Re: SIEVE weirdness
Brian wrote: Any idea on what's going wrong? Maybe the plain sasl plugin isn't installed. Try a "telnet localhost sieve" and check that in the output there's a line advertising "SASL" "PLAIN" Bye -- Luca Olivetti Wetron Automatización S.A. http://www.wetron.es/ Tel. +34 93 5883004 Fax +34 93 5883007 --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: SIEVE weirdness
Simon Matter said: >> Seems like a problem with the auth method, but when I look in >> /etc/imapd.conf he's using saslauthd ... >> >> postmaster: postmaster >> configdirectory: /var/lib/imap/ >> partition-default: /var/spool/imap >> admins: cyrus >> allowanonymouslogin: no >> allowplaintext: yes >> sasl_mech_list: PLAIN DIGEST-MD5 shadow pwcheck > ^^^ > What exactly do you want here? Since you are using saslauthd as > sasl_pwcheck_method, you very likely use PAM/shadow to authenticate. Then, > just use 'sasl_mech_list: PLAIN'. IIRC sieveshell is different from the > other cyrus tools when it comes to using different mechs. Of course you > need /etc/pam.d/sieve with proper config. I probably wasn't clear in my last post. The goal is to be able to make sieve authenticate via plain, just like is happening with IMAP. If I take DIGEST-MD5 out of the conf file, then cyrus-imapd won't start. But if saslauthd is being used then where is DIGEST-MD5 being set? I've also tried using sivtest, but I can't seem to authenticate. -- Brian --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: SIEVE weirdness
> A friend of mine has tried to get Cyrus 2.1.5 running on RHEL 3 and all
> works except sieve.
>
> Doing something like 'sieveshell -u cyrus -a cyrus' prompts for the
> password over and over.
>
> The error message I get is
> Feb 5 17:09:48 agentsmith timsieved[4172]: unable to open Berkeley db
> /etc/sasldb2: Invalid argument
> Feb 5 17:09:48 agentsmith timsieved[4172]: unable to open Berkeley db
> /etc/sasldb2: Invalid argument
> Feb 5 17:09:48 agentsmith timsieved[4172]: no secret in database
> Feb 5 17:09:48 agentsmith timsieved[4172]: badlogin:
> localhost.localdomain[127.0.0.1] DIGEST-MD5 authentication failure
>
> Seems like a problem with the auth method, but when I look in
> /etc/imapd.conf he's using saslauthd ...
>
> postmaster: postmaster
> configdirectory: /var/lib/imap/
> partition-default: /var/spool/imap
> admins: cyrus
> allowanonymouslogin: no
> allowplaintext: yes
> sasl_mech_list: PLAIN DIGEST-MD5 shadow pwcheck
^^^
What exactly do you want here? Since you are using saslauthd as
sasl_pwcheck_method, you very likely use PAM/shadow to authenticate. Then,
just use 'sasl_mech_list: PLAIN'. IIRC sieveshell is different from the
other cyrus tools when it comes to using different mechs. Of course you
need /etc/pam.d/sieve with proper config.
Simon
> servername: agentsmith.novussententia.com
> autocreatequota: 1
> reject8bit: no
> quotawarn: 90
> timeout: 30
> poptimeout: 10
> sasl_pwcheck_method: saslauthd
> sievedir: /usr/sieve
> sendmail: /usr/sbin/sendmail
> sieve_maxscriptsize: 32
> sieveuserhomedir: no
> sieve_maxscripts: 5
> tls_ca_file: /var/lib/imap/cacert.pem
> tls_cert_file: /var/lib/imap/server.crt
> tls_key_file: /var/lib/imap/server.key
>
> His cyrus.conf:
>
> START {
> # do not delete this entry!
> mboxlist cmd="ctl_cyrusdb -r"
> deliver cmd="ctl_deliver -r"
> recover cmd="ctl_cyrusdb -r"
>
> # this is only necessary if using idled for IMAP IDLE
> # idledcmd="idled"
> }
>
> # UNIX sockets start with a slash and are put into /var/lib/imap/sockets
> SERVICES {
> # add or remove based on preferences
> imap cmd="imapd" listen="imap" prefork=5
> imaps cmd="imapd -s" listen="imaps" prefork=1
> #pop3 cmd="pop3d" listen="pop3" prefork=3
> #pop3scmd="pop3d -s" listen="pop3s" prefork=1
> sieve cmd="timsieved" listen="localhost:sieve" prefork=0
> lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=0
>
> # this is only necessary if using notifications
> # notify cmd="notifyd" listen="/var/lib/imap/socket/notify"
> proto="udp" prefork=1
> }
>
> EVENTS {
> # this is required
> checkpointcmd="ctl_cyrusdb -c" period=30
>
> # this is only necessary if using duplicate delivery suppression
> delprune cmd="ctl_deliver -E 3" at=0400
>
> # this is only necessary if caching TLS sessions
> tlsprune cmd="tls_prune" at=0400
> squatter cmd="squatter -r user" period=1440
> }
>
> He can login via IMAP just fine. I even see in the logs where it accepts
> the password as type 'plain'. Below is a strace where we try to
> authenticate via sieveshell. I see it trying to open /etc/shadow, but not
> sasldb
>
> [pid 4163] <... accept resumed> {sa_family=AF_UNIX, [EMAIL PROTECTED], [2]) = 7
> [pid 4163] fcntl64(6, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0,
> len=1}
> [pid 4162] <... fcntl64 resumed> ) = 0
> [pid 4163] <... fcntl64 resumed> ) = 0
> [pid 4162] accept(5,
> [pid 4163] read(7, "\0\6", 2) = 2
> [pid 4163] read(7, "csmith", 6)= 6
> [pid 4163] read(7, "\0\5", 2) = 2
> [pid 4163] read(7, "fr00t", 5) = 5
> [pid 4163] read(7, "\0\4", 2) = 2
> [pid 4163] read(7, "smtp", 4) = 4
> [pid 4163] read(7, "\0\0", 2) = 2
> [pid 4163] socket(PF_UNIX, SOCK_STREAM, 0) = 8
> [pid 4163] connect(8, {sa_family=AF_UNIX, path="/var/run/.nscd_socket"},
> 110) = -1 ENOENT (No such file or directory)
> [pid 4163] close(8)= 0
> [pid 4163] open("/etc/nsswitch.conf", O_RDONLY) = 8
> [pid 4163] fstat64(8, {st_mode=S_IFREG|0644, st_size=1686, ...}) = 0
> [pid 4163] mmap2(NULL, 4096, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb75ea000
> [pid 4163] read(8, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1686
> [pid 4163] read(8, "", 4096) = 0
> [pid 4163] close(8)= 0
> [pid 4163] munmap(0xb75ea000, 4096)= 0
> [pid 4163] open("/etc/ld.so.cache", O_RDONLY) = 8
> [pid 4163] fstat64(8, {st_mode=S_IFREG|0644, st_size=38297, ...}) = 0
> [pid 4163] old_mmap(NULL, 38297, PROT_READ, MAP_PRIVATE, 8, 0) =
> 0xb75e1000
> [pid 4163] close(8)= 0
> [pid 4163] open("/lib/libnss_files.so.2", O_RDONLY) = 8
> [pid 4163] read(8,
> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\\35\0"..., 512) = 512
> [pid 4163] fstat64(8, {st_mode=S_IFREG|07
Re: SIEVE weirdness
dear listeners, Am Mittwoch, 11. Februar 2004 15:34 schrieb Brian: > Doing something like 'sieveshell -u cyrus -a cyrus' prompts for the > password over and over. Is there a file /etc/sasldb2 ? If not create it with saslpasswd2 ... (see help) peace & luck Stefan --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
SIEVE weirdness
A friend of mine has tried to get Cyrus 2.1.5 running on RHEL 3 and all
works except sieve.
Doing something like 'sieveshell -u cyrus -a cyrus' prompts for the
password over and over.
The error message I get is
Feb 5 17:09:48 agentsmith timsieved[4172]: unable to open Berkeley db
/etc/sasldb2: Invalid argument
Feb 5 17:09:48 agentsmith timsieved[4172]: unable to open Berkeley db
/etc/sasldb2: Invalid argument
Feb 5 17:09:48 agentsmith timsieved[4172]: no secret in database
Feb 5 17:09:48 agentsmith timsieved[4172]: badlogin:
localhost.localdomain[127.0.0.1] DIGEST-MD5 authentication failure
Seems like a problem with the auth method, but when I look in
/etc/imapd.conf he's using saslauthd ...
postmaster: postmaster
configdirectory: /var/lib/imap/
partition-default: /var/spool/imap
admins: cyrus
allowanonymouslogin: no
allowplaintext: yes
sasl_mech_list: PLAIN DIGEST-MD5 shadow pwcheck
servername: agentsmith.novussententia.com
autocreatequota: 1
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
sasl_pwcheck_method: saslauthd
sievedir: /usr/sieve
sendmail: /usr/sbin/sendmail
sieve_maxscriptsize: 32
sieveuserhomedir: no
sieve_maxscripts: 5
tls_ca_file: /var/lib/imap/cacert.pem
tls_cert_file: /var/lib/imap/server.crt
tls_key_file: /var/lib/imap/server.key
His cyrus.conf:
START {
# do not delete this entry!
mboxlist cmd="ctl_cyrusdb -r"
deliver cmd="ctl_deliver -r"
recover cmd="ctl_cyrusdb -r"
# this is only necessary if using idled for IMAP IDLE
# idledcmd="idled"
}
# UNIX sockets start with a slash and are put into /var/lib/imap/sockets
SERVICES {
# add or remove based on preferences
imap cmd="imapd" listen="imap" prefork=5
imaps cmd="imapd -s" listen="imaps" prefork=1
#pop3 cmd="pop3d" listen="pop3" prefork=3
#pop3scmd="pop3d -s" listen="pop3s" prefork=1
sieve cmd="timsieved" listen="localhost:sieve" prefork=0
lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=0
# this is only necessary if using notifications
# notify cmd="notifyd" listen="/var/lib/imap/socket/notify"
proto="udp" prefork=1
}
EVENTS {
# this is required
checkpointcmd="ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery suppression
delprune cmd="ctl_deliver -E 3" at=0400
# this is only necessary if caching TLS sessions
tlsprune cmd="tls_prune" at=0400
squatter cmd="squatter -r user" period=1440
}
He can login via IMAP just fine. I even see in the logs where it accepts
the password as type 'plain'. Below is a strace where we try to
authenticate via sieveshell. I see it trying to open /etc/shadow, but not
sasldb
[pid 4163] <... accept resumed> {sa_family=AF_UNIX, [EMAIL PROTECTED], [2]) = 7
[pid 4163] fcntl64(6, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0,
len=1}
[pid 4162] <... fcntl64 resumed> ) = 0
[pid 4163] <... fcntl64 resumed> ) = 0
[pid 4162] accept(5,
[pid 4163] read(7, "\0\6", 2) = 2
[pid 4163] read(7, "csmith", 6)= 6
[pid 4163] read(7, "\0\5", 2) = 2
[pid 4163] read(7, "fr00t", 5) = 5
[pid 4163] read(7, "\0\4", 2) = 2
[pid 4163] read(7, "smtp", 4) = 4
[pid 4163] read(7, "\0\0", 2) = 2
[pid 4163] socket(PF_UNIX, SOCK_STREAM, 0) = 8
[pid 4163] connect(8, {sa_family=AF_UNIX, path="/var/run/.nscd_socket"},
110) = -1 ENOENT (No such file or directory)
[pid 4163] close(8)= 0
[pid 4163] open("/etc/nsswitch.conf", O_RDONLY) = 8
[pid 4163] fstat64(8, {st_mode=S_IFREG|0644, st_size=1686, ...}) = 0
[pid 4163] mmap2(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb75ea000
[pid 4163] read(8, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1686
[pid 4163] read(8, "", 4096) = 0
[pid 4163] close(8)= 0
[pid 4163] munmap(0xb75ea000, 4096)= 0
[pid 4163] open("/etc/ld.so.cache", O_RDONLY) = 8
[pid 4163] fstat64(8, {st_mode=S_IFREG|0644, st_size=38297, ...}) = 0
[pid 4163] old_mmap(NULL, 38297, PROT_READ, MAP_PRIVATE, 8, 0) = 0xb75e1000
[pid 4163] close(8)= 0
[pid 4163] open("/lib/libnss_files.so.2", O_RDONLY) = 8
[pid 4163] read(8,
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\\35\0"..., 512) = 512
[pid 4163] fstat64(8, {st_mode=S_IFREG|0755, st_size=51924, ...}) = 0
[pid 4163] old_mmap(NULL, 46720, PROT_READ|PROT_EXEC, MAP_PRIVATE, 8, 0)
= 0xb73ce000
[pid 4163] old_mmap(0xb73d9000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED, 8, 0xa000) = 0xb73d9000
[pid 4163] close(8)= 0
[pid 4163] munmap(0xb75e1000, 38297) = 0
[pid 4163] open("/etc/passwd", O_RDONLY) = 8
[pid 4163] fcntl64(8, F_GETFD) = 0
[pid 4163] fcntl64(8, F_SETFD, FD_CLOEXEC) = 0
[pid 4163] fstat64(8, {st_mode=S_IFREG|0644, st_size=2261, ...}) = 0
[pid 4163] mmap2(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
Re: Sieve weirdness
On Mon, 13 May 2002, Jaska Kivelä wrote:
> On Mon, May 13, 2002 at 11:47:49AM +0300, Tuuli K Tuominen wrote:
>
> > require ["fileinto"];
> >
> > if allof (address :contains ["from"] "[EMAIL PROTECTED]") {
> > fileinto "INBOX.fooba";
> > }
> >
> > if allof (address :contains ["from"] "[EMAIL PROTECTED]") {
> > fileinto "INBOX.jeps";
>
> Try an 'elsif' here.
Hm. Of course. Should've created a test script with Websieve myself
instead of copying the problematic syntax from the user and trying that
out blindly. :)
The misunderstanding was that the user thought he had to have "Continue
checking other rules..." enabled if he wanted to match against more than
one address in the script.
Thanks,
--
Tuuli Tuominen
Re: Sieve weirdness
On Mon, May 13, 2002 at 11:47:49AM +0300, Tuuli K Tuominen wrote:
> require ["fileinto"];
>
> if allof (address :contains ["from"] "[EMAIL PROTECTED]") {
> fileinto "INBOX.fooba";
> }
>
> if allof (address :contains ["from"] "[EMAIL PROTECTED]") {
> fileinto "INBOX.jeps";
Try an 'elsif' here.
-jk
Sieve weirdness
Hi,
I've enabled sieve and installed Websieve (version 0.61h) on our two
servers running Cyrus Imap 1.6.25. An user complained of getting messages
delivered both to his Inbox and a folder when he was trying to file
messages directly to a folder by a sieve script. I made this script and
tested it:
require ["fileinto"];
if allof (address :contains ["from"] "[EMAIL PROTECTED]") {
fileinto "INBOX.fooba";
}
if allof (address :contains ["from"] "[EMAIL PROTECTED]") {
fileinto "INBOX.jeps";
}
else {
keep;
}
and noticed that if I send e-mail to this test account from address
"[EMAIL PROTECTED]", the message goes both into my test
account's Inbox and into INBOX.fooba. Doesn't make sense to me. Except maybe
if duplicate delivery suppression is broken somehow? I do see occasional
"dupelim" messages in the logs, as always.
Any ideas?
--
Tuuli Tuominen
University of Helsinki IT Department
