Re: Including UCD-SNMP support in Cyrus IMAPD
do a man -k for one of those functions (kstat_read for example) and if
there's a man page for it, it should tell you what libraries you need to
link against, which should fix it.
I don't have access to a Solaris machine right now so unfortunately that's
the best help I can offer, but that should get yuou going.
Scott
--
[EMAIL PROTECTED] ``Chews? I'll take charleston
http://storm.lackluster.net/~scott/ chews for SIXTEEN MILLIONS!!''
On Sat, 4 Jan 2003 [EMAIL PROTECTED] wrote:
Hello,
I am trying to get Cyrus IMAPD 2.1.11 on Solaris 9 to compile with support
for UCD-SNMP, I use version 4.2.6 of UCD-SNMP. The problem is that it
doesn't detect UCD-SNMP because of the following error in the config.log:
configure:6064: checking for sprint_objid in -lsnmp
configure:6083: gcc -o conftest -Wall -g -O2 -I/opt/sfw/include/db3
-I/usr/local/include -I/opt/openssl/include -I/opt/ucdsnmp/include -L/op
t/sfw/lib -R/opt/sfw/lib -L/opt/sfw/lib -L/usr/local/lib -R/usr/local/lib
-R/opt/sfw/lib:/opt/openssl/lib:/opt/ucdsnmp/lib -L/opt/openssl/l
ib -L/opt/ucdsnmp/lib conftest.c -lsnmp -lresolv -lsocket -lnsl -ldl
-ldb-3.1 -lssl -lcrypto 15
Undefined first referenced
symbol in file
kstat_close /opt/ONucdsnmp/lib/libsnmp.so
kstat_lookup/opt/ONucdsnmp/lib/libsnmp.so
kstat_read /opt/ONucdsnmp/lib/libsnmp.so
kstat_open /opt/ONucdsnmp/lib/libsnmp.so
kstat_data_lookup /opt/ONucdsnmp/lib/libsnmp.so
ld: fatal: Symbol referencing errors. No output written to conftest
collect2: ld returned 1 exit status
configure: failed program was:
#line 6072 configure
#include confdefs.h
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
builtin and then its argument prototype would still apply. */
char sprint_objid();
int main() {
sprint_objid()
; return 0; }
configure:6141: checking UCD SNMP libraries
As you can see I have UCD-SNMP installed in /opt/ucdsnmp, but that doesn't
seem to be the problem, looks like I am missing something which has to do
with kstat. Does someone have any idea ?
PS: Sorry if you see this mail twice, I am not sure if the first one ever
arrived to the mailing list.
Regards
Marc
Re: Problems with authentication
I think you mean `/usr/local/lib/sasl2' and `/usr/lib/sasl2'
Scott
David Chait wrote:
Michael,
Did you remember to create the symbolic link between /usr/local/sasl2
and /usr/sasl2 ?
- Original Message -
From: Michael Obster [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, January 02, 2003 2:24 PM
Subject: Problems with authentication
Hi,
thx for the people who showed me the good documentation ;-)
Ok. I have now tracked the problem a little bit.
root@gutmann:/usr/lib# imtest -m login -a cyrus localhost
S: * OK gutmann Cyrus IMAP4 v2.1.11 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS AUTH=CRAM-MD5
AUTH=DIGEST-MD5 AUTH=OTP
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN cyrus {8}
S: + go ahead
C: omitted
S: L01 NO Login failed: generic failure
Authentication failed. generic failure
Security strength factor: 0
. logout
* BYE LOGOUT received
. OK Completed
Connection closed.
Looks like for some reason cyrus cannot authenticate my users. I use sasl
2.1.10.
Here is my /etc/imapd.conf:
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: cyrus
sasl_pwcheck_method: saslauthd
Regards,
Michael Obster
Re: [Annoyed] Cyrus-imapd/sasl upgrade and lmtpd behaviour...
huh...but I don't use Sendmail, so I never saw that :) So yes maybe moving it to a different spot in the documentation and making it a bit more generalized is a good idea, I agree. Scott -- [EMAIL PROTECTED] ``Chews? I'll take charleston http://storm.lackluster.net/~scott/ chews for SIXTEEN MILLIONS!!'' On Wed, 1 Jan 2003 [EMAIL PROTECTED] wrote: On Mon, 30 Dec 2002, Scott Smith wrote: What you probably want to do is add your MTA to the same group as Cyrus, at most. [...] Cyrus / SASL peeps, can you DOCUMENT this, since I personally know of several people that have had this problem, including myself when I upgraded from 1.5.x :) Not wanting to sound patronising, but doc/install-configure.html already says this: * Edit /etc/group and add user daemon to the mail group. This will permit sendmail to run the deliver (LMTP client) program to deliver mail to the IMAP server. Mind you, it's under Sendmail 8.9.x - perhaps it need to be moved to an outer scope? -- Simon Brady mailto:[EMAIL PROTECTED] ITS Technical Services University of Otago, Dunedin, New Zealand
Re: [Annoyed] Cyrus-imapd/sasl upgrade and lmtpd behaviour...
Oh my god dude. please Not trying to bitch you out, but holy crap. It's a REALLY BAD IDEA to be giving out SUID bits to just any old binary, no matter WHO owns the binary--root OR cyrus. What you probably want to do is add your MTA to the same group as Cyrus, at most. You can also change the path to the LMTP socket and create a lmtp group and put cyrus and MTA user in it. Or, you can run LMTP over TCP (keep it on loopback) with SASL. Cyrus / SASL peeps, can you DOCUMENT this, since I personally know of several people that have had this problem, including myself when I upgraded from 1.5.x :) Scott - Original Message - From: Steve Clement [EMAIL PROTECTED] To: info-cyrus [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, December 30, 2002 9:23 AM Subject: Re: [Annoyed] Cyrus-imapd/sasl upgrade and lmtpd behaviour... Heheh, indeed at 6am I remebered that I had to give delive SUID rights, which admittedly is not the right[TM] way, but works.
Re: Case Sensitivity
I am using a UNIX socket for Cyrus LMTPregardless, at some point, someone stated that this behavior has changed with Postfix. I am using 1.1.12, which up until, like, Sunday was the latest release. Discussion on this list has implied that this behavior (Postfix NOT lowercasing the username, supposedly) has been in place for a reasonably non-trivial amount of time. So, unless someone got their dates wrong, or unless this guy is using 2.0, then Postfix will deliver to an address with an uppercase username just fine. He didn't specify which Postfix release he was using, and IIRC he didn't even UPGRADE Postfix, just Cyrus IMAP and SASL, so Scott -- [EMAIL PROTECTED] ``Chews? I'll take charleston http://storm.lackluster.net/~scott/ chews for SIXTEEN MILLIONS!!'' On Tue, 24 Dec 2002, Henrique de Moraes Holschuh wrote: On Tue, 24 Dec 2002, Scott Smith wrote: So like, what's the problem? Works fine for me: Your postfix is still downcasing the lmtp recipient. Try with lmtptest. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh
Re: Case Sensitivity
OK. I finally found the note in the Postfix changelog, but that doesn't explain why he claims that the behavior changed without changing Postfix versions? Scott -- [EMAIL PROTECTED] ``Chews? I'll take charleston http://storm.lackluster.net/~scott/ chews for SIXTEEN MILLIONS!!'' On Tue, 24 Dec 2002, Henrique de Moraes Holschuh wrote: Not anymore. Old postfix (1.*) will. New postfix (snapshots, 2.0) won't.
Re: [PATCH][CVS IMAPd 2.1] lmtp_downcase_rcpt implementation (Re:Case Sensitivity)
Damn, I fouind it earlier. Do a search for canonical, and/or lowercase and/or regex. It's actually funny: Back in ~2000 Weitse sent several E-mails stating that Postfix lowercased everything because he felt it was simply unacceptable to require end users to know what CaPiTaLiZaTiOn (he even typed it that way!) a user name was, even though the RFC specified that the MTA be case sensitive. Cut to earlier this year, and he decides to stop lowercasing everything... hmmm... Scott -- [EMAIL PROTECTED] ``Chews? I'll take charleston http://storm.lackluster.net/~scott/ chews for SIXTEEN MILLIONS!!'' On Wed, 25 Dec 2002, Henrique de Moraes Holschuh wrote: On Tue, 24 Dec 2002, Lawrence Greenfield wrote: --On Tuesday, December 24, 2002 11:57 PM -0200 Henrique de Moraes Holschuh [EMAIL PROTECTED] wrote: On Tue, 24 Dec 2002, Lawrence Greenfield wrote: --On Tuesday, December 24, 2002 12:01 AM -0200 Henrique de Moraes Holschuh [EMAIL PROTECTED] wrote: Here's the cleaned up patch, against 2.1 CVS. It could be enhanced not to touch the +fooobar part of the recipient, I suppose. I guess I'm mostly of the opinion that this is an MTA job, as most other recipient rewriting is, especially since Cyrus mailboxes are case sensitive. Well, at least part of the MTA crew disagreed, and that was why it was removed from lmtp delivery in postfix. Well, I understand why they don't want to force all LMTP deliveries to be downcases. But Postfix must have some method of address rewriting. It does, but AFAIK, it is a royal pain to tell it to lowercase everything using rewrites (rewrites in postfix are table based). Lots of overhead... I foresee trouble with postfix in that area, so I will be enhancing that patch shortly. It is MTA-agnostic, and it might help people with other MTAs in the future anyway. Mind you, I plan to request postfix lmtp to be configurable to lowercase everything _as well_, but I must locate and read the thread that caused people to switch that off in the first place... -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh
Skipstamp?
I just checked out the 2.2 branch and set it up on a machine here...It built just fine and I got the virtdomain stuff working fine. My only problem is that I am getting the DBERROR messages about /var/imap/db/skipstamp. mkimap didn't create the file, and the only place I can find it in the code is in lib/cyrusdb_skiplist.c. So what creates the file? I saw a post from Ken Murchison saying that it wasn't something to worry about, but if it's not, then why is my logfile getting spammed with the errors? thanks! Scott -- [EMAIL PROTECTED] ``Chews? I'll take charleston http://storm.lackluster.net/~scott/ chews for SIXTEEN MILLIONS!!''
Re: Case Sensitivity
Hmmm, with 2.2 out of CVS, uppercase username works just fine... Scott -- [EMAIL PROTECTED] ``Chews? I'll take charleston http://storm.lackluster.net/~scott/ chews for SIXTEEN MILLIONS!!'' On Mon, 23 Dec 2002, Vernon A. Fort wrote: With the current release of cyrus-imapd-2.1.11, is there now case sensitivity on the lmtp delivery. With 2.1.10 and previous version, I could email VFORT and well as vfort and it would be delivered. I just (today) reinstall our mail server from: Cyrus-2.0.16 to cyrus-2.1.11 using the same version of postfix. I simply copied the mailboxes.db file from the var/imap to the /var/lib/imap and restarted the server. This was a fresh install. I have worked with previous 2.1 version and have not seen this feature. Is there any way to get around this other that having multiple aliases entried? All I get is user unknown Andy --- Vernon A. Fort (Andy) Provident Solutions, LLC (615) 427-4016 http://www.provident-solutions.com
Re: Trouble with Cyrus IMAP on FreeBSD
Yeah, install it by hand. It takes literally about 5 minutes. *shrug*... You didn't post any log entries, or what you've got in imapd.conf (using auxprop??? if you want sasldb2 you should be), or what your permissions on sasldb2 file are... Scott -- [EMAIL PROTECTED] ``Chews? I'll take charleston http://storm.lackluster.net/~scott/ chews for SIXTEEN MILLIONS!!'' On Tue, 24 Dec 2002, Darren Joy wrote: I'm having trouble getting a working implementation of Cyrus IMAP on FreeBSD 4.7 CURRENT. And yes, I am using the ports, it just doesn't seem to work at all, rather annoying as I expected a port to just *work*. I've an existing 1.6.24 Cyrus IMAP installation, which works like a charm, however, I'm forced to build a new machine, and I specifically want to use IMAP over SSL this time, which I don't remember as an option last time, and I don't want to run inetd, so I was looking to use a newer version. There seems to be three ports I can use on FreeBSD : /usr/ports/mail/cyrus ( effectively what I am using already ) /usr/ports/mail/cyrus-imapd /usr/ports/mail/cyrus-imapd2 I've tried the two newer ports, in various ways, and not got a single one working completely. They compile fine, but success ends there... in all cases I've used DB3. cyrus-imapd2 : with saslauthd - can add entries to sasldb, that's about it, cyradm refuses to connect to the server, cannot connect to POP or IMAP server from anywhere, including localhost. cyrus-imapd : with saslauthd - can create entries in sasldb, read them back with sasldblistusers, however, cyradm --user admin --auth CRAM-MD5 --server localhost just hangs, cannot get cyradm to work at all. with saslauthd disabled and pwcheck instead - partially successful, can create entries in sasldb, can run cyradm, create mailboxes, log into IMAP or POP from localhost, all working, except; access from elsewhere gets me a terminated connection, or the wrapper twist you are not allowed to use pop3|imap from yourhost.com even though there are pop3d : ALL : allow and imapd : ALL : allow entries in hosts.allow. By adding at the top of hosts.allow ALL : ALL : allow it will work, but that kind of defeats the point of having wrappers... Looking through the docs doesn't suggest anything else that needs a clause in hosts.allow, so I am at a loss as to what's missing. I don't use sieve, disabled in cyrus.conf so I don't think it's that, adding a clause for lmtpd hasn't helped either. in all cases, I've pretty much taken the defaults, to reduce chances of things going wrong (ha!), but no luck. I'm rapidly coming to the conclusion that anything using sasl just isn't worth the bother, and conceding to stick with unencrypted IMAP/POP and running inetd. =( Can anyone give me any ideas? Regards -- DJ
Re: Where does configure look for berkeleyDB?
You should post your config.log and the relevant output from ./configure Scott On Tue, 10 Apr 2001, jennyw wrote: I'm trying to install Cyrus imapd on a Debian 2.2 box. I downloaded BerkeleyDB from Sleepycat's site, and followed the instructions. This installed the software into /usr/local/BerkeleyDB.3.2. I then tried to run configure, but it didn't work. I realized I had an older version of Berkeley DB installed in /usr/lib, so I deleted libdb.a and replaced it with a symlink to the new libdb.a. I also did ln -s /usr/local/BerkeleyDB.3.2/bin/* /usr/local/bin. This didn't work, either. Looking through the configure script, it seems like it's looking for something called db_create, which doesn't exist (there are a lot of other db_* files in the bin directory). Any suggestions? Thanks! Jen
Re: NEWBIE: Got Sieve/Cyrus IMAP working but question about websieve
unpack them, read the documentation. The sam,e way you installed Cyrus. Scott On Mon, 9 Apr 2001, Tony Maro wrote: I've been using Cyrus IMAP Sieve for some time, (in fact you'll find one of my sample scripts on the Sieve home page) however I have little experience with Perl modules and the like and wish to get websieve working. There are two modules included that need something done with, but nothing says WHAT to do with them. How do I install the IMAP-Admin perlsieve modules? Using VI is Getting old LOL. Thanks, Tony Maro
Re: lmtp connection refused
Sounds like you don't have a lmtpunix entry in /etc/cyrus.conf
Scott
On Sun, 8 Apr 2001, Kevin van Haaren wrote:
I'm having a problem delivering mail to cyrus imap (version 2.0.12)
running on a Debian Linux PowerPC box (kernel 2.2.19pre17). I'm
using postfix for smtp. I have no problems connecting to the imap
server from the client side (using Mulberry as the client).
Problem is when deliver gets called. I get an error in syslog:
Apr 8 10:18:51 mojo deliver[6906]:
connect(/var/lib/cyrus/socket/lmtp) failed: Connection refused
and deliver hangs.
my postfix master.cf file has:
cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/bin/deliver -e -m ${extension} ${user}
and main.cf has:
mailbox_transport = cyrus
Thanks - Kevin
Re: New Cyrus User
What OS? Anything in your log files, have you used truss / strace on /usr/cyrus/bin/master? Scott On Thu, 5 Apr 2001, Gashaw Teshome wrote: Hi I just installed Cyrus-IMAP 2.0.12 and am having problems talking to imapd. I'm able to connect to port 143 with telnet and imtest, but I never get the * OK acknowledgement from the server. The connection stays open until I escape out of it. Using telnet, I get this: [cyrus@stats cyrus]$ telnet localhost 143 Trying 127.0.0.1... Connected to localhost.localdomain. Escape character is '^]'. With imtest, I get this: [cyrus@stats cyrus]$ imtest localhost C: C01 CAPABILITY and nothing else. Any ideas? Gash
Re: ./configure error revisited.
No, that would happen if I'd suggested the opposite. Scott On Thu, 5 Apr 2001, GOMBAS Gabor wrote: On Thu, Apr 05, 2001 at 01:56:01AM -0700, Scott Smith wrote: symlink your (real) libdb.so and libdb.a to libdb-3.so and libdb-3.a ... if you want to break every software that was linked with db2... Gabor -- Gabor Gombas Eotvos Lorand University E-mail: [EMAIL PROTECTED]Hungary
Re: Does cyrus support SSL ?
There is a document in docs called install-configure.html Look at the very bottom, section ``SSL, TLS, and OpenSSL'' Scott On Fri, 6 Apr 2001, sandro ferrand wrote: Hello In the cyrus.conf, we have a service for imaps and pop3s. Does cyrus SSL in a native way ? I configure my outlook and it doesn't work. How to use SSL ? best regards
Re: Compilation probs:- ldb-3
In my experience, if your berkeley DB3 libraries are named `libdb-3.X' then you won't have any problems with this, if they're `libdb3.X' then it might find them but still uses -ldb (something like that, it was the only way I could get cyrus to build without manually editing the Makefiles). Scott On Thu, 5 Apr 2001, GOMBAS Gabor wrote: On Wed, Apr 04, 2001 at 11:20:18PM +0200, Olaf Zaplinski wrote: For me, the only way to make it work is to get a distro with 'built in' db3 (SuSE 7.1). Reason: even if you get all db3 stuff installed and configure accepts it (yup, that's what I did on a Debian box), the binary will be linked with db2 = segfaults. And of course you cannot just deinstall db2... I got curious and tried to build cyrus-imapd-2.0.12 on a Debian/Woody box (DB3 built from sources), and could not find a single binary that got linked with DB2. Something is really broken on your system. My first guess would be you forgot to rebuild Cyrus-SASL with DB3... Gabor -- Gabor Gombas Eotvos Lorand University E-mail: [EMAIL PROTECTED]Hungary
Re: WEBSIEVE
Check your web server logs. On Tue, 3 Apr 2001, Patrick Lin wrote: hello someone have any luck run Websieve stuff : http://24.112.168.35/websieve/ me i try to install Websieve 0.48 and i have the login page i enter username /password , on the log i can see auth success on timsieve then nothing happend if i put a wrong password , on the log i can see auth failure but nothing happen still running any help patrick -- __( / | | / \ | This message is transmitted by | \ \ | 100 % recycled electrons |___\ / |__( /__)
Re: Current CVS doesn't compile, can't find sasl.h in perl section...
Did you --with-sasl=/usr/local ??
2.0.12 does the same for me without that option.
Scott
On Mon, 2 Apr 2001, The Hermit Hacker wrote:
/usr/bin/perl -I/usr/libdata/perl/5.00503/mach -I/usr/libdata/perl/5.00503
/usr/libdata/perl/5.00503/ExtUtils/xsubpp -typemap
/usr/libdata/perl/5.00503/ExtUtils/typemap -typemap typemap IMAP.xs xstmp.c mv
xstmp.c IMAP.c
cc -c -I../../lib -DVERSION=\"1.00\" -DXS_VERSION=\"1.00\" -DPIC -fpic
-I/usr/libdata/perl/5.00503/mach/CORE -DPERL_POLLUTE IMAP.c
In file included from IMAP.xs:51:
../../lib/imclient.h:56: sasl.h: No such file or directory
gmake[2]: *** [IMAP.o] Error 1
gmake[2]: Leaving directory `/usr/local/src/cyrus/perl/imap'
gmake[1]: *** [all] Error 1
gmake[1]: Leaving directory `/usr/local/src/cyrus/perl'
gmake: *** [all] Error 1
mail1# locate sasl.h
/usr/local/include/sasl.h
Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy
Systems Administrator @ hub.org
primary: [EMAIL PROTECTED] secondary: scrappy@{freebsd|postgresql}.org
Re: Importing messages from mbox, but keeping all status information?
The iggest problem I had with mbxcvt was that it kept dying when it found "non-ascii characters", right around message number 8000 in a 8500 message mailbox... Scott On Fri, 30 Mar 2001, richard offer wrote: * $ from [EMAIL PROTECTED] at "30-Mar: 3:25pm" | sed "1,$s/^/* /" * * * I seriously suggest you give a second thought to using mbxcvt. It's not * very robust, and it's not that scalable. * * Try this: * * http://www.oreilly.com/catalog/mimap/chapter/ch09.html * I had tried the batch-method from that chapter, and it worked, but it lost the status of the messages. Scalbility (#users) isn't my main concern, its just for me (at present), but I do have a fair number of messages. richard. --- Richard Offer Technical Lead, Trust Technology. "Specialization is for insects" __http://reality.sgi.com/offer/
RE: How I got Cyrus 2.0.12 up on RedHat 7.0
What is your pwcheck method in /etc/imapd.conf ? Scott -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Sunday, March 25, 2001 9:16 AM To: Tarjei Huse Cc: [EMAIL PROTECTED]; Jim Hardwick Subject: RE: How I got Cyrus 2.0.12 up on RedHat 7.0 hi, Everything works with the exception that in /etc/sasldb using saslpasswd -c -u realm username creates the rows in /etc/sasldb it appears. (Athough i can't verify that the password info is correct from the sasldb) But when i attempt to authenticate to test it tells me authentication failed. Yes.. i know that;-)) But this is with a .. AUTH PLAIN mybase64ed-username/0username/0passwd-inserted-here Thing is that it does indicate first off that the server is ready for both PLAIN,DIGEST-MD5,CRAM-MD5 Anyone know where the error was made? TIA On 21-Mar-2001 Tarjei Huse wrote: DANG! I forgot the beer! That was it, now i get it ,D Seriously, thank you, and also thank you to Mr. Hetzel for his patch. I've mailed this to the howto maintainters of the cyrus howto and the exchange-killer howto. Now, on with the show Tarjei -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jim Hardwick Sent: 21. mars 2001 10:49 To: info-cyrus Subject: How I got Cyrus 2.0.12 up on RedHat 7.0 The box is a RedHat 7.0 Server install running kernel 2.2.18. I've got sasl (CRAM, DIGEST, and PLAIN), login, and ssl working. I haven't tested sieve yet. I'm not using any other auth methods, so this won't be much help if you want to use shadow passwords or Kerberos. There may be steps here that are not required, but hey, they worked so I'm not complaining. Yet. YMMV, but here are the steps that finally worked for me. 1) Drink a beer (restores inner peace after innumerable failed attempts) 2) Install (or upgrade to) the following rpms: db3-3.1.17-5 db3-devel-3.1.17-5 3) Build cyrus-sasl-1.5.24 as follows: ./configure --disable-krb4 --disable-gssapi make (drink a beer) make install 4) If you have an rpm of sasl installed already like I did, move the following files to a backup location: /usr/sbin/sasldblistusers /usr/sbin/saslpasswd /usr/lib/sasl/* /usr/lib/libsasl* 5) Link the new files to the old locations: ln -s /usr/local/sbin/saslbdlistusers /usr/sbin/sasldblistusers ln -s /usr/local/sbin/saslpasswd /usr/sbin/saslpasswd ln -s /usr/local/lib/libsasl* /usr/lib/libsasl* ln -s /usr/local/lib/sasl/ /usr/lib/sasl/ 6) Set up some links for the imapd build ln -s /usr/local/share/bison.simple /usr/lib/bison.simple ln -s /usr/include/et/com_err.h /usr/include/com_err.h 7) Build cyrus-imapd-2.0.12 as follows: ./configure --prefix=/usr --with-auth=unix --with-sasl=/usr/lib/sasl make depend (drink another beer) make all CFLAGS=-O (drink another beer) make install 8) Follow the rest of the instructions in the docs for installing and configuring cyrus. (Creating the cyrus user, imapd.conf, cyrus.conf, etc.) Cheers Jim -- E-Mail: [EMAIL PROTECTED] Date: 25-Mar-2001 Time: 10:11:47 Open Source Opens Minds. - DREAMWVR.COM
Re: Security of Cyrus IMAPd vs UofW IMAPd ...
not that i'm advocating sendmail, but.. you can at least *somewhat* chroot sendmail. Postfix was written bye Weitse Venema, who also wrote tcpd and SATAN (with Dan Farmer) Maybe that's not good enough for some people, I guess.. but Postfix is definitely stable and not such an `unknown'. And you can chroot it, too! :) Cyrus should work with any MTA that can use procmail as its local delivery agent, thought I guess you have to be pretty careful with that. Scott On Wed, 14 Mar 2001, John Hughes wrote: Rob Tanner [EMAIL PROTECTED] writes: [ re cyrus vs UW imap security ] The big issue, however, is sendmail. And ny effort to hack through your mail system via your email system (i.e., through port 25) goes through sendmail before Cyrus ever sees it, and most of those attacks are designed to get sendmail to execute some program with its root privileges. Since all the mailboxes are owned by the Cyrus user, what would be more secure of a system that just does mail delivery woulkd be a hack to sendmail so that once it attaches to port 25 it drops root and runs as the Cyrus user. Show me a hack like that, and Cyrus wins hands down (or two thumbs up) So dump sendmail. And your sendmail replacement shouldn't run as user cyrus; it doesn't need to access the mailboxes directly, that's what LMTP is for. AFAIK postfix works with cyrus, maybe qmail also.
Re: Security of Cyrus IMAPd vs UofW IMAPd ...
oh yeah, there's also cyrus murder (how well does it work now?) Scott On Wed, 14 Mar 2001, Bitt Faulk wrote: Well, there are two CERT advisories about older versions of UoW: http://search.cert.org/query.html?rq=0col=certadvht=0qp=qt=imapqs=qc=pw=100%25ws=1la=qm=0st=1nh=25lk=1rf=2oq=rq=0si=1 and none about Cyrus. Not to mention that you don't need user accounts for every mail user on the machine hosting the mail. -Bitt
