Re: SIEVE weirdness
Brian wrote: Any idea on what's going wrong? Maybe the plain sasl plugin isn't installed. Try a "telnet localhost sieve" and check that in the output there's a line advertising "SASL" "PLAIN" Bye -- Luca Olivetti Wetron Automatización S.A. http://www.wetron.es/ Tel. +34 93 5883004 Fax +34 93 5883007 --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: SIEVE weirdness
Simon Matter said: >> Seems like a problem with the auth method, but when I look in >> /etc/imapd.conf he's using saslauthd ... >> >> postmaster: postmaster >> configdirectory: /var/lib/imap/ >> partition-default: /var/spool/imap >> admins: cyrus >> allowanonymouslogin: no >> allowplaintext: yes >> sasl_mech_list: PLAIN DIGEST-MD5 shadow pwcheck > ^^^ > What exactly do you want here? Since you are using saslauthd as > sasl_pwcheck_method, you very likely use PAM/shadow to authenticate. Then, > just use 'sasl_mech_list: PLAIN'. IIRC sieveshell is different from the > other cyrus tools when it comes to using different mechs. Of course you > need /etc/pam.d/sieve with proper config. I probably wasn't clear in my last post. The goal is to be able to make sieve authenticate via plain, just like is happening with IMAP. If I take DIGEST-MD5 out of the conf file, then cyrus-imapd won't start. But if saslauthd is being used then where is DIGEST-MD5 being set? I've also tried using sivtest, but I can't seem to authenticate. -- Brian --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: SIEVE weirdness
> A friend of mine has tried to get Cyrus 2.1.5 running on RHEL 3 and all > works except sieve. > > Doing something like 'sieveshell -u cyrus -a cyrus' prompts for the > password over and over. > > The error message I get is > Feb 5 17:09:48 agentsmith timsieved[4172]: unable to open Berkeley db > /etc/sasldb2: Invalid argument > Feb 5 17:09:48 agentsmith timsieved[4172]: unable to open Berkeley db > /etc/sasldb2: Invalid argument > Feb 5 17:09:48 agentsmith timsieved[4172]: no secret in database > Feb 5 17:09:48 agentsmith timsieved[4172]: badlogin: > localhost.localdomain[127.0.0.1] DIGEST-MD5 authentication failure > > Seems like a problem with the auth method, but when I look in > /etc/imapd.conf he's using saslauthd ... > > postmaster: postmaster > configdirectory: /var/lib/imap/ > partition-default: /var/spool/imap > admins: cyrus > allowanonymouslogin: no > allowplaintext: yes > sasl_mech_list: PLAIN DIGEST-MD5 shadow pwcheck ^^^ What exactly do you want here? Since you are using saslauthd as sasl_pwcheck_method, you very likely use PAM/shadow to authenticate. Then, just use 'sasl_mech_list: PLAIN'. IIRC sieveshell is different from the other cyrus tools when it comes to using different mechs. Of course you need /etc/pam.d/sieve with proper config. Simon > servername: agentsmith.novussententia.com > autocreatequota: 1 > reject8bit: no > quotawarn: 90 > timeout: 30 > poptimeout: 10 > sasl_pwcheck_method: saslauthd > sievedir: /usr/sieve > sendmail: /usr/sbin/sendmail > sieve_maxscriptsize: 32 > sieveuserhomedir: no > sieve_maxscripts: 5 > tls_ca_file: /var/lib/imap/cacert.pem > tls_cert_file: /var/lib/imap/server.crt > tls_key_file: /var/lib/imap/server.key > > His cyrus.conf: > > START { > # do not delete this entry! > mboxlist cmd="ctl_cyrusdb -r" > deliver cmd="ctl_deliver -r" > recover cmd="ctl_cyrusdb -r" > > # this is only necessary if using idled for IMAP IDLE > # idledcmd="idled" > } > > # UNIX sockets start with a slash and are put into /var/lib/imap/sockets > SERVICES { > # add or remove based on preferences > imap cmd="imapd" listen="imap" prefork=5 > imaps cmd="imapd -s" listen="imaps" prefork=1 > #pop3 cmd="pop3d" listen="pop3" prefork=3 > #pop3scmd="pop3d -s" listen="pop3s" prefork=1 > sieve cmd="timsieved" listen="localhost:sieve" prefork=0 > lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=0 > > # this is only necessary if using notifications > # notify cmd="notifyd" listen="/var/lib/imap/socket/notify" > proto="udp" prefork=1 > } > > EVENTS { > # this is required > checkpointcmd="ctl_cyrusdb -c" period=30 > > # this is only necessary if using duplicate delivery suppression > delprune cmd="ctl_deliver -E 3" at=0400 > > # this is only necessary if caching TLS sessions > tlsprune cmd="tls_prune" at=0400 > squatter cmd="squatter -r user" period=1440 > } > > He can login via IMAP just fine. I even see in the logs where it accepts > the password as type 'plain'. Below is a strace where we try to > authenticate via sieveshell. I see it trying to open /etc/shadow, but not > sasldb > > [pid 4163] <... accept resumed> {sa_family=AF_UNIX, [EMAIL PROTECTED], [2]) = 7 > [pid 4163] fcntl64(6, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, > len=1} > [pid 4162] <... fcntl64 resumed> ) = 0 > [pid 4163] <... fcntl64 resumed> ) = 0 > [pid 4162] accept(5, > [pid 4163] read(7, "\0\6", 2) = 2 > [pid 4163] read(7, "csmith", 6)= 6 > [pid 4163] read(7, "\0\5", 2) = 2 > [pid 4163] read(7, "fr00t", 5) = 5 > [pid 4163] read(7, "\0\4", 2) = 2 > [pid 4163] read(7, "smtp", 4) = 4 > [pid 4163] read(7, "\0\0", 2) = 2 > [pid 4163] socket(PF_UNIX, SOCK_STREAM, 0) = 8 > [pid 4163] connect(8, {sa_family=AF_UNIX, path="/var/run/.nscd_socket"}, > 110) = -1 ENOENT (No such file or directory) > [pid 4163] close(8)= 0 > [pid 4163] open("/etc/nsswitch.conf", O_RDONLY) = 8 > [pid 4163] fstat64(8, {st_mode=S_IFREG|0644, st_size=1686, ...}) = 0 > [pid 4163] mmap2(NULL, 4096, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb75ea000 > [pid 4163] read(8, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1686 > [pid 4163] read(8, "", 4096) = 0 > [pid 4163] close(8)= 0 > [pid 4163] munmap(0xb75ea000, 4096)= 0 > [pid 4163] open("/etc/ld.so.cache", O_RDONLY) = 8 > [pid 4163] fstat64(8, {st_mode=S_IFREG|0644, st_size=38297, ...}) = 0 > [pid 4163] old_mmap(NULL, 38297, PROT_READ, MAP_PRIVATE, 8, 0) = > 0xb75e1000 > [pid 4163] close(8)= 0 > [pid 4163] open("/lib/libnss_files.so.2", O_RDONLY) = 8 > [pid 4163] read(8, > "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\\35\0"..., 512) = 512 > [pid 4163] fstat64(8, {st_mode=S_IFREG|07
Re: SIEVE weirdness
dear listeners, Am Mittwoch, 11. Februar 2004 15:34 schrieb Brian: > Doing something like 'sieveshell -u cyrus -a cyrus' prompts for the > password over and over. Is there a file /etc/sasldb2 ? If not create it with saslpasswd2 ... (see help) peace & luck Stefan --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
SIEVE weirdness
A friend of mine has tried to get Cyrus 2.1.5 running on RHEL 3 and all works except sieve. Doing something like 'sieveshell -u cyrus -a cyrus' prompts for the password over and over. The error message I get is Feb 5 17:09:48 agentsmith timsieved[4172]: unable to open Berkeley db /etc/sasldb2: Invalid argument Feb 5 17:09:48 agentsmith timsieved[4172]: unable to open Berkeley db /etc/sasldb2: Invalid argument Feb 5 17:09:48 agentsmith timsieved[4172]: no secret in database Feb 5 17:09:48 agentsmith timsieved[4172]: badlogin: localhost.localdomain[127.0.0.1] DIGEST-MD5 authentication failure Seems like a problem with the auth method, but when I look in /etc/imapd.conf he's using saslauthd ... postmaster: postmaster configdirectory: /var/lib/imap/ partition-default: /var/spool/imap admins: cyrus allowanonymouslogin: no allowplaintext: yes sasl_mech_list: PLAIN DIGEST-MD5 shadow pwcheck servername: agentsmith.novussententia.com autocreatequota: 1 reject8bit: no quotawarn: 90 timeout: 30 poptimeout: 10 sasl_pwcheck_method: saslauthd sievedir: /usr/sieve sendmail: /usr/sbin/sendmail sieve_maxscriptsize: 32 sieveuserhomedir: no sieve_maxscripts: 5 tls_ca_file: /var/lib/imap/cacert.pem tls_cert_file: /var/lib/imap/server.crt tls_key_file: /var/lib/imap/server.key His cyrus.conf: START { # do not delete this entry! mboxlist cmd="ctl_cyrusdb -r" deliver cmd="ctl_deliver -r" recover cmd="ctl_cyrusdb -r" # this is only necessary if using idled for IMAP IDLE # idledcmd="idled" } # UNIX sockets start with a slash and are put into /var/lib/imap/sockets SERVICES { # add or remove based on preferences imap cmd="imapd" listen="imap" prefork=5 imaps cmd="imapd -s" listen="imaps" prefork=1 #pop3 cmd="pop3d" listen="pop3" prefork=3 #pop3scmd="pop3d -s" listen="pop3s" prefork=1 sieve cmd="timsieved" listen="localhost:sieve" prefork=0 lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=0 # this is only necessary if using notifications # notify cmd="notifyd" listen="/var/lib/imap/socket/notify" proto="udp" prefork=1 } EVENTS { # this is required checkpointcmd="ctl_cyrusdb -c" period=30 # this is only necessary if using duplicate delivery suppression delprune cmd="ctl_deliver -E 3" at=0400 # this is only necessary if caching TLS sessions tlsprune cmd="tls_prune" at=0400 squatter cmd="squatter -r user" period=1440 } He can login via IMAP just fine. I even see in the logs where it accepts the password as type 'plain'. Below is a strace where we try to authenticate via sieveshell. I see it trying to open /etc/shadow, but not sasldb [pid 4163] <... accept resumed> {sa_family=AF_UNIX, [EMAIL PROTECTED], [2]) = 7 [pid 4163] fcntl64(6, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=1} [pid 4162] <... fcntl64 resumed> ) = 0 [pid 4163] <... fcntl64 resumed> ) = 0 [pid 4162] accept(5, [pid 4163] read(7, "\0\6", 2) = 2 [pid 4163] read(7, "csmith", 6)= 6 [pid 4163] read(7, "\0\5", 2) = 2 [pid 4163] read(7, "fr00t", 5) = 5 [pid 4163] read(7, "\0\4", 2) = 2 [pid 4163] read(7, "smtp", 4) = 4 [pid 4163] read(7, "\0\0", 2) = 2 [pid 4163] socket(PF_UNIX, SOCK_STREAM, 0) = 8 [pid 4163] connect(8, {sa_family=AF_UNIX, path="/var/run/.nscd_socket"}, 110) = -1 ENOENT (No such file or directory) [pid 4163] close(8)= 0 [pid 4163] open("/etc/nsswitch.conf", O_RDONLY) = 8 [pid 4163] fstat64(8, {st_mode=S_IFREG|0644, st_size=1686, ...}) = 0 [pid 4163] mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb75ea000 [pid 4163] read(8, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1686 [pid 4163] read(8, "", 4096) = 0 [pid 4163] close(8)= 0 [pid 4163] munmap(0xb75ea000, 4096)= 0 [pid 4163] open("/etc/ld.so.cache", O_RDONLY) = 8 [pid 4163] fstat64(8, {st_mode=S_IFREG|0644, st_size=38297, ...}) = 0 [pid 4163] old_mmap(NULL, 38297, PROT_READ, MAP_PRIVATE, 8, 0) = 0xb75e1000 [pid 4163] close(8)= 0 [pid 4163] open("/lib/libnss_files.so.2", O_RDONLY) = 8 [pid 4163] read(8, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\\35\0"..., 512) = 512 [pid 4163] fstat64(8, {st_mode=S_IFREG|0755, st_size=51924, ...}) = 0 [pid 4163] old_mmap(NULL, 46720, PROT_READ|PROT_EXEC, MAP_PRIVATE, 8, 0) = 0xb73ce000 [pid 4163] old_mmap(0xb73d9000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 8, 0xa000) = 0xb73d9000 [pid 4163] close(8)= 0 [pid 4163] munmap(0xb75e1000, 38297) = 0 [pid 4163] open("/etc/passwd", O_RDONLY) = 8 [pid 4163] fcntl64(8, F_GETFD) = 0 [pid 4163] fcntl64(8, F_SETFD, FD_CLOEXEC) = 0 [pid 4163] fstat64(8, {st_mode=S_IFREG|0644, st_size=2261, ...}) = 0 [pid 4163] mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
Re: Sieve weirdness
On Mon, 13 May 2002, Jaska Kivelä wrote: > On Mon, May 13, 2002 at 11:47:49AM +0300, Tuuli K Tuominen wrote: > > > require ["fileinto"]; > > > > if allof (address :contains ["from"] "[EMAIL PROTECTED]") { > > fileinto "INBOX.fooba"; > > } > > > > if allof (address :contains ["from"] "[EMAIL PROTECTED]") { > > fileinto "INBOX.jeps"; > > Try an 'elsif' here. Hm. Of course. Should've created a test script with Websieve myself instead of copying the problematic syntax from the user and trying that out blindly. :) The misunderstanding was that the user thought he had to have "Continue checking other rules..." enabled if he wanted to match against more than one address in the script. Thanks, -- Tuuli Tuominen
Re: Sieve weirdness
On Mon, May 13, 2002 at 11:47:49AM +0300, Tuuli K Tuominen wrote: > require ["fileinto"]; > > if allof (address :contains ["from"] "[EMAIL PROTECTED]") { > fileinto "INBOX.fooba"; > } > > if allof (address :contains ["from"] "[EMAIL PROTECTED]") { > fileinto "INBOX.jeps"; Try an 'elsif' here. -jk
Sieve weirdness
Hi, I've enabled sieve and installed Websieve (version 0.61h) on our two servers running Cyrus Imap 1.6.25. An user complained of getting messages delivered both to his Inbox and a folder when he was trying to file messages directly to a folder by a sieve script. I made this script and tested it: require ["fileinto"]; if allof (address :contains ["from"] "[EMAIL PROTECTED]") { fileinto "INBOX.fooba"; } if allof (address :contains ["from"] "[EMAIL PROTECTED]") { fileinto "INBOX.jeps"; } else { keep; } and noticed that if I send e-mail to this test account from address "[EMAIL PROTECTED]", the message goes both into my test account's Inbox and into INBOX.fooba. Doesn't make sense to me. Except maybe if duplicate delivery suppression is broken somehow? I do see occasional "dupelim" messages in the logs, as always. Any ideas? -- Tuuli Tuominen University of Helsinki IT Department