saslauthd with openldap
Hello, I am trying to get saslauthd working to authenticate on openLDAP with passwords stored with a MD5 hash (base64 encoded) in the field UserPassword. The passwords are created with smb-ldap so I think it's normal that they are base64 encoded. testsaslauthd -u mailtest -p secret gives always authentication failed. In auth.log I see always: Bind failed. I've tried many options in saslauthd.conf, at the moment it's this: ldap_servers: ldap://192.168.28.240/ ldap_auth_method: custom ldap_bind_dn: uid=admin,dc=domain,dc=local ldap_bind_pw: secret ldap_search_base: ou=Users,dc=domain,dc=local ldap_filter: cn=%u I am using cyrus-sasl2 version 2.1.25.dfsg1-6 from Debian Wheezy. LDAP is on an old machine (Ubuntu 8.04, slapd version 2.4.7). With regards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: saslauthd with openldap
Paul, Paul van der Vlis schrieb (19.04.2013 11:58 Uhr): I am trying to get saslauthd working While this is not IMAPd related, why don't your try a SASL list? to authenticate on openLDAP with passwords stored with a MD5 hash (base64 encoded) in the field UserPassword. The passwords are created with smb-ldap so I think it's normal that they are base64 encoded. Is SASL auxprop ldapdb not an option for you? testsaslauthd -u mailtest -p secret gives always authentication failed. In auth.log I see always: Bind failed. I've tried many options in saslauthd.conf, at the moment it's this: ldap_servers: ldap://192.168.28.240/ ldap_auth_method: custom ldap_bind_dn: uid=admin,dc=domain,dc=local ldap_bind_pw: secret ldap_search_base: ou=Users,dc=domain,dc=local ldap_filter: cn=%u what does # ldapsearch -H ldap://192.168.28.240/ -x -D uid=admin,dc=domain,dc=local -w secret -B ou=Users,dc=domain,dc=local cn=oneOfYourUsernames for you? I am using cyrus-sasl2 version 2.1.25.dfsg1-6 from Debian Wheezy. LDAP is on an old machine (Ubuntu 8.04, slapd version 2.4.7). FYI: For a production use LDAP server it is best advice from the openldap developers to use the lastest version, which is 2.4.35. Marc Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: saslauthd with openldap
On 19-04-13 14:06, Marc Patermann wrote: Paul, Paul van der Vlis schrieb (19.04.2013 11:58 Uhr): I am trying to get saslauthd working While this is not IMAPd related, why don't your try a SASL list? I am not a member of it. I have tried to post to it via Gmane but my mail was refused... to authenticate on openLDAP with passwords stored with a MD5 hash (base64 encoded) in the field UserPassword. The passwords are created with smb-ldap so I think it's normal that they are base64 encoded. Is SASL auxprop ldapdb not an option for you? I am a Cyrus user for about 10 years, and I have always used saslauthd. Most of the time using PAM, but sometimes LDAP to Microsoft AD and to Novell. But I have never authenticated to OpenLDAP before. testsaslauthd -u mailtest -p secret gives always authentication failed. In auth.log I see always: Bind failed. I've tried many options in saslauthd.conf, at the moment it's this: ldap_servers: ldap://192.168.28.240/ ldap_auth_method: custom ldap_bind_dn: uid=admin,dc=domain,dc=local ldap_bind_pw: secret ldap_search_base: ou=Users,dc=domain,dc=local ldap_filter: cn=%u what does # ldapsearch -H ldap://192.168.28.240/ -x -D uid=admin,dc=domain,dc=local -w secret -B ou=Users,dc=domain,dc=local cn=oneOfYourUsernames for you? It first gave an error because -B has to be -b, after the changing it, it says ldap_bind: Invalid credentials (49). H. But because I had another working ldapsearch string, I looked at the differences and I found the solution! This was wrong: ldap_bind_dn: uid=admin,dc=domain,dc=local This is right: ldap_bind_dn: cn=admin,dc=domain,dc=local Many thanks for your help! I am using cyrus-sasl2 version 2.1.25.dfsg1-6 from Debian Wheezy. LDAP is on an old machine (Ubuntu 8.04, slapd version 2.4.7). FYI: For a production use LDAP server it is best advice from the openldap developers to use the lastest version, which is 2.4.35. This is an environment what should be replaced but what is in production for many years and for many people. I am only hired for the mailserver.. With regards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
FW: Global Sieve script
Good morning, So.. in trying to figure this out this morning I did the following and was able to get mail filtered into techsupports SPAM folder, but I don't understand why the global sieve script does not do the same things Created the following sieve script file (sorry I just realized i have two requires with the same info at top :S): require [fileinto]; require fileinto; if exists X-Spam-Flag { if header :contains X-Spam-Flag NO { } else { fileinto user.techsupport.SPAM; stop; } } if header :contains From MAILER-DAEMON { fileinto INBOX.MAILER-DAEMON; } if header :contains From logwatch { fileinto INBOX.Server Logs; } if header :contains From root { fileinto INBOX.Server Logs; } then: prompt sieveshell -u techsupport localhost connecting to localhost Please enter your password: put techsupport.txt phpscript quit Now... the test emails are going into the right folder. Questions, should I not be able to add global sieve rules like such? prompt sieveshell localhost connecting to localhost Please enter your password: put techsupport.txt phpscript quit In my global sieve directory: /var/lib/imap/sieve/global I have the following three files lrwxrwxrwx 1 cyrus mail 12 2013-04-19 08:27 defaultbc - phpscript.bc -rw--- 1 cyrus mail 184 2013-04-19 08:26 phpscript.bc -rw--- 1 cyrus mail 194 2013-04-19 08:26 phpscript.script and the content of phpscript.script is: require fileinto; if exists X-Spam-Flag { if header :contains X-Spam-Flag NO { } else { fileinto user.techsupport.SPAM; stop; } } which is the one I created yesterday, and loaded using sieveshell. any help would be greatly appreciated. From: shashan...@hotmail.com To: info-cyrus@lists.andrew.cmu.edu Subject: Global Sieve script Date: Wed, 17 Apr 2013 16:56:07 -0400 Good afternoon all, I am trying to configure a global sieve script to move all incoming emails to a particular folder. According to the following link this should be a slam dunk: http://cyrusimap.web.cmu.edu/mediawiki/index.php/Cyrus_Sieve http://oregonstate.edu/helpdocs/e-mail/onid-e-mail/modifying-your-email-filters-using-sieveshell So here is what I did: [shawn@postoffice ~]$ sieveshell -u shawn localhost connecting to localhost Please enter your password: list phpscript - active script get phpscript phpscript.txt exit [shawn@postoffice ~]$ more phpscript.txt # This script has been automatically generated by avelsieve # (Sieve Mail Filters Plugin for Squirrelmail) # Warning: If you edit this manually, then the changes will not # be reflected in the users' front-end! #AVELSIEVE_VERSIONYTo0OntzOjU6Im1ham9yIjtpOjE7czo1OiJtaW5vciI7aTo5O3M6NzoicmVsZWFzZSI7aTo5O3M6Njoic3 RyaW5nIjtzOjU6IjEuOS45Ijt9 #AVELSIEVE_CREATED1342104019 #AVELSIEVE_MODIFIED1351180357 require [fileinto,envelope,reject,vacation,imapflags,relational,comparator-i;ascii-nume ric,regex,notify]; #START_SIEVE_RULEYTo1OntzOjQ6ImNvbmQiO2E6MTp7aTowO2E6NTp7czo0OiJraW5kIjtzOjc6Im1lc3NhZ2UiO3M6NDoidHl wZSI7czo2OiJoZWFkZXIiO3M6NjoiaGVhZGVyIjtzOjExOiJYLVNwYW0tRmxhZyI7czo5OiJtYXRjaHR5cGUiO3M6MjoiaXMiO3M 6MTE6ImhlYWRlcm1hdGNoIjtzOjM6IllFUyI7fX1zOjQ6InR5cGUiO3M6MToiMSI7czo5OiJjb25kaXRpb24iO3M6MzoiYW5kIjt zOjY6ImFjdGlvbiI7czoxOiI1IjtzOjY6ImZvbGRlciI7czoxMDoiSU5CT1guU1BBTSI7fQ%3D%3DEND_SIEVE_RULE if header :is X-Spam-Flag YES { fileinto INBOX.SPAM; } At this point I am a little baffled, since this should be moving all X-Spam-Flag that are YES into a folder INBOX.SPAM which does not exists at the top level (although I assume this means it should be filtered into each users individual SPAM folder). I am using Squirrelmail as a web based from end for my remote users and imagine the package manager must have installed this at some point. To simplify my life I re-wrote the script as: require [fileinto,envelope,reject,vacation,imapflags,relational,comparator-i;ascii-nume ric,regex,notify]; if exists X-Spam-Flag { if header :contains X-Spam-Flag YES { fileinto user.techsupport.SPAM; stop; } } then [shawn@postoffice ~]$ sieveshell -u shawn localhost connecting to localhost Please enter your password: put phpscript.txt phpscript list phpscript - active script quit However, users are still receiving emails marked as SPAM in their inbox. What I am trying to do is make it so that any and all emails marked as SPAM are redirected to a single folder called SPAM in the techsupport users mail store. Any help is greatly appreciated, Shawn require fileinto; if exists X-Spam-Flag { if header :contains X-Spam-Flag NO { } else { fileinto user.techsupport.SPAM; stop; } } Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To