sieve authentication.
Hi everyone I'm using SOGo as webui for the mail. SOGo as the capability to manage sieve filters and it's work well with cyrus. The only problem, is SOGo as the capability to disable automatically the sieve filter, but for that it need a account who has the right to modify sieve filter for everyone. I didn't find how to do that with cyrus. If someone have a idea... Regards -- Albert SHIH Observatoire de Paris xmpp: j...@obspm.fr Heure local/Local time: Tue 05 Nov 2019 11:04:19 AM CET Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Sieve Authentication
Antonio, The sieve protocol is defined in RFC 3028. 'sivtest' should be easier than telnet though. However, as mentioned in the documentation, you'll probably want to use sieveshell to manipulate scripts. - Dan Antonio Talarico wrote: Thanks now i can authenticate with sieve, But i have another problem. How is the syntax to place a script on the server once authenticated by telnet? Thanks for the help 2008/10/10 Dan White [EMAIL PROTECTED]: Antonio Talarico wrote: Hi Which file contains the configuration for users who can authenticate. How can enable a user to log in and add script. Thank you Antonio, Authentication is handled by the Cyrus SASL library as configured in your imapd.conf (the lines beginning with sasl_). Documentation can be found in the man page for imapd.conf, /doc/install-auth.html located within the cyrus-imapd source, and the /doc/ subdirectory located within the cyrus-sasl source. - Dan Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve Authentication
Antonio Talarico wrote: Hi Which file contains the configuration for users who can authenticate. How can enable a user to log in and add script. Thank you Antonio, Authentication is handled by the Cyrus SASL library as configured in your imapd.conf (the lines beginning with sasl_). Documentation can be found in the man page for imapd.conf, /doc/install-auth.html located within the cyrus-imapd source, and the /doc/ subdirectory located within the cyrus-sasl source. - Dan Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Sieve Authentication
Hi Which file contains the configuration for users who can authenticate. How can enable a user to log in and add script. Thank you -- Antonio Talarico Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
sieve authentication problem
Hello, I have installed cyrus ver 2.3.1, in the file /etc/cyrus.conf I have : sieve cmd=timsieved listen=sieve prefork=0 and I copy /etc/pam.d/imap in to /etc/pam.d/sieve but when I try this command : telnet localhost sieve the output is : Escape character is '^]'. IMPLEMENTATION Cyrus timsieved v2.3.11 SIEVE comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy OK Missing the line : SASL LOGIN etc.. So when I try to connect with the command sieveshell I get this error : sieveshell -a user localhost connecting to localhost unable to connect to server at /usr/bin/sieveshell line 169. What do I check? Thank You. By Obe. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
sieve authentication issue (SASL)
Hi, I have a frustrating issue authenticating with sieveshell. This was all working until yesterday, where an apt-get upgrade on the machine changed a couple of things - amoung them, I think, the sasl libraries and some perl stuff. I can still successfully connect to imap using cyradm, and all users can happily use imap and pop services on the server. Any help would be greatly appreciated! J I can telnet localhost 2000 and see: pluto:/var/log# telnet localhost 2000 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. IMPLEMENTATION Cyrus timsieved v2.3.11 SASL LOGIN PLAIN SIEVE comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy OK Attempting to log in using sieveshell -u phil -u phil locahost gives this message: sieve[25752]: badlogin: localhost[127.0.0.1] LOGIN generic failure I am using saslauthd started like this: /usr/local/sbin/saslauthd -a shadow My cyrus.conf sieve cmd=timsieved -C /etc/imapdlocal.conf listen=127.0.0.1:sieve prefork=0 My imapdlocal.conf postmaster: postmaster configdirectory: /var/imap partition-default: /var/spool/imap admins: cyrus allowanonymouslogin: yes allowplaintext: yes sasl_mech_list: PLAIN LOGIN servername: mail.mercury1.co.uk autocreatequota: 1 reject8bit: no quotawarn: 90 timeout: 30 poptimeout: 10 allowapop: 0 dracinterval: 0 drachost: localhost sasl_pwcheck_method: saslauthd sievedir: /usr/sieve sendmail: /usr/sbin/sendmail sieve_maxscriptsize: 32 sieve_maxscripts: 5 #unixhierarchysep: yes Testsaslauthd returns ok: pluto:/var/log# testsaslauthd -u phil -p password sieve localhost 0: OK Success. Cheers phil Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: SASL/sieve authentication issue
Hi,
the default value of allowplaintext changed. Use ssl/tls or set
allowplaintext: 1 in imapd.conf
Quoting Forrest Aldrich [EMAIL PROTECTED]:
I'm having a problem with authentication. I can get/read/send mail fine
through Cyrus, Sendmail. But when I try to authenticate to sieve, it's
failing. This started happening after updating Cyrus on FreeBSD-7.0,
where I currently have:
cyrus-imapd-2.3.11
cyrus-sasl-2.1.22
cyrus-sasl-saslauthd-2.1.22
I have SASL using the sasldb, that all seems to work. But I can't
authenticate via imtest at all. And the results below might be a
clue as to what's wrong, and I hope someone can point it out - it's
probably obvious and I'm just overlooking it.
I'm using Smartsieve to manage my scripts, and this is where I first
noticed the problem. I've tried every mech that is enabled with imtest,
and no luck.
That I can get my mail via IMAP (over SSL) and not get imtest to work is
strange.
Thanks in advance
# sivtest -m plain -u forrie -a forrie
WARNING: no hostname supplied, assuming localhost
[EMAIL PROTECTED] /usr/home/forrie/spam]# sivtest -m plain -u forrie -a forrie
localhost
S: IMPLEMENTATION Cyrus timsieved v2.3.11
S: SASL DIGEST-MD5 CRAM-MD5
S: SIEVE comparator-i;ascii-numeric fileinto reject vacation
imapflags notify envelope relational regex subaddress copy
S: STARTTLS
S: OK
Please enter your password:
C: AUTHENTICATE PLAIN {32+}
Zm9blahblahblhadjfdklfblahblah=
S: NO Authentication Error
Authentication failed. generic failure
Security strength factor: 0
# sivtest -t -m plain -u forrie -a forrie localhost
S: IMPLEMENTATION Cyrus timsieved v2.3.11
S: SASL DIGEST-MD5 CRAM-MD5
S: SIEVE comparator-i;ascii-numeric fileinto reject vacation
imapflags notify envelope relational regex subaddress copy
S: STARTTLS
S: OK
C: STARTTLS
S: OK Begin TLS negotiation now
verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA
(256/256 bits)
S: IMPLEMENTATION Cyrus timsieved v2.3.11
S: SASL LOGIN PLAIN DIGEST-MD5 CRAM-MD5
S: SIEVE comparator-i;ascii-numeric fileinto reject vacation
imapflags notify envelope relational regex subaddress copy
S: OK
Please enter your password:
C: AUTHENTICATE PLAIN {32+}
Zblahblhdklfdslfksfblahblah=
S: OK
Authenticated.
Security strength factor: 256
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
M.Menge Tel.: (49) 7071/29-70316
Universitaet Tuebingen Fax.: (49) 7071/29-5912
Zentrum fuer Datenverarbeitung mail:
[EMAIL PROTECTED]
Waechterstrasse 76
72074 Tuebingen
smime.p7s
Description: S/MIME krytographische Unterschrift
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
SASL/sieve authentication issue
I'm having a problem with authentication. I can get/read/send mail fine
through Cyrus, Sendmail. But when I try to authenticate to sieve, it's
failing. This started happening after updating Cyrus on FreeBSD-7.0,
where I currently have:
cyrus-imapd-2.3.11
cyrus-sasl-2.1.22
cyrus-sasl-saslauthd-2.1.22
I have SASL using the sasldb, that all seems to work. But I can't
authenticate via imtest at all. And the results below might be a
clue as to what's wrong, and I hope someone can point it out - it's
probably obvious and I'm just overlooking it.
I'm using Smartsieve to manage my scripts, and this is where I first
noticed the problem. I've tried every mech that is enabled with imtest,
and no luck.
That I can get my mail via IMAP (over SSL) and not get imtest to work is
strange.
Thanks in advance
# sivtest -m plain -u forrie -a forrie
WARNING: no hostname supplied, assuming localhost
[EMAIL PROTECTED] /usr/home/forrie/spam]# sivtest -m plain -u forrie -a forrie
localhost
S: IMPLEMENTATION Cyrus timsieved v2.3.11
S: SASL DIGEST-MD5 CRAM-MD5
S: SIEVE comparator-i;ascii-numeric fileinto reject vacation
imapflags notify envelope relational regex subaddress copy
S: STARTTLS
S: OK
Please enter your password:
C: AUTHENTICATE PLAIN {32+}
Zm9blahblahblhadjfdklfblahblah=
S: NO Authentication Error
Authentication failed. generic failure
Security strength factor: 0
# sivtest -t -m plain -u forrie -a forrie localhost
S: IMPLEMENTATION Cyrus timsieved v2.3.11
S: SASL DIGEST-MD5 CRAM-MD5
S: SIEVE comparator-i;ascii-numeric fileinto reject vacation
imapflags notify envelope relational regex subaddress copy
S: STARTTLS
S: OK
C: STARTTLS
S: OK Begin TLS negotiation now
verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA
(256/256 bits)
S: IMPLEMENTATION Cyrus timsieved v2.3.11
S: SASL LOGIN PLAIN DIGEST-MD5 CRAM-MD5
S: SIEVE comparator-i;ascii-numeric fileinto reject vacation
imapflags notify envelope relational regex subaddress copy
S: OK
Please enter your password:
C: AUTHENTICATE PLAIN {32+}
Zblahblhdklfdslfksfblahblah=
S: OK
Authenticated.
Security strength factor: 256
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sieve authentication
Am Thursday 14 September 2006 22:18 schrieb Mike Husmann:
Show your configuration imapd.conf, cyrus.conf. Hmm, maybe
hosts.allow/hosts.deny, too.
imapd.conf
# server conf
servername: rusty.morningside.edu
umask: 077
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
# singleinstancestore: yes
username_to_lower: yes
lmtp_downcase_rcpt: yes
lmtp_over_quota_perm_failure: yes
altnamespace: yes
# user conf
postmaster: postmaster
admins: cyrus cyrusadm
# directory and file locations
configdirectory: /var/spool/cyrus-imap
partition-default: /var/spool/cyrus-imap
sievedir: /var/spool/cyrus-imap/sieve
sendmail: /usr/sbin/sendmail
# authentication
allowanonymouslogin: no
allowplaintext: yes
sasl_mech_list: plain
sasl_minimum_layer: 0
sasl_pwcheck_method: saslauthd
# new user automated creates
autocreate_sieve_script: /var/spool/cyrus-imap/sieve/phpscript
autocreate_sieve_compiledscript: /var/spool/cyrus-imap/sieve/phpscript.bc
generate_compiled_sieve_script: yes
sieve_maxscriptsize: 64
sieve_maxscripts: 50
autocreateinboxfolders: Spam
autosubscribeinboxfolders: Spam
autocreatequota: 51200
createonpost: yes
# security certificate information
tls_cert_file: /etc/ssl/certs/imap.morningside.edu.crt
tls_key_file: /etc/ssl/certs/imap.morningside.edu.key
tls_ca_file: /etc/ssl/certs/imap.morningside.edu.ca-bundle
---
cyrus.conf
---
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd=ctl_cyrusdb -r
# this is only necessary if using idled for IMAP IDLE
# idledcmd=idled
}
# UNIX sockets start with a slash and are put into
/var/spool/cyrus-imap/socket SERVICES {
# add or remove based on preferences
imap cmd=imapd listen=imap prefork=0
imaps cmd=imapd -s listen=imaps prefork=0
pop3 cmd=pop3d listen=pop3 prefork=0
pop3s cmd=pop3d -s listen=pop3s prefork=0
sieve cmd=timsieved listen=sieve prefork=0
# at least one LMTP is required for delivery
# lmtp cmd=lmtpd listen=lmtp prefork=0
lmtpunix cmd=lmtpd listen=/var/spool/cyrus-imap/socket/lmtp
prefork=0
# this is only necessary if using notifications
# notify cmd=notifyd listen=/var/spool/cyrus-imap/socket/notify
proto=udp prefork=1
}
EVENTS {
# this is required
checkpointcmd=ctl_cyrusdb -c period=15
# this is only necessary if using duplicate delivery suppression
delprune cmd=ctl_deliver -E 3 at=0400
# this is only necessary if caching TLS sessions
tlsprune cmd=tls_prune at=0400
}
---
hosts.allow and hosts.deny are both empty.
---
Hmm, I don't see a reason, why sieve-logins from a Remote-Machine can fail.
Except for the Remote-Machine(s) itself. You have the Server configured to
offer PLAIN to the Clients. Check if the Clients have the Cyrus-SASL
Mechanism PLAIN (libplain.*) installed.
If PLAIN is installed, the next step would be to use a network-sniffer and
look for the Dialog between Server and Client.
--
Andreas
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sieve authentication
Hmm, I don't see a reason, why sieve-logins from a Remote-Machine can fail. Except for the Remote-Machine(s) itself. You have the Server configured to offer PLAIN to the Clients. Check if the Clients have the Cyrus-SASL Mechanism PLAIN (libplain.*) installed. If PLAIN is installed, the next step would be to use a network-sniffer and look for the Dialog between Server and Client. This is where things get weird.. If I do a sivtest from a remote machine, here is the result: --- sivtest -a bebo -u bebo imap.morningside.edu S: IMPLEMENTATION Cyrus timsieved v2.2.12 S: SASL PLAIN S: SIEVE fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex S: STARTTLS S: OK Authentication failed. no mechanism available Security strength factor: 0 C: LOGOUT Connection closed. --- On the local machine, this works fine, and prompts for a password. But from what I'm seeing here, it's dropping the connection because it doesn't think there are any auth mechs available...? sieveshell has a similar result: --- \sieveshell -a bebo -u bebo imap.morningside.edu connecting to imap.morningside.edu unable to connect to server at /usr/bin/sieveshell line 169. --- This is different from the others that include a line about STDIN (password). Once again, the server drops the connection before it has a chance to authenticate. My /etc/pam.d/sieve looks like: #%PAM-1.0 auth required pam_nologin.so auth sufficient pam_ldap.so auth required pam_pwdb.so shadow nodelay accountrequired pam_pwdb.so sessionrequired pam_pwdb.so And the strangest part of this whole deal is that it has worked flawlessly, as it is set up now, since April. Mike Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sieve authentication
Except for the Remote-Machine(s) itself. You have the Server configured to offer PLAIN to the Clients. Check if the Clients have the Cyrus-SASL Mechanism PLAIN (libplain.*) installed. That's the ticket.. I installed the extra library on my test system and found that indeed network auth had never been broken! A simple upgrade of my squirrelmail plugin made it compatible with the php upgrade that had just happned a couple days ago. I'm off and running again. Thanks so much, Mike -- Andreas Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
sieve authentication
Hey Everyone, I'm running cyrus-imap v2.2.12 on a Trustix Linux box with saslauthd configured to look to Active Directory via LDAP. It's worked great since we put it up in April. However, this morning, timsieved quit working out of the blue. The avelsieve squirrelmail plugin no longer would authenticate. Here's what I get from sivtest if I connect from any remote machine: sivtest -a husmann -u husmann imap -v S: IMPLEMENTATION Cyrus timsieved v2.2.12 S: SASL PLAIN S: SIEVE fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex S: STARTTLS S: OK Authentication failed. no mechanism available Security strength factor: 0 C: LOGOUT Connection closed. However, if I connect on localhost, everything (sivtest and sieveshell) work great. I have confirmed that cyrus-master is listening on port 2000: netstat -tulpen | grep 2000 tcp0 0 0.0.0.0:20000.0.0.0:* LISTEN 0 814437418188/cyrus-master tcp0 0 :::2000 :::*LISTEN 0 814437218188/cyrus-master Which explains why I can telnet in, etc... To my knowledge, nothing has changed, so I'm puzzled as to why it would stop working all of a sudden. When I try to use sieveshell to log in, I get this in /var/log/imapd/debug: It doesn't matter whether I log in from localhost or remote, in this case. Sep 14 11:36:06 rusty master[22152]: about to exec /usr/lib/cyrus-imapd/bin/timsieved Sep 14 11:36:06 rusty sieve[22152]: executed Sep 14 11:36:06 rusty sieve[22152]: accepted connection Restarting cyrus doesn't help, and I'm not running any firewall rules with iptables... Any ideas? Thanks in advance. Mike Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sieve authentication
Am Thursday 14 September 2006 20:25 schrieb Mike Husmann: I'm running cyrus-imap v2.2.12 on a Trustix Linux box with saslauthd configured to look to Active Directory via LDAP. It's worked great since we put it up in April. However, this morning, timsieved quit working out of the blue. The avelsieve squirrelmail plugin no longer would authenticate. Here's what I get from sivtest if I connect from any remote machine: sivtest -a husmann -u husmann imap -v S: IMPLEMENTATION Cyrus timsieved v2.2.12 S: SASL PLAIN S: SIEVE fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex S: STARTTLS S: OK Authentication failed. no mechanism available Security strength factor: 0 C: LOGOUT Connection closed. However, if I connect on localhost, everything (sivtest and sieveshell) work great. I have confirmed that cyrus-master is listening on port 2000: netstat -tulpen | grep 2000 tcp0 0 0.0.0.0:20000.0.0.0:* LISTEN 0 814437418188/cyrus-master tcp0 0 :::2000 :::*LISTEN 0 814437218188/cyrus-master Which explains why I can telnet in, etc... To my knowledge, nothing has changed, so I'm puzzled as to why it would stop working all of a sudden. When I try to use sieveshell to log in, I get this in /var/log/imapd/debug: It doesn't matter whether I log in from localhost or remote, in this case. Sep 14 11:36:06 rusty master[22152]: about to exec /usr/lib/cyrus-imapd/bin/timsieved Sep 14 11:36:06 rusty sieve[22152]: executed Sep 14 11:36:06 rusty sieve[22152]: accepted connection Restarting cyrus doesn't help, and I'm not running any firewall rules with iptables... Show your configuration imapd.conf, cyrus.conf. Hmm, maybe hosts.allow/hosts.deny, too. -- Andreas Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sieve authentication
Show your configuration imapd.conf, cyrus.conf. Hmm, maybe
hosts.allow/hosts.deny, too.
imapd.conf
# server conf
servername: rusty.morningside.edu
umask: 077
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
# singleinstancestore: yes
username_to_lower: yes
lmtp_downcase_rcpt: yes
lmtp_over_quota_perm_failure: yes
altnamespace: yes
# user conf
postmaster: postmaster
admins: cyrus cyrusadm
# directory and file locations
configdirectory: /var/spool/cyrus-imap
partition-default: /var/spool/cyrus-imap
sievedir: /var/spool/cyrus-imap/sieve
sendmail: /usr/sbin/sendmail
# authentication
allowanonymouslogin: no
allowplaintext: yes
sasl_mech_list: plain
sasl_minimum_layer: 0
sasl_pwcheck_method: saslauthd
# new user automated creates
autocreate_sieve_script: /var/spool/cyrus-imap/sieve/phpscript
autocreate_sieve_compiledscript: /var/spool/cyrus-imap/sieve/phpscript.bc
generate_compiled_sieve_script: yes
sieve_maxscriptsize: 64
sieve_maxscripts: 50
autocreateinboxfolders: Spam
autosubscribeinboxfolders: Spam
autocreatequota: 51200
createonpost: yes
# security certificate information
tls_cert_file: /etc/ssl/certs/imap.morningside.edu.crt
tls_key_file: /etc/ssl/certs/imap.morningside.edu.key
tls_ca_file: /etc/ssl/certs/imap.morningside.edu.ca-bundle
---
cyrus.conf
---
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd=ctl_cyrusdb -r
# this is only necessary if using idled for IMAP IDLE
# idledcmd=idled
}
# UNIX sockets start with a slash and are put into /var/spool/cyrus-imap/socket
SERVICES {
# add or remove based on preferences
imap cmd=imapd listen=imap prefork=0
imaps cmd=imapd -s listen=imaps prefork=0
pop3 cmd=pop3d listen=pop3 prefork=0
pop3s cmd=pop3d -s listen=pop3s prefork=0
sieve cmd=timsieved listen=sieve prefork=0
# at least one LMTP is required for delivery
# lmtp cmd=lmtpd listen=lmtp prefork=0
lmtpunix cmd=lmtpd listen=/var/spool/cyrus-imap/socket/lmtp prefork=0
# this is only necessary if using notifications
# notify cmd=notifyd listen=/var/spool/cyrus-imap/socket/notify
proto=udp prefork=1
}
EVENTS {
# this is required
checkpointcmd=ctl_cyrusdb -c period=15
# this is only necessary if using duplicate delivery suppression
delprune cmd=ctl_deliver -E 3 at=0400
# this is only necessary if caching TLS sessions
tlsprune cmd=tls_prune at=0400
}
---
hosts.allow and hosts.deny are both empty.
---
I have been using nscd to cache lookups.. here is it's config:
logfile /var/log/nscd.log
threads 10
max-threads 128
# server-user nobody
# stat-user somebody
debug-level 0
# reload-count5
paranoiano
# restart-interval3600
enable-cachepasswd yes
positive-time-to-live passwd 660
negative-time-to-live passwd 20
suggested-size passwd 1051
check-files passwd yes
persistent passwd yes
shared passwd yes
enable-cachegroup yes
positive-time-to-live group 3600
negative-time-to-live group 60
suggested-size group 1051
check-files group yes
persistent group yes
shared group yes
enable-cachehosts yes
positive-time-to-live hosts 3600
negative-time-to-live hosts 20
suggested-size hosts 1051
check-files hosts yes
persistent hosts yes
shared hosts yes
---
Thanks again,
Mike
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve authentication problem
Am Saturday 09 September 2006 12:38 schrieb Achim Lammerts: do I get some help about Sieve here too? Some days ago I've added authentication by sasldb and today I saw that Sieve doesn't work anymore. I can't login to sieveshell from root like sieveshell --user mailuser --authname mailuser localhost, the correct password is not accepted. There are these entries in the log file: Sep 9 12:25:44 salamucha master[7088]: about to exec /usr/lib/cyrus/bin/timsieved Sep 9 12:25:44 salamucha sieve[7088]: executed Sep 9 12:25:44 salamucha sieve[7088]: accepted connection Sep 9 12:25:49 salamucha PAM-warn[1066]: function=[pam_sm_authenticate] service=[sieve] terminal=[unknown] user=[mailuser] ruser=[unknown] rhost=[unknown] But this is saslauthd/pam, which is queried, not sasldb. Check your saslauthd/pam Configuration. Sep 9 12:25:49 salamucha PAM-warn[1066]: function=[pam_sm_acct_mgmt] service=[sieve] terminal=[unknown] user=[mailuser] ruser=[unknown] rhost=[unknown] Sep 9 12:25:49 salamucha sieve[7088]: transitioning user mailuser to auxprop database Sep 9 12:25:49 salamucha sieve[7088]: setpass succeeded for mailuser Sep 9 12:25:49 salamucha sieve[7088]: mkdir /var/lib/sieve/m/mailuser: File exists Sep 9 12:25:49 salamucha sieve[7088]: error in actions_setuser() Sep 9 12:25:49 salamucha perl: No worthy mechs found Sep 9 12:25:49 salamucha master[6160]: process 7088 exited, status 0 The actual imapd.conf looks like this: ... sasl_pwcheck_method: saslauthd auxprop sasl_auxprop_plugin: sasldb sasl_auto_transition: yes sasl_mech_list: plain login ... Also avelsieve doesn't work correctly before I got this problem above, in the meantime I can't use avelsieve too of course (with a similar error message). That might be another question and not here, but I like to ask about the rights for the Sieve directory. It's set to 600 and the owner is cyrus:mail, is that right? -- Andreas Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve authentication problem
Am Sunday 10 September 2006 08:00 schrieb Andreas Winkelmann: do I get some help about Sieve here too? Some days ago I've added authentication by sasldb and today I saw that Sieve doesn't work anymore. I can't login to sieveshell from root like sieveshell --user mailuser --authname mailuser localhost, the correct password is not accepted. There are these entries in the log file: Sep 9 12:25:44 salamucha master[7088]: about to exec /usr/lib/cyrus/bin/timsieved Sep 9 12:25:44 salamucha sieve[7088]: executed Sep 9 12:25:44 salamucha sieve[7088]: accepted connection Sep 9 12:25:49 salamucha PAM-warn[1066]: function=[pam_sm_authenticate] service=[sieve] terminal=[unknown] user=[mailuser] ruser=[unknown] rhost=[unknown] But this is saslauthd/pam, which is queried, not sasldb. Check your saslauthd/pam Configuration. Ok forget it, sometimes it is better to read further. Sep 9 12:25:49 salamucha PAM-warn[1066]: function=[pam_sm_acct_mgmt] service=[sieve] terminal=[unknown] user=[mailuser] ruser=[unknown] rhost=[unknown] Sep 9 12:25:49 salamucha sieve[7088]: transitioning user mailuser to auxprop database Sep 9 12:25:49 salamucha sieve[7088]: setpass succeeded for mailuser Sep 9 12:25:49 salamucha sieve[7088]: mkdir /var/lib/sieve/m/mailuser: File exists Check this Directory. Maybe it is a File, or the Permissions are incorrect. Sep 9 12:25:49 salamucha sieve[7088]: error in actions_setuser() Sep 9 12:25:49 salamucha perl: No worthy mechs found Sep 9 12:25:49 salamucha master[6160]: process 7088 exited, status 0 The actual imapd.conf looks like this: ... sasl_pwcheck_method: saslauthd auxprop sasl_auxprop_plugin: sasldb sasl_auto_transition: yes sasl_mech_list: plain login ... Also avelsieve doesn't work correctly before I got this problem above, in the meantime I can't use avelsieve too of course (with a similar error message). That might be another question and not here, but I like to ask about the rights for the Sieve directory. It's set to 600 and the owner is cyrus:mail, is that right? -- Andreas Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Sieve authentication problem
Hello list, do I get some help about Sieve here too? Some days ago I've added authentication by sasldb and today I saw that Sieve doesn't work anymore. I can't login to sieveshell from root like sieveshell --user mailuser --authname mailuser localhost, the correct password is not accepted. There are these entries in the log file: Sep 9 12:25:44 salamucha master[7088]: about to exec /usr/lib/cyrus/bin/timsieved Sep 9 12:25:44 salamucha sieve[7088]: executed Sep 9 12:25:44 salamucha sieve[7088]: accepted connection Sep 9 12:25:49 salamucha PAM-warn[1066]: function=[pam_sm_authenticate] service=[sieve] terminal=[unknown] user=[mailuser] ruser=[unknown] rhost=[unknown] Sep 9 12:25:49 salamucha PAM-warn[1066]: function=[pam_sm_acct_mgmt] service=[sieve] terminal=[unknown] user=[mailuser] ruser=[unknown] rhost=[unknown] Sep 9 12:25:49 salamucha sieve[7088]: transitioning user mailuser to auxprop database Sep 9 12:25:49 salamucha sieve[7088]: setpass succeeded for mailuser Sep 9 12:25:49 salamucha sieve[7088]: mkdir /var/lib/sieve/m/mailuser: File exists Sep 9 12:25:49 salamucha sieve[7088]: error in actions_setuser() Sep 9 12:25:49 salamucha perl: No worthy mechs found Sep 9 12:25:49 salamucha master[6160]: process 7088 exited, status 0 The actual imapd.conf looks like this: ... sasl_pwcheck_method: saslauthd auxprop sasl_auxprop_plugin: sasldb sasl_auto_transition: yes sasl_mech_list: plain login ... Also avelsieve doesn't work correctly before I got this problem above, in the meantime I can't use avelsieve too of course (with a similar error message). That might be another question and not here, but I like to ask about the rights for the Sieve directory. It's set to 600 and the owner is cyrus:mail, is that right? Thanks for your help! Achim Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve authentication failure
On Mon, 2005-12-05 at 16:20 +0200, Paul-Erik Törrönen wrote:
But sivtest fails:
$ sivtest -a poltsi localhost
S: IMPLEMENTATION Cyrus timsieved v2.2.12-Invoca-RPM-2.2.12-6.fc4
S: SASL PLAIN
S: SIEVE fileinto reject envelope vacation imapflags notify
subaddress relational comparator-i;ascii-numeric regex
S: STARTTLS
S: OK
Please enter your password:
C: AUTHENTICATE PLAIN {28+}
password hash
S: NO Authentication Error
As do sieveshell:
$ sieveshell -u poltsi -a poltsi localhost
connecting to localhost
Please enter your password:
unable to connect to server at /usr/bin/sieveshell line 169, STDIN
line 1.
Ok, I've gotten a step further, the sivtest works when I give the full
[EMAIL PROTECTED] in the -a parameter, but the same does not work with the
sieveshell, it barfs with the same error as above.
Any help?
Poltsi
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Sieve authentication failure
Hello,
We have a problem similar to that described by Andrew Morgan, ie. sieve
(both sieveshell and sivtest) is not accepting the given password. The
difference is that we use the Cyrus-Imapd (2.2.12-6.fc4) provided by
FC4. We use LDAP and saslauthd is configured to validate the login
against it.
# testsaslauthd -u poltsi -p password
0: OK Success.
Likewise using imtest (as user) works:
$ imtest
WARNING: no hostname supplied, assuming localhost
S: * OK mailserver Cyrus IMAP4 v2.2.12-Invoca-RPM-2.2.12-6.fc4 server
ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
STARTTLS LISTEXT LIST-SUBSCRIBED X-NETSCAPE
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN poltsi {11}
S: + go ahead
C: omitted
S: L01 OK User logged in
Authenticated.
Security strength factor: 0
C: Q01 LOGOUT
* BYE LOGOUT received
Q01 OK Completed
Connection closed.
But sivtest fails:
$ sivtest -a poltsi localhost
S: IMPLEMENTATION Cyrus timsieved v2.2.12-Invoca-RPM-2.2.12-6.fc4
S: SASL PLAIN
S: SIEVE fileinto reject envelope vacation imapflags notify
subaddress relational comparator-i;ascii-numeric regex
S: STARTTLS
S: OK
Please enter your password:
C: AUTHENTICATE PLAIN {28+}
password hash
S: NO Authentication Error
As do sieveshell:
$ sieveshell -u poltsi -a poltsi localhost
connecting to localhost
Please enter your password:
unable to connect to server at /usr/bin/sieveshell line 169, STDIN
line 1.
There is nothing helpful in /var/log/maillog:
Dec 5 13:53:24 mail sieve[14763]: executed
Dec 5 13:53:24 mail sieve[14763]: accepted connection
Dec 5 13:53:27 mail master[13998]: process 14763 exited, status 0
The /usr/lib/sasl2/libplain.so exists (provided by
cyrus-sasl-plain-2.1.20-5) and following a related discussion on SuSe
mailinglist¹ I checked that the required perl-modules also are
installed.
Of course users are able to log on cyrus-imapd normally to read and
manage their messages through IMAPS.
¹ http://lists.suse.com/archive/suse-linux-e/2005-Sep/1313.html
Running trace on the sieveshell command shows only a very brief
interaction with the timsieved:
(Reading the enter when giving the password)
14858 read(0, \n, 4096) = 1
14858 write(1, \n, 1) = 1
14858 pipe([5, 6]) = 0
14858 clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|
CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7f03be8) = 14863
14858 close(6 unfinished ...
14863 close(5 unfinished ...
14858 ... close resumed ) = 0
14863 ... close resumed ) = 0
14858 rt_sigaction(SIGINT, {SIG_IGN}, unfinished ...
14863 fcntl64(6, F_SETFD, FD_CLOEXEC unfinished ...
14858 ... rt_sigaction resumed {SIG_DFL}, 8) = 0
14863 ... fcntl64 resumed ) = 0
14858 rt_sigaction(SIGQUIT, {SIG_IGN}, {SIG_DFL}, 8) = 0
14858 waitpid(14863, unfinished ...
14863 rt_sigaction(SIGFPE, {SIG_DFL}, {SIG_IGN}, 8) = 0
14863 execve(/usr/kerberos/bin/stty, [stty,
500:5:bf:8a3b:3:1c:7f:15:4:0:1:0...], [/* 27 vars */]) = -1 ENOENT (No
such file or directory)
14863 execve(/usr/local/bin/stty, [stty,
500:5:bf:8a3b:3:1c:7f:15:4:0:1:0...], [/* 27 vars */]) = -1 ENOENT (No
such file or directory)
14863 execve(/bin/stty, [stty,
500:5:bf:8a3b:3:1c:7f:15:4:0:1:0...], [/* 27 vars */]) = 0
14863 brk(0)= 0x8e35000
14863 access(/etc/ld.so.preload, R_OK) = -1 ENOENT (No such file or
directory)
14863 open(/etc/ld.so.cache, O_RDONLY) = 3
14863 fstat64(3, {st_mode=S_IFREG|0644, st_size=22331, ...}) = 0
14863 old_mmap(NULL, 22331, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f18000
14863 close(3) = 0
14863 open(/lib/libc.so.6, O_RDONLY) = 3
14863 read(3, \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0
\212N(\000..., 512) = 512
14863 fstat64(3, {st_mode=S_IFREG|0755, st_size=1485672, ...}) = 0
14863 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|
MAP_ANONYMOUS, -1, 0) = 0xb7f17000
14863 old_mmap(0x27, 1215452, PROT_READ|PROT_EXEC, MAP_PRIVATE|
MAP_DENYWRITE, 3, 0) = 0x27
14863 old_mmap(0x393000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|
MAP_FIXED|MAP_DENYWRITE, 3, 0x123000) = 0x393000
14863 old_mmap(0x397000, 7132, PROT_READ|PROT_WRITE, MAP_PRIVATE|
MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x397000
14863 close(3) = 0
14863 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|
MAP_ANONYMOUS, -1, 0) = 0xb7f16000
14863 set_thread_area({entry_number:-1 - 6, base_addr:0xb7f166c0,
limit:1048575, seg_32bit:1, contents:0, read_exec_only:0,
limit_in_pages:1, seg_not_present:0, useable:1}) = 0
14863 mprotect(0x393000, 8192, PROT_READ) = 0
14863 mprotect(0x26c000, 4096, PROT_READ) = 0
14863 munmap(0xb7f18000, 22331) = 0
14863 brk(0)= 0x8e35000
14863 brk(0x8e56000)= 0x8e56000
14863 open(/usr/lib/locale/locale-archive,
Re: Sieve Authentication Fails
On Thursday 03 February 2005 23.24, Dan Perez wrote: Hi All, I see that this question has been posted before, but I don't see a clear answer, so forgive me. Any leads would be appreciated. I'm running cyrus 2.2.10, on RHEL 3.0. It works great. Now I want to start using sieve... but I can't get sieveshell to connect to the server and I don't understand why. [EMAIL PROTECTED] log]# sieveshell -u cyrus localhost connecting to localhost Please enter your password: unable to connect to server at /usr/bin/sieveshell line 169, STDIN line 1. my imapd conf: configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem tls_ca_file: /usr/share/ssl/certs/ca-bundle.crt saslauthd is running w/ -a pam Authentication works fine for the IMAP server, cyradm. Sieve is listening... [EMAIL PROTECTED] log]# telnet localhost sieve Trying 127.0.0.1... Connected to localhost (127.0.0.1). Escape character is '^]'. IMPLEMENTATION Cyrus timsieved v2.2.10-Invoca-RPM-2.2.10-8 SASL PLAIN SIEVE fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex STARTTLS OK Heck, I even get sieve headers in my emails... X-Sieve: CMU Sieve 2.2 Any ideas? Thanks, Dan --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Hi See my attached /etc/imad.conf file Take an extra look at the row allowplaintext. There are maybe other ways around the problem. But I have not found any (yet)... So allowplaintext: yes is needed for sieve logins to work. If TLS is required the sieve login will fail. That was the case with earlier realeases... Now I use 2.2.10 and have not checked if sieve works with TLS. --snip-- configdirectory: /var/imap partition-default: /var/spool/imap admins: root cyradm admin1 admin2 sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN LOGIN allowanonymouslogin: no allowplaintext: yes -- NEED THIS FOR SIEVE LOGIN THAT FAILS OTHERWISE sendmail: /usr/sbin/sendmail quotawarn: 90 servername:MY_FQDN_IMAP_HOST sievedir: /var/sieve sieve_maxscripts: 20 timeout: 240 sievenotifier: mailto mailnotifier: mailto altnamespace: 1 berkeley_cachesize: 8192 postmaster: [EMAIL PROTECTED] sharedprefix: Shared Folders userprefix: Other Users imapidlepoll: 60 tls_cert_file: /var/imap/server.pem tls_key_file: /var/imap/server.pem tls_ca_file: /var/imap/server.pem --snip-- Hope this could be of any help. Regards /Per-Olov -- GPG keyID: 4DB283CE GPG fingerprint: 45E8 3D0E DE05 B714 D549 45BC CFB4 BBE9 4DB2 83CE pgpPRveYQYWcu.pgp Description: PGP signature
Re: Sieve Authentication Fails
On Thu, 2005-02-03 at 14:24 -0800, Dan Perez wrote: Hi All, I see that this question has been posted before, but I don't see a clear answer, so forgive me. Any leads would be appreciated. I'm running cyrus 2.2.10, on RHEL 3.0. It works great. Now I want to start using sieve... but I can't get sieveshell to connect to the server and I don't understand why. [EMAIL PROTECTED] log]# sieveshell -u cyrus localhost connecting to localhost Please enter your password: unable to connect to server at /usr/bin/sieveshell line 169, STDIN line 1 saslpasswd cyrus #add password for cyrus to sasldb Well, if sieve uses saslauthd - pam to authenticate, there is no need for having a sasldb file with cyrus user. IIRC the problem is that sieveshell doesn't have the --auth parameter like cyradm. The sieve server works, but not sieveshell. Can someone confirm this or has someone already made a patch to fix sieveshell? Simon --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve Authentication Fails
On Fri, 4 Feb 2005, Simon Matter wrote: On Thu, 2005-02-03 at 14:24 -0800, Dan Perez wrote: Hi All, I see that this question has been posted before, but I don't see a clear answer, so forgive me. Any leads would be appreciated. I'm running cyrus 2.2.10, on RHEL 3.0. It works great. Now I want to start using sieve... but I can't get sieveshell to connect to the server and I don't understand why. [EMAIL PROTECTED] log]# sieveshell -u cyrus localhost connecting to localhost Please enter your password: unable to connect to server at /usr/bin/sieveshell line 169, STDIN line 1 saslpasswd cyrus #add password for cyrus to sasldb Well, if sieve uses saslauthd - pam to authenticate, there is no need for having a sasldb file with cyrus user. IIRC the problem is that sieveshell doesn't have the --auth parameter like cyradm. The sieve server works, but not sieveshell. It has --authname and it works fine. Check man pages. -- Igor --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve Authentication Fails
It has --authname and it works fine. Check man pages. Igor --- Sorry, unless I'm misunderstanding something... that's not it. According to the man pages --authname let's you pass in a different username for authentication, it doesn't let you specify a mechanism... Dan --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve Authentication Fails
On Fri, 4 Feb 2005, Dan Perez wrote: It has --authname and it works fine. Check man pages. Igor --- Sorry, unless I'm misunderstanding something... that's not it. According to the man pages --authname let's you pass in a different username for authentication, it doesn't let you specify a mechanism... You are correct, you cannot pass a mechanism to sieveshell. I incorrectly assumed that --auth in cyradm is an authentication username. -- Igor --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve Authentication Fails - Resolved
OK, I'm not sure why this works, but if I su to the unix account which matches the mailbox name of the mailbox I'm trying to run sieveshell for and it works just fine. I had assumed I could be running as root, or another account I use to manage stuff and just pass in the username with a -u parameter. I only tried this because I installed the avelsieve squirrelmail plugin. Once installed, the plugin worked fine, so I knew authentication worked with sieve. That's when it occurred to me to actually su to that unix account, and re-run sieveshell. Thanks for the help guys. Appreciate it. Dan From: Igor Brezac [EMAIL PROTECTED] To: Dan Perez [EMAIL PROTECTED] CC: info-cyrus@lists.andrew.cmu.edu Subject: Re: Sieve Authentication Fails Date: Fri, 4 Feb 2005 14:30:07 -0500 (EST) On Fri, 4 Feb 2005, Dan Perez wrote: It has --authname and it works fine. Check man pages. Igor --- Sorry, unless I'm misunderstanding something... that's not it. According to the man pages --authname let's you pass in a different username for authentication, it doesn't let you specify a mechanism... You are correct, you cannot pass a mechanism to sieveshell. I incorrectly assumed that --auth in cyradm is an authentication username. -- Igor --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve Authentication Fails - Resolved
OK, I'm not sure why this works, but if I su to the unix account which matches the mailbox name of the mailbox I'm trying to run sieveshell for and it works just fine. I had assumed I could be running as root, or another account I use to manage stuff and just pass in the username with a -u parameter. I just tried it and it worked this way (as root): sieveshell --user=simix --authname=simix localhost Simon I only tried this because I installed the avelsieve squirrelmail plugin. Once installed, the plugin worked fine, so I knew authentication worked with sieve. That's when it occurred to me to actually su to that unix account, and re-run sieveshell. Thanks for the help guys. Appreciate it. Dan From: Igor Brezac [EMAIL PROTECTED] To: Dan Perez [EMAIL PROTECTED] CC: info-cyrus@lists.andrew.cmu.edu Subject: Re: Sieve Authentication Fails Date: Fri, 4 Feb 2005 14:30:07 -0500 (EST) On Fri, 4 Feb 2005, Dan Perez wrote: It has --authname and it works fine. Check man pages. Igor --- Sorry, unless I'm misunderstanding something... that's not it. According to the man pages --authname let's you pass in a different username for authentication, it doesn't let you specify a mechanism... You are correct, you cannot pass a mechanism to sieveshell. I incorrectly assumed that --auth in cyradm is an authentication username. -- Igor --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Sieve Authentication Fails
Hi All, I see that this question has been posted before, but I don't see a clear answer, so forgive me. Any leads would be appreciated. I'm running cyrus 2.2.10, on RHEL 3.0. It works great. Now I want to start using sieve... but I can't get sieveshell to connect to the server and I don't understand why. [EMAIL PROTECTED] log]# sieveshell -u cyrus localhost connecting to localhost Please enter your password: unable to connect to server at /usr/bin/sieveshell line 169, STDIN line 1. my imapd conf: configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem tls_ca_file: /usr/share/ssl/certs/ca-bundle.crt saslauthd is running w/ -a pam Authentication works fine for the IMAP server, cyradm. Sieve is listening... [EMAIL PROTECTED] log]# telnet localhost sieve Trying 127.0.0.1... Connected to localhost (127.0.0.1). Escape character is '^]'. IMPLEMENTATION Cyrus timsieved v2.2.10-Invoca-RPM-2.2.10-8 SASL PLAIN SIEVE fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex STARTTLS OK Heck, I even get sieve headers in my emails... X-Sieve: CMU Sieve 2.2 Any ideas? Thanks, Dan --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve Authentication Fails
On Thu, 2005-02-03 at 14:24 -0800, Dan Perez wrote: Hi All, I see that this question has been posted before, but I don't see a clear answer, so forgive me. Any leads would be appreciated. I'm running cyrus 2.2.10, on RHEL 3.0. It works great. Now I want to start using sieve... but I can't get sieveshell to connect to the server and I don't understand why. [EMAIL PROTECTED] log]# sieveshell -u cyrus localhost connecting to localhost Please enter your password: unable to connect to server at /usr/bin/sieveshell line 169, STDIN line 1 saslpasswd cyrus #add password for cyrus to sasldb Craig --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
sieve authentication problem
hi,
i've installed cyrus from debian packages:
ii cyrus21-admin 2.1.16-10 Cyrus mail system (administration tool)
ii cyrus21-common 2.1.16-10 Cyrus mail system (common files)
ii cyrus21-imapd 2.1.16-10 Cyrus mail system (IMAP support)
ii libcyrus-imap- 2.1.16-10 Interface to Cyrus imap client imclient
libr
ii libsasl2 2.1.19-1.5 Authentication abstraction library
ii libsasl2-dev 2.1.19-1.5 Development files for authentication
abstrac
ii libsasl2-gssap 2.1.19-1.1 GSSAPI module for SASL using MIT Kerberos
ii libsasl2-krb4- 2.1.19-1.1 Kerberos4 module for SASL using MIT
Kerbero
ii libsasl2-modul 2.1.19-1.5 Pluggable Authentication Modules for SASL
ii libsasl7 1.5.28-6.4 Authentication abstraction library
ii sasl-bin 1.5.28-6.4 Programs for manipulating the SASL users
dat
ii sasl2-bin 2.1.19-1.5 Programs for manipulating the SASL users
dat
the system's auth system is completely managed by ldap (pam, nss). i'm usig
saslauthd with mech ldap and this config:
ldap_servers: ldap://localhost/
ldap_search_base: dc=bange-verlag,dc=de
impap authentication works as expected. but sieve does not. whe i use
sivtest i get:
sivtest -u andrea -a andrea localhost
S: IMPLEMENTATION Cyrus timsieved v2.1.16-IPv6-Debian-2.1.16-10
S: SASL PLAIN
S: SIEVE fileinto reject envelope vacation imapflags notify subaddress
relational regex
S: OK
Please enter your password:
C: AUTHENTICATE PLAIN {28+}
YW5kcmVhAGFuZHJlYQBhbmRyZWE=
S: NO Authentication Error
Authentication failed. generic failure
Security strength factor: 0
i can't track this down, because timsievd does not log any thing while this
test. the only log's i have are my ldap logs:
Dec 15 09:47:10 server slapd[4236]: conn=10630 fd=26 closed
Dec 15 09:47:38 server slapd[4236]: conn=10607 op=3 BIND anonymous
mech=implicit ssf=0
Dec 15 09:47:38 server slapd[4236]: conn=10607 op=3 BIND dn= method=128
Dec 15 09:47:38 server slapd[4236]: conn=10607 op=3 RESULT tag=97 err=0
text=
Dec 15 09:47:38 server slapd[4236]: conn=10607 op=4 SRCH
base=dc=bange-verlag,dc=de scope=2 filter=(uid=andrea)
Dec 15 09:47:38 server slapd[4236]: conn=10607 op=4 SRCH attr=dn
Dec 15 09:47:38 server slapd[4236]: conn=10607 op=4 SEARCH RESULT tag=101
err=0 nentries=1 text=
Dec 15 09:47:38 server slapd[4236]: conn=10607 op=5 BIND
dn=uid=andrea,ou=people,dc=bange-verlag,dc=de method=128
Dec 15 09:47:38 server slapd[4236]: conn=10607 op=5 BIND
dn=uid=andrea,ou=people,dc=bange-verlag,dc=de mech=SIMPLE ssf=0
Dec 15 09:47:38 server slapd[4236]: conn=10607 op=5 RESULT tag=97 err=0
text=
Dec 15 09:47:38 server slapd[4236]: conn=10631 fd=26 ACCEPT from
IP=127.0.0.1:45157 (IP=0.0.0.0:389)
Dec 15 09:47:38 server slapd[4236]: conn=10631 op=0 BIND
dn=cn=nss,dc=bange-verlag,dc=de method=128
Dec 15 09:47:38 server slapd[4236]: conn=10631 op=0 BIND
dn=cn=nss,dc=bange-verlag,dc=de mech=SIMPLE ssf=0
Dec 15 09:47:38 server slapd[4236]: conn=10631 op=0 RESULT tag=97 err=0
text=
Dec 15 09:47:38 server slapd[4236]: conn=10631 op=1 SRCH
base=dc=bange-verlag,dc=de scope=2
filter=((objectClass=posixAccount)(uid=andrea))
Dec 15 09:47:38 server slapd[4236]: conn=10631 op=1 SRCH attr=uid
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
description objectClass
Dec 15 09:47:38 server slapd[4236]: conn=10631 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text=
Dec 15 09:47:38 server slapd[4236]: conn=10631 op=2 SRCH
base=dc=bange-verlag,dc=de scope=2 filter=((objectClass=posixGroup))
Dec 15 09:47:38 server slapd[4236]: conn=10631 op=2 SRCH attr=cn
userPassword memberUid uniqueMember gidNumber
Dec 15 09:47:38 server slapd[4236]: conn=10631 op=2 SEARCH RESULT tag=101
err=0 nentries=4 text=
Dec 15 09:47:43 server slapd[4236]: conn=10631 fd=26 closed
as you can see, NONE of the ldap queries faild.
can some one please help me tracking donwn this problem ?
TIA
--
Matthias Henze[EMAIL PROTECTED]
Use PGP!! http://www.mhcsoftware.de/MatthiasHenze.asc
- - - - - - - - - - - - - - - - - - - - - - - - - - - -
MHC SoftWare GmbH voice: +49-(0)9533-92006-0
Fichtera 17 fax: +49-(0)9533-92006-6
96274 Itzgrund/Germanye-Mail: [EMAIL PROTECTED]
- - - - - - - - - - - - - - - - - - - - - - - - - - - -
pgplvW2FJYqS0.pgp
Description: PGP signature
sieve: authentication error
Hello,
I am having trouble with sieve not wanting to authenticate anyone. imtest
works fine, sivtest (and therefore sieveshell) do not, no matter what
sasl-mechanism I am trying. I am using auxprop (sasldb) as user database. Two
examples below, but fails for all mechanisms. Fails for the adminstrative
user cyrus, too.
This problem seems to be quite common, however, I have not found any useful
answer so far. So, if anyone has an Idea, I'd appreciate any help.
# sivtest -u test -a test localhost
S: IMPLEMENTATION Cyrus timsieved v2.2.8-Gentoo
S: SASL GSSAPI CRAM-MD5 DIGEST-MD5 LOGIN PLAIN NTLM
S: SIEVE fileinto reject envelope vacation imapflags notify subaddress
relational regex
S: STARTTLS
S: OK
Authentication failed. generic failure
Security strength factor: 0
# sivtest -u test -a test localhost -m DIGEST-MD5
S: IMPLEMENTATION Cyrus timsieved v2.2.8-Gentoo
S: SASL GSSAPI CRAM-MD5 DIGEST-MD5 LOGIN PLAIN NTLM
S: SIEVE fileinto reject envelope vacation imapflags notify subaddress
relational regex
S: STARTTLS
S: OK
C: AUTHENTICATE DIGEST-MD5
S: {244}
S:
bm9uY2U9IkVBbWROaHRoY1FxdUt0VDNhN0U1ZDhPV21STXkraEpiVjFtWUszNTNKVk09IixyZWFsbT0iZHJhY2hlbnRvciIscW9wPSJhdXRoLGF1dGgtaW50LGF1dGgtY29uZiIsY2lwaGVyPSJyYzQtNDAscmM0LTU2LHJjNCxkZXMsM2RlcyIsbWF4YnVmPTQwOTYsY2hhcnNldD11dGYtOCxhbGdvcml0aG09bWQ1LXNlc3M=
Please enter your password:
{348+}
C:
dXNlcm5hbWU9InRlc3QiLHJlYWxtPSJkcmFjaGVudG9yIixub25jZT0iRUFtZE5odGhjUXF1S3RUM2E3RTVkOE9XbVJNeStoSmJWMW1ZSzM1M0pWTT0iLGNub25jZT0iNW1rR21SWkdtaGo0akdNVXdUbS8zcXdMK0hpZW5kWmZPcGVrcEhkQVpzST0iLG5jPTAwMDAwMDAxLHFvcD1hdXRoLWNvbmYsY2lwaGVyPXJjNCxtYXhidWY9MTAyNCxkaWdlc3QtdXJpPSJzaWV2ZS9sb2NhbGhvc3QiLHJlc3BvbnNlPThkOTFkOGZmY2ExMzdmODZjNzAyMDJiYjc1MGViMTcx
S: NO Authentication Error
Authentication failed. generic failure
Security strength factor: 128
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
SIEVE authentication failed
Hi,
I migrated from Cyrus Imap 2.1.16 to 2.2.8 a couple of days ago.
Since then I can not login to Sieve any more.
Can anyone help me?
below I included my imapd.conf, sivtest output and imtest output
Cheers
Gerald
bash-2.05# sivtest -u ggriessn localhost
S: IMPLEMENTATION Cyrus timsieved v2.2.8
S: SIEVE fileinto reject envelope vacation imapflags notify subaddress
relational regex
S: STARTTLS
S: OK
Authentication failed. generic failure
Security strength factor: 0
C: LOGOUT
OK Logout Complete
Connection closed.
bash-2.05# imtest -u ggriessn localhost
S: * OK mail.salzburgresearch.at Cyrus IMAP4 v2.2.8 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY
SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE STARTTLS
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN root {8}
S: + go ahead
C: omitted
S: L01 NO Login failed: authentication failure
Authentication failed. generic failure
Security strength factor: 0
C: Q01 LOGOUT
* BYE LOGOUT received
Q01 OK Completed
Connection closed.
And here is my imapd.conf:
allowanonymouslogin:no
allowapop: no
allowplaintext: yes
allowplaintextwithouttls: yes
allowusermoves: 1
annotation_db: skiplist
autocreatequota:400
configdirectory:/var/imap/config
deleteright:c
duplicate_db: berkeley-nosync
duplicatesuppression: 1
imapidlepoll: 60
mboxlist_db: berkeley
partition-default: /var/imap/data
postmaster: [EMAIL PROTECTED]
quota_db: berkeley
quotawarn: 90
sasl_option:yes
sasl_auto_transition: no
sasl_maximum_layer: 256
sasl_mech_list: PLAIN
sasl_minimum_layer: 0
sasl_pwcheck_method:pam saslauthd
sasl_reauth_timeout:0
sasl_saslauthd_path:/var/state/saslauthd/mux
seenstate_db: berkeley
sendmail: /usr/exim/bin/exim
servername: mail.salzburgresearch.at
sieve_maxscripts: 16
sieve_maxscriptsize:128
sievedir: /var/imap/sieve
sievenotifier: SIEVE
sieveusehomedir:false
singleinstancestore:yes
subscription_db:berkeley
tlscache_db: berkeley-nosync
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: SIEVE authentication failed
Gerald Griessner wrote:
Hi,
I migrated from Cyrus Imap 2.1.16 to 2.2.8 a couple of days ago.
Since then I can not login to Sieve any more.
Can anyone help me?
below I included my imapd.conf, sivtest output and imtest output
Cheers
Gerald
bash-2.05# sivtest -u ggriessn localhost
S: IMPLEMENTATION Cyrus timsieved v2.2.8
S: SIEVE fileinto reject envelope vacation imapflags notify
subaddress relational regex
S: STARTTLS
S: OK
Cyrus isn't finding your SASL plugins, because no SASL mechs are listed
in the capability list. Make sure you have SASL installed correctly.
Authentication failed. generic failure
Security strength factor: 0
C: LOGOUT
OK Logout Complete
Connection closed.
bash-2.05# imtest -u ggriessn localhost
S: * OK mail.salzburgresearch.at Cyrus IMAP4 v2.2.8 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
STARTTLS
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN root {8}
S: + go ahead
C: omitted
S: L01 NO Login failed: authentication failure
Authentication failed. generic failure
Security strength factor: 0
C: Q01 LOGOUT
* BYE LOGOUT received
Q01 OK Completed
Connection closed.
And here is my imapd.conf:
allowanonymouslogin:no
allowapop: no
allowplaintext: yes
allowplaintextwithouttls: yes
allowusermoves: 1
annotation_db: skiplist
autocreatequota:400
configdirectory:/var/imap/config
deleteright:c
duplicate_db: berkeley-nosync
duplicatesuppression: 1
imapidlepoll: 60
mboxlist_db: berkeley
partition-default: /var/imap/data
postmaster: [EMAIL PROTECTED]
quota_db: berkeley
quotawarn: 90
sasl_option:yes
sasl_auto_transition: no
sasl_maximum_layer: 256
sasl_mech_list: PLAIN
sasl_minimum_layer: 0
sasl_pwcheck_method:pam saslauthd
sasl_reauth_timeout:0
sasl_saslauthd_path:/var/state/saslauthd/mux
seenstate_db: berkeley
sendmail: /usr/exim/bin/exim
servername: mail.salzburgresearch.at
sieve_maxscripts: 16
sieve_maxscriptsize:128
sievedir: /var/imap/sieve
sievenotifier: SIEVE
sieveusehomedir:false
singleinstancestore:yes
subscription_db:berkeley
tlscache_db: berkeley-nosync
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: SIEVE authentication failed
--On Wednesday, September 01, 2004 08:49:25 -0400 Ken Murchison [EMAIL PROTECTED] wrote: Gerald Griessner wrote: Hi, I migrated from Cyrus Imap 2.1.16 to 2.2.8 a couple of days ago. Since then I can not login to Sieve any more. Can anyone help me? below I included my imapd.conf, sivtest output and imtest output Cheers Gerald bash-2.05# sivtest -u ggriessn localhost S: IMPLEMENTATION Cyrus timsieved v2.2.8 S: SIEVE fileinto reject envelope vacation imapflags notify subaddress relational regex S: STARTTLS S: OK Cyrus isn't finding your SASL plugins, because no SASL mechs are listed in the capability list. Make sure you have SASL installed correctly. SNIP Hi Ken, actually IMAP is authenticating against SASL. I compiled sasl 2.1.9 like: ./configure --prefix=/usr/cyrus-sasl --sysconfdir=/etc --enable-login --disable-checkapop --disable-krb4 --disable-gssapi --with-openssl=/usr/local/ssl --with-saslauthd=/var/state/saslauthd --with-ldap And in sasldb/Makefile line 245 changed LOCAL_SASL_DB_BACKEND_STATIC := toLOCAL_SASL_DB_BACKEND_STATIC = since it was not making I'm starting the daemeon like: /usr/cyrus-sasl/sbin/saslauthd -a pam -O /etc/saslauthd /etc/saslauthd: MECHANISMS=pam --enable-login --disable-checkapop --disable-krb4 --disable-gssapi --with-openssl=/usr/local/ssl --with-saslauthd=/var/state/saslauthd I did exactly the same as with version 2.1.17 (old Server) Can you give me any hint? Cheers Gerald --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: SIEVE authentication failed
Gerald Griessner wrote: --On Wednesday, September 01, 2004 08:49:25 -0400 Ken Murchison [EMAIL PROTECTED] wrote: Gerald Griessner wrote: Hi, I migrated from Cyrus Imap 2.1.16 to 2.2.8 a couple of days ago. Since then I can not login to Sieve any more. Can anyone help me? below I included my imapd.conf, sivtest output and imtest output Cheers Gerald bash-2.05# sivtest -u ggriessn localhost S: IMPLEMENTATION Cyrus timsieved v2.2.8 S: SIEVE fileinto reject envelope vacation imapflags notify subaddress relational regex S: STARTTLS S: OK Cyrus isn't finding your SASL plugins, because no SASL mechs are listed in the capability list. Make sure you have SASL installed correctly. SNIP Hi Ken, actually IMAP is authenticating against SASL. I compiled sasl 2.1.9 like: ./configure --prefix=/usr/cyrus-sasl --sysconfdir=/etc --enable-login --disable-checkapop --disable-krb4 --disable-gssapi --with-openssl=/usr/local/ssl --with-saslauthd=/var/state/saslauthd --with-ldap And in sasldb/Makefile line 245 changed LOCAL_SASL_DB_BACKEND_STATIC := toLOCAL_SASL_DB_BACKEND_STATIC = since it was not making I'm starting the daemeon like: /usr/cyrus-sasl/sbin/saslauthd -a pam -O /etc/saslauthd /etc/saslauthd: MECHANISMS=pam --enable-login --disable-checkapop --disable-krb4 --disable-gssapi --with-openssl=/usr/local/ssl --with-saslauthd=/var/state/saslauthd I did exactly the same as with version 2.1.17 (old Server) Can you give me any hint? Try making a link fro /usr/lib/sasl2 to the directory which contains the mschanism plugins (libplain.so, libcrammd5.so, etc). -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: SIEVE authentication failed
--On Wednesday, September 01, 2004 11:40:40 -0400 Ken Murchison [EMAIL PROTECTED] wrote: Cyrus isn't finding your SASL plugins, because no SASL mechs are listed in the capability list. Make sure you have SASL installed correctly. SNIP Hi Ken, actually IMAP is authenticating against SASL. I compiled sasl 2.1.9 like: ./configure --prefix=/usr/cyrus-sasl --sysconfdir=/etc --enable-login --disable-checkapop --disable-krb4 --disable-gssapi --with-openssl=/usr/local/ssl --with-saslauthd=/var/state/saslauthd --with-ldap And in sasldb/Makefile line 245 changed LOCAL_SASL_DB_BACKEND_STATIC := toLOCAL_SASL_DB_BACKEND_STATIC = since it was not making I'm starting the daemeon like: /usr/cyrus-sasl/sbin/saslauthd -a pam -O /etc/saslauthd /etc/saslauthd: MECHANISMS=pam --enable-login --disable-checkapop --disable-krb4 --disable-gssapi --with-openssl=/usr/local/ssl --with-saslauthd=/var/state/saslauthd I did exactly the same as with version 2.1.17 (old Server) Can you give me any hint? Try making a link fro /usr/lib/sasl2 to the directory which contains the mschanism plugins (libplain.so, libcrammd5.so, etc). Many thanks, that works. Although, I'm not sure why, because my linker (crle) shows /usr/cyrus-sasl/lib it in the search path. Anyway Cheers Gerald --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sieve authentication
Denis V. Suhanov wrote: Hello Rob, Thursday, January 8, 2004, 1:42:58 PM, you wrote: Is there a way to disable plaintext passwords in imap but allow them in sieve (since I have it running locally). There is a bug in PHP's Net_Sieve module that makes it hang whenever timsieved does not report a PLAIN method (http://pear.php.net/bugs/bug.php?id=159). RS If you are running 2.2.x you can have a per-serive allowplaintext option. You mean, by using a -C switch and a separate imapd.conf, only for timsieved (that's what I've done)? I failed to find any sieve-specific options in man imapd.conf In 2.2, you can prefix any option with the service name (as it appears in cyrus.conf. So the following are valid options: imap_allowplaintext sieve_allowplaintext -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
sieve authentication
Hello, Is there a way to disable plaintext passwords in imap but allow them in sieve (since I have it running locally). There is a bug in PHP's Net_Sieve module that makes it hang whenever timsieved does not report a PLAIN method (http://pear.php.net/bugs/bug.php?id=159). Thanks a lot. -- Sincerely yours, Denis Suhanovmailto:[EMAIL PROTECTED]
Re: sieve authentication
On Thu, 8 Jan 2004, Denis V. Suhanov wrote: Is there a way to disable plaintext passwords in imap but allow them in sieve (since I have it running locally). There is a bug in PHP's Net_Sieve module that makes it hang whenever timsieved does not report a PLAIN method (http://pear.php.net/bugs/bug.php?id=159). If you are running 2.2.x you can have a per-serive allowplaintext option. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re[2]: sieve authentication
Hello Rob, Thursday, January 8, 2004, 1:42:58 PM, you wrote: Is there a way to disable plaintext passwords in imap but allow them in sieve (since I have it running locally). There is a bug in PHP's Net_Sieve module that makes it hang whenever timsieved does not report a PLAIN method (http://pear.php.net/bugs/bug.php?id=159). RS If you are running 2.2.x you can have a per-serive allowplaintext option. You mean, by using a -C switch and a separate imapd.conf, only for timsieved (that's what I've done)? I failed to find any sieve-specific options in man imapd.conf -- Best regards, Denismailto:[EMAIL PROTECTED]
Re: Sieve authentication
Hi;
My users's inbox have another machine and another directory. For examble
"
username:
user's home directory = /ev/.../ (user server)
user's mail directory = /posta/ (mail server)
(this servers is different machine and ip)
"
I connected mail server that said me "no found mbox " and "no found valid
mbox".Why?How could i solve this problem?
Please help me..
Thanks..
Ken Murchison wrote:
The service name for Sieve was changed from "imap" to "sieve". Copy
your "imap" PAM config to "sieve" and you should be fine.
David Chait wrote:
Greetings all,
I'm in the process of upgrading our current cyrus install and so
far it has gone will with the one caviat that I cannot for some reason
get Sieve to authenticate users. The IMAP daemon however works fine.
As you can see below, I can see auth mechanisms:
[root@bonmail adm]# telnet localhost 2000
Trying 127.0.0.1...
Connected to bonmail.stanford.edu (127.0.0.1).
Escape character is '^]'.
"IMPLEMENTATION" "Cyrus timsieved v2.1.11"
"SASL" "PLAIN"
"SIEVE" "fileinto reject envelope vacation imapflags notify subaddress
relational regex"
OK
However whenever I attempt to authenticate via the test utility, I get
the following:
[root@bonmail adm]# sivtest -u dchait localhost
S: "IMPLEMENTATION" "Cyrus timsieved v2.1.11"
S: "SASL" "PLAIN"
S: "SIEVE" "fileinto reject envelope vacation imapflags notify
subaddress relational regex"
S: OK
Please enter your password:
C: AUTHENTICATE "PLAIN" {28+}
ZGNoYWl0AHJvb3QATTExa3kjV0B5
S: NO "Authentication Error"
Authentication failed. generic failure
Security strength factor: 0
The logs show a PAM error, however my PAM file hasn't changed between
installs:
Dec 27 01:17:28 bonmail saslauthd[19310]: DEBUG: auth_pam:
pam_authenticate failed: Authentication failure
Dec 27 01:17:28 bonmail saslauthd[19310]: AUTHFAIL: user=dchait
service=sieve realm= [PAM auth error]
Dec 27 01:17:28 bonmail timsieved[19607]: Password verification failed
imap file in pam.d shows:
auth required pam_nologin.so
auth required pam_stack.so service=system-auth
accountrequired pam_stack.so service=system-auth
sessionrequired pam_stack.so service=system-auth
My cyrus.conf file shows:
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd="ctl_cyrusdb -r"
# this is only necessary if using idled for IMAP IDLE
# idledcmd="idled"
}
# UNIX sockets start with a slash and are put into /var/imap/socket
SERVICES {
# add or remove based on preferences
imap cmd="imapd" listen="imap" prefork=0
imaps cmd="imapd -s" listen="imaps" prefork=0
# pop3 cmd="pop3d" listen="pop3" prefork=0
# pop3scmd="pop3d -s" listen="pop3s" prefork=0
sieve cmd="timsieved" listen="sieve" prefork=0
# at least one LMTP is required for delivery
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
# this is only necessary if using notifications
# notify cmd="notifyd" listen="/var/imap/socket/notify"
proto="udp" prefork=1
}
EVENTS {
# this is required
checkpointcmd="ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery suppression
delprune cmd="ctl_deliver -E 3" period=1440
# this is only necessary if caching TLS sessions
tlsprune cmd="tls_prune" period=1440
}
This is on a Red Hat 7.3 based Dell server Runing the latest stable
versions of both sasl and cyrus imap. Any ideas?
Thanks,
David
--
Your favorite stores, helpful shopping tools and great gift ideas. Experience
the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/
Sieve authentication
Greetings all,
I'm in the process of upgrading
our current cyrus install and so far it has gone will with the one caviat that I
cannot for some reason get Sieve to authenticate users. The IMAP daemon however
works fine. As you can see below, I can see auth mechanisms:
[root@bonmail adm]# telnet localhost 2000Trying
127.0.0.1...Connected to bonmail.stanford.edu (127.0.0.1).Escape
character is '^]'."IMPLEMENTATION" "Cyrus timsieved v2.1.11""SASL"
"PLAIN""SIEVE" "fileinto reject envelope vacation imapflags notify
subaddress relational regex"OK
However whenever I attempt to authenticate via the
test utility, I get the following:
[root@bonmail adm]# sivtest -u dchait
localhostS: "IMPLEMENTATION" "Cyrus timsieved v2.1.11"S: "SASL"
"PLAIN"S: "SIEVE" "fileinto reject envelope vacation imapflags notify
subaddress relational regex"S: OKPlease enter your password: C:
AUTHENTICATE "PLAIN" {28+}ZGNoYWl0AHJvb3QATTExa3kjV0B5S: NO
"Authentication Error"Authentication failed. generic failureSecurity
strength factor: 0
The logs show a PAM error, however my PAM file
hasn't changed between installs:
Dec 27 01:17:28 bonmail saslauthd[19310]: DEBUG:
auth_pam: pam_authenticate failed: Authentication failureDec 27 01:17:28
bonmail saslauthd[19310]: AUTHFAIL: user=dchait service=sieve realm= [PAM auth
error]Dec 27 01:17:28 bonmail timsieved[19607]: Password verification
failed
imap file in pam.d shows:
auth
required
pam_nologin.soauth
required pam_stack.so
service=system-authaccount
required pam_stack.so
service=system-authsession
required pam_stack.so service=system-auth
My cyrus.conf file shows:
# standard standalone server
implementation
START { # do not delete this
entry! recover cmd="ctl_cyrusdb
-r"
# this is only necessary if using idled for
IMAP IDLE#
idled
cmd="idled"}
# UNIX sockets start with a slash and are put into
/var/imap/socketSERVICES { # add or remove based on
preferences imap
cmd="imapd" listen="imap" prefork=0
imaps cmd="imapd -s"
listen="imaps" prefork=0#
pop3 cmd="pop3d" listen="pop3"
prefork=0#
pop3s
cmd="pop3d -s" listen="pop3s" prefork=0
sieve cmd="timsieved"
listen="sieve" prefork=0
# at least one LMTP is required for
delivery# lmtp
cmd="lmtpd" listen="lmtp" prefork=0
lmtpunix cmd="lmtpd"
listen="/var/imap/socket/lmtp" prefork=0
# this is only necessary if using
notifications# notify
cmd="notifyd" listen="/var/imap/socket/notify" proto="udp"
prefork=1}
EVENTS { # this is required
checkpoint cmd="ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate
delivery suppression delprune
cmd="ctl_deliver -E 3" period=1440
# this is only necessary if caching TLS
sessions tlsprune cmd="tls_prune"
period=1440}
This is on a Red Hat 7.3 based Dell server Runing
the latest stable versions of both sasl and cyrus imap. Any ideas?
Thanks,
David
Re: Sieve authentication
The service name for Sieve was changed from imap to sieve. Copy
your imap PAM config to sieve and you should be fine.
David Chait wrote:
Greetings all,
I'm in the process of upgrading our current cyrus install and so
far it has gone will with the one caviat that I cannot for some reason
get Sieve to authenticate users. The IMAP daemon however works fine.
As you can see below, I can see auth mechanisms:
[root@bonmail adm]# telnet localhost 2000
Trying 127.0.0.1...
Connected to bonmail.stanford.edu (127.0.0.1).
Escape character is '^]'.
IMPLEMENTATION Cyrus timsieved v2.1.11
SASL PLAIN
SIEVE fileinto reject envelope vacation imapflags notify subaddress
relational regex
OK
However whenever I attempt to authenticate via the test utility, I get
the following:
[root@bonmail adm]# sivtest -u dchait localhost
S: IMPLEMENTATION Cyrus timsieved v2.1.11
S: SASL PLAIN
S: SIEVE fileinto reject envelope vacation imapflags notify
subaddress relational regex
S: OK
Please enter your password:
C: AUTHENTICATE PLAIN {28+}
ZGNoYWl0AHJvb3QATTExa3kjV0B5
S: NO Authentication Error
Authentication failed. generic failure
Security strength factor: 0
The logs show a PAM error, however my PAM file hasn't changed between
installs:
Dec 27 01:17:28 bonmail saslauthd[19310]: DEBUG: auth_pam:
pam_authenticate failed: Authentication failure
Dec 27 01:17:28 bonmail saslauthd[19310]: AUTHFAIL: user=dchait
service=sieve realm= [PAM auth error]
Dec 27 01:17:28 bonmail timsieved[19607]: Password verification failed
imap file in pam.d shows:
auth required pam_nologin.so
auth required pam_stack.so service=system-auth
accountrequired pam_stack.so service=system-auth
sessionrequired pam_stack.so service=system-auth
My cyrus.conf file shows:
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd=ctl_cyrusdb -r
# this is only necessary if using idled for IMAP IDLE
# idledcmd=idled
}
# UNIX sockets start with a slash and are put into /var/imap/socket
SERVICES {
# add or remove based on preferences
imap cmd=imapd listen=imap prefork=0
imaps cmd=imapd -s listen=imaps prefork=0
# pop3 cmd=pop3d listen=pop3 prefork=0
# pop3scmd=pop3d -s listen=pop3s prefork=0
sieve cmd=timsieved listen=sieve prefork=0
# at least one LMTP is required for delivery
# lmtp cmd=lmtpd listen=lmtp prefork=0
lmtpunix cmd=lmtpd listen=/var/imap/socket/lmtp prefork=0
# this is only necessary if using notifications
# notify cmd=notifyd listen=/var/imap/socket/notify
proto=udp prefork=1
}
EVENTS {
# this is required
checkpointcmd=ctl_cyrusdb -c period=30
# this is only necessary if using duplicate delivery suppression
delprune cmd=ctl_deliver -E 3 period=1440
# this is only necessary if caching TLS sessions
tlsprune cmd=tls_prune period=1440
}
This is on a Red Hat 7.3 based Dell server Runing the latest stable
versions of both sasl and cyrus imap. Any ideas?
Thanks,
David
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: cyrus sieve authentication imapd-2.1.3
Do you have a sieve file in /etc/pam.d as you probably have for imap? WRT the sasldb2 queries, you may want to add sasl_mech_list: plain to /etc/imapd.conf -Hein On Fri, 2002-04-26 at 05:26, Kalpit Jain wrote: [...] I have started saslauthd using pam: saslauthd -a pam My imap authentication works fine... but my sieve authenctication does not work . [...] When I see the logs it trying to use sasldb2 file for user information signature.asc Description: This is a digitally signed message part
Re: cyrus sieve authentication imapd-2.1.3
On Fri, 2002-04-26 at 09:28, Kalpit Jain wrote: Yes i do have a sieve file in /etc/pam.d/ Ok, then maybe you should post some more detailed information --- the pertinent log messages, as what user you try to log in, whether that user has an IMAP mailbox, the command lines for logging into cyradm and sieveshell etc. -Hein signature.asc Description: This is a digitally signed message part
Re: cyrus sieve authentication imapd-2.1.3
Yes i do have a sieve file in /etc/pam.d/ but it still does not seem to work Hein Roehrig wrote: Do you have a sieve file in /etc/pam.d as you probably have for imap? WRT the sasldb2 queries, you may want to add sasl_mech_list: plain to /etc/imapd.conf -Hein On Fri, 2002-04-26 at 05:26, Kalpit Jain wrote: [...] > I have started saslauthd using pam: > saslauthd -a pam > > My imap authentication works fine... > but my sieve authenctication does not work . [...] > When I see the logs it trying to use sasldb2 file for user information Name: signature.asc signature.asc Type: application/pgp-signature Description: This is a digitally signed message part -- Thanx Regards Kalpit Jain Email: [EMAIL PROTECTED] Netcore Solutions Pvt Ltd 402, Peninsula Chambers (Morarjee Mills Compound) Ganpat Rao Kadam Marg (Behind Piramal Hospital) Near A-Z Industrial Estate Lower Parel Mumbai 400 013. Phone: 462 8000 (Board)
Re: cyrus sieve authentication imapd-2.1.3
Kalpit Jain wrote: Yes i do have a sieve file in /etc/pam.d/ but it still does not seem to work Have you installed the sasl-plain plugin? (libplain.la, libplain.so* in a location where sasl will look for them, tipically /usr/lib/sasl2) Bye -- Luca Olivetti Wetron Automatización S.A. http://www.wetron.es/ Tel. +34 93 5883004 Fax +34 93 5883007
Re: cyrus sieve authentication imapd-2.1.3
Yes, I have installed the sasl-plain plugin Luca Olivetti wrote: Kalpit Jain wrote: > Yes i do have a sieve file in /etc/pam.d/ > but it still does not seem to work Have you installed the sasl-plain plugin? (libplain.la, libplain.so* in a location where sasl will look for them, tipically /usr/lib/sasl2) Bye -- Luca Olivetti Wetron Automatizacin S.A. http://www.wetron.es/ Tel. +34 93 5883004 Fax +34 93 5883007 -- Thanx Regards Kalpit Jain Email: [EMAIL PROTECTED] Netcore Solutions Pvt Ltd 402, Peninsula Chambers (Morarjee Mills Compound) Ganpat Rao Kadam Marg (Behind Piramal Hospital) Near A-Z Industrial Estate Lower Parel Mumbai 400 013. Phone: 462 8000 (Board)
Re: cyrus sieve authentication imapd-2.1.3
Thanx Hein, The sieve thing worked . I already had the sieve file in pam.d directory I had to just put the sasl_mech_list line in /etc/imapd.conf and it worked ... Thanx a lot for the help Hein Roehrig wrote: Do you have a sieve file in /etc/pam.d as you probably have for imap? WRT the sasldb2 queries, you may want to add sasl_mech_list: plain to /etc/imapd.conf -Hein On Fri, 2002-04-26 at 05:26, Kalpit Jain wrote: [...] > I have started saslauthd using pam: > saslauthd -a pam > > My imap authentication works fine... > but my sieve authenctication does not work . [...] > When I see the logs it trying to use sasldb2 file for user information Name: signature.asc signature.asc Type: application/pgp-signature Description: This is a digitally signed message part -- Thanx Regards Kalpit Jain Email: [EMAIL PROTECTED] Netcore Solutions Pvt Ltd 402, Peninsula Chambers (Morarjee Mills Compound) Ganpat Rao Kadam Marg (Behind Piramal Hospital) Near A-Z Industrial Estate Lower Parel Mumbai 400 013. Phone: 462 8000 (Board)
cyrus sieve authentication imapd-2.1.3
Hi, I have IMAPD-2.1.3 my RH7.2 system. I am using LDap as my authentication usinng PAM my /etc/imapd.conf says: # less /etc/imapd.conf configdirectory: /var/imap partition-default: /var/spool/imap admins: cyrus allowanonymouslogin: no # To use the PAM for authentication (but not /etc/passwd or shadow), change # the following line to specify pam instead of sasldb. sasl_pwcheck_method: saslauthd I have started saslauthd using pam: saslauthd -a pam My imap authentication works fine... but my sieve authenctication does not work . Is there some settings which i have to do for sieve ldap authentication When I see the logs it trying to use sasldb2 file for user information Any help in this regard would be appreciated Thanks Regards Kalpit Jain Vice President-Technology Email: [EMAIL PROTECTED] Netcore Solutions Pvt Ltd 402, Peninsula Chambers (Morarjee Mills Compound) Ganpat Rao Kadam Marg (Behind Piramal Hospital) Near A-Z Industrial Estate Lower Parel Mumbai 400 013. Phone: 462 8000 (Board)
Re: sieve authentication
Justin Wood wrote: I recently installed cyrus-imapd 2.0.16 w/ cyrus-sasl 1.5.27 on FreeBSD 4.5-RELEASE (from the ports tree). I managed to get imapd auth working just fine, but when I try to install a sieve script using installsieve, I get the following messages in syslog: Feb 8 14:19:22 fs1 timsieved[9785]: KERBEROS_V4: can't access srvtab file /etc/srvtab: No such file or directory Feb 8 14:19:22 fs1 timsieved[9785]: add_plugin(/usr/local/lib/sasl/libkerberos4.so) failed: generic failure Feb 8 14:19:23 fs1 timsieved[9785]: badlogin: fs1.p.flipdog.com[10.69.2.71] DIGEST-MD5 -13 unable to get user's secret In imapd.conf I have sasl_pwcheck_method: LDAP and the appropriate settings for the ldap server. Where do I modify settings for timsieved? I would like to do ldap/pam_ldap auth with it as well. Unless you have a need for the non-plaintext mechanisms, try removing these plugins. Sieveshell will try to use the best (highest SSF) mechanism that it finds. If you only have PLAIN and/or LOGIN installed, it will have no choice but to use one of these, which should then use your PAM config. In SASL v2.1 you can use the 'mech_list' option in the SASL conf file to limit which mechs will be offered by the service. In either case, we probably should add a --auth option to sieveshell, just like cyradm. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
RE: sieve authentication
Unless you have a need for the non-plaintext mechanisms, try removing these plugins. Sieveshell will try to use the best (highest SSF) mechanism that it finds. If you only have PLAIN and/or LOGIN installed, it will have no choice but to use one of these, which should then use your PAM config. On my system, cyradm uses DIGEST-MD5 and succeeds, while sieveshell uses DIGEST-MD5 and fails.
RE: sieve authentication
For the last four months or so I haven't been able to get sieveshell to authenticate, no matter what I try. The fact that cyradm authenticates just fine makes me suspect it's something about sieve ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Justin Wood Sent: Friday, February 08, 2002 15:39 To: [EMAIL PROTECTED] Subject: sieve authentication I recently installed cyrus-imapd 2.0.16 w/ cyrus-sasl 1.5.27 on FreeBSD 4.5-RELEASE (from the ports tree). I managed to get imapd auth working just fine, but when I try to install a sieve script using installsieve, I get the following messages in syslog: Feb 8 14:19:22 fs1 timsieved[9785]: KERBEROS_V4: can't access srvtab file /etc/srvtab: No such file or directory Feb 8 14:19:22 fs1 timsieved[9785]: add_plugin(/usr/local/lib/sasl/libkerberos4.so) failed: generic failure Feb 8 14:19:23 fs1 timsieved[9785]: badlogin: fs1.p.flipdog.com[10.69.2.71] DIGEST-MD5 -13 unable to get user's secret In imapd.conf I have sasl_pwcheck_method: LDAP and the appropriate settings for the ldap server. Where do I modify settings for timsieved? I would like to do ldap/pam_ldap auth with it as well. Thanks in advance, Justin. -- -- Justin Wood [EMAIL PROTECTED] Systems Administrator FlipDog.comhttp://www.flipdog.com/ --
Sieve authentication problem.
Hi there, I have had no response to this message I have posted a week back so I'm giving it another bash. I have recently installed and configured cyrus-imapd-1.6.24 to run on a HP 9000 (HP-UX 10.20) All is working well and I'd now like to enhance the setup through the implimentation of sieve filters. I'm having problems with sieve authentication when I try to list or add filters. I'm using the unix password file for imap authentication. From the archives it would appear that the sieve authentication is a known bug for which no fix exist (yet?) under release 1.6.24 sasl_pwcheck_method: passwd Here is the command I use to try and add a filter: installsieve -i filter -m passwd -u hennie localhost I get the following error without being prompted for a password: Authentication failed. Is this a known bug ? Anyone using this feature under this release ? Is there a fix available ? Please help ! Regards, Hennie
