Solved: [Re: Converting mbox to cyrus maildir w/ seen state preservation]
The perms are not the problem, it is the content of the file. Double check your ssl/tls setup. Rechecked - error still persist. I made the certs by following this description: http://www.irbs.net/internet/info-cyrus/0207/0265.html Instructions here seem pretty reasonable. Recreated the whole certificate - now works. I don't know, what was the error, maybe I misunderstood something at first read. Anyway, thanks a lot for the support! :-) Miham. PS: And Merry Christmas to Everyone :-) -- * *System Administrator / University Library, Szeged / Hungary* *[ [EMAIL PROTECTED] ]**
Converting mbox to cyrus maildir w/ seen state preservation
Hi, I'm about to migrate user mailboxes from unix mbox mailbox format to cyrus maildir. Unfortunately, users have lots of separate mailfolders in mbox format, which i should convert, too. I dig into the archive, and found the mailutil utility for doing this: mailutil append /path/to/mbox {new.cyrus.server/user=mbox_cyrus_user/authuser=proxy_user/norsh}INBOX and I figured out, that it is capable to creating mailboxes, too. I've migrated the users Inbox already successfully, but with the difference: that time I knew the users password (I created them with a script before), so I had no need to use the /authuser=XXX option. Since then they've changed their password, so I don't know them. (Yes, I forgot about their ~/mail mailboxes :-( ) However, this time I need to use the /authuser=XXX, if I'm not mistaken. When I try this: mailutil create {cyrus.server.name.or.ip/user=targetuser/authuser=cyrus_admin_user/norsh}INBOX.subfolder I got the following errormessage: Can't do /authuser with this server Can't do /authuser with this server I already strace'd and ltrace'd the process in order to know what is the problem, but all I got to know, that mailutil parsing the output of the CAPABILITY command, and decides whether the server is capable of authuser. I don't have much time for this conversion, so I had no time to look into the source, yet. I have the following capabilities: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=NTLM AUTH=DIGEST-MD5 AUTH=CRAM-MD5 LISTEXT LIST-SUBSCRIBED ANNOTATEMORE Can anyone give me a good point? I mean, which cap missing, how can I enable, etc. Thanks in advance, Miham Kerekes. -- * *System Administrator / University Library, Szeged / HUNGARY* *[ [EMAIL PROTECTED] ]**
Re: Converting mbox to cyrus maildir w/ seen state preservation
Hi, I have the following capabilities: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=NTLM AUTH=DIGEST-MD5 AUTH=CRAM-MD5 LISTEXT LIST-SUBSCRIBED ANNOTATEMORE mailutil is picking CRAM-MD5 up which does not support proxy authentication. Stop advertising CRAM-MD5 on the cyrus side. Add /tls which will allow mailutil to use PLAIN. PLAIN is the only mech implemented by c-client which support proxy auth. After I've sent my previous message, I found a similar advice in archive. However, I can't find anywhere in the config files where I could stop CRAM-MD5 from being advertised. I searched in /etc/cyrus.conf and /etc/imapd.conf, without any success. Any docs or help suggested? Miham. -- * *System Administrator / University Library, Szeged / Hungary* *[ [EMAIL PROTECTED] ]**
Re: Converting mbox to cyrus maildir w/ seen state preservation
On Mon, 22 Dec 2003, Miham KEREKES wrote: Hi, I have the following capabilities: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=NTLM AUTH=DIGEST-MD5 AUTH=CRAM-MD5 LISTEXT LIST-SUBSCRIBED ANNOTATEMORE mailutil is picking CRAM-MD5 up which does not support proxy authentication. Stop advertising CRAM-MD5 on the cyrus side. Add /tls which will allow mailutil to use PLAIN. PLAIN is the only mech implemented by c-client which support proxy auth. After I've sent my previous message, I found a similar advice in archive. However, I can't find anywhere in the config files where I could stop CRAM-MD5 from being advertised. I searched in /etc/cyrus.conf and /etc/imapd.conf, without any success. Any docs or help suggested? Add sasl_mech_list: plain login digest-md5 ntlm to /etc/imapd.conf -- Igor
Re: Converting mbox to cyrus maildir w/ seen state preservation
Igor Brezac wrote: On Mon, 22 Dec 2003, Miham KEREKES wrote: Hi, I have the following capabilities: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=NTLM AUTH=DIGEST-MD5 AUTH=CRAM-MD5 LISTEXT LIST-SUBSCRIBED ANNOTATEMORE mailutil is picking CRAM-MD5 up which does not support proxy authentication. Stop advertising CRAM-MD5 on the cyrus side. Add /tls which will allow mailutil to use PLAIN. PLAIN is the only mech implemented by c-client which support proxy auth. After I've sent my previous message, I found a similar advice in archive. However, I can't find anywhere in the config files where I could stop CRAM-MD5 from being advertised. I searched in /etc/cyrus.conf and /etc/imapd.conf, without any success. Any docs or help suggested? Add sasl_mech_list: plain login digest-md5 ntlm LOGIN and NTLM don't support proxying either. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Converting mbox to cyrus maildir w/ seen state preservation
On Mon, 22 Dec 2003, Ken Murchison wrote: Igor Brezac wrote: On Mon, 22 Dec 2003, Miham KEREKES wrote: Hi, I have the following capabilities: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=NTLM AUTH=DIGEST-MD5 AUTH=CRAM-MD5 LISTEXT LIST-SUBSCRIBED ANNOTATEMORE mailutil is picking CRAM-MD5 up which does not support proxy authentication. Stop advertising CRAM-MD5 on the cyrus side. Add /tls which will allow mailutil to use PLAIN. PLAIN is the only mech implemented by c-client which support proxy auth. After I've sent my previous message, I found a similar advice in archive. However, I can't find anywhere in the config files where I could stop CRAM-MD5 from being advertised. I searched in /etc/cyrus.conf and /etc/imapd.conf, without any success. Any docs or help suggested? Add sasl_mech_list: plain login digest-md5 ntlm LOGIN and NTLM don't support proxying either. I know. I was trying to duplicate his setup minus cram-md5. For this conversion he just needs sasl_mech_list: plain -- Igor
Re: Converting mbox to cyrus maildir w/ seen state preservation
However, I can't find anywhere in the config files where I could stop CRAM-MD5 from being advertised. I searched in /etc/cyrus.conf and /etc/imapd.conf, without any success. Any docs or help suggested? Add sasl_mech_list: plain login digest-md5 ntlm LOGIN and NTLM don't support proxying either. For this conversion he just needs sasl_mech_list: plain I've already tried that before I wrote my second letter in this thread. I tried it with sasl_pwcheck_method: auxprop AND sasl_pwcheck_method: saslauthd My auxprop plugin is: sasl_auxprop_plugin: sasldb None of the above worked as I expected. Any idea why? Miham. -- * *System Administrator / University Library, Szeged / Hungary* *[ [EMAIL PROTECTED] ]**
Re: Converting mbox to cyrus maildir w/ seen state preservation
On Mon, 22 Dec 2003, Miham KEREKES wrote: However, I can't find anywhere in the config files where I could stop CRAM-MD5 from being advertised. I searched in /etc/cyrus.conf and /etc/imapd.conf, without any success. Any docs or help suggested? Add sasl_mech_list: plain login digest-md5 ntlm LOGIN and NTLM don't support proxying either. For this conversion he just needs sasl_mech_list: plain I've already tried that before I wrote my second letter in this thread. I tried it with sasl_pwcheck_method: auxprop AND sasl_pwcheck_method: saslauthd My auxprop plugin is: sasl_auxprop_plugin: sasldb This is not correct: I do not know where you store your secrets, I assume sasldb? If so, sasl_pwcheck_method: auxprop sasl_auxprop_plugin: sasldb sasl_mech_list: plain Check $cyrus-sasl/doc/options.html for more. -- Igor
Re: Converting mbox to cyrus maildir w/ seen state preservation
I do not know where you store your secrets, I assume sasldb? If so, Yes. sasl_pwcheck_method: auxprop sasl_auxprop_plugin: sasldb sasl_mech_list: plain Ok. Works. Or at least: the error changed :-( * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS LISTEXT LIST-SUBSCRIBED ANNOTATEMORE OK Completed 0001 STARTTLS 0001 NO Error initializing TLS Unable to negotiate TLS with this server 0002 LOGOUT * BYE LOGOUT received 0002 OK Completed Unable to negotiate TLS with this server In syslog: Dec 22 23:29:15 merope cyrus/imapd[31767]: unable to get private key from '/etc/ssl/private/cyrus-global.key' Dec 22 23:29:15 merope cyrus/imapd[31767]: TLS engine: cannot load cert/key data Dec 22 23:29:15 merope cyrus/imapd[31767]: error initializing TLS What is mistaken? File is readable, even world-wide for sure! I made the certs by following this description: http://www.irbs.net/internet/info-cyrus/0207/0265.html Miham. -- * *System Administrator / University Library, Szeged / Hungary* *[ [EMAIL PROTECTED] ]**
Re: Converting mbox to cyrus maildir w/ seen state preservation
On Mon, 22 Dec 2003, Miham KEREKES wrote: I do not know where you store your secrets, I assume sasldb? If so, Yes. sasl_pwcheck_method: auxprop sasl_auxprop_plugin: sasldb sasl_mech_list: plain Ok. Works. Or at least: the error changed :-( * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS LISTEXT LIST-SUBSCRIBED ANNOTATEMORE OK Completed 0001 STARTTLS 0001 NO Error initializing TLS Unable to negotiate TLS with this server 0002 LOGOUT * BYE LOGOUT received 0002 OK Completed Unable to negotiate TLS with this server In syslog: Dec 22 23:29:15 merope cyrus/imapd[31767]: unable to get private key from '/etc/ssl/private/cyrus-global.key' Dec 22 23:29:15 merope cyrus/imapd[31767]: TLS engine: cannot load cert/key data Dec 22 23:29:15 merope cyrus/imapd[31767]: error initializing TLS What is mistaken? File is readable, even world-wide for sure! The perms are not the problem, it is the content of the file. Double check your ssl/tls setup. I made the certs by following this description: http://www.irbs.net/internet/info-cyrus/0207/0265.html Instructions here seem pretty reasonable. -- Igor