Re: FAQ: SSL authentication
Things you have to do (I think thats it, but maybe I'm forgetting something?): /etc/cyrus.conf: uncomment the entries starting with imaps and pop3s create your own sl-key und get a certificate for your key (eg verisign or a self signed) and set: /etc/imapd.conf tls_ca_path:/etc/ssl/certs# if you have your own CA tls_cert_file: /etc/ssl/cyrus/server.crt # the certificate tls_key_file: /etc/ssl/cyrus/server.key # your key I hope that gives you an idea Chris Am Dienstag, 25. Januar 2005 17.31 schrieben Sie: I know this was covered before but I just cannot find it anywhere. How does Cyrus do IMAP SSL authentication? I want to deply cyrus both at work (suse enterprise 9) and at home (debian 3 stable) and would like to be able to have that in both setups. Anyone? --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Howto Question
Hello Martin sendmail doesn't support sql natively as far as I know; there is a patchset sendmail+sql (http://sourceforge.net/projects/sendmail-sql/), you might try this one. I've tried it some time ago with no success, maybe you have more luck. My solution was to use postfix; is much easier to set up than sendmail (at least with mysql-backend) Howto: don't know if there is one, but the docs are good ;-) g Chris Hi All, i'm wondering if there is a HOWTO to get a virtual doamin mail server working with the following features: - Cyrus imapd (virtdomain, SSL for imap and pop3) - Sendmail (virtdomain, SSL, support for procmail and spamassassin) - Mysql for authenticating users wihtout having local user accounts In general i'm not quite sure if this is realisable. Unfortunately i couldn't find any HOWTO which covers my requirements. Any help is strongly appreciated! Thanks Martin --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus IMAP: mailbox
hi VP maybe you should set your mda to de cyrus deliver program (eg in .fetchmailrc: poll xyz ... mda /path/to/deliver -m mailbox user; don't know the correct options by heart, read the man pages). I think you have to run fetchmail as user cyrus to be allowed to deliver to all mailboxes. cu Chris Am Donnerstag, 11. März 2004 13.28 schrieben Sie: Hi all, I have a Cyrus IMAP server (2.1.15). This server works fine. I could access via Web mail Squirrel without problem. In this server, I fetch mail from another server (POP3) by using fetchmail program. I could found my new messages with mutt client. But via Squirrel (Cyrus IMAP server) I can not found any message. My question: After fetching the mail, howto delivre to Cyrus IMAP server ? Thank you, VP __ Do you Yahoo!? Yahoo! Search - Find what youre looking for faster http://search.yahoo.com --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: login problem
Am Donnerstag, 12. Februar 2004 13.32 schrieben Sie: Hi, Thanks for your answer!!, I follow that howto but in imapd.conf I've sasl_pwcheck_method: saslauthd and in imap file have two lines additional: auth sufficient pam_unix_auth.so account sufficient pam_unix_acct.so well you do not really need them; they are written there to ease the transition (if you want to allow old users in /etc/passwd to auth too). If you just want to authenticate users via pam, the two lines i wrote in my last email are sufficient. when make this changes... in messages log throw me this error: unable to open Berkeley db /etc/sasldb2: Permission denied then I make chown cyrus:mail /etc/sasldb2 that's right :-) -- -rw-r--r--1 cyrusmail12288 Jan 20 23:25 /etc/sasldb2 you don't have to list your users in that db (except the user cyrus which i assume you use to do administrative task must be in that database) and now throw me in messages and imap log : badlogin: [192.168.2.24] plaintext user.domain.cl SASL(-13): user not found: checkpass failed have you started saslauthd -a pam and installed pam_mysql? Because then you should see some stuff from pam_mysql in the logs. but whit this I use Berkeley db, and I want use the users created in mysql with webcyradm. Thanks for your help, Arturo. -Mensaje original- De: Christian Beilstein [mailto:[EMAIL PROTECTED] Enviado el: Miércoles, 11 de Febrero de 2004 18:54 Para: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Asunto: Re: login problem Hi, When try connect me from MUA in messages log through this error: Feb 11 17:11:40 mymachine imap(pam_unix)[3395]: could not identify user (from getpwnam(user.domain.cl)) Exist any way that cyrus take users created in mysql and not mapped over linux users?? yes, there is a way (using pam): use the module pam_mysql (google knows where to find it ;-) set in /etc/imapd.conf: imapsasl_pwcheck_method: saslauthd start: saslauthd -a pam and configure pam_mysql the way you want to use it, eg in /etc/pam.d/imap #%PAM-1.0 auth sufficient pam_mysql.souser=username passwd=mysecret host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=1 logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host account required pam_mysql.souser=username passwd=mysecret host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=1 logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host I would recommend to read the Postfix-Cyrus-Web-cyradmin-Howto; i've taken my configuration from there (and im using SuSE8.2, so the paths are takem from there) greez Chris Thanks in advance. Arturo --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -- Christian Beilstein Albertus-Walderweg 30 CH-8606 Greifensee phone: +4119409675 mobile: +41763659675 e-mail: [EMAIL PROTECTED] --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Additional information about RV: login problem
Hi!... When i change on imapd.conf sasl_pwcheck_method for imapsasl_pwcheck_method in messages log there this: badlogin: [192.168.2.24] plaintext user.domain.cl SASL(-13): user not found: checkpass failed but when is sasl... throw: Feb 12 09:44:09 LXPROD01 saslauthd[2480]: SELECT password FROM accountuser WHERE username='user.domain.cl' Feb 12 09:44:09 LXPROD01 saslauthd[2480]: returning 7 . Feb 12 09:44:09 LXPROD01 saslauthd[2480]: returning 7 after db_checkpasswd. Feb 12 09:44:09 LXPROD01 saslauthd[2480]: do_auth : auth failure: [user=user.domain.cl] [service=imap] [realm=] [mech=pam] [reason=PAM auth error] badlogin: [192.168.2.24] plaintext user.domain.cl SASL(-13): user not found: checkpass failed that's looking good ;-) saslauthd is trying to authenticate via pam_mysql. So you should start saslauthd with flage -d to enable the debugging mode and check the logs again after another try. Maybe you will find there a line like: saslauth[x]: DEBUG: auth_pam: pam_authenticate failed: Permission denied Then check your mysql settings in /etc/pam.d/imap. Another way to debug the problem is to test saslauthd with the program testsaslauthd. Either this program is preinstalled or you have to compile it (its somwhere in the source dir) testsaslauth -u user.domain.cl -p hispassword you should get 0: OK Success. if everything is configured well. good luck chris Thanks for any help... I googling but cant find any answer... Arturo. -Mensaje original- De: Arturo Mardones [mailto:[EMAIL PROTECTED] Enviado el: Jueves, 12 de Febrero de 2004 9:33 Para: 'Christian Beilstein' CC: '[EMAIL PROTECTED]' Asunto: RE: login problem Hi, Thanks for your answer!!, I follow that howto but in imapd.conf I've sasl_pwcheck_method: saslauthd and in imap file have two lines additional: auth sufficient pam_unix_auth.so account sufficient pam_unix_acct.so when make this changes... in messages log throw me this error: unable to open Berkeley db /etc/sasldb2: Permission denied then I make chown cyrus:mail /etc/sasldb2 and now throw me in messages and imap log : badlogin: [192.168.2.24] plaintext user.domain.cl SASL(-13): user not found: checkpass failed but whit this I use Berkeley db, and I want use the users created in mysql with webcyradm. Thanks for your help, Arturo. -Mensaje original- De: Christian Beilstein [mailto:[EMAIL PROTECTED] Enviado el: Miércoles, 11 de Febrero de 2004 18:54 Para: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Asunto: Re: login problem Hi, When try connect me from MUA in messages log through this error: Feb 11 17:11:40 mymachine imap(pam_unix)[3395]: could not identify user (from getpwnam(user.domain.cl)) Exist any way that cyrus take users created in mysql and not mapped over linux users?? yes, there is a way (using pam): use the module pam_mysql (google knows where to find it ;-) set in /etc/imapd.conf: imapsasl_pwcheck_method: saslauthd start: saslauthd -a pam and configure pam_mysql the way you want to use it, eg in /etc/pam.d/imap #%PAM-1.0 auth sufficient pam_mysql.so user=username passwd=mysecret host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=1 logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host account required pam_mysql.so user=username passwd=mysecret host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=1 logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host I would recommend to read the Postfix-Cyrus-Web-cyradmin-Howto; i've taken my configuration from there (and im using SuSE8.2, so the paths are takem from there) greez Chris Thanks in advance. Arturo --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: login problem
Am Donnerstag, 12. Februar 2004 15.09 schrieben Sie: Christian, Saslauthd runs with -c -a options... -c not find in man you now what do? I review init script and not found -c option :-/ saslauthd --help said: -c Enable credential caching. (whatever that means) Starting saslauthd with -d no give much information just: AUTHFAIL: user=user.domain.cl service=imap realm= [PAM auth error] try it with just the two lines of pam_mysql in /etc/pam.d/imap. Don't you get any errors from pam_mysql? Maybe you can raise there the log level (can't remeber, look in the docs) That before dont appear. Ken Murchinson says what pam module have problems for validate... you know what means that?? no idea, i'm very sorry Thanks for your help...!!! Arturo. you're welcome chris -Mensaje original- De: Christian Beilstein [mailto:[EMAIL PROTECTED] Enviado el: Jueves, 12 de Febrero de 2004 10:40 Para: Arturo Mardones CC: [EMAIL PROTECTED] Asunto: Re: login problem Am Donnerstag, 12. Februar 2004 13.32 schrieben Sie: Hi, Thanks for your answer!!, I follow that howto but in imapd.conf I've sasl_pwcheck_method: saslauthd and in imap file have two lines additional: auth sufficient pam_unix_auth.so account sufficient pam_unix_acct.so well you do not really need them; they are written there to ease the transition (if you want to allow old users in /etc/passwd to auth too). If you just want to authenticate users via pam, the two lines i wrote in my last email are sufficient. when make this changes... in messages log throw me this error: unable to open Berkeley db /etc/sasldb2: Permission denied then I make chown cyrus:mail /etc/sasldb2 that's right :-) -- -rw-r--r--1 cyrusmail12288 Jan 20 23:25 /etc/sasldb2 you don't have to list your users in that db (except the user cyrus which i assume you use to do administrative task must be in that database) and now throw me in messages and imap log : badlogin: [192.168.2.24] plaintext user.domain.cl SASL(-13): user not found: checkpass failed have you started saslauthd -a pam and installed pam_mysql? Because then you should see some stuff from pam_mysql in the logs. but whit this I use Berkeley db, and I want use the users created in mysql with webcyradm. Thanks for your help, Arturo. -Mensaje original- De: Christian Beilstein [mailto:[EMAIL PROTECTED] Enviado el: Miércoles, 11 de Febrero de 2004 18:54 Para: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Asunto: Re: login problem Hi, When try connect me from MUA in messages log through this error: Feb 11 17:11:40 mymachine imap(pam_unix)[3395]: could not identify user (from getpwnam(user.domain.cl)) Exist any way that cyrus take users created in mysql and not mapped over linux users?? yes, there is a way (using pam): use the module pam_mysql (google knows where to find it ;-) set in /etc/imapd.conf: imapsasl_pwcheck_method: saslauthd start: saslauthd -a pam and configure pam_mysql the way you want to use it, eg in /etc/pam.d/imap #%PAM-1.0 auth sufficient pam_mysql.souser=username passwd=mysecret host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=1 logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host account required pam_mysql.souser=username passwd=mysecret host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=1 logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host I would recommend to read the Postfix-Cyrus-Web-cyradmin-Howto; i've taken my configuration from there (and im using SuSE8.2, so the paths are takem from there) greez Chris Thanks in advance. Arturo --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: login problem
Hi, When try connect me from MUA in messages log through this error: Feb 11 17:11:40 mymachine imap(pam_unix)[3395]: could not identify user (from getpwnam(user.domain.cl)) Exist any way that cyrus take users created in mysql and not mapped over linux users?? yes, there is a way (using pam): use the module pam_mysql (google knows where to find it ;-) set in /etc/imapd.conf: imapsasl_pwcheck_method: saslauthd start: saslauthd -a pam and configure pam_mysql the way you want to use it, eg in /etc/pam.d/imap #%PAM-1.0 auth sufficient pam_mysql.souser=username passwd=mysecret host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=1 logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host account required pam_mysql.souser=username passwd=mysecret host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=1 logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host I would recommend to read the Postfix-Cyrus-Web-cyradmin-Howto; i've taken my configuration from there (and im using SuSE8.2, so the paths are takem from there) greez Chris Thanks in advance. Arturo --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus and ssl
Troy McKinnon wrote: This is most likely a ssl configuration issue but I would really appreciate any help on this. I followed the setup as per luc's how to on postfix-cyrus netstat shows me that my server is running: tcp0 0 0.0.0.0:2 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:24010.0.0.0:* LISTEN tcp0 0 0.0.0.0:993 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:995 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:33060.0.0.0:* LISTEN tcp0 0 0.0.0.0:110 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:15 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:143 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:20000.0.0.0:* LISTEN tcp0 0 0.0.0.0:1 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:80 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:21 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:54320.0.0.0:* LISTEN tcp0 0 127.0.0.1:953 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:25 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:443 0.0.0.0:* LISTEN tcp0 0 127.0.0.1:8005 :::*LISTEN tcp0 0 :::8009 :::*LISTEN tcp0 0 :::8080 :::*LISTEN tcp0 0 :::53 :::*LISTEN tcp0 0 :::22 :::*LISTEN when I connect to the server via OULOOK express and ssl encrypt it says it is an untrusted domain, and if I want to download the cert. (I created my own cert as per howto)... and once downloaded I get connection refused error. -have you tried another client (e.g. Thunderbird (http://www.mozilla.org/) and are you getting the same error(s)? - have a look at your logfiles (what kind of errors are listed there?) - what exactly does outlook express tell you? Does it provide an errorcode (like 800ccc0e or similar)? - to solve your problem with the untrusted certificate: either you let your certificate sign by an existing certificate authority (eg versigin) - or you set up your own certificate authoritiy and sign your own certificates (thats the cheaper way :-), but you then have to install the ca-certificate on your system since it isn't built by microsoft ;-) How to do that: look at the SSL Certificates HOWTO (google will find it ;-) Regular IMAP or POP3 works fine but I would like to disable that for ssl. Any ideas what I have done wrong? Thanks Troy regards chris
Re: cannot login with cyradm
Hi Had the same problem on RH9; my solution was to add the user cyrus to the /etc/sasldb2 Try saslpwd2 -c cyrus to add cyrus; that should solve the problem (I honestly dont know if it's a good solution, but it worked in my case ;-) good luck chris Hi :) I have a SuSE9.0 with the distributed cyrus-imapd from the installation cds running. Additionally, I downloaded the cyrus-sasl from the official website and compiled it with LDAP support. If I now try 'cyradm --user cyrus localhost' (the user 'cyrus' exists on the LDAP directory), I get cannot connect to server. In /var/log/messages, I see: Dec 16 15:29:28 lx14 master[25264]: about to exec /usr/lib/cyrus/bin/imapd Dec 16 15:29:28 lx14 imap[25264]: executed Dec 16 15:29:28 lx14 imapd[25264]: accepted connection Dec 16 15:29:31 lx14 imapd[25264]: unable to open Berkeley db /etc/sasldb2: No such file or directory Dec 16 15:29:31 lx14 imapd[25264]: no OTP secret in database Dec 16 15:29:31 lx14 imapd[25264]: don't have a OTP secret Dec 16 15:29:31 lx14 imapd[25264]: badlogin: localhost[127.0.0.1] OTP [SASL(-1): generic failure: don't have a OTP secret] Dec 16 15:29:34 lx14 imapd[25264]: DIGEST-MD5 server step 1 Dec 16 15:29:34 lx14 perl: DIGEST-MD5 client step 2 Dec 16 15:29:34 lx14 imapd[25264]: DIGEST-MD5 server step 2 Dec 16 15:29:34 lx14 imapd[25264]: unable to open Berkeley db /etc/sasldb2: No such file or directory Dec 16 15:29:34 lx14 imapd[25264]: unable to open Berkeley db /etc/sasldb2: No such file or directory Dec 16 15:29:34 lx14 imapd[25264]: no secret in database Dec 16 15:29:34 lx14 imapd[25264]: badlogin: localhost[127.0.0.1] DIGEST-MD5 [SASL(-13): user not found: no secret in database] Dec 16 15:29:37 lx14 imapd[25264]: bad userid authenticated Dec 16 15:29:37 lx14 imapd[25264]: badlogin: localhost[127.0.0.1] CRAM-MD5 [SASL(-13): authentication failure: bad userid authenticated] Dec 16 15:29:40 lx14 perl: No worthy mechs found I guess there may be something wrong with the configuration of the imap-server itself!? I already tried to compile cyrus-imapd myself, but make aborts with errors (some undefined references in cyrusMasterMIB.c). Has anybody got a hint for me? Thanks, Nora
Re: read/unread flag per message instead of per user?
Hi Rob, tnx for your answer On Sun, 16 Nov 2003, Christian Beilstein wrote: Is it possible to set the read/unread flag per message (global)? We've got some shared mailboxes (for some kind of workflow) where the other users should see whether the owner has read (or e.g. answered) an email or not. Is it possible to change the default behavior of cyrus (in my case cyrus 2.0.16, running on SuSE Linux 8.0) by configuration file or do I have to change the source? If yes; how difficult would that be? Not easily, but you have a few options here. If what matters is the *answered* state, then you can just used the answered flag, which *is* shared. both flags do matter; the second user should see eg inbox exactely the same way the owner does. Is that attainable? Otherwise, you can use a user flag, which are also shared. Only the seen state isn't shared. What do you mean with a user flag? How do I use it? -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper Christian
read/unread flag per message instead of per user?
Hello everybody I know that this question has been asked some time ago in this list, but I haven't been able to find any answer in your archive or on the net. My question is: Is it possible to set the read/unread flag per message (global)? We've got some shared mailboxes (for some kind of workflow) where the other users should see whether the owner has read (or e.g. answered) an email or not. Is it possible to change the default behavior of cyrus (in my case cyrus 2.0.16, running on SuSE Linux 8.0) by configuration file or do I have to change the source? If yes; how difficult would that be? Thank you all for your help Christian
