Upgrade path fom 2.1.4 rpm to 2.1.12 tarball?
Are there any pitfalls with upgrading from 2.1.4 to 2.1.12? Well my case is more special than that... I was using 2.1.4 from Luca Olivetti's rpm's for Mandrake and plan to use the source tarballs direct from carnegie mellon... The one thing I see that might be non-standard is that Luca had some patches to cyrus-imapd that I have no clue if they're included or not. Namely he had: 2.0.5-mandir.patch 2.0.9-cflags.patch 2.0.12-deliverman.patch 2.0.12-cyradm_man_sec.patch 2.1.3-service-path.patch And I see in 2.1.12 he has Mdk9.0perl-patch (not applicable to me) Logident.patch I wasn't using anything special from that setup except unixhierarchsep. Thx, Jeff
unixhierarchy/altnamespace IMAP folders, bug?
When I use the unixhierarchy/altnamespace options in imapd.conf I can't create sub-folders in the main inbox but I can create folders outside the main inbox and then create subfolders in those. When I turn unixhierarchy/altnamespace off then I can create subfolders in the main inbox but not outside of it. I'm pretty new to imap... is this correct behaviour? Jeff
RE: Compiling (was secure imap)
We feel... felt your pain... btw here's a pretty good HOWTO I used back when I compiled 2.0.15... note it has some differences since it includes the HIERSEP patch. http://dudle.linuxroot.org/docs/postfix_cyrus/ Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Phil Dibowitz Sent: Tuesday, May 21, 2002 2:28 PM To: [EMAIL PROTECTED] Subject: Re: Compiling (was secure imap) Phil Dibowitz wrote: ./configure ran fine make depend ran fine make all CFLAGS=-O however, gives: I was able to get around this by replacing /usr/local/share/bison.simple with /usr/lib/bison.simple in the sieve/Makefile. Then I got com_err.h not found from imapd.c - I replaced #include com_err.h with #include et/com_err.h Isn't that what automake is for? Stupid autoconf Gr. now index.c needs com_err.h I'm gonna link the damn thing. Phil -- They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -Benjamin Franklin, 1759
RE: Secure Imap Problems
when you use '-m login' imtest bypasses the sasldb and goes straight
for your shadow file. did you try that with a valid linux user?
also, you might try starting saslauthd:
# saslauthd -a pam
in imapd.conf
sasl_passwd_check: sasldb
# saslpasswd -c cyrususer
# sasldblistusers
*** NOTE WHAT REALM THE PASSWORDS ARE IN ***
# imtest -a cyrususer -u cyrususer -r REALM REALM
Jeff
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Phil Dibowitz
Sent: Tuesday, May 21, 2002 3:18 PM
To: [EMAIL PROTECTED]
Subject: Re: Secure Imap Problems
Alright, brand-spankin' new Cyrus-imap 2.0.16 installed from source.
I want to get regular imap working before secure imap. I got my
imapd.conf
file set, and my cyrus.conf file set. I have two users (cyrus and
test) who
both have real accounts, and sasldb accounts.
I can't authenticate.
I've tried
sasl_passwd_check: sasldb
sasl_passwd_check: passwd
sasl_passwd_check: shadow
And I've restarted 'master' each time and onery attempt to
login gives me:
C: L01 LOGIN test {13}
+ go ahead
C: omitted
L01 NO Login failed: authentication failure
Authentication failed. generic failure
Security strength factor: 0
That's from imtest. (imtest -m login -p imap localhost)
Maybe this is more helpful - when I try to use cyradm localhost I get:
Login failed: authentication failure at
/usr/lib/perl5/site_perl/5.6.0/i386-linux/Cyrus/IMAP/Admin.pm line 78
cyradm: cannot authenticate to server with as test
The users I'm trying are 'cyrus' and 'test.' Cyrus is an 'admin' in
imapd.conf, while test is not.
GAH!
Phil
--
They that can give up essential liberty to obtain a little
temporary safety
deserve neither liberty nor safety.
-Benjamin Franklin, 1759
RE: HORRIBLE SASL Auth Probs!!
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Phil Dibowitz Sent: Tuesday, May 21, 2002 5:10 PM To: [EMAIL PROTECTED] Subject: HORRIBLE SASL Auth Probs!! Gah! I'm pulling my hair out trying to get this sasl stuff to work!! I've removed /etc/sasldb and recreated it using saslpasswd... I've tried explicitly giving all information (i.e. saslpasswd -u 'localhost' -c test saslpasswd -u 'bonanza' -c test) (I'd remove the localhost one before trying bonanza). I've tried providing as littls as possible: saslpasswd test Coresponding with the attempts above I've tried: imtest -a test -u test -r localhost localhost imtest -a test -u test -r bonanza bonanza imtest -a test -u test -r bonanza localhost imtest -a test -u test -r localhost bonanza and each of those above with '-p imap' then each one of those above with '-m login' then each one of those above with '-m login -p imap' then # su test $ imtest localhost imtest -m login locahost imtest -p login localhost imtest -m login -p imap localhost The saslauthd that Jeff suggested seems to be a part of the 2.1.2 branch of sasl... which I'm not using. Not fully, the way I used to startup saslauthd in cyrus-sasl-1.5.24 was: # saslauthd -a pam also, I never forced the hostname (realm) i just used: # saslpasswd -c cyrususer enter pass then checked what the hostname (realm) was by: # sasldblistusers and i only ever used my FQDN so I don't know if the aliases for the host work or not. Did you compile cyrus-imapd-2.0.16 with the '--with-auth=unix' option... if not that will explain it all. Jeff Any help would be MUCH appreciated. Here is some last bit of info for you: Cyrus 2.0.16 compiled from Source # rpm -qa | grep -i sasl cyrus-sasl-1.5.24-17 cyrus-sasl-devel-1.5.24-17 # rpm -qa | grep -i cyrus cyrus-sasl-1.5.24-17 cyrus-sasl-devel-1.5.24-17 perl-Cyrus-2.0.16-3rm My only thought now is that that perl-Cyrus rpm may be messing with things (it's from before when I had installed Cyrus imap from RPM) - but I'm worried to uninstall it for fear if needing it... Phil -- They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -Benjamin Franklin, 1759
RE: HORRIBLE SASL Auth Probs!!
bummer, i know I'm repeating myself somewhat but here we go: 0) add debug logs to syslog: local6.debug-/var/log/imapd.log auth.debugy -/var/log/saslauthd.log # /etc/init.d/syslog restart 1) start saslauthd # saslauthd -a pam 2) edit /etc/imapd.conf sasl_pwcheck_method: sasldb allowplaintext: yes 3) start cyrus-imapd 4) create a user # saslpasswd -c test 5) check their domain # sasldblistusers 6) chown the sasldb file # chown cyrus.mail /etc/sasldb (or your path to it) 7) try cyradm # cyradm --user test --server realm from sasldblistusers 8) IF THAT FAILS... crap. # tail /var/log/imapd.log # tail /var/log/saslauthd.log post the output... also, what version of berkeley db are you using? Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Phil Dibowitz Sent: Tuesday, May 21, 2002 6:06 PM To: [EMAIL PROTECTED] Subject: Re: HORRIBLE SASL Auth Probs!! Jeff Bert wrote: Did you compile cyrus-imapd-2.0.16 with the '--with-auth=unix' option... if not that will explain it all. I just recompiled and reinstalled with the '--with-auth=unix' option - same exact deal. Any ideas? Phil -- They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -Benjamin Franklin, 1759
RE: Cyrus 2.1.4 :Autentication problems
Margartia, 1) when you compiled cyrus-sasl did you compile with the option: --with-saslauthd ? 2) what are the contents of your /etc/pam.d/imap and /etc/pam.d/pop files? Jeff -Original Message- From: Margarita Sanz [mailto:[EMAIL PROTECTED]] Sent: Monday, May 20, 2002 5:37 AM To: Jeff Bert Subject: Re: Cyrus 2.1.4 :Autentication problems Hi, Jeff. Sorry, I forget to include my imapd.conf: configdirectory: /eui/adm/imap partition-default: /var/spool/imap allowanonymouslogin: no allowplaintext:yes admins: cyrus #sasl_pwcheck_method: sasldb sasl_pwcheck_method: saslauthd My saslauthd isn't run because when I write: # saslauthd -a pam I get : /var/state/saslauthd: No such file or directory I have created /var /state/saslauthd and saslauthd woks... I run $ /usr/local/bin/imtest -u marga -a marga cartero and after write my password (marga) y get: C: C01 CAPABILITY S: * OK cartero.eui.upm.es Cyrus IMAP4 v2.1.4 server ready S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=OTP AUTH=DIGEST-MD5 AUTH=CRAM-MD5 S: C01 OK Completed C: A01 AUTHENTICATE DIGEST-MD5 S: + bm9uY2U9InB2MDFMOERjRFBhWTVRK0l4eWdrcXhHVlVSOHdVa3ZWb21ZWUNnSUVjR2 89IixyZWFsbT0iY2FydGVyby5ldWkudXBtLmVzIixxb3A9ImF1dGgsYXV0aC1pbnQs YXV0aC1jb25mIixjaXBoZXI9InJjNC00MCxyYzQtNTYscmM0LGRlcywzZGVzIixjaG Fyc2V0PXV0Zi04LGFsZ29yaXRobT1tZDUtc2Vzcw== Please enter your password: C: dXNlcm5hbWU9Im1hcmdhIixyZWFsbT0iY2FydGVyby5ldWkudXBtLmVzIixub25jZT 0icHYwMUw4RGNEUGFZNVErSXh5Z2txeEdWVVI4d1VrdlZvbVlZQ2dJRWNHbz0iLGNu b25jZT0iZ0IrbFZlU0RvYnBqRzYzUzdvd1hqUm5uanBxVkZJT25KOFVaRGZBOGdiZz 0iLG5jPTAwMDAwMDAxLHFvcD1hdXRoLWNvbmYsY2lwaGVyPSJyYzQiLGNoYXJzZXQ9 dXRmLTgsZGlnZXN0LXVyaT0iaW1hcC9jYXJ0ZXJvLmV1aS51cG0uZXMiLHJlc3Bvbn NlPThkNzE3ZDU0YjU5MzBiMjVkNjJjYTZmOWUzMmMzZjcw S: + cnNwYXV0aD1hZmE3MWE5ZGEwOGM2M2QxMDlkYTE4MTJjMTRhMWI0Yw== C: S: A01 OK Success (privacy protection) Authenticated. Security strength factor: 128 I was very happy, but when I try to connect into IMAP server from Outlock Express then I have the same problem:Connection refused. I Know that is because in Out. Express I can not select CRAN-MD5 or DIGEST-MD5 (with K-Mail I can connect into IMAP server and get mail). This is the reason because I need work in plain-text... Thanks Marga. Jeff Bert wrote: Margarita, Are you sure saslauthd is running? What authentication method are you using in your imapd.conf file: sasl_pwcheck_method = ? If you have imapd.conf: sasl_pwcheck_method: saslauthd and you started saslauthd with: # saslauthd -a pam then try this against a real linux user: # imtest -m login -u realuser -a realuser -r domain domain and if you've added someone to the sasldb via: # saslpasswd2 -c mailuser then try: # imtest -u mailuser -a mailuser -r domain domian Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Margarita Sanz Sent: Friday, May 17, 2002 3:48 AM To: [EMAIL PROTECTED] Subject: Cyrus 2.1.4 :Autentication problems Hi, I have just installed Cyrus 2.1.4 and Cyrus SASL 2.1.2 If I connect into the IMAP server, all is OK: Trying 138.100.xx.39... Connected to cartero. Escape character is '^]'. * OK cartero Cyrus IMAP4 v2.1.4 server ready I have created a Cyrus user named marga, and she is in the password database (/etc/sasldb2). When I try to connect into IMAP server from Outlook Express, I get an error message: Connection refused. I have used imtest to test logging: /usr/local/bin/imtest -u marga cartero Then, I get the next message: C: C01 CAPABILITY S: * OK cartero.eui.upm.es Cyrus IMAP4 v2.1.4 server ready S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=OTP AUTH=DIGEST-MD5 AUTH=CRAM-MD5 S: C01 OK Completed C: A01 AUTHENTICATE DIGEST-MD5 S: + bm9uY2U9IlM4MTRXbmQ2QlhyRUVzQXFNRkhkQWtrbTJPUnBpaHJMSzlkY1orRFhwWE 09IixyZWFsbT0iY2FydGVyby5ldWkudX BtLmVzIixxb3A9ImF1dGgsYXV0aC1pbnQsYXV0aC1jb25mIixjaXBoZXI9InJjNC00 MCxyYzQtNTYscmM0LGRlcywzZGVzIixjaGFyc2V0 PXV0Zi04LGFsZ29yaXRobT1tZDUtc2Vzcw== Please enter your password: C:dXNlcm5hbWU9ImN5cnVzIixyZWFsbT0iY2FydGVyby5ldWkudXBtLmVzIixhdXRo emlkPSJtYXJnYSIsbm9uY2U9IlM4MTRXbmQ2Ql hyRUVzQXFNRkhkQWtrbTJPUnBpaHJMSzlkY1orRFhwWE09Iixjbm9uY2U9IlpZdEp3 UW1CYTJTVFIzWTlmd3cvMWtMaUZuZ2FX bkZ4aVk1R1kvVDF5TGc9IixuYz0wMDAwMDAwMSxxb3A9YXV0aC1jb25mLGNpcGhlcj 0icmM0IixjaGFyc2V0PXV0Zi04LGRpZ2Vzd C11cmk9ImltYXAvY2FydGVyby5ldWkudXBtLmVzIixyZXNwb25zZT1mMDUwN2ZjYzk 3Y2IxYmQwYmY0OWVjM2JjMWNhOTMyOA
RE: What is wrong with ASMTP with SASLv2?
my 1 cent is that I use plaintext passwords and don't like the idea that their password is transmitted whenever they're sending mail. I only use POP3S/IMAPS. I messed around with SMTPS but that was back in my totally newbie days (now I'm a newbie+) and never got it working so I just moved onto the pop-before-smtp idea. If you could let me in on the workings or SMTPS and SMTP AUTH I'd be willing to give it a try again. Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Scott M Likens Sent: Monday, May 20, 2002 9:19 AM To: Ron Kuris; Henrique de Moraes Holschuh Cc: [EMAIL PROTECTED] Subject: What is wrong with ASMTP with SASLv2? (Was Re: FYI: pop-before-smtp works with cyrus-imapd-2.1.4) 10 cents I'll be honest I had the relay problem, so i just enabled ASMTP with SASLv2, and after figuring out all the options. It works GREAT! All my users can relay without me adding 1 single rule for insecurity. I believe most E-Mail Clients that are WYSWIG or GUI Support ASMTP, unfortunatly i'm not sure pine/mutt does so you gotta set your email address right becuause those usually sendmail so it's not an issue as much. But of course you can configure postfix to relay against only 1 server and use TLS/ASMTP if you so choose. Point is this, Relaying is a MTA/MUA thing and i see no use to using the extra process when you can use the internal ASMTP in postfix and be happy. I'm also quite aware that the SASLv2 patch works for sendmail. Thanks for my 10cents /10 cents Scott --On Monday, May 20, 2002 8:51 AM -0700 Ron Kuris [EMAIL PROTECTED] wrote: Hi, Yes, this is a better solution than my hack, although I wish it weren't a separate process. Ron On Sun, 2002-05-19 at 15:56, Henrique de Moraes Holschuh wrote: On Sun, 19 May 2002, Amos Gouaux wrote: Precisely why we use DRAC. rk My recent patch just updates access.db directly. No separate process is rk required. While a separate process is required for DRAC, the nice thing about it is that it will clear out entries after some configurable amount of time. And it will work on Murder clusters just as well, which made it suitable for default inclusion in Cyrus IMAPd for Debian, too. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh --- If Thyne Eyes Deceivee Thee, Pluck Them Out.
FYI: pop-before-smtp works with cyrus-imapd-2.1.4
I just wanted to let people know that the postfix addon software pop-before-smtp works seamlessly with cyrus-imapd-2.1.4 It's a great little script that checks the imapd log for valid pop3/imap logins and then writes the users IP to a hashed file that the smtpd daemon can check to validate a relay. Jeff
RE: FYI: pop-before-smtp works with cyrus-imapd-2.1.4
Drac, isn't too Linux Mandrake friendly: make chokes on missing header files: netdir.h netconfig.h (I have gnetconfig.h but not sure if that will work) sys/systeminfo.h (tried sys/sysinfo.h but make died saying too many arguments in function) and none of those header files exist in any of my rpm's that are available on the distribution disks. Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Amos Gouaux Sent: Sunday, May 19, 2002 2:40 PM To: [EMAIL PROTECTED] Subject: Re: FYI: pop-before-smtp works with cyrus-imapd-2.1.4 On 19 May 2002 14:38:52 -0700, Ron Kuris [EMAIL PROTECTED] (rk) writes: rk While this script works most of the time, it wasn't very reliable during rk log rollovers. Try continuously rolling over the log to reproduce the rk problem. Also, parsing log entries takes a lot more CPU than the patch rk I provided recently. Precisely why we use DRAC. rk My recent patch just updates access.db directly. No separate process is rk required. While a separate process is required for DRAC, the nice thing about it is that it will clear out entries after some configurable amount of time. -- Amos
RE: FYI: pop-before-smtp works with cyrus-imapd-2.1.4
oops, forgot to set a flag, my bad. jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jeff Bert Sent: Sunday, May 19, 2002 7:22 PM To: Amos Gouaux; [EMAIL PROTECTED] Subject: RE: FYI: pop-before-smtp works with cyrus-imapd-2.1.4 Drac, isn't too Linux Mandrake friendly: make chokes on missing header files: netdir.h netconfig.h (I have gnetconfig.h but not sure if that will work) sys/systeminfo.h (tried sys/sysinfo.h but make died saying too many arguments in function) and none of those header files exist in any of my rpm's that are available on the distribution disks. Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Amos Gouaux Sent: Sunday, May 19, 2002 2:40 PM To: [EMAIL PROTECTED] Subject: Re: FYI: pop-before-smtp works with cyrus-imapd-2.1.4 On 19 May 2002 14:38:52 -0700, Ron Kuris [EMAIL PROTECTED] (rk) writes: rk While this script works most of the time, it wasn't very reliable during rk log rollovers. Try continuously rolling over the log to reproduce the rk problem. Also, parsing log entries takes a lot more CPU than the patch rk I provided recently. Precisely why we use DRAC. rk My recent patch just updates access.db directly. No separate process is rk required. While a separate process is required for DRAC, the nice thing about it is that it will clear out entries after some configurable amount of time. -- Amos
RE: does cvt_cyrusdb work? is it normal to have DBERRORS db3: x lockers messages?
Luca Olivetti wrote:
Is that example configuration not good?
Dunno for sure. I tend to change something and test... change and test...
change and test... but I didn't write everything down so I have to admit I'm
not sure how I got rid of those db3 errors... I had them too but don't
now... it might be how I compiled postfix that solved it:
# make -f Makefile.init makefiles \
CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include \
-DHAS_DB -I/usr/include/db3 \
AUXLIBS=-L/usr/local/mysql/lib -lmysqlclient -lz -lm \
-L/usr/lib -ldb-3.3
And then installed cyrus-sasl and cyrus-imapd.
When I first installed the cyrus rpms I got those db errors also and then
starting messing with stuff and finally got rid of them. Maybe
it was the postfix compile.
As you know I'm not anywhere near an expert... I just trying to relate my
experience. Since we use similar systems in Linux-Mandrake I thought that
mine might shed some light on yours.
Jeff
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd=ctl_cyrusdb -r
mboxlist cmd=ctl_mboxlist -r
deliver cmd=ctl_deliver -r
according to the manpage ctl_mboxlist and ctl_deliver don't have an -r
option now, this functionality is included in ctl_cyrusdb.
[]
yes, when you run the command it says it's depricated but if you are logging
via 'local6.debug' for cyrus you'll see that the ctl_mboxlist does run and
completes.
EVENTS {
# this is required
# checkpoint cmd=ctl_cyrusdb -c period=30
checkpoint cmd=ctl_mboxlist -c period=30
ctl_mboxlist doesn't have a -c option now. Its functionality is in
ctl_cyrusdb.
same as above, you get a report that it's depricated but it runs and reports
in the log file but, I'm going to put my cyrus.conf back to using the
ctl_cyrusdb for both STARTUP and EVENTS and see if I have any problems.
RE: does cvt_cyrusdb work? is it normal to have DBERRORS db3: x lockers messages?
Luca,
When I built the cyrus-sasl-2.1.2 rpm from your source files I noticed that
the make output never had a -I/usr/include/db3 which is where the
include files for BerkeleyDB3.3 are stored from the Mandrake RPM's.
I added a CPPFLAGS=-I/usr/include/db3 in the cyrus-sasl.spec file before
compiling... but not sure if it made a differece because:
Also, I modified the cyrus.conf file to be more like the older version
instead of the newer ones... here's mine... not sure which solved the
problem, the .spec file mod or the .conf file mod:
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd=ctl_cyrusdb -r
mboxlist cmd=ctl_mboxlist -r
deliver cmd=ctl_deliver -r
}
# UNIX sockets start with a slash and are put into /var/lib/imap/sockets
SERVICES {
# add or remove based on preferences
imap cmd=imapd listen=imap prefork=5
imaps cmd=imapd -s listen=imaps prefork=1
pop3 cmd=pop3d listen=pop3 prefork=3
pop3s cmd=pop3d -s listen=pop3s prefork=1
sieve cmd=timsieved listen=sieve prefork=0
# at least one LMTP is required for delivery
lmtpunix cmd=lmtpd listen=/var/lib/imap/socket/lmtp prefork=1
}
EVENTS {
# this is required
# checkpoint cmd=ctl_cyrusdb -c period=30
checkpoint cmd=ctl_mboxlist -c period=30
# this is only necessary if using duplicate delivery suppression
delprune cmd=ctl_deliver -E 3 period=1440
# this is only necessary if caching TLS sessions
tlsprune cmd=tls_prune period=1440
}
Jeff
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Luca Olivetti
Sent: Thursday, May 16, 2002 1:48 PM
To: [EMAIL PROTECTED]
Subject: does cvt_cyrusdb work? is it normal to have DBERRORS db3: x
lockers messages?
Hi,
in an attempt to see if it solved the mozilla unseen problem (see
http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cy
rusmsg=13859)
I compiled cyrus with db3 as the seen db. I quickly went back to flat
because I saw much more DBERRORS db3: x lockers than normal (btw, is
it normal to see these messages?).
Anyway, before using the new imapd, I converted the seen db for myself
(/var/lib/imap/user/l/luca.seen) with cvt_cyrusdb, but *all* messages
appeared as unseen.
Is cvt_cyrusdb supposed to work for the seen.db?
TIA
--
Luca Olivetti
RE: TLS error? cyrus-imapd-2.1.4
If you look in the Archive thru whatever web mailing list you wish, there was someone who had mentioned using openssl how to create the CA, the key, and cert. Look it up, it'd be worth your time. No thanks, I wasn't asking for a HOWTO but for others' experiences. I had already read the cyrus-imapd documentation and it only recommends using: tls_cert_file: /var/imap/cyrus-imapd.pem tls_key_file: /var/imap/cyrus-imapd.pem but I have found that if I add: tls_ca_file: /var/imap/cyrus-imapd.pem with the way I created the cert it works flawlessly. Jeff --On Tuesday, May 14, 2002 7:33 PM -0700 jeff bert [EMAIL PROTECTED] wrote: I've gotten cyrus-imapd-2.1.4 working with the unencrypted ports and have now moved to getting the secure ports working. I created a self-signed certificate using: [root@jabba imap]# openssl req -new -x509 -days 365 -nodes -config /usr/lib/ssl/openssl.cnf -out cyrus-imapd.pem -keyout cyrus-imapd.pem and entering the information. My imapd.conf file has: tls_cert_file: /var/imap/cyrus-imapd.pem tls_key_file: /var/imap/cyrus-imapd.pem And it seems to work but there is a delay of about 30 seconds when I connect for the first time in an email clients session in my imapd log file: May 14 19:20:33 jabba imap3d[2648]: TLS engine: cannot load CA data after that it works... Is this an error I need to be concerned about or is this just the result of self-siging the certificate? Thanks, Jeff Bert
RE: PAM Authentication
what's your /etc/imapd.conf set to for sasl_pwcheck_method?
what's your /etc/pam.d/imap set to?
we need to know those to help trouble shoot... but...
if in /etc/imapd.conf reads...
...
sasl_pwcheck_method: saslauthd
and your /etc/pam.d/imap is:
# begin
authrequired /lib/security/pam_stack.so service=system-auth
account required /lib/secruity/pam_stack.so service=system-auth
# end
then you can try this:
1) make dchait a valid user on your system via useradd and give
that user a password.
2) make sure saslauthd is running...
3) run:
[root] # imtest -m login -a dchait -u dchait -r hostname hostname
and that will test the shadow password checking...
4) run:
[root] # saslpasswd2 -c dchait
Password: password
Again (for verification): password
[root] # imtest -a dchait -u dchait -r hostname hostname
and you should be able to authenticate in both circumstances.
if you read the docs, the '-m login' bypasses the auth mechanism
and goes straight for the shadow passes (AFAICS)
Jeff
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of David Chait
Sent: Wednesday, May 15, 2002 9:37 PM
To: 'Michael Bacon'; 'Ken Murchison'
Cc: [EMAIL PROTECTED]
Subject: RE: PAM Authentication
May 15 20:41:43 bonmaildev saslauthd[19131]: AUTHFAIL: user=dchait
service=imap realm= [PAM auth error]
This is what I received using the saslauthd -a pam option (pam didn't
work at all). Any ideas? I can't seem to find a reference for this error
anywhere.
-Original Message-
From: Michael Bacon [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 15, 2002 6:08 PM
To: Ken Murchison; David Chait
Cc: [EMAIL PROTECTED]
Subject: Re: PAM Authentication
Or, if you're in 2.0,
sasl_pwcheck_method: pam
should work fine.
Michael
--On Wednesday, May 15, 2002 1:50 PM -0400 Ken Murchison
[EMAIL PROTECTED]
wrote:
What version of Cyrus? Assuming that you are using v2.1.x, set
sasl_pwcheck_method: saslauthd
and start saslauthd with the '-a pam' option.
David Chait wrote:
Greetings,
I am currently attempting to make Cyrus authenticate via a
PAM
library (like our Courier-IMAP system did), but have yet been
able to accomplish this. The following is my imapd.conf file and
cyrus.conf file. The MTA I am using is Postfix, but that seems to be
functional.
Cheers,
David
Imapd
configdirectory: /var/imap
partition-default: /home/mail
admins: root cyrus
# srvtab: /var/imap/srvtab
allowanonymouslogin: no
sasl_pwcheck_method: pwcheck
Cyrus
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd=ctl_cyrusdb -r
# this is only necessary if using idled for IMAP IDLE
# idledcmd=idled
}
# UNIX sockets start with a slash and are put into /var/imap/socket
SERVICES {
# add or remove based on preferences
imap cmd=imapd listen=imap prefork=0
imaps cmd=imapd -s listen=imaps prefork=0
# pop3 cmd=pop3d listen=pop3 prefork=0
# pop3scmd=pop3d -s listen=pop3s prefork=0
sieve cmd=timsieved listen=sieve prefork=0
# at least one LMTP is required for delivery
# lmtp cmd=lmtpd listen=lmtp prefork=0
lmtpunix cmd=lmtpd listen=/var/imap/socket/lmtp prefork=0
# this is only necessary if using notifications
# notify cmd=notifyd listen=/var/imap/socket/notify
# proto=udp
prefork=1
}
EVENTS {
# this is required
checkpointcmd=ctl_cyrusdb -c period=30
# this is only necessary if using duplicate delivery suppression
delprune cmd=ctl_deliver -E 3 period=1440
# this is only necessary if caching TLS sessions
tlsprune cmd=tls_prune period=1440
}
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
TLS error? cyrus-imapd-2.1.4
I've gotten cyrus-imapd-2.1.4 working with the unencrypted ports and have now moved to getting the secure ports working. I created a self-signed certificate using: [root@jabba imap]# openssl req -new -x509 -days 365 -nodes -config /usr/lib/ssl/openssl.cnf -out cyrus-imapd.pem -keyout cyrus-imapd.pem and entering the information. My imapd.conf file has: tls_cert_file: /var/imap/cyrus-imapd.pem tls_key_file: /var/imap/cyrus-imapd.pem And it seems to work but there is a delay of about 30 seconds when I connect for the first time in an email clients session in my imapd log file: May 14 19:20:33 jabba imap3d[2648]: TLS engine: cannot load CA data after that it works... Is this an error I need to be concerned about or is this just the result of self-siging the certificate? Thanks, Jeff Bert
RE: cyradm problem?... cyrus-imapd-2.1.4
jeff bert wrote:
So, is this a bug in my system or a feature of 2.1.4? Any
ideas? Or have
they actually implemented the man page's warning that Tcl short style
options may be done away with?
I fell for that too (first tried with -u and didn't work), but the
current manpage doesn't mention short style options at all, so I think
they're gone.
BTW, I'm preparing new rpms for cyrus-sasl, since the current one
doesn't install the manpages (or rather cyrus-sasl's make install
doesn't, is that normal?) and doesn't include the sasldb
conversion utility.
Bye
--
Luca Olivetti
Luca,
I've compiled your cyrus-sasl-2.1.2-2.src.rpm and installed it.
I didn't test imtest before I upgraded it but did afterwards and can't
authenticate.
if I type:
# cyradm --user cyrus -s my.host.com
it works but if I type:
# imtest -m login -u cyrus -a cyrus -r my.host.com my.host.com
It telnets into the imap server ok but won't authenticate (screen results):
# imtest -m login -u cyrus -a cyrus -r my.host.com my.host.com
C: C01 CAPABILITY
S: * OK my.host.com Cyrus IMAP4 v2.1.4 server ready
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=CRAM-MD5 X-NETSCAPE
S: C01 OK Completed
Password:
C: L01 LOGIN cyrus {6}
+ go ahead
C: omitted
L01 NO Login failed: authentication failure
Authentication failed. generic failure
Security strength factor: 0
# more /etc/pam.d/imap
#%PAM-1.0
auth required /lib/security/pam_stack.so service=system-auth
accountrequired /lib/security/pam_stack.so service=system-auth
#
#
# tail /var/log/saslauthd.log
May 13 10:22:56 jabba saslauthd[2787]: START: saslauthd 2.1.2
May 13 10:22:56 jabba saslauthd[2792]: master PID is: 2792
May 13 10:22:56 jabba saslauthd[2792]: daemon started, listening on
/var/lib/sasl2/mux
May 13 10:23:01 jabba saslauthd[2793]: DEBUG: auth_pam: pam_authenticate
failed: Authentication failure
May 13 10:23:01 jabba saslauthd[2793]: AUTHFAIL: user=cyrus service=imap
realm= [PAM auth error]
#
Do you get the same or similar results?
What does your /etc/pam.d/imap file look like?
Thanks,
Jeff
cyradm problem?... cyrus-imapd-2.1.4
I installed cyrus-imap-2.1.4 and have found a quirk that I don't know if it's a bug, change in feature or what. When I try to connect to the cyrus server via the command (same I successfully used in 2.0.15): # cyradm -u cyrus -s my.host.com it hangs up and won't connect... but if I run it with: # cyradm --user cyrus -s my.host.com Password: enter-pass my.host.com success. This install is on a totally fresh system on which I just re-installed Linux (heh, because I accidently typed rm -fr in the wrong terminal window a couple of days ago! luckily it's just the box i use for testing and evaluation so no biggie). Here's my details: Linux-Mandrake 8.1 (kernel 2.4.8) BerkeleyDB3.3 cyrus-imapd-2.1.4 (installed from Luca Olivetti's src.rpm) cyrus-sasl-2.1.2 (installed from Luca Olivetti's src.rpm) gcc-2.96 perl-5.601 So, is this a bug in my system or a feature of 2.1.4? Any ideas? Or have they actually implemented the man page's warning that Tcl short style options may be done away with? If they have done away with them, how does that affect the perl programming side? thanks, Jeff
saslauthd: /var/state/saslauthd: No such file or directory
After installing cyrus-imapd-2.1.4 and cyrus-sasl-2.1.2 and trying to start up saslauthd I get this error message: saslauthd: /var/state/saslauthd: No such file or directory so I created that directory manuall and don't get the error any longer but I was curious does this show a sympton that something is wrong in my compile? Everything went fine configuring, making and installing. Just curious. Thanks, Jeff
RE: saslauthd: /var/state/saslauthd: No such file or directory
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Simon Matter Sent: Tuesday, May 07, 2002 1:30 AM To: jeff bert Cc: [EMAIL PROTECTED] Subject: Re: saslauthd: /var/state/saslauthd: No such file or directory jeff bert schrieb: After installing cyrus-imapd-2.1.4 and cyrus-sasl-2.1.2 and trying to start up saslauthd I get this error message: saslauthd: /var/state/saslauthd: No such file or directory Hi, You really don't give us much info about your system. It seems your init script for saslauthd tried to write to /var/state directory which does no longer exist on many systems like newer linux systems. Simon Nope it's not the init script it's the binary... if I call it using: # /usr/sbin/saslauthd -a pam which gives that error. My configure/make sequence for cyrus-sasl-2.1.2: # ./configure \ --disable-anon \ --enable-plain \ --disable-krb4 \ --with-saslauthd \ --with-pam # make # make install # ln -s /usr/local/lib/sasl2 /usr/lib/sasl2 # /usr/sbin/saslauthd -a -pam saslauthd: /var/state/saslauthd: No such file or directory # mkdir /var/state/saslauthd # /usr/sbin/saslauthd -a pam # ll /var/state/saslauthd srwxrwxrwx 1 root root 0 May 7 00:06 mux= -rw--- 1 root root 0 May 7 00:06 mux.accept -rw--- 1 root root 0 May 7 00:06 mux.pid # I've realized that it's the --with-saslauthd option that puts this stuff in there and it's not a problem. Sorry to bother you all. Jeff
RE: New RPMs
does this version allow the admin to setup mailboxes in the hiersep manner like that patch to 2.0.15 so that you can store mailboxes as [EMAIL PROTECTED] ? and thanks for making them into RPM's. I had to do a bunch of voodoo to get the tarball cyrus-imap to install with my RPM installs of cyrus-sasl in cyrus-imap-2.0.15 Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Simon Matter Sent: Monday, May 06, 2002 12:10 AM To: info-cyrus Subject: New RPMs I have upgraded my Cyrus RPMs to cyrus-imapd-2.1.4 / cyrus-sasl-2.1.2. The binary packages have been compiled on RedHat 7.2. For those interested, here are the links: http://home.teleport.ch/simix/Cyrus-sasl/ http://home.teleport.ch/simix/Cyrus-imapd/ Simon
RE: New RPMs
I've gotten 5 copies of this same email... am I the only one who got this many? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Simon Matter Sent: Monday, May 06, 2002 12:10 AM To: info-cyrus Subject: New RPMs I have upgraded my Cyrus RPMs to cyrus-imapd-2.1.4 / cyrus-sasl-2.1.2. The binary packages have been compiled on RedHat 7.2. For those interested, here are the links: http://home.teleport.ch/simix/Cyrus-sasl/ http://home.teleport.ch/simix/Cyrus-imapd/ Simon
RE: New RPMs
I'm trying to install this and it's saying that to files are required: libcrypto.so.2 libssl.so.2 but openssl is only up to verion 0.96d so is this just a linked name to libssl.so.0 ? Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Simon Matter Sent: Monday, May 06, 2002 12:10 AM To: info-cyrus Subject: New RPMs I have upgraded my Cyrus RPMs to cyrus-imapd-2.1.4 / cyrus-sasl-2.1.2. The binary packages have been compiled on RedHat 7.2. For those interested, here are the links: http://home.teleport.ch/simix/Cyrus-sasl/ http://home.teleport.ch/simix/Cyrus-imapd/ Simon
RE: New RPMs
Simon wrote: Did you install on RedHat 7.2? If yes, make sure you have current updates installed, if no, I don't know. No I use Linux Mandrake 8.1 This is what I have installed: [root@dhcp-141-104 SRPMS]# rpm -qa | grep cyrus cyrus-imapd-devel-2.1.4-1 cyrus-sasl-md5-2.1.2-1 cyrus-imapd-2.1.4-1 cyrus-imapd-utils-2.1.4-1 cyrus-sasl-devel-2.1.2-1 cyrus-sasl-plain-2.1.2-1 cyrus-sasl-2.1.2-1 [root@dhcp-141-104 SRPMS]# rpm -qa | grep openssl openssl-devel-0.9.6b-8 openssl-0.9.6b-8 would you please run: # rpm -qa --filesbypkg | grep libssl.so.2 # rpm -qa --filesbypkg | grep libcrypto.so.2 and tell me what is shows? that would tell me what package(s) contain those files. Thanks, Jeff
RE: outlook and closed connections
All I can add is that I saw this behaviour with Outlook 2000 and cyrus versions 2.0.15 and 2.0.16. I then changed all accounts to POP accounts since no one was really using the IMAP features and if they wanted their msgs stored all they had to do was unset delete messages on server after downloading. Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Justin Wood Sent: Monday, April 22, 2002 3:01 PM To: [EMAIL PROTECTED] Subject: outlook and closed connections We have some users here using Outlook2000. They are having problems with Outlook closing connections to the cyrus server and going into offline mode. The error they see is: Your IMAP server has closed the connection. This may occur if you have left the connection idle for too long. I'm using cyrus-imapd-2.1.3 on FreeBSD-4.5-RELEASE. Has anyone else seen this behavior, and have you found a fix for it? I'm guessing that it's just a 'feature' of Outlook, but I can still hope. -Justin. -- -- Justin Wood [EMAIL PROTECTED] Systems Administrator FlipDog.com http://www.flipdog.com/ --
RE: Cyrus IMSP / ACAP
Disregard, I read the manual and now understand these. Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jeff Bert Sent: Friday, March 08, 2002 9:17 PM To: [EMAIL PROTECTED] Subject: Cyrus IMSP / ACAP what does these do and are either req'd for cyrus-imapd-2.0.16 ? Jeff
RE: adding users via script
Birger, the script worked after I changed the method of how I installed the Cyrus IMAP server. Sadly, I was only able to connect to it once and after that locked out. Dunno what to do other than start a new thread. Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Birger Toedtmann Sent: Saturday, March 09, 2002 6:27 AM To: Jeff Bert Cc: [EMAIL PROTECTED] Subject: Re: adding users via script Jeff Bert schrieb am Fri, Mar 08, 2002 at 11:04:43AM -0800: Thanks all but it looks like the perl stuff is somewhat broken, cyradm works from the command line but everytime I run any of the scripts I've been sent I get this error: Use of uninitialized value in subroutine entry at /usr/lib/perl5/site_perl/5.6.1/i386-linux/Cyrus/IMAP/Admin.pm line 78. One thing to note, when I compiled and installed cyrus-imapd-2.0.16 the perl modules Cyrus:IMAP ended up in /usr/local/lib/ but my perl is /usr/lib/perl5/... and cyradm didn't work until I copied the Cyrus folder with IMAP.pm etc. over to my perl install. so after I manually moved the modules then i could get cyradm to work. but the perl scripts trying to access the Cyrus::IMAP modules don't seem to. Are you sure? The Use of uninitialized value in subroutine entry is just a warning and may (!) not say anything about the work done by the script. Did you try to add a user and have a look at the cyrus structures afterwards? Regards, Birger
RE: sasldb odd location (non-html)
Disregard this. I used the HOW-TO at http://dudle.linuxroot.org/docs/postfix_cyrus/ and used all the tarballs so now my sasldb is in the /etc/ folder. thanks. Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jeff Bert Sent: Saturday, March 09, 2002 5:49 PM To: [EMAIL PROTECTED] Subject: sasldb odd location (non-html) my sasldb is called sasl.db and installed into /var/lib/sasl/ is there something I need to set for cyradm to see this? I've been having problems with cyradm connecting to the server and it never asks me for a password even tho' my mail admin is in the sasl db. i set it up like this: #./configure --without-notify --with-auth=unix --with-perl=/usr/bin/perl --disable-sieve and no compile errors noted. #cyradm -u admin localhost hangs for awhile then : #cyradm: cannont connect to server is returned and #cyradm -u admin my.own.box (the boxes host name) returns cyradm: cannot connect to server immediately. #sasldblistusers user: admin realm: my.own.box mech: PLAIN any ideas to help me? I really like Cyrus and want to get it up and running. Thanks, Jeff
RE: adding users via script
Ok, i figured this out, i'm such a bonehead!!! The big problem was that I had commented out the non-TLS pop and imap lines in cyrus.conf. when I do that and don't specify a working port it gets a connection refused. DOH! now that I know what has been going on. I was thinking this was an install problem (as I kept using my first cyrus.conf that I editted and never copied over it) and re-installed cyrus about 20 times. too d*** funny... i guess i deserver that pain but now i've learned. phew! your script works fine. thanks! Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jeff Bert Sent: Sunday, March 10, 2002 4:39 AM To: [EMAIL PROTECTED] Subject: RE: adding users via script Birger, the script worked after I changed the method of how I installed the Cyrus IMAP server. Sadly, I was only able to connect to it once and after that locked out. Dunno what to do other than start a new thread. Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Birger Toedtmann Sent: Saturday, March 09, 2002 6:27 AM To: Jeff Bert Cc: [EMAIL PROTECTED] Subject: Re: adding users via script Jeff Bert schrieb am Fri, Mar 08, 2002 at 11:04:43AM -0800: Thanks all but it looks like the perl stuff is somewhat broken, cyradm works from the command line but everytime I run any of the scripts I've been sent I get this error: Use of uninitialized value in subroutine entry at /usr/lib/perl5/site_perl/5.6.1/i386-linux/Cyrus/IMAP/Admin.pm line 78. One thing to note, when I compiled and installed cyrus-imapd-2.0.16 the perl modules Cyrus:IMAP ended up in /usr/local/lib/ but my perl is /usr/lib/perl5/... and cyradm didn't work until I copied the Cyrus folder with IMAP.pm etc. over to my perl install. so after I manually moved the modules then i could get cyradm to work. but the perl scripts trying to access the Cyrus::IMAP modules don't seem to. Are you sure? The Use of uninitialized value in subroutine entry is just a warning and may (!) not say anything about the work done by the script. Did you try to add a user and have a look at the cyrus structures afterwards? Regards, Birger
RE: cyrs-imapd HIERSEP?
thanks, yeah that was the link, the oceana ftp site. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ken Murchison Sent: Sunday, March 10, 2002 5:45 PM To: [EMAIL PROTECTED] Subject: Re: cyrs-imapd HIERSEP? Quoting Jeff Bert [EMAIL PROTECTED]: can anyone point me to where i can d/l this? the link on the howto page at http://dudle.linuxroot.org/docs/postfix_cyrus/ is broken. If you mean the link to oceana.com, I purposely removed the altnamespace and hiersep distros because we (CMU and I) are trying to push people towards v2.1. I also believe that there were a few bugs that I fixed after the last 2.0.15-hiersep beta release. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
sasldb odd location
my sasldb is called sasl.db and installed into /var/lib/sasl/ is there something I need to set for cyradm to see this? I've been having problems with cyradm connecting to the server and it never asks me for a password even tho' my mail admin is in the sasl db. i set it up like this: #./configure --without-notify --with-auth=unix --with-perl=/usr/bin/perl --disable-sieve and no compile errors noted. #cyradm -u admin localhost hangs for awhile then : #cyradm: cannont connect to server is returned and #cyradm -u admin my.own.box (the boxes host name) returns cyradm: cannot connect to server immediately. #sasldblistusers user: admin realm: my.own.box mech: PLAIN any ideas to help me? I really like Cyrus and want to get it up and running. Thanks, Jeff
sasldb odd location (non-html)
my sasldb is called sasl.db and installed into /var/lib/sasl/ is there something I need to set for cyradm to see this? I've been having problems with cyradm connecting to the server and it never asks me for a password even tho' my mail admin is in the sasl db. i set it up like this: #./configure --without-notify --with-auth=unix --with-perl=/usr/bin/perl --disable-sieve and no compile errors noted. #cyradm -u admin localhost hangs for awhile then : #cyradm: cannont connect to server is returned and #cyradm -u admin my.own.box (the boxes host name) returns cyradm: cannot connect to server immediately. #sasldblistusers user: admin realm: my.own.box mech: PLAIN any ideas to help me? I really like Cyrus and want to get it up and running. Thanks, Jeff
RE: starting cyrus at boot?
Sure, I have: Linux Mandrake 8.1, kernel 2.4.8 I installed cyrus-imapd-2.0.16 from the tarball that I downloaded from the cyrus site. Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, March 08, 2002 12:56 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: starting cyrus at boot? Hi, Please give us some more info, did you - install from source? - on what os? - what cyrus version? Tarjei Jeff Bert wrote: I know this is a newbie question but with all I had to do to get cyrus installed my brain hurts... what's a good way to get cyrus started at boot? thanks, Jeff
RE: starting cyrus at boot?
Tried that and didn't find one for cyrus-imapd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Alain Tesio Sent: Friday, March 08, 2002 1:34 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: starting cyrus at boot? On Fri, 8 Mar 2002 01:03:01 -0800 Jeff Bert [EMAIL PROTECTED] wrote: Sure, I have: Linux Mandrake 8.1, kernel 2.4.8 I installed cyrus-imapd-2.0.16 from the tarball that I downloaded from the cyrus site. Jeff Go to rpmfind.net, download a rpm package for mandrake and install it, it should be easier. Alain
RE: adding users via script
Thanks all but it looks like the perl stuff is somewhat broken, cyradm works
from the command line but everytime I run any of the scripts I've been sent
I get this error:
Use of uninitialized value in subroutine entry at
/usr/lib/perl5/site_perl/5.6.1/i386-linux/Cyrus/IMAP/Admin.pm line 78.
One thing to note, when I compiled and installed cyrus-imapd-2.0.16 the perl
modules Cyrus:IMAP ended up in /usr/local/lib/ but my perl is
/usr/lib/perl5/... and cyradm didn't work until I copied the Cyrus folder
with IMAP.pm etc. over to my perl install.
so after I manually moved the modules then i could get cyradm to work. but
the perl scripts trying to access the Cyrus::IMAP modules don't seem to.
Jeff
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Steven M
Bloomfield
Sent: Friday, March 08, 2002 8:49 AM
To: Birger Toedtmann; Jeff Bert
Cc: [EMAIL PROTECTED]
Subject: Re: adding users via script
here's something really simple i threw together, hope it helps.
#!/usr/local/bin/perl -w
# Really simple create mailbox script
# by Steven Bloomfield - [EMAIL PROTECTED]
#
# This script only creates a new mailbox, I use MySQL for authentication
# to execute from command line
# perl /path/to/adduser.pl username
# to execute within a PHP script
# ?exec (perl /path/to/adduser.pl .$login);?
# I used $login as a variable passed from a form
# To see this script in action visit http://mail.manchester.com
# Thanks to david eitzinger for help with authenticating
pam-mysql database
use Cyrus::IMAP::Admin;
# hostname of IMAP server
$server = localhost;
# user and password for cyradm
$user = cyrususername;
$pass = cyruspassword;
# Authenticate
my $cyrus = Cyrus::IMAP::Admin-new($server);
$cyrus-authenticate(-mechanism = 'login', -user = $user, -password =
$pass);
die $cyrus-error if $cyrus-error;
$adduser = $ARGV[0];
$quota = 2000;
my $mbox = 'user.' . $adduser;
# Create the account
print STDERR Creating $mbox on \n if $debug;
$cyrus-createmailbox($mbox);
warn $cyrus-error if $cyrus-error;
# Set the quota
if ($quota)
{
print STDERR Setting quota for $mbox to $quota\n if $debug;
$cyrus-setquota($mbox, 'STORAGE', $quota);
warn $cyrus-error if $cyrus-error;
}
- Original Message -
From: Birger Toedtmann [EMAIL PROTECTED]
To: Jeff Bert [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Friday, March 08, 2002 4:30 PM
Subject: Re: adding users via script
Jeff Bert schrieb am Fri, Mar 08, 2002 at 08:02:44AM -0800:
I'm trying to find a script that will allow me to add users via a single
command line entry.
I found imapcreate.pl at sourceforge but it seems to choke on
every call
to the Cyrus::IMAP libraries.
Has anyone done something like this or modified this perl
script to work?
I had this tiny one for testing, maybe you find it useful (but is perl as
well and uses Cyrus::IMAP, so if they are broken, you're lost)
Regards,
Birger
RE: starting cyrus at boot?
Thankyou kind sir. Works great!
regards,
Jeff
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Darin
Perusich
Sent: Friday, March 08, 2002 5:52 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: starting cyrus at boot?
here's a script i use for starting/stopping/restart cyrus on my redhat
server.
copy and paste this into a file in /etc/init.d or /etc/rc.d/init.d
depending on you system, call the file cyrus or whatever makes you
happy.
chown root.root /etc/init.d/cyrus
chmod u+x /etc/init.d/cyrus
cd /etc/rc3.d
ln -s ../init.d/cyrus S99cyrus
ln -s ../init.d/cyrus K99cyrus
you might need to modify some of the path names if you've installed
cyrus outside of the default locations. if you where running this on a
solaris 7 or 8 system you could use /usr/bin/pkill instead of
/usr/bin/killall and you'd want to place the rc script in /etc/rc2.d
instead of rc3.d.
enjoy
--BEGIN COPY--
#!/bin/sh
#
# Start/Shut for cyrus master server process
#
case $1 in
'start')
if [ -f /etc/cyrus.conf ] ; then
echo Starting Cyrus Master Process
/usr/cyrus/bin/master 1 /dev/console 21
fi
;;
'stop')
echo Shutting down Cyrus Master Process
/usr/bin/killall master 1/dev/console 21
;;
'restart')
echo Restarting Cyrus Master Process
/usr/bin/killall -HUP master 1/dev/console 21
;;
*)
echo Usage: $0 { start | restart | stop }
;;
esac
exit 0
--END COPY--
Jeff Bert wrote:
I know this is a newbie question but with all I had to do to get cyrus
installed my brain hurts... what's a good way to get cyrus
started at boot?
thanks,
Jeff
--
Darin Perusich
Unix Systems Administrator
Cognigen Corp.
[EMAIL PROTECTED]
Cyrus IMSP / ACAP
what does these do and are either req'd for cyrus-imapd-2.0.16 ? Jeff
cyrus and SSL/stunnel
I'm trying to get cyrus secured via SSL using stunnel and haven't been
successful yet... this is what I've tried:
editted cyrus.conf:
SERVICES {
...
...
pop3cmd=/usr/sbin/stunnel -p /etc/stunnel/stunnel.pem -l pop3d
listen=pop3 prefork=0
...
...
}
is anything like this possible? i need it secured via SSL for Windoze users.
Jeff
RE: cyrus and SSL/stunnel
darnit, now you've got my curiosity peeked again ;)
my man imapd.conf has no information about the tls_key_file
stuff.
any recommendations on type of cert/key to make? RSA?
Jeff
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Amos Gouaux
Sent: Thursday, March 07, 2002 10:13 PM
To: [EMAIL PROTECTED]
Subject: Re: cyrus and SSL/stunnel
On Thu, 7 Mar 2002 21:40:50 -0800,
Jeff Bert [EMAIL PROTECTED] (jb) writes:
jb I'm trying to get cyrus secured via SSL using stunnel and haven't been
jb successful yet... this is what I've tried:
jb editted cyrus.conf:
jb SERVICES {
jb ...
jb ...
jb pop3 cmd=/usr/sbin/stunnel -p
/etc/stunnel/stunnel.pem -l pop3d
jb listen=pop3 prefork=0
jb ...
jb ...
jb }
jb is anything like this possible? i need it secured via SSL for
Windoze users.
You're working too hard. You can provide SSL (TLS) alternatives
like this:
SERVICES {
...
imaps cmd=imapd -s listen=imaps prefork=0
...
pop3s cmd=pop3d -s listen=pop3s prefork=0
...
}
Then tell Cyrus where to find the certs using the imapd.conf
settings tls_key_file, tls_cert_file, tls_ca_path, and tls_ca_file.
See imapd.conf(5) for more info. Oh, and don't forget to list the
ports in /etc/services:
imaps 993/tcp # imap via ssl
pop3s 995/tcp # pop via ssl
--
Amos
starting cyrus at boot?
I know this is a newbie question but with all I had to do to get cyrus installed my brain hurts... what's a good way to get cyrus started at boot? thanks, Jeff
RE: cyrus and SSL/stunnel
Thanks, I got it to work finally, created the cert via: openssl req -new -x509 -days 365 -nodes -config /usr/lib/ssl/openssl.cnf \ -out /usr/cyrus/cyrus.pem -keyout /usr/cyrus/cyrus.pem then added these lines to my imapd.conf file: tls_ca_path: /usr/cyrus tls_ca_file: /usr/cyrus/cyrus.pem tls_cert_file: /usr/cyrus/cyrus.pem tls_key_file: /usr/cyrus/cyrus.pem and boom, it's working this way... now i have another question but I'll put that in another topic.. thanks all, good group here Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Thursday, March 07, 2002 11:14 PM To: [EMAIL PROTECTED] Subject: RE: cyrus and SSL/stunnel On Thu, 7 Mar 2002, Jeff Bert wrote: darnit, now you've got my curiosity peeked again ;) my man imapd.conf has no information about the tls_key_file stuff. any recommendations on type of cert/key to make? RSA? Have a short look on the file install-configure.html of the doc-Directory in your Cyrus-Source-Directory. There is a short paragraph about Cyrus with TLS/SSL - how to create the Certs and how to configure. HTH Marko D. -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net
