to Debian Wheezy (Cyrus 2.4.16) to get e.g. the XLIST command I expect. Yesterday I spoke to someone who said Outlook 2013 gives many problems with IMAP (corruptions of the local cache). What's your experience with Outlook 2013 together with Cyrus? Is it stable and does it really need XLIST? With regards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Best distro for Exim/Cyrus
Thanks Vlad, the last three lines (ifnedef - endif) can be IMHO deleted, because DIGEST-MD5 (and CRAM-MD5 and NTLM) do not send plaintext passwords, so should be allowed even on otherwise unencrypted connection. commented out. Check if user Debian-exim is member of sasl group - to get access to /etc/sasldb2. root@blmail:/etc/exim4/conf.d# groups Debian-exim Debian-exim : Debian-exim root mail sasl cyrus root@blmail:/etc/exim4/conf.d# ls -l /etc/sasldb2 -rw-rw 1 cyrus Debian-exim 12288 Feb 19 20:19 /etc/sasldb2 Looks right to me... Thunderbird has separate auth setting for SMTP, hovewer you should specify the same user/pass as for IMAP. Check also the option auth method and set encrypted password - which is luser translation of DIGEST/CRAM-MD5. It seems that exim is not using the same auth as cyrus. TB doesn't recognise the encrypted passwords option. Nor does Outlook so I don't think it's the MUA. When I let TB query the server for settings it correctly returns with 'Encrypted password' for IMAP but 'Password, transmitted insecurely' for SMTP. Leaving that setting results in the expected 'relay not permitted' setting it in TB to use 'Encrypted password' results in the following error message in TB: Sending of message failed. The SMTP server chemainus.mjbrownloos.com does not support the selected authentication method. Please change the 'Authentication method' in the 'Account Settings | Outgoing Server (SMTP)'. I'm watching (tail -f) the following 4 log files when I send (/var/log/exim/ has only mainlog and rejectlog): /var/log/exim4/mainlog /var/log/exim4/rejectlog /var/log/syslog /var/log/auth.log but I'm not seeing anything helpful. Indeed I need to trace the process on send and find out where is is baulking, any thoughts on how to find that? Since this seems to now be an Exim thing, perhaps at this point I should be asking this on the exim list? *Paul O'Rorke* Tracker Software Products p...@tracker-software.com mailto:paul.oro...@tracker-software.com On 2/20/2014 2:23 AM, Vladislav Kurz wrote: On Thursday 20 of February 2014 05:50:21 Paul O'Rorke wrote: Hi again guys, thanks for the help thus far. I have managed to get cyrus talking with exim to deliver mail (the -a inside the quotes did this) and I have the cyrus_sasl driver authenticating using DIGEST-MD5: digest_md5_sasl_server: driver = cyrus_sasl public_name = DIGEST-MD5 server_realm = chemainus.mjbrownloos.com server_set_id = $auth1 .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}} .endif Hi, the last three lines (ifnedef - endif) can be IMHO deleted, because DIGEST-MD5 (and CRAM-MD5 and NTLM) do not send plaintext passwords, so should be allowed even on otherwise unencrypted connection. Check if user Debian-exim is member of sasl group - to get access to /etc/sasldb2. I can receive mail OK, exim passes it to cyrus and I can work with mailboxes in Thunderbird however I don't seem to be able to authenticate to the SMTP server when sending. Do I need to specify a separate auth for sending through SMTP? Thunderbird has separate auth setting for SMTP, hovewer you should specify the same user/pass as for IMAP. Check also the option auth method and set encrypted password - which is luser translation of DIGEST/CRAM-MD5. If it can authenticate for IMAP using *digest_md5_sasl_server* why would it fail when sending? Just because IMAP auth is done by cyrus and SMTP auth by exim ;) Check /var/log/exim/*log, there might be some hints... -- S pozdravem Vladislav Kurz === WebStep, s.r.o. (Ltd.) = a step to the Web === address: Mezirka 1, 602 00 Brno, CZ, tel: +420 548 214 711 === www.webstep.net === vladislav.k...@webstep.net === Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyradm cannot connect to cyrus imap server
On Thu, Feb 20, 2014 at 10:35:42AM +0100, Willy Offermans wrote: Dear Cyrus Friends, I need your help to solve the following: I'm setting up cyrus on my new FreeBSD 10.0 server. I have used the following package: cyrus-imapd24-2.4.17_4 If I test my setup with imtest, I get connection to the imap server. MyName@MyComputer:~$ imtest -m login -u username -a username -s localhost It works However, if I try to connect via cyradm, I cannot login. MyName@MyComputer:~$ cyradm --user username localhost Password: verify error:num=19:self signed certificate in certificate chain cyradm: cannot authenticate to server with as username You specified your authentication mechanism to be login with imtest. You did not specify an authentication mechanism with cyradm. Perhaps it would work if you try : cyradm --auth login --user username localhost That is only a guess. -- Scott LambertKC5MLE Unix SysAdmin lamb...@lambertfam.org Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyradm cannot connect to cyrus imap server
if cyrus is your user admin just do cyradm --user cyrus --server localhost and it will work depending on your password backend you may need to add user cyrus with sasldb2 or if you use local unix account with saslauthd you just need to set a password for user cyrus with passwd On 2/20/14 11:12 PM, Scott Lambert wrote: On Thu, Feb 20, 2014 at 10:35:42AM +0100, Willy Offermans wrote: Dear Cyrus Friends, I need your help to solve the following: I'm setting up cyrus on my new FreeBSD 10.0 server. I have used the following package: cyrus-imapd24-2.4.17_4 If I test my setup with imtest, I get connection to the imap server. MyName@MyComputer:~$ imtest -m login -u username -a username -s localhost It works However, if I try to connect via cyradm, I cannot login. MyName@MyComputer:~$ cyradm --user username localhost Password: verify error:num=19:self signed certificate in certificate chain cyradm: cannot authenticate to server with as username You specified your authentication mechanism to be login with imtest. You did not specify an authentication mechanism with cyradm. Perhaps it would work if you try : cyradm --auth login --user username localhost That is only a guess. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus