timsieved does not recognize CHECKSCRIPT
Hello! It seems that the version "Cyrus timsieved git2.4.17+0-Debian-2.4.17+nocaldav-0+deb8u2" does not recognize the CHECKSCRIPT command. I encountered it when I installed a software and SIEVE scripts remotely didn't work. The followong protocol was followed: telnet mail 4190 Trying 2001:6b0:27:ff::c... Connected to mail.irf.se. Escape character is '^]'. "IMPLEMENTATION" "Cyrus timsieved git2.4.17+0-Debian-2.4.17+nocaldav-0+deb8u2" "SASL" "PLAIN" "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify include env" "STARTTLS" "UNAUTHENTICATE" OK AUTHENTICATE "PLAIN" {24+} AG1hdHNsAHZsJSZBbTQ1Ng== OK LISTSCRIPTS "ingo" "rainloop.user" "default" OK CHECKSCRIPT {266+} NO "Expected a command. Got something else." Can this be a bug? /Regards Mats -- Mats Luspa Phone: +46 (0)980 79 022 Cellular phone: +46 (0)725813330 Institutet för rymdfysik Fax: +46 (0)980 79 050 Swedish Institute of Space Physics email: ma...@irf.se Visiting/Delivery address: Rymdcampus 1, SE-981 92 Kiruna Postal address: Box 812, SE-981 28 Kiruna -- PGP Public Key: https://www.irf.se/pgp/matsl Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: NOAUTHENTICATION problem with timsieved
On 08/06/12 11:53 +0200, Riccardo Veraldi wrote: >Hello, >i have troubles with timsieved belonging to cyrus-imapd version 2.4.13 > >with version 2.4.10 I didn't have this problem. > >it is impossible for me to authenticate on timsieved: > >Trying 127.0.0.1... >Connected to localhost. >Escape character is '^]'. >"IMPLEMENTATION" "Cyrus timsieved v2.4.13-Invoca-RPM-2.4.13-CNAF_1.el6" >"SASL" "" >"SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags >notify envelope relational regex subaddress copy" >"STARTTLS" >"UNAUTHENTICATE" >OK > > >I see the UNAUTHENTICATE string which I never seen in previous timsieved >installation. UNAUTHENTICATE support was added in version 2.4.11, and is defined in RFC 5804. It's purpose appears to support returning to an unauthenticated state after successful authentication. I suspect that it is unrelated, unless there was some bug introduced within it. >managesieve plugins give me errors like this > >[06-Aug-2012 11:52:16] No supported authentication method found. The >server supports these methods: , but we want to use: PLAIN (): > > >basically no authentication method is supported inside timsieved. > >this is my imapd.conf > >configdirectory: /var/lib/imap >partition-default: /var/spool/imap >admins: cyrus >sievedir: /var/lib/imap/sieve >sendmail: /usr/sbin/sendmail >hashimapspool: true >allowplaintext: false >allowusermoves: true >sasl_pwcheck_method: saslauthd >sasl_mech_list: PLAIN LOGIN >tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem >tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem >tls_ca_file: /etc/pki/tls/certs/CA.pem Verify that this system has support for PLAIN and LOGIN. Run pluginviewer to verify that those mechanisms are installed. allowplaintext may need to be true, unless you are protecting the session with tls. >and this is my cyrus.conf > > >START { > # do not delete this entry! > recovercmd="ctl_cyrusdb -r" > > # this is only necessary if using idled for IMAP IDLE > idledcmd="idled" >} > ># UNIX sockets start with a slash and are put into /var/lib/imap/sockets >SERVICES { > # add or remove based on preferences > imapcmd="imapd" listen="localhost:imap" prefork=5 > imapscmd="imapd -s" listen="imaps" prefork=1 ># pop3cmd="pop3d" listen="pop3" prefork=3 > pop3scmd="pop3d -s" listen="pop3s" prefork=1 > sievecmd="timsieved" listen="127.0.0.1:sieve-filter" prefork=1 > > # these are only necessary if receiving/exporting usenet via NNTP ># nntpcmd="nntpd" listen="nntp" prefork=3 ># nntpscmd="nntpd -s" listen="nntps" prefork=1 > > # at least one LMTP is required for delivery ># lmtpcmd="lmtpd" listen="lmtp" prefork=0 > lmtpunixcmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1 > > # this is only necessary if using notifications ># notifycmd="notifyd" listen="/var/lib/imap/socket/notify" >proto="udp" prefork=1 >} > >EVENTS { > # this is required > checkpointcmd="ctl_cyrusdb -c" period=30 > > # this is only necessary if using duplicate delivery suppression, > # Sieve or NNTP > delprunecmd="cyr_expire -D 7 -E 3 -X 7" at=0400 > > # this is only necessary if caching TLS sessions > tlsprunecmd="tls_prune" at=0400 >} -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
NOAUTHENTICATION problem with timsieved
Hello, i have troubles with timsieved belonging to cyrus-imapd version 2.4.13 with version 2.4.10 I didn't have this problem. it is impossible for me to authenticate on timsieved: Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. "IMPLEMENTATION" "Cyrus timsieved v2.4.13-Invoca-RPM-2.4.13-CNAF_1.el6" "SASL" "" "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy" "STARTTLS" "UNAUTHENTICATE" OK I see the UNAUTHENTICATE string which I never seen in previous timsieved installation. managesieve plugins give me errors like this [06-Aug-2012 11:52:16] No supported authentication method found. The server supports these methods: , but we want to use: PLAIN (): basically no authentication method is supported inside timsieved. this is my imapd.conf configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true allowplaintext: false allowusermoves: true sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN LOGIN tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_ca_file: /etc/pki/tls/certs/CA.pem and this is my cyrus.conf START { # do not delete this entry! recovercmd="ctl_cyrusdb -r" # this is only necessary if using idled for IMAP IDLE idledcmd="idled" } # UNIX sockets start with a slash and are put into /var/lib/imap/sockets SERVICES { # add or remove based on preferences imapcmd="imapd" listen="localhost:imap" prefork=5 imapscmd="imapd -s" listen="imaps" prefork=1 # pop3cmd="pop3d" listen="pop3" prefork=3 pop3scmd="pop3d -s" listen="pop3s" prefork=1 sievecmd="timsieved" listen="127.0.0.1:sieve-filter" prefork=1 # these are only necessary if receiving/exporting usenet via NNTP # nntpcmd="nntpd" listen="nntp" prefork=3 # nntpscmd="nntpd -s" listen="nntps" prefork=1 # at least one LMTP is required for delivery # lmtpcmd="lmtpd" listen="lmtp" prefork=0 lmtpunixcmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1 # this is only necessary if using notifications # notifycmd="notifyd" listen="/var/lib/imap/socket/notify" proto="udp" prefork=1 } EVENTS { # this is required checkpointcmd="ctl_cyrusdb -c" period=30 # this is only necessary if using duplicate delivery suppression, # Sieve or NNTP delprunecmd="cyr_expire -D 7 -E 3 -X 7" at=0400 # this is only necessary if caching TLS sessions tlsprunecmd="tls_prune" at=0400 } anyone could give me a hint on why timsieved behaves in this way ? thank you Rick Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
timsieved and lmtpd proxies get stuck after backend failure
Hi! Last Friday, one of the nodes in our Cyrus cluster got stuck, with apparently only some parts of the network layer up (answered to ping, carried around the RedHat cluster token). The Cyrus services were down for ~20 minutes before being started in an another node. What surprised me was the behaviour of the timsieved and lmtpd proxies in our Murder frontends. When the backend failed, the proxies with an open connection there got stuck, too. And there were many of them created; so many, in fact, that the limit of lmtpd / timsieved processes was reached. (I'm still not sure how that happened, since we certainly didn't have that many simultaneous sieve sessions going on at that time. LMTP sessions I could almost believe; the amount of email traffic here is considerable.) However, the proxies remained stuck. On Friday, I tried to do some investigation, and apparently, they were stuck on a read on the TCP socket. As I didn't think of anything else to do, I killed the lmtpd proxies (normally, that is, with signal 15), and that got the lmtp service running again (cyrus master on the frontend was able to create new lmtpd processes again). But I noticed the stuck Sieve processes only today; they'd been stuck on their sockets since Friday. I wonder why the read apparently never times out? I'm sorry I cannot provide any more exact data than this. My first priority was to get our Cyrus installation up and running. --Janne -- Janne Peltonen PGP Key ID: 0x9CFAC88B Please consider membership of the Hospitality Club (http://www.hospitalityclub.org) Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
serverinfo: off does not work for timsieved
I am using cyrus-imap 2.4.6 If I set serverinfo: off in imapd.conf then the banner of cyrus is hidden for imap and pop But I think timsieved does not hide the banner [root@centos ~]# grep serverinfo /etc/imapd.conf serverinfo: off [root@centos ~]# telnet localhost 2000 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. "IMPLEMENTATION" "Cyrus timsieved v2.4.6-Invoca-RPM-2.4.6-3" "SASL" "PLAIN" "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy" "STARTTLS" OK Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Cyrus-imapd 2.3.14 - timsieved - Fedora 11-problem
On Sep 29, 2009, at 5:39 AM, Georg Stich wrote: > I use now a fresh installation wir php-pear-Net-Sieve 1.1.7 . > > Do i need install TLS /SSL Support on this System ( in postfix or > somewhere else ) If you have TLS enabled in Cyrus for sieve, then you'll need to make sure your PHP has TLS support. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus-imapd 2.3.14 - timsieved - Fedora 11-problem
Matt Selsky wrote: > On Sep 29, 2009, at 4:48 AM, Georg Stich wrote: > >> I tried to patch all files described in the Bug Tracker Horde and >> elsewhere. It doesnt. work. I got "Not in Authetication State" May be i >> am a little confused about all, hmm . >> Could anybody post a (simple) workaround or howto get running ingo 1.2.1 >> or 1.22 with cyrus-imapd 2.3.15-1.fc11 for fedora. >> >> I read the posting >> http://lists.roundcube.net/mail-archive/dev/2009-09/141.html >> about the broken Sieve implemetation. But i didn't found a workaround, >> also not for F11 > > What version of Net_Sieve do you have? For your version of Cyrus, you > either need Net_Sieve 1.1.7 or you need to apply the patch mentioned > at http://pear.php.net/bugs/bug.php?id=14205 > > Hi! Thanks for reply. I use now a fresh installation wir php-pear-Net-Sieve 1.1.7 . Do i need install TLS /SSL Support on this System ( in postfix or somewhere else ) Greeting Georg Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus-imapd 2.3.14 - timsieved - Fedora 11-problem
On Sep 29, 2009, at 4:48 AM, Georg Stich wrote: > I tried to patch all files described in the Bug Tracker Horde and > elsewhere. It doesnt. work. I got "Not in Authetication State" May > be i > am a little confused about all, hmm . > Could anybody post a (simple) workaround or howto get running ingo > 1.2.1 > or 1.22 with cyrus-imapd 2.3.15-1.fc11 for fedora. > > I read the posting > http://lists.roundcube.net/mail-archive/dev/2009-09/141.html > about the broken Sieve implemetation. But i didn't found a workaround, > also not for F11 What version of Net_Sieve do you have? For your version of Cyrus, you either need Net_Sieve 1.1.7 or you need to apply the patch mentioned at http://pear.php.net/bugs/bug.php?id=14205 -- Matt Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus-imapd 2.3.14 - timsieved - Fedora 11-problem
Hello again ! I tried to patch all files described in the Bug Tracker Horde and elsewhere. It doesnt. work. I got "Not in Authetication State" May be i am a little confused about all, hmm . Could anybody post a (simple) workaround or howto get running ingo 1.2.1 or 1.22 with cyrus-imapd 2.3.15-1.fc11 for fedora. I read the posting http://lists.roundcube.net/mail-archive/dev/2009-09/141.html about the broken Sieve implemetation. But i didn't found a workaround, also not for F11 Thank you for your response! Georg Stich Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus-imapd 2.3.14 - timsieved - Fedora 11-problem
Quoting Georg Stich : Hi! Thank you. I added the lines to my Sieve.php (/usr/share/pear/Net/Sieve.php) Now ingo freezes. No information in the logs. We use Net_Sieve 1.1.6 with the Patch form the Horde Bug-Tracker and Ingo 1.2.1 Does the logfiles indecate that the ingo session was authenticated? Hmm, i found no entries about it, but if i use the wrong password: # sieveshell -u u...@dom.de -a u...@dom.de localhost in the log appear a: do_auth : auth failure: [user=u...@dom.de] [service=sieve] [realm=dom.de] [mech=pam] [reason=PAM auth error] so i think the authentication works. After sucsessful authentication you can use Cyrus telemetry-logging to debug this problem. Cyrus will log all send and recieved data for an observed account. Thanks Georg PS: Greetings from Esslingen / Echterdingen Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html M.MengeTel.: (49) 7071/29-70316 Universität Tübingen Fax.: (49) 7071/29-5912 Zentrum für Datenverarbeitung mail: michael.me...@zdv.uni-tuebingen.de Wächterstraße 76 72074 Tübingen smime.p7s Description: S/MIME krytographische Unterschrift Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus-imapd 2.3.14 - timsieved - Fedora 11-problem
>This error comes from pear Net_Sieve, and indicates that the Connection is >not in an Authenticated state. In this state you can upload scripts >for a syntax check, but you can't do much more. > >As one of the mails in the ingo Mailinglist indicates, this problem does not >exist in 2.3.11. The CAPABILITY handling after TLS changed in 2.3.12 and >caused some clients and libraries not working with cyrus. > >You may whant to have a look at the following bugs > >http://bugs.horde.org/ticket/6338 >http://pear.php.net/bugs/bug.php?id=14205 > Hi! Thank you. I added the lines to my Sieve.php (/usr/share/pear/Net/Sieve.php) Now ingo freezes. No information in the logs. > >> i did some tests.: >> >> # sivtest -v localhost -u cyrus -a cyrus >> S: "IMPLEMENTATION" "Cyrus timsieved v2.3.14-Fedora-RPM-2.3.14-1.fc11" >> S: "SASL" "LOGIN DIGEST-MD5" >> S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation >> imapflags notify envelope relational regex subaddress copy" >> S: "STARTTLS" >> S: OK >> C: AUTHENTICATE "DIGEST-MD5" >> S: {252} > >> C: CAPABILITY >> S: "IMPLEMENTATION" "Cyrus timsieved v2.3.14-Fedora-RPM-2.3.14-1.fc11" >> S: "SASL" "LOGIN DIGEST-MD5" >> S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation >> imapflags notify envelope relational regex subaddress copy" >> S: OK >> > >Does the logfiles indecate that the ingo session was authenticated? Hmm, i found no entries about it, but if i use the wrong password: # sieveshell -u u...@dom.de -a u...@dom.de localhost in the log appear a: do_auth : auth failure: [user=u...@dom.de] [service=sieve] [realm=dom.de] [mech=pam] [reason=PAM auth error] so i think the authentication works. Thanks Georg PS: Greetings from Esslingen / Echterdingen Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus-imapd 2.3.14 - timsieved - Fedora 11-problem
Hi, Quoting mail_l...@computer-gott.de: Hi all ! on my installation , there's a problem with timsieved and horde-app "INGO". i don´t know if cyrus or horde causses this problem, so there ist also an similiar thread on lists.horde.org I am using Cyrus-imapd with webcyradm, mysql, amavisd, spamassasin, horde, clamd, postfix, postgrey,dcc, razo, pyzor. I installed all packages on Fedora 11 and it works fine, only the INGO app won´t work. INGO is an ap to activate and manipulate scripts for vacation or filtering with sieve ( in this case: timsieved). I get an "Not ins TRANSACTION state"if i try to activate any script. So the app can´t communicate with timsieved. This error comes from pear Net_Sieve, and indicates that the Connection is not in an Authenticated state. In this state you can upload scripts for a syntax check, but you can't do much more. As one of the mails in the ingo Mailinglist indicates, this problem does not exist in 2.3.11. The CAPABILITY handling after TLS changed in 2.3.12 and caused some clients and libraries not working with cyrus. You may whant to have a look at the following bugs http://bugs.horde.org/ticket/6338 http://pear.php.net/bugs/bug.php?id=14205 i did some tests.: # sivtest -v localhost -u cyrus -a cyrus S: "IMPLEMENTATION" "Cyrus timsieved v2.3.14-Fedora-RPM-2.3.14-1.fc11" S: "SASL" "LOGIN DIGEST-MD5" S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy" S: "STARTTLS" S: OK C: AUTHENTICATE "DIGEST-MD5" S: {252} S: bm9uY2U9IkNkU0w2TllXbnkvMURUNEhmYXVEZXQwLHJjNC01NixyYzQsZGVzLDNkZXMiLG1heGJ1Zj00MDk2LGNoYXJzZXQ9dXRmLTgsYWxnb3JpdGhtPW1kNS1zZXNz Please enter your password: C: {356+} C: dXNlcm5h...c0VGEwPSIsbmM9MDAwMDAwMDEscW9wPWF1dGgtY29uZixjaXBoZXI9cmM0LG1heGJ1Zj0xMDI0LGRpZ2VzdC11cmk9In.zZT04MjFiYzM5NzA4OTU2MzgzYTVkODg2MGY4NGEwZjI2NA== S: OK (SASL "cnNwYXV0a...MTY5ND...hNg==") Authenticated. Security strength factor: 128 Asking for capabilities again since they might have changed C: CAPABILITY S: "IMPLEMENTATION" "Cyrus timsieved v2.3.14-Fedora-RPM-2.3.14-1.fc11" S: "SASL" "LOGIN DIGEST-MD5" S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy" S: OK Does the logfiles indecate that the ingo session was authenticated? M.MengeTel.: (49) 7071/29-70316 Universität Tübingen Fax.: (49) 7071/29-5912 Zentrum für Datenverarbeitung mail: michael.me...@zdv.uni-tuebingen.de Wächterstraße 76 72074 Tübingen smime.p7s Description: S/MIME krytographische Unterschrift Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus-imapd 2.3.14 - timsieved - Fedora 11-problem
Hi all ! on my installation , there's a problem with timsieved and horde-app "INGO". i don´t know if cyrus or horde causses this problem, so there ist also an similiar thread on lists.horde.org I am using Cyrus-imapd with webcyradm, mysql, amavisd, spamassasin, horde, clamd, postfix, postgrey,dcc, razo, pyzor. I installed all packages on Fedora 11 and it works fine, only the INGO app won´t work. INGO is an ap to activate and manipulate scripts for vacation or filtering with sieve ( in this case: timsieved). I get an "Not ins TRANSACTION state"if i try to activate any script. So the app can´t communicate with timsieved. i did some tests.: # sivtest -v localhost -u cyrus -a cyrus S: "IMPLEMENTATION" "Cyrus timsieved v2.3.14-Fedora-RPM-2.3.14-1.fc11" S: "SASL" "LOGIN DIGEST-MD5" S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy" S: "STARTTLS" S: OK C: AUTHENTICATE "DIGEST-MD5" S: {252} S: bm9uY2U9IkNkU0w2TllXbnkvMURUNEhmYXVEZXQwLHJjNC01NixyYzQsZGVzLDNkZXMiLG1heGJ1Zj00MDk2LGNoYXJzZXQ9dXRmLTgsYWxnb3JpdGhtPW1kNS1zZXNz Please enter your password: C: {356+} C: dXNlcm5h...c0VGEwPSIsbmM9MDAwMDAwMDEscW9wPWF1dGgtY29uZixjaXBoZXI9cmM0LG1heGJ1Zj0xMDI0LGRpZ2VzdC11cmk9In.zZT04MjFiYzM5NzA4OTU2MzgzYTVkODg2MGY4NGEwZjI2NA== S: OK (SASL "cnNwYXV0a...MTY5ND...hNg==") Authenticated. Security strength factor: 128 Asking for capabilities again since they might have changed C: CAPABILITY S: "IMPLEMENTATION" "Cyrus timsieved v2.3.14-Fedora-RPM-2.3.14-1.fc11" S: "SASL" "LOGIN DIGEST-MD5" S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy" S: OK # ps fax | grep sieve 18744 pts/0S+ 0:00 \_ grep sieve 18651 ?S 0:00 \_ timsieved 18659 ?S 0:00 \_ timsieved # telnet localhost 2000 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. "IMPLEMENTATION" "Cyrus timsieved v2.3.14-Fedora-RPM-2.3.14-1.fc11" "SASL" "LOGIN DIGEST-MD5" "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy" "STARTTLS" OK #cat /etc/cyrus conf | grep sieve sieve cmd="timsieved" listen="sieve" prefork=1 So, the daemon ist running. Maybe there is a also or just only problem with the pear net_sieve. Cause of requirements, i am not allowed to use a newer version of cyrus-imapd. Where is the problem ? Thanks Georg Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: How to test timsieved
Dan White schreef: > I just did some quick testing on my system and cannot authenticate to > timsieved as a user who's mailbox does not exist. > > I have a mailbox for dwh...@olp.net, but not dwhite. Here's the results of > a few tests: > > Works: > imtest -a dwhite -m PLAIN localhost > imtest -a dwh...@olp.net -m PLAIN localhost > sivtest -a dwh...@olp.net -m PLAIN localhost > > Doesn't work: > sivtest -a dwhite -m PLAIN localhost > > Based on that, I'm assuming that a mailbox for paul needs to exist to > authenticate. Is that that the case? Ah, that was the problem ;-) Mail for user paul on this machine is forwarded to somewhere else, so there is no mailbox for this user... When I did test it as another user, there was no problem. Only a wrong test. Many thanks for your help. With regards, Paul van der Vlis. -- http://www.vandervlis.nl/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: How to test timsieved
On 14/08/09 09:59 +0200, Paul van der Vlis wrote: Dan White schreef: I used the "-d" option in /etc/default/saslauthd and restarted saslauthd. In another terminal I tried sivtest, where the authentication was wrong. But, in the debug I see that the authentication was OK for saslauthd. - p...@sigmund:/root$ sivtest -v localhost S: "IMPLEMENTATION" "Cyrus timsieved v2.1.18-IPv6-Debian-2.1.18-5.1" S: "SASL" "PLAIN" S: "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational regex" S: "STARTTLS" S: OK Please enter your password: C: AUTHENTICATE "PLAIN" {20+} AHBhdWwAZXJ1NGJjZw== S: NO "Authentication Error" Authentication failed. generic failure Security strength factor: 0 - -- sigmund:/etc/pam.d# /etc/init.d/saslauthd restart Restarting SASL Authentication Daemon: saslauthdsaslauthd[29778] :main : num_procs : 5 saslauthd[29778] :main: mech_option: NULL saslauthd[29778] :main: run_path : /var/run/saslauthd saslauthd[29778] :main: auth_mech : pam saslauthd[29778] :cache_alloc_mm : mmaped shared memory segment on file: /var/run/saslauthd/cache.mmap saslauthd[29778] :cache_init : bucket size: 92 bytes saslauthd[29778] :cache_init : stats size : 36 bytes saslauthd[29778] :cache_init : timeout: 28800 seconds saslauthd[29778] :cache_init : cache table: 944764 total bytes saslauthd[29778] :cache_init : cache table: 1711 slots saslauthd[29778] :cache_init : cache table: 10266 buckets saslauthd[29778] :cache_init_lock : flock file opened at /var/run/saslauthd/cache.flock saslauthd[29778] :ipc_init: using accept lock file: /var/run/saslauthd/mux.accept saslauthd[29778] :detach_tty : master pid is: 0 saslauthd[29778] :ipc_init: listening on socket: /var/run/saslauthd/mux saslauthd[29778] :main: using process model saslauthd[29779] :get_accept_lock : acquired accept lock saslauthd[29778] :have_baby : forked child: 29779 saslauthd[29778] :have_baby : forked child: 29780 saslauthd[29778] :have_baby : forked child: 29781 saslauthd[29778] :have_baby : forked child: 29782 saslauthd[29779] :rel_accept_lock : released accept lock saslauthd[29780] :get_accept_lock : acquired accept lock saslauthd[29779] :cache_get_rlock : attempting a read lock on slot: 1682 saslauthd[29779] :cache_lookup: [login=paul] [service=] [realm=sieve]: not found, update pending saslauthd[29779] :cache_un_lock : attempting to release lock on slot: 1682 saslauthd[29779] :cache_get_wlock : attempting a write lock on slot: 1682 saslauthd[29779] :cache_commit: lookup committed saslauthd[29779] :cache_un_lock : attempting to release lock on slot: 1682 saslauthd[29779] :do_auth : auth success: [user=paul] [service=sieve] [realm=] [mech=pam] saslauthd[29779] :do_request : response: OK -- I just did some quick testing on my system and cannot authenticate to timsieved as a user who's mailbox does not exist. I have a mailbox for dwh...@olp.net, but not dwhite. Here's the results of a few tests: Works: imtest -a dwhite -m PLAIN localhost imtest -a dwh...@olp.net -m PLAIN localhost sivtest -a dwh...@olp.net -m PLAIN localhost Doesn't work: sivtest -a dwhite -m PLAIN localhost Based on that, I'm assuming that a mailbox for paul needs to exist to authenticate. Is that that the case? -- Dan White signature.asc Description: Digital signature Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: How to test timsieved
Dan White schreef: > On 13/08/09 16:56 +0200, Paul van der Vlis wrote: >>>> Aug 13 11:27:40 sigmund saslauthd[12960]: do_auth : auth >>>> failure: [user=root] [service=sieve] [realm=] [mech=pam] [reason=PAM >>>> auth error] >>>> >>> >>> testsaslauthd -u username -p password >>> testsaslauthd -u username -p password -s sieve >>> testsaslauthd -u username -p password -s imap >>> >>> Do you get different answers? >> >> No, they give all: 0: OK "Success." when I do it as root or as user >> cyrus. >> >> But when I execute "testsaslauthd" as another user, it fails with a >> "connect() : Permission denied". >> But this is also the case on the other machine what works correct. > > It looks like you're configured to allow members of the sasl group to > access the saslauthd mux, so that error is to be expected. > >> sasl_mech_list: PLAIN >> sasl_minimum_layer: 0 >> #sasl_maximum_layer: 256 >> sasl_pwcheck_method: saslauthd >> #sasl_auxprop_plugin: sasldb >> sasl_auto_transition: no >> >> /etc/default/saslauthd: >> START=yes >> MECHANISMS="pam" >> MECH_OPTIONS="" >> THREADS=5 >> OPTIONS="-c" >> >> Maybe this is important: >> sigmund:~# ls -ld /var/run/saslauthd >> lrwxrwxrwx 1 root root 37 2009-07-22 14:01 /var/run/saslauthd -> >> /var/spool/postfix/var/run/saslauthd/ >> sigmund:~# ls -ld /var/spool/postfix/var/run/saslauthd/ >> drwx--x--- 2 root sasl 200 2009-07-22 14:02 >> /var/spool/postfix/var/run/saslauthd/ >> sigmund:~# ls -l /var/spool/postfix/var/run/saslauthd/ >> total 929 >> -rw--- 1 root root 0 2009-07-22 14:02 cache.flock >> -rw--- 1 root root 945152 2009-07-22 14:02 cache.mmap >> srwxrwxrwx 1 root root 0 2009-07-22 14:02 mux >> -rw--- 1 root root 0 2009-07-22 14:02 mux.accept >> -rw--- 1 root root 6 2009-07-22 14:02 saslauthd.pid > > Looks fine. > > I wonder if timsieved is calling saslauthd with different options, > like with a realm. > > I'd be curious what you're seeing when saslauthd is in debug mode. I used the "-d" option in /etc/default/saslauthd and restarted saslauthd. In another terminal I tried sivtest, where the authentication was wrong. But, in the debug I see that the authentication was OK for saslauthd. - p...@sigmund:/root$ sivtest -v localhost S: "IMPLEMENTATION" "Cyrus timsieved v2.1.18-IPv6-Debian-2.1.18-5.1" S: "SASL" "PLAIN" S: "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational regex" S: "STARTTLS" S: OK Please enter your password: C: AUTHENTICATE "PLAIN" {20+} AHBhdWwAZXJ1NGJjZw== S: NO "Authentication Error" Authentication failed. generic failure Security strength factor: 0 - -- sigmund:/etc/pam.d# /etc/init.d/saslauthd restart Restarting SASL Authentication Daemon: saslauthdsaslauthd[29778] :main : num_procs : 5 saslauthd[29778] :main: mech_option: NULL saslauthd[29778] :main: run_path : /var/run/saslauthd saslauthd[29778] :main: auth_mech : pam saslauthd[29778] :cache_alloc_mm : mmaped shared memory segment on file: /var/run/saslauthd/cache.mmap saslauthd[29778] :cache_init : bucket size: 92 bytes saslauthd[29778] :cache_init : stats size : 36 bytes saslauthd[29778] :cache_init : timeout: 28800 seconds saslauthd[29778] :cache_init : cache table: 944764 total bytes saslauthd[29778] :cache_init : cache table: 1711 slots saslauthd[29778] :cache_init : cache table: 10266 buckets saslauthd[29778] :cache_init_lock : flock file opened at /var/run/saslauthd/cache.flock saslauthd[29778] :ipc_init: using accept lock file: /var/run/saslauthd/mux.accept saslauthd[29778] :detach_tty : master pid is: 0 saslauthd[29778] :ipc_init: listening on socket: /var/run/saslauthd/mux saslauthd[29778] :main: using process model saslauthd[29779] :get_accept_lock : acquired accept lock saslauthd[29778] :have_baby : forked child: 29779 saslauthd[29778] :have_baby : forked child: 29780 saslauthd[29778] :have_baby : forked child: 29781 saslauthd[29778] :have_baby : forked child: 29782 saslauthd[29779] :rel_accept_lock : released accept lock saslauthd[29780] :get_accept_lock : acquired accept lock saslauthd[29779] :cache_get_rlock : attempting a read lock on slot: 1682 saslauthd[29779] :cache_lookup: [login=paul] [service=] [realm=sieve]: not found, update pending saslauthd[29779] :cache_un_lock : attempting to release lock on slot: 1682
Re: How to test timsieved
On 13/08/09 16:56 +0200, Paul van der Vlis wrote: Aug 13 11:27:40 sigmund saslauthd[12960]: do_auth : auth failure: [user=root] [service=sieve] [realm=] [mech=pam] [reason=PAM auth error] testsaslauthd -u username -p password testsaslauthd -u username -p password -s sieve testsaslauthd -u username -p password -s imap Do you get different answers? No, they give all: 0: OK "Success." when I do it as root or as user cyrus. But when I execute "testsaslauthd" as another user, it fails with a "connect() : Permission denied". But this is also the case on the other machine what works correct. It looks like you're configured to allow members of the sasl group to access the saslauthd mux, so that error is to be expected. sasl_mech_list: PLAIN sasl_minimum_layer: 0 #sasl_maximum_layer: 256 sasl_pwcheck_method: saslauthd #sasl_auxprop_plugin: sasldb sasl_auto_transition: no /etc/default/saslauthd: START=yes MECHANISMS="pam" MECH_OPTIONS="" THREADS=5 OPTIONS="-c" Maybe this is important: sigmund:~# ls -ld /var/run/saslauthd lrwxrwxrwx 1 root root 37 2009-07-22 14:01 /var/run/saslauthd -> /var/spool/postfix/var/run/saslauthd/ sigmund:~# ls -ld /var/spool/postfix/var/run/saslauthd/ drwx--x--- 2 root sasl 200 2009-07-22 14:02 /var/spool/postfix/var/run/saslauthd/ sigmund:~# ls -l /var/spool/postfix/var/run/saslauthd/ total 929 -rw--- 1 root root 0 2009-07-22 14:02 cache.flock -rw--- 1 root root 945152 2009-07-22 14:02 cache.mmap srwxrwxrwx 1 root root 0 2009-07-22 14:02 mux -rw--- 1 root root 0 2009-07-22 14:02 mux.accept -rw--- 1 root root 6 2009-07-22 14:02 saslauthd.pid Looks fine. I wonder if timsieved is calling saslauthd with different options, like with a realm. I'd be curious what you're seeing when saslauthd is in debug mode. -- Dan White signature.asc Description: Digital signature Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: How to test timsieved
On Thu, Aug 13, 2009 at 08:58:50AM -0500, Dan White wrote: > On 13/08/09 12:01 +0200, Paul van der Vlis wrote: > >Duncan Gibb schreef: > >>Paul van der Vlis wrote: > >> > >>>C: AUTHENTICATE "PLAIN" {16+} > >>>AHBhdWwAZXJ1NGJj > >> > >>I hope you changed your password after you posted that ;-) > > Let me echo that statement, since it looks like you're logging in as root! > Your password is now publicly known. How did you get that? That decodes to username "paul". > >Aug 13 11:27:40 sigmund cyrus/timsieved[16455]: badlogin: > >localhost[127.0.0.1] PLAIN authentication failure > > > >Aug 13 11:27:40 sigmund saslauthd[12960]: do_auth : auth > >failure: [user=root] [service=sieve] [realm=] [mech=pam] [reason=PAM > >auth error] Oh yeah, this bit. Guess something's not configured correctly to talk with PAM. Bron. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: How to test timsieved
Dan White schreef: > On 13/08/09 12:01 +0200, Paul van der Vlis wrote: >> Duncan Gibb schreef: >>> Paul van der Vlis wrote: >>> >>>> C: AUTHENTICATE "PLAIN" {16+} >>>> AHBhdWwAZXJ1NGJj >>> >>> I hope you changed your password after you posted that ;-) > > Let me echo that statement, since it looks like you're logging in as root! > Your password is now publicly known. I did change the password (and it was not the root-password). >> Aug 13 11:27:40 sigmund cyrus/timsieved[16455]: badlogin: >> localhost[127.0.0.1] PLAIN authentication failure >> >> Aug 13 11:27:40 sigmund saslauthd[12960]: do_auth : auth >> failure: [user=root] [service=sieve] [realm=] [mech=pam] [reason=PAM >> auth error] >> > > Try: > > testsaslauthd -u username -p password > testsaslauthd -u username -p password -s sieve > testsaslauthd -u username -p password -s imap > > Do you get different answers? No, they give all: 0: OK "Success." when I do it as root or as user cyrus. But when I execute "testsaslauthd" as another user, it fails with a "connect() : Permission denied". But this is also the case on the other machine what works correct. > If not, can you include the output of 'grep sasl /etc/imapd.conf'? > (assuming there is no sensitive information), and the contents of your > /etc/default/saslauthd? sasl_mech_list: PLAIN sasl_minimum_layer: 0 #sasl_maximum_layer: 256 sasl_pwcheck_method: saslauthd #sasl_auxprop_plugin: sasldb sasl_auto_transition: no /etc/default/saslauthd: START=yes MECHANISMS="pam" MECH_OPTIONS="" THREADS=5 OPTIONS="-c" Maybe this is important: sigmund:~# ls -ld /var/run/saslauthd lrwxrwxrwx 1 root root 37 2009-07-22 14:01 /var/run/saslauthd -> /var/spool/postfix/var/run/saslauthd/ sigmund:~# ls -ld /var/spool/postfix/var/run/saslauthd/ drwx--x--- 2 root sasl 200 2009-07-22 14:02 /var/spool/postfix/var/run/saslauthd/ sigmund:~# ls -l /var/spool/postfix/var/run/saslauthd/ total 929 -rw--- 1 root root 0 2009-07-22 14:02 cache.flock -rw--- 1 root root 945152 2009-07-22 14:02 cache.mmap srwxrwxrwx 1 root root 0 2009-07-22 14:02 mux -rw--- 1 root root 0 2009-07-22 14:02 mux.accept -rw--- 1 root root 6 2009-07-22 14:02 saslauthd.pid Thanks for your help! With regards, Paul van der Vlis. -- http://www.vandervlis.nl/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: How to test timsieved
On Thu, Aug 13, 2009 at 10:18:33AM +0100, Duncan Gibb wrote: > Paul van der Vlis wrote: > > > C: AUTHENTICATE "PLAIN" {16+} > > AHBhdWwAZXJ1NGJj > > I hope you changed your password after you posted that ;-) eru4bc - at least it's stronger than the average crappy passwords you see floating around. All lowercase though, and only one number... mine at least has an uppercase in there :) Bron ( just making the point that your password really was in the clear there, even if it looks obscured ) Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: How to test timsieved
On 13/08/09 12:01 +0200, Paul van der Vlis wrote: Duncan Gibb schreef: Paul van der Vlis wrote: C: AUTHENTICATE "PLAIN" {16+} AHBhdWwAZXJ1NGJj I hope you changed your password after you posted that ;-) Let me echo that statement, since it looks like you're logging in as root! Your password is now publicly known. Aug 13 11:27:40 sigmund cyrus/timsieved[16455]: badlogin: localhost[127.0.0.1] PLAIN authentication failure Aug 13 11:27:40 sigmund saslauthd[12960]: do_auth : auth failure: [user=root] [service=sieve] [realm=] [mech=pam] [reason=PAM auth error] Try: testsaslauthd -u username -p password testsaslauthd -u username -p password -s sieve testsaslauthd -u username -p password -s imap Do you get different answers? If not, can you include the output of 'grep sasl /etc/imapd.conf'? (assuming there is no sensitive information), and the contents of your /etc/default/saslauthd? What is your authentication backend? saslauthd -> pam -> unix In the pam modules for both imap and sieve I have: @include common-auth @include common-account -- Dan White signature.asc Description: Digital signature Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: How to test timsieved
Duncan Gibb schreef: > Paul van der Vlis wrote: > >> C: AUTHENTICATE "PLAIN" {16+} >> AHBhdWwAZXJ1NGJj > > I hope you changed your password after you posted that ;-) > >> S: NO "Authentication Error" >> Authentication failed. generic failure >> Security strength factor: 0 > > PvdV> Anybody here knows how to find-out why the > PvdV> authentication does not work? > > Assuming the Debian default logging config, have a look in > /var/log/mail.log for lines containing both "sieve" and "badlogin". Aug 13 11:27:40 sigmund cyrus/timsieved[16455]: badlogin: localhost[127.0.0.1] PLAIN authentication failure > If > that looks OK apart from "authentication failure", look at > /var/log/auth.log. Aug 13 11:27:40 sigmund saslauthd[12960]: do_auth : auth failure: [user=root] [service=sieve] [realm=] [mech=pam] [reason=PAM auth error] > PvdV> On another machine (with Cyrus 2.2) everything works fine. > > Then you can use the two configurations to compare. Yes, there is no big difference. > Does IMAP authentication on the _same_ machine work? Yes. > What settings are you using for (sieve_)allowplaintext and tls_*? I don't have a "sieve_allowplaintext", I have tried it with "yes", but it did not help. allowplaintext: yes I have the same problems with "tls_sieve_cert_file: disabled" or not, so I think the problem is not tls-related. > What is your authentication backend? saslauthd -> pam -> unix In the pam modules for both imap and sieve I have: @include common-auth @include common-account Thanks for your help. With regards, Paul van der Vlis. -- http://www.vandervlis.nl/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: How to test timsieved
Paul van der Vlis wrote: > C: AUTHENTICATE "PLAIN" {16+} > AHBhdWwAZXJ1NGJj I hope you changed your password after you posted that ;-) > S: NO "Authentication Error" > Authentication failed. generic failure > Security strength factor: 0 PvdV> Anybody here knows how to find-out why the PvdV> authentication does not work? Assuming the Debian default logging config, have a look in /var/log/mail.log for lines containing both "sieve" and "badlogin". If that looks OK apart from "authentication failure", look at /var/log/auth.log. PvdV> On another machine (with Cyrus 2.2) everything works fine. Then you can use the two configurations to compare. Does IMAP authentication on the _same_ machine work? What settings are you using for (sieve_)allowplaintext and tls_*? What is your authentication backend? Cheers Duncan -- Duncan Gibb - Technical Director Sirius Corporation plc - control through freedom http://www.siriusit.co.uk/ || t: +44 870 608 0063 Debian Cyrus Team - https://alioth.debian.org/projects/pkg-cyrus-imapd/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: How to test timsieved
Dave McMurtrie schreef: > Paul van der Vlis wrote: >> Hello, >> >> I am using a program called Ingo to manage my sieve-scripts. >> http://www.horde.org/ingo/ >> >> But it does not work anymore, when change a sieve script it says: >> >> Changes saved. >> There was an error activating the script. The driver said: >> "Authentication Error" >> ---- >> The rest of the (web)mail server works fine. >> >> The driver is timsieved. How can I test timsieved directly, so without >> Ingo? I will add some things at the end of the mail what I have >> allready tried. I think sieve accepts plain passwords. > > Try sivtest. It still relies on you knowing enough about the protocol > to know what you want to test, but it will take care of the connection > and authentication parts for you. Ah, looks-like the problem is in Sieve: p...@sigmund:~$ sivtest -v localhost S: "IMPLEMENTATION" "Cyrus timsieved v2.1.18-IPv6-Debian-2.1.18-5.1" S: "SASL" "PLAIN" S: "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational regex" S: OK Please enter your password: C: AUTHENTICATE "PLAIN" {16+} AHBhdWwAZXJ1NGJj S: NO "Authentication Error" Authentication failed. generic failure Security strength factor: 0 Anybody here knows how to find-out why the authentication does not work? On another machine (with Cyrus 2.2) everything works fine. Thanks for you help! With regards, Paul van der Vlis. -- http://www.vandervlis.nl/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: How to test timsieved
Paul van der Vlis wrote: PvdV> How can I test timsieved directly, so without Ingo? For high-level functions, you can use sieveshell, which is in the cyrus-admin-2.2 package. > "IMPLEMENTATION" "Cyrus timsieved v2.1.18-IPv6-Debian-2.1.18-5.1" In that case, I meant the "cyrus21-admin" package... Telnet should also work as low level tool. After connect your next input needs to be AUTHENTICATE "PLAIN" "x" where x is the base64 encoding of username\0username\0password for the credentials you're testing. For example if your username is "paul" and your password is "secret", you could do this: AUTHENTICATE "PLAIN" "cGF1bABwYXVsAHNlY3JldA==" If the server says "OK", try the LISTSCRIPTS command, and so on. Note that timsieved is very intolerant and will simply exit dropping the connection if you make a protocol error. Duncan -- Duncan Gibb - Technical Director Sirius Corporation plc - control through freedom http://www.siriusit.co.uk/ || t: +44 870 608 0063 Debian Cyrus Team - https://alioth.debian.org/projects/pkg-cyrus-imapd/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: How to test timsieved
Paul van der Vlis wrote: > Hello, > > I am using a program called Ingo to manage my sieve-scripts. > http://www.horde.org/ingo/ > > But it does not work anymore, when change a sieve script it says: > > Changes saved. > There was an error activating the script. The driver said: > "Authentication Error" > > The rest of the (web)mail server works fine. > > The driver is timsieved. How can I test timsieved directly, so without > Ingo? I will add some things at the end of the mail what I have > allready tried. I think sieve accepts plain passwords. Try sivtest. It still relies on you knowing enough about the protocol to know what you want to test, but it will take care of the connection and authentication parts for you. Thanks, Dave Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
How to test timsieved
Hello, I am using a program called Ingo to manage my sieve-scripts. http://www.horde.org/ingo/ But it does not work anymore, when change a sieve script it says: Changes saved. There was an error activating the script. The driver said: "Authentication Error" The rest of the (web)mail server works fine. The driver is timsieved. How can I test timsieved directly, so without Ingo? I will add some things at the end of the mail what I have allready tried. I think sieve accepts plain passwords. With regards, Paul van der Vlis. p...@sigmund:/usr/lib/sasl2$ telnet localhost sieve Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. "IMPLEMENTATION" "Cyrus timsieved v2.1.18-IPv6-Debian-2.1.18-5.1" "SASL" "PLAIN" "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational regex" OK p...@sigmund:/usr/lib/sasl2$ imtest -m login localhost S: * OK sigmund Cyrus IMAP4 v2.1.18-IPv6-Debian-2.1.18-5.1 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS ANNOTATEMORE S: C01 OK Completed Please enter your password: C: L01 LOGIN paul {6} S: + go ahead C: S: L01 OK User logged in Authenticated. Security strength factor: 0 -- http://www.vandervlis.nl/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Can't connect to timsieved (2.3.14)
I seem to have worked around my earlier problem. For some reason, the Cyrus::SIEVE::managesieve Perl package didn't get properly compiled/installed when I first built Cyrus 2.3.14. I remade and installed this package and the "sieveshell" script, and sieveshell works for me now. And, using sieveshell, I am able to contact my mail server and manipulate Sieve scripts on it. So, my original, immediate problem appears to be solved. Sorry it was such a bizarre problem that no one else out there seemed to have any idea what to say about it. The bug may, in fact, be in "sieve-connect", not in the Cyrus code. But I'm still suspicious of a situation where sieve-connect may have done something which caused a timsieved process to crash mysteriously -- something which no client should be able to do to a server process. But whatever . . . . -- Rich Wales / ri...@richw.org / ri...@stanford.edu Wikipedia: http://en.wikipedia.org/wiki/User:Richwales Facebook: http://www.new.facebook.com/profile.php?id=206680 Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Can't connect to timsieved (2.3.14)
I'm still having this problem, though it appears to be intermittent. I was able, just now, to do "sivtest -v localhost" on my Cyrus server, and authenticate, and issue a Managesieve command (listscripts) and get a valid reply. But "sieve-connect --debug localhost" still fails with "no line read, connection dropped?" right after the AUTHENTICATE command. And when I tried "sivtest -v localhost" again, it failed right after saying "Asking for capabilities again since they might have changed" -- sometimes spewing out some unprintable garbage before complaining of some sort of SASL problem -- sometimes simply saying "failure: prot layer failure". This worked fine before I upgraded to Cyrus 2.3.14. Is something known to be broken in 2.3.14? Has anyone else out there ever seen anything like this? What should I try next? I'm stuck here and would be very grateful for any help. -- Rich Wales / ri...@richw.org / ri...@stanford.edu Wikipedia: http://en.wikipedia.org/wiki/User:Richwales Facebook: http://www.new.facebook.com/profile.php?id=206680 Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: [PATCH] closedir missing in timsieved
> On Tue, May 26, 2009 at 1:47 AM, Thomas Cataldo > wrote: >> Hello, >> >> While writing a sieve client lib for the minig (minig.org) webmail >> project, I triggered a bug in the LISTSCRIPTS implementation in cyrus >> 2.2 from debian etch. The directory seems to remain unclosed and this >> is a problem when prefork > 0 is set on timsieved. >> >> The attached patch should fix it. >> > > Same patch needed on 2.3 cvs : Hi, Looks like there is another closedir() missing. I posted the patch to https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=3159 Regards, Simon Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Can't connect to timsieved (2.3.14)
An addendum to my original problem/question: I tried using "sivtest". When I did "sivtest -v localhost" (on the server itself), I got the following: =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= 05/26 16:31 ri...@whodunit ~ 36) sivtest -v localhost S: "IMPLEMENTATION" "Cyrus timsieved v2.3.14" S: "SASL" "DIGEST-MD5" S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify include envelope body relational regex subaddress copy" S: "STARTTLS" S: OK C: AUTHENTICATE "DIGEST-MD5" S: {212} S: bm9uY2U9Inl5TUxtc3BrOVllNUN1blFvTk14bExyU2g3bW8rZjNJZGtKKzFGQmkrdW89IixyZWFsbT0id2hvZHVuaXQucmljaHcub3JnIixxb3A9ImF1dGgtY29uZiIsY2lwaGVyPSJyYzQsM2RlcyIsbWF4YnVmPTQwOTYsY2hhcnNldD11dGYtOCxhbGdvcml0aG09bWQ1LXNlc3M= Please enter your password: C: {360+} C: dXNlcm5hbWU9InJpY2h3IixyZWFsbT0id2hvZHVuaXQucmljaHcub3JnIixub25jZT0ieXlNTG1zcGs5WWU1Q3VuUW9OTXhsTHJTaDdtbytmM0lka0orMUZCaSt1bz0iLGNub25jZT0ib1VCdjE5VlBsRXAyei9INlJUZG1tSUMzL28yb0tyTFQ0R1ZoaHpWdS8vbz0iLG5jPTAwMDAwMDAxLHFvcD1hdXRoLWNvbmYsY2lwaGVyPXJjNCxtYXhidWY9MTAyNCxkaWdlc3QtdXJpPSJzaWV2ZS9sb2NhbGhvc3QiLHJlc3BvbnNlPTUyZTJkMDlmMTQ1MzhlMzY1MjdkOTlmNWU0MjIwYjY5 S: OK (SASL "cnNwYXV0aD1iNTZmYTBkYTg0NzQ0ZTVlYTcyZjZjYTdkYTVjMzcwNw==") Authenticated. Security strength factor: 128 Asking for capabilities again since they might have changed =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= So far, so good. But right after the above, I got a bunch of unprintable garbage -- and when I tried typing something, this was the response: =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Protection error: decoding error: generic failure; SASL(-1): generic failure: Unable to find a callback: 32775 Connection closed. (05/26 16:32 ri...@whodunit ~ 37) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= I then tried "sivtest -v whodunit" from another machine on my local network (not my server), and it appeared to work (i.e., I was able to type a ManageSieve command and get a coherent response): =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= (05/26 16:29 ri...@liberation ~ 102) sivtest -v whodunit S: "IMPLEMENTATION" "Cyrus timsieved v2.3.14" S: "SASL" "DIGEST-MD5" S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify include envelope body relational regex subaddress copy" S: "STARTTLS" S: OK C: AUTHENTICATE "DIGEST-MD5" S: {248} S: bm9uY2U9ImQrcHNHTGdIWTJiVVFpd2lPd0hlejN0eW42ZU5JSkIxODI5Vmk3dXB3Wk09IixyZWFsbT0id2hvZHVuaXQucmljaHcub3JnIixxb3A9ImF1dGgtaW50LGF1dGgtY29uZiIsY2lwaGVyPSJyYzQtNDAscmM0LTU2LHJjNCxkZXMsM2RlcyIsbWF4YnVmPTQwOTYsY2hhcnNldD11dGYtOCxhbGdvcml0aG09bWQ1LXNlc3M= Please enter your password: C: {372+} C: dXNlcm5hbWU9InJpY2h3IixyZWFsbT0id2hvZHVuaXQucmljaHcub3JnIixub25jZT0iZCtwc0dMZ0hZMmJVUWl3aU93SGV6M3R5bjZlTklKQjE4MjlWaTd1cHdaTT0iLGNub25jZT0iMkx0TFNDUDNTaXBaMVpzNmkvd29UMnBtQUJUdkp5aEFvK1BZcS9yYTZPMD0iLG5jPTAwMDAwMDAxLHFvcD1hdXRoLWNvbmYsY2lwaGVyPXJjNCxtYXhidWY9MTAyNCxkaWdlc3QtdXJpPSJzaWV2ZS93aG9kdW5pdC5yaWNody5vcmciLHJlc3BvbnNlPTNiZTFiY2QyZmJjZDJjNzhjOGE2MjAyNTI0OTIyNGQ2 S: OK (SASL "cnNwYXV0aD05NjViNDgyZGJmZjAwNDYyM2NkMWI2OWIzMTI3OTdkOQ==") Authenticated. Security strength factor: 128 "IMPLEMENTATION" "Cyrus timsieved v2.3.14" "SASL" "DIGEST-MD5" "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify include envelope body relational regex subaddress copy" OK havespace "blah" 1000 OK quit Connection closed. (05/26 16:30 ri...@liberation ~ 103) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= "sieve-connect" still fails, as I described earlier, whether I try it on the server or some other host. -- Rich Wales / ri...@richw.org / ri...@stanford.edu Wikipedia: http://en.wikipedia.org/wiki/User:Richwales Facebook: http://www.new.facebook.com/profile.php?id=206680 Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Can't connect to timsieved (2.3.14)
I recently upgraded from Cyrus 2.3.10 to 2.3.14 on an Ubuntu 9.04 server. Since doing this upgrade, I can no longer connect to timsieved to update my Sieve script. The symptom is that the connection gets dropped right after the client (I'm using sieve-connect) sends an AUTHENTICATE command. Here's sample debugging output from sieve-connect: =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= (05/26 15:19 ri...@whodunit /var/log 119) sieve-connect --debug localhost connection: remote host address is 127.0.0.1 <<< "IMPLEMENTATION" "Cyrus timsieved v2.3.14"\r\n <<< "SASL" "DIGEST-MD5"\r\n <<< "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify include envelope body relational regex subaddress copy"\r\n <<< "STARTTLS"\r\n <<< OK\r\n >>> STARTTLS\r\n <<< OK "Begin TLS negotiation now"\r\n --- TLS activated here >>> NOOP\r\n <<< "IMPLEMENTATION" "Cyrus timsieved v2.3.14"\r\n <<< "SASL" "CRAM-MD5 DIGEST-MD5 LOGIN PLAIN"\r\n <<< "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify include envelope body relational regex subaddress copy"\r\n <<< OK\r\n >>> AUTHENTICATE "DIGEST-MD5"\r\n ... no line read, connection dropped? Connection dropped unexpectedly when trying to read. (05/26 15:19 ri...@whodunit /var/log 120) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= and here is the relevant syslog output: =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= May 26 15:19:37 whodunit cyrus/master[5625]: about to exec /usr/cyrus/bin/timsieved May 26 15:19:37 whodunit cyrus/sieve[5625]: executed May 26 15:19:37 whodunit cyrus/sieve[5625]: accepted connection May 26 15:19:37 whodunit cyrus/sieve[5625]: skiplist: recovered /cyrus/config/tls_sessions.db (5 records, 1180 bytes) in 0 seconds May 26 15:19:37 whodunit cyrus/sieve[5625]: imapd:Loading hard-coded DH parameters May 26 15:19:37 whodunit cyrus/sieve[5625]: SSL_accept() incomplete -> wait May 26 15:19:37 whodunit cyrus/sieve[5625]: SSL_accept() succeeded -> done May 26 15:19:37 whodunit cyrus/sieve[5625]: starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication May 26 15:19:37 whodunit cyrus/sieve[5625]: Lost connection to client -- exiting =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= and just in case it matters, here are the Sieve-related lines in my imapd.conf file: =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= sieve_extensions: fileinto reject vacation imapflags notify include envelope body relational regex subaddress copy sieve_maxscripts: 1000 sieve_maxscriptsize: 100 sieve_sasl_send_unsolicited_capability: 1 sievedir: /cyrus/config/sieve sieveusehomedir: false =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= and in my cyrus.conf file: =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= sieve cmd="timsieved" listen="sieve" prefork=0 proto=tcp4 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Specifying another authentication mechanism doesn't seem to help. I tried LOGIN and CRAM-MD5, with the same result. When I tried PLAIN, I got a "Broken pipe" error right after sieve-connect's AUTHENTICATE command. Does anyone have any ideas here? Is there any way to make timsieved (or sieve-connect) produce more debugging output which might help pinpoint the problem? -- Rich Wales / ri...@richw.org / ri...@stanford.edu Wikipedia: http://en.wikipedia.org/wiki/User:Richwales Facebook: http://www.new.facebook.com/profile.php?id=206680 Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: [PATCH] closedir missing in timsieved
On Tue, May 26, 2009 at 1:47 AM, Thomas Cataldo wrote: > Hello, > > While writing a sieve client lib for the minig (minig.org) webmail > project, I triggered a bug in the LISTSCRIPTS implementation in cyrus > 2.2 from debian etch. The directory seems to remain unclosed and this > is a problem when prefork > 0 is set on timsieved. > > The attached patch should fix it. > Same patch needed on 2.3 cvs : Index: actions.c === RCS file: /cvs/src/cyrus/timsieved/actions.c,v retrieving revision 1.46 diff -u -r1.46 actions.c --- actions.c 14 Jan 2009 15:50:47 - 1.46 +++ actions.c 26 May 2009 00:09:09 - @@ -555,6 +555,8 @@ } } +closedir(dp); + prot_printf(conn,"OK\r\n"); return TIMSIEVE_OK; Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
[PATCH] closedir missing in timsieved
Hello, While writing a sieve client lib for the minig (minig.org) webmail project, I triggered a bug in the LISTSCRIPTS implementation in cyrus 2.2 from debian etch. The directory seems to remain unclosed and this is a problem when prefork > 0 is set on timsieved. The attached patch should fix it. --- actions.c 2009-05-26 01:41:57.0 +0200 +++ actions.fixed.c 2009-05-26 01:42:27.0 +0200 @@ -542,6 +542,8 @@ } } +closedir(dp); + prot_printf(conn,"OK\r\n"); return TIMSIEVE_OK; Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: PLAIN authentication timsieved
Ho sorry, I've done some others tests with sivtest and it's possible to connect with PLAIN. Michael Menge wrote: > > Quoting Mathieu Kretchner : > >> It seems like I've no plain text auth capability !! >> > > Depending on you distribution plain authentication may be in a seperat > package you have to install. > > > > > > M.MengeTel.: (49) 7071/29-70316 > Universität Tübingen Fax.: (49) 7071/29-5912 > Zentrum für Datenverarbeitung mail: > michael.me...@zdv.uni-tuebingen.de > Wächterstraße 76 > 72074 Tübingen > > > > > > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html begin:vcard fn:Mathieu Kretchner n:Kretchner;Mathieu org:INRIA;Syslog adr;dom:;;2004 route des lucioles - BP93;Sophia Antipolis;;06902 CEDEX email;internet:mathieu.kretch...@sophia.inria.fr tel;work:04 92 38 76 67 x-mozilla-html:FALSE version:2.1 end:vcard Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: PLAIN authentication timsieved
Quoting Mathieu Kretchner : It seems like I've no plain text auth capability !! Depending on you distribution plain authentication may be in a seperat package you have to install. M.MengeTel.: (49) 7071/29-70316 Universität Tübingen Fax.: (49) 7071/29-5912 Zentrum für Datenverarbeitung mail: michael.me...@zdv.uni-tuebingen.de Wächterstraße 76 72074 Tübingen smime.p7s Description: S/MIME krytographische Unterschrift Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: PLAIN authentication timsieved
It seems like I've no plain text auth capability !! [r...@client ~]# telnet cyrus_server imap Trying cyrus_server ... Connected to imap-sop.inria.fr (cyrus_server). Escape character is '^]'. * OK cyrus_server Cyrus IMAP4 v2.2.12 server ready . capability * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE STARTTLS How could I configure this, like my other server do ? [r...@client ~]# telnet test1 imap Trying 1.2.3.4... Connected to test1 (1.2.3.4). Escape character is '^]'. * OK INRIA mail server - test1 ready. . capability * CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS UIDPLUS LIST-EXTENDED I18NLEVEL=1 QUOTA STARTTLS *AUTH=PLAIN* Michael Menge wrote: > Hi, > > Quoting Mathieu Kretchner : > >> Ok thank you for your help, >> >> I've tried the allowplaintext: yes but the proxy sieve server I use is >> still complaining ! >> >> I don't know why? I've done a tcp/ip trace of data transmission between >> proxy and sieve cyrus server and the only thing I see is that : >> >> Data (41 bytes) >> 41 55 54 48 45 4e 54 49 43 41 54 45 20 22 50 4c AUTHENTICATE "PL >> 0010 41 49 4e 22 20 22 41 47 6c 74 59 58 41 79 41 47 AIN" "AGltYXAyAG >> 0020 6c 74 59 58 41 79 22 0d 0altYXAy".. >> >> Data (22 bytes) >> 4f 4b 20 22 4c 6f 67 6f 75 74 20 43 6f 6d 70 6c OK "Logout Compl >> 0010 65 74 65 22 0d 0a ete".. >> >> >> How could I debug this ? >> >> > > It seems your client tries PLAIN authentication. You can try sivtest, > it will show all the data send between sieved and sivtest. > Which database does saslauthd use for authentication, if you use pam > you need an entry for sieve in /etc/pam.d . > Are there any messages form saslauthd in the logs? > > > >> Raphael Jaffey wrote: >>> Sorry, we use this setting in our environment as we're using stunnel >>> for sieved connections rather than its built in TLS support. >>> >>> The relevant parts of our current config read: >>> >>> sasl_pwcheck_method: saslauthd >>> sasl_mech_list: PLAIN >>> >>> >>> allowplaintext: no >>> sasl_minimum_layer: 128 >>> sieve_allowplaintext: yes >>> sieve_sasl_minimum_layer: 0 >>> >>> tls_cert_file: >>> tls_key_file: >>> tls_ca_file: >>> tls_cipher_list: !ADH:MEDIUM:HIGH >>> >>> sieve_tls_cert_file: disabled >>> >>> >>> >>> In your case, assuming you don't want PLAIN in the clear, I should >>> think the following would suffice: >>> >>> sasl_pwcheck_method: saslauthd >>> sasl_mech_list: PLAIN >>> >>> >>> allowplaintext: no >>> sasl_minimum_layer: 128 >>> >>> tls_cert_file: >>> tls_key_file: >>> tls_ca_file: >>> tls_cipher_list: !ADH:MEDIUM:HIGH >>> >>> This assumes that your sieve client supports TLS. >>> >>> Quoting Raphael Jaffey : >>> sieve_allowplaintext: yes Quoting Mathieu Kretchner : > Hello, > > I would like to allow connection to sieved server with PLAIN mechanism. > But my configuration seems to already have this. What do I miss ? > > Cyrus is 2.2.12 > here is my imapd.conf : > > configdirectory: /data/imap > partition-default: /data/imap/spool > servername: imap-sop.inria.fr > admins: cyrus > hashimapspool: yes > duplicatesuppression: no > sasl_pwcheck_method: saslauthd > allowanonymouslogin: no > tls_session_timeout: 0 > allowapop: 0 > sasl_mech_list: PLAIN > sieveuserhomedir: no > sievedir: /data/imap/sieve > sieve_maxscripts: 8 > sieve_maxscriptsize: 640 > sendmail: /usr/sbin/sendmail > tls_ca_file: /data/imap/ssl/ca.crt > tls_cert_file: /data/imap/ssl/server.crt > tls_key_file: /data/imap/ssl/server.key > tls_ca_path: /data/imap/ssl > > Thank you > > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html >>> >>> >>> >>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > > > > > M.MengeTel.: (49) 7071/29-70316 > Universität Tübingen Fax.: (49) 7071/29-5912 > Zentrum für Datenverarbeitung mail: > michael.me...@zdv.uni-tuebingen.de > Wächterstraße 76 > 72074 Tübingen > > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html begin:vcard fn:Mathieu Kretchner n:Kretchner;Mathieu org:INRIA;Syslog adr;dom:;;2004 route des lucioles - BP93;Sophia Antipolis;;
Re: PLAIN authentication timsieved
Hi, Quoting Mathieu Kretchner : > Ok thank you for your help, > > I've tried the allowplaintext: yes but the proxy sieve server I use is > still complaining ! > > I don't know why? I've done a tcp/ip trace of data transmission between > proxy and sieve cyrus server and the only thing I see is that : > > Data (41 bytes) > 41 55 54 48 45 4e 54 49 43 41 54 45 20 22 50 4c AUTHENTICATE "PL > 0010 41 49 4e 22 20 22 41 47 6c 74 59 58 41 79 41 47 AIN" "AGltYXAyAG > 0020 6c 74 59 58 41 79 22 0d 0altYXAy".. > > Data (22 bytes) > 4f 4b 20 22 4c 6f 67 6f 75 74 20 43 6f 6d 70 6c OK "Logout Compl > 0010 65 74 65 22 0d 0a ete".. > > > How could I debug this ? > > It seems your client tries PLAIN authentication. You can try sivtest, it will show all the data send between sieved and sivtest. Which database does saslauthd use for authentication, if you use pam you need an entry for sieve in /etc/pam.d . Are there any messages form saslauthd in the logs? > Raphael Jaffey wrote: >> Sorry, we use this setting in our environment as we're using stunnel >> for sieved connections rather than its built in TLS support. >> >> The relevant parts of our current config read: >> >> sasl_pwcheck_method: saslauthd >> sasl_mech_list: PLAIN >> >> >> allowplaintext: no >> sasl_minimum_layer: 128 >> sieve_allowplaintext: yes >> sieve_sasl_minimum_layer: 0 >> >> tls_cert_file: >> tls_key_file: >> tls_ca_file: >> tls_cipher_list: !ADH:MEDIUM:HIGH >> >> sieve_tls_cert_file: disabled >> >> >> >> In your case, assuming you don't want PLAIN in the clear, I should >> think the following would suffice: >> >> sasl_pwcheck_method: saslauthd >> sasl_mech_list: PLAIN >> >> >> allowplaintext: no >> sasl_minimum_layer: 128 >> >> tls_cert_file: >> tls_key_file: >> tls_ca_file: >> tls_cipher_list: !ADH:MEDIUM:HIGH >> >> This assumes that your sieve client supports TLS. >> >> Quoting Raphael Jaffey : >> >>> sieve_allowplaintext: yes >>> >>> Quoting Mathieu Kretchner : >>> Hello, I would like to allow connection to sieved server with PLAIN mechanism. But my configuration seems to already have this. What do I miss ? Cyrus is 2.2.12 here is my imapd.conf : configdirectory: /data/imap partition-default: /data/imap/spool servername: imap-sop.inria.fr admins: cyrus hashimapspool: yes duplicatesuppression: no sasl_pwcheck_method: saslauthd allowanonymouslogin: no tls_session_timeout: 0 allowapop: 0 sasl_mech_list: PLAIN sieveuserhomedir: no sievedir: /data/imap/sieve sieve_maxscripts: 8 sieve_maxscriptsize: 640 sendmail: /usr/sbin/sendmail tls_ca_file: /data/imap/ssl/ca.crt tls_cert_file: /data/imap/ssl/server.crt tls_key_file: /data/imap/ssl/server.key tls_ca_path: /data/imap/ssl Thank you >>> >>> >>> >>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html >>> >> >> >> >> >> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > M.MengeTel.: (49) 7071/29-70316 Universität Tübingen Fax.: (49) 7071/29-5912 Zentrum für Datenverarbeitung mail: michael.me...@zdv.uni-tuebingen.de Wächterstraße 76 72074 Tübingen Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: PLAIN authentication timsieved
Ok thank you for your help, I've tried the allowplaintext: yes but the proxy sieve server I use is still complaining ! I don't know why? I've done a tcp/ip trace of data transmission between proxy and sieve cyrus server and the only thing I see is that : Data (41 bytes) 41 55 54 48 45 4e 54 49 43 41 54 45 20 22 50 4c AUTHENTICATE "PL 0010 41 49 4e 22 20 22 41 47 6c 74 59 58 41 79 41 47 AIN" "AGltYXAyAG 0020 6c 74 59 58 41 79 22 0d 0altYXAy".. Data (22 bytes) 4f 4b 20 22 4c 6f 67 6f 75 74 20 43 6f 6d 70 6c OK "Logout Compl 0010 65 74 65 22 0d 0a ete".. How could I debug this ? Raphael Jaffey wrote: > Sorry, we use this setting in our environment as we're using stunnel > for sieved connections rather than its built in TLS support. > > The relevant parts of our current config read: > > sasl_pwcheck_method: saslauthd > sasl_mech_list: PLAIN > > > allowplaintext: no > sasl_minimum_layer: 128 > sieve_allowplaintext: yes > sieve_sasl_minimum_layer: 0 > > tls_cert_file: > tls_key_file: > tls_ca_file: > tls_cipher_list: !ADH:MEDIUM:HIGH > > sieve_tls_cert_file: disabled > > > > In your case, assuming you don't want PLAIN in the clear, I should > think the following would suffice: > > sasl_pwcheck_method: saslauthd > sasl_mech_list: PLAIN > > > allowplaintext: no > sasl_minimum_layer: 128 > > tls_cert_file: > tls_key_file: > tls_ca_file: > tls_cipher_list: !ADH:MEDIUM:HIGH > > This assumes that your sieve client supports TLS. > > Quoting Raphael Jaffey : > >> sieve_allowplaintext: yes >> >> Quoting Mathieu Kretchner : >> >>> Hello, >>> >>> I would like to allow connection to sieved server with PLAIN mechanism. >>> But my configuration seems to already have this. What do I miss ? >>> >>> Cyrus is 2.2.12 >>> here is my imapd.conf : >>> >>> configdirectory: /data/imap >>> partition-default: /data/imap/spool >>> servername: imap-sop.inria.fr >>> admins: cyrus >>> hashimapspool: yes >>> duplicatesuppression: no >>> sasl_pwcheck_method: saslauthd >>> allowanonymouslogin: no >>> tls_session_timeout: 0 >>> allowapop: 0 >>> sasl_mech_list: PLAIN >>> sieveuserhomedir: no >>> sievedir: /data/imap/sieve >>> sieve_maxscripts: 8 >>> sieve_maxscriptsize: 640 >>> sendmail: /usr/sbin/sendmail >>> tls_ca_file: /data/imap/ssl/ca.crt >>> tls_cert_file: /data/imap/ssl/server.crt >>> tls_key_file: /data/imap/ssl/server.key >>> tls_ca_path: /data/imap/ssl >>> >>> Thank you >>> >>> >> >> >> >> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html >> > > > > > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html begin:vcard fn:Mathieu Kretchner n:Kretchner;Mathieu org:INRIA;Syslog adr;dom:;;2004 route des lucioles - BP93;Sophia Antipolis;;06902 CEDEX email;internet:mathieu.kretch...@sophia.inria.fr tel;work:04 92 38 76 67 x-mozilla-html:FALSE version:2.1 end:vcard Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: PLAIN authentication timsieved
Sorry, we use this setting in our environment as we're using stunnel for sieved connections rather than its built in TLS support. The relevant parts of our current config read: sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN allowplaintext: no sasl_minimum_layer: 128 sieve_allowplaintext: yes sieve_sasl_minimum_layer: 0 tls_cert_file: tls_key_file: tls_ca_file: tls_cipher_list: !ADH:MEDIUM:HIGH sieve_tls_cert_file: disabled In your case, assuming you don't want PLAIN in the clear, I should think the following would suffice: sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN allowplaintext: no sasl_minimum_layer: 128 tls_cert_file: tls_key_file: tls_ca_file: tls_cipher_list: !ADH:MEDIUM:HIGH This assumes that your sieve client supports TLS. Quoting Raphael Jaffey : > sieve_allowplaintext: yes > > Quoting Mathieu Kretchner : > >> Hello, >> >> I would like to allow connection to sieved server with PLAIN mechanism. >> But my configuration seems to already have this. What do I miss ? >> >> Cyrus is 2.2.12 >> here is my imapd.conf : >> >> configdirectory: /data/imap >> partition-default: /data/imap/spool >> servername: imap-sop.inria.fr >> admins: cyrus >> hashimapspool: yes >> duplicatesuppression: no >> sasl_pwcheck_method: saslauthd >> allowanonymouslogin: no >> tls_session_timeout: 0 >> allowapop: 0 >> sasl_mech_list: PLAIN >> sieveuserhomedir: no >> sievedir: /data/imap/sieve >> sieve_maxscripts: 8 >> sieve_maxscriptsize: 640 >> sendmail: /usr/sbin/sendmail >> tls_ca_file: /data/imap/ssl/ca.crt >> tls_cert_file: /data/imap/ssl/server.crt >> tls_key_file: /data/imap/ssl/server.key >> tls_ca_path: /data/imap/ssl >> >> Thank you >> >> > > > > > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: PLAIN authentication timsieved
sieve_allowplaintext: yes Quoting Mathieu Kretchner : > Hello, > > I would like to allow connection to sieved server with PLAIN mechanism. > But my configuration seems to already have this. What do I miss ? > > Cyrus is 2.2.12 > here is my imapd.conf : > > configdirectory: /data/imap > partition-default: /data/imap/spool > servername: imap-sop.inria.fr > admins: cyrus > hashimapspool: yes > duplicatesuppression: no > sasl_pwcheck_method: saslauthd > allowanonymouslogin: no > tls_session_timeout: 0 > allowapop: 0 > sasl_mech_list: PLAIN > sieveuserhomedir: no > sievedir: /data/imap/sieve > sieve_maxscripts: 8 > sieve_maxscriptsize: 640 > sendmail: /usr/sbin/sendmail > tls_ca_file: /data/imap/ssl/ca.crt > tls_cert_file: /data/imap/ssl/server.crt > tls_key_file: /data/imap/ssl/server.key > tls_ca_path: /data/imap/ssl > > Thank you > > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
PLAIN authentication timsieved
Hello, I would like to allow connection to sieved server with PLAIN mechanism. But my configuration seems to already have this. What do I miss ? Cyrus is 2.2.12 here is my imapd.conf : configdirectory: /data/imap partition-default: /data/imap/spool servername: imap-sop.inria.fr admins: cyrus hashimapspool: yes duplicatesuppression: no sasl_pwcheck_method: saslauthd allowanonymouslogin: no tls_session_timeout: 0 allowapop: 0 sasl_mech_list: PLAIN sieveuserhomedir: no sievedir: /data/imap/sieve sieve_maxscripts: 8 sieve_maxscriptsize: 640 sendmail: /usr/sbin/sendmail tls_ca_file: /data/imap/ssl/ca.crt tls_cert_file: /data/imap/ssl/server.crt tls_key_file: /data/imap/ssl/server.key tls_ca_path: /data/imap/ssl Thank you begin:vcard fn:Mathieu Kretchner n:Kretchner;Mathieu org:INRIA;Syslog adr;dom:;;2004 route des lucioles - BP93;Sophia Antipolis;;06902 CEDEX email;internet:mathieu.kretch...@sophia.inria.fr tel;work:04 92 38 76 67 x-mozilla-html:FALSE version:2.1 end:vcard Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
timsieved float comparison
Hi, About timsieved: Is there comparison of float numbers in timsieved? I know the "i; ascii-numeric", but it compares only positive integers. Thank you all in advance. Best Regards -- []'s Thiago Henrique Network Administration Digirati Networks K8 Networks Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
timsieved float comparison
Hi, About timsieved: Is there comparison of float numbers in timsieved? I know the "i; ascii-numeric", but it compares only positive integers. Thank you all in advance. Best Regards -- []'s Thiago Henrique Network Administration Digirati Networks K8 Networks Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: timsieved logon problem
Reading another message about the thunderbird sieve extension I too did a telnet request (normally telnet does not listen ;-) $ telnet yanta.nagual.nl 2000 Trying 192.168.11.35... Connected to yanta.nagual.nl. Escape character is '^]'. "IMPLEMENTATION" "Cyrus timsieved v2.3.11" "SASL" "PLAIN OTP LOGIN DIGEST-MD5 CRAM-MD5" "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy" "STARTTLS" OK So, timsieve IS there. Why on earth does it not listen anymore to a request from my Squirrelmail? Is it an authorization matter after all? Has something changed from xx.9 to version xx.11? -- Dick Hoogendijk -- PGP/GnuPG key: F86289CE ++ http://lossehandjes.nl/ | SunOS 10u3 ++ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: timsieved logon problem
Simon Matter wrote: >> On Thu, 1 May 2008 13:22:34 +0200 >> Dick Hoogendijk <[EMAIL PROTECTED]> wrote: >> >>> I use SquirrelMail version 1.4.13 an Cyrus-2.3.11 from Blastwave Stable on solaris 10. I never experienced problems before, but today I wanted to add a filter from within SquirrelMail and got this warning: >>> >>> Could not log on to timsieved daemon on your IMAP server yanta:2000. Please contact your administrator. >> >> Cyrus-master is running. Cyrus works as it should. Clients are served the way it used to be. The *only* thing different is that I can no longer access the sieve mailfilters from squirrelmail. I "could not log on to timsieved" > > If I got it right your sieve service listens on 127.0.0.1:2000 and your squirrelmail tries to access it as yanta:2000. I don't expect 'yanta' resolve to 127.0.0.1 so I don't think this could ever work. If that were true, how could it have ever worked? Yanta is the cyrus mailer machine and known through internal dns for years. Can I make the sieve service listen on a specific IP? Sieveshell on yanta does work btw. From the sieve extension for thunderbird I get the impression that something has changed in the authorization procedure. All email connections are with CRAM-MD5. No tls/ssl, no plain logins. So all connections must be secure? Has something changed from cyrus-2.3.9 to 2.3.11 in this matters? Because it all started after this CSWpackage upgrade from xx.9 to xx.11 I'll post my cyrus.conf here too, because I really would like this matter solved if it can be ;-) [cyrus.conf] configdirectory: /opt/csw/var/cyrus/config partition-default: /opt/csw/var/cyrus/mail sievedir: /opt/csw/var/cyrus/sieve admins: cyrus unixhierarchysep: no altnamespace: no munge8bit: yes sasl_pwcheck_method: saslauthd # sasl_mech_list: PLAIN LOGIN # autocreatequota: -1 # createonpost: yes tls_ca_file: /opt/csw/ssl/private/imap/server.pem tls_cert_file: /opt/csw/ssl/private/imap/server.pem tls_key_file: /opt/csw/ssl/private/imap/server.pem [/cyrus.conf] Any ideas, tips are most welcome and appreciated. -- Dick Hoogendijk -- PGP/GnuPG key: F86289CE ++ http://lossehandjes.nl/ | SunOS 10u3 ++ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: timsieved logon problem
Reading another message about the thunderbird sieve extension I too did a telnet request (normally telnet does not listen ;-) $ telnet yanta.nagual.nl 2000 Trying 192.168.11.35... Connected to yanta.nagual.nl. Escape character is '^]'. "IMPLEMENTATION" "Cyrus timsieved v2.3.11" "SASL" "PLAIN OTP LOGIN DIGEST-MD5 CRAM-MD5" "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy" "STARTTLS" OK So, timsieve IS there. Why on earth does it not listen anymore to a request from my Squirrelmail? Is it an authorization matter after all? Has something changed from xx.9 to version xx.11? Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: timsieved logon problem
Simon Matter wrote: >> On Thu, 1 May 2008 13:22:34 +0200 >> Dick Hoogendijk <[EMAIL PROTECTED]> wrote: >> >>> I use SquirrelMail version 1.4.13 an Cyrus-2.3.11 from Blastwave >>> Stable on solaris 10. I never experienced problems before, but today >>> I wanted to add a filter from within SquirrelMail and got this >>> warning: >>> >>> Could not log on to timsieved daemon on your IMAP server yanta:2000. >>> Please contact your administrator. >> >> Cyrus-master is running. Cyrus works as it should. Clients are served >> the way it used to be. The *only* thing different is that I can no >> longer access the sieve mailfilters from squirrelmail. I "could not log >> on to timsieved" > > If I got it right your sieve service listens on 127.0.0.1:2000 and your > squirrelmail tries to access it as yanta:2000. I don't expect 'yanta' > resolve to 127.0.0.1 so I don't think this could ever work. If that were true, how could it have ever worked? Yanta is the cyrus mailer machine and known through internal dns for years. Can I make the sieve service listen on a specific IP? Sieveshell on yanta does work btw. From the sieve extension for thunderbird I get the impression that something has changed in the authorization procedure. All email connections are with CRAM-MD5. No tls/ssl, no plain logins. So all connections must be secure? Has something changed from cyrus-2.3.9 to 2.3.11 in this matters? Because it all started after this CSWpackage upgrade from xx.9 to xx.11 I'll post my cyrus.conf here too, because I really would like this matter solved if it can be ;-) [cyrus.conf] configdirectory: /opt/csw/var/cyrus/config partition-default: /opt/csw/var/cyrus/mail sievedir: /opt/csw/var/cyrus/sieve admins: cyrus unixhierarchysep: no altnamespace: no munge8bit: yes sasl_pwcheck_method: saslauthd # sasl_mech_list: PLAIN LOGIN # autocreatequota: -1 # createonpost: yes tls_ca_file: /opt/csw/ssl/private/imap/server.pem tls_cert_file: /opt/csw/ssl/private/imap/server.pem tls_key_file: /opt/csw/ssl/private/imap/server.pem [/cyrus.conf] Any ideas, tips are most welcome and appreciated. -- Dick Hoogendijk -- PGP/GnuPG key: F86289CE ++ http://lossehandjes.nl/ | SunOS 10u3 ++ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: timsieved logon problem
> On Thu, 1 May 2008 13:22:34 +0200 > Dick Hoogendijk <[EMAIL PROTECTED]> wrote: > >> I use SquirrelMail version 1.4.13 an Cyrus-2.3.11 from Blastwave >> Stable on solaris 10. I never experienced problems before, but today >> I wanted to add a filter from within SquirrelMail and got this >> warning: >> >> Could not log on to timsieved daemon on your IMAP server yanta:2000. >> Please contact your administrator. > > Cyrus-master is running. Cyrus works as it should. Clients are served > the way it used to be. The *only* thing different is that I can no > longer access the sieve mailfilters from squirrelmail. I "could not log > on to timsieved" If I got it right your sieve service listens on 127.0.0.1:2000 and your squirrelmail tries to access it as yanta:2000. I don't expect 'yanta' resolve to 127.0.0.1 so I don't think this could ever work. Simon > This service should run, according to my cyrus.conf > > [cyrus.conf] > # standard standalone server implementation > > START { > # do not delete this entry! > recover cmd="/opt/csw/sbin/ctl_cyrusdb -r" > > # this is only necessary if using idled for IMAP IDLE > # idled cmd="idled" > } > > # UNIX sockets start with a slash and are put into /var/imap/sockets > SERVICES { > # add or remove based on preferences > imapcmd="imapd" listen="imap" prefork=5 > # imaps cmd="imapd -s" listen="imaps" prefork=1 > pop3cmd="pop3d" listen="pop3" prefork=3 > # pop3s cmd="pop3d -s" listen="pop3s" prefork=1 > sieve cmd="timsieved" listen="sieve" prefork=0 > > # these are only necessary if receiving/exporting usenet via NNTP > # nntp cmd="nntpd" listen="nntp" prefork=3 > # nntps cmd="nntpd -s" listen="nntps" prefork=1 > > # at least one LMTP is required for delivery > # lmtp cmd="lmtpd" listen="lmtp" prefork=0 > lmtpunixcmd="lmtpd" listen="/opt/csw/var/cyrus/config/socket/lmtp" > prefork=1 > > # this is only necessary if using notifications > # notify cmd="notifyd" listen="/opt/csw/var/cyrus/config/socket/notify" > proto="udp" prefork=1 > } > > EVENTS { > # this is required > checkpoint cmd="/opt/csw/sbin/ctl_cyrusdb -c" period=30 > > # this is only necessary if using duplicate delivery suppression, > # Sieve or NNTP > delprunecmd="/opt/csw/sbin/cyr_expire -E 3" at=0400 > > # this is only necessary if caching TLS sessions > tlsprunecmd="/opt/csw/sbin/tls_prune" at=0400 > } > [/cyrus.conf > > I can see no weird things. Cyrus worked with this config for quite some > time? I don't compile from source. I use the blastwave package. > > Any idas? > Is there another good utility to access the sieve rules? > > -- > Dick Hoogendijk -- PGP/GnuPG key: 01D2433D > ++ http://nagual.nl/ + SunOS sxde 01/08 ++ > > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: timsieved logon problem
On Thu, 1 May 2008 13:22:34 +0200 Dick Hoogendijk <[EMAIL PROTECTED]> wrote: > I use SquirrelMail version 1.4.13 an Cyrus-2.3.11 from Blastwave > Stable on solaris 10. I never experienced problems before, but today > I wanted to add a filter from within SquirrelMail and got this > warning: > > Could not log on to timsieved daemon on your IMAP server yanta:2000. > Please contact your administrator. Cyrus-master is running. Cyrus works as it should. Clients are served the way it used to be. The *only* thing different is that I can no longer access the sieve mailfilters from squirrelmail. I "could not log on to timsieved" This service should run, according to my cyrus.conf [cyrus.conf] # standard standalone server implementation START { # do not delete this entry! recover cmd="/opt/csw/sbin/ctl_cyrusdb -r" # this is only necessary if using idled for IMAP IDLE # idledcmd="idled" } # UNIX sockets start with a slash and are put into /var/imap/sockets SERVICES { # add or remove based on preferences imap cmd="imapd" listen="imap" prefork=5 # imapscmd="imapd -s" listen="imaps" prefork=1 pop3 cmd="pop3d" listen="pop3" prefork=3 # pop3scmd="pop3d -s" listen="pop3s" prefork=1 sieve cmd="timsieved" listen="sieve" prefork=0 # these are only necessary if receiving/exporting usenet via NNTP # nntp cmd="nntpd" listen="nntp" prefork=3 # nntpscmd="nntpd -s" listen="nntps" prefork=1 # at least one LMTP is required for delivery # lmtp cmd="lmtpd" listen="lmtp" prefork=0 lmtpunix cmd="lmtpd" listen="/opt/csw/var/cyrus/config/socket/lmtp" prefork=1 # this is only necessary if using notifications # notify cmd="notifyd" listen="/opt/csw/var/cyrus/config/socket/notify" proto="udp" prefork=1 } EVENTS { # this is required checkpointcmd="/opt/csw/sbin/ctl_cyrusdb -c" period=30 # this is only necessary if using duplicate delivery suppression, # Sieve or NNTP delprune cmd="/opt/csw/sbin/cyr_expire -E 3" at=0400 # this is only necessary if caching TLS sessions tlsprune cmd="/opt/csw/sbin/tls_prune" at=0400 } [/cyrus.conf I can see no weird things. Cyrus worked with this config for quite some time? I don't compile from source. I use the blastwave package. Any idas? Is there another good utility to access the sieve rules? -- Dick Hoogendijk -- PGP/GnuPG key: 01D2433D ++ http://nagual.nl/ + SunOS sxde 01/08 ++ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: timsieved logon problem
On Thu, 1 May 2008 16:48:49 +0200 "Alain Spineux" <[EMAIL PROTECTED]> wrote: > On Thu, May 1, 2008 at 4:29 PM, Dick Hoogendijk <[EMAIL PROTECTED]> > wrote: > > Cyr-master does not show up. So I guess it's not running. > Here is your problem! Yes, I know, > You should see some error in your log file when trying to connect to > the sieve daemon or when restarting cyrus ! > Look at it. Strange, but I can't find the cyrus log file. I looked at all the logfile places I can think of. Can I set a special place for this in the cyrus.conf file? -- Dick Hoogendijk -- PGP/GnuPG key: 01D2433D ++ http://nagual.nl/ + SunOS sxde 01/08 ++ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Fwd: timsieved logon problem
ops -- Forwarded message -- From: Alain Spineux <[EMAIL PROTECTED]> Date: Thu, May 1, 2008 at 4:48 PM Subject: Re: timsieved logon problem To: Dick Hoogendijk <[EMAIL PROTECTED]> On Thu, May 1, 2008 at 4:29 PM, Dick Hoogendijk <[EMAIL PROTECTED]> wrote: > On Thu, 1 May 2008 13:47:03 +0200 > "Alain Spineux" <[EMAIL PROTECTED]> wrote: > > > On Thu, May 1, 2008 at 1:22 PM, Dick Hoogendijk <[EMAIL PROTECTED]> > > wrote: > > > > Could not log on to timsieved daemon on your IMAP server > > > yanta:2000. Please contact your administrator. > > > Are you sure timsieved is running ? > > > > # netstat -anp | grep 2000 > > tcp0 0 127.0.0.1:2000 0.0.0.0:* > > LISTEN 12912/cyrmaster > > Cyr-master does not show up. So I guess it's not running. Here is your problem! > > > > Cant you show us you cyrus.conf ? > > [cyrus.conf] > > START { > recover cmd="/opt/csw/sbin/ctl_cyrusdb -r" > # this is only necessary if using idled for IMAP IDLE > # idledcmd="idled" > } > > # UNIX sockets start with a slash and are put into /var/imap/sockets > SERVICES { > # add or remove based on preferences > imap cmd="imapd" listen="imap" prefork=5 > # imapscmd="imapd -s" listen="imaps" prefork=1 > pop3 cmd="pop3d" listen="pop3" prefork=3 > # pop3scmd="pop3d -s" listen="pop3s" prefork=1 > sieve cmd="timsieved" listen="sieve" prefork=0 You should see some error in your log file when trying to connect to the sieve daemon or when restarting cyrus ! Look at it. Regards > > # these are only necessary if receiving/exporting usenet via NNTP > # nntp cmd="nntpd" listen="nntp" prefork=3 > # nntpscmd="nntpd -s" listen="nntps" prefork=1 > > # at least one LMTP is required for delivery > # lmtp cmd="lmtpd" listen="lmtp" prefork=0 > lmtpunix cmd="lmtpd" listen="/opt/csw/var/cyrus/config/socket/lmtp" prefork=1 > > # this is only necessary if using notifications > # notify cmd="notifyd" listen="/opt/csw/var/cyrus/config/socket/notify" proto="udp" prefork=1 > } > > EVENTS { > # this is required > checkpointcmd="/opt/csw/sbin/ctl_cyrusdb -c" period=30 > > # this is only necessary if using duplicate delivery suppression, > # Sieve or NNTP > delprune cmd="/opt/csw/sbin/cyr_expire -E 3" at=0400 > > # this is only necessary if caching TLS sessions > tlsprune cmd="/opt/csw/sbin/tls_prune" at=0400 > } > [/cyrus.conf] > > Nothing changed in this file recently. > Hope to get some help. It used to work quite nicely. > > -- > > > Dick Hoogendijk -- PGP/GnuPG key: 01D2433D > ++ http://nagual.nl/ + SunOS sxde 01/08 ++ > -- Alain Spineux aspineux gmail com May the sources be with you -- Alain Spineux aspineux gmail com May the sources be with you Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: timsieved logon problem
On Thu, May 1, 2008 at 1:22 PM, Dick Hoogendijk <[EMAIL PROTECTED]> wrote: > I use SquirrelMail version 1.4.13 an Cyrus-2.3.11 from Blastwave Stable > on solaris 10. I never experienced problems before, but today I wanted > to add a filter from within SquirrelMail and got this warning: > > Could not log on to timsieved daemon on your IMAP server yanta:2000. > Please contact your administrator. > > What does this :2000 mean? > What could have happened/changed? > Many thanks for tips. Are you sure timsieved is running ? # netstat -anp | grep 2000 tcp0 0 127.0.0.1:2000 0.0.0.0:* LISTEN 12912/cyrmaster ATTN: netstat can use different parameters on solaris ! Cant you show us you cyrus.conf ? > > -- > Dick Hoogendijk -- PGP/GnuPG key: 01D2433D > ++ http://nagual.nl/ + SunOS sxde 01/08 ++ > > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Alain Spineux aspineux gmail com May the sources be with you Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
timsieved logon problem
I use SquirrelMail version 1.4.13 an Cyrus-2.3.11 from Blastwave Stable on solaris 10. I never experienced problems before, but today I wanted to add a filter from within SquirrelMail and got this warning: Could not log on to timsieved daemon on your IMAP server yanta:2000. Please contact your administrator. What does this :2000 mean? What could have happened/changed? Many thanks for tips. -- Dick Hoogendijk -- PGP/GnuPG key: 01D2433D ++ http://nagual.nl/ + SunOS sxde 01/08 ++ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
timsieved logon problem
I use SquirrelMail version 1.4.13 an Cyrus-2.3.11 from Blastwave Stable on solaris 10. I never experienced problems before, but today I wanted to add a filter from within SquirrelMail and got this warning: Could not log on to timsieved daemon on your IMAP server yanta:2000. Please contact your administrator. What does this :2000 mean? What could have happened/changed? Many thanks for tips. -- Dick Hoogendijk -- PGP/GnuPG key: 01D2433D ++ http://nagual.nl/ + SunOS sxde 01/08 ++ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: [POLL] timsieved STARTTLS implementation
> My question is this: If I fix timsieved to be compliant with the > MANAGESIEVE text (which has always been consistent), will this break > any client implementations? Avelsieve (or, more accurately, sieve-php.lib.php ManageSieve class) should work fine with the fix. Alexandros Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
[POLL] timsieved STARTTLS implementation
Folks, I have recently been informed that Cyrus timsieved has had an incompatible MANAGESIEVE STARTTLS implementation since v2.1.10. The problem is that the server is supposed to automatically issue a CAPABILITY response at the completion of STARTTLS, but this functionality was removed in v2.1.10 (see bug #1338 for details). My question is this: If I fix timsieved to be compliant with the MANAGESIEVE text (which has always been consistent), will this break any client implementations? -- Kenneth Murchison Systems Programmer Project Cyrus Developer/Maintainer Carnegie Mellon University Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
RE: problem with timsieved 2.3.9
Thanks... a forgot to check the port 2000 on my machine. tcp0 0 0.0.0.0:20000.0.0.0:* LISTEN 10139/asterisk tcp0 0 :::2000 :::* LISTEN 11723/cyrus-master so i stoped asterisk... i need to reconfigure asterisk instalation to use another port. Thank you very much.. -Original Message- From: Alain Spineux [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 20, 2007 4:10 PM To: [EMAIL PROTECTED] Cc: info-cyrus@lists.andrew.cmu.edu Subject: Re: problem with timsieved 2.3.9 Can you test this ? # netstat -a -n -p | grep 2000 tcp0 0 127.0.0.1:2000 0.0.0.0:* LISTEN 9436/cyrmaster Did you check you cyrus.conf file ? On Nov 20, 2007 3:39 PM, Peter Nerád <[EMAIL PROTECTED]> wrote: > > > > > Hi > > I have a strange problem. After upgrade to cyrus 2.3.9 I can't login to > timsieved server. Old sieve scripts works fine but I can't add new ones. > telnet localhost sieve, or sievtest -a root -u root localhost not working. I > have no response on these commands from timsieved. There are no error > messages in logs. I can login to imapd or pop3d, so auth woks fine. > > Thanks for any help. > > > > This is my imapd.conf > > > > configdirectory: /var/lib/imap > > partition-default: /var/spool/imap > > admins: cyrus root > > allowplaintext: true > > sievedir: /var/lib/imap/sieve > > sendmail: /usr/sbin/sendmail > > hashimapspool: true > > sasl_pwcheck_method: saslauthd > > sasl_mech_list: PLAIN > > #tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem > > #tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem > > #tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt > > > > > > Sorry for my English. > > > > > > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Alain Spineux aspineux gmail com May the sources be with you Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: problem with timsieved 2.3.9
Hello, Can you try this? ... sasl_mech_list: PLAIN LOGIN allowplaintext: yes pwcheck_method: PLAIN ... - Original Message - From: Peter Nerád To: info-cyrus@lists.andrew.cmu.edu Sent: Tuesday, November 20, 2007 10:39 PM Subject: problem with timsieved 2.3.9 Hi I have a strange problem. After upgrade to cyrus 2.3.9 I can't login to timsieved server. Old sieve scripts works fine but I can't add new ones. telnet localhost sieve, or sievtest -a root -u root localhost not working. I have no response on these commands from timsieved. There are no error messages in logs. I can login to imapd or pop3d, so auth woks fine. Thanks for any help. This is my imapd.conf configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus root allowplaintext: true sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN #tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem #tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem #tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt Sorry for my English. -- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
RE: problem with timsieved 2.3.9
Yes i can... My problem was not solved... I still have no answer from timsieved server. _ From: Patrick T. Tsang [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 20, 2007 4:02 PM To: [EMAIL PROTECTED]; info-cyrus@lists.andrew.cmu.edu Subject: Re: problem with timsieved 2.3.9 Hello, Can you try this? ... sasl_mech_list: PLAIN LOGIN allowplaintext: yes pwcheck_method: PLAIN ... - Original Message - From: Peter Ner <mailto:[EMAIL PROTECTED]> ád To: info-cyrus@lists.andrew.cmu.edu Sent: Tuesday, November 20, 2007 10:39 PM Subject: problem with timsieved 2.3.9 Hi I have a strange problem. After upgrade to cyrus 2.3.9 I can't login to timsieved server. Old sieve scripts works fine but I can't add new ones. telnet localhost sieve, or sievtest -a root -u root localhost not working. I have no response on these commands from timsieved. There are no error messages in logs. I can login to imapd or pop3d, so auth woks fine. Thanks for any help. This is my imapd.conf configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus root allowplaintext: true sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN #tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem #tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem #tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt Sorry for my English. _ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: problem with timsieved 2.3.9
Can you test this ? # netstat -a -n -p | grep 2000 tcp0 0 127.0.0.1:2000 0.0.0.0:* LISTEN 9436/cyrmaster Did you check you cyrus.conf file ? On Nov 20, 2007 3:39 PM, Peter Nerád <[EMAIL PROTECTED]> wrote: > > > > > Hi > > I have a strange problem. After upgrade to cyrus 2.3.9 I can't login to > timsieved server. Old sieve scripts works fine but I can't add new ones. > telnet localhost sieve, or sievtest –a root –u root localhost not working. I > have no response on these commands from timsieved. There are no error > messages in logs. I can login to imapd or pop3d, so auth woks fine. > > Thanks for any help. > > > > This is my imapd.conf > > > > configdirectory: /var/lib/imap > > partition-default: /var/spool/imap > > admins: cyrus root > > allowplaintext: true > > sievedir: /var/lib/imap/sieve > > sendmail: /usr/sbin/sendmail > > hashimapspool: true > > sasl_pwcheck_method: saslauthd > > sasl_mech_list: PLAIN > > #tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem > > #tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem > > #tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt > > > > > > Sorry for my English. > > > > > > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Alain Spineux aspineux gmail com May the sources be with you Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
problem with timsieved 2.3.9
Hi I have a strange problem. After upgrade to cyrus 2.3.9 I can't login to timsieved server. Old sieve scripts works fine but I can't add new ones. telnet localhost sieve, or sievtest -a root -u root localhost not working. I have no response on these commands from timsieved. There are no error messages in logs. I can login to imapd or pop3d, so auth woks fine. Thanks for any help. This is my imapd.conf configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus root allowplaintext: true sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN #tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem #tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem #tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt Sorry for my English. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Strange problem with timsieved 2.2.12
Andrew Morgan pisze: > We had a similar behavior occur that turned out to be caused by a > firewall. We use a Cisco FWSM. The culprit was a "fix-up" for the Thank you very much! I've changed port from 2000 to 2002 and sieve started to work again. It looks like my provider routers/firewalls are doing something nasty to TCP sessions on port 2000. Thanks again for hint, -- Lukasz Michalski pgp key: http://www.zork.pl/lm.asc signature.asc Description: OpenPGP digital signature Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Strange problem with timsieved 2.2.12
Hi, I am observing strange problem with timsieved daemon. This is on small mail server running cyrus-imapd 2.2.12. For most hosts, timsieved does not respond to commands at all. It sits in select() and never read any data. Data written at start of daemon is not readed to telnet client too. But I identified two good hosts for which timsieved works ok. This situation is perfectly and happens only to timsieved process. Everything else works ok. I would be grateful for any help, hints org suggestions. Here is telnet session and strace from bad host. When telnet connects to port 2000 strace outputs first line only. Rest of strace is written when I issue close command in telnet session. [EMAIL PROTECTED] ~]# telnet ssl.zork.pl 2000 Trying 195.66.73.37.2000... Connected to black.zork.pl. Escape character is '^]'. test ^] telnet> cl 11592 20:01:04.807071 select(1, [0], NULL, NULL, {1799, 976000}) = 1 (in [0], left {1770, 78}) 11592 20:01:34.010422 time(NULL)= 1195066894 11592 20:01:34.010575 read(0, "test\r\n", 4096) = 6 11592 20:01:34.010764 write(1, "NO \"Expected a command. Got some"..., 46) = 46 11592 20:01:34.010924 time(NULL)= 1195066894 11592 20:01:34.011014 select(1, [0], NULL, NULL, {1800, 0}) = 1 (in [0], left {1795, 764000}) 11592 20:01:38.244091 time(NULL)= 1195066898 11592 20:01:38.244222 read(0, "", 4096) = 0 11592 20:01:38.244343 write(1, "OK \"Logout Complete\"\r\n", 22) = 22 11592 20:01:38.244574 munmap(0xb68fb000, 114688) = 0 11592 20:01:38.244703 close(6) = 0 11592 20:01:38.244911 munmap(0xb6942000, 32768) = 0 11592 20:01:38.245034 munmap(0xb7afe000, 98304) = 0 11592 20:01:38.245143 munmap(0xb694a000, 18563072) = 0 11592 20:01:38.245282 munmap(0xb7b16000, 663552) = 0 11592 20:01:38.245397 munmap(0xb7fce000, 8192) = 0 11592 20:01:38.245527 open("/dev/null", O_RDWR) = 6 11592 20:01:38.245679 shutdown(0, 0 /* receive */) = 0 11592 20:01:38.245786 dup2(6, 0)= 0 11592 20:01:38.245874 shutdown(1, 0 /* receive */) = 0 11592 20:01:38.245957 dup2(6, 1)= 1 11592 20:01:38.246042 shutdown(2, 0 /* receive */) = 0 11592 20:01:38.246124 dup2(6, 2)= 2 11592 20:01:38.246274 close(6) = 0 11592 20:01:38.246563 exit_group(0) = ? Here is telnet session and strace from good host: [EMAIL PROTECTED] ~]$ telnet ssl.zork.pl 2000 Trying 195.66.73.37.2000... Connected to black.zork.pl. Escape character is '^]'. "IMPLEMENTATION" "Cyrus timsieved v2.2.12" "SASL" "OTP CRAM-MD5 DIGEST-MD5" "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex" "STARTTLS" OK test NO "Expected a command. Got something else." ^] telnet> cl Connection closed. 11595 20:01:21.994956 waitpid(11596, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0) = 11596 11595 20:01:21.995386 rt_sigaction(SIGINT, {SIG_DFL}, NULL, 8) = 0 11595 20:01:21.995493 rt_sigaction(SIGQUIT, {SIG_DFL}, NULL, 8) = 0 11595 20:01:21.995582 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 11595 20:01:21.995694 --- SIGCHLD (Child exited) @ 0 (0) --- 11595 20:01:21.995798 time([1195066881]) = 1195066881 11595 20:01:21.995910 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=976, ...}) = 0 11595 20:01:21.996063 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=976, ...}) = 0 11595 20:01:21.996195 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=976, ...}) = 0 11595 20:01:21.996359 send(5, "<183>Nov 14 20:01:21 sieve[11595"..., 68, MSG_NOSIGNAL) = 68 11595 20:01:21.996777 time([1195066881]) = 1195066881 11595 20:01:21.996876 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=976, ...}) = 0 11595 20:01:21.997013 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=976, ...}) = 0 11595 20:01:21.997145 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=976, ...}) = 0 11595 20:01:21.997290 send(5, "<183>Nov 14 20:01:21 sieve[11595"..., 44, MSG_NOSIGNAL) = 44 11595 20:01:21.997609 fcntl64(4, F_GETFD) = 0 11595 20:01:21.997697 fcntl64(4, F_SETFD, FD_CLOEXEC) = 0 11595 20:01:21.997778 fcntl64(3, F_GETFD) = 0 11595 20:01:21.997857 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 11595 20:01:21.997957 getsockopt(4, SOL_SOCKET, SO_TYPE, [1], [4]) = 0 11595 20:01:21.998238 getuid32()= 76 11595 20:01:21.998348 geteuid32() = 76 11595 20:01:21.998436 getgid32()= 12 11595 20:01:21.998522 getegid32() = 12 11595 20:01:21.998700 open("/etc/sasl/Cyrus.conf", O_RDONLY) = -1 ENOENT (No such file or directory) 11595 20:01:21.998974 getuid32()= 76 11595 20:01:21.999056 geteuid32() = 76 11595 20:01:21.999133 getgid32()= 12 11595 20:01:21.999208 getegid32() = 12 11595 20:01:21.999323 open("/usr/lib/sas
Re: Strange problem with timsieved 2.2.12
On Wed, 14 Nov 2007, Lukasz Michalski wrote: > Hi, > > I am observing strange problem with timsieved daemon. > This is on small mail server running cyrus-imapd 2.2.12. > > For most hosts, timsieved does not respond to commands at all. It sits in > select() and never read any data. Data written at start of daemon is not > readed to telnet client too. > > But I identified two good hosts for which timsieved works ok. This situation > is perfectly and happens only to timsieved process. Everything else works ok. > > I would be grateful for any help, hints org suggestions. > > Here is telnet session and strace from bad host. When telnet connects to port > 2000 strace outputs first line only. Rest of strace is written when I issue > close command in telnet session. > > [EMAIL PROTECTED] ~]# telnet ssl.zork.pl 2000 > Trying 195.66.73.37.2000... > Connected to black.zork.pl. > Escape character is '^]'. > test > ^] > telnet> cl We had a similar behavior occur that turned out to be caused by a firewall. We use a Cisco FWSM. The culprit was a "fix-up" for the Cisco SCCP (Skinny) protocol, which also uses port 2000. Responses from the timsieved server to the sieve client were dropped. Once we disabled the SCCP fix-up, sieve worked normally. Andy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: timsieved: Couldn't find mech PLAIN
I solved it, it was a misconfigured symlink to the authentification-libraries... Thanks for helping. --sj -- In disk space nobody can hear your files scream. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: timsieved: Couldn't find mech PLAIN
Am Monday 11 September 2006 09:32 schrieb Sebastian Jordan: > > > I've problems setting up sieve cyrus imapd 2.2.12. > > > I'm using saslauthd, pam, pam_mysql for authentification. > > > > > > POP3 and IMAP are working without problem, but if I want to login to > > > sieve I have get a "Couldn't find mech PLAIN"-statement in > > > /var/log/sasl.log > > > > Did you check if the Cyrus-SASL PLAIN-Plugin is installed? > > The PLAIN-Plugin is installed, PLAIN-authentification using pop3 or > imap works well. Please show: $ telnet localhost imap x CAPABILITY and $ telnet localhost sieve I think the Authentification works not with "PLAIN" as Cyrus-SASL Mechanism, but with the IMAP-Builtin LOGIN or the POP3-Builtin USER/PASS. So, after the above show the contents of the Cyrus-SASL Plugin Directory (Maybe /usr/lib/sasl2/). > I'm checking the passwords using pam_mysql.so, the /etc/pam.d/sieve > is the same like /etc/pam.d/pop and imap. > > I've done some tests yesterday, when i try to log in using imtest > localhost -p 2000 -u $username i have no problem loggin in, works fine. imtest is the IMAP-Test Utility, it is not able to "speak" SIEVE. I would be very interested, what you mean with "works fine". Please show the Output. > But if I try the same using web-cyradm i got the "Couldn't find mech > PLAIN"-stuff in my log and the login doesn't work. > > Using imtest: > Sep 11 09:30:19 localhost imap[801]: login: localhost [127.0.0.1] > $username plaintext User logged in "plaintext" != Cyrus-SASL Mechanism "PLAIN" > Using cyradm: > Sep 11 09:24:29 localhost sieve[690]: badlogin: localhost[127.0.0.1] > PLAIN no mechanism available ( cyradm == IMAP ) != SIEVE cyradm cannot handle sieve. Use sieveshell to login to sieve. > Why I'm wonder is the fact, that imtest using imap service to > authenticate and cyradm is using sieve...but both things are using > port 2000 to connect to -- Andreas Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: timsieved: Couldn't find mech PLAIN
On Fri, Sep 08, 2006 at 05:51:40PM +0200, Andreas Winkelmann wrote: > Am Friday 08 September 2006 09:54 schrieb Sebastian Jordan: > > > I've problems setting up sieve cyrus imapd 2.2.12. > > I'm using saslauthd, pam, pam_mysql for authentification. > > > > POP3 and IMAP are working without problem, but if I want to login to > > sieve I have get a "Couldn't find mech PLAIN"-statement in > > /var/log/sasl.log > > Did you check if the Cyrus-SASL PLAIN-Plugin is installed? The PLAIN-Plugin is installed, PLAIN-authentification using pop3 or imap works well. I'm checking the passwords using pam_mysql.so, the /etc/pam.d/sieve is the same like /etc/pam.d/pop and imap. I've done some tests yesterday, when i try to log in using imtest localhost -p 2000 -u $username i have no problem loggin in, works fine. But if I try the same using web-cyradm i got the "Couldn't find mech PLAIN"-stuff in my log and the login doesn't work. Using imtest: Sep 11 09:30:19 localhost imap[801]: login: localhost [127.0.0.1] $username plaintext User logged in Using cyradm: Sep 11 09:24:29 localhost sieve[690]: badlogin: localhost[127.0.0.1] PLAIN no mechanism available Why I'm wonder is the fact, that imtest using imap service to authenticate and cyradm is using sieve...but both things are using port 2000 to connect to --sj -- In disk space nobody can hear your files scream. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: timsieved: Couldn't find mech PLAIN
Am Friday 08 September 2006 09:54 schrieb Sebastian Jordan: > I've problems setting up sieve cyrus imapd 2.2.12. > I'm using saslauthd, pam, pam_mysql for authentification. > > POP3 and IMAP are working without problem, but if I want to login to > sieve I have get a "Couldn't find mech PLAIN"-statement in > /var/log/sasl.log Did you check if the Cyrus-SASL PLAIN-Plugin is installed? > When i use "imtest -p2000 localhost" i got the following: > S: "IMPLEMENTATION" "Cyrus timsieved v2.2.12" > S: "SIEVE" "fileinto reject envelope vacation imapflags notify > subaddress relational comparator-i;ascii-numeric regex" > S: OK > > "imtest localhost" shows me: > S: * OK imap.domain.de Cyrus IMAP4 v2.2.12 server ready > C: C01 CAPABILITY > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS > NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND > BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE > IDLE > S: C01 OK Completed > > I hope anyone can help me. > > Here is my imapd.conf: > postmaster: postmaster > configdirectory: /var/imap > partition-default: /var/spool/imap > admins: cyrus > allowanonymouslogin: yes > allowplaintext: yes > allowapop: 0 > sasl_pwcheck_method: saslauthd > sasl_mech_list: PLAIN login > servername: imap.domain.de > autocreatequota: 25000 > reject8bit: no > quotawarn: 90 > timeout: 30 > poptimeout: 10 > pwcheck_method: saslauthd > sievedir: /usr/sieve > sendmail: /usr/sbin/sendmail > sieve_maxscriptsize: 64 > sieve_maxscripts: 5 > unixhierarchysep: yes > lmtp_over_quota_perm_failure: 1 > > Regards, > > Sebastian -- Andreas Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
timsieved: Couldn't find mech PLAIN
Hi, I've problems setting up sieve cyrus imapd 2.2.12. I'm using saslauthd, pam, pam_mysql for authentification. POP3 and IMAP are working without problem, but if I want to login to sieve I have get a "Couldn't find mech PLAIN"-statement in /var/log/sasl.log When i use "imtest -p2000 localhost" i got the following: S: "IMPLEMENTATION" "Cyrus timsieved v2.2.12" S: "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex" S: OK "imtest localhost" shows me: S: * OK imap.domain.de Cyrus IMAP4 v2.2.12 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE S: C01 OK Completed I hope anyone can help me. Here is my imapd.conf: postmaster: postmaster configdirectory: /var/imap partition-default: /var/spool/imap admins: cyrus allowanonymouslogin: yes allowplaintext: yes allowapop: 0 sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN login servername: imap.domain.de autocreatequota: 25000 reject8bit: no quotawarn: 90 timeout: 30 poptimeout: 10 pwcheck_method: saslauthd sievedir: /usr/sieve sendmail: /usr/sbin/sendmail sieve_maxscriptsize: 64 sieve_maxscripts: 5 unixhierarchysep: yes lmtp_over_quota_perm_failure: 1 Regards, Sebastian -- In disk space nobody can hear your files scream. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
timsieved SIGSEGV
Hi, I've noticed error with timsieved when invoking with -C param. in cyrus.conf: sievecmd="timsieved " listen="127.0.0.1:2000" prefork=0 and logs: process 17215 exited, signaled to death by 11 service sieve pid 17215 in READY state: terminated abnormally about to exec /opt/mail1/imapd-2.3.6/service/timsieved process 17216 exited, signaled to death by 11 service sieve pid 17216 in READY state: terminated abnormally about to exec /opt/mail1/imapd-2.3.6/service/timsieved process 17217 exited, signaled to death by 11 service sieve pid 17217 in READY state: terminated abnormally about to exec /opt/mail1/imapd-2.3.6/service/timsieved process 17218 exited, signaled to death by 11 service sieve pid 17218 in READY state: terminated abnormally about to exec /opt/mail1/imapd-2.3.6/service/timsieved version is 2.3.6 . I need to seperate auth from imap which is done via digest-md5 and murder from sieve which should auth with saslauthd and login/plain method. Thanks for help AK Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
timsieved not showing banner (nor reading commands!)
I have cyrus running on a machine at our colo facility. It is configured to start up some listeners for imap and sieve (and a few others). When I telnet to port 143 from any local machine to the colo, I get a banner. when I telnet to port 143 from my main facility (firewalls allow all connections from main facility to colo) I get a nice banner as well. when I telnet to port 2000 (timseived) locally (any machine in the colo) I get a lovely banner, the right one. when I telnet to the same port from my main facility, I connect just fine, but no banner (and commands don't appear to be read - i.e. "logout" (no quotes) isn't being processed, for example.. the firewall has no specific limitations as to which ports are available, it is VERY permissive with connections from main facility to colo. oh, I have a local cyrus box at main facility and telneting to its port 2000 from any machine at the main facility works fine, i.e. a banner is displayed. any ideas? thanks! - yossie Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: timsieved sasl missing - FIXED
On Sat, 29 Oct 2005, Andrew Morgan wrote: On Sat, 29 Oct 2005, Ken Murchison wrote: Andrew Morgan wrote: I've been trying to setup timsieved on my test cyrus box (v2.2.12), but I seem to be missing something, probably obvious. I have a working installation of cyrus with imap, imaps, and lmtp. I use saslauthd. I added a stanza for timsieved in cyrus.conf, and I can successfully telnet to the sieve port. sivtest returns the following: - [EMAIL PROTECTED] config]# sivtest -a cyrus localhost S: "IMPLEMENTATION" "Cyrus timsieved v2.2.12" S: "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex" S: "STARTTLS" S: OK Authentication failed. generic failure Security strength factor: 0 - It never asks me for a password, and I appear to be missing a SASL capabilities line following the IMPLEMENTATION line. I don't know why sieve isn't detecting my sasl settings from imapd.conf. Here are my sasl settings: If you try imtest, do you get any AUTH= capabilities (I'm guessing not). I'm sure its detecting your SASL settings, but its not finding your SASL plugins. Where did you install them? If they aren't in /usr/lib/sasl2, you can just make a symlink from directory to directory. I don't see an AUTH= capabilities with imtest. I'm using the Debian sarge libsasl2 package, which installed libsasldb libraries in /usr/lib/sasl2/. However, I am using 'saslauthd -a pam', so I don't expect it to be looking for the sasl plugins anyways. Replying to myself since I finally figured it out. In Debian Sarge, the README.Debian file for libsasl2 says: IMPORTANT: You MUST install one of the libsasl2-modules* packages for SASL to work. Otherwise postfix-tls won't speak TLS, Cyrus IMAPd won't ever allow any users to login, and other SASL apps will malfuntion in weird ways and there will be even more pain and sorrow in the world (yours). I still have no clue why cyrus-imapd works fine if I'm to believe what this says, but after installing the 'libsasl2-modules' package, sivtest is now correctly returning an AUTH method string and I can login with it: S: "IMPLEMENTATION" "Cyrus timsieved v2.2.12" S: "SASL" "PLAIN" S: "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex" S: "STARTTLS" S: OK Please enter your password: C: AUTHENTICATE "PLAIN" {24+} ... One of the files that libsasl2-modules installed was /usr/lib/sasl2/libplain.so, which I assume is why sivtest and sieveshell are working now. Hopefully someone else can benefit from this in the list archives. Andy Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
how to disable some timsieved capabilities ?
Hi, I want to disable the 'notify' capability of my timsieved , but I haven't found the way to do it can someone point me to the right direction ? Best Regards Patrice Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: timsieved sasl missing
I run Cyrus on sid, and I see tons of stuff in /usr/lib/sasl2 "IMPLEMENTATION" "Cyrus timsieved v2.1.18-IPv6-Debian-2.1.18-2.0.1" "SASL" "PLAIN GSSAPI DIGEST-MD5 NTLM LOGIN CRAM-MD5" "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational regex" as you can tell, where they should be. * OK desolation.livid.dk Cyrus IMAP4 v2.1.18-IPv6-Debian-2.1.18-2.0.1 server ready C01 CAPABILITY * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=NTLM AUTH=CRAM-MD5 ANNOTATEMORE C01 OK Completed Long story short, this is how your Cyrus should respond, port 143 on the 2nd, port 2000 on the first. All I had to do is tweak imapd.conf, nothing more. On Sat, 29 Oct 2005 12:15:00 -0700 (PDT) > > On Sat, 29 Oct 2005, Ken Murchison wrote: > > > Andrew Morgan wrote: > >> > >> I've been trying to setup timsieved on my test cyrus box (v2.2.12), > >but I > seem to be missing something, probably obvious. > >> > >> I have a working installation of cyrus with imap, imaps, and lmtp. > >I use > saslauthd. I added a stanza for timsieved in cyrus.conf, > >and I can > successfully telnet to the sieve port. sivtest returns > >the following: > > >> - > >> [EMAIL PROTECTED] config]# sivtest -a cyrus localhost > >> S: "IMPLEMENTATION" "Cyrus timsieved v2.2.12" > >> S: "SIEVE" "fileinto reject envelope vacation imapflags notify > >subaddress > relational comparator-i;ascii-numeric regex" > >> S: "STARTTLS" > >> S: OK > >> Authentication failed. generic failure > >> Security strength factor: 0 > >> - > >> > >> It never asks me for a password, and I appear to be missing a SASL > >> capabilities line following the IMPLEMENTATION line. I don't know > >why > sieve isn't detecting my sasl settings from imapd.conf. Here > >are my sasl > settings: > > > > If you try imtest, do you get any AUTH= capabilities (I'm > > guessing not). I'm sure its detecting your SASL settings, but its > > not finding your SASL plugins. Where did you install them? If > > they aren't in /usr/lib/sasl2, you can just make a symlink from > > directory to directory. > > I don't see an AUTH= capabilities with imtest. I'm using the > Debian sarge libsasl2 package, which installed libsasldb libraries in > > /usr/lib/sasl2/. However, I am using 'saslauthd -a pam', so I don't > expect it to be looking for the sasl plugins anyways. > > Andy > > Cyrus Home Page: http://asg.web.cmu.edu/cyrus > Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > > !DSPAM:4363d3ec297094190714843! > > -- "What does one want when one is engaged in the sexual act? That everything around you give you its utter attention Think only of you, care only for you... Every man wants to be a tyrant when he fornicates" Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: timsieved sasl missing
On Sat, 29 Oct 2005, Ken Murchison wrote: Andrew Morgan wrote: I've been trying to setup timsieved on my test cyrus box (v2.2.12), but I seem to be missing something, probably obvious. I have a working installation of cyrus with imap, imaps, and lmtp. I use saslauthd. I added a stanza for timsieved in cyrus.conf, and I can successfully telnet to the sieve port. sivtest returns the following: - [EMAIL PROTECTED] config]# sivtest -a cyrus localhost S: "IMPLEMENTATION" "Cyrus timsieved v2.2.12" S: "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex" S: "STARTTLS" S: OK Authentication failed. generic failure Security strength factor: 0 - It never asks me for a password, and I appear to be missing a SASL capabilities line following the IMPLEMENTATION line. I don't know why sieve isn't detecting my sasl settings from imapd.conf. Here are my sasl settings: If you try imtest, do you get any AUTH= capabilities (I'm guessing not). I'm sure its detecting your SASL settings, but its not finding your SASL plugins. Where did you install them? If they aren't in /usr/lib/sasl2, you can just make a symlink from directory to directory. I don't see an AUTH= capabilities with imtest. I'm using the Debian sarge libsasl2 package, which installed libsasldb libraries in /usr/lib/sasl2/. However, I am using 'saslauthd -a pam', so I don't expect it to be looking for the sasl plugins anyways. Andy Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: timsieved sasl missing
Andrew Morgan wrote: I've been trying to setup timsieved on my test cyrus box (v2.2.12), but I seem to be missing something, probably obvious. I have a working installation of cyrus with imap, imaps, and lmtp. I use saslauthd. I added a stanza for timsieved in cyrus.conf, and I can successfully telnet to the sieve port. sivtest returns the following: - [EMAIL PROTECTED] config]# sivtest -a cyrus localhost S: "IMPLEMENTATION" "Cyrus timsieved v2.2.12" S: "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex" S: "STARTTLS" S: OK Authentication failed. generic failure Security strength factor: 0 - It never asks me for a password, and I appear to be missing a SASL capabilities line following the IMPLEMENTATION line. I don't know why sieve isn't detecting my sasl settings from imapd.conf. Here are my sasl settings: If you try imtest, do you get any AUTH= capabilities (I'm guessing not). I'm sure its detecting your SASL settings, but its not finding your SASL plugins. Where did you install them? If they aren't in /usr/lib/sasl2, you can just make a symlink from directory to directory. -- Kenneth Murchison Systems Programmer Carnegie Mellon University Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: timsieved sasl missing
On Fri, 28 Oct 2005, Craig White wrote: On Fri, 2005-10-28 at 15:02 -0700, Andrew Morgan wrote: I've been trying to setup timsieved on my test cyrus box (v2.2.12), but I seem to be missing something, probably obvious. I have a working installation of cyrus with imap, imaps, and lmtp. I use saslauthd. I added a stanza for timsieved in cyrus.conf, and I can successfully telnet to the sieve port. sivtest returns the following: - [EMAIL PROTECTED] config]# sivtest -a cyrus localhost S: "IMPLEMENTATION" "Cyrus timsieved v2.2.12" S: "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex" S: "STARTTLS" S: OK Authentication failed. generic failure Security strength factor: 0 - It never asks me for a password, and I appear to be missing a SASL capabilities line following the IMPLEMENTATION line. I don't know why sieve isn't detecting my sasl settings from imapd.conf. Here are my sasl settings: sasl_mech_list: PLAIN sasl_minimum_layer: 0 sasl_pwcheck_method: saslauthd sasl_auto_transition: 0 I can post my complete imapd.conf file if that would help. Does anyone have any ideas? I can never get sieve/sieveshell to work for the user cyrus but the other users, no problemo. Inasmuch as you are way far more knowledgeable about all things cyrus, I am timid to offer the advice but that's been my experience. Just for reference, it doesn't matter which user I specify. I just used "cyrus" in the example I pasted. :) Andy Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: timsieved sasl missing
On Fri, 2005-10-28 at 15:02 -0700, Andrew Morgan wrote: > I've been trying to setup timsieved on my test cyrus box (v2.2.12), but I > seem to be missing something, probably obvious. > > I have a working installation of cyrus with imap, imaps, and lmtp. I use > saslauthd. I added a stanza for timsieved in cyrus.conf, and I can > successfully telnet to the sieve port. sivtest returns the following: > > - > [EMAIL PROTECTED] config]# sivtest -a cyrus localhost > S: "IMPLEMENTATION" "Cyrus timsieved v2.2.12" > S: "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress > relational comparator-i;ascii-numeric regex" > S: "STARTTLS" > S: OK > Authentication failed. generic failure > Security strength factor: 0 > - > > It never asks me for a password, and I appear to be missing a SASL > capabilities line following the IMPLEMENTATION line. I don't know why > sieve isn't detecting my sasl settings from imapd.conf. Here are my sasl > settings: > > sasl_mech_list: PLAIN > sasl_minimum_layer: 0 > sasl_pwcheck_method: saslauthd > sasl_auto_transition: 0 > > I can post my complete imapd.conf file if that would help. Does anyone > have any ideas? I can never get sieve/sieveshell to work for the user cyrus but the other users, no problemo. Inasmuch as you are way far more knowledgeable about all things cyrus, I am timid to offer the advice but that's been my experience. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
timsieved sasl missing
I've been trying to setup timsieved on my test cyrus box (v2.2.12), but I seem to be missing something, probably obvious. I have a working installation of cyrus with imap, imaps, and lmtp. I use saslauthd. I added a stanza for timsieved in cyrus.conf, and I can successfully telnet to the sieve port. sivtest returns the following: - [EMAIL PROTECTED] config]# sivtest -a cyrus localhost S: "IMPLEMENTATION" "Cyrus timsieved v2.2.12" S: "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex" S: "STARTTLS" S: OK Authentication failed. generic failure Security strength factor: 0 - It never asks me for a password, and I appear to be missing a SASL capabilities line following the IMPLEMENTATION line. I don't know why sieve isn't detecting my sasl settings from imapd.conf. Here are my sasl settings: sasl_mech_list: PLAIN sasl_minimum_layer: 0 sasl_pwcheck_method: saslauthd sasl_auto_transition: 0 I can post my complete imapd.conf file if that would help. Does anyone have any ideas? Thanks, Andy Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Problem with timsieved on SUN
Hi Ken, okay, one step further: sivtest is working now. The problem was that timsieved was unable to write into /usr/sieve, I created this directory and did a chown cyrus:other /usr/sieve. Ah, and, I have the logs, I had to reconfigure my syslogd. Now sieve writes its messages to /var/adm/messages. I can login now using sivtest, but, sieveshell is still not working. I see the following entry in the log: ===/snip/ Oct 6 23:16:06 palanthir master[10258]: [ID 392559 local6.debug] about to exec /usr/cyrus/bin/timsieved Oct 6 23:16:06 palanthir sieve[10258]: [ID 518349 local6.debug] executed Oct 6 23:16:07 palanthir perl[10257]: [ID 702911 auth.notice] Bad IPLOCALPORT value Oct 6 23:16:07 palanthir sieve[10258]: [ID 921384 local6.debug] accepted connection Oct 6 23:16:07 palanthir master[3781]: [ID 310780 local6.debug] process 10258 exited, status 0 Oct 6 23:16:08 palanthir master[3781]: [ID 310780 local6.debug] process 10256 exited, status 0 =/snap/ I found a thread which deals with the same problem: http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&msg=26358 so, I recompiled cyrus with #define NI_WITHSCOPEID 0 but with the same result. Any ideas?? Thanks in advance, Harald Ken Murchison wrote: hhuseman wrote: Hi all, I've found many threads concerning this case, but nothing seems to help. So, I post it to the list, and hope that someone can help me figuring out what's going on. Well, here's my problem: I've just setup cyrus imapd on my SUN E250, OS is Solaris 10. Imap itself is running perfectly well, I can login to the cyradm-shell, create mailboxes, get my emails using imap, and so on. The only thing which is just drivin' me nuts is timsieved. I can telnet it: ===/snip/ [][](22)> telnet palanthir 2000 Trying 192.168.10.21... Connected to palanthir. Escape character is '^]'. "IMPLEMENTATION" "Cyrus timsieved v2.2.12" "SASL" "PLAIN" "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex" OK logout OK "Logout Complete" Connection to palanthir closed by foreign host. cyrus(other)@palanthir:~ =/snap/ okay, this works. Now, the same with sivtest: =====/snip/= sivtest -c -v -m PLAIN -u cyrus -a cyrus palanthir S: "IMPLEMENTATION" "Cyrus timsieved v2.2.12" S: "SASL" "PLAIN" S: "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex" S: OK Please enter your password: C: AUTHENTICATE "PLAIN" {28+} Y3lydXMAY3lydXMATUstSDI0ODM= S: NO "Authentication Error" Authentication failed. generic failure Security strength factor: 0 ^CC: LOGOUT Connection closed. cyrus(other)@palanthir:~ ===/snap/=== And that's it. Unfortunately, I can't find anything in the logs, neither /var/adm/messages nor /var/log/syslog gives any clue. So, I hope someone here has an idea... You're looking in the wrong logs. Assuming you have things setup according to the documentation, look in /var/log/imapd.log and /var/log/auth.log What does you imapd.conf look like? My guess is that this problem isn't limited to timsieved. Try changing sivtest to imtest with the same arguments and see what happens (you may have to add -s or -t '' in order to use PLAIN with imapd). Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Problem with timsieved on SUN
hhuseman wrote: Hi all, I've found many threads concerning this case, but nothing seems to help. So, I post it to the list, and hope that someone can help me figuring out what's going on. Well, here's my problem: I've just setup cyrus imapd on my SUN E250, OS is Solaris 10. Imap itself is running perfectly well, I can login to the cyradm-shell, create mailboxes, get my emails using imap, and so on. The only thing which is just drivin' me nuts is timsieved. I can telnet it: ===/snip/ [][](22)> telnet palanthir 2000 Trying 192.168.10.21... Connected to palanthir. Escape character is '^]'. "IMPLEMENTATION" "Cyrus timsieved v2.2.12" "SASL" "PLAIN" "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex" OK logout OK "Logout Complete" Connection to palanthir closed by foreign host. cyrus(other)@palanthir:~ =/snap/ okay, this works. Now, the same with sivtest: =====/snip/= sivtest -c -v -m PLAIN -u cyrus -a cyrus palanthir S: "IMPLEMENTATION" "Cyrus timsieved v2.2.12" S: "SASL" "PLAIN" S: "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex" S: OK Please enter your password: C: AUTHENTICATE "PLAIN" {28+} Y3lydXMAY3lydXMATUstSDI0ODM= S: NO "Authentication Error" Authentication failed. generic failure Security strength factor: 0 ^CC: LOGOUT Connection closed. cyrus(other)@palanthir:~ ===/snap/=== And that's it. Unfortunately, I can't find anything in the logs, neither /var/adm/messages nor /var/log/syslog gives any clue. So, I hope someone here has an idea... You're looking in the wrong logs. Assuming you have things setup according to the documentation, look in /var/log/imapd.log and /var/log/auth.log What does you imapd.conf look like? My guess is that this problem isn't limited to timsieved. Try changing sivtest to imtest with the same arguments and see what happens (you may have to add -s or -t '' in order to use PLAIN with imapd). -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Problem with timsieved on SUN
Hi all, I've found many threads concerning this case, but nothing seems to help. So, I post it to the list, and hope that someone can help me figuring out what's going on. Well, here's my problem: I've just setup cyrus imapd on my SUN E250, OS is Solaris 10. Imap itself is running perfectly well, I can login to the cyradm-shell, create mailboxes, get my emails using imap, and so on. The only thing which is just drivin' me nuts is timsieved. I can telnet it: ===/snip/ [][](22)> telnet palanthir 2000 Trying 192.168.10.21... Connected to palanthir. Escape character is '^]'. "IMPLEMENTATION" "Cyrus timsieved v2.2.12" "SASL" "PLAIN" "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex" OK logout OK "Logout Complete" Connection to palanthir closed by foreign host. cyrus(other)@palanthir:~ =/snap/ okay, this works. Now, the same with sivtest: =====/snip/= sivtest -c -v -m PLAIN -u cyrus -a cyrus palanthir S: "IMPLEMENTATION" "Cyrus timsieved v2.2.12" S: "SASL" "PLAIN" S: "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex" S: OK Please enter your password: C: AUTHENTICATE "PLAIN" {28+} Y3lydXMAY3lydXMATUstSDI0ODM= S: NO "Authentication Error" Authentication failed. generic failure Security strength factor: 0 ^CC: LOGOUT Connection closed. cyrus(other)@palanthir:~ ===/snap/=== And that's it. Unfortunately, I can't find anything in the logs, neither /var/adm/messages nor /var/log/syslog gives any clue. So, I hope someone here has an idea... Thanks, and have a nice hackin', Harald Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus-imapd 2.2 and timsieved problems
On Tue, Aug 23, Carsten Hoeger wrote: > I'm unable to do a successfull PLAIN authentication with timsieved on > cyrus-imapd 2.2 (tried with 2.2.3 and 2.2.12). [...] Well, I found the culprit. My test user did not have a mailbox and therefor timsieved was unwilling to perform. Unfortunately, there's no hint to the real problem nowhere. Additinally, there's a bug in timsieved/parser.c. There's this code: r = mboxlist_detail(inboxname, &type, &server, NULL, NULL, NULL); if(r) { /* mboxlist_detail error */ *errmsg = "mailbox unknown"; return FALSE; } Problem: 1. errmsg now contains a usefull error message, but this message does not reach anybody. 2. the old sasl will be reused without beeing cleared. That's why I see this message in the log: "attempting server step after doneflag" and then the server segfaults Attached is a patch, that does the following: 1. log the "mailbox missing" information to syslog 2. reset the sasl connection The patch applies against 2.2.12. I'll also open a bug in bugzilla.andrew.cmu.edu. -- With best regards, Carsten Hoeger --- timsieved/parser.c +++ timsieved/parser.c 2005/08/24 09:14:42 @@ -664,8 +664,14 @@ if(r) { /* mboxlist_detail error */ - *errmsg = "mailbox unknown"; - return FALSE; + syslog(LOG_ERR, error_message(r)); + + if(reset_saslconn(&sieved_saslconn, ssf, authid) != SASL_OK) + fatal("could not reset the sasl_conn_t after failure", + EC_TEMPFAIL); + + ret = FALSE; + goto cleanup; } if(type & MBTYPE_REMOTE) { pgpa4YCJtODiF.pgp Description: PGP signature Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
cyrus-imapd 2.2 and timsieved problems
Hi, I'm unable to do a successfull PLAIN authentication with timsieved on cyrus-imapd 2.2 (tried with 2.2.3 and 2.2.12). I've no problem to authenticate with timsieved of 2.1.16, however. I have a test user called choeger with password system. I'm able to authenticate against imapd without problems: telnet localhost imap Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * OK d141 Cyrus IMAP4 v2.2.3 server ready . auth plain . BAD Please login first . authenticate plain + Y2hvZWdlcgBjaG9lZ2VyAHN5c3RlbQ== . OK Success (no protection) (Note: I enabled PLAIN without using TLS/SSL in removing SASL_SEC_NOPLAINTEXT from secprops in imapd.c) The same authstring does not work with timsieved: telnet localhost sieve Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. "IMPLEMENTATION" "Cyrus timsieved v2.2.3" "SASL" "LOGIN PLAIN" "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational regex" OK AUTHENTICATE "PLAIN" {33+} Y2hvZWdlcgBjaG9lZ2VyAHN5c3RlbQ== NO "Authentication Error" Connection closed by foreign host. On an old server running 2.1.16 it works: telnet imapdevel sieve Trying 10.10.0.9... Connected to imapdevel. Escape character is '^]'. "IMPLEMENTATION" "Cyrus timsieved v2.1.16" "SASL" "LOGIN PLAIN" "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational regex" "STARTTLS" OK AUTHENTICATE "PLAIN" {33+} Y2hvZWdlcgBjaG9lZ2VyAHN5c3RlbQ== OK Even worse: When I use sieveshell to contact timsieved of cyrus-imapd 2.2, timsieved segfaults. This is the ethereal captured protocol: "IMPLEMENTATION" "Cyrus timsieved v2.2.3" "SASL" "LOGIN PLAIN" "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational regex" OK AUTHENTICATE "LOGIN" {12} VXNlcm5hbWU6 {12+} Y2hvZWdlcg== {12} UGFzc3dvcmQ6 {12+} U2FsYWhtMQ== NO "Authentication Error" AUTHENTICATE "PLAIN" {32+} Y2hvZWdlcgBjaG9lZ2VyAFNhbGFobTE= NO "Authentication Error" OK "Logout Complete" And then, timsieved segfaults. This is the backtrace of timsieved: #1 0x40035617 in sasl_server_start (conn=0x8138728, mech=0x81344e4 "PLAIN", clientin=0x817d860 "choeger", clientinlen=22, serverout=0xbfffc6c8, serveroutlen=0xbfffc6c4) at server.c:1303 #2 0x0805156c in cmd_authenticate (sieved_out=0x8134298, sieved_in=0x8134228, mechanism_name=0x81344e0, initial_challenge=0x817db78, errmsg=0xbfffd748) at parser.c:524 #3 0x08050d8d in parser (sieved_out=0x8134298, sieved_in=0x8134228) at parser.c:181 #4 0x0805051e in cmdloop () at timsieved.c:163 #5 0x0805099f in service_main (argc=1, argv=0x8132008, envp=0xb51c) at timsieved.c:289 #6 0x0804db0f in main (argc=1, argv=0xb514, envp=0xb51c) at service.c:546 The code in line 1303 of lib/server.c (that's sourcecode of cyrus-sasl version 2.1.18, most recent version == same behaviour): s_conn->mech->plug->mech_dispose(conn->context, s_conn->sparams->utils); Using a debugger shows, that s_conn->mech->plug->mech_dispose() points to 0 in that case. I'm currently trying to find out, where the problem is. I can't say, that I am a SASL expert, so any help is appreciated. -- With best regards, Carsten Hoeger pgplmv3TDCNPJ.pgp Description: PGP signature Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: problem connecting to timsieved
Patrice wrote: Hi, I have some troubles to connect on my timsieved daemon. it seems I have an authentication problem. here is what I see when I do a telnet on sieve port : "IMPLEMENTATION" "Cyrus timsieved v2.2.12" "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex" OK there isn't any authentication mechanism I should see "SASL" "PLAIN" but nothing and authentication doesn't work I just fixed a problem with identical symptoms on my Solaris 10 system. I built my own version of cyrus-sasl-2.1.20 because Sun don't include saslauthd in the version os sasl they include in Solaris. It turns out that I needed a symbolic link from /usr/lib/sasl2 to /usr/local/lib/sasl2: # cd /usr/lib # ln -s ../local/lib/sasl2 It is strange that imap server did not need the link but sieve did. Nick --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
problem connecting to timsieved
Hi, I have some troubles to connect on my timsieved daemon. it seems I have an authentication problem. here is what I see when I do a telnet on sieve port : "IMPLEMENTATION" "Cyrus timsieved v2.2.12" "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex" OK there isn't any authentication mechanism I should see "SASL" "PLAIN" but nothing and authentication doesn't work any ideas ? thank you Patrice --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
RE: Looking for pointers - timsieved / sasl question
Hi Martin, Instead of running that command as root, try su'ing to the user you're trying to run sivtest for... I had the same exact problem and that's the only way around it that I could find. Dan From: Martin Richard <[EMAIL PROTECTED]> Reply-To: Martin Richard <[EMAIL PROTECTED]> To: info-cyrus@lists.andrew.cmu.edu Subject: Looking for pointers - timsieved / sasl question Date: Tue, 15 Feb 2005 22:35:03 -0500 Hello all, I have a postfix + cyrus + sasl + pam setup, working nicely so far. Users get and send mail. All account info is in mysql via pam/pam_mysql as per the HOWTOs. IMAP mech LOGIN works fine: [EMAIL PROTECTED] root]# imtest -u -a localhost -v S: * OK mail..com Cyrus IMAP4 v2.2.8 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE S: C01 OK Completed Please enter your password: C: L01 LOGIN {8} S: + go ahead C: S: L01 OK User logged in Authenticated. Security strength factor: 0 L01 LOGOUT * BYE LOGOUT received L01 OK Completed Connection closed. [EMAIL PROTECTED] root]# But I'm having trouble with sieve / timsieved. I want to use it via mech PLAIN for automated scripts/interfaces for my users to put filters or vacation messages.. Using same account info: [EMAIL PROTECTED] root]# sivtest -u -a -m plain localhost S: "IMPLEMENTATION" "Cyrus timsieved v2.2.8" S: "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational regex" S: OK Please enter your password: C: AUTHENTICATE "PLAIN" {60+} base64removed S: NO "Authentication Error" Authentication failed. generic failure Security strength factor: 0 LOGOUT OK "Logout Complete" Connection closed. [EMAIL PROTECTED] root]# I get this in /var/log/messages: Feb 15 22:30:20 www sievelocal[2604]: badlogin: www[127.0.0.1] PLAIN no mechanism available sievelocal is started via /etc/cyrus.conf: sievelocalcmd="timsieved -C /etc/imapd-local.conf listen="127.0.0.1:sieve" prefork=0 I'm thinking the culprit is SASL.. [EMAIL PROTECTED] root]# saslauthd -v saslauthd 2.1.19 authentication mechanisms: getpwent kerberos5 pam rimap shadow [EMAIL PROTECTED] root]# No PLAIN.. But it was (at least I asked for) compiled with PLAIN.. from config.log: [EMAIL PROTECTED] cyrus-sasl-2.1.19]# more config.log This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by configure, which was generated by GNU Autoconf 2.57. Invocation command line was $ ./configure --enable-plain --with-mysql=/u01/mysql --with-pam the plain plugin is also in the lib directory: [EMAIL PROTECTED] cyrus-sasl-2.1.19]# ls -al /usr/lib/sasl2/libpl* -rwxr-xr-x 1 root root 679 Feb 15 13:53 /usr/lib/sasl2/libplain.la lrwxrwxrwx 1 root root18 Feb 15 13:53 /usr/lib/sasl2/libplain.so -> libplain.so.2.0.19 lrwxrwxrwx 1 root root18 Feb 15 13:53 /usr/lib/sasl2/libplain.so.2 -> libplain.so.2.0.19 -rwxr-xr-x 1 root root 90438 Feb 15 13:53 /usr/lib/sasl2/libplain.so.2.0.19 [EMAIL PROTECTED] cyrus-sasl-2.1.19]# saslauthd is running and available, running with "-a pam" So I must be missing something! How do I setup/use mech PLAIN (and pam) in saslauthd to be able to use timsieved ??? Thanks for any pointers. I've been scratching my head at this for days now. Martin --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Looking for pointers - timsieved / sasl question
Hello all, I have a postfix + cyrus + sasl + pam setup, working nicely so far. Users get and send mail. All account info is in mysql via pam/pam_mysql as per the HOWTOs. IMAP mech LOGIN works fine: [EMAIL PROTECTED] root]# imtest -u -a localhost -v S: * OK mail..com Cyrus IMAP4 v2.2.8 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE S: C01 OK Completed Please enter your password: C: L01 LOGIN {8} S: + go ahead C: S: L01 OK User logged in Authenticated. Security strength factor: 0 L01 LOGOUT * BYE LOGOUT received L01 OK Completed Connection closed. [EMAIL PROTECTED] root]# But I'm having trouble with sieve / timsieved. I want to use it via mech PLAIN for automated scripts/interfaces for my users to put filters or vacation messages.. Using same account info: [EMAIL PROTECTED] root]# sivtest -u -a -m plain localhost S: "IMPLEMENTATION" "Cyrus timsieved v2.2.8" S: "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational regex" S: OK Please enter your password: C: AUTHENTICATE "PLAIN" {60+} base64removed S: NO "Authentication Error" Authentication failed. generic failure Security strength factor: 0 LOGOUT OK "Logout Complete" Connection closed. [EMAIL PROTECTED] root]# I get this in /var/log/messages: Feb 15 22:30:20 www sievelocal[2604]: badlogin: www[127.0.0.1] PLAIN no mechanism available sievelocal is started via /etc/cyrus.conf: sievelocalcmd="timsieved -C /etc/imapd-local.conf listen="127.0.0.1:sieve" prefork=0 I'm thinking the culprit is SASL.. [EMAIL PROTECTED] root]# saslauthd -v saslauthd 2.1.19 authentication mechanisms: getpwent kerberos5 pam rimap shadow [EMAIL PROTECTED] root]# No PLAIN.. But it was (at least I asked for) compiled with PLAIN.. from config.log: [EMAIL PROTECTED] cyrus-sasl-2.1.19]# more config.log This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by configure, which was generated by GNU Autoconf 2.57. Invocation command line was $ ./configure --enable-plain --with-mysql=/u01/mysql --with-pam the plain plugin is also in the lib directory: [EMAIL PROTECTED] cyrus-sasl-2.1.19]# ls -al /usr/lib/sasl2/libpl* -rwxr-xr-x 1 root root 679 Feb 15 13:53 /usr/lib/sasl2/libplain.la lrwxrwxrwx 1 root root18 Feb 15 13:53 /usr/lib/sasl2/libplain.so -> libplain.so.2.0.19 lrwxrwxrwx 1 root root18 Feb 15 13:53 /usr/lib/sasl2/libplain.so.2 -> libplain.so.2.0.19 -rwxr-xr-x 1 root root 90438 Feb 15 13:53 /usr/lib/sasl2/libplain.so.2.0.19 [EMAIL PROTECTED] cyrus-sasl-2.1.19]# saslauthd is running and available, running with "-a pam" So I must be missing something! How do I setup/use mech PLAIN (and pam) in saslauthd to be able to use timsieved ??? Thanks for any pointers. I've been scratching my head at this for days now. Martin --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: 2.2.8/timsieved/comparator-i;ascii-numeric support...?
Henrique de Moraes Holschuh wrote: On Sun, 07 Nov 2004, Ken Murchison wrote: It *should* be reported by timsieved. The fact that its not is a bug which I just fixed in CVS. Would that be true also for Sieve in Cyrus 2.1 ? If 2.1 had the relational extension, which requires the numeric comparator, then the answer would be yes. I'd have to check CVS to see when I added relational. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: 2.2.8/timsieved/comparator-i;ascii-numeric support...?
On Sun, 07 Nov 2004, Ken Murchison wrote: > It *should* be reported by timsieved. The fact that its not is a bug > which I just fixed in CVS. Would that be true also for Sieve in Cyrus 2.1 ? -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: 2.2.8/timsieved/comparator-i;ascii-numeric support...?
Darrell Berry wrote: Hi I'm running cyrus-imapd 2.2.8 with timsieved. Works perfectly. Just tried adding in the avelsieve (http://email.uoa.gr/projects/squirrelmail/avelsieve.php) plugin (similar to websieve, but more cutdown, and works within the squirrelmail framework. nice) to my squirrelmail webmail service. Seems to install ok, but the dependencies it announces for sieve include something called comparator-i;ascii-numeric but my timsieved only reports back "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational regex" It *should* be reported by timsieved. The fact that its not is a bug which I just fixed in CVS. which i assume is why the 'vacation' stuff in avelsieve doen't autoreply... Nope, it has nothing to do with vacation, its really only used by the relational extension. any ideas what i can do to either get this extra functionality into timsieved, or use avelsieve without it? Either update from CVS or apply this patch: http://bugzilla.andrew.cmu.edu/cvsweb/src/sieve/interp.c.diff?r1=1.22&r2=1.23 -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
2.2.8/timsieved/comparator-i;ascii-numeric support...?
Hi I'm running cyrus-imapd 2.2.8 with timsieved. Works perfectly. Just tried adding in the avelsieve (http://email.uoa.gr/projects/squirrelmail/avelsieve.php) plugin (similar to websieve, but more cutdown, and works within the squirrelmail framework. nice) to my squirrelmail webmail service. Seems to install ok, but the dependencies it announces for sieve include something called comparator-i;ascii-numeric but my timsieved only reports back "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational regex" which i assume is why the 'vacation' stuff in avelsieve doen't autoreply... any ideas what i can do to either get this extra functionality into timsieved, or use avelsieve without it? thanks --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
timsieved problem with parsing scripts
We're running Cyrus IMAPD 2.2.3 from Fedora Core 2 and we're having problems with timsieved in terms of it parsing scripts into bytecode. When using sieveshell on the following trivial script, we're getting the following error: # more testsieve redirect "[EMAIL PROTECTED]"; # sieveshell --user=myuser --authname=myuser localhost connecting to localhost Please enter your password: > put testsieve upload failed: put script: script errors: line 1: parse error, unexpected IF, expecting ';' We have similar errors for any valid script we've tried to load using sieveshell connecting to timsieved. On the other hand, using sievec, we are able to compile these scripts without error. Does anyone have any idea what's going on? Thanks. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: timsieved auth problem
Hello, I don't think those method's get advertised unless SSL in already negotiated. Regards, Earl Shannon Didi Rieder wrote: Hi again, we are running cyrus-2.2.8 with sasl-2.1.19. Our sasl authentication settings in imapd.conf are: sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN LOGIN saslauthd is using PAM to authenticate. It works well for imap/imaps, however we can't get it to run with timsieved. It seems that the sieve deamon is not advertising any auth method: [EMAIL PROTECTED] etc]# telnet localhost sieve Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. "IMPLEMENTATION" "Cyrus timsieved v2.2.8" "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational regex" "STARTTLS" OK Shouln't be a "SASL" "PLAIN" "LOGIN" there? What could be wrong? (Remember imap works fine)... Didi --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: timsieved auth problem
Quoting Ken Murchison <[EMAIL PROTECTED]>: The SASL library can't find any plugins. They should be installed in, or have a link to, /usr/lib/sasl2. The reason imapd works is because it has the plaintext LOGIN command, where timsieved doesn't. THANKS a lot, I was missing that. Now it works Didi -- - Didi Rieder [EMAIL PROTECTED] PGPKey ID: 3431D0B0 - pgpdqD7qg3khU.pgp Description: PGP Digital Signature
Re: timsieved auth problem
Didi Rieder wrote: Hi again, we are running cyrus-2.2.8 with sasl-2.1.19. Our sasl authentication settings in imapd.conf are: sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN LOGIN saslauthd is using PAM to authenticate. It works well for imap/imaps, however we can't get it to run with timsieved. It seems that the sieve deamon is not advertising any auth method: [EMAIL PROTECTED] etc]# telnet localhost sieve Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. "IMPLEMENTATION" "Cyrus timsieved v2.2.8" "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational regex" "STARTTLS" OK Shouln't be a "SASL" "PLAIN" "LOGIN" there? What could be wrong? (Remember imap works fine)... The SASL library can't find any plugins. They should be installed in, or have a link to, /usr/lib/sasl2. The reason imapd works is because it has the plaintext LOGIN command, where timsieved doesn't. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
timsieved auth problem
Hi again, we are running cyrus-2.2.8 with sasl-2.1.19. Our sasl authentication settings in imapd.conf are: sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN LOGIN saslauthd is using PAM to authenticate. It works well for imap/imaps, however we can't get it to run with timsieved. It seems that the sieve deamon is not advertising any auth method: [EMAIL PROTECTED] etc]# telnet localhost sieve Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. "IMPLEMENTATION" "Cyrus timsieved v2.2.8" "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational regex" "STARTTLS" OK Shouln't be a "SASL" "PLAIN" "LOGIN" there? What could be wrong? (Remember imap works fine)... Didi -- - Didi Rieder [EMAIL PROTECTED] PGPKey ID: 3431D0B0 - pgp10AzcHDnMB.pgp Description: PGP signature
Sieve: timsieved: could not getenv(CYRUS_SERVICE); exiting
Hi all! I have a problem when I try to start sieve. When I run /usr/cyrus/bin/timsieved nothing happens, but when I check the messages logfile I can see that the error: timsieved: could not getenv(CYRUS_SERVICE); exiting has been logged. What can be my problem? I have NO imap/pop/sieve configurated in xinetd.conf so the problem is not there. My cyrus.conf file has the following lines: SERVICES { imap cmd=”imapd” listen=”imap” prefork=0 pop3 cmd=”pop3d” listen=”pop3” prefork=0 sieve cmd=”timsieved” listen=”sieve” prefork=0 and so on… I really don´t remember if I compiled cyrus with sieve support, but if I remember correctly you have to manually disable sieve-support and I didn´t do that in the configuration process. Also, I do have the timsieved program in my cyrus/bin dir, and the sieveshell in /usr/local/bin. I hope someone can help me out here :) //Henrik
timsieved error message
Hello all, I'd like to make a small suggestion: I just spent several hours tracking down an error with someone trying to upload a sieve script using the avelsieve squirrelmail plugin. The error message, as reported by timsieved file parser.c line 308 was "Did not specify script data", when in fact the problem is (and could only be at that point in the file) "Did not specify script length, or script is too big". Of course, the reason ended up being that the script exceeded the default 32k limit which I upped and resolved the issue. But really, that error text should be made more clear IMNSHO :) Thanks! Dave --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html