Re: IMAP client that support ACL ... again !
Etienne Goyer <[EMAIL PROTECTED]> wrote: > Basically, which IMAP client support displaying and/or editing ACL ? Mulberry: http://www.cyrusoft.com/mulberry/ -- Cillian --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: INBOX of shared account
Christoph Krempe <[EMAIL PROTECTED]> wrote: > Hi, > I set up a cyurs-account "tester" which I want to share with the group > users. Therefore I did a "sam" on user.tester with the following result: > > group:users lrswipcda > tester lrswipcda > cyrus lrswipcda > > I my own account I can see "tester" an its sub-folders, but not its > INBOX. What's the mistake? I think it'll show up like this: + user | -+ tester <- This should be the INBOX here I think | -- subfolder | -- subfolder2 | .. -- Cillian
Re: How can a program securely get new/unread msg status on lots of Cyrus mailboxes?
Don Jackson <[EMAIL PROTECTED]> wrote: > I wrote a perl script that uses the IMAP protocol to do this for myself. > In order to get this info for a user, my perl script has to log into the > cyrus server as the user. So my script needs to know the password for > each user. This is pretty unacceptable from a security perspective, my > script would have to know the passwords of every user it was providing > service to. > > Is there a way to create a user that has access to the unseen msg count > for other users, but nothing else? (eg, would not be able to actually > read any users messsages). That way if the password was compromised, the > only thing that could be done with it is to find out how many unseen > msgs other people have. Is it possible to change from one user's > mailbox to another users's mail via the IMAP protocol? The IMAP AUTH command provides a way to do this. You authenticate with an admin username + password but request authorisation as some other user. Kind of like using "su". It does require logging in & out for each user however and if the password is compromised, they have full admin access to the server. You should be able to test this with imtest, e.g: imtest -u jblogg -a cyrus imap-host (enter cyrus admin password, logged in as jblogg) Note that you need to be logged in as the user in question to check the new/unread status as it is set on a per-user basis. -- Cillian
Re: Cyrus on FreeBSD
Morten Winther <[EMAIL PROTECTED]> wrote: > I've changed imapd.conf, so that: > > admins: root You should include cyrus in the list above.. > Now the problem - I cannot add a user mailbox?? ..or connect as root here instead: > scharlingsvej# cyradm -u cyrus localhost > Please enter your password: > localhost.adsl.dk> cm user.test > createmailbox: Permission denied > localhost.adsl.dk> BTW, you appear to be using pwcheck yet you use saslpassword to assign passwords. pwcheck authenticates from passwd file, saslpasswd uses the "sasldb", which is distinct from the passwd file. You should probably check which method cyrus is using.. Regards, -- Cillian
Re: Migrating from wu-imap to Cyrus
Marko Cuk <[EMAIL PROTECTED]> wrote: > I have working cyrus, but I have problems with migration. > > If I try to move messages in Netscape client, it moves some folders, but on > some folders I get an error, that message contains invalid header... I got that too when doing a mass-conversion a while back, but my script simply 'ignored' troublesome mails and carried on. I never did track down what header Cyrus didn't like as the number of dropped mails was small. I'd recommend tracking down which message is causing the problem then look for any invalid headers (or post it here nothing seems amiss). Regards, -- Cillian
Re: Getting many different systems to use the same authentication method?
James Courtier-Dutton <[EMAIL PROTECTED]> wrote: > I have Linux acting as the server for a small office of about 5 client > Windows PCs. > I am using Cyrus IMAP, SAMBA (SMB for windows browsing of network drives), > and telnet access to a shell for a few people. > To set and change passwords I have: - > Cyrus IMAP uses saslpasswd. > SAMBA uses smbpasswd. > shell access uses passwd. > > I would like all 3 to use the same password method. Is this possible ? > Is there any common authentication which all 3 can use ? > > I am trying to use linux as a drop in replacement for Windows NT/2000 server > for simple file sharing and imap email. > Everything works pretty well, apart from having to have 3 different > passwords for each user. :-( > > Can anybody help me ? You could try storing passwords in Samba only and using pam_smb for authenticating other services. Or you could look into using LDAP for central authentication. Regards, -- Cillian
Re: Do flags work with the APPEND command?
Lawrence Greenfield <[EMAIL PROTECTED]> wrote:
>Gary Mills writes:
>>
>>So that means that what I'm trying to do is impossible! I have several
>>thousand users with Unix mailboxes, and I'm trying to load them into
>>Cyrus. I don't know their passwords. Last time I did this, on a
>>smaller scale, I just redelivered all the mail. This had the side
>>effect that all the mail appeared as new and unread. This time, I'd
>>like to preserve the status of each message. So, it can't be done?
Recently, I converted ~500 users email from Netscape's 'local mail' format to
a Cyrus server and also got bitten when trying to preserve the \Seen flag.
>2) Provide a mechanism in Cyrus for the administrator to `su' to another
> user. It could be controlled by a configuration option. The loading
> script could log in once as the administrator and then impersonate
> each user as it appended to that user's mailbox.
>
> SASL already has this mechanism, and I use it frequently. Cyrus
> allows administrators to authorize as any user.
This is what I did, but as I was operating over a non-SSL localhost
connection, PLAIN wasn't available. The following temporary patch fixed that:
===
--- imapd.c.origSun Jul 8 16:59:59 2001
+++ imapd.c Tue Jul 31 19:12:13 2001
@@ -522,7 +522,7 @@
fatal("SASL failed initializing: sasl_server_new()", EC_TEMPFAIL);
}
-secprops = mysasl_secprops(SASL_SEC_NOPLAINTEXT);
+secprops = mysasl_secprops(0);
sasl_setprop(imapd_saslconn, SASL_SEC_PROPS, secprops);
if (extprops.ssf) {
sasl_setprop(imapd_saslconn, SASL_SSF_EXTERNAL, &extprops);
Although from Ken's email it seems the -p option to imapd would have sufficed
instead, oh well!
Regards,
--
Cillian
Re: [Fwd: Problem with Sieve & Vacation message]
Atif Ghaffar <[EMAIL PROTECTED]> wrote: > If it is possible, I would suggest two remedies. > > 1. Dont check for any envelope. If the mail has arrived to my box, then > it was destined for me and a vacation reply should be sent. > > 2. Look up address in some map such as LDAP mail aliases etc. > > I prefer the first one, but it has one drawback. > Vacation replies will be sent to group addresses , example info@company, > sales@company etc. Perhaps use method 1 above and organise your sieve script as follows: ? - redirect mailing lists, "group" addresses, etc. to appropriate folder(s) or even just into INBOX. stop further processing. - anything which gets past these filters is subject to vacation (i.e. these should be purely "personal" messages hopefully) I haven't used vacation or Sieve before so I'm not sure how feasible this is. -- Cillian
Re: News for SIG11: imapd only crashes when account is configured for subscribed folders.
Levent Gündogdu <[EMAIL PROTECTED]> wrote:
> Yeah!
>
> I don't believe it! I can access my imapd account. All I did was
> changing the advanced options in mozilla to get all folders and not only
> the subscribed ones. Maybe this will help you find the bug finally.
>
> Thanks a lot.
>
> Bye,
> Levo.
>
> P.S. That "unknown option -s" for imapd and pop3d still persists and
> causes SIG11, too.
I noticed this before, but only when I ran master in 'debug' mode (master -D)
which doesn't close stderr etc. The following patch suppresses the error
message. This was from 2.0.15 or thereabouts.
--- master/service.c.orig Fri Jun 15 17:58:53 2001
+++ master/service.cFri Jun 15 15:04:29 2001
@@ -145,6 +145,7 @@
int opt;
char *alt_config = NULL;
+opterr = 0;
while ((opt = getopt(argc, argv, "C:")) != EOF) {
switch (opt) {
case 'C': /* alt config file */
--
Cillian
Re: new cyradm
Amos Gouaux <[EMAIL PROTECTED]> wrote: > Well, one thing I don't like about the new cyradm is that I can't > enter in code interactively, like if I have to manipulate a bunch of > folders. Seems tedious to have to write a script to do the simplest > things. One thing that wouldn't go amiss would be readline support, if it's installed. I imagine it'd be easy enough to add in. -- Cillian
IMAP Server Testing Tools
Hi Folks, I'd like to test our IMAP server here before it goes into full use. I want to determine the following things: Performance: How much of a load it can handle. There will be max. ~30 clients logged in simultaneously. They'll be using Netscape MUA which likes to keep 3 or 4 seperate connections to the one server so that's (say) about 90 imapd's running. Not a lot, but I need some idea as to how Cyrus performs on our setup. Stability: Will it fall over under load? Will there be any error messages in the logs? Integrity: Test for any loss or corruption of data (i.e. in messages) Before I go off to trawl freshmeat/google/write-my-own, are there any good existing tools people would recommend for such work? TIA, -- Cillian
Re: Partial transfer of administrative rights?
Nuno Silva <[EMAIL PROTECTED]> wrote: > any other ideas? Hmm, perhaps do a recursive SETACL on the set of existing mailboxes to be administered to give admin & create & delete rights to the (non-cyrus) admin user.. ? Though this would need to be set for any new mailboxes/sub-folders created afterwards.. Just a thought. -- Cillian
Re: Renaming a users mailbox(s)
Scott Russell <[EMAIL PROTECTED]> wrote: > So, is this still a problem in Cyrus 2.x or is there a better solution than > the one outlined in the Managing IMAP book? Code to do complete user renames: http://asg.web.cmu.edu/archive/message.php3?index=7268&array_index=0 (the archives are your friend here ;) Patch is against 2.0.9 and is beta. Ken refers to a user-rename CVS branch.. it'd be great if this appeared in Cyrus sometime - renaming is a feature I'll likely stumble over too. There may be other (more 'manual') suggestions in the archives too.. Regards, -- Cillian
Re: deadlines suck! <- imtest = zero response
Brendon M. Maragia <[EMAIL PROTECTED]> wrote: > /etc/imapd.conf > configdirectory: /var/imap > partition-default: /var/spool/imap > admins: cyrus root > allowanonymouslogin: no > sasl_passwd_check: passwd ^^ Should that be sasldb? -- Cillian
Re: cyradm auth question
[EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > When I log onto cyradm, the first prompt I recieve is: > > 'Please enter your password:' > > ...which never works ( I'm using pam_mysql for auth ), and subsequently > generates the following log: > > Jul 9 23:36:35 shnarf imapd[4912]: badlogin: > shnarf.axcelerant.com[192.168.240.66] PLAIN no mechanism available Currently, the PLAIN auth mechanism only becomes available when the session is encrypted (i.e. over SSL/TLS) - hence the error "no mechanism available". The first password prompt above is from sasl. cyradm then falls back to the IMAP LOGIN method and it prompts for a password as below: > ... and *then* I get the 'IMAP Password:' prompt ( after a short but > annoying pause ), which works as it should, allowing me to begin my cyradm > session. [..] > I'd like to do whatever may be required ( whether via cyrus, or via Postfix > - I know there's got to be some postfix-cyrus user out there ), in order to > disable and completely 'nix that first prompt. Nothing to do with Postfix. Just run cyradm like: cyradm --auth login ... [IMO the PLAIN auth mechanism should be enabled when allowplaintext is enabled, regardless of an SSL session] Regards, -- Cillian
SIGHUP master errors
[Cyrus 2.0.14-NAMESPACE-r2]
If I send master a SIGHUP (with no change to config files) I get:
master[9653]: got SIGHUP
master[9653]: unable to bind imap socket: Permission denied
cyrus.conf:
SERVICES {
imap cmd="imapd" listen="[127.0.0.1]:imap" prefork=0
imaps cmd="imapd -s" listen="imaps" prefork=0
lmtpunix cmd="lmtpd" listen="/local/cyrus/imap/socket/lmtp" prefork=0
}
imaps service continues working, but imap service disappears. Now if I change
config to:
SERVICES {
imap cmd="imapd" listen="imap" prefork=0
imaps cmd="imapd -s" listen="imaps" prefork=0
lmtpunix cmd="lmtpd" listen="/local/cyrus/imap/socket/lmtp" prefork=0
}
..and send master a SIGHUP, I don't get any problems. So it appears as if the
problem exists when a specific IP addr is gven to bind to but no problem with
INADDR_ANY. I don't recall this happening in 2.0.12 when I had a similar
setup.
--
Cillian
DBERROR messages
Setup: NetBSD 1.5V, imap 2.0.14-NAMESPACE-r2 (with Berkeley DB 3.2.9), sasl 1.5.24 (--with-db=none, don't use sasldb et al) Anyone know what these DB error messages are about? Haven't noticed any problems on the client end (yet), but the server in question is only in testing so it doesn't get used much: master[27087]: about to exec /usr/local/cyrus/bin/imapd service-imaps[27087]: executed imapd[27087]: accepted connection imapd[27087]: TLS engine: cannot load CA data imapd[27087]: starttls: SSLv3 with cipher RC4-MD5 (128/128 bits) no authentication imapd[27087]: login: xxx[xxx] cns plain+TLS User logged in imapd[27087]: DBERROR db3: Closing closed cursor imapd[27087]: DBERROR: error closing cursor: Invalid argument imapd[27087]: DBERROR: error advancing: Unknown error: -1904809438 imapd[27087]: seen_db: user cns opened /local/cyrus/imap/user/c/cns.seen imapd[27087]: open: user cns opened INBOX Regards, -- Cillian
Re: Authentication problem
[EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > While performing my own testing I noticed that if I telnet to port 143 on > the IMAP server and attempt to login with a bogus username / password that > the IMAP server log file DOES NOT REFLECT the failed login attempt. It should! Your syslog setup may not be logging everything. Make sure you have local6.* in syslog.conf going somewhere. To be super-safe, you can log *.* to a file which is bound to get all Cyrus messages (and a whole lot more besides ;) > Does anyone have any advice on how to further debug this issue? Is there a > way to increase the debug or logging level of the imapd server such that I > can see what is occurring after connect on port 143? Run master like so: # CYRUS_VERBOSE=10 /path/to/master Also, versions of Cyrus > 2.0.12 have a -D switch for leaving stdout & stderr open to help debugging. Try running tcpdump/ethereal/etc. to capture the session log between the client and the server to see what's actually going on. Regards, -- Cillian
Suggested fixes
- Starting master in debug mode (-D), I noticed "imapd: illegal option -- s"
errors when IMAP SSL sessions were started. getopt in service.c is the cause
of this as it doesn't know of all the various options services accept.
Setting opterr = 0 seems like the easiest way of getting rid of the
(annoying ;) messages.
- Now that imapd reuses connections, it's probably worthwhile clearing the
imapd's process title after a client disconnects, otherwise it "appears" it
is still servicing the client in a ps listing.
(patches for suggested fixes attached)
Regards,
--
Cillian
--- imapd.c.origMon Jun 4 00:58:14 2001
+++ imapd.c Fri Jun 15 15:35:40 2001
@@ -218,6 +218,8 @@
static void mstringdata(char *cmd, char *name, int matchlen, int maycreate);
extern void setproctitle_init(int argc, char **argv, char **envp);
+extern void setproctitle(const char *fmt, ...);
+
extern int proc_register(char *progname, char *clienthost,
char *userid, char *mailbox);
extern void proc_cleanup(void);
@@ -346,6 +348,7 @@
static void imapd_reset(void)
{
+setproctitle("imapd: awaiting connection");
proc_cleanup();
if (imapd_mailbox) {
--- master/service.c.orig Fri Jun 15 17:58:53 2001
+++ master/service.cFri Jun 15 15:04:29 2001
@@ -145,6 +145,7 @@
int opt;
char *alt_config = NULL;
+opterr = 0;
while ((opt = getopt(argc, argv, "C:")) != EOF) {
switch (opt) {
case 'C': /* alt config file */
imtest PLAIN auth broken?
imtest seems to be broken for me when doing PLAIN authentication (however doing it manually works fine). Below you can see imtest failing to login followed by the successful manual login attempt. % imtest -t "" -u cyrus -a cyrus -m plain localhost [..] TLS connection established: TLSv1 with cipher DES-CBC3-SHA (168/168 bits) C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS AUTH=PLAIN X-NETSCAPE S: C01 OK Completed in sasl_client_start mech list from server is plain Considering mech plain Best mech so far: PLAIN Plain step #1 Trying to get userid Trying to get authid Trying to get password returning prompt(s) Please enter your password: in sasl_client_start Plain step #1 Trying to get userid Trying to get authid Trying to get password Got username, authid, and password userid=[cyrus] authid=[cyrus] password=[$cyrus] C: A01 AUTHENTICATE PLAIN S: + Plain step #3 Verify we're done stepC: S: A01 NO bad protocol / cancel Authentication failed. generic failure Security strength factor: 0 . AUTHENTICATE PLAIN + Y3lydXMAY3lydXMAJGN5cnVz . OK Success (tls protection) . LOGOUT * BYE LOGOUT received . OK Completed Connection closed. Just for completeness, imtest works fine using the 'login' mechanism and the base64 auth string was generated as follows: % echo -n "cyrus\0cyrus\0\$cyrus" | openssl base64 Y3lydXMAY3lydXMAJGN5cnVz -- Cillian
Re: Archiving mailboxes
Jen-Mei Wu <[EMAIL PROTECTED]> wrote: > One major user complaint about quotas is that there's no easy way for > them to archive mail. For example, if they have 20 folders on their > server (some of them being mailing lists) and they want these archived > to their client mail program, they have to create a folder with the > same name on the client, and manually copy messages over. Are there > e-mail clients (Windows) that can do this automatically? For example, > allow the user to select which folders are to be archived and, > ideally, the age of messages to be archived? > > Any other suggestions? Some MUAs support offline reading or folder synchronisation.. which might be something to check. Although this is usually for keeping copies on both client and server. Regards, -- Cillian
Re: Netscape 4.77
[EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Now, after having read all the bad reports about previous versions of > Netscape, is this the experience of others as well? Netscape 4.7x works fine, generally. And if it works for you, that's great. However some bad points (off the top of my head): - It makes aggressive use of local caching (../ImapMail/hostname/*) which is not necessary when using IMAP. - It doesn't allow multiple accounts on the same IMAP server (although this can be worked around). - Only one of the delete models actually work properly AFAIK. - It does not check multiple mailboxes for new mail. - Still contains a lot of baggage from being a POP3/Local only MUA. - Limited authentication support (just plaintext IIRC) Again, this is off the top of my head. There are other missing features/bugs I could comment on, however that would be venturing into the "ideal IMAP MUA" rant :o) > PS: What about Netscape 6.0 and IMAP? Anybody tried it yet? I tried it a bit, it's certainly an improvement over 4.7x, but I'm not happy with Netscape 6 in general enough to warrant using it. Regards, -- Cillian
Re: Root directly incoming mail into "Public Folder" subdir
Patrick Lin <[EMAIL PROTECTED]> wrote: > ok > does Fileinto support space in the folder name ? I don't know, but I'd imagine it would/should. Best bet is to try it and see! > > Probably the easier option. With an alias this might be: > > > > some-address: +PublicFolder.Subdir > > ok > i try with formail and sed with no Luck Not sure what you mean here.. -- Cillian
Re: Root directly incoming mail into "Public Folder" subdir
Patrick Lin <[EMAIL PROTECTED]> wrote: > hello > i am running imapd 2.0.12 and Sendmail Switch-2.1.0 > i want to know the best way to root incomaing mail directly to a subdir > of "Public folder" > > 1 - sieve Sieve only works for 'user' email addresses, thus if you want to redirect email to another folder using Sieve, you'll need a user with the same name as the incoming address and a corresponding script to do the redirection possibly using something like: fileinto "PublicFolder.Subdir"; > 2 - alias Probably the easier option. With an alias this might be: some-address: +PublicFolder.Subdir Although with this method you can't have spaces in any of the folder names and you'll have to watch for case sensitivity issues too. Regards, -- Cillian
Server Greeting
The current server greeting is: * OK Cyrus IMAP4 server ready Should the server greeting display IMAP4rev1 instead of IMAP4? i.e: * OK Cyrus IMAP4rev1 server ready The NetxAP perl modules check for and require the presence of IMAP4rev1 in the greeting text (so it needs to be tweaked slightly to work with Cyrus). Also, all the server greeting examples in RFC 2060 use IMAP4rev1. So, should we display IMAP4rev1 in the greeting, or should NetxAP be checking the CAPABILITY text instead for the presence of `IMAP4rev1'? -- Cillian
single instance store
Should single instance store work in the following scenario: A message is addressed to two accounts. It is delivered to one successfully but the other a/c is over quota so delivery fails and the message remains in the mail queue. The quota limit is then bumped up for this a/c, the MTA retries delivery and succeeds. I tested this but single instance store wasn't used in this case. The question is: should it? The setup is Exim using LMTP over a unix domain socket. Single instance store does work in my setup when there are no delivery errors just not in this situation. Regards, -- Cillian
Re: Sending mails directly to a folder not a user mailbox
Alex Kempkens <[EMAIL PROTECTED]> wrote: > info: tc#+info I presume that's "tc+info" without the comment sign "#"? > Now the question. If I want to send that mails directly to a folder > > tc.info > > parallel to > > user. > > what must be changed? Create a folder "tc.info" with cyradm, make it postable, make it accessible to yourself and change the alias to "+tc.info". That should do the trick. -- Cillian
Re: [2] Re: Disabling quota for user
Lawrence Greenfield <[EMAIL PROTECTED]> wrote: > It never occured to me before, but I don't think there is a way of > disabling the quota once it's been set. Probably deleting the user and > recreating it would work. Or another way is to just delete the quota file for the particular user from the ../imap/quota/ directory and then run ../cyrus/bin/quota to ensure everything is consistent. Actually, it might be 'quota -f' - I'm working from memory here. Ideally, implementing quota disabling in the IMAP protocol would be better. -- Cillian
Re: Questions,fixes,problems: Cyrus 2.0.9, NetBSD 1.5 [LONG]
Lawrence Greenfield <[EMAIL PROTECTED]> wrote: > >>- With plaintext login [using pwcheck], cyradm asks for the > >>password twice: > >> first "Please enter your password:" then "IMAP Password:" - any > >> reason why? > >> > >> I'm not sure. Has anyone else run across this? Can anyone else solve > >> this? > > Yeah, I think the first password is requested in order to do a saslified > authentication, which fails, and then other code asks for another password. > Actually, I appear to be crashing cyradm with the --auth option right now, > so I'm going to say that this code really needs some work. Yes, in my case above, the PLAIN method was failing to authenticate (because PLAIN mechanism isn't available on a non-encrypted connection) and so the cyradm shell itself printed out the "IMAP Password:" prompt to use with the IMAP LOGIN method as a last resort (which works fine). I can get around this problem of the "duplicate" password prompt if I do 'cyradm --auth login'. Out of curiosity I used imtest to see if PLAIN was working. I did 'imtest -m PLAIN -t "" localhost' and AUTH=PLAIN appeared in the capability banner (as the connection was encrypted now) but the authentication failed with a bad protocol error (IIRC - working from memory here). Anyway, this is more of an aside, as my MUA doesn't uses LOGIN so it doesn't pose a problem to me yet. -- Cillian
Re: Cyradm
Bevan Christians <[EMAIL PROTECTED]> wrote: > I have a problem with cyradm > > it asks for one pwd for the cyrus user which I have, > then it asks me for an IMAP pwd , which I don't have > > Non of the FAQs I have speak about this > > Anyone have this problem b4? Yes. The reason for this is that the first method for authentication fails (for whatever reason) and so it falls back to using the IMAP LOGIN method which is what the "IMAP Password:" prompt is about. Either enter the same password twice at both prompts, or use 'cyradm --auth login' to specifically use the IMAP LOGIN method only. Regards, -- Cillian
Re: deleting mailboxes?
Grant Beattie <[EMAIL PROTECTED]> wrote: > wombat> lam user.grant > anyone p > grant lrswipcda > cyrus d > wombat> dm user.grant > deletemailbox: Permission denied > > What is causing this? How can I delete the mailbox? sam user.grant cyrus c dm user.grant 'c' gives right to delete actual folder (and to create sub folders), 'd' gives right to delete messages in folder. -- Cillian
Re: Questions,fixes,problems: Cyrus 2.0.9, NetBSD 1.5 [LONG]
Lawrence Greenfield <[EMAIL PROTECTED]> wrote: >- With plaintext login [using pwcheck], cyradm asks for the >password twice: > first "Please enter your password:" then "IMAP Password:" - any > reason why? > > I'm not sure. Has anyone else run across this? Can anyone else solve > this? On closer investigation, it seems cyradm tries to use PLAIN auth, but because PLAIN is only available when SSL/TLS is in use (which cyradm doesn't use) this mechanism fails, so it falls back to the IMAP login method (as my setup has no other authentication methods enabled). Thus, the first password prompt is asked by the SASL PLAIN plugin (which fails) and the second prompt by cyradm (or rather, Cyrus::IMAP::Shell) which succeeds. Either enabling SSL/TLS support in cyradm or disabling attempts to use PLAIN when SSL/TLS is not being used, should fix this 'duplicate' password prompt. Or at least that's my understanding.. Regards, -- Cillian
Re: Questions,fixes,problems: Cyrus 2.0.9, NetBSD 1.5 [LONG]
Lawrence Greenfield <[EMAIL PROTECTED]> wrote:
>Berkeley DB 3 on NetBSD (and similarly in FreeBSD) is installed as:
>/usr/pkg/lib/libdb3.a and /usr/pkg/include/db3/*.h so as not to
>conflict with the "native" db in NetBSD.
>
> I'm not sure how I'm suppose to deal with this; I could be chasing db
> files all around eternity. I'd welcome patches.
Ok i just compiled 2.0.11 on netbsd 1.5. All I had to do was s/db-3/db3 in
configure. so all that needs to be done is to stick in (yet) another test for
db3, i.e. '-ldb3' in configure.in just before or after the test for db-3. the
script picks up the include files ok (/usr/pkg/include/db3) once i specify
--with-dbdir=/usr/pkg so no changes there, just the library check.
> Sometimes mismatched db libraries cause crashes. The documentation
> could also say to compile libsasl without db support
> (--with-dblib=none).
Yes, this seems to work, however I had to patch utils/sasldblistusers.c as
follows:
--- sasldblistusers.c.orig Thu Feb 15 13:44:03 2001
+++ sasldblistusers.c Thu Feb 15 13:44:41 2001
@@ -309,7 +309,7 @@
#else
-int listusers(listcb_t *cb)
+int listusers(const char *path, listcb_t *cb)
{
fprintf(stderr,"Unsupported DB format");
exit(1);
>For imapd I had to do CPPFLAGS="-I/usr/include/krb5
>-I/usr/include/openssl" before running configure to pick up include
>files. However some of the Makefiles under perl/ didn't "inherit"
>these CPPFLAGS, so I had to add the includes to the "INC" hash key
>in Makefile.PL as these seem to be (post-configure) generated
>Makefiles
>
> If there are generic fixes for these problems, I'd love to have them.
> (I don't really have time to chase this down right now.)
I'll have a look at this, should just be a few Makefile tweaks.
>- libwrap wasn't detected, even though it exists and works!
> /usr/lib/libwrap.a, /usr/lib/libwrap.so* and /usr/include/tcpd.h
> are there ok. passing --with-libwrap=/usr doesn't work either.
>
> I think the next release will fix this.
Ok, I haven't tried this yet as master can now bind services to specific IPs.
> I thought there was a way of making Netscape check multiple folders.
Not that I'm aware of..
Regards,
--
Cillian
Re: Suggestions
Chuck Dale <[EMAIL PROTECTED]> wrote: > And how about combining those two: > > 3) Rename master. Postfix has a "master" process also meaning I can't > read the Cyrus man page (yeah big deal). But something more > descriptive like "cyrus" would be better.. Yes, I forgot to mention that conflict too. I don't mind multiple man pages, (just use man -a) but I'd prefer process, command and pidfile names not to conflict.. -- Cillian
Suggestions
Just two small (trivial) suggestions: 1) Rename quota command (and manpage) to cyrquota to prevent conflict with existing system disk quota command. The FreeBSD port of Cyrus IMAPD does this. 2) Make the master process detach itself from terminal i.e. fork() and place its pid in /var/run/master.pid (or similar). This could be enabled with a command line option (such as '-D') if the current behaviour is to be kept. -- Cillian
[info-cyrus] cyradm & netscapeurl
Hi folks, cyradm (the one in 2.0.9 anyway) doesn't seem to handle mailbox names with spaces in them, in other words I can't create them or set acls/quotas etc. on existing folders with spaces. I've tired various forms of quoting, but no luck. A few other features that would be handy: * command history, and * command and folder name completion And my other question: the default URL supplied by Cyrus for 'netscapeurl' (http://andrew2.andrew.cmu.edu/cyrus/imapd/netscape-admin.html) doesn't exist any more. Does it exist anywhere else, or alternatively, could someone tell me what such a page "should" say (or "do")? Many thanks, -- Cillian
Questions,fixes,problems: Cyrus 2.0.9, NetBSD 1.5 [LONG]
Hi folks,
[Apologies for length of email]
I recently built IMAPD 2.0.9 + SASL 1.5.24 + Berkeley DB 3.11 from source on
NetBSD 1.5 release (i386). I use LMTP/TCP delivery with Exim 3.20, pwcheck for
auth and plaintext over SSL with Netscape 4.75 MUA. Overall, quite impressed!
Now for the problems: ;)
Berkeley DB 3 on NetBSD (and similarly in FreeBSD) is installed as:
/usr/pkg/lib/libdb3.a and /usr/pkg/include/db3/*.h so as not to conflict with
the "native" db in NetBSD.
In configure I had to change db-3 to db3 and in some source files had to
change includes for to . This is for both IMAPD and SASL.
[Incidentally, I'm not using sasldb in SASL so is it truly necessary to
compile both with the same DB version as is recommended?]
For imapd I had to do CPPFLAGS="-I/usr/include/krb5 -I/usr/include/openssl"
before running configure to pick up include files. However some of the
Makefiles under perl/ didn't "inherit" these CPPFLAGS, so I had to add the
includes to the "INC" hash key in Makefile.PL as these seem to be
(post-configure) generated Makefiles
Simple fixes, but thought it might be worth mentioning.
Now for some questions:
- libwrap wasn't detected, even though it exists and works!
/usr/lib/libwrap.a, /usr/lib/libwrap.so* and /usr/include/tcpd.h are there
ok. passing --with-libwrap=/usr doesn't work either.
- configure has a problem with NetBSD's mmap() and warns:
*** This system does not have a working mmap()
*** Expect a considerable performance penalty
Is this serious? The IMAP system will eventually have ~700 accounts and at
most 30 simultaneous IMAP sessions, with a 'reasonable' volume of incoming
mail via lmtpd.
Would NetBSD's Unified Buffer Cache (not in 1.5) solve this?
- Do you recommend poll or idled for the "IDLE" method? How do these benefit
the server/client if they make use of them?
- Is ~700 accounts enough to warrant enabling "hashimapspool"? On the current
POP3 system there is ~700 mail spoolfiles in /var/mail (FFS + soft updates)
with no noticeable problems or complaints.
- With plaintext login [using pwcheck], cyradm asks for the password twice:
first "Please enter your password:" then "IMAP Password:" - any reason why?
- Is it safe to make the same user cyrus runs as ("cyrus") part of the
"admins" list in imapd.conf? Should I just create another user ("cyradm")
for the sole purpose of this? (Yes I could use "root")
- Next, is there a way to set flags (New, Read, Replied, Forwarded, etc.)
using the Cyrus::IMAP::Admin modules? I need this for converting Netscape
POP3 "local" mailfiles to IMAP a/c's (some of you might remember my posts
last year about this conversion). Netscape stores it's flags in a
X-Mozilla-Status header (the values of which I have) and I would like
to preserve them.
- What do people recommend for "distribution lists" in an IMAP environment:
- Use a shared folder with an email alias for posting to it and then use
ACLs to grant/deny people access the folder? Unfortunately, the Netscape
MUA only checks "Inbox" for new mail so it's easy to miss new mail in
other folders..
OR
- Use dedicated mailing list software [like mailman with a web interface
for admin tasks] In this case mail would be delivered to Inbox. There is
also the concept of having "list owners", although this could be achieved
by giving someone the "a" right on the shared folder discussed above.
- Finally, any good IMAP MUAs for Windows? Netscape 4.7x is a bit braindead
in many ways. I know there is Mulberry and I think Pegasus does IMAP too, but
the advantage over them with Netscape is:
- The netscape UI is quite nice
- Our users are used to this (i.e. just click on the little "mail" icon!)
- Our current setup has netscape 'auto-configuration' so users never have to
setup their a/c. And they can't screw up the config either as it's "fixed"
on next login. In other words, "it just works" (TM) which is very handy
for us admins.
[For those interested, it's a perl script run from samba 'before' login
has occurred which over-rides specific keys in prefs.js in their netscape
home dir (which is on the server) and sets their username etc. for their
mail a/c.]
What MUAs do other people recommend? (Sorry, this must be a perennial
question)
Thanks in advance,
Regards,
--
Cillian
Re: LMTP vs SMTP
Randall S. Winchester <[EMAIL PROTECTED]> wrote: > RFC2033 is only 7 pages of which the first 5 are of interest, and is > fairly light reading as RFC's go. You should take a look; > http://www.imc.org/rfc2033 I just looked at the RFC - and it is suprisingly short. I'll read it in more detail later. Thanks to all for your replies! Regards, -- Cillian
LMTP vs SMTP
Hi Folks, I was mentioning to a friend how Cyrus now recieves messages over LMTP. Not being familiar with the protocol (nor I), he skimmed over the LMTP RFC. From this brief read, he came to the conclusion that LMTP was more or less redundant, considering its close similarity to SMTP. I couldn't give a definitive answer to him as to why LMTP is used apart from saying that LMTP is more a "local" protocol, then a "across the Internet protocol" (SMTP). So my question is, what are the main reasons/benefits of using LMTP for delivering a message to Cyrus? I don't have time to read the full RFC, so please don't respond with RTFM ;) Just the main points would be nice. TIA Regards, -- Cillian
Version recommendation & Docs request
Hi Folks, Some time in the near future I will be converting a POP3 site over to IMAP using Cyrus. I plan on using Exim on the external mail host to deliver mail by LMTP over TCP to the internal imap server. Should I use 1.6.x or 2.0.x? If 2.0.x is just as stable as 1.6.x, then I will use it. Is there going to be any serious effort made WRT documentation and the web pages? i.e. bring them up to date with latest product versions, get a web archive of the info-cyrus mailing list (I'm aware of the IMAP i/f to it), etc. Regards, -- Cillian
