Re: sieve doesn't work [auf Viren überprüft]
On 2006-09-05 at 19:05 +0200, Martin G.H. Minkler wrote: Nobody any ideas? Am I the only one on debian sarge who's sieve doesn't offer SASL login w/o TLS and sieve_sasl_minimum_layer=0? I'm not using Debian so can only offer generic advice and help. That's why I shut up before. When reading Andrew Morgan's post I found that the sasl modules had been split off, which made me realise just how different things are in Debian. You set allowplaintext true, you define the mechanisms, you've lowered sieve_sasl_minimum_layer, it should be fine. Does any of that change what you see when you telnet to port 2000? What happens if you use sieve instead of 2000 on the telnet command-line? Does it still connect? If not, /etc/services needs updating and any lookup caches (nscd?) should be flushed. Or is the option maybe called sasl_minimum_layer_sieve? No; the snippet of configuration which I provided was a cutpaste of working config I set for the internal IMAP service at work; unless support for service_option is version-dependent, it should be there. I used service-specific settings because when I tried using a different imapd.conf via a -C option in the service entry in cyrus.conf, and had that config @include the main config then override specific values, timsieved would crash. I think it was bus errors, but I forget. So I stuck to service_option. Is there any documentation on the sasl-options in imapd.conf? Yes. In the man-page for imapd.conf are various items such as sasl_minimum_layer, whilst the documentation for the cyrus-sasl package should include html/options.html, provided that the packaging for your OS doesn't strip documentation. You might want to look at more of the documentation from the cyrus-sasl package instead of cyrus-imapd. Any of the SASL options can be set directly in imapd.conf by prefixing sasl_ to the option name. -- Everything has three factors: politics, money, and the right way to do it. In that order. -- Gary Donahue Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sieve doesn't work [auf Viren überprüft]
On Tue, 5 Sep 2006, Martin G.H. Minkler wrote: Martin G.H. Minkler wrote: There will only be connections from localhost (as You can see in my config, sieve only listens to localhost) since if there will ever be a websieve or the like, it's going to run on the same machine. In you first post I can't see information about sasl and/or STARTTLS You are absolutely right, I do not get any sasl-methods and/or STARTTLS. I did use to get STARTTLS until I disabled it via the certificate-line. This just brings up more questions - how to I even enable sasl for sieve? Or is it enabled but not announced? From configuring postfix I know You can configure the MTA to only announce SASL after STARTTLS but this probably isn't the case here? If I can provide any more information, please let me know. Nobody any ideas? Am I the only one on debian sarge who's sieve doesn't offer SASL login w/o TLS and sieve_sasl_minimum_layer=0? Or is the option maybe called sasl_minimum_layer_sieve? Is there any documentation on the sasl-options in imapd.conf? I read the man pages for timsieved, cyrmaster and imapd.conf but didn't find anything useful. I run Cyrus on Debain Sarge. I use the Debian packages for the sasl libraries and modules, but I compile cyrus-imapd from source. The debian packages I have installed are: ii libsasl2 2.1.19-1.5sarg Authentication abstraction library ii libsasl2-dev 2.1.19-1.5sarg Development files for authentication abstrac ii libsasl2-modul 2.1.19-1.5sarg Pluggable Authentication Modules for SASL ii sasl2-bin 2.1.19-1.5sarg Programs for manipulating the SASL users dat In my /etc/imapd.conf file, I have the following sasl-related settings: allowplaintext: 1 sasl_mech_list: PLAIN sasl_minimum_layer: 0 sasl_pwcheck_method: saslauthd Andy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sieve doesn't work [auf Viren überprüft]
Martin G.H. Minkler wrote: There will only be connections from localhost (as You can see in my config, sieve only listens to localhost) since if there will ever be a websieve or the like, it's going to run on the same machine. In you first post I can't see information about sasl and/or STARTTLS You are absolutely right, I do not get any sasl-methods and/or STARTTLS. I did use to get STARTTLS until I disabled it via the certificate-line. This just brings up more questions - how to I even enable sasl for sieve? Or is it enabled but not announced? From configuring postfix I know You can configure the MTA to only announce SASL after STARTTLS but this probably isn't the case here? If I can provide any more information, please let me know. Nobody any ideas? Am I the only one on debian sarge who's sieve doesn't offer SASL login w/o TLS and sieve_sasl_minimum_layer=0? Or is the option maybe called sasl_minimum_layer_sieve? Is there any documentation on the sasl-options in imapd.conf? I read the man pages for timsieved, cyrmaster and imapd.conf but didn't find anything useful. Martin Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sieve doesn't work [auf Viren überprüft]
Hans Moser schrieb: Hi! Martin G.H. Minkler schrieb: After reloading and even restarting cyrus with the changes to the sieveshell die line and the imapd.conf in place as suggested, I still get the same (slighty longer but unfortunately no more informative) error message from sieveshell: unable to connect to server () at /usr/bin/sieveshell line 174. Can you doublecheck your changes to managesieve? Do I need to restart saslauthd to re-read the config from /etc/imapd.conf? You don't use saslauthd at all, as I can see from your config, you use auxprop + sasldb2... With this you could use CRAM-MD5 and DIGEST-MD5 as well. Perhaps you could change sasl_mech_list: sasl_mech_list: DIGEST-MD5 CRAM-MD5 PLAIN LOGIN There will only be connections from localhost (as You can see in my config, sieve only listens to localhost) since if there will ever be a websieve or the like, it's going to run on the same machine. In you first post I can't see information about sasl and/or STARTTLS You are absolutely right, I do not get any sasl-methods and/or STARTTLS. I did use to get STARTTLS until I disabled it via the certificate-line. This just brings up more questions - how to I even enable sasl for sieve? Or is it enabled but not announced? From configuring postfix I know You can configure the MTA to only announce SASL after STARTTLS but this probably isn't the case here? If I can provide any more information, please let me know. TIA Martin Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sieve doesn't work [auf Viren überprüft]
Hi! Martin G.H. Minkler schrieb: After reloading and even restarting cyrus with the changes to the sieveshell die line and the imapd.conf in place as suggested, I still get the same (slighty longer but unfortunately no more informative) error message from sieveshell: unable to connect to server () at /usr/bin/sieveshell line 174. Can you doublecheck your changes to managesieve? Do I need to restart saslauthd to re-read the config from /etc/imapd.conf? You don't use saslauthd at all, as I can see from your config, you use auxprop + sasldb2... With this you could use CRAM-MD5 and DIGEST-MD5 as well. Perhaps you could change sasl_mech_list: sasl_mech_list: DIGEST-MD5 CRAM-MD5 PLAIN LOGIN Is there maybe an alternative to sieveshell? Telneting sieve seems to return such a correct response... In you first post I can't see information about sasl and/or STARTTLS Here is what I get: IMPLEMENTATION Cyrus timsieved v2.2.12 SASL LOGIN PLAIN DIGEST-MD5 CRAM-MD5 SIEVE fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex STARTTLS OK Hans Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html