OT: Mulberry for Unix anyone
--On June 8, 2006 2:59:37 PM -0600 "Eric S. Pulley" <[EMAIL PROTECTED]> wrote: > Anybody got a link for a download location for Mulberry 3 or 4 for > Solaris or Linux? > > There are a fare number of Universities that still have it but they > restrict access to there DL servers. > > Thanks. -- There are only 10 kinds of people in this world: those who understand Binary, and those who don't. -------- --- | Eric S. Pulley | | | Systems Administrator | /"\ ASCII Ribbon | | Hamilton Partners| \ / Campaign Against | |+1.801.297.7254 | X HTML Mail| | <[EMAIL PROTECTED]> | / \ | --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Funding Cyrus High Availability
--On Thursday, September 16, 2004 6:56 PM -0400 Ken Murchison <[EMAIL PROTECTED]> wrote: [SNIP] Question: Are people looking at this as both redundancy and performance, or just redundance? Cyrus performs pretty well already. Background redundancy would be awesome. Especially if we had control over when the syncing process occurred either via time interval or date/time. -- ESP --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Clear text password and MySQL
--On Tuesday, March 16, 2004 2:13 PM -0800 Joe Rhett <[EMAIL PROTECTED]> wrote: On Wed, Feb 04, 2004 at 11:41:06AM -0800, Eric S. Pulley wrote: In this scenario you are still passing the SALT in clear text to the db but IMO this is much better than having your users logging in with plaintext passwords over an open network. Especially if your DB is on the same host as cyrus-imap since you can contain it to a socket and not use a network at all for the DB lookups. So what is the gain here, really? I may be wrong, but I suspect that you've confused yourself on what you are protecting. If you aren't using TLS, then the password is going over the network in cleartext anyway. If imapd is on a different host than the db, then the encrypted password is going with the salt... so effectively cleartext. Yes, you are correct. However, the SQL query is going over a switched network segment you have control over not the Internet at large. Or even better a socket on a black box. If your config requires you to pass the SQL query over an insecure subnet then you should, of course, SSL encode the DB connection. This allows you to use cram or digest at the mail client leaving the admin to deal with the security of the backend, not some confused user setting up their account. Plus it still allows the admin access to the cleartext password in the DB. But it all comes down to were you want to take your risks. I'm not saying you shouldn't use TLS/SSL where ever you can in addition to any other security you have in place. This solution is specifically to allow cram and digest connection to the imap server from the Internet while still having a cleartext password in the SQL table. I would not recommend it if you do not have this requirement. --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Clear text password and MySQL
Hi list,
I just thought I share this since I see a lot of people using mysql with
clear text passwords. It's probably obvious to everyone but since I never
see anyone talking about it I though I'd share my config for using
encrypted password in mysql. This config makes it so your users can use
secure methods of authentication over the Internet and still have there
data in an encrypted form in the database.
It's not perfect. An admin that knows the SALT you are using to encrypt the
password field can retrieve the decrypted passwords from the db. But I
find this to be an advantage in many cases.
Using mysql 4+ you can encrypt fields with the
AES_ENCRYPT("text-to-encrypt","SALT") function. Just make sure your
password field is a blob (binary varchar works too I think).
so your settings in imapd.conf are:
sasl_pwcheck_method: auxprop
sasl_sql_engine: mysql
sasl_sql_user: Yada
sasl_sql_passwd: Yadayada
sasl_sql_hostnames: localhost or whatever
sasl_sql_database: YadaDB
sasl_sql_statement: SELECT AES_DECRYPT(password_field,"SALT_YADA") FROM
users_table WHERE username_field ='%u'
In this scenario you are still passing the SALT in clear text to the db but
IMO this is much better than having your users logging in with plaintext
passwords over an open network. Especially if your DB is on the same host
as cyrus-imap since you can contain it to a socket and not use a network at
all for the DB lookups.
Also your mail server and user accounts are only as secure as the
imapd.conf file. So use at your own risk.
Anyway I hope someone finds this useful.
--
ESP
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Missing cyrus-IMAP-2.2.x imapd.conf.5.html
Not a big deal but sometime in the 2.2.x builds the HTMLized imapd.conf(5) seams to have went missing from the doc/man directory. Or am I high? -- ESP
Re: MS Entourage crashing.
These sessions are from the same client and same thread. There are in fact the same session I just split it so you could see the successful and failed one more easily The ^M is not copy and paste crud it's in the log file plan as day. It's not very repeatable. It's happening about 10% of the time and seems to be totally random as to when it's going to happen. It is however always when posting a message to the Sent folder on the server and only when sending a message. I can copy 1000s messages to the Sent box by hand with no trouble. It's only happening on 2 of the 12 Entourage installations here, both high profile users. I've tried reinstalling the clients. I've even swapped the hardware out. I've made new Sent folders on the server. None of that worked. Guess next I'll delete and remake the affected accounts on the server. seems very silly to me though. I have no proof that it's NOT the server. And I have no real way of setting up a different imap server for testing. A number of the upper management are Microsoft lovers and I'm running outa arguments not to convert to the evil empire... --On Tuesday, February 11, 2003 16:10 -0500 Ken Murchison <[EMAIL PROTECTED]> wrote: "Eric S. Pulley" wrote: Okay here are some logs: the first part is a successful sent message noted by my added -SESSION flag to make it easier to read for you. Are these connections from the same running client (separate threads) or two entirely different sessions? Questions: why in Session 2 did it do a LIST? The user was just sending email not opening the "Sent Items" folder why would it LIST some of the times and not others? I have no idea why it would do a LIST after a successful SELECT. The FETCH might be because this is the first time that the client opened the mailbox. what is the deal with UID 230 the ^M worries me Not sure. Is it possible that this is cut-n-paste cruft? As you can see in Session 2 it does a list and many fetch(es) but logs out before the append is sent... Is this behavior repeatable? What happens if you manually select the Sent folder before sending a message? I don't see the server doing anything wrong. Does this only happen with Cyrus? Can you post a similar log from a different (working) server? | Eric S. Pulley | | Sr. Unix Administrator | | Hamilton Partners| |+1.707.431.4300 | | <[EMAIL PROTECTED]> | msg11051/pgp0.pgp Description: PGP signature
Re: MS Entourage crashing.
Okay here are some logs: the first part is a successful sent message noted by my added -SESSION flag to make it easier to read for you. Questions: why in Session 2 did it do a LIST? The user was just sending email not opening the "Sent Items" folder why would it LIST some of the times and not others? what is the deal with UID 230 the ^M worries me As you can see in Session 2 it does a list and many fetch(es) but logs out before the append is sent... LOGS -SESSION 1 <1044972953 1044972953>* FLAGS (\Answered \Flagged \Draft \Deleted \Seen) * OK [PERMANENTFLAGS (\Answered \Flagged \Draft \Deleted \Seen \*)] * 886 EXISTS * 0 RECENT * OK [UNSEEN 772] * OK [UIDVALIDITY 1030734030] * OK [UIDNEXT 907] A003 OK [READ-WRITE] Completed <1044973461 1044973461>+ go ahead <1044973461 1044973461>* 888 EXISTS * 1 RECENT A004 OK [APPENDUID 1030734030 908] Completed --SESSION 2 <1044973483 1044973483>* FLAGS (\Answered \Flagged \Draft \Deleted \Seen) * OK [PERMANENTFLAGS (\Answered \Flagged \Draft \Deleted \Seen \*)] * 888 EXISTS * 0 RECENT * OK [UNSEEN 772] * OK [UIDVALIDITY 1030734030] * OK [UIDNEXT 909] A005 OK [READ-WRITE] Completed <1044973483 1044973483>* LIST (\HasNoChildren) "." "INBOX.Sent Items" A006 OK Completed (0.000 secs 2 calls) <1044973483 1044973483>* LSUB () "." "INBOX.Sent Items" A007 OK Completed (0.000 secs 2 calls) <1044973483 1044973483>* 1 FETCH (FLAGS (\Seen) UID 1) * 2 FETCH (FLAGS (\Seen) UID 2) . . . * 227 FETCH (FLAGS (\Seen) UID 230)^M>1044973483> . . . * 880 FETCH (FLAGS (\Seen) UID 900) * 881 FETCH (FLAGS (\Seen) UID 901) * 882 FETCH (FLAGS (\Seen) UID 902) * 883 FETCH (FLAGS (\Seen) UID 903) * 884 FETCH (FLAGS (\Seen) UID 904) * 885 FETCH (FLAGS (\Seen) UID 905) * 886 FETCH (FLAGS (\Seen) UID 906) * 887 FETCH (FLAGS (\Seen) UID 907) * 888 FETCH (FLAGS (\Seen) UID 908) A008 OK Completed <1044973787 1044973787>* BYE LOGOUT received A009 OK Completed --On Tuesday, February 11, 2003 14:18 -0500 Ken Murchison <[EMAIL PROTECTED]> wrote: "Eric S. Pulley" wrote: Okay I'm at the end of my rope. If I can't get this fixed I have to switch MS Exchange... When sending a message the client is doing one of the following 10% of the time. Application has unexpectedly quit. this dialog "Error The server returned the following error Unable to add message to IMAP mailbox. The corresponding local folder will be used instead." I know that the problem is occurring when the client is posting the message to the INBOX.Sent folder on the server. But no server side error of any kind are showing up. Telemetry logs show the client fetching all the UIDs in the Sent folder the logging out. Why it fetches all the UID for sorting them on the client I don't know why it does that instead of using SORT... Does it ever try an APPEND? I wonder if the client is not liking what it sees as far as UIDs. Can you post the telemetry log? BTW, I'd be surprised if the client supported SORT. The only client that I'm aware of that support SORT/THREAD are c-client based (Pine, PHP) and Mulberry. If you know otherwise, please let us know. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp | Eric S. Pulley | | Sr. Unix Administrator | | Hamilton Partners| |+1.707.431.4300 | | <[EMAIL PROTECTED]> | msg11046/pgp0.pgp Description: PGP signature
MS Entourage crashing.
Okay I'm at the end of my rope. If I can't get this fixed I have to switch MS Exchange... When sending a message the client is doing one of the following 10% of the time. Application has unexpectedly quit. this dialog "Error The server returned the following error Unable to add message to IMAP mailbox. The corresponding local folder will be used instead." I know that the problem is occurring when the client is posting the message to the INBOX.Sent folder on the server. But no server side error of any kind are showing up. Telemetry logs show the client fetching all the UIDs in the Sent folder the logging out. Why it fetches all the UID for sorting them on the client I don't know why it does that instead of using SORT... I've only got 30 people using this mail server so I doubt it has anything to do with load. Possibly a mailboxlist db timing issue? Should I switch to skiplist? The Client: Entourage v.X sr1 (10.1.1 build 2418) and previous versions of v.X The Server: cyrus-imap 2.1.11 & 12 IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS AUTH=LOGIN AUTH=PLAIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5 LISTEXT LIST-SUBSCRIBED mboxlist-db=db3 duplicate-db=db3 seen-db=flat subs-db=flat tls-db=db3 -------- | Eric S. Pulley | | Sr. Unix Administrator | | Hamilton Partners| |+1.707.431.4300 | | <[EMAIL PROTECTED]> | msg11040/pgp0.pgp Description: PGP signature
Re: Solaris 8 cyrus-imspd-v1.6a3 can't make lib/prot.o
There is a patch to authenticate via the imap server as well. Which is what I'm using succefully. Only down side is you have to use plain text and no ssl on the ismp account. IMAP can still use whatever AUTH your server supports. I just only allow ismp connection from inside my firewall. --On Friday, February 7, 2003 8:39 +1100 Peter Lawler <[EMAIL PROTECTED]> wrote: Hi there Glo, I've got a home brewed Solaris x86 box I thought I'd give it a whirl for you. I'm running a self-compiled gcc 3.2.1, that seems to be going OK - it's down cyrus-imap & sasl and apache2.xx so far, so I think it's OK (haven't had a chance to get the GCC test suite from work yet, seeing 'I don't need it'), long story. But I digress... Current working directory /usr/local/src/cyrus-imspd-v1.6a3/lib I don't know if this is relevant, but cyrus-sasl-2.1.10 was configured Well, I was scratching my head too. I started falling over building imclient: imclient.c: In function `imclient_connect': imclient.c:288: warning: passing arg 5 of `sasl_client_new' from incompatible pointer type imclient.c:288: too few arguments to function `sasl_client_new' imclient.c: In function `imclient_input': imclient.c:676: warning: passing arg 4 of `sasl_decode' from incompatible pointer type imclient.c: In function `imclient_processoneevent': imclient.c:995: warning: passing arg 4 of `sasl_encode' from incompatible pointer type imclient.c: In function `interaction': imclient.c:1163: warning: passing arg 1 of `memset' discards qualifiers from pointer target type imclient.c: In function `imclient_authenticate_sub': imclient.c:1226: `SASL_IP_REMOTE' undeclared (first use in this function) imclient.c:1226: (Each undeclared identifier is reported only once imclient.c:1226: for each function it appears in.) imclient.c:1234: `SASL_IP_LOCAL' undeclared (first use in this function) imclient.c:1252: warning: passing arg 4 of `sasl_client_start' from incompatible pointer type imclient.c:1252: warning: passing arg 5 of `sasl_client_start' from incompatible pointer type imclient.c:1252: warning: passing arg 6 of `sasl_client_start' from incompatible pointer type imclient.c:1252: too many arguments to function `sasl_client_start' imclient.c:1295: warning: passing arg 5 of `sasl_client_step' from incompatible pointer type Then I started looking at the dates on this thing. It's 2000. I *suspect* imsp may not be compatible with SASL2.. The reasoning was in the porting the app document doc/appconvert.html, which says: "The SASL_IP_REMOTE and SASL_IP_LOCAL properties are now SASL_IPLOCALPORT and SASL_IPREMOTEPORT and take strings" H Oh dear, it's late. I'm writing offline. I think I might go sleep some :-) Pete. | Eric S. Pulley | | Sr. Unix Administrator | | Hamilton Partners| |+1.707.431.4300 | | <[EMAIL PROTECTED]> | msg10980/pgp0.pgp Description: PGP signature
Re: Murder and Backend Authentication
Sorry if this is just obvious but... Everyone keep stating that
STARTTLS is not supported in 2.1.x I'm assuming that it just doesn't
work for the Backend Authentication in a Murder since I'm using it to
connect to my standalone server just fine. Or do I have something very
worng going on here?
S: * OK xxx Cyrus IMAP4 v2.1.11 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS
AUTH=DIGEST-MD5 AUTH=CRAM-MD5 LISTEXT LIST-SUBSCRIBED
S: C01 OK Completed
--On Friday, January 31, 2003 16:34 -0500 Ken Murchison
<[EMAIL PROTECTED]> wrote:
Hank Beatty wrote:
OK. That makes sense. Are there any SASL mechs that can use PAM?
Like Rob said, just PLAIN, which will require you to use STARTTLS,
which is only in 2.2. That being said, since you will likely only
have one or two proxy admins, you could just put them in sasldb2 and
use DIGEST-MD5.
- Original Message -
From: "Rob Siemborski" <[EMAIL PROTECTED]>
To: "Hank Beatty" <[EMAIL PROTECTED]>
Cc: "Cyrus-Info" <[EMAIL PROTECTED]>
Sent: Friday, January 31, 2003 3:18 PM
Subject: Re: Murder and Backend Authentication
> You aren't offering any SASL mechanisms. I believe the 2.2 code
> even supports STARTTLS (and therefore PLAIN).
>
> You need to support a SASL mechanism that allows proxy
> authentication. The regular IMAP login command isn't good enough.
>
> -Rob
>
> On Fri, 31 Jan 2003, Hank Beatty wrote:
>
> > And when I use imtest:
> >
> > [root@draco root]# imtest -u hbeatty -a hbeatty localhost
> > S: * OK draco Cyrus IMAP4 v2.2.prealpha server ready
> > C: C01 CAPABILITY
> > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+
> > MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT
> > CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT
> > THREAD=REFERENCES IDLE
> > MUPDATE=mupdate://zeus.email.starband.net/
> > S: C01 OK Completed
> > Please enter your password:
> > C: L01 LOGIN hbeatty {4}
> > S: + go ahead
> > C:
> > S: L01 OK User logged in
> > Authenticated.
> > Security strength factor: 0
> >
> > - Original Message -
> > From: "Rob Siemborski" <[EMAIL PROTECTED]>
> > To: "Hank Beatty" <[EMAIL PROTECTED]>
> > Cc: "Cyrus-Info" <[EMAIL PROTECTED]>
> > Sent: Friday, January 31, 2003 2:29 PM
> > Subject: Re: Murder and Backend Authentication
> >
> >
> > > What SASL mechanism are you using between your frontend and
> > > backends?
> > >
> > > Or rather, what mechanisms are your backends advertising?
> > >
> > > -Rob
> > >
> > > On Fri, 31 Jan 2003, Hank Beatty wrote:
> > >
> > > > I'm working on getting a Murder setup and I can authenticate
> > > > and
pull
> > mail
> > > > directly from the backend server.
> > > >
> > > > However, when I try to proxy the connection I get this in
> > /var/log/messages
> > > > on the proxy/master:
> > > >
> > > > Jan 31 13:40:35 zeus pop3[5437]: login:
> > > > SERVER[192.168.247.241]
hbeatty
> > > > plaintext
> > > > Jan 31 13:40:35 zeus pop3[5437]: couldn't authenticate to
> > > > backend
> > server: no
> > > > mechanism available
> > > > Jan 31 13:40:35 zeus pop3[5437]: couldn't authenticate to
> > > > backend
server
> > > >
> > > > I get this in /var/log/imapd.log on the backend server:
> > > >
> > > > Jan 31 13:45:01 draco pop3[32718]: accepted connection
> > > > Jan 31 13:45:01 draco master[32724]: about to exec
/usr/cyrus/bin/pop3d
> > > > Jan 31 13:45:01 draco master[32688]: process 32718 exited,
> > > > status 0 Jan 31 13:45:01 draco pop3[32724]: executed
> > > >
> > > > With this in mind it would seem that when using the proxy the
> > authentication
> > > > method is different somehow. Is this correct?
> > > >
> > > >
> > > >
> > >
> > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> > > -=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207
> > > * 412-268-7456 Research Systems Programmer * /usr/contributed
> > > Gatekeeper
> > >
> >
> >
> >
>
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> -=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 *
> 412-268-7456 Research Systems Programmer * /usr/contributed
> Gatekeeper
>
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
| Eric S. Pulley |
| Sr. Unix Administrator |
| Hamilton Partners|
|+1.707.431.4300 |
| <[EMAIL PROTECTED]> |
msg10765/pgp0.pgp
Description: PGP signature
