Re: raw access to imap quotas, with mail user
On Sun, Sep 19, 2004 at 09:26:42PM -0700, Carl P. Corliss wrote: Better yet, only update it when you absolute need to (meaning: only when you are checking mail or making a change to your mailbox by deleting, moving or renaming). That should work - of course providing your web portal is functioning as a mail client (checking mail/etc) and not -only- interacting with imap to retrieve the quota. You are talking about some kind of triggers... but that's difficult because i don't have source code of the Webmail imap program [my boss bought that a few years ago]. regards, Félix -- Felix Cuello [EMAIL PROTECTED] - 1512 - Always do right. This will gratify some people and astonish the rest. -- Mark Twain --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
[SOLVED] raw access to imap quotas, with mail user
On Sun, Sep 19, 2004 at 09:21:29PM -0300, Felix Cuello wrote: [...] As Derrick said, I'm executing the program with setuid and that's working. I don't know if there is another way to do that. The PERL script just control malicious user string and user string size and C program open /var/imap/quota and prints mailbox usage (in percentage). Thanks everyone for each help, Félix -- Felix Cuello [EMAIL PROTECTED] - 1513 - Q: What do they call the alphabet in Arkansas? A: The impossible dream. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
raw access to imap quotas, with mail user
Hello, I wrote a small C program to access to quota files without ask cyrus. This program run under mail group. I noticed when something change in the mailbox [deleting mails, receiving mails, etc] the /var/imap/quota permissions are resetted to: -rw--- cyrus.mail Then mail users can't have read access to this files and my C program doesn't have read access to the files. It is possible to change that? Thanks a lot, Félix -- Felix Cuello [EMAIL PROTECTED] - 1504 - Q: Why do the police always travel in threes? A: One to do the reading, one to do the writing, and the other keeps an eye on the two intellectuals. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: raw access to imap quotas, with mail user
On Sun, Sep 19, 2004 at 10:15:20PM -0400, Derrick J Brashear wrote: In general programs which access the mail store run as the cyrus user. Inasmuch as this should be being done at all, your program should be setuid cyrus. I don't think doing this is a good idea in general, though. Is a requirement to our Sutdents web portal, show mailbox usage of each users. All students web portal are written in PERL, but IMAP::Admin is a little bit slow just because it log as the cyrus admin [or the user] using LDAP and... that takes a lot of time. Then i wrote a simple C code and compile that as a PERL Package, then i have direct access to their quota. Apache user is in the mail group [i don't know why... but that's the true] and i want to run the PERL script with apache user rights [then mail rights]... i don't want to put apache into cyrus group, just because i don't want apache could be read mailboxes. That's the whole problem... thanks, Félix -- Felix Cuello [EMAIL PROTECTED] - 1506 - A gift of a flower will soon be made to you. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Permissions change on /var/imap/quota
Hello! I'm trying to read /var/imap/quota/letter/user.letttersurname and is impossible. I changed permissions to give access to all users in the mail group, but [i don't know why] the permissions are resotred to: cyrus.mail 600 then, mail users cannot read. How can i change that? [i think is a umask problem, but how can i configure that] thanks a lot, Félix -- Felix Cuello [EMAIL PROTECTED] - 1493 - Seeing that death, a necessary end, Will come when it will come. -- William Shakespeare, Julius Caesar --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
can't create folders under INBOX.*
Hello, I'm doing telnet to imapd [143] and write 1 login myname mypassword 2 create foldera 3 create INBOX.folderb foldera could be created and /a/ directory appear into my mailbox directory. But i cannot create folders under INBOX. that's ok?, what's wrong? thanks a lot, Felix -- Felix Cuello [EMAIL PROTECTED] - 813 - rugged, adj.: Too heavy to lift. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
mass permissions change
Hello, I need to changes mailbox permissions to all users at the same time, there is any way to do that? thanks in advance, Felix -- Felix Cuello [EMAIL PROTECTED] - 818 - --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: mass permissions change
On Thu, Jun 10, 2004 at 09:31:10PM -0500, Albert Chin wrote: On Thu, Jun 10, 2004 at 06:06:14PM -0500, Albert Chin wrote: BTW, I think setacl takes wildcards. maybe you can do: setacl user.% [id] [rights] Hmmm... really interesting... Did you know if there are any way to remove permissions? something like unsetacl user.% :-) thanks again, Felix -- Felix Cuello [EMAIL PROTECTED] - 825 - Comer, besar y rascar, es solamente empezar. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
problems writting into the list
This is just a text because i wrote two messages last week but my own messages never come back. Felix -- Felix Cuello [EMAIL PROTECTED] - 774 - Las manos en la rueca, y los ojos en la puerta. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Problems creating folders
Hello,
I'm using cyrus 2.1.9 in a RedHat server. Everything was ok until
we installed a webmail program that allows users to write folders,
some users could write folders and some users no [including mine].
I checked permissions, i deleted and recreated mailboxes without
any success.
Migrating to a newest version of cyrus is my last hope, just
because we don't have more servers to do a migration without
stop service.
What can i do to solve creation problems?
i added altnamespaces: yes to my imapd configuration but
nothing happened.
Notes:
cyrus 2.1.9 was compiled by hand
webmail program is called webmail.cgi is a featured webmail
derived from dmailweb.
Redhat 7.2 [valhalla] {that's one of our oldest servers, but is
running ok sinces begining of 2003}
Thanks a lot for your help,
Felix
--
Felix Cuello
[EMAIL PROTECTED]
- 778 -
Los gastos vuelan al encuentro de los ingresos.
-- Segunda Ley de Parkinson.
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
problems with saslauthd
I don't know if that's the correct list to put this question. Please forgive me if not the correct list and notice me where can i write the problem. -- I'm trying to use Cyrus with sasl + ldap authentication. i get this error: # cyradm --user cyrus localhost IMAP Password: Login failed: authentication failure at /usr/lib/perl5/Cyrus/IMAP/Admin.pm line 126 cyradm: cannot authenticate to server as user cyrus and... # sasltestsuite Checking plaintext passwords... Failed with: sasl_checkpass() failed on simple case - The questions are: 1. how can i check cyrus is accessing sasl? 2. how can i check sasl is accessing ldap? i paste my [/usr/local/etc/saslauthd.conf] ldap_servers: ldap://127.0.0.1 ldap_bind_dn: cn=sasl.sinclair,ou=applications,dc=domain,dc=com ldap_bind_pw: sasl ldap_search_base: ou=people,dc=domain,dc=com ldap_timeout: 10 ldap_time_limit: 10 ldap_restart: yes - I appreciate your help, thanks in advance, Felix -- Felix Cuello [EMAIL PROTECTED] - 436 - ¡Hombre! Ten confianza, porque la raza de los mortales es de origen divino. -- Versos Dorados. Recopilación de sentencias de los discípulos de Pitágoras. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Strange account [maybe corrupted]
Hello, We are using cyrus-imapd-2.1.9 [compiled by hand] in a redhat box [Linux 2.4.20-20.7smp]. We have a really strange error with a Cyrus account and i'm sending the steps because i don't understand where is the problem: $ cyradm localhost IMAP Password: # user.imnotauser [is not an account] localhost lm user.imnotauser # user.fcuell [is MY account ;-) ] localhost lm user.fcuell user.fcuell (\NonExistent \Noselect \HasChildren) localhost dm user.fcuell deletemailbox: Mailbox does not exist localhost thanks for your help, Félix -- Felix Cuello [EMAIL PROTECTED] - 109 - Quien hila y tuerce, bien lo merece. --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus and Virtual Domains
Hello! I have two servers in two different works :-). One of this server are running Cyrus 2.1.9 with SASL 2.1.9 with an LDAP. [this server works fine!] [under RedHat 7.3] The second server [the problem :-)] are running a Debian Linux welll... Debian have Cyrus 1.5.19... using apt-get but in this server I must install virtual domains. Does Cyrus support virtual domains?, what can I read to start with Virtual Domains? regards... Felix -- Felix Cuello [EMAIL PROTECTED] Buenos Aires, ARGENTINA Qodiga/its http://www.qodiga.com
someoone are using saslauthd+ldaps?
Hello! I'm working with saslauthd+pam+ldaps but in theory, saslauthd could works with LDAPS without pam authentication. Someone are using saslauthd + ldaps?, because my saslauthd works fine with LDAP but not with LDAPS... Felix -- Felix Cuello [EMAIL PROTECTED] Buenos Aires, ARGENTINA Qodiga/its http://www.qodiga.com
SASLAUTHD problem and some others!
Hello! I need help!!! We are migrating our users from an old cyrus server to 2.1.9 cyrus server and I get this errors... What's that?? thanks! Felix Nov 13 10:03:46 sinclair pop3d[22138]: TLS engine: cannot load CA data Nov 13 10:03:46 sinclair pop3d[22138]: starttls: TLSv1 with cipher RC4-MD5 (128/128 bits reused) no authentication Nov 13 10:03:46 sinclair saslauthd[21761]: AUTHFAIL: user=grusko service=pop realm= Nov 13 10:04:11 sinclair pop3d[22164]: TLS engine: cannot load CA data Nov 13 10:04:11 sinclair pop3d[22164]: starttls: TLSv1 with cipher EXP1024-RC4-SHA (56/128 bits reused) no authentication Nov 13 10:04:29 sinclair imapd[20602]: DBERROR: error fetching user.vluis: DB_RUNRECOVERY: Fatal error, run database recovery Nov 13 10:04:29 sinclair imapd[20602]: DBERROR: error fetching user.vluis: cyrusdb error Nov 13 10:04:39 sinclair saslauthd[21762]: AUTHFAIL: user=mocchi service=pop realm= Nov 13 10:04:41 sinclair saslauthd[21759]: AUTHFAIL: user=pcasaj service=pop realm= -- Felix Cuello [EMAIL PROTECTED] Qodiga/its Av.Santa Fe 882 P.13 Of. E C.P. ABP1059C Tel.: (54) 011 - 4312-1698 Buenos Aires - Argentina
Cyrus DBERROR
I'm really nervous with that... ? what can I do? thanks a lot Felix Nov 13 10:14:32 sinclair lmtpd[22676]: DBERROR: error closing deliverdb: cyrusdb error Nov 13 10:14:32 sinclair lmtpd[22676]: DBERROR: error closing: DB_RUNRECOVERY: Fatal error, run database recovery Nov 13 10:14:32 sinclair lmtpd[22676]: DBERROR: error closing mailboxes: cyrusdb error Nov 13 10:14:32 sinclair lmtpd[22676]: DBERROR: error exiting application: DB_RUNRECOVERY: Fatal error, run database recovery Nov 13 10:14:32 sinclair lmtpd[22676]: DBERROR: error exiting application: cyrusdb error Nov 13 10:14:32 sinclair lmtpd[22667]: unable to tell master 2: Broken pipe Nov 13 10:14:32 sinclair lmtpd[22667]: DBERROR: error closing: DB_RUNRECOVERY: Fatal error, run dat -- Felix Cuello [EMAIL PROTECTED] Qodiga/its Av.Santa Fe 882 P.13 Of. E C.P. ABP1059C Tel.: (54) 011 - 4312-1698 Buenos Aires - Argentina
Re: saslatuhd, ldap, login incorrect :(
On Fri, Nov 08, 2002 at 12:30:40AM -0500, Igor Brezac wrote: It looks like you are hitting ldap_timeout, default is 5 seconds. You might fix the problem if you increase the value of this parameter. You're always right Igor!, It was an indexing problem. We have 6500 users into our LDAP users directory, and LDAP takes 1,5 sec. to resolve a query. Then the solution was to index uid in LDAP and then put in slapd.conf the parameter to mantain indexed this field. Thanks for your time! Felix -- Felix Cuello [EMAIL PROTECTED] Qodiga/its Av.Santa Fe 882 P.13 Of. E C.P. ABP1059C Tel.: (54) 011 - 4312-1698 Buenos Aires - Argentina
saslatuhd, ldap, login incorrect :(
Hello! I'm actually working with Cyrus 2.1.9 and sasl2.1.9 and sometimes (solved the entrophy problem) my POP server sometimes returns incrrect username or password. It could be because I'm using ldap beta support of saslauthd?. I'm working with LDAP 2.0.23. Thanks a lot! Felix -- Felix Cuello [EMAIL PROTECTED] Qodiga/its Av.Santa Fe 882 P.13 Of. E C.P. ABP1059C Tel.: (54) 011 - 4312-1698 Buenos Aires - Argentina
Re: saslatuhd, ldap, login incorrect :(
On Thu, Nov 07, 2002 at 11:20:22AM -0500, Kervin L. Pierre wrote: Try running ethereal and listening to the ldap traffic when the bad logins occur. Or running OpenLDAP with extra logging. Sorry for the long post, but... do you think that this could be the problem?, How can I solve that? Some information: model name : Pentium III (Coppermine) stepping: 6 cpu MHz : 996.928 cache size : 256 KB # free total used free sharedbuffers cached Mem:514432 275884 238548 0 88024 148112 -/+ buffers/cache: 39748 474684 Swap: 522232 0 522232 Felix /var/log/messages--- v 4 18:06:52 sinclair saslauthd[29347]: ldap_search_st() failed: Timed out Nov 4 18:06:53 sinclair saslauthd[29348]: ldap_search_st() failed: Timed out Nov 4 18:06:59 sinclair saslauthd[29346]: ldap_search_st() failed: Timed out Nov 4 18:07:02 sinclair saslauthd[29347]: ldap_search_st() failed: Timed out Nov 4 18:07:05 sinclair saslauthd[29348]: ldap_search_st() failed: Timed out Nov 4 18:07:06 sinclair saslauthd[29344]: ldap_search_st() failed: Timed out Nov 4 18:07:06 sinclair saslauthd[29345]: ldap_search_st() failed: Timed out Nov 4 18:07:07 sinclair saslauthd[29346]: ldap_search_st() failed: Timed out Nov 4 18:07:20 sinclair saslauthd[29344]: ldap_search_st() failed: Timed out Nov 4 18:19:08 sinclair saslauthd[29344]: ldap_search_st() failed: Timed out Nov 4 18:19:15 sinclair saslauthd[29346]: ldap_search_st() failed: Timed out Nov 4 18:19:16 sinclair saslauthd[29347]: ldap_search_st() failed: Timed out Nov 4 18:19:20 sinclair saslauthd[29348]: ldap_search_st() failed: Timed out Nov 4 18:19:20 sinclair saslauthd[29344]: ldap_search_st() failed: Timed out Nov 4 18:39:01 sinclair saslauthd[29348]: ldap_search_st() failed: Timed out Nov 4 18:39:03 sinclair saslauthd[29344]: ldap_search_st() failed: Timed out Nov 4 18:39:03 sinclair saslauthd[29345]: ldap_search_st() failed: Timed out Nov 4 18:40:47 sinclair saslauthd[29344]: ldap_search_st() failed: Timed out Nov 4 18:40:55 sinclair saslauthd[29345]: ldap_search_st() failed: Timed out Nov 5 19:02:12 sinclair saslauthd[32617]: ldap_search_st() failed: Timed out -- Felix Cuello [EMAIL PROTECTED] Qodiga/its Av.Santa Fe 882 P.13 Of. E C.P. ABP1059C Tel.: (54) 011 - 4312-1698 Buenos Aires - Argentina
POP AUTHFAIL
Hello! I'm still in troubles... working with Cyrus 2.1.9 and SASL 2.1.9, doing authentication into an openldap server... this error appers in my /var/log/messages Nov 7 15:00:11 sinclair pop3d[3432]: login: sinclair[200.xxx.xxx.xxx] fcuell plaintext Nov 7 15:00:49 sinclair saslauthd[554]: AUTHFAIL: user=fcuell service=pop realm= Why this fails sometimes?, Thanks a lot, Felix -- Felix Cuello [EMAIL PROTECTED] Qodiga/its Av.Santa Fe 882 P.13 Of. E C.P. ABP1059C Tel.: (54) 011 - 4312-1698 Buenos Aires - Argentina
Re: POP AUTHFAIL
On Thu, Nov 07, 2002 at 02:01:02PM -0500, Erik Enge wrote: [EMAIL PROTECTED] (Felix Cuello) writes: Nov 7 15:00:11 sinclair pop3d[3432]: login: sinclair[200.xxx.xxx.xxx] fcuell plaintext Nov 7 15:00:49 sinclair saslauthd[554]: AUTHFAIL: user=fcuell service=pop realm= Are you authenticating via PAM? You might need to add an entry for pop in /etc/pam.d. Erik. no, I'm authenticating via saslauthd -a ldap [I suppose that unstability could be because sasl is beta... but other people in the list told me that sasl works fine with ldap] Now I'm sniffing connections to understand where is the problem. thanks! Felix -- Felix Cuello [EMAIL PROTECTED] Qodiga/its Av.Santa Fe 882 P.13 Of. E C.P. ABP1059C Tel.: (54) 011 - 4312-1698 Buenos Aires - Argentina
Re: POP AUTHFAIL
I comiled testsaslauthd to check connections and it fails sometimes! [root@sinclair saslauthd]# ./testsaslauthd -u fcuell -p secret -R 10 0: OK Success. 1: OK Success. 2: OK Success. 3: NO authentication failed 4: OK Success. 5: OK Success. 6: OK Success. 7: OK Success. 8: NO authentication failed 9: OK Success. Where can I find more information? Thanks!!! -- Felix Cuello [EMAIL PROTECTED] Qodiga/its Av.Santa Fe 882 P.13 Of. E C.P. ABP1059C Tel.: (54) 011 - 4312-1698 Buenos Aires - Argentina
Re: POP AUTHFAIL [more info]
Well... doing a 100 repeats using testsaslauthd... I discovered that error is cyclic... :-) ./testsaslauthd -u fcuell -p secret -R 100 [all other tests like 0,1,2,4,5,6,7,9,10, etc. works fine] 3: NO authentication failed 8: NO authentication failed 13: NO authentication failed 18: NO authentication failed 23: NO authentication failed 28: NO authentication failed and continues the error in 33, 38, 43, 48 and so on.. :-) This is normal? Thanks Felix -- Felix Cuello [EMAIL PROTECTED] Qodiga/its Av.Santa Fe 882 P.13 Of. E C.P. ABP1059C Tel.: (54) 011 - 4312-1698 Buenos Aires - Argentina
auth fail - saslauthd+ldap
I solved my problem with sasl... just changing the line of fork process, What do you think about this problem?, saslauthd comes with 5 fork process maximum, now (only for testing and tunning) y replaced this with 40 fork process... it's too much... but it works!... How can I tune this? Thanks a lot for your time and help! Felix -- Felix Cuello [EMAIL PROTECTED] Qodiga/its Av.Santa Fe 882 P.13 Of. E C.P. ABP1059C Tel.: (54) 011 - 4312-1698 Buenos Aires - Argentina
250 IGNOREQUOTA configuration
Hello, I think this could be a stupid question, but why Cyrus responds IGNOREQUOTA to sendmail when mail transaction begins? C 220 sinclair LMTP Cyrus v2.1.9 ready S LHLO mail.palermo.edu.ar C 250-sinclair C 250-8BITMIME C 250-ENHANCEDSTATUSCODES C 250-PIPELINING C 250-SIZE C 250-AUTH EXTERNAL C 250 IGNOREQUOTA This is my first lines in an email transaction process [this was readed using my own perl script to do a bridge between cyrus and sendmail to filter mails]. I know this message is only for sendmail, but in fact Cyrus is not checking email quota. Where can I configure that? thanks a lot Felix -- Felix Cuello [EMAIL PROTECTED] Qodiga/its Av.Santa Fe 882 P.13 Of. E C.P. ABP1059C Tel.: (54) 011 - 4312-1698 Buenos Aires - Argentina
Re: pop3d unstable
You might be running out of entrophy. What happens when you: cat /dev/random Thanks to all responses... I have an entrophy problem =) When I type this: cat /dev/random just 3 lines was displayed on screen... an then stops... a second cat /dev/random just doesn't returns anything =) I'm recompiling sasl to use /dev/urandom... Thanks a lot for all! Felix Sorry for my poor english ___ http://www.palermo.edu ___
pop3d unstable
Hello, i'm using cyrus-2.1.9 and sasl 2.1.9, and pop3d sometimes doesn't respond. That means, when I do this: [rootsinclair tmp]# telnet localhost 110 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. pop3d does't respond... but [rootsinclair tmp]# telnet localhost 143 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * OK sinclair Cyrus IMAP4 v2.1.9 server ready quickly show me OK. --- This problem only occurs into my production server, in fact in my desktop computer all works fine... with exactly the same configuration and packages Do you know where can I start? Thanks a lot, Sorry for my poor english, Felix ___ http://www.palermo.edu ___
Re: sasl 2.1.9 + LDAPS problem
#ldap_tls_check_peer: yes - This can get you in trouble if your certificates are not setup properly on both the ldap server and the client. I was comented this line... but Cyrus does not recognize IMAP/POP users using ldaps Does ldapsearch -x -H ldaps://hostname.domain/ -b ou=people,dc=,dc=xxx \ -Duid=cyrus,ou=people,dc=xxx,dc=xxx -W uid=some_username work? YES!... it does. mmm I'm thinking that it can be ACL problem, because this query retrieved all fields of my user except userPassword. But is rare, because trying the same ldapsearch but using ldap (instead ldaps) userPassword does not come in the fields, but cyrus can check the user identity [ACL rules is configured to do that] Have you checked openldap syslog? Yes... and look this: - 1.- when I put this line into my saslauthd.conf ldap_servers: ldap://upsoluciones.palermo.edu/ the messages are: Oct 18 10:56:59 upsoluciones pop3d[23559]: login: upsoluciones[127.0.0.1] fcuell plaintext And I can check my mail fine!. -- 2.- When I put this line into my saslauthd.conf ldap_servers: ldaps://upsoluciones.palermo.edu/ the messages are: Oct 18 11:00:02 upsoluciones saslauthd[23583]: ldap_simple_bind(as uid=cyrus,ou=people,dc=palermo,dc=edu) failed (Can't contact LDAP server) Oct 18 11:00:02 upsoluciones saslauthd[23583]: lak_bind() failed Oct 18 11:00:02 upsoluciones saslauthd[23583]: AUTHFAIL: user=fcuell service=pop realm= And I can't check my email - This is my netstat -antp output (just the lines of ldap server) tcp0 0 0.0.0.0:389 0.0.0.0:* LISTEN 32365/slapd tcp0 0 0.0.0.0:636 0.0.0.0:* LISTEN 32365/slapd - What do you think?... I'm really lost with this problem.. Thanks a lot for your time! Felix SFMPE == Sorry For My Poor English :-)
Re: sasl 2.1.9 + LDAPS problem
Well... I'm trying now to start slapd with -d 8, but I have a little problem to start ldaps, because running daemon directly from command line ldaps doesn't start, but works if I run from ldap script... [when I resolve this problem I will send openldap logfile] But... I was tried this: Sniffing connections using ethereal I see that: saslauthd doesnt send Client Hello (SSL) and when I do ldapsearch -x -H ldaps://upsoluciones.palermo.edu/ -b ou=people,dc=palermo,dc=edu -Duid=cyrus,ou=people,dc=palermo,dc=edu -W uid=fcuell ldapclient send Client Hello and the connection is established.. Then all fields in fcuell are displayed. I think that ldap server expects Client Hello from saslauthd and it never comes. What do you think? Thanks a lot Felix --- Felix Cuello [EMAIL PROTECTED] Qodiga/its http://www.qodiga.com /\ ASCII Ribbon Campaign \ / No HTML in mail or news! X / \ ---
Re: sasl 2.1.9 + LDAPS problem
That's all for LDAPS with SASLAUTHD and slapd -d 8 -h ldap:/// ldaps:/// daemon: activity on 1 descriptors daemon: new connection on 10 daemon: added 10r daemon: activity on: daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL That's all for LDAP with SASLAUTHD and slapd -d 8 -h ldap:/// ldaps:/// daemon: activity on 1 descriptors daemon: new connection on 10 daemon: added 10r daemon: activity on: daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL daemon: activity on 1 descriptors daemon: activity on: 10r daemon: read activity on 10 daemon: select: listen=6 active_threads=1 tvp=NULL daemon: select: listen=7 active_threads=1 tvp=NULL ber_flush: 14 bytes to sd 10 daemon: activity on 1 descriptors daemon: activity on: 10r daemon: read activity on 10 daemon: select: listen=6 active_threads=1 tvp=NULL daemon: select: listen=7 active_threads=1 tvp=NULL ber_flush: 667 bytes to sd 10 ber_flush: 14 bytes to sd 10 daemon: activity on 1 descriptors daemon: activity on: 10r daemon: read activity on 10 daemon: select: listen=6 active_threads=2 tvp=NULL daemon: select: listen=7 active_threads=2 tvp=NULL ber_flush: 14 bytes to sd 10 daemon: activity on 1 descriptors daemon: activity on: 10r daemon: read activity on 10 daemon: select: listen=6 active_threads=2 tvp=NULL daemon: select: listen=7 active_threads=2 tvp=NULL ber_flush: 14 bytes to sd 10 Sorry for the long post Felix --- Felix Cuello [EMAIL PROTECTED] Qodiga/its http://www.qodiga.com /\ ASCII Ribbon Campaign \ / No HTML in mail or news! X / \ ---
Re: sasl 2.1.9 + LDAPS problem
Here are the stdout of slapd. What do you think? thanks for your time and patience! Felix @(#) $OpenLDAP: slapd 2.0.23-Release (Thu Feb 21 12:43:53 EST 2002) $ [EMAIL PROTECTED]:/usr/src/build/73902-i386/BUILD/openldap-2.0.23/build-krb5/servers/slapd daemon_init: listen on ldap:/// daemon_init: listen on ldaps:/// daemon_init: 2 listeners to open... ldap_url_parse_ext(ldap:///) daemon: socket() failed errno=97 (Address family not supported by protocol) daemon: initialized ldap:/// ldap_url_parse_ext(ldaps:///) daemon: socket() failed errno=97 (Address family not supported by protocol) daemon: initialized ldaps:/// daemon_init: 2 listeners opened slapd init: initiated server. slap_sasl_init: initialized! slapd startup: initiated. slapd starting ldap_pvt_gethostbyname_a: host=upsoluciones, r=0 daemon: conn=0 fd=10 connection from IP=200.69.213.9:1478 (IP=0.0.0.0:31746) accepted. --- Felix Cuello [EMAIL PROTECTED] Qodiga/its http://www.qodiga.com /\ ASCII Ribbon Campaign \ / No HTML in mail or news! X / \ ---
sasl 2.1.9 + LDAPS problem
Hello, Well... sasl 2.1.9 doesn't solved my problem...then... I have a configuration problem. I'm actually are running Cyrus 2.1.9, sasl 2.1.9 and openldap 2.0.23-4,,, all this in a red h 7.3... In my /usr/local/etc/saslauthd.conf, I have this lines: # doesn't work with ldap_servers: ldap://localhost # doesn't work with ldap_servers: ldaps://hostnamedomain:636 ldap_servers: ldap://hostname.domain/ ldap_bind_dn: uid=cyrus,ou=people,dc=xxx,dc=xxx ldap_bind_pw: xxx ldap_search_base: ou=people,dc=,dc=xxx ldap_tls_check_peer: yes ldap_tls_cacert_file: certificate.pem ldap_tls_cacert_dir: /usr/share/ssl/certs/ I was tried some tests, like: stunnel ldap --- ldaps and that works fine... because saslauthd tries to connect a simple ldap server and STUNNEL do the rest with LDAPS server... But I don't want to use stunnel, because is a little bit unstable.. thanks a lot and sorry for my poor english :-) Felix
Problems with IMAPS and POPS
Hello! I'm actually using Cyrus 2.1.8 with SASL 2.1.7, and I have some problems to config my Cyrus to accept SSL connections. Here is my 3 first lines of netstat -at Proto Recv-Q Send-Q Local Address Foreign Address State tcp0 0 *:imaps *:* LISTEN tcp0 0 *:pop3s *:* LISTEN -- And my /usr/local/etc/saslauhtd.conf ldap_servers: ldap://upsoluciones.palermo.edu/ ldap_bind_dn: uid=cyrus,ou=people,dc=palermo,dc=edu ldap_bind_pw: ldap_search_base: ou=people,dc=palermo,dc=edu ldap_tls_check_peer: yes ldap_tls_cacert_file: palermoca.pem ldap_tls_cacert_dir: /usr/share/ssl/certs/ Changing 2 last lines for this lines... ldap_tls_cacert_file: /usr/share/ssl/certs/palermoca.pem #ldap_tls_cacert_dir: /usr/share/ssl/certs/ I have the same problem... IMAPPOP works fine, but IMAPSPOPS not. /var/log/errors shows this: Oct 2 13:09:00 upsoluciones su(pam_unix)[12631]: session closed for user root Oct 2 13:09:33 upsoluciones su(pam_unix)[12740]: session opened for user root by felix(uid=500) Oct 2 13:12:58 upsoluciones su(pam_unix)[12740]: session closed for user root Oct 2 13:18:05 upsoluciones su(pam_unix)[12841]: session opened for user root by felix(uid=500) Oct 2 13:20:23 upsoluciones ctl_mboxlist: ctl_mboxlist -c is deprecated: use ctl_cyrusdb -c instead^H Oct 2 13:20:24 upsoluciones ctl_mboxlist[12882]: checkpointing mboxlist - What's wrong??, I'm actually using Netscape 4.79 (for Linux) to check POPS mail, and Netscape run in the machine that I'm running LDAP, CYRUS and SASL. [Yes I know... my computer date is wrong :-)] Can you help me? thanks a lot, and sorry for my poor english, Felix
Re: Problems with IMAPS and POPS
Were Can I find the newest and most generic cyrus.conf or/and documentation to make cyrus.conf from scratch Thanks Felix --- Felix Cuello [EMAIL PROTECTED] Qodiga/its http://www.qodiga.com Santa Fe 882 - Piso 13 - Of.E Buenos Aires, ARGENTINA quote who=Connie Starr Fensky First of all, it looks like you did not update your cyrus.conf from a 2.0 version. That is the cause of the ctl_mboxlist vs ctl_cyrusdb error message in the log. Sorry, I cannot help with the secure shell part. c*
Re: Problems with IMAPS and POPS
Yes!!!... it is working! I've just added this three lines to my /etc/imapd.conf tls_cert_file: /usr/share/ssl/certs/cert.pem tls_key_file: /usr/share/ssl/certs/cert.key tls_require_cert: 0 And IMAPS POPS (pops not tested yet) works fine!! thanks a lot! Felix --- Felix Cuello [EMAIL PROTECTED] Qodiga/its http://www.qodiga.com Santa Fe 882 - Piso 13 - Of.E Buenos Aires, ARGENTINA Do 'man imapd.conf' and search for tls_(cert|key)_file and possibly tls_ca_(file|path) params. You can also find info in $cyrus-imapd/doc/install-configure.html#open. Hope this helps. -Igor
Re: Newbie Q's: Mailbox not found
Hi! Remember that all cyrus email accounts must start with: user. Then... when you create a cyrus user mail account, just do this (or something like this =): $ cyradm --user cyrus localhost password: xx cyradm cm user.jsd cyradm sam user.jsd user.jsd rd cyradm sam user.cyrus user.jsd all cyradm sq user.jsd 5000 cyradm quit 1.line) Create Mailbox user.jsd 2.line) Set READ-DELETE permissions to the owner 3.line) Set ALL permissions to cyrus admin 4.line) Creates around 5Mb of Quota for this account 5.line0 Voila! :) Try this... and remember user.jsd :-) --- Felix Cuello [EMAIL PROTECTED] Qodiga/its http://www.qodiga.com Santa Fe 882 - Piso 13 - Of.E Buenos Aires, ARGENTINA
SASLAUHTD + SSL + LDAP problem
Hello! I was installed Cyrus 2.1.8 with SASL 2.1.7 in my Linux Redhat 7.3, and I have some troubles to use SSL + SASLAUTHD + openLDAP. I can search LDAP (using LDAPS) from netscape using ldaps://ldaps.mycomputer/dc=domain,dc=edu??sub?(uid=*felix*) But, when I try to login users using SASLAUTHD, I found that SASLauthd connects to LDAPserver but SSLv2 doesn't say HELLO. And the communication is broken at this point. Here are my saslauhtd.conf: ldap_servers: ldaps://upsoluciones.palermo.edu/ ldap_bind_dn: uid=cyrus,ou=people,dc=palermo,dc=edu ldap_bind_pw: ldap_search_base: ou=people,dc=palermo,dc=edu ldap_tls_check_peer: yes ldap_tls_cacert_file: palermoca.pem ldap_tls_cacert_dir: /usr/share/ssl/certs/ -- All works fine if I change ldap_servers line to this line: ldap_servers: ldap://upsoluciones.palermo.edu but... In this case the communication doesn't have encrypted... What's the error thanks for your help, and forgive my poor english :) Felix
