imtest -u user not what I think it is?

2009-07-22 Thread Jeff Blaine
Why is 'cyrus' not being used as the user below?

bin:imap ./imtest -u cyrus -v -m login
WARNING: no hostname supplied, assuming localhost

S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=PLAIN 
SASL-IR] imap.foo.com Cyrus IMAP v2.x server ready
Please enter your password:
C: L01 LOGIN jblaine {8}  -
S: + go ahead
C: omitted
S: L01 NO Login failed: generic failure
Authentication failed. generic failure
Security strength factor: 0
^CC: Q01 LOGOUT
Connection closed.
bin:imap sudo ./imtest -u cyrus -v -m login
WARNING: no hostname supplied, assuming localhost

S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=PLAIN 
SASL-IR] imap.foo.com Cyrus IMAP v2.x server ready
Please enter your password:
C: L01 LOGIN root {8}  
S: + go ahead
C: omitted
S: L01 NO Login failed: generic failure
Authentication failed. generic failure
Security strength factor: 0
^CC: Q01 LOGOUT
Connection closed.

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Re: imtest -u user not what I think it is?

2009-07-22 Thread Jeff Blaine
Nevermind.  I get it now.

Is there a known problem with @ in IMAP passwords?

Jeff Blaine wrote:
 Why is 'cyrus' not being used as the user below?
 
 bin:imap ./imtest -u cyrus -v -m login
 WARNING: no hostname supplied, assuming localhost
 
 S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=PLAIN 
 SASL-IR] imap.foo.com Cyrus IMAP v2.x server ready
 Please enter your password:
 C: L01 LOGIN jblaine {8}  -
 S: + go ahead
 C: omitted
 S: L01 NO Login failed: generic failure
 Authentication failed. generic failure
 Security strength factor: 0
 ^CC: Q01 LOGOUT
 Connection closed.
 bin:imap sudo ./imtest -u cyrus -v -m login
 WARNING: no hostname supplied, assuming localhost
 
 S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=PLAIN 
 SASL-IR] imap.foo.com Cyrus IMAP v2.x server ready
 Please enter your password:
 C: L01 LOGIN root {8}  
 S: + go ahead
 C: omitted
 S: L01 NO Login failed: generic failure
 Authentication failed. generic failure
 Security strength factor: 0
 ^CC: Q01 LOGOUT
 Connection closed.
 
 Cyrus Home Page: http://cyrusimap.web.cmu.edu/
 Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
 List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
 

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Re: Weekly/Monthly record-keeping / maintenance?

2009-04-06 Thread Jeff Blaine
I lied, quoting works when you use the right quotes.

Double quotes, not single.

my ($rc, $msg) = $cyrus-send('', '', EXAMINE $mb);

should become

my ($rc, $msg) = $cyrus-send('', '', EXAMINE \$mb\);

... for a better imapdu.pl

Jeff Blaine wrote:
 I tried both
 
 a) escaping spaces in $mb
 b) quoting $mb
 
 Neither worked.
 
 That's about as far as I delve into Perl anymore, so
 I'm happy to just retract my note to our users about
 this tool.
 
 Bron Gondwana wrote:
 On Thu, Apr 02, 2009 at 10:42:23AM -0400, Jeff Blaine wrote:
 Okay, well, for what it's worth, I fixed all of the
 problems prohibiting me from running a quota -f
 to completion.

 The problem: imapdu.pl is buggy

 Doh.

 It fails to do the right thing with mailboxes containing
 a space in the name.

 Yeah, that's not entirely a surprise.  Spaces in names
 confuse lots of stuff.

 ...
 1.46 MB 114 msgs INBOX.BMP
 1.46 MB 114 msgs INBOX.Bio Stuff
 0.00 bytes 0 msgs INBOX.Drafts
 1.25 MB 36 msgs INBOX.HLT
 1.25 MB 36 msgs INBOX.Information Retrieval
 ...

 # $Id: imapdu.pl,v 1.9 2008/04/04 12:47:14 murch Exp $

 I don't suppose 'murch', the author of the code reads
 this list?

 Yeah, he's around, though he doesn't always see stuff as quickly
 if it's only sent to the list.  I've CC'd him.

 That said, he's likely not the author - just the last person that
 changed things.  Given that he did a giant sweeping copyright
 update of nearly every file in the tree a couple of months ago...

   my ($rc, $msg) = $cyrus-send('', '', EXAMINE $mb);
   if ($rc eq 'OK') {
   } else {
   print failed: $mb: $msg\n;
   }

 Apart from being icky perl, that will fail to change mailboxes
 because the EXAMINE command will have dodgy syntax.  I'm not
 entirely sure why you're not seeing the 'failed' messages
 though...  The $mb needs to be at least quoted - which is
 why I generally use something like Mail::IMAPTalk that can
 do correct protocol quoting.

 Ahh - it probably does output the failed stuff further up.
  
 Bron.

 

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Re: Weekly/Monthly record-keeping / maintenance?

2009-04-02 Thread Jeff Blaine
Okay, well, for what it's worth, I fixed all of the
problems prohibiting me from running a quota -f
to completion.

The problem: imapdu.pl is buggy

It fails to do the right thing with mailboxes containing
a space in the name.

...
1.46 MB 114 msgs INBOX.BMP
1.46 MB 114 msgs INBOX.Bio Stuff
0.00 bytes 0 msgs INBOX.Drafts
1.25 MB 36 msgs INBOX.HLT
1.25 MB 36 msgs INBOX.Information Retrieval
...

# $Id: imapdu.pl,v 1.9 2008/04/04 12:47:14 murch Exp $

I don't suppose 'murch', the author of the code reads
this list?

Jeff Blaine wrote:
 Well, hmm...
 
 % sudo -u cyrus /local/mail/cyrus/bin/quota -f
 user.ahe: usage was 148771194, now 148756681
 ...
 user.william: usage was 107244707, now 107116597
 failed opening header for mailbox 'user.jay': System I/O error: %m
 failed building quota list for '*': System I/O error: %m
 
 Apr  1 15:56:12 our.host.org quota[9819]: [ID 136705 local6.error] 
 IOERROR: opening /var/spool/imap/user/jay/cyrus.header: No such file or 
 directory
 Apr  1 15:56:12 our.host.org quota[9819]: [ID 357877 local6.error] 
 failed opening header for mailbox 'user.jay': System I/O error: Bad file 
 number
 Apr  1 15:56:13 our.host.org quota[9819]: [ID 809228 local6.error] 
 failed building quota list for '*': System I/O error: Bad file number
 
 Wesley Craig wrote:
 On 31 Mar 2009, at 16:50, Jeff Blaine wrote:
 What I mean, is, for one example -- a user is currently
 reporting that 'FETCH' (via the imapdu command) is showing
 142 messages totalling 640KB in a folder that is actually
 completely empty on disk (except for cyrus.* files).
 Fetch doesn't examine the messages in the mailbox if it doesn't need 
 to.  Since you've reonstructed already, I wouldn't expect the seen DB is 
 the problem.  Probably the quota.  Try rebuilding it.

 :wes

 
 Cyrus Home Page: http://cyrusimap.web.cmu.edu/
 Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
 List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
 

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Re: Weekly/Monthly record-keeping / maintenance?

2009-04-01 Thread Jeff Blaine
 How about
 
 reconstruct -r -f user.hername

Nope.  FETCH/imapdu.pl reports 142 messages still.

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Re: Weekly/Monthly record-keeping / maintenance?

2009-04-01 Thread Jeff Blaine
Well, hmm...

% sudo -u cyrus /local/mail/cyrus/bin/quota -f
user.ahe: usage was 148771194, now 148756681
...
user.william: usage was 107244707, now 107116597
failed opening header for mailbox 'user.jay': System I/O error: %m
failed building quota list for '*': System I/O error: %m

Apr  1 15:56:12 our.host.org quota[9819]: [ID 136705 local6.error] 
IOERROR: opening /var/spool/imap/user/jay/cyrus.header: No such file or 
directory
Apr  1 15:56:12 our.host.org quota[9819]: [ID 357877 local6.error] 
failed opening header for mailbox 'user.jay': System I/O error: Bad file 
number
Apr  1 15:56:13 our.host.org quota[9819]: [ID 809228 local6.error] 
failed building quota list for '*': System I/O error: Bad file number

Wesley Craig wrote:
 On 31 Mar 2009, at 16:50, Jeff Blaine wrote:
 What I mean, is, for one example -- a user is currently
 reporting that 'FETCH' (via the imapdu command) is showing
 142 messages totalling 640KB in a folder that is actually
 completely empty on disk (except for cyrus.* files).
 
 Fetch doesn't examine the messages in the mailbox if it doesn't need 
 to.  Since you've reonstructed already, I wouldn't expect the seen DB is 
 the problem.  Probably the quota.  Try rebuilding it.
 
 :wes
 

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


'stage.' ???

2009-04-01 Thread Jeff Blaine
What's this all about?

imap:linus pwd
/var/spool/imap
imap:linus ls stage.
10014-1214461933-0  14035-1214433131-0  22926-1214436731-0 
3797-1214451132-0
10114-1214461933-0  14082-1214479931-0  22931-1214436731-0 
3802-1214451132-0
10119-1214461933-0  14084-1214419933-0  22936-1214436731-0 
3807-1214451132-0
10124-1214461934-0  14087-1214479931-0  23656-1214425930-0 
4047-1214429531-0
10129-1214461934-0  14092-1214479934-0  23704-1214425931-0 
4054-1214429531-0
10134-1214461934-0  14097-1214479934-0  2407-1214447531-0 
4060-1214429531-0
10139-1214461934-0  14102-1214479934-0  2474-1214447531-0 
4881-1214454731-0
10144-1214461935-0  14107-1214479934-0  2479-1214447531-0 
4948-1214454731-0
10149-1214461935-0  14112-1214479935-0  2484-1214447531-0 
4953-1214454731-0
10154-1214461935-0  14117-1214479935-0  2489-1214447531-0 
4958-1214454732-0
10359-104358857014123-1214479936-0  2494-1214447532-0 
4963-1214454732-0
1090-1214427292-0   14128-1214479936-0  27817-1214484256-0 
4968-1214454732-0
11435-1214472731-0  14133-1214479936-0  28549-1214485744-0 
4973-1214454733-0
11451-1214472731-0  15328-1214422330-0  28638-1214485728-0 
4978-1214454733-0
11456-1214472731-0  17973-1214465531-0  28931-1214486246-0 
4983-1214454733-0
11461-1214472732-0  18586-1214465531-0  29334-1214487131-0 
5871-1214458331-0
11466-1214472732-0  18605-1214465532-0  29402-1214487131-0 
6043-1214458331-0
11471-1214472732-0  18626-1214465532-0  29443-1214487131-0 
6048-1214458331-0
11476-1214472732-0  18637-1214465532-0  29482-1214487131-0 
6053-1214458331-0
11481-1214472733-0  18642-1214465533-0  29487-1214487132-0 
6058-1214458332-0
11486-1214472733-0  18653-1214465533-0  29492-1214487132-0 
6063-1214458332-0
11492-1214472733-0  18658-1214465533-0  29497-1214487132-0 
6068-1214458332-0
11497-1214472733-0  18663-1214465534-0  29502-1214487132-0 
6073-1214458332-0
1223-1214443931-0   18668-1214465534-0  29507-1214487133-0 
6078-1214458332-0
1228-1214443932-0   21077-1214482453-0  29512-1214487133-0 
6083-1214459200-0
12329-1214476331-0  21543-1214483531-0  29517-1214487133-0 
6855-1214469131-0
1233-1214443932-0   21605-1214483531-0  29522-1214487134-0 
6921-1214469131-0
1238-1214443932-0   21630-1214483531-0  29527-1214487134-0 
6926-1214469131-0
12662-1214476331-0  21635-1214483531-0  29532-1214487134-0 
6931-1214469132-0
12674-1214476331-0  21640-1214483532-0  29537-1214487135-0 
6936-1214469132-0
12679-1214476332-0  21645-1214483532-0  29542-1214487135-0 
6941-1214469132-0
12684-1214476332-0  21650-1214483532-0  29547-1214487135-0 
6946-1214469132-0
12689-1214476332-0  21655-1214483533-0  29850-1214440331-0 
6951-1214469132-0
12694-1214476333-0  21660-1214483533-0  3244-1214450204-0 
6956-1214469133-0
12699-1214476333-0  21665-1214483533-0  3442-1214450401-0 
6961-1214469133-0
12704-1214476333-0  21670-1214483533-0  3535-1214450979-0   704-1214443931-0
12709-1214476333-0  21675-1214483533-0  3685-1214429530-0   75-1214440331-0
12714-1214476333-0  21680-1214483534-0  3695-1214451131-0   772-1214426886-0
13446-1214478572-0  2201-1214447123-0   3772-1214451131-0 
7901-1214472209-0
13783-1214433131-0  22372-1214435402-0  3777-1214451131-0   80-1214440331-0
13966-1214479931-0  22736-1214425071-0  3782-1214451131-0 
8542-1231956337-0
14025-1214433131-0  22839-1214436731-0  3787-1214451131-0   86-1214440331-0
14030-1214433131-0  22921-1214436731-0  3792-1214451132-0   91-1214440332-0
imap:linus

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Weekly/Monthly record-keeping / maintenance?

2009-03-31 Thread Jeff Blaine
Every year or so, a user of ours reports a discrepancy
between on-disk usage for their spool compared to what
'FETCH' is reporting (as implemented via imapdu.pl)

Compact/Expunge via the client app buys nothing.

Clearly we are failing to do something as admins in order
to keep our Cyrus instance working up to snuff.

Can anyone shed some light on what we're doing wrong?

What are the regular maintenance tasks we should be
performing to keep everything working as precisely as
possible?

I found nothing useful in the Wiki regarding this topic.

# our imapd.conf with auth options censored
configdirectory:/var/imap
defaultpartition:   default
partition-default:  /var/spool/imap
unix_group_enable: 0
sieveusehomedir:true
autocreatequota:20
duplicate_db:   skiplist
annotation_db:  skiplist
mboxkey_db: skiplist
mboxlist_db: skiplist

# our cyrus.conf
START {
   recover   cmd=ctl_cyrusdb -r
}

SERVICES {
   imap  cmd=imapd listen=imap prefork=5 proto=tcp4
   imaps cmd=imapd -s listen=imaps prefork=1 proto=tcp4
   lmtpunix  cmd=lmtpd listen=/var/imap/socket/lmtp prefork=1
}

EVENTS {
   checkpointcmd=ctl_cyrusdb -c period=10
   delprune  cmd=cyr_expire -E 3 at=0400
   tlsprune  cmd=tls_prune at=0400
}

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Re: Weekly/Monthly record-keeping / maintenance?

2009-03-31 Thread Jeff Blaine
Andreas Winkelmann wrote:
 Am Dienstag 31 März 2009 18:09:32 schrieb Jeff Blaine:
 
 Every year or so, a user of ours reports a discrepancy
 between on-disk usage for their spool compared to what
 'FETCH' is reporting (as implemented via imapdu.pl)
 
 What means on-disk usage for spool ? 

What I mean, is, for one example -- a user is currently
reporting that 'FETCH' (via the imapdu command) is showing
142 messages totalling 640KB in a folder that is actually
completely empty on disk (except for cyrus.* files).

reconstruct -r user.hername did not change what is reported
via 'FETCH'.  It did update the cyrus.* files though.

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Scripting admin stuff?

2009-03-26 Thread Jeff Blaine
In 2000, I wrote a simple script that was fed to cyradm
to set all users quota to some value.

It appears today that the only option to do something like
this is to learn the Cyrus::* Perl modules.

Is that correct?

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Re: Scripting admin stuff?

2009-03-26 Thread Jeff Blaine
Thanks.  I shortened it to the following.  For those
using this, it needs to run as cyrus (or whatever your
cyrus user is).

#!/linus/mail/cyrus/bin/perl

$default_quota = 40;

use Cyrus::IMAP::Admin;
use Cyrus::IMAP;

my $client = Cyrus::IMAP::Admin-new(YOUR_SERVER,143);

$client-authenticate;

@mailboxes = $client-list('%', 'user.');

foreach $mbx ( @mailboxes ) {
 @m = @$mbx;

 $client-setquota($m[0],STORAGE,$default_quota);
}


Paul M Fleming wrote:
 Save you the work -- had to do the same thing myself.
 
 Modify as needed - for example, i use this with Kerberos auth so no 
 username / password is used.
 
 
 #!/usr/bin/perl
 
 use Cyrus::IMAP::Admin;
 use Cyrus::IMAP;
 $default_quota = 20;
 
 my $client = Cyrus::IMAP::Admin-new(server,143);
 $client-authenticate;
 @mailboxes = $client-list('%', 'user.');
 foreach $mbx ( @mailboxes )
 {
 
 @m = @$mbx;
 
 ($root, %quota) = $client-quotaroot($m[0]);
 
 $cur_usage = $quota{STORAGE}[0];
 $cur_quota = $quota{STORAGE}[1];
 
 if ( defined $cur_quota )
 {
 # quota defined
 if ( $cur_quota  $default_quota )
 {
 print $m[0] : below default increasing\n;
 $client-setquota($m[0],STORAGE,$default_quota);
 }
 if ( $cur_quota  $default_quota )
 {
 print $m[0] : over default: $cur_quota 
 ($cur_usage / $cur_quota)\n;
 }
 }
 else
 {
 print $m[0] : NO QUOTA $cur_usage\n;
 }
 
 
 
 }
 
 
 On 3/26/2009 11:03 AM, Jeff Blaine wrote:
 In 2000, I wrote a simple script that was fed to cyradm
 to set all users quota to some value.

 It appears today that the only option to do something like
 this is to learn the Cyrus::* Perl modules.

 Is that correct?
 
 Cyrus Home Page: http://cyrusimap.web.cmu.edu/
 Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
 List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
 

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Re: Expire (manually) TLS sessions?

2009-01-21 Thread Jeff Blaine
Sebastian Hagedorn wrote:
 Hi Jeff,
 
 --On 21. Januar 2009 11:19:31 -0500 Jeff Blaine jbla...@kickflop.net 
 wrote:
 
 Sorry for the delay -- I had my wedding and a brief
 mini-honeymoon to attend to ;)
 
 congrats!

Thanks :)

 How about Thunderbird using a password for authentication? Is that an
 option at all?

 I realize this is a little all over the road here,
 but bear with me as I am just trying to get something
 working at this point for our users who are now
 without secure IMAP :(

 With TLS selected in Thunderbird, I am given no
 choice but to select a client certificate.  See
 attached images.
 
 I wonder why that is. The only reason that comes to mind is that you 
 *have* a certificate. I don't and so I'm never asked to use it. So why 
 don't you try removing your certificate? Honestly, I would expect the 
 same to happen that happens when you use SSL, but you never know.

I'll try to do this and get back to you.

 Another user reports that GNU Emacs with the Gnus
 client works with SSL and port 993.  I've confirmed
 this in the log:

 Jan 21 11:11:03 imapsrv imaps[14170]: [ID 277583 local6.notice] login:
 jimbo-host.our.com [xx.xx.50.67] jimbo plaintext+TLS User logged in

 If I configure Thunderbird to do that (SSL via 993),
 I get the following:

 Jan 21 11:10:19 imapsrv imaps[14104]: [ID 636471 local6.notice] TLS
 server engine: cannot load CA data
 Jan 21 11:10:19 imapsrv imaps[14104]: [ID 286863 local6.notice]
 imapd:Loading hard-coded DH parameters
 Jan 21 11:10:19 imapsrv imaps[14104]: [ID 798856 local6.notice] imaps TLS
 negotiation failed: myclient.our.com
 Jan 21 11:10:19 imapsrv imaps[14104]: [ID 637875 local6.error] Fatal
 error: tls_start_servertls() failed
 
 I have no idea why that happens. I just tried it myself and got the 
 following in our log:
 
 Jan 21 18:17:48 lvr13 imaps[9855]: accepted connection
 Jan 21 18:17:48 lvr13 imaps[9855]: SSL_accept() incomplete - wait
 Jan 21 18:17:48 lvr13 imaps[9855]: SSL_accept() succeeded - done
 Jan 21 18:17:48 lvr13 imaps[9855]: starttls: TLSv1 with cipher 
 AES256-SHA (256/256 bits new) no authentication
 Jan 21 18:17:53 lvr13 imaps[9855]: login: [redacted] User logged in
 
 Could it be that your OpenSSL version or your certificate somehow don't 
 support features that Thunderbird requires? I'm really no expert, but I 
 know that client and server *negotiate* about these things. And the 
 error reads negotiation failed ...

FWIW, Thunderbird with SSL on port 993 pops up a box saying
incorrect Message authentication code.  I forgot to mention
that.

 If your server is accessible over the Internet, perhaps I could try 
 connecting to it with openssl s_client. That might tell us something. 
 You can try that as well, of course.

Obvious sanitizing below:

bash-2.05# /imapsrv/bin/openssl s_client -connect imapsrv:993
CONNECTED(0004)
depth=0 /O=our.com/OU=Servers/CN=imapsrv.our.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /O=our.com/OU=Servers/CN=imapsrv.our.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /O=our.com/OU=Servers/CN=imapsrv.our.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
  0 s:/O=our.com/OU=Servers/CN=imapsrv.our.com
i:/O=our.com/OU=Certificate Authority/CN=Our Corporation Primary CA-1
---
Server certificate
-BEGIN CERTIFICATE-
MIIDWzCCAkOgAwIBAgICKCQw--blah-blah...
blah...6nfEfM9VDXKFAQw1EpXU=
-END CERTIFICATE-
subject=/O=our.com/OU=Servers/CN=imapsrv.our.com
issuer=/O=our.com/OU=Certificate Authority/CN=Our Corporation Primary CA-1
---
No client certificate CA names sent
---
SSL handshake has read 1427 bytes and written 322 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
 Protocol  : TLSv1
 Cipher: DHE-RSA-AES256-SHA
 Session-ID: 7CFF7259D4E28002.8BC4F829E0C0FC90700
 Session-ID-ctx:
 Master-Key: 
FDA05F594004CE18421274490D4B93678C4.8DBD9610C89D
 Key-Arg   : None
 Start Time: 1232559254
 Timeout   : 300 (sec)
 Verify return code: 21 (unable to verify the first certificate)
---
* OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN SASL-IR] 
imapsrv.our.com Cyrus IMAP v2.3.13 server ready


Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Re: Expire (manually) TLS sessions?

2009-01-21 Thread Jeff Blaine
I raised syslog info to local6.debug and the TLS session with
Thunderbird and NO certs shows this:

Jan 21 12:59:10 imapsrv imap[1518]: [ID 636471 local6.notice] TLS server 
engine: cannot load CA data
Jan 21 12:59:10 imapsrv imap[1518]: [ID 286863 local6.notice] 
imapd:Loading hard-coded DH parameters
Jan 21 12:59:10 imapsrv imap[1518]: [ID 277171 local6.error] TLS server 
engine: No CA file specified. Client side certs may not work
Jan 21 12:59:10 imapsrv imap[1518]: [ID 574029 local6.debug] 
SSL_accept() incomplete - wait
Jan 21 12:59:10 imapsrv imap[1518]: [ID 192010 local6.debug] decryption 
failed or bad record mac in SSL_accept() - fail
Jan 21 12:59:10 imapsrv imap[1518]: [ID 239158 local6.notice] STARTTLS 
negotiation failed: myclient.our.com [xx.xx.6.52]

Sebastian Hagedorn wrote:
 Hi Jeff,
 
 --On 21. Januar 2009 11:19:31 -0500 Jeff Blaine jbla...@kickflop.net 
 wrote:
 
 Sorry for the delay -- I had my wedding and a brief
 mini-honeymoon to attend to ;)
 
 congrats!
 
 How about Thunderbird using a password for authentication? Is that an
 option at all?

 I realize this is a little all over the road here,
 but bear with me as I am just trying to get something
 working at this point for our users who are now
 without secure IMAP :(

 With TLS selected in Thunderbird, I am given no
 choice but to select a client certificate.  See
 attached images.
 
 I wonder why that is. The only reason that comes to mind is that you 
 *have* a certificate. I don't and so I'm never asked to use it. So why 
 don't you try removing your certificate? Honestly, I would expect the 
 same to happen that happens when you use SSL, but you never know.
 
 Another user reports that GNU Emacs with the Gnus
 client works with SSL and port 993.  I've confirmed
 this in the log:

 Jan 21 11:11:03 imapsrv imaps[14170]: [ID 277583 local6.notice] login:
 jimbo-host.our.com [xx.xx.50.67] jimbo plaintext+TLS User logged in

 If I configure Thunderbird to do that (SSL via 993),
 I get the following:

 Jan 21 11:10:19 imapsrv imaps[14104]: [ID 636471 local6.notice] TLS
 server engine: cannot load CA data
 Jan 21 11:10:19 imapsrv imaps[14104]: [ID 286863 local6.notice]
 imapd:Loading hard-coded DH parameters
 Jan 21 11:10:19 imapsrv imaps[14104]: [ID 798856 local6.notice] imaps TLS
 negotiation failed: myclient.our.com
 Jan 21 11:10:19 imapsrv imaps[14104]: [ID 637875 local6.error] Fatal
 error: tls_start_servertls() failed
 
 I have no idea why that happens. I just tried it myself and got the 
 following in our log:
 
 Jan 21 18:17:48 lvr13 imaps[9855]: accepted connection
 Jan 21 18:17:48 lvr13 imaps[9855]: SSL_accept() incomplete - wait
 Jan 21 18:17:48 lvr13 imaps[9855]: SSL_accept() succeeded - done
 Jan 21 18:17:48 lvr13 imaps[9855]: starttls: TLSv1 with cipher 
 AES256-SHA (256/256 bits new) no authentication
 Jan 21 18:17:53 lvr13 imaps[9855]: login: [redacted] User logged in
 
 Could it be that your OpenSSL version or your certificate somehow don't 
 support features that Thunderbird requires? I'm really no expert, but I 
 know that client and server *negotiate* about these things. And the 
 error reads negotiation failed ...
 
 If your server is accessible over the Internet, perhaps I could try 
 connecting to it with openssl s_client. That might tell us something. 
 You can try that as well, of course.

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Re: Expire (manually) TLS sessions?

2009-01-21 Thread Jeff Blaine
This is fixed!

I built OpenSSL 0.9.8j on a whim and noticed it fixed
a bizarre problem with OpenSSH 5.1p1 that I was working
on in a pre-production environment.  We were using an
older 0.9.8 rev prior to this.

I then did a 'make clean; make; sudo make install' in
my cyrus-sasl source tree (which links against the static
openssl libs), and did the same for the cyrus-imapd tree.

Beats me!

Jan 21 15:10:20 imapsrv imap[9928]: [ID 574029 local6.debug] 
SSL_accept() incomplete - wait
Jan 21 15:10:20 imapsrv imap[9928]: [ID 867439 local6.debug] 
SSL_accept() succeeded - done
Jan 21 15:10:20 imapsrv imap[9928]: [ID 379946 local6.notice] starttls: 
TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication
Jan 21 15:10:20 imapsrv imap[9928]: [ID 529592 local6.notice] login: 
myclient.our.com [xx.xx.6.52] jblaine plain+TLS User logged in

Wesley Craig wrote:
 On 21 Jan 2009, at 12:41, Jeff Blaine wrote:
 FWIW, Thunderbird with SSL on port 993 pops up a box saying
 incorrect Message authentication code.  I forgot to mention
 that.
 
 That's interesting.  What platform are you running this on?  What 
 compiler did you use to build openssl?  What optimization flags did you 
 use?  (You might try building openssl with reduced optimization and see 
 what results you get.)
 
 :wes
 

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


2.2.12 to 2.3.13 upgrade :

2009-01-16 Thread Jeff Blaine
Our happy and functioning 2.2.12 server setup shows the
following when switched over to 2.3.13.  The odd thing is
that we're using skiplist, not berkeley, for our dbs.

If anyone has comments, I'd love to hear them.

bash-2.05# cat /etc/imapd.conf
configdirectory:/var/imap
defaultpartition:   default
partition-default:  /var/spool/imap
imap_admins:root cyrus
sasl_pwcheck_method:saslauthd
sieveusehomedir:true
autocreatequota:20
duplicate_db:   skiplist
tlscache_db:skiplist
annotation_db:  skiplist
tls_cert_file:  /var/imap/ca.crt
tls_key_file:   /var/imap/server.pem
tls_ca_file:/var/imap/ca.crt
bash-2.05#

# /etc/init.d/imap stop
Cyrus: Shutting dowm imapd instances
Cyrus: Shutting down master process
# /etc/init.d/imap start
...
Jan 16 05:25:15 imapsrv ctl_cyrusdb[13271]: [ID 866726 local6.warning] 
DBERROR db4: Program version 4.3 doesn't match environment version
Jan 16 05:25:15 imapsrv ctl_cyrusdb[13271]: [ID 866726 local6.warning] 
DBERROR db4: Skipping log file /var/imap/db/log.000224: historic log 
version 7
Jan 16 05:25:16 imapsrv ctl_cyrusdb[13271]: [ID 866726 local6.warning] 
DBERROR db4: /var/imap/db/log.000225: log file open failed: No such 
file or directory
Jan 16 05:25:16 imapsrv ctl_cyrusdb[13271]: [ID 866726 local6.warning] 
DBERROR db4: PANIC: No such file or directory
Jan 16 05:25:16 imapsrv ctl_cyrusdb[13272]: [ID 866726 local6.warning] 
DBERROR db4: PANIC: fatal region error detected; run recovery

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Re: 2.2.12 to 2.3.13 upgrade :

2009-01-16 Thread Jeff Blaine
Sebastian Hagedorn wrote:
 Hello Jeff,
 
 --On 16. Januar 2009 06:01:48 -0500 Jeff Blaine jbla...@kickflop.net 
 wrote:
 
 Our happy and functioning 2.2.12 server setup shows the
 following when switched over to 2.3.13.  The odd thing is
 that we're using skiplist, not berkeley, for our dbs.

 If anyone has comments, I'd love to hear them.

 bash-2.05# cat /etc/imapd.conf
 configdirectory:/var/imap
 defaultpartition:   default
 partition-default:  /var/spool/imap
 imap_admins:root cyrus
 sasl_pwcheck_method:saslauthd
 sieveusehomedir:true
 autocreatequota:20
 duplicate_db:   skiplist
 tlscache_db:skiplist
 annotation_db:  skiplist
 tls_cert_file:  /var/imap/ca.crt
 tls_key_file:   /var/imap/server.pem
 tls_ca_file:/var/imap/ca.crt
 bash-2.05#
 
 what about mboxlist_db? And even if all your dbs *are* skiplist, you 
 might still have remants from previous Berkeley dbs in your 
 /var/lib/imap/db directory. If you are sure you don't need those, just 
 delete them. Obviously the new Cyrus has found a Berkeley environment 
 somewhere ...

Thanks for the reply, Sebastian.

I found a log.0001 from 2005 in the db directory.  When
I deleted it, the new 2.3.13 instance started cleanly (so far).

Thanks for the nudge in the right direction.

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Expire (manually) TLS sessions?

2009-01-16 Thread Jeff Blaine
Maybe we're doing something wrong in the process, but it
seems that every time we perform offline maintenance
(upgrade, whatever) on Cyrus IMAPd ... our users complain
that TLS breaks afterward, but then fixes itself in time.

I've demonstrated this to myself just now with the upgrade
to 2.3.13 from 2.2.12.  My TLS session is cached but broken
with the new setup (or for whatever other reason).  That is,
even after restarting Thunderbird, I get the following:

Jan 16 06:31:50 imapsrv imap[19690]: [ID 239158 local6.notice] STARTTLS 
negotiation failed: bva-172.our.com

Is there a way to zero/flush all TLS cached sessions?  I
have to imagine there is, but I don't know how.

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Re: Expire (manually) TLS sessions?

2009-01-16 Thread Jeff Blaine
Hmm.  That's not working for me.

bash-2.05# pwd
/var/imap
# rm tls_sessions.db
# /etc/init.d/imap start
#

Jan 16 06:54:36 imapsrv imap[20300]: [ID 286863 local6.notice] 
imapd:Loading hard-coded DH parameters
Jan 16 06:54:36 imapsrv imap[20300]: [ID 239158 local6.notice] STARTTLS 
negotiation failed: bva-172.our.com

bash-2.05# pwd
/var/imap
bash-2.05# ls -l tls*
tls*: No such file or directory
bash-2.05#

Sebastian Hagedorn wrote:
 Hello Jeff,
 
 --On 16. Januar 2009 06:38:27 -0500 Jeff Blaine jbla...@kickflop.net 
 wrote:
 
 Maybe we're doing something wrong in the process, but it
 seems that every time we perform offline maintenance
 (upgrade, whatever) on Cyrus IMAPd ... our users complain
 that TLS breaks afterward, but then fixes itself in time.

 I've demonstrated this to myself just now with the upgrade
 to 2.3.13 from 2.2.12.  My TLS session is cached but broken
 with the new setup (or for whatever other reason).  That is,
 even after restarting Thunderbird, I get the following:

 Jan 16 06:31:50 imapsrv imap[19690]: [ID 239158 local6.notice] STARTTLS
 negotiation failed: bva-172.our.com

 Is there a way to zero/flush all TLS cached sessions?  I
 have to imagine there is, but I don't know how.
 
 as before: just delete the tls_sessions files before you start 
 cyrus-imapd. They will be recreated automatically. You could even make 
 that part of the initscript, because those session don't survive a 
 restart anyway.

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Re: Expire (manually) TLS sessions?

2009-01-16 Thread Jeff Blaine
Sebastian Hagedorn wrote:
 --On 16. Januar 2009 06:58:06 -0500 Jeff Blaine jbla...@kickflop.net 
 wrote:
 Hmm.  That's not working for me.

 bash-2.05# pwd
 /var/imap
 # rm tls_sessions.db
 # /etc/init.d/imap start
 #

 Jan 16 06:54:36 imapsrv imap[20300]: [ID 286863 local6.notice]
 imapd:Loading hard-coded DH parameters
 Jan 16 06:54:36 imapsrv imap[20300]: [ID 239158 local6.notice] STARTTLS
 negotiation failed: bva-172.our.com

 bash-2.05# pwd
 /var/imap
 bash-2.05# ls -l tls*
 tls*: No such file or directory
 bash-2.05#
 
 Strange. I know for a fact that it has worked for us in the past. I 
 can't verify that easily right now, because I don't currently have a 
 test set-up. What happens if you touch the file prior to starting imap?

I tried that first:  cp /dev/null tls_sessions.db

Same situation :(

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Re: Expire (manually) TLS sessions?

2009-01-16 Thread Jeff Blaine
More info after increasing local6.info to local6.debug for
syslog:

accepted connection
imapd:Loading hard-coded DH parameters
SSL_accept() incomplete - wait
decryption failed or bad record mac in SSL_accept() - fail
STARTTLS negotiation failed: bva-172.our.com

Our TLS all worked fine before the upgrade :(

Jeff Blaine wrote:
 Sebastian Hagedorn wrote:
 --On 16. Januar 2009 06:58:06 -0500 Jeff Blaine jbla...@kickflop.net 
 wrote:
 Hmm.  That's not working for me.

 bash-2.05# pwd
 /var/imap
 # rm tls_sessions.db
 # /etc/init.d/imap start
 #

 Jan 16 06:54:36 imapsrv imap[20300]: [ID 286863 local6.notice]
 imapd:Loading hard-coded DH parameters
 Jan 16 06:54:36 imapsrv imap[20300]: [ID 239158 local6.notice] STARTTLS
 negotiation failed: bva-172.our.com

 bash-2.05# pwd
 /var/imap
 bash-2.05# ls -l tls*
 tls*: No such file or directory
 bash-2.05#
 Strange. I know for a fact that it has worked for us in the past. I 
 can't verify that easily right now, because I don't currently have a 
 test set-up. What happens if you touch the file prior to starting imap?
 
 I tried that first:  cp /dev/null tls_sessions.db
 
 Same situation :(
 
 Cyrus Home Page: http://cyrusimap.web.cmu.edu/
 Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
 List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
 

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Re: Expire (manually) TLS sessions?

2009-01-16 Thread Jeff Blaine
Sebastian Hagedorn wrote:
 --On 16. Januar 2009 07:48:18 -0500 Jeff Blaine jbla...@kickflop.net 
 wrote:
 
 More info after increasing local6.info to local6.debug for
 syslog:

 accepted connection
 imapd:Loading hard-coded DH parameters
 SSL_accept() incomplete - wait
 decryption failed or bad record mac in SSL_accept() - fail
 STARTTLS negotiation failed: bva-172.our.com

 Our TLS all worked fine before the upgrade :(
 
 I'm pretty sure the tls_cache is a red herring. The SSL/TLS code changed 
 a lot between 2.2 and 2.3. My guess would be that there lies the actual 
 problem.
 
 I wonder where the line Loading hard-coded DH parameters comes from. I 
 haven't seen that before. Anyway, I guess you need an SSL expert to make 
 sense of that. How old is your certificate? Maybe the new code doesn't 
 like it? Did you build the binary yourself or where did you get it?

The certificate is 1 year 10 months old.

Everything was built by hand (as it was with our 2.2.12
install as well).

I'll try redoing the cert.

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Re: Expire (manually) TLS sessions?

2009-01-16 Thread Jeff Blaine
A new cert did not solve the problem:

Jan 16 09:41:30 imapsrv imap[12264]: [ID 921384 local6.debug] accepted 
connection
Jan 16 09:41:30 imapsrv imap[12264]: [ID 192010 local6.debug] wrong 
version number in SSL_accept() - fail
Jan 16 09:41:30 imapsrv imap[12264]: [ID 239158 local6.notice] STARTTLS 
negotiation failed: bva-172.our.com

Jeff Blaine wrote:
 Sebastian Hagedorn wrote:
 --On 16. Januar 2009 07:48:18 -0500 Jeff Blaine jbla...@kickflop.net 
 wrote:

 More info after increasing local6.info to local6.debug for
 syslog:

 accepted connection
 imapd:Loading hard-coded DH parameters
 SSL_accept() incomplete - wait
 decryption failed or bad record mac in SSL_accept() - fail
 STARTTLS negotiation failed: bva-172.our.com

 Our TLS all worked fine before the upgrade :(

 I'm pretty sure the tls_cache is a red herring. The SSL/TLS code 
 changed a lot between 2.2 and 2.3. My guess would be that there lies 
 the actual problem.

 I wonder where the line Loading hard-coded DH parameters comes from. 
 I haven't seen that before. Anyway, I guess you need an SSL expert to 
 make sense of that. How old is your certificate? Maybe the new code 
 doesn't like it? Did you build the binary yourself or where did you 
 get it?
 
 The certificate is 1 year 10 months old.
 
 Everything was built by hand (as it was with our 2.2.12
 install as well).
 
 I'll try redoing the cert.
 

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Re: Expire (manually) TLS sessions?

2009-01-16 Thread Jeff Blaine
With the tls_ca_file line removed, Thunderbird asked me
to specify a client certificate, I chose my cert and
entered my password to access it.

Jan 16 10:08:33 imapsrv imap[15668]: [ID 921384 local6.debug] accepted 
connection
Jan 16 10:08:33 imapsrv imap[15668]: [ID 636471 local6.notice] TLS 
server engine: cannot load CA data
Jan 16 10:08:33 imapsrv imap[15668]: [ID 286863 local6.notice] 
imapd:Loading hard-coded DH parameters
Jan 16 10:08:33 imapsrv imap[15668]: [ID 277171 local6.error] TLS server 
engine: No CA file specified. Client side certs may not work
Jan 16 10:08:33 imapsrv imap[15668]: [ID 574029 local6.debug] 
SSL_accept() incomplete - wait
Jan 16 10:08:43 imapsrv imap[15668]: [ID 160154 local6.debug] Doing a 
peer verify
Jan 16 10:08:43 imapsrv imap[15668]: [ID 227675 local6.error] verify 
error:num=20:unable to get local issuer certificate
Jan 16 10:08:43 imapsrv imap[15668]: [ID 192010 local6.debug] no 
certificate returned in SSL_accept() - fail
Jan 16 10:08:43 imapsrv imap[15668]: [ID 239158 local6.notice] STARTTLS 
negotiation failed: bva-172.our.com

Sebastian Hagedorn wrote:
 --On 16. Januar 2009 09:43:02 -0500 Jeff Blaine jbla...@kickflop.net 
 wrote:
 
 A new cert did not solve the problem:

 Jan 16 09:41:30 imapsrv imap[12264]: [ID 921384 local6.debug] accepted
 connection
 Jan 16 09:41:30 imapsrv imap[12264]: [ID 192010 local6.debug] wrong
 version number in SSL_accept() - fail
 
 But it results in a different error message.
 
 Jan 16 09:41:30 imapsrv imap[12264]: [ID 239158 local6.notice] STARTTLS
 negotiation failed: bva-172.our.com
 
 That reminds me of something. Try removing this line from your config:
 
 tls_ca_file:/var/imap/ca.crt
 
 Also, try using different clients. IIRC, there is an issue specifically 
 with Thunderbird and that setting. I don't remember the details, but you 
 should be able to find them in the archives.

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Re: Expire (manually) TLS sessions?

2009-01-16 Thread Jeff Blaine
Jorey Bump wrote:
 Jeff Blaine wrote, at 01/16/2009 10:12 AM:
 With the tls_ca_file line removed, Thunderbird asked me
 to specify a client certificate, I chose my cert and
 entered my password to access it.
 
 That sounds backwards. My understanding is that setting tls_ca_file is
 what will cause some clients to prompt for a client certificate, and
 that commenting out the setting avoids this problem if you don't use
 client certs.
 
 Jan 16 10:08:33 imapsrv imap[15668]: [ID 921384 local6.debug] accepted 
 connection
 Jan 16 10:08:33 imapsrv imap[15668]: [ID 636471 local6.notice] TLS 
 server engine: cannot load CA data
 
 That's fine. It's a spurious log message as a result of removing
 tls_ca_file.
 
 Jan 16 10:08:33 imapsrv imap[15668]: [ID 286863 local6.notice] 
 imapd:Loading hard-coded DH parameters
 
 This is also normal, nothing to worry about.
 
 Jan 16 10:08:33 imapsrv imap[15668]: [ID 277171 local6.error] TLS server 
 engine: No CA file specified. Client side certs may not work
 
 More harmless noise from the removal of tls_ca_file.
 
 Jan 16 10:08:33 imapsrv imap[15668]: [ID 574029 local6.debug] 
 SSL_accept() incomplete - wait
 Jan 16 10:08:43 imapsrv imap[15668]: [ID 160154 local6.debug] Doing a 
 peer verify
 Jan 16 10:08:43 imapsrv imap[15668]: [ID 227675 local6.error] verify 
 error:num=20:unable to get local issuer certificate
 Jan 16 10:08:43 imapsrv imap[15668]: [ID 192010 local6.debug] no 
 certificate returned in SSL_accept() - fail
 Jan 16 10:08:43 imapsrv imap[15668]: [ID 239158 local6.notice] STARTTLS 
 negotiation failed: bva-172.our.com
 
 This is probably related to your client certificate, now that you don't
 have a CA store for verification. I don't know why Thunderbird prompted
 you for a certificate, though. You might want to test from another
 Thunderbird with no client certs installed.
 
 In any case, this might be easier to troubleshoot if you post your
 imapd.conf (and maybe even cyrus.conf). I found it was a little tricky
 going upgrading within 2.3.x due to some TLS changes, but I still
 managed to maintain a very simple configuration. Yours just might need a
 couple of tweaks.

Here ya go:

allowplaintext: true
configdirectory:/var/imap
defaultpartition:   default
partition-default:  /var/spool/imap
imap_admins:root cyrus
sasl_pwcheck_method:saslauthd
unix_group_enable: 0
sieveusehomedir:true
autocreatequota:20
duplicate_db:   skiplist
annotation_db:  skiplist
mboxkey_db: skiplist
mboxlist_db: skiplist
tlscache_db:skiplist
tls_session_timeout: 0
tls_cert_file:  /var/imap/ca.crt
tls_key_file:   /var/imap/server.pk

START {
   recover   cmd=ctl_cyrusdb -r
}
SERVICES {
   imap  cmd=imapd listen=imap prefork=5 proto=tcp4
   imaps cmd=imapd -s listen=imaps prefork=1 proto=tcp4
   lmtpunix  cmd=lmtpd listen=/var/imap/socket/lmtp prefork=1
}
EVENTS {
   checkpointcmd=ctl_cyrusdb -c period=10
   delprune  cmd=cyr_expire -E 3 at=0400
   tlsprune  cmd=tls_prune at=0400
}

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Re: imapd.conf option for setting SASL_PATH ?

2008-12-26 Thread Jeff Blaine
I'll take that as a no?

Jeff Blaine wrote:
 I need to explicitly override what our Cyrus IMAPd/SASL
 build is using for SASL_PATH, as it appears to be
 misusing what has already been explicitly configured:
 
 http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-saslmsg=9025
  
 
 
 That is, it would appear that SASL does not take
 '--with-plugindir=/wherever' to mean Find plugins
 here and ONLY here.
 
 Instead, it seems to mean, APPEND (not even PREPEND!)
 /wherever to my compile-time generated list of places
 to try to find plugins.
 
 Is there a sasl_* option for imapd.conf to specify
 where (and ONLY where) to look for SASL plugins?  As you
 can see, I've already posted to the cyrus-sasl list.
 

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


imapd.conf option for setting SASL_PATH ?

2008-12-15 Thread Jeff Blaine
I need to explicitly override what our Cyrus IMAPd/SASL
build is using for SASL_PATH, as it appears to be
misusing what has already been explicitly configured:

http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-saslmsg=9025

That is, it would appear that SASL does not take
'--with-plugindir=/wherever' to mean Find plugins
here and ONLY here.

Instead, it seems to mean, APPEND (not even PREPEND!)
/wherever to my compile-time generated list of places
to try to find plugins.

Is there a sasl_* option for imapd.conf to specify
where (and ONLY where) to look for SASL plugins?  As you
can see, I've already posted to the cyrus-sasl list.

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Re: DBERROR

2007-12-06 Thread Jeff Blaine
bash-2.05# ls -l *db
-rw---   1 cyrusmail 144 Dec  5 16:56 annotations.db
-rw---   1 cyrusmail 144 Dec  5 16:56 deliver.db
-rw---   1 cyrusmail 144 Dec  5 16:56 mailboxes.db

db:
total 29618
-rw---   1 cyrusmail8192 Dec  6 10:57 __db.001
-rw---   1 cyrusmail  663552 Dec  5 16:56 __db.002
-rw---   1 cyrusmail   98304 Dec  5 16:56 __db.003
-rw---   1 cyrusmail 21061632 Dec  5 16:56 __db.004
-rw---   1 cyrusmail   32768 Dec  5 16:56 __db.005
-rw---   1 cyrusmail   4 Dec  5 16:56 skipstamp
bash-2.05#

Alain Spineux wrote:
 On Dec 5, 2007 11:38 PM, Jeff Blaine [EMAIL PROTECTED] wrote:
 This is a brand new install.  After running tools/mkimap and
 starting master, I get this.  What's the deal?
 
 
 
 look for files :
 
 # ll /var/lib/imap/*.db
 -rw---  1 cyrus mail   144 Nov 28 11:01 /var/lib/imap/annotations.db
 -rw-r--r--  1 cyrus mail 16384 Dec  6 08:01 /var/lib/imap/deliver.db
 -rw---  1 cyrus mail  3760 Nov 28 11:01 /var/lib/imap/mailboxes.db
 -rw---  1 cyrus mail  8192 Dec  6 04:01 /var/lib/imap/tls_sessions.db
 
 look for access rights.
 
 Dec  5 17:26:57 alberta.foo.com ctl_cyrusdb[3713]: DBERROR: error
 listing log files: DB_NOTFOUND: No matching key/data pair found
 Dec  5 17:26:57 alberta.foo.com ctl_cyrusdb[3713]: DBERROR: archive
 /var/imap/db: cyrusdb error
 Dec  5 17:26:57 alberta.foo.com ctl_cyrusdb[3713]: DBERROR: error
 listing log files: DB_NOTFOUND: No matching key/data pair found
 Dec  5 17:26:57 alberta.foo.com ctl_cyrusdb[3713]: DBERROR: archive
 /var/imap/db: cyrusdb error

 
 Cyrus Home Page: http://cyrusimap.web.cmu.edu/
 Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
 List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

 
 
 

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Re: DBERROR

2007-12-06 Thread Jeff Blaine
There are no mailboxes.  This was a brand new install that
I have left untouched until I figure out the cause of this
error.

If it's throwing an error because there is nothing in the
databases yet, I consider that a bug.

Alain Spineux wrote:
 On Dec 6, 2007 5:03 PM, Jeff Blaine [EMAIL PROTECTED] wrote:
 bash-2.05# ls -l *db
 -rw---   1 cyrusmail 144 Dec  5 16:56 annotations.db
 -rw---   1 cyrusmail 144 Dec  5 16:56 deliver.db
 -rw---   1 cyrusmail 144 Dec  5 16:56 mailboxes.db
 
 144 bytes !  Not a lot !
 
 If you have a backup, try to restore from it (make a copy of *.db and
 db/* files) before :-)
 If not try to repair using the log files (in db/*), but db_tools are
 very user unfriendly :-(
 Or remove theses files and recreate your mailboxes using cyradm.
 
 
 
 db:
 total 29618
 -rw---   1 cyrusmail8192 Dec  6 10:57 __db.001
 -rw---   1 cyrusmail  663552 Dec  5 16:56 __db.002
 -rw---   1 cyrusmail   98304 Dec  5 16:56 __db.003
 -rw---   1 cyrusmail 21061632 Dec  5 16:56 __db.004
 -rw---   1 cyrusmail   32768 Dec  5 16:56 __db.005
 -rw---   1 cyrusmail   4 Dec  5 16:56 skipstamp
 bash-2.05#


 Alain Spineux wrote:
 On Dec 5, 2007 11:38 PM, Jeff Blaine [EMAIL PROTECTED] wrote:
 This is a brand new install.  After running tools/mkimap and
 starting master, I get this.  What's the deal?


 look for files :

 # ll /var/lib/imap/*.db
 -rw---  1 cyrus mail   144 Nov 28 11:01 /var/lib/imap/annotations.db
 -rw-r--r--  1 cyrus mail 16384 Dec  6 08:01 /var/lib/imap/deliver.db
 -rw---  1 cyrus mail  3760 Nov 28 11:01 /var/lib/imap/mailboxes.db
 -rw---  1 cyrus mail  8192 Dec  6 04:01 /var/lib/imap/tls_sessions.db

 look for access rights.

 Dec  5 17:26:57 alberta.foo.com ctl_cyrusdb[3713]: DBERROR: error
 listing log files: DB_NOTFOUND: No matching key/data pair found
 Dec  5 17:26:57 alberta.foo.com ctl_cyrusdb[3713]: DBERROR: archive
 /var/imap/db: cyrusdb error
 Dec  5 17:26:57 alberta.foo.com ctl_cyrusdb[3713]: DBERROR: error
 listing log files: DB_NOTFOUND: No matching key/data pair found
 Dec  5 17:26:57 alberta.foo.com ctl_cyrusdb[3713]: DBERROR: archive
 /var/imap/db: cyrusdb error

 
 Cyrus Home Page: http://cyrusimap.web.cmu.edu/
 Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
 List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html



 
 
 

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


DBERROR

2007-12-05 Thread Jeff Blaine
This is a brand new install.  After running tools/mkimap and
starting master, I get this.  What's the deal?

Dec  5 17:26:57 alberta.foo.com ctl_cyrusdb[3713]: DBERROR: error
listing log files: DB_NOTFOUND: No matching key/data pair found
Dec  5 17:26:57 alberta.foo.com ctl_cyrusdb[3713]: DBERROR: archive
/var/imap/db: cyrusdb error
Dec  5 17:26:57 alberta.foo.com ctl_cyrusdb[3713]: DBERROR: error
listing log files: DB_NOTFOUND: No matching key/data pair found
Dec  5 17:26:57 alberta.foo.com ctl_cyrusdb[3713]: DBERROR: archive
/var/imap/db: cyrusdb error


Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Re: Thunderbird + Kerberos 5 + Cyrus SASL-and-IMAP?

2007-02-12 Thread Jeff Blaine

If anyone wants to assist in testing, here is the bug report
I filed just now:

https://bugzilla.mozilla.org/show_bug.cgi?id=370178

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Re: Thunderbird + Kerberos 5 + Cyrus SASL-and-IMAP?

2007-02-12 Thread Jeff Blaine

GSSAPI authentication from Thunderbird to Cyrus IMAP works!

You MUST:

1.  Specify a FQDN for your IMAP server in Thunderbird's
account settings.  I was specifying an IP address.  Not
good enough.

2.  The FQDN must resolve somehow.  For me, it was a matter
of adding info to C:\WINDOWS\System32\drivers\etc\hosts

192.168.168.100   noodle.foo.com

3.  Your domain, of course, must map to some Kerberos realm.
This is done in your /etc/krb5.conf or krb5.ini for
Windows.  Here's how mine was setup when working:

[realms]
JBTEST = {
kdc = 192.168.168.100
admin_server = 192.168.168.100
}

[domain_realm]
foo.com = JBTEST
.foo.com = JBTEST

4.  Obviously specify 'Secure Authentication' in the IMAP
account's properties.

5.  In Thunderbird: Tools | Options | Advanced, Config editor
set network.auth.use-sspi to false.

Jeff Blaine wrote:

If anyone wants to assist in testing, here is the bug report
I filed just now:

https://bugzilla.mozilla.org/show_bug.cgi?id=370178



Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Re: Thunderbird + Kerberos 5 + Cyrus SASL-and-IMAP?

2007-02-09 Thread Jeff Blaine

A little more info, in case anyone finds the time to help
me out:

I've tried everything I can imagine.

saslauthd:

saslauthd -a kerberos5 -d (with additional debug code by me!)

Feb  9 13:22:20 noodle.foo.com saslauthd[27437]:
auth_krb5: krb5_kt_read_service_key returned -1765328203
- going to fini: in k5support_verify_tgt()

I can find no information on that Kerberos error, but I
most certainly have imap/noodle.foo.com in a readable
/etc/krb5.keytab (and truss shows it being read fine).

imapd.conf:

sasl_pwcheck_method: saslauthd

Jeff Blaine wrote:

I have a healthy MIT Kerberos 1.5.2 realm and Cyrus IMAP 2.2.12
server configured (SASL 2.1.22).

I can't get Thunderbird (latest 1.5 official release) to perform
GSSAPI authentication against the Cyrus IMAP server.

I have valid Kerberos 5 credentials (for user jblaine) via Kerberos
for Windows 3.1.  I have restarted Thunderbird.

Anyone know how to do this?  This is supposed to work if I am
not mistaken.

Thunderbird states the server does not support secure authentication
(which is BS).



imtest authenticates (as jblaine) via GSSAPI fine!

C: A01 AUTHENTICATE GSSAPI YIICBblahblahblah
S: + YIGWBgkqhkblahblah
...
S: A01 OK Success (privacy protection)
Authenticated.
Security strength factor: 56

...

Feb  8 16:36:44 noodle.foo.com imap[26514]: [ID 529592 local6.notice] 
login: noodle.foo.com [192.168.168.100] jblaine GSSAPI User logged in




/etc/imapd.conf reads as follows:

configdirectory:/var/imap
defaultpartition:   default
partition-default:  /var/spool/imap
imap_admins:root cyrus
sieveusehomedir:false
autocreatequota:20
duplicate_db:   skiplist
allowplaintext: false
force_sasl_mech:GSSAPI
sasl_log_level: 4




Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Thunderbird + Kerberos 5 + Cyrus SASL-and-IMAP?

2007-02-08 Thread Jeff Blaine

I have a healthy MIT Kerberos 1.5.2 realm and Cyrus IMAP 2.2.12
server configured (SASL 2.1.22).

I can't get Thunderbird (latest 1.5 official release) to perform
GSSAPI authentication against the Cyrus IMAP server.

I have valid Kerberos 5 credentials (for user jblaine) via Kerberos
for Windows 3.1.  I have restarted Thunderbird.

Anyone know how to do this?  This is supposed to work if I am
not mistaken.

Thunderbird states the server does not support secure authentication
(which is BS).



imtest authenticates (as jblaine) via GSSAPI fine!

C: A01 AUTHENTICATE GSSAPI YIICBblahblahblah
S: + YIGWBgkqhkblahblah
...
S: A01 OK Success (privacy protection)
Authenticated.
Security strength factor: 56

...

Feb  8 16:36:44 noodle.foo.com imap[26514]: [ID 529592 local6.notice] 
login: noodle.foo.com [192.168.168.100] jblaine GSSAPI User logged in




/etc/imapd.conf reads as follows:

configdirectory:/var/imap
defaultpartition:   default
partition-default:  /var/spool/imap
imap_admins:root cyrus
sieveusehomedir:false
autocreatequota:20
duplicate_db:   skiplist
allowplaintext: false
force_sasl_mech:GSSAPI
sasl_log_level: 4


Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


User-deleted folders still on disk?

2005-04-25 Thread Jeff Blaine
Using cyrus-2.2.12
We're experiencing a situation where user-deleted folders still
remain on disk.
Running 'reconstruct -r user.USERNAME' does not address the
problem.
Is this expected behavior?  If so, I'm curious to hear the
reasoning.
Are we missing an option somewhere?  It's confusing our users,
as our You are near your quota script shows them, among other
things, a 'du -sk' listing of their spool area.
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


2.1.13 to 2.2.12 upgrade sanity check

2005-03-03 Thread Jeff Blaine
Can I get a sanity check here?
- Shutdown
- Update /etc/cyrus.conf for cyr_expire -E
- Add fulldirhash option to imapd.conf (I assume this is what
  is meant by setups using a b c ... z for top level dirs, etc)
- Run cvt_cyrusdb on mailboxes.db, deliver.db, tls_sessions.db
- find /var/imap/user -name \*.seen -exec /MY/PATH/bin/cvt_cyrusdb \{\} 
flat \{\}.new skiplist \; -exec mv \{\}.new \{\} \;

- Startup
- No sieve scripts byte compiled, not applicable
- Don't use ptloader, not applicable
- Don't use idled or notifyd, not applicable
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


Re: cyradm failure

2003-08-20 Thread Jeff Blaine
I have solved this by setting SASL_* and OPENSSL_* as referenced
in Makefile.PL to include every -l -L -R option necessary for
linking libsasl2.so into IMAP.so
Your perl/imap/README and perl/imap/Makefile.PL need some work.

README should mention SASL_INC, SASL_LIB, OPENSSL_INC, and OPENSSL_LIB
environment variables referenced in Makefile.PL and describe precisely
what they can and/or should contain.
Makefile.PL is inconsistent and confusing here:

  my $SASL_INC = $ENV{SASL_INC};
  my $SASL_LIB = $ENV{SASL_LIB} || -lsasl2;
  my $OPENSSL_INC = $ENV{OPENSSL_INC};
  my $OPENSSL_LIB = $ENV{OPENSSL_LIB};
combined with line 63:

  'LIBS'  = [$SASL_LIB $OPENSSL_LIB -lssl -lcrypto],

Make up your mind how you want to do it :)  I suggest either:

A) Changing:

   my $SASL_LIB = $ENV{SASL_LIB} || -lsasl2;

 to:

   my $SASL_LIB = $ENV{SASL_LIB};

 and adding the appropriate '-lsasl2' on the LIBS line 63 ... OR...

B) Changing:

   my $OPENSSL_LIB = $ENV{OPENSSL_LIB};

 to:

   my $OPENSSL_LIB = $ENV{OPENSSL_LIB} || -lssl;

Jeff Blaine wrote:
I read the long thread (with no resolution) about this from
Jan 2003.
With our existing AND a brand new fresh/clean Perl 5.6.1
build for the sake of trying to get this to work, I cannot get
it to work and cannot make any sense of what the problem is:
- Solaris 7
- Cyrus IMAP 2.1.13 (working fine with 100 users - has been
  for months.  Just can't do any administration yet!)
- Cyrus IMAP 2.1.14 does the same thing.
=
cd /cyrus/src/perl-5.6.1
sh Configure -des -Dprefix=/cyrus -Uinstallusrbinperl
make
make install
=
% cd /cyrus/lib
% ls
libacap.alibdb-4.so@  libsasl2.so.2@
libcyrus.a   libdb.a@ libsasl2.so.2.0.13*
libdb-4.1.a  libdb.so@perl5/
libdb-4.1.la libsasl2.la* sasl2/
libdb-4.1.so*libsasl2.so@
% nm libsasl2.so | grep sasl_client_init
[521]   | 25256| 372|FUNC |GLOB |0|10 |sasl_client_init
%
=
% cd /cyrus/src/cyrus-imapd-2.1.13/perl/imap
% SASL_LIB=-L/cyrus/lib -R/cyrus/lib
% SASL_INC=-I/cyrus/include
% OPENSSL_LIB=-L/usr/rcf/lib -R/usr/rcf/lib
% OPENSSL_INC=-I/usr/rcf/include
% perl Makefile.PL
Checking if your kit is complete...
Looks good
Writing Makefile for Cyrus::IMAP
% make
...
[ Output deleted - success and proper -L, -R, and -I options used ]
[ as set above! ]
...
% make install
...
[ Output deleted ]
...
% /cyrus/bin/cyradm
Can't load 
'/cyrus/lib/perl5/site_perl/5.6.1/sun4-solaris/auto/Cyrus/IMAP/IMAP.so' 
for module Cyrus::IMAP: ld.so.1: perl: fatal: relocation error: file 
/cyrus/lib/perl5/site_perl/5.6.1/sun4-solaris/auto/Cyrus/IMAP/IMAP.so: 
symbol sasl_client_init: referenced symbol not found at 
/cyrus/lib/perl5/5.6.1/sun4-solaris/DynaLoader.pm line 206.
 at /cyrus/lib/perl5/site_perl/5.6.1/sun4-solaris/Cyrus/IMAP/Admin.pm 
line 44
Compilation failed in require at 
/cyrus/lib/perl5/site_perl/5.6.1/sun4-solaris/Cyrus/IMAP/Admin.pm line 44.
BEGIN failed--compilation aborted at 
/cyrus/lib/perl5/site_perl/5.6.1/sun4-solaris/Cyrus/IMAP/Admin.pm line 44.
Compilation failed in require at 
/cyrus/lib/perl5/site_perl/5.6.1/sun4-solaris/Cyrus/IMAP/Shell.pm line 60.
BEGIN failed--compilation aborted at 
/cyrus/lib/perl5/site_perl/5.6.1/sun4-solaris/Cyrus/IMAP/Shell.pm line 60.
Compilation failed in require.
BEGIN failed--compilation aborted.







cyradm failure

2003-08-14 Thread Jeff Blaine
I read the long thread (with no resolution) about this from
Jan 2003.
With our existing AND a brand new fresh/clean Perl 5.6.1
build for the sake of trying to get this to work, I cannot get
it to work and cannot make any sense of what the problem is:
- Solaris 7
- Cyrus IMAP 2.1.13 (working fine with 100 users - has been
  for months.  Just can't do any administration yet!)
- Cyrus IMAP 2.1.14 does the same thing.
=
cd /cyrus/src/perl-5.6.1
sh Configure -des -Dprefix=/cyrus -Uinstallusrbinperl
make
make install
=
% cd /cyrus/lib
% ls
libacap.alibdb-4.so@  libsasl2.so.2@
libcyrus.a   libdb.a@ libsasl2.so.2.0.13*
libdb-4.1.a  libdb.so@perl5/
libdb-4.1.la libsasl2.la* sasl2/
libdb-4.1.so*libsasl2.so@
% nm libsasl2.so | grep sasl_client_init
[521]   | 25256| 372|FUNC |GLOB |0|10 |sasl_client_init
%
=
% cd /cyrus/src/cyrus-imapd-2.1.13/perl/imap
% SASL_LIB=-L/cyrus/lib -R/cyrus/lib
% SASL_INC=-I/cyrus/include
% OPENSSL_LIB=-L/usr/rcf/lib -R/usr/rcf/lib
% OPENSSL_INC=-I/usr/rcf/include
% perl Makefile.PL
Checking if your kit is complete...
Looks good
Writing Makefile for Cyrus::IMAP
% make
...
[ Output deleted - success and proper -L, -R, and -I options used ]
[ as set above! ]
...
% make install
...
[ Output deleted ]
...
% /cyrus/bin/cyradm
Can't load 
'/cyrus/lib/perl5/site_perl/5.6.1/sun4-solaris/auto/Cyrus/IMAP/IMAP.so' 
for module Cyrus::IMAP: ld.so.1: perl: fatal: relocation error: file 
/cyrus/lib/perl5/site_perl/5.6.1/sun4-solaris/auto/Cyrus/IMAP/IMAP.so: 
symbol sasl_client_init: referenced symbol not found at 
/cyrus/lib/perl5/5.6.1/sun4-solaris/DynaLoader.pm line 206.
 at /cyrus/lib/perl5/site_perl/5.6.1/sun4-solaris/Cyrus/IMAP/Admin.pm line 44
Compilation failed in require at 
/cyrus/lib/perl5/site_perl/5.6.1/sun4-solaris/Cyrus/IMAP/Admin.pm line 44.
BEGIN failed--compilation aborted at 
/cyrus/lib/perl5/site_perl/5.6.1/sun4-solaris/Cyrus/IMAP/Admin.pm line 44.
Compilation failed in require at 
/cyrus/lib/perl5/site_perl/5.6.1/sun4-solaris/Cyrus/IMAP/Shell.pm line 60.
BEGIN failed--compilation aborted at 
/cyrus/lib/perl5/site_perl/5.6.1/sun4-solaris/Cyrus/IMAP/Shell.pm line 60.
Compilation failed in require.
BEGIN failed--compilation aborted.





Re: cyradm failure

2003-08-11 Thread Jeff Blaine
In the meantime, is there anyone who can tell me how to adjust
a user's quota via the files in /var/imap/quota ?  I see files
to edit, but don't know how to make the changes take effect
(they don't seem to on their own).
We have a user who's had mail being undelivered for 3 days now
because of quota problems and I do not want the messages to
bounce back to the senders.
Jeff Blaine wrote:
I read the long thread (with no resolution) about this from
Jan 2003.
With our existing AND a brand new fresh/clean Perl 5.6.1
build for the sake of trying to get this to work, I cannot get
it to work and cannot make any sense of what the problem is:
- Solaris 7
- Cyrus IMAP 2.1.13 (working fine with 100 users - has been
  for months.  Just can't do any administration yet!)
- Cyrus IMAP 2.1.14 does the same thing.
=
cd /cyrus/src/perl-5.6.1
sh Configure -des -Dprefix=/cyrus -Uinstallusrbinperl
make
make install
=
% cd /cyrus/lib
% ls
libacap.alibdb-4.so@  libsasl2.so.2@
libcyrus.a   libdb.a@ libsasl2.so.2.0.13*
libdb-4.1.a  libdb.so@perl5/
libdb-4.1.la libsasl2.la* sasl2/
libdb-4.1.so*libsasl2.so@
% nm libsasl2.so | grep sasl_client_init
[521]   | 25256| 372|FUNC |GLOB |0|10 |sasl_client_init
%
=
% cd /cyrus/src/cyrus-imapd-2.1.13/perl/imap
% SASL_LIB=-L/cyrus/lib -R/cyrus/lib
% SASL_INC=-I/cyrus/include
% OPENSSL_LIB=-L/usr/rcf/lib -R/usr/rcf/lib
% OPENSSL_INC=-I/usr/rcf/include
% perl Makefile.PL
Checking if your kit is complete...
Looks good
Writing Makefile for Cyrus::IMAP
% make
...
[ Output deleted - success and proper -L, -R, and -I options used ]
[ as set above! ]
...
% make install
...
[ Output deleted ]
...
% /cyrus/bin/cyradm
Can't load 
'/cyrus/lib/perl5/site_perl/5.6.1/sun4-solaris/auto/Cyrus/IMAP/IMAP.so' 
for module Cyrus::IMAP: ld.so.1: perl: fatal: relocation error: file 
/cyrus/lib/perl5/site_perl/5.6.1/sun4-solaris/auto/Cyrus/IMAP/IMAP.so: 
symbol sasl_client_init: referenced symbol not found at 
/cyrus/lib/perl5/5.6.1/sun4-solaris/DynaLoader.pm line 206.
 at /cyrus/lib/perl5/site_perl/5.6.1/sun4-solaris/Cyrus/IMAP/Admin.pm 
line 44
Compilation failed in require at 
/cyrus/lib/perl5/site_perl/5.6.1/sun4-solaris/Cyrus/IMAP/Admin.pm line 44.
BEGIN failed--compilation aborted at 
/cyrus/lib/perl5/site_perl/5.6.1/sun4-solaris/Cyrus/IMAP/Admin.pm line 44.
Compilation failed in require at 
/cyrus/lib/perl5/site_perl/5.6.1/sun4-solaris/Cyrus/IMAP/Shell.pm line 60.
BEGIN failed--compilation aborted at 
/cyrus/lib/perl5/site_perl/5.6.1/sun4-solaris/Cyrus/IMAP/Shell.pm line 60.
Compilation failed in require.
BEGIN failed--compilation aborted.