Sure you can and it makes very good sense to do it, I just set it up and
we went live today.
This is how my mail server is configured - Sendmail requires SMTP AUTH for
relaying using SASLv2(plain/login) over TLS, saslauthd uses the ldap
auth_mech to connect to ldap(bdb backend) which contains the
On Fri, 2004-10-29 at 14:21, Mike Nuss wrote:
> Ken Murchison wrote:
>
> > Sascha Wuestemann wrote:
> >
> >> Hi,
> >>
> >> when sending email over cyrus imap, it gives full information about
> >> version. So, an attacker has just to telnet at port 25 to see if his
> >> bunch of exploits fits to it
Hello :)
when I use cyradm with cyrus user (Solaris 9 x86 patched and postfix
MTA) get "permission denied" error message when try to dm or cm an
user.mailbox.
__
cyrus conf:
# standard standalone server implementation
START {
# do not d
I just switched to Cyrus from having postfix to local delivery to
MBOX files. I had postfix set to use a "recipient-delimiter = -",
which made it so that I could have "-anything" after my user ID in
email addresses and it would deliver to me. This list, for instance
sends to [EMAIL PROTECTED], and
On Thu, Oct 28, 2004 at 01:11:55PM +0530, Chetan Dutta wrote:
> has anybody configured sendmail for smtp auth with saslauthd/pwcheck and
> ldap.
Which one are you trying? You can't possibly be doing all three...
--
Joe Rhett
Senior Geek
Meer.net
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
On 29-Oct-04, at 5:50 PM, Ken Murchison wrote:
Patrick Gibson wrote:
I'm pretty new to SASL, so this business of old and new secrets is a
bit foreign to me. Given that this is a fresh setup, is there a way
for me to force the server to assume that all old secrets have been
upgraded to the new? I
Patrick Gibson wrote:
I'm pretty new to SASL, so this business of old and new secrets is a bit
foreign to me. Given that this is a fresh setup, is there a way for me
to force the server to assume that all old secrets have been upgraded to
the new? Is this what the "sasl_auto_transition" option i
I've been able to find information on the mailbox submission address
for a users folder (eg. [EMAIL PROTECTED]), but I'm wondering if
there is a similar way of posting to a root-level mailbox?
For exmaple, I'd like to have:
user/patrick
user/joe
user/jane
Notices
The ACL on the Notices mailbox i
I'm wondering if anyone has found a solution for sending quota
notifications for POP3 users? The IMAP quota notification facility
works great, but I would love to have the ability for POP3 users to
receive an email when their quota has reached the warning level.
Patrick
---
Cyrus Home Page: htt
On 29-Oct-04, at 11:44 AM, Ken Murchison wrote:
I'm not sure I get what you mean by selecting the same column twice
-- unless I'm mistaken, the query selects the PASSWORD column just
once.
From the log that you posted, it looks like its selecting PASSWORD
twice for user 'patrick'. Am I incorrec
Ken Murchison wrote:
Sascha Wuestemann wrote:
Hi,
when sending email over cyrus imap, it gives full information about
version. So, an attacker has just to telnet at port 25 to see if his
bunch of exploits fits to it.
That is a dangerous and I would like to suppress all version
information, even tha
Patrick Gibson wrote:
On 28-Oct-04, at 4:59 PM, Ken Murchison wrote:
sasl_sql_statement: select PASSWORD from USER_ACCOUNTS where
USERNAME='%u'
You won't get rid of the second query for any of the SASL mechanisms.
The only thing you can do is keep it from selecting the *same* column
twice.
Hi
Sascha Wuestemann wrote:
Hi,
when sending email over cyrus imap, it gives full information about
version. So, an attacker has just to telnet at port 25 to see if his
bunch of exploits fits to it.
That is a dangerous and I would like to suppress all version
information, even that it is cyrus answeri
On Oct 29, 2004, at 10:45, Michael Sims wrote:
Which version of Cyrus IMAP is the patch intended for? Also, have you
seen a
reduction in the number of timeout errors ("IMAP server has closed
connection") with
this patch applied? TIA...
Good questions.
This was against 2.2.8 and, yes, the client
It's not that bad... certainly a lot better than it used to be. You have
to set it up to accept plain passwords, authenticate against saslauthd
(in the sasl2-bin package, in case you haven't got that far already),
and set up saslauthd to authenticate against the LDAP server. You also
want to se
On Fri, 29 Oct 2004 17:22:45 +0100 (GMT Daylight Time) Philip Chambers
<[EMAIL PROTECTED]> wrote:
> I have just noticed that I am still running on a version 2.1.13 of tls_prune!
>
Sorry, I should have investigated further! tls_prune depens on whether cyrus is
built with TLS support.
Phil.
-
Hi,
when sending email over cyrus imap, it gives full information about
version. So, an attacker has just to telnet at port 25 to see if his
bunch of exploits fits to it.
That is a dangerous and I would like to suppress all version
information, even that it is cyrus answering, if possible.
Can y
I have just noticed that I am still running on a version 2.1.13 of tls_prune!
I have been running 2.2.3 for a long time and have tls_prune called in my cyrus.conf
file. I have just built 2.2.8 on a test system and found that it did not install
tls_prune. Checking back I found 2.2.3 did not ins
Rob Tanner wrote:
> Yep. It's in the manpage and i plain just missed it. That works for
> me because all out names are lower-case. But I though that both the
> recipient and hostname werte supposed to be case insensitive (i.e.,
> [EMAIL PROTECTED] and [EMAIL PROTECTED] are the same address).
Bill McGonigle wrote:
>> Doug Koobs wrote:
>>> After some more research, and some emails exchanges from others that
>>> have been troubleshooting OL2002's IMAP problems, I think I have a
>>> better idea of what the problem. It seems that Outlook can't handle
>>> responses as quickly as Cyrus sends
Thank you all for the responses :)
I think I will go for sasl auth directly to ldap.
I couldn't find a debian package for cyrus21-sasl.. did you compile it
from source?
I do have the saslauthd binary, but i dont have the saslauthd.conf...
thanks
fred
On Fri, 2004-10-29 at 11:54 +0200, Ana Ribas
>Are you really sure ? I don't know PAM on solaris, but if you only
>allow imap, sieve and possibly pop3 in e.g. /etc/pam.d/ user can't get
>an interactive account.
On Solaris with LDAP NSS, the LDAP accounts must have
ObjectClass: posixAccount
ObjectCLass: shadowAccount
and therefore UID
Hi,
We have configured cyrus with sasl against ldap (all with ssl) in a debian
machine and all works fine.
We don't use PAM.
These are our configurations:
Cyrus 2.1.13 --> /usr/cyrus/bin/master &
/etc/imapd.conf:
...
sasl_pwcheck_method: saslauthd
allowplaintext: yes
sasl_mech_list:
Hi,
[EMAIL PROTECTED] wrote:
[...]
The disadvantage of using PAM is that the mail users get system accounts.
Are you really sure ? I don't know PAM on solaris, but if you only
allow imap, sieve and possibly pop3 in e.g. /etc/pam.d/ user can't get
an interactive account.
/etc/pam.d/imap (with ac
Hi,
my mailsystem is a comibination of exim (4.42) and cyrus (2.2.8). To
prevent cyrus from getting mails with NUL characters, i have configured
exim so that it refuses such kind of mails.
Occasionaly some mails went through exim, but were classified as
containing NUL characters by cyrus. These mai
>I think there are other ways of doing it (eg. not using pam as an extra
>mechanism) but its working good!
We had once running saslauthd 2.1.18 on Solaris 8 authenticating using PAM
against NIS+ which worked fine. When we moved the system to use LDAP saslauthd
crashed every few minutes. We now ha
--On Donnerstag, 21. Oktober 2004 22:46 Uhr -0400 Rob Siemborski
<[EMAIL PROTECTED]> wrote:
On Tue, 19 Oct 2004, Sebastian Hagedorn wrote:
That's not the issue. What seems to be different is the behavior once
the number of processes has increased. In the meantime I have observed
that eventually
Quoting EISELE Pascal <[EMAIL PROTECTED]>:
> I've got the same problem :( It's not simple...
>
> Fred Blaise a écrit :
>
> >Hello all
> >
> >I have a regular cyrus install working and an openldap up and running. I
> >am running ubuntu on this machine, but the "real" machine will be debian
> >sar
Hello,
we configured saslauthd for plaintext mechanisms (PLAIN, Login), so it can
use pam. an Pam is configured to query against a Ldap Server. If
username/password can log into the ldap Server, you are authenticated.
I think there are other ways of doing it (eg. not using pam as an extra
mechani
I've got the same problem :( It's not simple...
Fred Blaise a écrit :
Hello all
I have a regular cyrus install working and an openldap up and running. I
am running ubuntu on this machine, but the "real" machine will be debian
sarge.
I would like to set up cyrus to use ldap.
Any pointers? any best w
30 matches
Mail list logo
