Re: Sieve Authentication
Antonio, The sieve protocol is defined in RFC 3028. 'sivtest' should be easier than telnet though. However, as mentioned in the documentation, you'll probably want to use sieveshell to manipulate scripts. - Dan Antonio Talarico wrote: Thanks now i can authenticate with sieve, But i have another problem. How is the syntax to place a script on the server once authenticated by telnet? Thanks for the help 2008/10/10 Dan White [EMAIL PROTECTED]: Antonio Talarico wrote: Hi Which file contains the configuration for users who can authenticate. How can enable a user to log in and add script. Thank you Antonio, Authentication is handled by the Cyrus SASL library as configured in your imapd.conf (the lines beginning with sasl_). Documentation can be found in the man page for imapd.conf, /doc/install-auth.html located within the cyrus-imapd source, and the /doc/ subdirectory located within the cyrus-sasl source. - Dan Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve Authentication
Antonio Talarico wrote: Hi Which file contains the configuration for users who can authenticate. How can enable a user to log in and add script. Thank you Antonio, Authentication is handled by the Cyrus SASL library as configured in your imapd.conf (the lines beginning with sasl_). Documentation can be found in the man page for imapd.conf, /doc/install-auth.html located within the cyrus-imapd source, and the /doc/ subdirectory located within the cyrus-sasl source. - Dan Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sieve authentication
Am Thursday 14 September 2006 22:18 schrieb Mike Husmann: Show your configuration imapd.conf, cyrus.conf. Hmm, maybe hosts.allow/hosts.deny, too. imapd.conf # server conf servername: rusty.morningside.edu umask: 077 reject8bit: no quotawarn: 90 timeout: 30 poptimeout: 10 # singleinstancestore: yes username_to_lower: yes lmtp_downcase_rcpt: yes lmtp_over_quota_perm_failure: yes altnamespace: yes # user conf postmaster: postmaster admins: cyrus cyrusadm # directory and file locations configdirectory: /var/spool/cyrus-imap partition-default: /var/spool/cyrus-imap sievedir: /var/spool/cyrus-imap/sieve sendmail: /usr/sbin/sendmail # authentication allowanonymouslogin: no allowplaintext: yes sasl_mech_list: plain sasl_minimum_layer: 0 sasl_pwcheck_method: saslauthd # new user automated creates autocreate_sieve_script: /var/spool/cyrus-imap/sieve/phpscript autocreate_sieve_compiledscript: /var/spool/cyrus-imap/sieve/phpscript.bc generate_compiled_sieve_script: yes sieve_maxscriptsize: 64 sieve_maxscripts: 50 autocreateinboxfolders: Spam autosubscribeinboxfolders: Spam autocreatequota: 51200 createonpost: yes # security certificate information tls_cert_file: /etc/ssl/certs/imap.morningside.edu.crt tls_key_file: /etc/ssl/certs/imap.morningside.edu.key tls_ca_file: /etc/ssl/certs/imap.morningside.edu.ca-bundle --- cyrus.conf --- # standard standalone server implementation START { # do not delete this entry! recover cmd=ctl_cyrusdb -r # this is only necessary if using idled for IMAP IDLE # idledcmd=idled } # UNIX sockets start with a slash and are put into /var/spool/cyrus-imap/socket SERVICES { # add or remove based on preferences imap cmd=imapd listen=imap prefork=0 imaps cmd=imapd -s listen=imaps prefork=0 pop3 cmd=pop3d listen=pop3 prefork=0 pop3s cmd=pop3d -s listen=pop3s prefork=0 sieve cmd=timsieved listen=sieve prefork=0 # at least one LMTP is required for delivery # lmtp cmd=lmtpd listen=lmtp prefork=0 lmtpunix cmd=lmtpd listen=/var/spool/cyrus-imap/socket/lmtp prefork=0 # this is only necessary if using notifications # notify cmd=notifyd listen=/var/spool/cyrus-imap/socket/notify proto=udp prefork=1 } EVENTS { # this is required checkpointcmd=ctl_cyrusdb -c period=15 # this is only necessary if using duplicate delivery suppression delprune cmd=ctl_deliver -E 3 at=0400 # this is only necessary if caching TLS sessions tlsprune cmd=tls_prune at=0400 } --- hosts.allow and hosts.deny are both empty. --- Hmm, I don't see a reason, why sieve-logins from a Remote-Machine can fail. Except for the Remote-Machine(s) itself. You have the Server configured to offer PLAIN to the Clients. Check if the Clients have the Cyrus-SASL Mechanism PLAIN (libplain.*) installed. If PLAIN is installed, the next step would be to use a network-sniffer and look for the Dialog between Server and Client. -- Andreas Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sieve authentication
Hmm, I don't see a reason, why sieve-logins from a Remote-Machine can fail. Except for the Remote-Machine(s) itself. You have the Server configured to offer PLAIN to the Clients. Check if the Clients have the Cyrus-SASL Mechanism PLAIN (libplain.*) installed. If PLAIN is installed, the next step would be to use a network-sniffer and look for the Dialog between Server and Client. This is where things get weird.. If I do a sivtest from a remote machine, here is the result: --- sivtest -a bebo -u bebo imap.morningside.edu S: IMPLEMENTATION Cyrus timsieved v2.2.12 S: SASL PLAIN S: SIEVE fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex S: STARTTLS S: OK Authentication failed. no mechanism available Security strength factor: 0 C: LOGOUT Connection closed. --- On the local machine, this works fine, and prompts for a password. But from what I'm seeing here, it's dropping the connection because it doesn't think there are any auth mechs available...? sieveshell has a similar result: --- \sieveshell -a bebo -u bebo imap.morningside.edu connecting to imap.morningside.edu unable to connect to server at /usr/bin/sieveshell line 169. --- This is different from the others that include a line about STDIN (password). Once again, the server drops the connection before it has a chance to authenticate. My /etc/pam.d/sieve looks like: #%PAM-1.0 auth required pam_nologin.so auth sufficient pam_ldap.so auth required pam_pwdb.so shadow nodelay accountrequired pam_pwdb.so sessionrequired pam_pwdb.so And the strangest part of this whole deal is that it has worked flawlessly, as it is set up now, since April. Mike Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sieve authentication
Except for the Remote-Machine(s) itself. You have the Server configured to offer PLAIN to the Clients. Check if the Clients have the Cyrus-SASL Mechanism PLAIN (libplain.*) installed. That's the ticket.. I installed the extra library on my test system and found that indeed network auth had never been broken! A simple upgrade of my squirrelmail plugin made it compatible with the php upgrade that had just happned a couple days ago. I'm off and running again. Thanks so much, Mike -- Andreas Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sieve authentication
Am Thursday 14 September 2006 20:25 schrieb Mike Husmann: I'm running cyrus-imap v2.2.12 on a Trustix Linux box with saslauthd configured to look to Active Directory via LDAP. It's worked great since we put it up in April. However, this morning, timsieved quit working out of the blue. The avelsieve squirrelmail plugin no longer would authenticate. Here's what I get from sivtest if I connect from any remote machine: sivtest -a husmann -u husmann imap -v S: IMPLEMENTATION Cyrus timsieved v2.2.12 S: SASL PLAIN S: SIEVE fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex S: STARTTLS S: OK Authentication failed. no mechanism available Security strength factor: 0 C: LOGOUT Connection closed. However, if I connect on localhost, everything (sivtest and sieveshell) work great. I have confirmed that cyrus-master is listening on port 2000: netstat -tulpen | grep 2000 tcp0 0 0.0.0.0:20000.0.0.0:* LISTEN 0 814437418188/cyrus-master tcp0 0 :::2000 :::*LISTEN 0 814437218188/cyrus-master Which explains why I can telnet in, etc... To my knowledge, nothing has changed, so I'm puzzled as to why it would stop working all of a sudden. When I try to use sieveshell to log in, I get this in /var/log/imapd/debug: It doesn't matter whether I log in from localhost or remote, in this case. Sep 14 11:36:06 rusty master[22152]: about to exec /usr/lib/cyrus-imapd/bin/timsieved Sep 14 11:36:06 rusty sieve[22152]: executed Sep 14 11:36:06 rusty sieve[22152]: accepted connection Restarting cyrus doesn't help, and I'm not running any firewall rules with iptables... Show your configuration imapd.conf, cyrus.conf. Hmm, maybe hosts.allow/hosts.deny, too. -- Andreas Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sieve authentication
Show your configuration imapd.conf, cyrus.conf. Hmm, maybe hosts.allow/hosts.deny, too. imapd.conf # server conf servername: rusty.morningside.edu umask: 077 reject8bit: no quotawarn: 90 timeout: 30 poptimeout: 10 # singleinstancestore: yes username_to_lower: yes lmtp_downcase_rcpt: yes lmtp_over_quota_perm_failure: yes altnamespace: yes # user conf postmaster: postmaster admins: cyrus cyrusadm # directory and file locations configdirectory: /var/spool/cyrus-imap partition-default: /var/spool/cyrus-imap sievedir: /var/spool/cyrus-imap/sieve sendmail: /usr/sbin/sendmail # authentication allowanonymouslogin: no allowplaintext: yes sasl_mech_list: plain sasl_minimum_layer: 0 sasl_pwcheck_method: saslauthd # new user automated creates autocreate_sieve_script: /var/spool/cyrus-imap/sieve/phpscript autocreate_sieve_compiledscript: /var/spool/cyrus-imap/sieve/phpscript.bc generate_compiled_sieve_script: yes sieve_maxscriptsize: 64 sieve_maxscripts: 50 autocreateinboxfolders: Spam autosubscribeinboxfolders: Spam autocreatequota: 51200 createonpost: yes # security certificate information tls_cert_file: /etc/ssl/certs/imap.morningside.edu.crt tls_key_file: /etc/ssl/certs/imap.morningside.edu.key tls_ca_file: /etc/ssl/certs/imap.morningside.edu.ca-bundle --- cyrus.conf --- # standard standalone server implementation START { # do not delete this entry! recover cmd=ctl_cyrusdb -r # this is only necessary if using idled for IMAP IDLE # idledcmd=idled } # UNIX sockets start with a slash and are put into /var/spool/cyrus-imap/socket SERVICES { # add or remove based on preferences imap cmd=imapd listen=imap prefork=0 imaps cmd=imapd -s listen=imaps prefork=0 pop3 cmd=pop3d listen=pop3 prefork=0 pop3s cmd=pop3d -s listen=pop3s prefork=0 sieve cmd=timsieved listen=sieve prefork=0 # at least one LMTP is required for delivery # lmtp cmd=lmtpd listen=lmtp prefork=0 lmtpunix cmd=lmtpd listen=/var/spool/cyrus-imap/socket/lmtp prefork=0 # this is only necessary if using notifications # notify cmd=notifyd listen=/var/spool/cyrus-imap/socket/notify proto=udp prefork=1 } EVENTS { # this is required checkpointcmd=ctl_cyrusdb -c period=15 # this is only necessary if using duplicate delivery suppression delprune cmd=ctl_deliver -E 3 at=0400 # this is only necessary if caching TLS sessions tlsprune cmd=tls_prune at=0400 } --- hosts.allow and hosts.deny are both empty. --- I have been using nscd to cache lookups.. here is it's config: logfile /var/log/nscd.log threads 10 max-threads 128 # server-user nobody # stat-user somebody debug-level 0 # reload-count5 paranoiano # restart-interval3600 enable-cachepasswd yes positive-time-to-live passwd 660 negative-time-to-live passwd 20 suggested-size passwd 1051 check-files passwd yes persistent passwd yes shared passwd yes enable-cachegroup yes positive-time-to-live group 3600 negative-time-to-live group 60 suggested-size group 1051 check-files group yes persistent group yes shared group yes enable-cachehosts yes positive-time-to-live hosts 3600 negative-time-to-live hosts 20 suggested-size hosts 1051 check-files hosts yes persistent hosts yes shared hosts yes --- Thanks again, Mike Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve authentication problem
Am Saturday 09 September 2006 12:38 schrieb Achim Lammerts: do I get some help about Sieve here too? Some days ago I've added authentication by sasldb and today I saw that Sieve doesn't work anymore. I can't login to sieveshell from root like sieveshell --user mailuser --authname mailuser localhost, the correct password is not accepted. There are these entries in the log file: Sep 9 12:25:44 salamucha master[7088]: about to exec /usr/lib/cyrus/bin/timsieved Sep 9 12:25:44 salamucha sieve[7088]: executed Sep 9 12:25:44 salamucha sieve[7088]: accepted connection Sep 9 12:25:49 salamucha PAM-warn[1066]: function=[pam_sm_authenticate] service=[sieve] terminal=[unknown] user=[mailuser] ruser=[unknown] rhost=[unknown] But this is saslauthd/pam, which is queried, not sasldb. Check your saslauthd/pam Configuration. Sep 9 12:25:49 salamucha PAM-warn[1066]: function=[pam_sm_acct_mgmt] service=[sieve] terminal=[unknown] user=[mailuser] ruser=[unknown] rhost=[unknown] Sep 9 12:25:49 salamucha sieve[7088]: transitioning user mailuser to auxprop database Sep 9 12:25:49 salamucha sieve[7088]: setpass succeeded for mailuser Sep 9 12:25:49 salamucha sieve[7088]: mkdir /var/lib/sieve/m/mailuser: File exists Sep 9 12:25:49 salamucha sieve[7088]: error in actions_setuser() Sep 9 12:25:49 salamucha perl: No worthy mechs found Sep 9 12:25:49 salamucha master[6160]: process 7088 exited, status 0 The actual imapd.conf looks like this: ... sasl_pwcheck_method: saslauthd auxprop sasl_auxprop_plugin: sasldb sasl_auto_transition: yes sasl_mech_list: plain login ... Also avelsieve doesn't work correctly before I got this problem above, in the meantime I can't use avelsieve too of course (with a similar error message). That might be another question and not here, but I like to ask about the rights for the Sieve directory. It's set to 600 and the owner is cyrus:mail, is that right? -- Andreas Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve authentication problem
Am Sunday 10 September 2006 08:00 schrieb Andreas Winkelmann: do I get some help about Sieve here too? Some days ago I've added authentication by sasldb and today I saw that Sieve doesn't work anymore. I can't login to sieveshell from root like sieveshell --user mailuser --authname mailuser localhost, the correct password is not accepted. There are these entries in the log file: Sep 9 12:25:44 salamucha master[7088]: about to exec /usr/lib/cyrus/bin/timsieved Sep 9 12:25:44 salamucha sieve[7088]: executed Sep 9 12:25:44 salamucha sieve[7088]: accepted connection Sep 9 12:25:49 salamucha PAM-warn[1066]: function=[pam_sm_authenticate] service=[sieve] terminal=[unknown] user=[mailuser] ruser=[unknown] rhost=[unknown] But this is saslauthd/pam, which is queried, not sasldb. Check your saslauthd/pam Configuration. Ok forget it, sometimes it is better to read further. Sep 9 12:25:49 salamucha PAM-warn[1066]: function=[pam_sm_acct_mgmt] service=[sieve] terminal=[unknown] user=[mailuser] ruser=[unknown] rhost=[unknown] Sep 9 12:25:49 salamucha sieve[7088]: transitioning user mailuser to auxprop database Sep 9 12:25:49 salamucha sieve[7088]: setpass succeeded for mailuser Sep 9 12:25:49 salamucha sieve[7088]: mkdir /var/lib/sieve/m/mailuser: File exists Check this Directory. Maybe it is a File, or the Permissions are incorrect. Sep 9 12:25:49 salamucha sieve[7088]: error in actions_setuser() Sep 9 12:25:49 salamucha perl: No worthy mechs found Sep 9 12:25:49 salamucha master[6160]: process 7088 exited, status 0 The actual imapd.conf looks like this: ... sasl_pwcheck_method: saslauthd auxprop sasl_auxprop_plugin: sasldb sasl_auto_transition: yes sasl_mech_list: plain login ... Also avelsieve doesn't work correctly before I got this problem above, in the meantime I can't use avelsieve too of course (with a similar error message). That might be another question and not here, but I like to ask about the rights for the Sieve directory. It's set to 600 and the owner is cyrus:mail, is that right? -- Andreas Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve authentication failure
On Mon, 2005-12-05 at 16:20 +0200, Paul-Erik Törrönen wrote: But sivtest fails: $ sivtest -a poltsi localhost S: IMPLEMENTATION Cyrus timsieved v2.2.12-Invoca-RPM-2.2.12-6.fc4 S: SASL PLAIN S: SIEVE fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex S: STARTTLS S: OK Please enter your password: C: AUTHENTICATE PLAIN {28+} password hash S: NO Authentication Error As do sieveshell: $ sieveshell -u poltsi -a poltsi localhost connecting to localhost Please enter your password: unable to connect to server at /usr/bin/sieveshell line 169, STDIN line 1. Ok, I've gotten a step further, the sivtest works when I give the full [EMAIL PROTECTED] in the -a parameter, but the same does not work with the sieveshell, it barfs with the same error as above. Any help? Poltsi Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve Authentication Fails
On Thursday 03 February 2005 23.24, Dan Perez wrote: Hi All, I see that this question has been posted before, but I don't see a clear answer, so forgive me. Any leads would be appreciated. I'm running cyrus 2.2.10, on RHEL 3.0. It works great. Now I want to start using sieve... but I can't get sieveshell to connect to the server and I don't understand why. [EMAIL PROTECTED] log]# sieveshell -u cyrus localhost connecting to localhost Please enter your password: unable to connect to server at /usr/bin/sieveshell line 169, STDIN line 1. my imapd conf: configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem tls_ca_file: /usr/share/ssl/certs/ca-bundle.crt saslauthd is running w/ -a pam Authentication works fine for the IMAP server, cyradm. Sieve is listening... [EMAIL PROTECTED] log]# telnet localhost sieve Trying 127.0.0.1... Connected to localhost (127.0.0.1). Escape character is '^]'. IMPLEMENTATION Cyrus timsieved v2.2.10-Invoca-RPM-2.2.10-8 SASL PLAIN SIEVE fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex STARTTLS OK Heck, I even get sieve headers in my emails... X-Sieve: CMU Sieve 2.2 Any ideas? Thanks, Dan --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Hi See my attached /etc/imad.conf file Take an extra look at the row allowplaintext. There are maybe other ways around the problem. But I have not found any (yet)... So allowplaintext: yes is needed for sieve logins to work. If TLS is required the sieve login will fail. That was the case with earlier realeases... Now I use 2.2.10 and have not checked if sieve works with TLS. --snip-- configdirectory: /var/imap partition-default: /var/spool/imap admins: root cyradm admin1 admin2 sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN LOGIN allowanonymouslogin: no allowplaintext: yes -- NEED THIS FOR SIEVE LOGIN THAT FAILS OTHERWISE sendmail: /usr/sbin/sendmail quotawarn: 90 servername:MY_FQDN_IMAP_HOST sievedir: /var/sieve sieve_maxscripts: 20 timeout: 240 sievenotifier: mailto mailnotifier: mailto altnamespace: 1 berkeley_cachesize: 8192 postmaster: [EMAIL PROTECTED] sharedprefix: Shared Folders userprefix: Other Users imapidlepoll: 60 tls_cert_file: /var/imap/server.pem tls_key_file: /var/imap/server.pem tls_ca_file: /var/imap/server.pem --snip-- Hope this could be of any help. Regards /Per-Olov -- GPG keyID: 4DB283CE GPG fingerprint: 45E8 3D0E DE05 B714 D549 45BC CFB4 BBE9 4DB2 83CE pgpPRveYQYWcu.pgp Description: PGP signature
Re: Sieve Authentication Fails
On Thu, 2005-02-03 at 14:24 -0800, Dan Perez wrote: Hi All, I see that this question has been posted before, but I don't see a clear answer, so forgive me. Any leads would be appreciated. I'm running cyrus 2.2.10, on RHEL 3.0. It works great. Now I want to start using sieve... but I can't get sieveshell to connect to the server and I don't understand why. [EMAIL PROTECTED] log]# sieveshell -u cyrus localhost connecting to localhost Please enter your password: unable to connect to server at /usr/bin/sieveshell line 169, STDIN line 1 saslpasswd cyrus #add password for cyrus to sasldb Well, if sieve uses saslauthd - pam to authenticate, there is no need for having a sasldb file with cyrus user. IIRC the problem is that sieveshell doesn't have the --auth parameter like cyradm. The sieve server works, but not sieveshell. Can someone confirm this or has someone already made a patch to fix sieveshell? Simon --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve Authentication Fails
On Fri, 4 Feb 2005, Simon Matter wrote: On Thu, 2005-02-03 at 14:24 -0800, Dan Perez wrote: Hi All, I see that this question has been posted before, but I don't see a clear answer, so forgive me. Any leads would be appreciated. I'm running cyrus 2.2.10, on RHEL 3.0. It works great. Now I want to start using sieve... but I can't get sieveshell to connect to the server and I don't understand why. [EMAIL PROTECTED] log]# sieveshell -u cyrus localhost connecting to localhost Please enter your password: unable to connect to server at /usr/bin/sieveshell line 169, STDIN line 1 saslpasswd cyrus #add password for cyrus to sasldb Well, if sieve uses saslauthd - pam to authenticate, there is no need for having a sasldb file with cyrus user. IIRC the problem is that sieveshell doesn't have the --auth parameter like cyradm. The sieve server works, but not sieveshell. It has --authname and it works fine. Check man pages. -- Igor --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve Authentication Fails
It has --authname and it works fine. Check man pages. Igor --- Sorry, unless I'm misunderstanding something... that's not it. According to the man pages --authname let's you pass in a different username for authentication, it doesn't let you specify a mechanism... Dan --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve Authentication Fails
On Fri, 4 Feb 2005, Dan Perez wrote: It has --authname and it works fine. Check man pages. Igor --- Sorry, unless I'm misunderstanding something... that's not it. According to the man pages --authname let's you pass in a different username for authentication, it doesn't let you specify a mechanism... You are correct, you cannot pass a mechanism to sieveshell. I incorrectly assumed that --auth in cyradm is an authentication username. -- Igor --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve Authentication Fails - Resolved
OK, I'm not sure why this works, but if I su to the unix account which matches the mailbox name of the mailbox I'm trying to run sieveshell for and it works just fine. I had assumed I could be running as root, or another account I use to manage stuff and just pass in the username with a -u parameter. I only tried this because I installed the avelsieve squirrelmail plugin. Once installed, the plugin worked fine, so I knew authentication worked with sieve. That's when it occurred to me to actually su to that unix account, and re-run sieveshell. Thanks for the help guys. Appreciate it. Dan From: Igor Brezac [EMAIL PROTECTED] To: Dan Perez [EMAIL PROTECTED] CC: info-cyrus@lists.andrew.cmu.edu Subject: Re: Sieve Authentication Fails Date: Fri, 4 Feb 2005 14:30:07 -0500 (EST) On Fri, 4 Feb 2005, Dan Perez wrote: It has --authname and it works fine. Check man pages. Igor --- Sorry, unless I'm misunderstanding something... that's not it. According to the man pages --authname let's you pass in a different username for authentication, it doesn't let you specify a mechanism... You are correct, you cannot pass a mechanism to sieveshell. I incorrectly assumed that --auth in cyradm is an authentication username. -- Igor --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve Authentication Fails - Resolved
OK, I'm not sure why this works, but if I su to the unix account which matches the mailbox name of the mailbox I'm trying to run sieveshell for and it works just fine. I had assumed I could be running as root, or another account I use to manage stuff and just pass in the username with a -u parameter. I just tried it and it worked this way (as root): sieveshell --user=simix --authname=simix localhost Simon I only tried this because I installed the avelsieve squirrelmail plugin. Once installed, the plugin worked fine, so I knew authentication worked with sieve. That's when it occurred to me to actually su to that unix account, and re-run sieveshell. Thanks for the help guys. Appreciate it. Dan From: Igor Brezac [EMAIL PROTECTED] To: Dan Perez [EMAIL PROTECTED] CC: info-cyrus@lists.andrew.cmu.edu Subject: Re: Sieve Authentication Fails Date: Fri, 4 Feb 2005 14:30:07 -0500 (EST) On Fri, 4 Feb 2005, Dan Perez wrote: It has --authname and it works fine. Check man pages. Igor --- Sorry, unless I'm misunderstanding something... that's not it. According to the man pages --authname let's you pass in a different username for authentication, it doesn't let you specify a mechanism... You are correct, you cannot pass a mechanism to sieveshell. I incorrectly assumed that --auth in cyradm is an authentication username. -- Igor --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve Authentication Fails
On Thu, 2005-02-03 at 14:24 -0800, Dan Perez wrote: Hi All, I see that this question has been posted before, but I don't see a clear answer, so forgive me. Any leads would be appreciated. I'm running cyrus 2.2.10, on RHEL 3.0. It works great. Now I want to start using sieve... but I can't get sieveshell to connect to the server and I don't understand why. [EMAIL PROTECTED] log]# sieveshell -u cyrus localhost connecting to localhost Please enter your password: unable to connect to server at /usr/bin/sieveshell line 169, STDIN line 1 saslpasswd cyrus #add password for cyrus to sasldb Craig --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: SIEVE authentication failed
Gerald Griessner wrote: Hi, I migrated from Cyrus Imap 2.1.16 to 2.2.8 a couple of days ago. Since then I can not login to Sieve any more. Can anyone help me? below I included my imapd.conf, sivtest output and imtest output Cheers Gerald bash-2.05# sivtest -u ggriessn localhost S: IMPLEMENTATION Cyrus timsieved v2.2.8 S: SIEVE fileinto reject envelope vacation imapflags notify subaddress relational regex S: STARTTLS S: OK Cyrus isn't finding your SASL plugins, because no SASL mechs are listed in the capability list. Make sure you have SASL installed correctly. Authentication failed. generic failure Security strength factor: 0 C: LOGOUT OK Logout Complete Connection closed. bash-2.05# imtest -u ggriessn localhost S: * OK mail.salzburgresearch.at Cyrus IMAP4 v2.2.8 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE STARTTLS S: C01 OK Completed Please enter your password: C: L01 LOGIN root {8} S: + go ahead C: omitted S: L01 NO Login failed: authentication failure Authentication failed. generic failure Security strength factor: 0 C: Q01 LOGOUT * BYE LOGOUT received Q01 OK Completed Connection closed. And here is my imapd.conf: allowanonymouslogin:no allowapop: no allowplaintext: yes allowplaintextwithouttls: yes allowusermoves: 1 annotation_db: skiplist autocreatequota:400 configdirectory:/var/imap/config deleteright:c duplicate_db: berkeley-nosync duplicatesuppression: 1 imapidlepoll: 60 mboxlist_db: berkeley partition-default: /var/imap/data postmaster: [EMAIL PROTECTED] quota_db: berkeley quotawarn: 90 sasl_option:yes sasl_auto_transition: no sasl_maximum_layer: 256 sasl_mech_list: PLAIN sasl_minimum_layer: 0 sasl_pwcheck_method:pam saslauthd sasl_reauth_timeout:0 sasl_saslauthd_path:/var/state/saslauthd/mux seenstate_db: berkeley sendmail: /usr/exim/bin/exim servername: mail.salzburgresearch.at sieve_maxscripts: 16 sieve_maxscriptsize:128 sievedir: /var/imap/sieve sievenotifier: SIEVE sieveusehomedir:false singleinstancestore:yes subscription_db:berkeley tlscache_db: berkeley-nosync --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: SIEVE authentication failed
--On Wednesday, September 01, 2004 08:49:25 -0400 Ken Murchison [EMAIL PROTECTED] wrote: Gerald Griessner wrote: Hi, I migrated from Cyrus Imap 2.1.16 to 2.2.8 a couple of days ago. Since then I can not login to Sieve any more. Can anyone help me? below I included my imapd.conf, sivtest output and imtest output Cheers Gerald bash-2.05# sivtest -u ggriessn localhost S: IMPLEMENTATION Cyrus timsieved v2.2.8 S: SIEVE fileinto reject envelope vacation imapflags notify subaddress relational regex S: STARTTLS S: OK Cyrus isn't finding your SASL plugins, because no SASL mechs are listed in the capability list. Make sure you have SASL installed correctly. SNIP Hi Ken, actually IMAP is authenticating against SASL. I compiled sasl 2.1.9 like: ./configure --prefix=/usr/cyrus-sasl --sysconfdir=/etc --enable-login --disable-checkapop --disable-krb4 --disable-gssapi --with-openssl=/usr/local/ssl --with-saslauthd=/var/state/saslauthd --with-ldap And in sasldb/Makefile line 245 changed LOCAL_SASL_DB_BACKEND_STATIC := toLOCAL_SASL_DB_BACKEND_STATIC = since it was not making I'm starting the daemeon like: /usr/cyrus-sasl/sbin/saslauthd -a pam -O /etc/saslauthd /etc/saslauthd: MECHANISMS=pam --enable-login --disable-checkapop --disable-krb4 --disable-gssapi --with-openssl=/usr/local/ssl --with-saslauthd=/var/state/saslauthd I did exactly the same as with version 2.1.17 (old Server) Can you give me any hint? Cheers Gerald --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: SIEVE authentication failed
Gerald Griessner wrote: --On Wednesday, September 01, 2004 08:49:25 -0400 Ken Murchison [EMAIL PROTECTED] wrote: Gerald Griessner wrote: Hi, I migrated from Cyrus Imap 2.1.16 to 2.2.8 a couple of days ago. Since then I can not login to Sieve any more. Can anyone help me? below I included my imapd.conf, sivtest output and imtest output Cheers Gerald bash-2.05# sivtest -u ggriessn localhost S: IMPLEMENTATION Cyrus timsieved v2.2.8 S: SIEVE fileinto reject envelope vacation imapflags notify subaddress relational regex S: STARTTLS S: OK Cyrus isn't finding your SASL plugins, because no SASL mechs are listed in the capability list. Make sure you have SASL installed correctly. SNIP Hi Ken, actually IMAP is authenticating against SASL. I compiled sasl 2.1.9 like: ./configure --prefix=/usr/cyrus-sasl --sysconfdir=/etc --enable-login --disable-checkapop --disable-krb4 --disable-gssapi --with-openssl=/usr/local/ssl --with-saslauthd=/var/state/saslauthd --with-ldap And in sasldb/Makefile line 245 changed LOCAL_SASL_DB_BACKEND_STATIC := toLOCAL_SASL_DB_BACKEND_STATIC = since it was not making I'm starting the daemeon like: /usr/cyrus-sasl/sbin/saslauthd -a pam -O /etc/saslauthd /etc/saslauthd: MECHANISMS=pam --enable-login --disable-checkapop --disable-krb4 --disable-gssapi --with-openssl=/usr/local/ssl --with-saslauthd=/var/state/saslauthd I did exactly the same as with version 2.1.17 (old Server) Can you give me any hint? Try making a link fro /usr/lib/sasl2 to the directory which contains the mschanism plugins (libplain.so, libcrammd5.so, etc). -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: SIEVE authentication failed
--On Wednesday, September 01, 2004 11:40:40 -0400 Ken Murchison [EMAIL PROTECTED] wrote: Cyrus isn't finding your SASL plugins, because no SASL mechs are listed in the capability list. Make sure you have SASL installed correctly. SNIP Hi Ken, actually IMAP is authenticating against SASL. I compiled sasl 2.1.9 like: ./configure --prefix=/usr/cyrus-sasl --sysconfdir=/etc --enable-login --disable-checkapop --disable-krb4 --disable-gssapi --with-openssl=/usr/local/ssl --with-saslauthd=/var/state/saslauthd --with-ldap And in sasldb/Makefile line 245 changed LOCAL_SASL_DB_BACKEND_STATIC := toLOCAL_SASL_DB_BACKEND_STATIC = since it was not making I'm starting the daemeon like: /usr/cyrus-sasl/sbin/saslauthd -a pam -O /etc/saslauthd /etc/saslauthd: MECHANISMS=pam --enable-login --disable-checkapop --disable-krb4 --disable-gssapi --with-openssl=/usr/local/ssl --with-saslauthd=/var/state/saslauthd I did exactly the same as with version 2.1.17 (old Server) Can you give me any hint? Try making a link fro /usr/lib/sasl2 to the directory which contains the mschanism plugins (libplain.so, libcrammd5.so, etc). Many thanks, that works. Although, I'm not sure why, because my linker (crle) shows /usr/cyrus-sasl/lib it in the search path. Anyway Cheers Gerald --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sieve authentication
Denis V. Suhanov wrote: Hello Rob, Thursday, January 8, 2004, 1:42:58 PM, you wrote: Is there a way to disable plaintext passwords in imap but allow them in sieve (since I have it running locally). There is a bug in PHP's Net_Sieve module that makes it hang whenever timsieved does not report a PLAIN method (http://pear.php.net/bugs/bug.php?id=159). RS If you are running 2.2.x you can have a per-serive allowplaintext option. You mean, by using a -C switch and a separate imapd.conf, only for timsieved (that's what I've done)? I failed to find any sieve-specific options in man imapd.conf In 2.2, you can prefix any option with the service name (as it appears in cyrus.conf. So the following are valid options: imap_allowplaintext sieve_allowplaintext -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: sieve authentication
On Thu, 8 Jan 2004, Denis V. Suhanov wrote: Is there a way to disable plaintext passwords in imap but allow them in sieve (since I have it running locally). There is a bug in PHP's Net_Sieve module that makes it hang whenever timsieved does not report a PLAIN method (http://pear.php.net/bugs/bug.php?id=159). If you are running 2.2.x you can have a per-serive allowplaintext option. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: Sieve authentication
Hi; My users's inbox have another machine and another directory. For examble " username: user's home directory = /ev/.../ (user server) user's mail directory = /posta/ (mail server) (this servers is different machine and ip) " I connected mail server that said me "no found mbox " and "no found valid mbox".Why?How could i solve this problem? Please help me.. Thanks.. Ken Murchison wrote: The service name for Sieve was changed from "imap" to "sieve". Copy your "imap" PAM config to "sieve" and you should be fine. David Chait wrote: Greetings all, I'm in the process of upgrading our current cyrus install and so far it has gone will with the one caviat that I cannot for some reason get Sieve to authenticate users. The IMAP daemon however works fine. As you can see below, I can see auth mechanisms: [root@bonmail adm]# telnet localhost 2000 Trying 127.0.0.1... Connected to bonmail.stanford.edu (127.0.0.1). Escape character is '^]'. "IMPLEMENTATION" "Cyrus timsieved v2.1.11" "SASL" "PLAIN" "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational regex" OK However whenever I attempt to authenticate via the test utility, I get the following: [root@bonmail adm]# sivtest -u dchait localhost S: "IMPLEMENTATION" "Cyrus timsieved v2.1.11" S: "SASL" "PLAIN" S: "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational regex" S: OK Please enter your password: C: AUTHENTICATE "PLAIN" {28+} ZGNoYWl0AHJvb3QATTExa3kjV0B5 S: NO "Authentication Error" Authentication failed. generic failure Security strength factor: 0 The logs show a PAM error, however my PAM file hasn't changed between installs: Dec 27 01:17:28 bonmail saslauthd[19310]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure Dec 27 01:17:28 bonmail saslauthd[19310]: AUTHFAIL: user=dchait service=sieve realm= [PAM auth error] Dec 27 01:17:28 bonmail timsieved[19607]: Password verification failed imap file in pam.d shows: auth required pam_nologin.so auth required pam_stack.so service=system-auth accountrequired pam_stack.so service=system-auth sessionrequired pam_stack.so service=system-auth My cyrus.conf file shows: # standard standalone server implementation START { # do not delete this entry! recover cmd="ctl_cyrusdb -r" # this is only necessary if using idled for IMAP IDLE # idledcmd="idled" } # UNIX sockets start with a slash and are put into /var/imap/socket SERVICES { # add or remove based on preferences imap cmd="imapd" listen="imap" prefork=0 imaps cmd="imapd -s" listen="imaps" prefork=0 # pop3 cmd="pop3d" listen="pop3" prefork=0 # pop3scmd="pop3d -s" listen="pop3s" prefork=0 sieve cmd="timsieved" listen="sieve" prefork=0 # at least one LMTP is required for delivery # lmtp cmd="lmtpd" listen="lmtp" prefork=0 lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0 # this is only necessary if using notifications # notify cmd="notifyd" listen="/var/imap/socket/notify" proto="udp" prefork=1 } EVENTS { # this is required checkpointcmd="ctl_cyrusdb -c" period=30 # this is only necessary if using duplicate delivery suppression delprune cmd="ctl_deliver -E 3" period=1440 # this is only necessary if caching TLS sessions tlsprune cmd="tls_prune" period=1440 } This is on a Red Hat 7.3 based Dell server Runing the latest stable versions of both sasl and cyrus imap. Any ideas? Thanks, David -- Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/
Re: Sieve authentication
The service name for Sieve was changed from imap to sieve. Copy your imap PAM config to sieve and you should be fine. David Chait wrote: Greetings all, I'm in the process of upgrading our current cyrus install and so far it has gone will with the one caviat that I cannot for some reason get Sieve to authenticate users. The IMAP daemon however works fine. As you can see below, I can see auth mechanisms: [root@bonmail adm]# telnet localhost 2000 Trying 127.0.0.1... Connected to bonmail.stanford.edu (127.0.0.1). Escape character is '^]'. IMPLEMENTATION Cyrus timsieved v2.1.11 SASL PLAIN SIEVE fileinto reject envelope vacation imapflags notify subaddress relational regex OK However whenever I attempt to authenticate via the test utility, I get the following: [root@bonmail adm]# sivtest -u dchait localhost S: IMPLEMENTATION Cyrus timsieved v2.1.11 S: SASL PLAIN S: SIEVE fileinto reject envelope vacation imapflags notify subaddress relational regex S: OK Please enter your password: C: AUTHENTICATE PLAIN {28+} ZGNoYWl0AHJvb3QATTExa3kjV0B5 S: NO Authentication Error Authentication failed. generic failure Security strength factor: 0 The logs show a PAM error, however my PAM file hasn't changed between installs: Dec 27 01:17:28 bonmail saslauthd[19310]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure Dec 27 01:17:28 bonmail saslauthd[19310]: AUTHFAIL: user=dchait service=sieve realm= [PAM auth error] Dec 27 01:17:28 bonmail timsieved[19607]: Password verification failed imap file in pam.d shows: auth required pam_nologin.so auth required pam_stack.so service=system-auth accountrequired pam_stack.so service=system-auth sessionrequired pam_stack.so service=system-auth My cyrus.conf file shows: # standard standalone server implementation START { # do not delete this entry! recover cmd=ctl_cyrusdb -r # this is only necessary if using idled for IMAP IDLE # idledcmd=idled } # UNIX sockets start with a slash and are put into /var/imap/socket SERVICES { # add or remove based on preferences imap cmd=imapd listen=imap prefork=0 imaps cmd=imapd -s listen=imaps prefork=0 # pop3 cmd=pop3d listen=pop3 prefork=0 # pop3scmd=pop3d -s listen=pop3s prefork=0 sieve cmd=timsieved listen=sieve prefork=0 # at least one LMTP is required for delivery # lmtp cmd=lmtpd listen=lmtp prefork=0 lmtpunix cmd=lmtpd listen=/var/imap/socket/lmtp prefork=0 # this is only necessary if using notifications # notify cmd=notifyd listen=/var/imap/socket/notify proto=udp prefork=1 } EVENTS { # this is required checkpointcmd=ctl_cyrusdb -c period=30 # this is only necessary if using duplicate delivery suppression delprune cmd=ctl_deliver -E 3 period=1440 # this is only necessary if caching TLS sessions tlsprune cmd=tls_prune period=1440 } This is on a Red Hat 7.3 based Dell server Runing the latest stable versions of both sasl and cyrus imap. Any ideas? Thanks, David -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: sieve authentication
Justin Wood wrote: I recently installed cyrus-imapd 2.0.16 w/ cyrus-sasl 1.5.27 on FreeBSD 4.5-RELEASE (from the ports tree). I managed to get imapd auth working just fine, but when I try to install a sieve script using installsieve, I get the following messages in syslog: Feb 8 14:19:22 fs1 timsieved[9785]: KERBEROS_V4: can't access srvtab file /etc/srvtab: No such file or directory Feb 8 14:19:22 fs1 timsieved[9785]: add_plugin(/usr/local/lib/sasl/libkerberos4.so) failed: generic failure Feb 8 14:19:23 fs1 timsieved[9785]: badlogin: fs1.p.flipdog.com[10.69.2.71] DIGEST-MD5 -13 unable to get user's secret In imapd.conf I have sasl_pwcheck_method: LDAP and the appropriate settings for the ldap server. Where do I modify settings for timsieved? I would like to do ldap/pam_ldap auth with it as well. Unless you have a need for the non-plaintext mechanisms, try removing these plugins. Sieveshell will try to use the best (highest SSF) mechanism that it finds. If you only have PLAIN and/or LOGIN installed, it will have no choice but to use one of these, which should then use your PAM config. In SASL v2.1 you can use the 'mech_list' option in the SASL conf file to limit which mechs will be offered by the service. In either case, we probably should add a --auth option to sieveshell, just like cyradm. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
RE: sieve authentication
Unless you have a need for the non-plaintext mechanisms, try removing these plugins. Sieveshell will try to use the best (highest SSF) mechanism that it finds. If you only have PLAIN and/or LOGIN installed, it will have no choice but to use one of these, which should then use your PAM config. On my system, cyradm uses DIGEST-MD5 and succeeds, while sieveshell uses DIGEST-MD5 and fails.
RE: sieve authentication
For the last four months or so I haven't been able to get sieveshell to authenticate, no matter what I try. The fact that cyradm authenticates just fine makes me suspect it's something about sieve ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Justin Wood Sent: Friday, February 08, 2002 15:39 To: [EMAIL PROTECTED] Subject: sieve authentication I recently installed cyrus-imapd 2.0.16 w/ cyrus-sasl 1.5.27 on FreeBSD 4.5-RELEASE (from the ports tree). I managed to get imapd auth working just fine, but when I try to install a sieve script using installsieve, I get the following messages in syslog: Feb 8 14:19:22 fs1 timsieved[9785]: KERBEROS_V4: can't access srvtab file /etc/srvtab: No such file or directory Feb 8 14:19:22 fs1 timsieved[9785]: add_plugin(/usr/local/lib/sasl/libkerberos4.so) failed: generic failure Feb 8 14:19:23 fs1 timsieved[9785]: badlogin: fs1.p.flipdog.com[10.69.2.71] DIGEST-MD5 -13 unable to get user's secret In imapd.conf I have sasl_pwcheck_method: LDAP and the appropriate settings for the ldap server. Where do I modify settings for timsieved? I would like to do ldap/pam_ldap auth with it as well. Thanks in advance, Justin. -- -- Justin Wood [EMAIL PROTECTED] Systems Administrator FlipDog.comhttp://www.flipdog.com/ --