Re: Re: sql authentication
Am Mittwoch, den 26.01.2011, 09:56 +0100 schrieb Simon Matter: Hi, I could be wrong but I think cyrus doesn't handle this case the way you want it. I think the @domain.com part will be stripped as configured but you end up with name.lastname, which will also be used as mailbox name. Actually, if you use saslauthd, you can use the -r flag, then its possible to authenticate against the email-address instead of just the username part. You will also want to check that the mta calls cyrdeliver in a similiar fashion, e.g. /usr/sbin/cyrdeliver -e -m ${extension} ${user}@ ${domain} in postfix. Creating the mailbox is simple, e.g sending a . create user/first.l...@domain.tld via imap (using unix hierachy seperators, obviously). Syren +++ Niederlassung Deutschland: BIT-HOUSE Ltd. internet professionals Erthalstr. 17 63739 Aschaffenburg Deutschland Amtsgericht:Aschaffenburg HRB-Nr.:9136 St/Nr.: 204/104/60603 USt-Id-Nr.: DE814408164 Gechäftsführer: Thomas Witzel +++ Telefon:+49.6021.8622-680 VoIP: +49.6021.8622-680 Fax:+49.6021.8622-676 E-Mail: m...@bit-house.com Homepage: www.bit-house.com +++ Hauptsitz: BIT-HOUSE Ltd. 69 Great Hampton Street Birmingham West Midlands United Kingdom Registergericht: Companies House of Cardiff Registernummer: 05325636 Registereintrag: United Kingdom Director: Thomas Witzel +++ attachment: winmail.dat Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Re: Re: sql authentication
Am Mittwoch, den 26.01.2011, 11:10 +0100 schrieb Gabriele Bulfon: Thanks, another interesting option. How would I let it query my postgres db? And what if the password in the db is encrypted with SHA or DES? Well, i did not use postgres, but if you use pam as the sasl backend you might want to check libpam-pgsql. Syren -- Da: Syren Baran s...@bit-house.com A: simon.mat...@invoca.ch Cc: gbul...@sonicle.com info-cyrus@lists.andrew.cmu.edu Data: 26 gennaio 2011 10.59.45 CET Oggetto: Re: Re: sql authentication Am Mittwoch, den 26.01.2011, 09:56 +0100 schrieb Simon Matter: Hi, I could be wrong but I think cyrus doesn't handle this case the way you want it. I think the @domain.com part will be stripped as configured but you end up with name.lastname, which will also be used as mailbox name. Actually, if you use saslauthd, you can use the -r flag, then its possible to authenticate against the email-address instead of just the username part. You will also want to check that the mta calls cyrdeliver in a similiar fashion, e.g. /usr/sbin/cyrdeliver -e -m ${extension} ${user}@ ${domain} in postfix. Creating the mailbox is simple, e.g sending a . create user/first.l...@domain.tld via imap (using unix hierachy seperators, obviously). Syren +++ Niederlassung Deutschland: BIT-HOUSE Ltd. internet professionals Erthalstr. 17 63739 Aschaffenburg Deutschland Amtsgericht: Aschaffenburg HRB-Nr.: 9136 St/Nr.: 204/104/60603 USt-Id-Nr.: DE814408164 Gechäftsführer: Thomas Witzel +++ Telefon: +49.6021.8622-680 VoIP: +49.6021.8622-680 Fax: +49.6021.8622-676 E-Mail: m...@bit-house.com Homepage: www.bit-house.com +++ Hauptsitz: BIT-HOUSE Ltd. 69 Great Hampton Street Birmingham West Midlands United Kingdom Registergericht: Companies House of Cardiff Registernummer: 05325636 Registereintrag: United Kingdom Director: Thomas Witzel +++ winmail.dat +++ Niederlassung Deutschland: BIT-HOUSE Ltd. internet professionals Erthalstr. 17 63739 Aschaffenburg Deutschland Amtsgericht:Aschaffenburg HRB-Nr.:9136 St/Nr.: 204/104/60603 USt-Id-Nr.: DE814408164 Gechäftsführer: Thomas Witzel +++ Telefon:+49.6021.8622-680 VoIP: +49.6021.8622-680 Fax:+49.6021.8622-676 E-Mail: m...@bit-house.com Homepage: www.bit-house.com +++ Hauptsitz: BIT-HOUSE Ltd. 69 Great Hampton Street Birmingham West Midlands United Kingdom Registergericht: Companies House of Cardiff Registernummer: 05325636 Registereintrag: United Kingdom Director: Thomas Witzel +++ attachment: winmail.dat Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Re: competition
Am Dienstag, den 21.09.2010, 11:48 +0200 schrieb André Schild: Am 21.09.2010 11:35, schrieb Simon Matter: I don't know, where this bad karma is coming from - I'm still happy with I guess it's simply because for many years there were no clean packages for the most used operating systems. Debian is still stuck on 2.2 and there seems to be no progress in that area. Most people like to use versions from repositories. For obvious reasons. Might make sense for cyrus to host their own repository. If it's just a simple entry in sources.list(.d) more people would use the recent version. Greetings, Syren Baran +++ Niederlassung Deutschland: BIT-HOUSE Ltd. internet professionals Erthalstr. 17 63739 Aschaffenburg Deutschland Amtsgericht:Aschaffenburg HRB-Nr.:9136 St/Nr.: 204/104/60603 USt-Id-Nr.: DE814408164 Gechäftsführer: Thomas Witzel +++ Telefon:+49.6021.8622-680 VoIP: +49.6021.8622-680 Fax:+49.6021.8622-676 E-Mail: m...@bit-house.com Homepage: www.bit-house.com +++ Hauptsitz: BIT-HOUSE Ltd. 69 Great Hampton Street Birmingham West Midlands United Kingdom Registergericht: Companies House of Cardiff Registernummer: 05325636 Registereintrag: United Kingdom Director: Thomas Witzel +++ attachment: winmail.dat Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Re: Moving folders across backends
Am Donnerstag, den 05.08.2010, 15:21 +0100 schrieb Simon Beale: Having spent some time reading the 2.3.16 source code, and poking at the frontend with gdb, I'm not convinced that the code currently supports what I'm attempting. It looks like it may have been the original intention to be possible in imapd.c/cmd_rename, but I don't think it is actually possible. Had a look as well. Xfer only seems to get triggered when when using .tag rename old new destination and old and new match. If both folders reside on the same box (same imapd, just different partitions) a .tag rename old new partitionname should work. Is this actually a bug, for which I'll go look at writing a bugzilla entry and patch, or am I overlooking something? Yes, you are overlooking something (though feel free to write a patch anyway ;) ). The Imap protocol was specified by an insane monkey on lsd using multiple addresses from around the world and laughing his ass of every time someone tries to understand this protocol. E.g. from RFC 4466 quote 2.3. Extended RENAME Command Arguments: existing mailbox name new mailbox name OPTIONAL list of RENAME parameters . No RENAME parameters are defined in this document. . /quote Great, optional parameters. Just send something... might do something ... Cheers Simon Greetings, Syren +++ Niederlassung Deutschland: BIT-HOUSE Ltd. internet professionals Erthalstr. 17 63739 Aschaffenburg Deutschland Amtsgericht:Aschaffenburg HRB-Nr.:9136 St/Nr.: 204/104/60603 USt-Id-Nr.: DE814408164 Gechäftsführer: Thomas Witzel +++ Telefon:+49.6021.8622-680 VoIP: +49.6021.8622-680 Fax:+49.6021.8622-676 E-Mail: m...@bit-house.com Homepage: www.bit-house.com +++ Hauptsitz: BIT-HOUSE Ltd. 69 Great Hampton Street Birmingham West Midlands United Kingdom Registergericht: Companies House of Cardiff Registernummer: 05325636 Registereintrag: United Kingdom Director: Thomas Witzel +++ attachment: winmail.dat Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Re: Moving folders across backends
Am Mittwoch, den 04.08.2010, 10:22 +0100 schrieb Simon Beale: Looking at the IMAP traffic, the client is doing: . RENAME user.test.subfolder INBOX.Trash.subfolder . NO Permission denied What permissions do you have on those folders? Try a getacl first, might be something simple. +++ Niederlassung Deutschland: BIT-HOUSE Ltd. internet professionals Erthalstr. 17 63739 Aschaffenburg Deutschland Amtsgericht:Aschaffenburg HRB-Nr.:9136 St/Nr.: 204/104/60603 USt-Id-Nr.: DE814408164 Gechäftsführer: Thomas Witzel +++ Telefon:+49.6021.8622-680 VoIP: +49.6021.8622-680 Fax:+49.6021.8622-676 E-Mail: m...@bit-house.com Homepage: www.bit-house.com +++ Hauptsitz: BIT-HOUSE Ltd. 69 Great Hampton Street Birmingham West Midlands United Kingdom Registergericht: Companies House of Cardiff Registernummer: 05325636 Registereintrag: United Kingdom Director: Thomas Witzel +++ attachment: winmail.dat Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Re: Re: Moving folders across backends
Am Mittwoch, den 04.08.2010, 10:46 +0100 schrieb Simon Beale: Yeah, I'd wondered that at first, but I don't believe so. Below is an IMAP traffic session (run as user simon), user.test is on backend1, INBOX and user.test2 are on backend2. Ok, no problem with the permissions. Does copy work? If so just create folder on backend2, copy all messages from backend1 and (on success) delete original folder. +++ Niederlassung Deutschland: BIT-HOUSE Ltd. internet professionals Erthalstr. 17 63739 Aschaffenburg Deutschland Amtsgericht:Aschaffenburg HRB-Nr.:9136 St/Nr.: 204/104/60603 USt-Id-Nr.: DE814408164 Gechäftsführer: Thomas Witzel +++ Telefon:+49.6021.8622-680 VoIP: +49.6021.8622-680 Fax:+49.6021.8622-676 E-Mail: m...@bit-house.com Homepage: www.bit-house.com +++ Hauptsitz: BIT-HOUSE Ltd. 69 Great Hampton Street Birmingham West Midlands United Kingdom Registergericht: Companies House of Cardiff Registernummer: 05325636 Registereintrag: United Kingdom Director: Thomas Witzel +++ attachment: winmail.dat Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Re: Re: Re: Moving folders across backends
Am Mittwoch, den 04.08.2010, 11:08 +0100 schrieb Simon Beale: While that would work, and it's something that I could do for myself, it doesn't help when I roll out shared folders to all our users, and they start using the Outlook/Thunderbird normal delete mechanism, which is why I need RENAME to work. You might try checking http://cyrusimap.web.cmu.edu/ag.html quote [RENAME] RENAME is only interesting in the cross-server case. In this case it issues a (non-standard) XFER command to the backend that currently hosts the mailbox, which performs a binary transfer of the mailbox (and in the case of a user's inbox, their associated seen state and subscription list) to the new backend. During this time the mailbox is marked as RESERVED in mupdate, and when it is complete it is activated on the new server in MUPDATE. The deactivation prevents clients from accessing the mailbox, and causes mail delivery to temporarily fail. /quote +++ Niederlassung Deutschland: BIT-HOUSE Ltd. internet professionals Erthalstr. 17 63739 Aschaffenburg Deutschland Amtsgericht:Aschaffenburg HRB-Nr.:9136 St/Nr.: 204/104/60603 USt-Id-Nr.: DE814408164 Gechäftsführer: Thomas Witzel +++ Telefon:+49.6021.8622-680 VoIP: +49.6021.8622-680 Fax:+49.6021.8622-676 E-Mail: m...@bit-house.com Homepage: www.bit-house.com +++ Hauptsitz: BIT-HOUSE Ltd. 69 Great Hampton Street Birmingham West Midlands United Kingdom Registergericht: Companies House of Cardiff Registernummer: 05325636 Registereintrag: United Kingdom Director: Thomas Witzel +++ attachment: winmail.dat Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Re: IMAPS with extra authorization.
Am Samstag, den 24.07.2010, 00:43 -0500 schrieb Dan White: Would be a nice and clean solution to set the service name for imapd -s to imaps and just use a second pam file for that service. The service name that gets passed to saslauthd is taken from the sasl_server_init call inside the individual servers. So it's always 'imap' for all services started by imapd, and 'pop3' for all pop3d services. I don't think it would be possible without a modification to the sasl code. Hmm, just had a quick look at the code and didnt test it since we are using the version from the repos. Shouldnt this be sufficient? ---imapd.diff--- 123a124 static char* servicename=imap; 676c677 while ((opt = getopt(argc, argv, sp:N)) != EOF) { --- while ((opt = getopt(argc, argv, sp:NS:)) != EOF) { 692a694,696 case 'S': /*set service name, needs pam file with same name*/ servicename=malloc(strlen(optarg)+1); strcpy(servicename,optarg); 783c787 if (sasl_server_new(imap, config_servername, --- if (sasl_server_new(servicename, config_servername, ---imapd.dif--- Didnt do a free on the pointer, should be cleared anyway after the fork exits. But as i said, i just had a quick look at the code. -- Dan White Greetings, Syren Baran +++ Niederlassung Deutschland: BIT-HOUSE Ltd. internet professionals Erthalstr. 17 63739 Aschaffenburg Deutschland Amtsgericht:Aschaffenburg HRB-Nr.:9136 St/Nr.: 204/104/60603 USt-Id-Nr.: DE814408164 Gechäftsführer: Thomas Witzel +++ Telefon:+49.6021.8622-680 VoIP: +49.6021.8622-680 Fax:+49.6021.8622-676 E-Mail: m...@bit-house.com Homepage: www.bit-house.com +++ Hauptsitz: BIT-HOUSE Ltd. 69 Great Hampton Street Birmingham West Midlands United Kingdom Registergericht: Companies House of Cardiff Registernummer: 05325636 Registereintrag: United Kingdom Director: Thomas Witzel +++ attachment: winmail.dat Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Re: IMAPS with extra authorization.
Am Montag, den 26.07.2010, 08:27 -0500 schrieb Dan White: But as i said, i just had a quick look at the code. I think you'll cause some issues with changing the SASL service name, since things like the kerberos principal that's used, and the sasl config file name are influenced by it. Not necessarily a bad thing. Would allow testing of a new configuration on a live system by just using a different port. Aside from that, linking /etc/imapd.conf to /etc/${othername}d.conf is easy. Can't speak about kerberos though, no practical experience with that yet. Another approach would be to introduce a sasl parameter, like pwcheck_service_name that could be set that only influences the service name as it gets passed to saslauthd or authdaemon, rather than changing it in the sasl_server_new call. Sounds interesting. As much as i like reading well written code i havent got the spare time to go through all the sources right now. -- Dan White Greetings, Syren Baran +++ Niederlassung Deutschland: BIT-HOUSE Ltd. internet professionals Erthalstr. 17 63739 Aschaffenburg Deutschland Amtsgericht:Aschaffenburg HRB-Nr.:9136 St/Nr.: 204/104/60603 USt-Id-Nr.: DE814408164 Gechäftsführer: Thomas Witzel +++ Telefon:+49.6021.8622-680 VoIP: +49.6021.8622-680 Fax:+49.6021.8622-676 E-Mail: m...@bit-house.com Homepage: www.bit-house.com +++ Hauptsitz: BIT-HOUSE Ltd. 69 Great Hampton Street Birmingham West Midlands United Kingdom Registergericht: Companies House of Cardiff Registernummer: 05325636 Registereintrag: United Kingdom Director: Thomas Witzel +++ attachment: winmail.dat Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Re: Re: IMAPS with extra authorization.
Am Mittwoch, den 21.07.2010, 21:07 +0200 schrieb Josef Karliak: Hi, thanks for tip. I've rebuilded pwdfile from src and installed it. File /etc/pam.d/imap is : I just use the following entries: #dont need account account required pam_permit.so #check username/passwd authsufficient pam_pwdfile.so pwdfile /etc/email.passwd #fallback to system accounts (for user cyrus) auth required pam_unix.so After creating a user/pass with htpasswd -c -b /path/to/file newuser pass does testsaslauthd -u newuser -p pass -s imap return success? Greetings, Syren Baran +++ Niederlassung Deutschland: BIT-HOUSE Ltd. internet professionals Erthalstr. 17 63739 Aschaffenburg Deutschland Amtsgericht:Aschaffenburg HRB-Nr.:9136 St/Nr.: 204/104/60603 USt-Id-Nr.: DE814408164 Gechäftsführer: Thomas Witzel +++ Telefon:+49.6021.8622-680 VoIP: +49.6021.8622-680 Fax:+49.6021.8622-676 E-Mail: m...@bit-house.com Homepage: www.bit-house.com +++ Hauptsitz: BIT-HOUSE Ltd. 69 Great Hampton Street Birmingham West Midlands United Kingdom Registergericht: Companies House of Cardiff Registernummer: 05325636 Registereintrag: United Kingdom Director: Thomas Witzel +++ attachment: winmail.dat Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Re: IMAPS with extra authorization.
Am Mittwoch, den 21.07.2010, 09:47 +0200 schrieb Josef Karliak: Hi everybody, we need to use another acounts (from extra file) for authorization for IMAPS (from outside of company). IMAP stays authorized over saslauthd (pam). How to solve this ? I'm out of the ideas :-/. Try libpam-pwdfile. Using this here on a debian box. Does exactly what you want ;) Just add a line like authsufficient pam_pwdfile.so pwdfile /path/to/file to /etc/pam.d/imap The file can be created simply enough (e.g. htpasswd). Nearly forgot one thing, took me a while to figure this out. You will also need to add following line to /etc/pam.d/imap: account required pam_permit.so You will need this since the remote users dont have a local account, so ignore that check and only check for a valid username/password. Greetings, Syren Baran +++ Niederlassung Deutschland: BIT-HOUSE Ltd. internet professionals Erthalstr. 17 63739 Aschaffenburg Deutschland Amtsgericht:Aschaffenburg HRB-Nr.:9136 St/Nr.: 204/104/60603 USt-Id-Nr.: DE814408164 Gechäftsführer: Thomas Witzel +++ Telefon:+49.6021.8622-680 VoIP: +49.6021.8622-680 Fax:+49.6021.8622-676 E-Mail: m...@bit-house.com Homepage: www.bit-house.com +++ Hauptsitz: BIT-HOUSE Ltd. 69 Great Hampton Street Birmingham West Midlands United Kingdom Registergericht: Companies House of Cardiff Registernummer: 05325636 Registereintrag: United Kingdom Director: Thomas Witzel +++ attachment: winmail.dat Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cross-Domain-Mailboxes
Hi, i am experiencing a weird behavior connecting to the imap server directly via telnet. If logged in as a user the command . list INBOX.% only returns the subfolders of INBOX, wheres being logged in as the cyrus user and issuing the command . list domain.tld %user.name.% returns the not only the subfolders, but also the user.n...@domain.tld box as well ( e.g. * LIST (\HasChildren) . user.n...@domain.tld ) Is there a simple solution around this problem or do i have ignore this entry when parsing the results? Thanks, Syren Baran PS: As a side note '. list domain.tld %user.name' is the same as '. list domain.tld%user.name, but i have no idea which character(s) the '%' is matching, wasnt the '@' or any characters i tried. Is it preferable to use the real delimiter character instead of '%'? If so, what is that character? +++ Niederlassung Deutschland: BIT-HOUSE Ltd. internet professionals Erthalstr. 17 63739 Aschaffenburg Deutschland Amtsgericht:Aschaffenburg HRB-Nr.:9136 St/Nr.: 204/104/60603 USt-Id-Nr.: DE814408164 Gechäftsführer: Thomas Witzel +++ Telefon:+49.6021.8622-680 VoIP: +49.6021.8622-680 Fax:+49.6021.8622-676 E-Mail: m...@bit-house.com Homepage: www.bit-house.com +++ Hauptsitz: BIT-HOUSE Ltd. 69 Great Hampton Street Birmingham West Midlands United Kingdom Registergericht: Companies House of Cardiff Registernummer: 05325636 Registereintrag: United Kingdom Director: Thomas Witzel +++ attachment: winmail.dat Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html