Re: Sieve Authentication
Antonio, The sieve protocol is defined in RFC 3028. 'sivtest' should be easier than telnet though. However, as mentioned in the documentation, you'll probably want to use sieveshell to manipulate scripts. - Dan Antonio Talarico wrote: Thanks now i can authenticate with sieve, But i have another problem. How is the syntax to place a script on the server once authenticated by telnet? Thanks for the help 2008/10/10 Dan White [EMAIL PROTECTED]: Antonio Talarico wrote: Hi Which file contains the configuration for users who can authenticate. How can enable a user to log in and add script. Thank you Antonio, Authentication is handled by the Cyrus SASL library as configured in your imapd.conf (the lines beginning with sasl_). Documentation can be found in the man page for imapd.conf, /doc/install-auth.html located within the cyrus-imapd source, and the /doc/ subdirectory located within the cyrus-sasl source. - Dan Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve Authentication
Antonio Talarico wrote: Hi Which file contains the configuration for users who can authenticate. How can enable a user to log in and add script. Thank you Antonio, Authentication is handled by the Cyrus SASL library as configured in your imapd.conf (the lines beginning with sasl_). Documentation can be found in the man page for imapd.conf, /doc/install-auth.html located within the cyrus-imapd source, and the /doc/ subdirectory located within the cyrus-sasl source. - Dan Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sieve authentication
Am Thursday 14 September 2006 22:18 schrieb Mike Husmann:
Show your configuration imapd.conf, cyrus.conf. Hmm, maybe
hosts.allow/hosts.deny, too.
imapd.conf
# server conf
servername: rusty.morningside.edu
umask: 077
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
# singleinstancestore: yes
username_to_lower: yes
lmtp_downcase_rcpt: yes
lmtp_over_quota_perm_failure: yes
altnamespace: yes
# user conf
postmaster: postmaster
admins: cyrus cyrusadm
# directory and file locations
configdirectory: /var/spool/cyrus-imap
partition-default: /var/spool/cyrus-imap
sievedir: /var/spool/cyrus-imap/sieve
sendmail: /usr/sbin/sendmail
# authentication
allowanonymouslogin: no
allowplaintext: yes
sasl_mech_list: plain
sasl_minimum_layer: 0
sasl_pwcheck_method: saslauthd
# new user automated creates
autocreate_sieve_script: /var/spool/cyrus-imap/sieve/phpscript
autocreate_sieve_compiledscript: /var/spool/cyrus-imap/sieve/phpscript.bc
generate_compiled_sieve_script: yes
sieve_maxscriptsize: 64
sieve_maxscripts: 50
autocreateinboxfolders: Spam
autosubscribeinboxfolders: Spam
autocreatequota: 51200
createonpost: yes
# security certificate information
tls_cert_file: /etc/ssl/certs/imap.morningside.edu.crt
tls_key_file: /etc/ssl/certs/imap.morningside.edu.key
tls_ca_file: /etc/ssl/certs/imap.morningside.edu.ca-bundle
---
cyrus.conf
---
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd=ctl_cyrusdb -r
# this is only necessary if using idled for IMAP IDLE
# idledcmd=idled
}
# UNIX sockets start with a slash and are put into
/var/spool/cyrus-imap/socket SERVICES {
# add or remove based on preferences
imap cmd=imapd listen=imap prefork=0
imaps cmd=imapd -s listen=imaps prefork=0
pop3 cmd=pop3d listen=pop3 prefork=0
pop3s cmd=pop3d -s listen=pop3s prefork=0
sieve cmd=timsieved listen=sieve prefork=0
# at least one LMTP is required for delivery
# lmtp cmd=lmtpd listen=lmtp prefork=0
lmtpunix cmd=lmtpd listen=/var/spool/cyrus-imap/socket/lmtp
prefork=0
# this is only necessary if using notifications
# notify cmd=notifyd listen=/var/spool/cyrus-imap/socket/notify
proto=udp prefork=1
}
EVENTS {
# this is required
checkpointcmd=ctl_cyrusdb -c period=15
# this is only necessary if using duplicate delivery suppression
delprune cmd=ctl_deliver -E 3 at=0400
# this is only necessary if caching TLS sessions
tlsprune cmd=tls_prune at=0400
}
---
hosts.allow and hosts.deny are both empty.
---
Hmm, I don't see a reason, why sieve-logins from a Remote-Machine can fail.
Except for the Remote-Machine(s) itself. You have the Server configured to
offer PLAIN to the Clients. Check if the Clients have the Cyrus-SASL
Mechanism PLAIN (libplain.*) installed.
If PLAIN is installed, the next step would be to use a network-sniffer and
look for the Dialog between Server and Client.
--
Andreas
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sieve authentication
Hmm, I don't see a reason, why sieve-logins from a Remote-Machine can fail. Except for the Remote-Machine(s) itself. You have the Server configured to offer PLAIN to the Clients. Check if the Clients have the Cyrus-SASL Mechanism PLAIN (libplain.*) installed. If PLAIN is installed, the next step would be to use a network-sniffer and look for the Dialog between Server and Client. This is where things get weird.. If I do a sivtest from a remote machine, here is the result: --- sivtest -a bebo -u bebo imap.morningside.edu S: IMPLEMENTATION Cyrus timsieved v2.2.12 S: SASL PLAIN S: SIEVE fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex S: STARTTLS S: OK Authentication failed. no mechanism available Security strength factor: 0 C: LOGOUT Connection closed. --- On the local machine, this works fine, and prompts for a password. But from what I'm seeing here, it's dropping the connection because it doesn't think there are any auth mechs available...? sieveshell has a similar result: --- \sieveshell -a bebo -u bebo imap.morningside.edu connecting to imap.morningside.edu unable to connect to server at /usr/bin/sieveshell line 169. --- This is different from the others that include a line about STDIN (password). Once again, the server drops the connection before it has a chance to authenticate. My /etc/pam.d/sieve looks like: #%PAM-1.0 auth required pam_nologin.so auth sufficient pam_ldap.so auth required pam_pwdb.so shadow nodelay accountrequired pam_pwdb.so sessionrequired pam_pwdb.so And the strangest part of this whole deal is that it has worked flawlessly, as it is set up now, since April. Mike Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sieve authentication
Except for the Remote-Machine(s) itself. You have the Server configured to offer PLAIN to the Clients. Check if the Clients have the Cyrus-SASL Mechanism PLAIN (libplain.*) installed. That's the ticket.. I installed the extra library on my test system and found that indeed network auth had never been broken! A simple upgrade of my squirrelmail plugin made it compatible with the php upgrade that had just happned a couple days ago. I'm off and running again. Thanks so much, Mike -- Andreas Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sieve authentication
Am Thursday 14 September 2006 20:25 schrieb Mike Husmann: I'm running cyrus-imap v2.2.12 on a Trustix Linux box with saslauthd configured to look to Active Directory via LDAP. It's worked great since we put it up in April. However, this morning, timsieved quit working out of the blue. The avelsieve squirrelmail plugin no longer would authenticate. Here's what I get from sivtest if I connect from any remote machine: sivtest -a husmann -u husmann imap -v S: IMPLEMENTATION Cyrus timsieved v2.2.12 S: SASL PLAIN S: SIEVE fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex S: STARTTLS S: OK Authentication failed. no mechanism available Security strength factor: 0 C: LOGOUT Connection closed. However, if I connect on localhost, everything (sivtest and sieveshell) work great. I have confirmed that cyrus-master is listening on port 2000: netstat -tulpen | grep 2000 tcp0 0 0.0.0.0:20000.0.0.0:* LISTEN 0 814437418188/cyrus-master tcp0 0 :::2000 :::*LISTEN 0 814437218188/cyrus-master Which explains why I can telnet in, etc... To my knowledge, nothing has changed, so I'm puzzled as to why it would stop working all of a sudden. When I try to use sieveshell to log in, I get this in /var/log/imapd/debug: It doesn't matter whether I log in from localhost or remote, in this case. Sep 14 11:36:06 rusty master[22152]: about to exec /usr/lib/cyrus-imapd/bin/timsieved Sep 14 11:36:06 rusty sieve[22152]: executed Sep 14 11:36:06 rusty sieve[22152]: accepted connection Restarting cyrus doesn't help, and I'm not running any firewall rules with iptables... Show your configuration imapd.conf, cyrus.conf. Hmm, maybe hosts.allow/hosts.deny, too. -- Andreas Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sieve authentication
Show your configuration imapd.conf, cyrus.conf. Hmm, maybe
hosts.allow/hosts.deny, too.
imapd.conf
# server conf
servername: rusty.morningside.edu
umask: 077
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
# singleinstancestore: yes
username_to_lower: yes
lmtp_downcase_rcpt: yes
lmtp_over_quota_perm_failure: yes
altnamespace: yes
# user conf
postmaster: postmaster
admins: cyrus cyrusadm
# directory and file locations
configdirectory: /var/spool/cyrus-imap
partition-default: /var/spool/cyrus-imap
sievedir: /var/spool/cyrus-imap/sieve
sendmail: /usr/sbin/sendmail
# authentication
allowanonymouslogin: no
allowplaintext: yes
sasl_mech_list: plain
sasl_minimum_layer: 0
sasl_pwcheck_method: saslauthd
# new user automated creates
autocreate_sieve_script: /var/spool/cyrus-imap/sieve/phpscript
autocreate_sieve_compiledscript: /var/spool/cyrus-imap/sieve/phpscript.bc
generate_compiled_sieve_script: yes
sieve_maxscriptsize: 64
sieve_maxscripts: 50
autocreateinboxfolders: Spam
autosubscribeinboxfolders: Spam
autocreatequota: 51200
createonpost: yes
# security certificate information
tls_cert_file: /etc/ssl/certs/imap.morningside.edu.crt
tls_key_file: /etc/ssl/certs/imap.morningside.edu.key
tls_ca_file: /etc/ssl/certs/imap.morningside.edu.ca-bundle
---
cyrus.conf
---
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd=ctl_cyrusdb -r
# this is only necessary if using idled for IMAP IDLE
# idledcmd=idled
}
# UNIX sockets start with a slash and are put into /var/spool/cyrus-imap/socket
SERVICES {
# add or remove based on preferences
imap cmd=imapd listen=imap prefork=0
imaps cmd=imapd -s listen=imaps prefork=0
pop3 cmd=pop3d listen=pop3 prefork=0
pop3s cmd=pop3d -s listen=pop3s prefork=0
sieve cmd=timsieved listen=sieve prefork=0
# at least one LMTP is required for delivery
# lmtp cmd=lmtpd listen=lmtp prefork=0
lmtpunix cmd=lmtpd listen=/var/spool/cyrus-imap/socket/lmtp prefork=0
# this is only necessary if using notifications
# notify cmd=notifyd listen=/var/spool/cyrus-imap/socket/notify
proto=udp prefork=1
}
EVENTS {
# this is required
checkpointcmd=ctl_cyrusdb -c period=15
# this is only necessary if using duplicate delivery suppression
delprune cmd=ctl_deliver -E 3 at=0400
# this is only necessary if caching TLS sessions
tlsprune cmd=tls_prune at=0400
}
---
hosts.allow and hosts.deny are both empty.
---
I have been using nscd to cache lookups.. here is it's config:
logfile /var/log/nscd.log
threads 10
max-threads 128
# server-user nobody
# stat-user somebody
debug-level 0
# reload-count5
paranoiano
# restart-interval3600
enable-cachepasswd yes
positive-time-to-live passwd 660
negative-time-to-live passwd 20
suggested-size passwd 1051
check-files passwd yes
persistent passwd yes
shared passwd yes
enable-cachegroup yes
positive-time-to-live group 3600
negative-time-to-live group 60
suggested-size group 1051
check-files group yes
persistent group yes
shared group yes
enable-cachehosts yes
positive-time-to-live hosts 3600
negative-time-to-live hosts 20
suggested-size hosts 1051
check-files hosts yes
persistent hosts yes
shared hosts yes
---
Thanks again,
Mike
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve authentication problem
Am Saturday 09 September 2006 12:38 schrieb Achim Lammerts: do I get some help about Sieve here too? Some days ago I've added authentication by sasldb and today I saw that Sieve doesn't work anymore. I can't login to sieveshell from root like sieveshell --user mailuser --authname mailuser localhost, the correct password is not accepted. There are these entries in the log file: Sep 9 12:25:44 salamucha master[7088]: about to exec /usr/lib/cyrus/bin/timsieved Sep 9 12:25:44 salamucha sieve[7088]: executed Sep 9 12:25:44 salamucha sieve[7088]: accepted connection Sep 9 12:25:49 salamucha PAM-warn[1066]: function=[pam_sm_authenticate] service=[sieve] terminal=[unknown] user=[mailuser] ruser=[unknown] rhost=[unknown] But this is saslauthd/pam, which is queried, not sasldb. Check your saslauthd/pam Configuration. Sep 9 12:25:49 salamucha PAM-warn[1066]: function=[pam_sm_acct_mgmt] service=[sieve] terminal=[unknown] user=[mailuser] ruser=[unknown] rhost=[unknown] Sep 9 12:25:49 salamucha sieve[7088]: transitioning user mailuser to auxprop database Sep 9 12:25:49 salamucha sieve[7088]: setpass succeeded for mailuser Sep 9 12:25:49 salamucha sieve[7088]: mkdir /var/lib/sieve/m/mailuser: File exists Sep 9 12:25:49 salamucha sieve[7088]: error in actions_setuser() Sep 9 12:25:49 salamucha perl: No worthy mechs found Sep 9 12:25:49 salamucha master[6160]: process 7088 exited, status 0 The actual imapd.conf looks like this: ... sasl_pwcheck_method: saslauthd auxprop sasl_auxprop_plugin: sasldb sasl_auto_transition: yes sasl_mech_list: plain login ... Also avelsieve doesn't work correctly before I got this problem above, in the meantime I can't use avelsieve too of course (with a similar error message). That might be another question and not here, but I like to ask about the rights for the Sieve directory. It's set to 600 and the owner is cyrus:mail, is that right? -- Andreas Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve authentication problem
Am Sunday 10 September 2006 08:00 schrieb Andreas Winkelmann: do I get some help about Sieve here too? Some days ago I've added authentication by sasldb and today I saw that Sieve doesn't work anymore. I can't login to sieveshell from root like sieveshell --user mailuser --authname mailuser localhost, the correct password is not accepted. There are these entries in the log file: Sep 9 12:25:44 salamucha master[7088]: about to exec /usr/lib/cyrus/bin/timsieved Sep 9 12:25:44 salamucha sieve[7088]: executed Sep 9 12:25:44 salamucha sieve[7088]: accepted connection Sep 9 12:25:49 salamucha PAM-warn[1066]: function=[pam_sm_authenticate] service=[sieve] terminal=[unknown] user=[mailuser] ruser=[unknown] rhost=[unknown] But this is saslauthd/pam, which is queried, not sasldb. Check your saslauthd/pam Configuration. Ok forget it, sometimes it is better to read further. Sep 9 12:25:49 salamucha PAM-warn[1066]: function=[pam_sm_acct_mgmt] service=[sieve] terminal=[unknown] user=[mailuser] ruser=[unknown] rhost=[unknown] Sep 9 12:25:49 salamucha sieve[7088]: transitioning user mailuser to auxprop database Sep 9 12:25:49 salamucha sieve[7088]: setpass succeeded for mailuser Sep 9 12:25:49 salamucha sieve[7088]: mkdir /var/lib/sieve/m/mailuser: File exists Check this Directory. Maybe it is a File, or the Permissions are incorrect. Sep 9 12:25:49 salamucha sieve[7088]: error in actions_setuser() Sep 9 12:25:49 salamucha perl: No worthy mechs found Sep 9 12:25:49 salamucha master[6160]: process 7088 exited, status 0 The actual imapd.conf looks like this: ... sasl_pwcheck_method: saslauthd auxprop sasl_auxprop_plugin: sasldb sasl_auto_transition: yes sasl_mech_list: plain login ... Also avelsieve doesn't work correctly before I got this problem above, in the meantime I can't use avelsieve too of course (with a similar error message). That might be another question and not here, but I like to ask about the rights for the Sieve directory. It's set to 600 and the owner is cyrus:mail, is that right? -- Andreas Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve authentication failure
On Mon, 2005-12-05 at 16:20 +0200, Paul-Erik Törrönen wrote:
But sivtest fails:
$ sivtest -a poltsi localhost
S: IMPLEMENTATION Cyrus timsieved v2.2.12-Invoca-RPM-2.2.12-6.fc4
S: SASL PLAIN
S: SIEVE fileinto reject envelope vacation imapflags notify
subaddress relational comparator-i;ascii-numeric regex
S: STARTTLS
S: OK
Please enter your password:
C: AUTHENTICATE PLAIN {28+}
password hash
S: NO Authentication Error
As do sieveshell:
$ sieveshell -u poltsi -a poltsi localhost
connecting to localhost
Please enter your password:
unable to connect to server at /usr/bin/sieveshell line 169, STDIN
line 1.
Ok, I've gotten a step further, the sivtest works when I give the full
[EMAIL PROTECTED] in the -a parameter, but the same does not work with the
sieveshell, it barfs with the same error as above.
Any help?
Poltsi
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve Authentication Fails
On Thursday 03 February 2005 23.24, Dan Perez wrote: Hi All, I see that this question has been posted before, but I don't see a clear answer, so forgive me. Any leads would be appreciated. I'm running cyrus 2.2.10, on RHEL 3.0. It works great. Now I want to start using sieve... but I can't get sieveshell to connect to the server and I don't understand why. [EMAIL PROTECTED] log]# sieveshell -u cyrus localhost connecting to localhost Please enter your password: unable to connect to server at /usr/bin/sieveshell line 169, STDIN line 1. my imapd conf: configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem tls_ca_file: /usr/share/ssl/certs/ca-bundle.crt saslauthd is running w/ -a pam Authentication works fine for the IMAP server, cyradm. Sieve is listening... [EMAIL PROTECTED] log]# telnet localhost sieve Trying 127.0.0.1... Connected to localhost (127.0.0.1). Escape character is '^]'. IMPLEMENTATION Cyrus timsieved v2.2.10-Invoca-RPM-2.2.10-8 SASL PLAIN SIEVE fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex STARTTLS OK Heck, I even get sieve headers in my emails... X-Sieve: CMU Sieve 2.2 Any ideas? Thanks, Dan --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Hi See my attached /etc/imad.conf file Take an extra look at the row allowplaintext. There are maybe other ways around the problem. But I have not found any (yet)... So allowplaintext: yes is needed for sieve logins to work. If TLS is required the sieve login will fail. That was the case with earlier realeases... Now I use 2.2.10 and have not checked if sieve works with TLS. --snip-- configdirectory: /var/imap partition-default: /var/spool/imap admins: root cyradm admin1 admin2 sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN LOGIN allowanonymouslogin: no allowplaintext: yes -- NEED THIS FOR SIEVE LOGIN THAT FAILS OTHERWISE sendmail: /usr/sbin/sendmail quotawarn: 90 servername:MY_FQDN_IMAP_HOST sievedir: /var/sieve sieve_maxscripts: 20 timeout: 240 sievenotifier: mailto mailnotifier: mailto altnamespace: 1 berkeley_cachesize: 8192 postmaster: [EMAIL PROTECTED] sharedprefix: Shared Folders userprefix: Other Users imapidlepoll: 60 tls_cert_file: /var/imap/server.pem tls_key_file: /var/imap/server.pem tls_ca_file: /var/imap/server.pem --snip-- Hope this could be of any help. Regards /Per-Olov -- GPG keyID: 4DB283CE GPG fingerprint: 45E8 3D0E DE05 B714 D549 45BC CFB4 BBE9 4DB2 83CE pgpPRveYQYWcu.pgp Description: PGP signature
Re: Sieve Authentication Fails
On Thu, 2005-02-03 at 14:24 -0800, Dan Perez wrote: Hi All, I see that this question has been posted before, but I don't see a clear answer, so forgive me. Any leads would be appreciated. I'm running cyrus 2.2.10, on RHEL 3.0. It works great. Now I want to start using sieve... but I can't get sieveshell to connect to the server and I don't understand why. [EMAIL PROTECTED] log]# sieveshell -u cyrus localhost connecting to localhost Please enter your password: unable to connect to server at /usr/bin/sieveshell line 169, STDIN line 1 saslpasswd cyrus #add password for cyrus to sasldb Well, if sieve uses saslauthd - pam to authenticate, there is no need for having a sasldb file with cyrus user. IIRC the problem is that sieveshell doesn't have the --auth parameter like cyradm. The sieve server works, but not sieveshell. Can someone confirm this or has someone already made a patch to fix sieveshell? Simon --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve Authentication Fails
On Fri, 4 Feb 2005, Simon Matter wrote: On Thu, 2005-02-03 at 14:24 -0800, Dan Perez wrote: Hi All, I see that this question has been posted before, but I don't see a clear answer, so forgive me. Any leads would be appreciated. I'm running cyrus 2.2.10, on RHEL 3.0. It works great. Now I want to start using sieve... but I can't get sieveshell to connect to the server and I don't understand why. [EMAIL PROTECTED] log]# sieveshell -u cyrus localhost connecting to localhost Please enter your password: unable to connect to server at /usr/bin/sieveshell line 169, STDIN line 1 saslpasswd cyrus #add password for cyrus to sasldb Well, if sieve uses saslauthd - pam to authenticate, there is no need for having a sasldb file with cyrus user. IIRC the problem is that sieveshell doesn't have the --auth parameter like cyradm. The sieve server works, but not sieveshell. It has --authname and it works fine. Check man pages. -- Igor --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve Authentication Fails
It has --authname and it works fine. Check man pages. Igor --- Sorry, unless I'm misunderstanding something... that's not it. According to the man pages --authname let's you pass in a different username for authentication, it doesn't let you specify a mechanism... Dan --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve Authentication Fails
On Fri, 4 Feb 2005, Dan Perez wrote: It has --authname and it works fine. Check man pages. Igor --- Sorry, unless I'm misunderstanding something... that's not it. According to the man pages --authname let's you pass in a different username for authentication, it doesn't let you specify a mechanism... You are correct, you cannot pass a mechanism to sieveshell. I incorrectly assumed that --auth in cyradm is an authentication username. -- Igor --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve Authentication Fails - Resolved
OK, I'm not sure why this works, but if I su to the unix account which matches the mailbox name of the mailbox I'm trying to run sieveshell for and it works just fine. I had assumed I could be running as root, or another account I use to manage stuff and just pass in the username with a -u parameter. I only tried this because I installed the avelsieve squirrelmail plugin. Once installed, the plugin worked fine, so I knew authentication worked with sieve. That's when it occurred to me to actually su to that unix account, and re-run sieveshell. Thanks for the help guys. Appreciate it. Dan From: Igor Brezac [EMAIL PROTECTED] To: Dan Perez [EMAIL PROTECTED] CC: info-cyrus@lists.andrew.cmu.edu Subject: Re: Sieve Authentication Fails Date: Fri, 4 Feb 2005 14:30:07 -0500 (EST) On Fri, 4 Feb 2005, Dan Perez wrote: It has --authname and it works fine. Check man pages. Igor --- Sorry, unless I'm misunderstanding something... that's not it. According to the man pages --authname let's you pass in a different username for authentication, it doesn't let you specify a mechanism... You are correct, you cannot pass a mechanism to sieveshell. I incorrectly assumed that --auth in cyradm is an authentication username. -- Igor --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve Authentication Fails - Resolved
OK, I'm not sure why this works, but if I su to the unix account which matches the mailbox name of the mailbox I'm trying to run sieveshell for and it works just fine. I had assumed I could be running as root, or another account I use to manage stuff and just pass in the username with a -u parameter. I just tried it and it worked this way (as root): sieveshell --user=simix --authname=simix localhost Simon I only tried this because I installed the avelsieve squirrelmail plugin. Once installed, the plugin worked fine, so I knew authentication worked with sieve. That's when it occurred to me to actually su to that unix account, and re-run sieveshell. Thanks for the help guys. Appreciate it. Dan From: Igor Brezac [EMAIL PROTECTED] To: Dan Perez [EMAIL PROTECTED] CC: info-cyrus@lists.andrew.cmu.edu Subject: Re: Sieve Authentication Fails Date: Fri, 4 Feb 2005 14:30:07 -0500 (EST) On Fri, 4 Feb 2005, Dan Perez wrote: It has --authname and it works fine. Check man pages. Igor --- Sorry, unless I'm misunderstanding something... that's not it. According to the man pages --authname let's you pass in a different username for authentication, it doesn't let you specify a mechanism... You are correct, you cannot pass a mechanism to sieveshell. I incorrectly assumed that --auth in cyradm is an authentication username. -- Igor --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve Authentication Fails
On Thu, 2005-02-03 at 14:24 -0800, Dan Perez wrote: Hi All, I see that this question has been posted before, but I don't see a clear answer, so forgive me. Any leads would be appreciated. I'm running cyrus 2.2.10, on RHEL 3.0. It works great. Now I want to start using sieve... but I can't get sieveshell to connect to the server and I don't understand why. [EMAIL PROTECTED] log]# sieveshell -u cyrus localhost connecting to localhost Please enter your password: unable to connect to server at /usr/bin/sieveshell line 169, STDIN line 1 saslpasswd cyrus #add password for cyrus to sasldb Craig --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: SIEVE authentication failed
Gerald Griessner wrote:
Hi,
I migrated from Cyrus Imap 2.1.16 to 2.2.8 a couple of days ago.
Since then I can not login to Sieve any more.
Can anyone help me?
below I included my imapd.conf, sivtest output and imtest output
Cheers
Gerald
bash-2.05# sivtest -u ggriessn localhost
S: IMPLEMENTATION Cyrus timsieved v2.2.8
S: SIEVE fileinto reject envelope vacation imapflags notify
subaddress relational regex
S: STARTTLS
S: OK
Cyrus isn't finding your SASL plugins, because no SASL mechs are listed
in the capability list. Make sure you have SASL installed correctly.
Authentication failed. generic failure
Security strength factor: 0
C: LOGOUT
OK Logout Complete
Connection closed.
bash-2.05# imtest -u ggriessn localhost
S: * OK mail.salzburgresearch.at Cyrus IMAP4 v2.2.8 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
STARTTLS
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN root {8}
S: + go ahead
C: omitted
S: L01 NO Login failed: authentication failure
Authentication failed. generic failure
Security strength factor: 0
C: Q01 LOGOUT
* BYE LOGOUT received
Q01 OK Completed
Connection closed.
And here is my imapd.conf:
allowanonymouslogin:no
allowapop: no
allowplaintext: yes
allowplaintextwithouttls: yes
allowusermoves: 1
annotation_db: skiplist
autocreatequota:400
configdirectory:/var/imap/config
deleteright:c
duplicate_db: berkeley-nosync
duplicatesuppression: 1
imapidlepoll: 60
mboxlist_db: berkeley
partition-default: /var/imap/data
postmaster: [EMAIL PROTECTED]
quota_db: berkeley
quotawarn: 90
sasl_option:yes
sasl_auto_transition: no
sasl_maximum_layer: 256
sasl_mech_list: PLAIN
sasl_minimum_layer: 0
sasl_pwcheck_method:pam saslauthd
sasl_reauth_timeout:0
sasl_saslauthd_path:/var/state/saslauthd/mux
seenstate_db: berkeley
sendmail: /usr/exim/bin/exim
servername: mail.salzburgresearch.at
sieve_maxscripts: 16
sieve_maxscriptsize:128
sievedir: /var/imap/sieve
sievenotifier: SIEVE
sieveusehomedir:false
singleinstancestore:yes
subscription_db:berkeley
tlscache_db: berkeley-nosync
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: SIEVE authentication failed
--On Wednesday, September 01, 2004 08:49:25 -0400 Ken Murchison [EMAIL PROTECTED] wrote: Gerald Griessner wrote: Hi, I migrated from Cyrus Imap 2.1.16 to 2.2.8 a couple of days ago. Since then I can not login to Sieve any more. Can anyone help me? below I included my imapd.conf, sivtest output and imtest output Cheers Gerald bash-2.05# sivtest -u ggriessn localhost S: IMPLEMENTATION Cyrus timsieved v2.2.8 S: SIEVE fileinto reject envelope vacation imapflags notify subaddress relational regex S: STARTTLS S: OK Cyrus isn't finding your SASL plugins, because no SASL mechs are listed in the capability list. Make sure you have SASL installed correctly. SNIP Hi Ken, actually IMAP is authenticating against SASL. I compiled sasl 2.1.9 like: ./configure --prefix=/usr/cyrus-sasl --sysconfdir=/etc --enable-login --disable-checkapop --disable-krb4 --disable-gssapi --with-openssl=/usr/local/ssl --with-saslauthd=/var/state/saslauthd --with-ldap And in sasldb/Makefile line 245 changed LOCAL_SASL_DB_BACKEND_STATIC := toLOCAL_SASL_DB_BACKEND_STATIC = since it was not making I'm starting the daemeon like: /usr/cyrus-sasl/sbin/saslauthd -a pam -O /etc/saslauthd /etc/saslauthd: MECHANISMS=pam --enable-login --disable-checkapop --disable-krb4 --disable-gssapi --with-openssl=/usr/local/ssl --with-saslauthd=/var/state/saslauthd I did exactly the same as with version 2.1.17 (old Server) Can you give me any hint? Cheers Gerald --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: SIEVE authentication failed
Gerald Griessner wrote: --On Wednesday, September 01, 2004 08:49:25 -0400 Ken Murchison [EMAIL PROTECTED] wrote: Gerald Griessner wrote: Hi, I migrated from Cyrus Imap 2.1.16 to 2.2.8 a couple of days ago. Since then I can not login to Sieve any more. Can anyone help me? below I included my imapd.conf, sivtest output and imtest output Cheers Gerald bash-2.05# sivtest -u ggriessn localhost S: IMPLEMENTATION Cyrus timsieved v2.2.8 S: SIEVE fileinto reject envelope vacation imapflags notify subaddress relational regex S: STARTTLS S: OK Cyrus isn't finding your SASL plugins, because no SASL mechs are listed in the capability list. Make sure you have SASL installed correctly. SNIP Hi Ken, actually IMAP is authenticating against SASL. I compiled sasl 2.1.9 like: ./configure --prefix=/usr/cyrus-sasl --sysconfdir=/etc --enable-login --disable-checkapop --disable-krb4 --disable-gssapi --with-openssl=/usr/local/ssl --with-saslauthd=/var/state/saslauthd --with-ldap And in sasldb/Makefile line 245 changed LOCAL_SASL_DB_BACKEND_STATIC := toLOCAL_SASL_DB_BACKEND_STATIC = since it was not making I'm starting the daemeon like: /usr/cyrus-sasl/sbin/saslauthd -a pam -O /etc/saslauthd /etc/saslauthd: MECHANISMS=pam --enable-login --disable-checkapop --disable-krb4 --disable-gssapi --with-openssl=/usr/local/ssl --with-saslauthd=/var/state/saslauthd I did exactly the same as with version 2.1.17 (old Server) Can you give me any hint? Try making a link fro /usr/lib/sasl2 to the directory which contains the mschanism plugins (libplain.so, libcrammd5.so, etc). -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: SIEVE authentication failed
--On Wednesday, September 01, 2004 11:40:40 -0400 Ken Murchison [EMAIL PROTECTED] wrote: Cyrus isn't finding your SASL plugins, because no SASL mechs are listed in the capability list. Make sure you have SASL installed correctly. SNIP Hi Ken, actually IMAP is authenticating against SASL. I compiled sasl 2.1.9 like: ./configure --prefix=/usr/cyrus-sasl --sysconfdir=/etc --enable-login --disable-checkapop --disable-krb4 --disable-gssapi --with-openssl=/usr/local/ssl --with-saslauthd=/var/state/saslauthd --with-ldap And in sasldb/Makefile line 245 changed LOCAL_SASL_DB_BACKEND_STATIC := toLOCAL_SASL_DB_BACKEND_STATIC = since it was not making I'm starting the daemeon like: /usr/cyrus-sasl/sbin/saslauthd -a pam -O /etc/saslauthd /etc/saslauthd: MECHANISMS=pam --enable-login --disable-checkapop --disable-krb4 --disable-gssapi --with-openssl=/usr/local/ssl --with-saslauthd=/var/state/saslauthd I did exactly the same as with version 2.1.17 (old Server) Can you give me any hint? Try making a link fro /usr/lib/sasl2 to the directory which contains the mschanism plugins (libplain.so, libcrammd5.so, etc). Many thanks, that works. Although, I'm not sure why, because my linker (crle) shows /usr/cyrus-sasl/lib it in the search path. Anyway Cheers Gerald --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sieve authentication
Denis V. Suhanov wrote: Hello Rob, Thursday, January 8, 2004, 1:42:58 PM, you wrote: Is there a way to disable plaintext passwords in imap but allow them in sieve (since I have it running locally). There is a bug in PHP's Net_Sieve module that makes it hang whenever timsieved does not report a PLAIN method (http://pear.php.net/bugs/bug.php?id=159). RS If you are running 2.2.x you can have a per-serive allowplaintext option. You mean, by using a -C switch and a separate imapd.conf, only for timsieved (that's what I've done)? I failed to find any sieve-specific options in man imapd.conf In 2.2, you can prefix any option with the service name (as it appears in cyrus.conf. So the following are valid options: imap_allowplaintext sieve_allowplaintext -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: sieve authentication
On Thu, 8 Jan 2004, Denis V. Suhanov wrote: Is there a way to disable plaintext passwords in imap but allow them in sieve (since I have it running locally). There is a bug in PHP's Net_Sieve module that makes it hang whenever timsieved does not report a PLAIN method (http://pear.php.net/bugs/bug.php?id=159). If you are running 2.2.x you can have a per-serive allowplaintext option. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: Sieve authentication
Hi;
My users's inbox have another machine and another directory. For examble
"
username:
user's home directory = /ev/.../ (user server)
user's mail directory = /posta/ (mail server)
(this servers is different machine and ip)
"
I connected mail server that said me "no found mbox " and "no found valid
mbox".Why?How could i solve this problem?
Please help me..
Thanks..
Ken Murchison wrote:
The service name for Sieve was changed from "imap" to "sieve". Copy
your "imap" PAM config to "sieve" and you should be fine.
David Chait wrote:
Greetings all,
I'm in the process of upgrading our current cyrus install and so
far it has gone will with the one caviat that I cannot for some reason
get Sieve to authenticate users. The IMAP daemon however works fine.
As you can see below, I can see auth mechanisms:
[root@bonmail adm]# telnet localhost 2000
Trying 127.0.0.1...
Connected to bonmail.stanford.edu (127.0.0.1).
Escape character is '^]'.
"IMPLEMENTATION" "Cyrus timsieved v2.1.11"
"SASL" "PLAIN"
"SIEVE" "fileinto reject envelope vacation imapflags notify subaddress
relational regex"
OK
However whenever I attempt to authenticate via the test utility, I get
the following:
[root@bonmail adm]# sivtest -u dchait localhost
S: "IMPLEMENTATION" "Cyrus timsieved v2.1.11"
S: "SASL" "PLAIN"
S: "SIEVE" "fileinto reject envelope vacation imapflags notify
subaddress relational regex"
S: OK
Please enter your password:
C: AUTHENTICATE "PLAIN" {28+}
ZGNoYWl0AHJvb3QATTExa3kjV0B5
S: NO "Authentication Error"
Authentication failed. generic failure
Security strength factor: 0
The logs show a PAM error, however my PAM file hasn't changed between
installs:
Dec 27 01:17:28 bonmail saslauthd[19310]: DEBUG: auth_pam:
pam_authenticate failed: Authentication failure
Dec 27 01:17:28 bonmail saslauthd[19310]: AUTHFAIL: user=dchait
service=sieve realm= [PAM auth error]
Dec 27 01:17:28 bonmail timsieved[19607]: Password verification failed
imap file in pam.d shows:
auth required pam_nologin.so
auth required pam_stack.so service=system-auth
accountrequired pam_stack.so service=system-auth
sessionrequired pam_stack.so service=system-auth
My cyrus.conf file shows:
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd="ctl_cyrusdb -r"
# this is only necessary if using idled for IMAP IDLE
# idledcmd="idled"
}
# UNIX sockets start with a slash and are put into /var/imap/socket
SERVICES {
# add or remove based on preferences
imap cmd="imapd" listen="imap" prefork=0
imaps cmd="imapd -s" listen="imaps" prefork=0
# pop3 cmd="pop3d" listen="pop3" prefork=0
# pop3scmd="pop3d -s" listen="pop3s" prefork=0
sieve cmd="timsieved" listen="sieve" prefork=0
# at least one LMTP is required for delivery
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
# this is only necessary if using notifications
# notify cmd="notifyd" listen="/var/imap/socket/notify"
proto="udp" prefork=1
}
EVENTS {
# this is required
checkpointcmd="ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery suppression
delprune cmd="ctl_deliver -E 3" period=1440
# this is only necessary if caching TLS sessions
tlsprune cmd="tls_prune" period=1440
}
This is on a Red Hat 7.3 based Dell server Runing the latest stable
versions of both sasl and cyrus imap. Any ideas?
Thanks,
David
--
Your favorite stores, helpful shopping tools and great gift ideas. Experience
the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/
Re: Sieve authentication
The service name for Sieve was changed from imap to sieve. Copy
your imap PAM config to sieve and you should be fine.
David Chait wrote:
Greetings all,
I'm in the process of upgrading our current cyrus install and so
far it has gone will with the one caviat that I cannot for some reason
get Sieve to authenticate users. The IMAP daemon however works fine.
As you can see below, I can see auth mechanisms:
[root@bonmail adm]# telnet localhost 2000
Trying 127.0.0.1...
Connected to bonmail.stanford.edu (127.0.0.1).
Escape character is '^]'.
IMPLEMENTATION Cyrus timsieved v2.1.11
SASL PLAIN
SIEVE fileinto reject envelope vacation imapflags notify subaddress
relational regex
OK
However whenever I attempt to authenticate via the test utility, I get
the following:
[root@bonmail adm]# sivtest -u dchait localhost
S: IMPLEMENTATION Cyrus timsieved v2.1.11
S: SASL PLAIN
S: SIEVE fileinto reject envelope vacation imapflags notify
subaddress relational regex
S: OK
Please enter your password:
C: AUTHENTICATE PLAIN {28+}
ZGNoYWl0AHJvb3QATTExa3kjV0B5
S: NO Authentication Error
Authentication failed. generic failure
Security strength factor: 0
The logs show a PAM error, however my PAM file hasn't changed between
installs:
Dec 27 01:17:28 bonmail saslauthd[19310]: DEBUG: auth_pam:
pam_authenticate failed: Authentication failure
Dec 27 01:17:28 bonmail saslauthd[19310]: AUTHFAIL: user=dchait
service=sieve realm= [PAM auth error]
Dec 27 01:17:28 bonmail timsieved[19607]: Password verification failed
imap file in pam.d shows:
auth required pam_nologin.so
auth required pam_stack.so service=system-auth
accountrequired pam_stack.so service=system-auth
sessionrequired pam_stack.so service=system-auth
My cyrus.conf file shows:
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd=ctl_cyrusdb -r
# this is only necessary if using idled for IMAP IDLE
# idledcmd=idled
}
# UNIX sockets start with a slash and are put into /var/imap/socket
SERVICES {
# add or remove based on preferences
imap cmd=imapd listen=imap prefork=0
imaps cmd=imapd -s listen=imaps prefork=0
# pop3 cmd=pop3d listen=pop3 prefork=0
# pop3scmd=pop3d -s listen=pop3s prefork=0
sieve cmd=timsieved listen=sieve prefork=0
# at least one LMTP is required for delivery
# lmtp cmd=lmtpd listen=lmtp prefork=0
lmtpunix cmd=lmtpd listen=/var/imap/socket/lmtp prefork=0
# this is only necessary if using notifications
# notify cmd=notifyd listen=/var/imap/socket/notify
proto=udp prefork=1
}
EVENTS {
# this is required
checkpointcmd=ctl_cyrusdb -c period=30
# this is only necessary if using duplicate delivery suppression
delprune cmd=ctl_deliver -E 3 period=1440
# this is only necessary if caching TLS sessions
tlsprune cmd=tls_prune period=1440
}
This is on a Red Hat 7.3 based Dell server Runing the latest stable
versions of both sasl and cyrus imap. Any ideas?
Thanks,
David
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: sieve authentication
Justin Wood wrote: I recently installed cyrus-imapd 2.0.16 w/ cyrus-sasl 1.5.27 on FreeBSD 4.5-RELEASE (from the ports tree). I managed to get imapd auth working just fine, but when I try to install a sieve script using installsieve, I get the following messages in syslog: Feb 8 14:19:22 fs1 timsieved[9785]: KERBEROS_V4: can't access srvtab file /etc/srvtab: No such file or directory Feb 8 14:19:22 fs1 timsieved[9785]: add_plugin(/usr/local/lib/sasl/libkerberos4.so) failed: generic failure Feb 8 14:19:23 fs1 timsieved[9785]: badlogin: fs1.p.flipdog.com[10.69.2.71] DIGEST-MD5 -13 unable to get user's secret In imapd.conf I have sasl_pwcheck_method: LDAP and the appropriate settings for the ldap server. Where do I modify settings for timsieved? I would like to do ldap/pam_ldap auth with it as well. Unless you have a need for the non-plaintext mechanisms, try removing these plugins. Sieveshell will try to use the best (highest SSF) mechanism that it finds. If you only have PLAIN and/or LOGIN installed, it will have no choice but to use one of these, which should then use your PAM config. In SASL v2.1 you can use the 'mech_list' option in the SASL conf file to limit which mechs will be offered by the service. In either case, we probably should add a --auth option to sieveshell, just like cyradm. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
RE: sieve authentication
Unless you have a need for the non-plaintext mechanisms, try removing these plugins. Sieveshell will try to use the best (highest SSF) mechanism that it finds. If you only have PLAIN and/or LOGIN installed, it will have no choice but to use one of these, which should then use your PAM config. On my system, cyradm uses DIGEST-MD5 and succeeds, while sieveshell uses DIGEST-MD5 and fails.
RE: sieve authentication
For the last four months or so I haven't been able to get sieveshell to authenticate, no matter what I try. The fact that cyradm authenticates just fine makes me suspect it's something about sieve ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Justin Wood Sent: Friday, February 08, 2002 15:39 To: [EMAIL PROTECTED] Subject: sieve authentication I recently installed cyrus-imapd 2.0.16 w/ cyrus-sasl 1.5.27 on FreeBSD 4.5-RELEASE (from the ports tree). I managed to get imapd auth working just fine, but when I try to install a sieve script using installsieve, I get the following messages in syslog: Feb 8 14:19:22 fs1 timsieved[9785]: KERBEROS_V4: can't access srvtab file /etc/srvtab: No such file or directory Feb 8 14:19:22 fs1 timsieved[9785]: add_plugin(/usr/local/lib/sasl/libkerberos4.so) failed: generic failure Feb 8 14:19:23 fs1 timsieved[9785]: badlogin: fs1.p.flipdog.com[10.69.2.71] DIGEST-MD5 -13 unable to get user's secret In imapd.conf I have sasl_pwcheck_method: LDAP and the appropriate settings for the ldap server. Where do I modify settings for timsieved? I would like to do ldap/pam_ldap auth with it as well. Thanks in advance, Justin. -- -- Justin Wood [EMAIL PROTECTED] Systems Administrator FlipDog.comhttp://www.flipdog.com/ --
