Re: Fatal error: tls_start_servertls() failed. (fwd)
You don't have a TLS problem anymore, you have a SASL problem. Are you trying to use DIGEST-MD5? What happens if you try: imtest -m plain -u cyrus -a cyrus -s localhost Mike Allen wrote: Ken: I hope the attached file helps us solve the problem which started this thread. Thanks so much for your help. Mike Allen [mail2] ~ imtest -u cyrus -a cyrus -s localhost verify error:num=18:self signed certificate TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits) S: * OK mail2.familyradio.org Cyrus IMAP4 v2.1.12 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS AUTH=NTLM AUTH=LOGIN AUTH=PLAIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5 S: C01 OK Completed C: A01 AUTHENTICATE DIGEST-MD5 S: + bm9uY2U9ImdEaXQ2Y3d6ekRvNHhkdFlNUzVCSlZBSnpibmVQcnRQV1N1Nm5DczgxUW89IixyZWFsbT0ibWFpbDIuZmFtaWx5cmFkaW8ub3JnIixxb3A9ImF1dGgiLG1heGJ1Zj00MDk2LGNoYXJzZXQ9dXRmLTgsYWxnb3JpdGhtPW1kNS1zZXNz Please enter your password: C: dXNlcm5hbWU9ImN5cnVzIixyZWFsbT0ibWFpbDIuZmFtaWx5cmFkaW8ub3JnIixub25jZT0iZ0RpdDZjd3p6RG80eGR0WU1TNUJKVkFKemJuZVBydFBXU3U2bkNzODFRbz0iLGNub25jZT0iQUFUVkRndnJwUjgxL2Z0SDJxaXZHWWEzQVY1dVJac0FCTjJlWTU4Y2hLUT0iLG5jPTAwMDAwMDAxLHFvcD1hdXRoLG1heGJ1Zj0xMDI0LGRpZ2VzdC11cmk9ImltYXAvbG9jYWxob3N0LmZhbWlseXJhZGlvLm9yZyIscmVzcG9uc2U9ZjQ1YTkxY2Q4OTZiNTg0NzZhMGYyNTY4OTE4YjIzZTg= S: A01 NO authentication failure Authentication failed. generic failure Security strength factor: 256 ^CC: Q01 LOGOUT Connection closed. == Please note that user cyrus does have a saslpasswd2 and it is in sasldb2.db See attached 'cyrus.conf'. I;ll send more logging information if needed. Thanks for your help on this. Mike Allen -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
ERR: USER command only available under a layer
i'm setting an imap server under gentoo but i get this error what does it mean? thanks in advice bye lyra root # telnet localhost 110 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK lyra Cyrus POP3 v2.1.12 server ready [EMAIL PROTECTED] user prova -ERR [AUTH] USER command only available under a layer
Re: ERR: USER command only available under a layer
It means you are telnetting to the pop3 port on 110, and you've left the pop3 server enabled in cyrus.conf. If you want to get to an imap server you need port 143. Christian Cernuschi wrote: i'm setting an imap server under gentoo but i get this error what does it mean? thanks in advice bye lyra root # telnet localhost 110 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK lyra Cyrus POP3 v2.1.12 server ready [EMAIL PROTECTED] user prova -ERR [AUTH] USER command only available under a layer -- ++ | ___ ___ | |/ || / | | / /| |/ /| | / / | | _ / / ___ | | / /__| |/ ___ \ / /__/ __ \/ _ | | /__ | |/ | / / /_/ / ___ \ / /_/ / / / | | / ___ \ | | / /| | / / __ / / \ \ | ___/__ / / / / / / \ \ | | / / | | | |__/ / / // / | \__/ / | |_| | / // / | | /__\/___\ \_/ /__| /__| \_/ \__/|_| /__| /__| | || | www.achean.com | | == | | Jon Mercer [EMAIL PROTECTED] | || | Mobile07973 256496 | || | Tel. 0117 9561211 | || | Fax 0117 9565637 | ++
Re: ERR: USER command only available under a layer
Christian Cernuschi wrote: i'm setting an imap server under gentoo but i get this error what does it mean? It means that you have allowplaintext:no set in imapd.conf, which disables and plaintext authentication mechanism (either protocol specific or PLAIN/LOGIN) unless protected by an external layer (eg. SSL/TLS). lyra root # telnet localhost 110 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK lyra Cyrus POP3 v2.1.12 server ready [EMAIL PROTECTED] user prova -ERR [AUTH] USER command only available under a layer -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Two Cyrus servers
Hi everyone! I have a question for you, what is the best way to have two cyrus servers working with tha same mailbox store? I have been thinking to do this using NFS but... i don't know that is a good idea. Somebody can help me? Regards Víctor Guerra[EMAIL PROTECTED]
Re: Two Cyrus servers
Víctor Guerra wrote: I have a question for you, what is the best way to have two cyrus servers working with tha same mailbox store? I have been thinking to do this using NFS but... i don't know that is a good idea. Definitely not. Somebody can help me? You probably want to look at Cyrus Murder. See the web site source code docs. (I've not used it.) -- Devin Reade [EMAIL PROTECTED]
[no subject]
Ken: For your information my hardware and software system is as follows: Hardware -- Compaq ML350 with 4GB RAM and 128GB Raid 5 Raid array dual 2.2 GHz processors Software -- FreeBSD 4.8-RELEASE-p4 What follows is the result of running imtest as you described. [mail2] ~ imtest -m plain -u cyrus -a cyrus -s localhost verify error:num=18:self signed certificate TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits) S: * OK mail2.familyradio.org Cyrus IMAP4 v2.1.12 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS AUTH=NTLM AUTH=LOGIN AUTH=PLAIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5 S: C01 OK Completed C: A01 AUTHENTICATE PLAIN S: + Please enter your password: C: Y3lydXMAY3lydXMAcHdyNHRvZGF5 S: A01 NO no mechanism available Authentication failed. generic failure Security strength factor: 256 . logout * BYE LOGOUT received . OK Completed Connection closed. Thanks for your help. I suspect I did something dumb in configuring this machine. :( Mike Allen
Re:
Is /etc/sasldb readable by the cyrus user, or readable by a group that cyrus belongs to? Mike Allen wrote: Ken: For your information my hardware and software system is as follows: Hardware -- Compaq ML350 with 4GB RAM and 128GB Raid 5 Raid array dual 2.2 GHz processors Software -- FreeBSD 4.8-RELEASE-p4 What follows is the result of running imtest as you described. [mail2] ~ imtest -m plain -u cyrus -a cyrus -s localhost verify error:num=18:self signed certificate TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits) S: * OK mail2.familyradio.org Cyrus IMAP4 v2.1.12 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS AUTH=NTLM AUTH=LOGIN AUTH=PLAIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5 S: C01 OK Completed C: A01 AUTHENTICATE PLAIN S: + Please enter your password: C: Y3lydXMAY3lydXMAcHdyNHRvZGF5 S: A01 NO no mechanism available Authentication failed. generic failure Security strength factor: 256 . logout * BYE LOGOUT received . OK Completed Connection closed. Thanks for your help. I suspect I did something dumb in configuring this machine. :( Mike Allen -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
SuSE - Horde - IMP
Hi! Does anyone have any experince on integrating SuSE with Horde and IMP Webmail? I want use it to verify users either to the users database which is LDAP, or via the IMAP interface (Cyrus). I can't really get it to run, I get the Horde test pages alright, but the user verification doesn't work. So, any hints on this are really appreciated! Anders Norrbring Norrbring Consulting
Re: imap
--On Wednesday, August 27, 2003 3:21 PM -0400 J. S. Diaz [EMAIL PROTECTED] wrote: Hi Scott, last month you posted a question about a cyrus imap install getting the db4: unable to join error and I was wondering if you resolved this or got any feedback on it? I am getting the same error on a similar setup as you and I dont really see anything obvious. thanks, sebastian Sure... I should post something about that... I talked to SleepyCat about it and they suggested making sure that the threads library was being linked into the IMAP server. It used to be that when compiling db3 that the IMAP server would automatically link in the threads library, probably because of an rpath listed in the db3 shared library. They must have changed something with db4, since the threads library is no longer linked into applications if they link against the db4 library. As it turns out, linking with threads (I believe I simply included the -pthread CC command line option to have that happen) caused the join errors to go away. I was still having some flakiness with db4 though... In the end, we decided not to run with db4 at all. This is how we currently got things setup: ./configure --with-sasl=/usr/local/sasl-2.1.15 \ --with-ucdsnmp=/usr/local/net-snmp-4.2.1 \ --with-openssl=/usr/local/ssl \ --with-egd-socket=/var/run/egd-pool \ --enable-listext --with-lock=flock \ --with-duplicate-db=skiplist \ --with-tls-db=skiplist \ --with-pts-db=skiplist One thing to note is that we forced flock to be used, as that is the method of locking that should be used in a Tru64 TruCluster system. We decided to run without duplicate suppression for email delivery, but keep the database so that sieve can still read and write to it. Since only sieve is using it, there should be a lot more reads than writes, as I think only vacation support in sieve will be writing to the database. Skiplist is ideal for high reads/low writes. Also, we ran just fine in the 2.0.x series without any kind of TLS caching, so we decided to disable that as well. We still specify skiplist above, but imapd.conf disables its use. With regards to pts-db, we don't have support for it, so the configuration process disables it. The imapd.conf file has the following lines in it: tls_session_timeout: 0 duplicatesuppression: no The first disables support for tls-db, and the latter disables support for dup-db with respect to LMTP delivery. If you have any questions, let me know. The only issue we have to work out yet is that the byte compiler for sieve is core dumping when uploading a new script to the server via timsieved. Oddly, it works on our test cluster system, but in production it core dumps. *shrugs* Scott -- +---+ Scott W. Adkinshttp://www.cns.ohiou.edu/~sadkins/ UNIX Systems Engineer mailto:[EMAIL PROTECTED] ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 +---+ PGP Public Key available at http://www.cns.ohiou.edu/~sadkins/pgp/ pgp0.pgp Description: PGP signature
Re: Two Cyrus servers
On Wed, 27 Aug 2003, Devin Reade wrote: Somebody can help me? You probably want to look at Cyrus Murder. See the web site source code docs. (I've not used it.) Note that this won't provide you with redundancy, only horizontal scalability. If what you are looking for is a 'hot spare' sort of situation, where only one Cyrus server is getting requests at any time, you may be able to make do with a distributed filesystem, provided locking semantics are preserved for atleast the local host (and you're willing to pay the distributed filesystem performance penalty). In general, Cyrus over NFS is a bad idea. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: Two Cyrus servers
Rob Siemborski wrote: On Wed, 27 Aug 2003, Devin Reade wrote: You probably want to look at Cyrus Murder. See the web site source code docs. (I've not used it.) Note that this won't provide you with redundancy, only horizontal scalability. True. I assumed the original poster was asking about scalability issues. Without having run cyrus in a cluster configuration, it is my belief that common clustering technology could be used without a problem. Note that in such a case you're commonly not actually using a distributed filesystem, but rather shared disk for the mail spool, the mail store, the extra cyrus database files, and related stuff. Beware of cheap cluster solutions that are susceptible to split-brain syndrom. You could, of course, make your world even more complicated by running a set of clustered mail stores behind a murder aggregator, thus addressing both scalability and redundancy ... -- Devin Reade [EMAIL PROTECTED]
Re: Creating mailboxes off-line
I would not recommed this but you can take the following steps: 1) create a text file that looks similar to the output of ctl_mboxlist -d with the appropriate user that you want to add. The second column is the partition where you want the user to go 2) use ctl_mboxlist -u path to text file created above this will add the user to mailboxes.db 3) create the directory in the filesystem and make sure the permission is correct. 4) do a reconstruct -rf user.username This should add the user to cyrus and make it available immediatly. tsg wrote: Hi! Does enybody know how to create user's mailboxes off-line (without working server)? Sergios -- Eli Ben-Shoshan
Re: SuSE - Horde - IMP
Anders Norrbring wrote: Does anyone have any experince on integrating SuSE with Horde and IMP Webmail? I want use it to verify users either to the users database which is LDAP, or via the IMAP interface (Cyrus). I can't really get it to run, I get the Horde test pages alright, but the user verification doesn't work. I run a similar configuration on RedHat systems with Horde/IMP in front of Cyrus IMAP. The user database is in LDAP, passwords stored as MD5 hashes. IMP authenticates via the IMAP protocol, which causes Cyrus to use saslauthd, which uses PAM to authenticate to LDAP over SSL (with self-signed certs), using plaintext. Presumably one could config Cyrus to authenticate to LDAP directly, but I've not spent the time to get that working. Can you authenticate to Cyrus using a regular IMAP client, or does that fail, too? -- Devin Reade [EMAIL PROTECTED]
RE: SuSE - Horde - IMP
Anders Norrbring wrote: Does anyone have any experince on integrating SuSE with Horde and IMP Webmail? I want use it to verify users either to the users database which is LDAP, or via the IMAP interface (Cyrus). I can't really get it to run, I get the Horde test pages alright, but the user verification doesn't work. I run a similar configuration on RedHat systems with Horde/IMP in front of Cyrus IMAP. The user database is in LDAP, passwords stored as MD5 hashes. IMP authenticates via the IMAP protocol, which causes Cyrus to use saslauthd, which uses PAM to authenticate to LDAP over SSL (with self-signed certs), using plaintext. Presumably one could config Cyrus to authenticate to LDAP directly, but I've not spent the time to get that working. Can you authenticate to Cyrus using a regular IMAP client, or does that fail, too? The ordinary mail polling via both IMAP and POP3 works perfectly well, and now IMP/Horde does too... :) I had made a mistake in the Horde config before, but I got an e-mail who put me on the right track. Thanks anyway! Anders Norrbring
