presubscribing mailboxes
[sent this yesterday but didn't appear on the list. something wrong with the list server?] When I create a new user, I create some extra mailboxes: user.name.sent user.name.drafts user.name.templates While we were using netscape 4, during the first login it would subscribe to all existing mailboxes, now that we've switched to mozilla it doesn't, so I have to presubscribe these mailboxes while creating the user. The only way I found is a hack I'm not really happy with: SUBFILE=/var/lib/imap/user/$initial/$LOGIN.sub echo -e user.$LOGIN.sent\011 $SUBFILE echo -e user.$LOGIN.plantillas\011 $SUBFILE echo -e user.$LOGIN.borradores\011 $SUBFILE chown cyrus.mail $SUBFILE chmod 600 $SUBFILE Is there a better way? TIA -- Luca Olivetti Wetron Automatización S.A. http://www.wetron.es/ Tel. +34 93 5883004 Fax +34 93 5883007
Install sieve failure
Hi all cyrus user!I have installed Cyrus and Postfix for my email system. Everything seem OK and now I want to install sieve for some jobs. When I tried to telnet to my server at port 2000, the screen report like below: # telnet localhost 2000Trying 127.0.0.1...Connected to localhost.Escape character is '^]'."IMPLEMENTATION" "Cyrus timsieved v1.0.0""SIEVE" "fileinto reject envelope vacation imapflags notify subaddress regex"OKBut when I run installsieve, I get:# ./installsieve localhostUnable to connect to server at ./installsieve line 121.It seems to be failing at the line in the Perl script:my $obj = sieve_get_handle($acapserver,"prompt","prompt","prompt","prompt"); I 've been searching in internet but didn't find the way to correct this proplem. Is there any one can help me to fix this. Thanks for any idea. --- Do Duc Huy
Re: Including UCD-SNMP support in Cyrus IMAPD
I will have a try at it this week-end... Now hopefully the last question about this topic, how does actually the SNMP daemon know about Cyrus ?? I am wondering how that can work by only specifying master agentx, is that really all ? I will be using Cyrus graphtools from the contrib dir... Regards Marc Igor Brezac To: [EMAIL PROTECTED] [EMAIL PROTECTED] cc: Sent by: Subject: Re: Including UCD-SNMP support in Cyrus IMAPD [EMAIL PROTECTED] ew.cmu.edu 01/09/03 07:31 PM On Thu, 9 Jan 2003 [EMAIL PROTECTED] wrote: Thanks, it looks like that worked, I now compiled Cyrus IMAP with the following: LIBS=-Wl,-zignore and I've checked with ldd to see if the kstat and kvm library where display and they are not anymore so it looks fine. Now an important question, how can I check that UCD-SNMP is really working with my Cyrus IMAP ? Add 'master agentx' to snmpd.conf. Make sure to start cyrus after your start snmpd. To see counters 'snmpwalk snmp_host comminity_str .1.3.6.1.4.1.3.6.1' Regards Marc Igor Brezac To: [EMAIL PROTECTED] [EMAIL PROTECTED] cc: [EMAIL PROTECTED] Sent by: Subject: Re: Including UCD-SNMP support in Cyrus IMAPD [EMAIL PROTECTED] ew.cmu.edu 01/08/03 10:51 PM Please respond to info-cyrus On Wed, 8 Jan 2003 [EMAIL PROTECTED] wrote: I must have mis-understood you. You need to use this option to compile cyrus-imapd. -Wl,-zignore will ignore libraries not referenced by the link process. If you want to fix UCD-SNMP libs, you need to pass -Wl,-zdefs to LDFLAGS and then add neccessary libs to the link process until everything compiles fine. Actually, you may need to use -zdefs because libtool on solaris uses 'ld' for link-edit. This is a libtool bug, but this is a subject for a different forum. Oh ok this is for Cyrus IMAP, then I misunderstood you... So now from the two solutions you gave what do you think is the best to do: You do not have to do either. What you have works. ;) You asked me if cyrus binaries can be compiled without all these unneccessary libraries? Option 1) will do this. 1) - use -Wl,-zignore to compile Cyrus IMAP or I would not go through the effort of fixing UCD libs unless you are familiar with the link-edit process. Do not bother with 2). 2) - use -Wl,-zdefs to compile UCD SNMP Hope this helps. -Igor -- Igor
Re: Cyrus IMAP ; case studies, success stories, ... I need them
if you have to compete with MS exchange have you thought about looking at SuSE's Openexchange Server or bynaries InsightConnector. bynaries solution is probable what you'd be looking for, $39.00/license. Piet Ruyssinck wrote: Hi all, I have set up a test machine with cyrus imapd 2.1.11 and everything that goes with it. Very nice system, working perfectly, in a test environment of some 30 people. Today, I went to see management, to get money for the production system hardware (I'm thinking about a full Sun Fire 280R with a full Sun StorEdge 3310 SCSI Array), ... only to hear that some other people are working on a solution based on MS Exchange, because they want the groupware functionality. I might be able to convince them to adopt Cyrus imapd, if only I can assure them that it will peacefully coexist with MS exchange. They can agree on using Cyrus for e-mail, and Exchange for the groupware stuff. But, being a full time unix admin, I have no clue about exchange. Is such a setup possible ? Or does Exchange rely on its own e-mail system ? Together with information, I could also use any Cyrus imapd success stories that I can get. If you're running Cyrus for a reasonably sized company or institution, please let me know, including the hardware you're using, number of (simultaneous) users, level of satisfaction, and other useful information. Maybe we could collect this data in some kind of registry. Looking forward to your replies, Piet Ruyssinck -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Piet RUYSSINCKe-mail: [EMAIL PROTECTED] Unix Systeem Administratie tel: +32 9 264 4733 Directie Informatie- en Communicatietechnologie (ICT) fax: +32 9 264 4994 Universiteit Gent (RUG) Krijgslaan 281, gebouw S9 - 9000 Gent, Belgie -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Please avoid sending me Word or PowerPoint attachments See http://www.fsf.org/philosophy/no-word-attachments.html -- Darin Perusich Unix Systems Administrator Cognigen Corp. [EMAIL PROTECTED]
postfix + cyrus + mysql; Mailbox does not exist
Hi, I am using postfix 2.0.0.1 and cyrus 2.1.11 +mysql to auth my mails are not being delivered, the postfix logs show error, (data format error. Command output: sarwaransari.ns3.indiaaccess.com: Mailbox does not exist) can somebody please tell me is it a postfix config problem or cyrus's. and if possible the solution grin I have been at this problem for days, tried various options. Postfix logs Jan 10 16:58:41 ns3 postfix/smtpd[1912]: connect from unknown[192.168.0.99] Jan 10 16:58:42 ns3 postfix/smtpd[1912]: 03AF8337E2: client=unknown[192.168.0.99] Jan 10 16:58:42 ns3 postfix/smtpd[1912]: warning: the check_relay_domains restriction is going away; use reject_unauth_destination instead Jan 10 16:58:42 ns3 postfix/cleanup[1913]: 03AF8337E2: message-id=011a01c2b89b$b8f1a100$6300a8c0@ntcomputer Jan 10 16:58:42 ns3 postfix/qmgr[1906]: 03AF8337E2: from=[EMAIL PROTECTED], size=1013, nrcpt=1 (queue active) Jan 10 16:58:42 ns3 postfix/local[1919]: maps_append: mysql:/etc/postfix/mysql-virtual.cf Jan 10 16:58:42 ns3 postfix/local[1919]: mysqlname_parse(): set username to 'mail' Jan 10 16:58:42 ns3 postfix/local[1919]: mysqlname_parse(): set password to 'x' Jan 10 16:58:42 ns3 postfix/local[1919]: mysqlname_parse(): set database name to 'mail' Jan 10 16:58:42 ns3 postfix/local[1919]: mysqlname_parse(): set table name to 'virtual' Jan 10 16:58:42 ns3 postfix/local[1919]: mysqlname_parse(): set select_field to 'dest' Jan 10 16:58:42 ns3 postfix/local[1919]: mysqlname_parse(): set where_field to 'alias' Jan 10 16:58:42 ns3 postfix/local[1919]: mysqlname_parse(): set additional_conditions to 'and status = '1'' Jan 10 16:58:42 ns3 postfix/local[1919]: mysqlname_parse(): adding host 'localhost' to list of mysql server hosts Jan 10 16:58:42 ns3 postfix/local[1919]: dict_open: mysql:/etc/postfix/mysql-virtual.cf Jan 10 16:58:42 ns3 postfix/local[1919]: mysqlname_parse(): set username to 'mail' Jan 10 16:58:42 ns3 postfix/local[1919]: mysqlname_parse(): set password to 'x' Jan 10 16:58:42 ns3 postfix/local[1919]: mysqlname_parse(): set database name to 'mail' Jan 10 16:58:42 ns3 postfix/local[1919]: mysqlname_parse(): set table name to 'domain' Jan 10 16:58:42 ns3 postfix/local[1919]: mysqlname_parse(): set select_field to 'domain_name' Jan 10 16:58:42 ns3 postfix/local[1919]: mysqlname_parse(): set where_field to 'domain_name' Jan 10 16:58:42 ns3 postfix/local[1919]: mysqlname_parse(): set additional_conditions to '' Jan 10 16:58:42 ns3 postfix/local[1919]: mysqlname_parse(): adding host 'localhost' to list of mysql server hosts Jan 10 16:58:42 ns3 postfix/local[1919]: dict_open: mysql:/etc/postfix/mysql-mydestination.cf Jan 10 16:58:42 ns3 postfix/local[1919]: set_eugid: euid 3 egid 3 Jan 10 16:58:42 ns3 postfix/local[1919]: name_mask: alias Jan 10 16:58:42 ns3 postfix/local[1919]: name_mask: forward Jan 10 16:58:42 ns3 postfix/local[1919]: name_mask: alias Jan 10 16:58:42 ns3 postfix/local[1919]: name_mask: forward Jan 10 16:58:42 ns3 postfix/local[1919]: name_mask: canonical Jan 10 16:58:42 ns3 postfix/local[1919]: name_mask: virtual Jan 10 16:58:42 ns3 postfix/local[1919]: name_mask: command Jan 10 16:58:42 ns3 postfix/local[1919]: name_mask: file Jan 10 16:58:42 ns3 postfix/local[1919]: name_mask: forward Jan 10 16:58:42 ns3 postfix/local[1919]: name_mask: fcntl Jan 10 16:58:42 ns3 postfix/local[1919]: name_mask: dotlock Jan 10 16:58:42 ns3 postfix/local[1919]: watchdog_create: 0x8088b20 18000 Jan 10 16:58:42 ns3 postfix/local[1919]: watchdog_stop: 0x8088b20 Jan 10 16:58:42 ns3 postfix/local[1919]: watchdog_start: 0x8088b20 Jan 10 16:58:42 ns3 postfix/local[1919]: connection established Jan 10 16:58:42 ns3 postfix/local[1919]: master_notify: status 0 Jan 10 16:58:42 ns3 postfix/local[1919]: deliver_request_initial: send initial status Jan 10 16:58:42 ns3 postfix/local[1919]: send attr status = 0 Jan 10 16:58:42 ns3 postfix/local[1919]: local socket: wanted attribute: flags Jan 10 16:58:42 ns3 postfix/local[1919]: input attribute name: flags Jan 10 16:58:42 ns3 postfix/local[1919]: input attribute value: 3 Jan 10 16:58:42 ns3 postfix/local[1919]: local socket: wanted attribute: queue_name Jan 10 16:58:42 ns3 postfix/local[1919]: input attribute name: queue_name Jan 10 16:58:42 ns3 postfix/local[1919]: input attribute value: active Jan 10 16:58:42 ns3 postfix/local[1919]: local socket: wanted attribute: queue_id Jan 10 16:58:42 ns3 postfix/local[1919]: input attribute name: queue_id Jan 10 16:58:42 ns3 postfix/local[1919]: input attribute value: 03AF8337E2 Jan 10 16:58:42 ns3 postfix/local[1919]: local socket: wanted attribute: offset Jan 10 16:58:42 ns3 postfix/local[1919]: input attribute name: offset Jan 10 16:58:42 ns3 postfix/local[1919]: input attribute value: 329 Jan 10 16:58:42 ns3 postfix/local[1919]: local socket: wanted attribute: size Jan 10 16:58:42 ns3 postfix/local[1919]: input attribute name: size Jan 10 16:58:42 ns3 postfix/local[1919]: input attribute value: 1013
Re: Cyrus IMAP ; case studies, success stories, ... I need them
Hello, We have been using Cyrus at NCSU for some time now. We've only had a couple of software problems and they've been addressed with bugfixes now. NCSU is a large university in North Carolina, USA. We have four machines we are moving our accounts to that are running Cyrus. They are E-220R servers from Sun running Solaris. They have a SAN with 400 Gb of capacity split to provide 100Gb to each server. We currently have a quota limit for students of 10 Mb and faculty/staff of 20Mb. Additional quota may be leased if someone needs it. We have thousands of accounts per machine. The shared mailbox feature is nice. Our library uses that to help shuttle requests around. One of our departments is evaluating the possibility of using shared mailboxes to help with the amount of email they recieve asking for information about their programs, etc. Basically, Cyrus is a solid performer. I've only one big wish and that is some form of redundancy be built into it. As someone else also mentioned, we use the Steltor/Oracle Product, Corporate Time for calendaring and scheduling. Works for us and even has a nice web client. RANT Frankly, I wish people would not insist on this combination of email and groupware. Email is done best by email software. Groupware should be able to use email API's to get any messaging done that needs to be emailed. We've seen our share of political infighting on campus here with people using Groupwise because they NEED the groupware capability. Anyway, my $0.02. /RANT Best of luck in your endeavor to use Cyrus. Regards, Earl Shannon -- Systems Programmer, Computing Services, Information Technology NC State University. http://www.earl.ncsu.edu Piet Ruyssinck wrote: Hi all, I have set up a test machine with cyrus imapd 2.1.11 and everything that goes with it. Very nice system, working perfectly, in a test environment of some 30 people. Today, I went to see management, to get money for the production system hardware (I'm thinking about a full Sun Fire 280R with a full Sun StorEdge 3310 SCSI Array), ... only to hear that some other people are working on a solution based on MS Exchange, because they want the groupware functionality. I might be able to convince them to adopt Cyrus imapd, if only I can assure them that it will peacefully coexist with MS exchange. They can agree on using Cyrus for e-mail, and Exchange for the groupware stuff. But, being a full time unix admin, I have no clue about exchange. Is such a setup possible ? Or does Exchange rely on its own e-mail system ? Together with information, I could also use any Cyrus imapd success stories that I can get. If you're running Cyrus for a reasonably sized company or institution, please let me know, including the hardware you're using, number of (simultaneous) users, level of satisfaction, and other useful information. Maybe we could collect this data in some kind of registry. Looking forward to your replies, Piet Ruyssinck -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Piet RUYSSINCKe-mail: [EMAIL PROTECTED] Unix Systeem Administratie tel: +32 9 264 4733 Directie Informatie- en Communicatietechnologie (ICT) fax: +32 9 264 4994 Universiteit Gent (RUG) Krijgslaan 281, gebouw S9 - 9000 Gent, Belgie -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Please avoid sending me Word or PowerPoint attachments See http://www.fsf.org/philosophy/no-word-attachments.html
Re: postfix + cyrus + mysql; Mailbox does not exist
* Sarwar Ansari [EMAIL PROTECTED] [10-01-03 12:18]: Hi, I am using postfix 2.0.0.1 and cyrus 2.1.11 +mysql to auth my mails are not being delivered, the postfix logs show error, (data format error. Command output: sarwaransari.ns3.indiaaccess.com: Mailbox does not exist) can somebody please tell me is it a postfix config problem or cyrus's. and if possible the solution grin I have been at this problem for days, tried various options. The error is because you don't have the user added with cyradm in Cyrus. Are you having unixhierarchysep: yesin your imapd.conf ? Otherwise you will not be able to add users to Cyrus with . in their names. It might help if you post your imapd.conf . mitu
Re: saslauthd performance anxiety
My current thinking is to use http://www.ossp.org/pkg/lib/mm/ for the shared memory stuff and http://256.com/sources/table/ for the hash table I haven't had a chance to look at: ftp://ftp.net.ohio-state.edu/pub/users/jrumpf/krbdirp-1.2.0.tar.gz yet Igor Brezac wrote: On Thu, 9 Jan 2003, Jeremy Rumpf wrote: On Thursday 09 January 2003 03:55 pm, Paul M Fleming wrote: Timing out the passwords is simple ( I think ) I would store the time when the entry is added and force a reauth if the password has been cached longer than a timeout (for example one hour ). That forces a reauth at least every timeout period of time. If an entry isn't in the cache (or if it is different the entry would be removed and ) a reauth would be forced. Every successfull auth would be added to the cache. Some time ago I wrote a plugin for the Netscape/iPlanet Directory server that intercepted bind authentications and passed them off to a kerberos backend. It allowed us to integrate LDAP services with our Kerberos environment. Anyhow, it implemented just this, with the timeouts and all. I also implemented a checkpoint feature where the hash table was periodically dumped to a file. That way if you restarted the LDAP server you wouldn't lose you're cached entries. You can grab a copy of the plugin at: ftp://ftp.net.ohio-state.edu/pub/users/jrumpf/krbdirp-1.2.0.tar.gz Look in the file krbdirp.c, specifically at the function validate_with_cache(). The text file CACHE also has some thoughts and ideas. The LDAP directory was used for an iPlanet mail setup to store user information. The idea of the credential cache has worked quite well. Implementing it for saslauthd would be a nice feature. I'd be more than willing to help/contribute to the effort. Cheers, Jeremy I agree. I know Simon would like this feature. :) Openldap APIs have client side cache, but I think it has some issues. saslauthd needs to remain a 'light' process. It is really a helper program for 'big' servers such as cyrus, sendmail, postfix, etc.. You might want to check out http://www.ossp.org/pkg/lib/mm/ for a portable IPC library. -- Igor
Re: saslauthd performance anxiety
This whole idea sounds great, especially as I'd expect a lot of the authentication load to come from a small number of users with their clients set to check mail every few minutes. For debugging it would help if there was a way to force a flush of the entire cache, and one to dump its contents. I'm not sure how you'd get saslauthd to recognise maintenance commands like this - maybe some method of out-of-band signalling, which seems better than tinkering with the socket protocol. -- Simon Brady mailto:[EMAIL PROTECTED] ITS Technical Services University of Otago, Dunedin, New Zealand How about SIGUSR1 and SIGUSR2? Cheers, Jeremy
RE: postfix + cyrus + mysql; Mailbox does not exist
Mitu, The error is because you don't have the user added with cyradm in Cyrus. Are you having unixhierarchysep: yesin your imapd.conf ? Otherwise you will not be able to add users to Cyrus with . in their names. It might help if you post your imapd.conf . I have added this users in web-cyradm also with cyradm the mailbox does appear in /var/spool/imap |-- sarwaransari | `-- ns3 | `-- indiaaccess | `-- com | |-- cyrus.cache | |-- cyrus.header | `-- cyrus.index imapd.conf --- postmaster: postmaster configdirectory: /var/imap partition-default: /var/spool/imap admins: cyrus allowanonymouslogin: no allowplaintext: yes sasl_mech_list: PLAIN servername: ns3.indiaaccess.com autocreatequota: 1 reject8bit: no quotawarn: 90 timeout: 30 poptimeout: 10 dracinterval: 0 drachost: localhost sasl_pwcheck_method: saslauthd sievedir: /usr/sieve sendmail: /usr/sbin/sendmail sieve_maxscriptsize: 32 sieve_maxscripts: 5 # #unixhierarchysep: yes # #Added by sarwar #altnamespace: yes tls_ca_file: /var/imap/server.pem tls_cert_file: /var/imap/server.pem tls_key_file: /var/imap/server.pem Regards Sarwar Ansari Indiaaccess -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: Saturday, January 11, 2003 12:57 AM To: [EMAIL PROTECTED] Subject: Re: postfix + cyrus + mysql; Mailbox does not exist * Sarwar Ansari [EMAIL PROTECTED] [10-01-03 12:18]: Hi, I am using postfix 2.0.0.1 and cyrus 2.1.11 +mysql to auth my mails are not being delivered, the postfix logs show error, (data format error. Command output: sarwaransari.ns3.indiaaccess.com: Mailbox does not exist) can somebody please tell me is it a postfix config problem or cyrus's. and if possible the solution grin I have been at this problem for days, tried various options. The error is because you don't have the user added with cyradm in Cyrus. Are you having unixhierarchysep: yesin your imapd.conf ? Otherwise you will not be able to add users to Cyrus with . in their names. It might help if you post your imapd.conf . mitu
Re: saslauthd performance anxiety
Personally I have issues with dumping the contents of a password cache to a file. Especially in this case, they WILL be stored in cleartext. I had planned on keeping somes stats (hits,misses,etc) Jeremy Rumpf wrote: This whole idea sounds great, especially as I'd expect a lot of the authentication load to come from a small number of users with their clients set to check mail every few minutes. For debugging it would help if there was a way to force a flush of the entire cache, and one to dump its contents. I'm not sure how you'd get saslauthd to recognise maintenance commands like this - maybe some method of out-of-band signalling, which seems better than tinkering with the socket protocol. -- Simon Brady mailto:[EMAIL PROTECTED] ITS Technical Services University of Otago, Dunedin, New Zealand How about SIGUSR1 and SIGUSR2? Cheers, Jeremy
Re: postfix + cyrus + mysql; Mailbox does not exist
* Sarwar Ansari [EMAIL PROTECTED] [10-01-03 14:16]: Mitu, The error is because you don't have the user added with cyradm in Cyrus. Are you having unixhierarchysep: yesin your imapd.conf ? Otherwise you will not be able to add users to Cyrus with . in their names. It might help if you post your imapd.conf . I have added this users in web-cyradm also with cyradm the mailbox does appear in /var/spool/imap |-- sarwaransari | `-- ns3 | `-- indiaaccess | `-- com | |-- cyrus.cache | |-- cyrus.header | `-- cyrus.index imapd.conf --- postmaster: postmaster configdirectory: /var/imap partition-default: /var/spool/imap admins: cyrus allowanonymouslogin: no allowplaintext: yes sasl_mech_list: PLAIN servername: ns3.indiaaccess.com autocreatequota: 1 reject8bit: no quotawarn: 90 timeout: 30 poptimeout: 10 dracinterval: 0 drachost: localhost sasl_pwcheck_method: saslauthd sievedir: /usr/sieve sendmail: /usr/sbin/sendmail sieve_maxscriptsize: 32 sieve_maxscripts: 5 # #unixhierarchysep: yes # #Added by sarwar #altnamespace: yes tls_ca_file: /var/imap/server.pem tls_cert_file: /var/imap/server.pem tls_key_file: /var/imap/server.pem I'm not sure how it looks the directory hierarchy under Cyrus but : -- sarwaransari -- this looks like the mailbox | `-- ns3| | `-- indiaaccess| | `-- com| --- those look like subfolders | |-- cyrus.cache| | |-- cyrus.header | | `-- cyrus.index| Can you post to sarwaransari mailbox ? Have you tried with an IMAP client to see the account ? Also, it looks like unixhierarchysep: yes is commented in your imapd.conf. hth, mitu
Re: http://asg.web.cmu.edu/cyrus/download/imapd/murder.png
I created a png based off the .fig, but no guarantees it will track the .fig changes. -Rob On 10 Jan 2003, Gautam Das wrote: The URL http://asg.web.cmu.edu/cyrus/download/imapd/murder.png is giving an object not found error. Can someone alert the appropriate webmaster to fix this? Thanks. gd -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
postfix + cyrus + mysql; Mailbox does not exist
Mitu, You were right, I did have have unixhierarchysep: yes commented in my /etc/imapd.conf I have uncommented the line created another user via cyradm but the same problem (Also after creating the user in Web-Cyradm, do I have create mailbox via command line cyradm.) here is my list mail box in cyradm ns3.indiaaccess.com lm Drafts (\HasNoChildren) Sent (\HasNoChildren) Trash (\HasNoChildren) sarwar.ns3.indiaaccess.com (\HasNoChildren) sarwar/indiaaccess/org (\HasNoChildren) sarwaransari/ns3/indiaaccess/com (\HasNoChildren) user/sarwar.ns3.indiaaccess.com (\HasNoChildren) ns3.indiaaccess.com Also when I try to login via SQ to imap user the auth log says: - Jan 10 22:05:26 ns3 saslauthd[2508]: pam_sm_authenticate called. Jan 10 22:05:26 ns3 saslauthd[2508]: dbuser changed. Jan 10 22:05:26 ns3 saslauthd[2508]: dbpasswd changed. Jan 10 22:05:26 ns3 saslauthd[2508]: host changed. Jan 10 22:05:26 ns3 saslauthd[2508]: database changed. Jan 10 22:05:26 ns3 saslauthd[2508]: table changed. Jan 10 22:05:26 ns3 saslauthd[2508]: usercolumn changed. Jan 10 22:05:26 ns3 saslauthd[2508]: passwdcolumn changed. Jan 10 22:05:26 ns3 saslauthd[2508]: crypt changed. Jan 10 22:05:26 ns3 saslauthd[2508]: db_connect called. Jan 10 22:05:26 ns3 saslauthd[2508]: returning 0 . Jan 10 22:05:26 ns3 saslauthd[2508]: db_checkpasswd called. Jan 10 22:05:26 ns3 saslauthd[2508]: pam_mysql: where clause = Jan 10 22:05:26 ns3 saslauthd[2508]: SELECT password FROM accountuser WHERE username='sarwar.ns3.indiaaccess.com' Jan 10 22:05:26 ns3 saslauthd[2508]: returning 7 . Jan 10 22:05:26 ns3 saslauthd[2508]: returning 7 after db_checkpasswd. Jan 10 22:05:26 ns3 saslauthd[2508]: AUTHFAIL: user=sarwar.ns3.indiaaccess.com service=imap realm= [PAM auth error] Jan 10 22:05:26 ns3 imapd[2652]: badlogin: [192.168.0.100] plaintext sarwar.ns3.indiaaccess.com SASL(-13): authentication failure: checkpass failed Regards Sarwar Ansari Indiaaaccess -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: Saturday, January 11, 2003 12:57 AM To: [EMAIL PROTECTED] Subject: Re: postfix + cyrus + mysql; Mailbox does not exist * Sarwar Ansari [EMAIL PROTECTED] [10-01-03 12:18]: Hi, I am using postfix 2.0.0.1 and cyrus 2.1.11 +mysql to auth my mails are not being delivered, the postfix logs show error, (data format error. Command output: sarwaransari.ns3.indiaaccess.com: Mailbox does not exist) can somebody please tell me is it a postfix config problem or cyrus's. and if possible the solution grin I have been at this problem for days, tried various options. The error is because you don't have the user added with cyradm in Cyrus. Are you having unixhierarchysep: yesin your imapd.conf ? Otherwise you will not be able to add users to Cyrus with . in their names. It might help if you post your imapd.conf . mitu
Re: saslauthd performance anxiety
I always hashed the password as soon as they entered the cache. So the checkpoint dump would contain binary MD5, SHA hashes etc. They're not clear text per say, but I can see why some would not find even that ideal. Cheers, Jeremy On Friday 10 January 2003 11:07 am, Paul M Fleming wrote: Personally I have issues with dumping the contents of a password cache to a file. Especially in this case, they WILL be stored in cleartext. I had planned on keeping somes stats (hits,misses,etc) Jeremy Rumpf wrote: This whole idea sounds great, especially as I'd expect a lot of the authentication load to come from a small number of users with their clients set to check mail every few minutes. For debugging it would help if there was a way to force a flush of the entire cache, and one to dump its contents. I'm not sure how you'd get saslauthd to recognise maintenance commands like this - maybe some method of out-of-band signalling, which seems better than tinkering with the socket protocol. -- Simon Brady mailto:[EMAIL PROTECTED] ITS Technical Services University of Otago, Dunedin, New Zealand How about SIGUSR1 and SIGUSR2? Cheers, Jeremy
Re: saslauthd performance anxiety
Good point.. I don't have to store the cleartext version in order to do the compare.. if i save the hash and just hash what the user submits and compare them that would be sufficient.. just have to keep the cleartext password long enough to do an actual authentication if need be.. Jeremy Rumpf wrote: I always hashed the password as soon as they entered the cache. So the checkpoint dump would contain binary MD5, SHA hashes etc. They're not clear text per say, but I can see why some would not find even that ideal. Cheers, Jeremy On Friday 10 January 2003 11:07 am, Paul M Fleming wrote: Personally I have issues with dumping the contents of a password cache to a file. Especially in this case, they WILL be stored in cleartext. I had planned on keeping somes stats (hits,misses,etc) Jeremy Rumpf wrote: This whole idea sounds great, especially as I'd expect a lot of the authentication load to come from a small number of users with their clients set to check mail every few minutes. For debugging it would help if there was a way to force a flush of the entire cache, and one to dump its contents. I'm not sure how you'd get saslauthd to recognise maintenance commands like this - maybe some method of out-of-band signalling, which seems better than tinkering with the socket protocol. -- Simon Brady mailto:[EMAIL PROTECTED] ITS Technical Services University of Otago, Dunedin, New Zealand How about SIGUSR1 and SIGUSR2? Cheers, Jeremy
Re: Including UCD-SNMP support in Cyrus IMAPD
On Fri, 10 Jan 2003 [EMAIL PROTECTED] wrote: I will have a try at it this week-end... Now hopefully the last question about this topic, how does actually the SNMP daemon know about Cyrus ?? I am wondering how that can work by only specifying master agentx, is that really all ? I will be using Cyrus graphtools from the contrib dir... By default snmpd and ucd libs will use the same unix domain socket to communicate. Things are a bit more complicated if you use libwrap and/or you want to change the socket location or use ip:port for ipc. -Igor Regards Marc Igor Brezac To: [EMAIL PROTECTED] [EMAIL PROTECTED] cc: Sent by: Subject: Re: Including UCD-SNMP support in Cyrus IMAPD [EMAIL PROTECTED] ew.cmu.edu 01/09/03 07:31 PM On Thu, 9 Jan 2003 [EMAIL PROTECTED] wrote: Thanks, it looks like that worked, I now compiled Cyrus IMAP with the following: LIBS=-Wl,-zignore and I've checked with ldd to see if the kstat and kvm library where display and they are not anymore so it looks fine. Now an important question, how can I check that UCD-SNMP is really working with my Cyrus IMAP ? Add 'master agentx' to snmpd.conf. Make sure to start cyrus after your start snmpd. To see counters 'snmpwalk snmp_host comminity_str .1.3.6.1.4.1.3.6.1' Regards Marc Igor Brezac To: [EMAIL PROTECTED] [EMAIL PROTECTED] cc: [EMAIL PROTECTED] Sent by: Subject: Re: Including UCD-SNMP support in Cyrus IMAPD [EMAIL PROTECTED] ew.cmu.edu 01/08/03 10:51 PM Please respond to info-cyrus On Wed, 8 Jan 2003 [EMAIL PROTECTED] wrote: I must have mis-understood you. You need to use this option to compile cyrus-imapd. -Wl,-zignore will ignore libraries not referenced by the link process. If you want to fix UCD-SNMP libs, you need to pass -Wl,-zdefs to LDFLAGS and then add neccessary libs to the link process until everything compiles fine. Actually, you may need to use -zdefs because libtool on solaris uses 'ld' for link-edit. This is a libtool bug, but this is a subject for a different forum. Oh ok this is for Cyrus IMAP, then I misunderstood you... So now from the two solutions you gave what do you think is the best to do: You do not have to do either. What you have works. ;) You asked me if cyrus binaries can be compiled without all these unneccessary libraries? Option 1) will do this. 1) - use -Wl,-zignore to compile Cyrus IMAP or I would not go through the effort of fixing UCD libs unless you are familiar with the link-edit process. Do not bother with 2). 2) - use -Wl,-zdefs to compile UCD SNMP Hope this helps. -Igor -- Igor -- Igor
Re: Install sieve failure
Do Duc Huy wrote: Hi all cyrus user! I have installed Cyrus and Postfix for my email system. Everything seem OK and now I want to install sieve for some jobs. When I tried to telnet to my server at port 2000, the screen report like below: # telnet localhost 2000 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. IMPLEMENTATION Cyrus timsieved v1.0.0 SIEVE fileinto reject envelope vacation imapflags notify subaddress regex OK timsieved/sasl isn't finding any plugins. Check your plugins directory (/usr/lib/sasl[2]). -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Cyrus and Virtual Domains
Felix Cuello wrote: Hello! I have two servers in two different works :-). One of this server are running Cyrus 2.1.9 with SASL 2.1.9 with an LDAP. [this server works fine!] [under RedHat 7.3] The second server [the problem :-)] are running a Debian Linux welll... Debian have Cyrus 1.5.19... using apt-get but in this server I must install virtual domains. Does Cyrus support virtual domains?, what can I read to start with Virtual Domains? It'll be in Cyrus 2.2 which is in CVS. You can read some of the docs here: http://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/~checkout~/src/cyrus/doc/Attic/install-virtdomains.html?rev=1.1.2.5content-type=text/htmlhideattic=0 -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Virtual mailboxes
Is there a way to have cyrus deliver mail to a mailbox based on the domain? for example, if [EMAIL PROTECTED] has mail deliverd, it goes to user/lithodyne.net/joee. If [EMAIL PROTECTED] has mail delivered, it goes to user/andrew.cmu.edu/joee. I'm trying to eliminate usernames as the email address. Currently, I have cyrus setup so the mailbox is [EMAIL PROTECTED] So the username is [EMAIL PROTECTED] and not just joee. I'd like to have the user as joee no matter what domain. I use postfix as the mta. Maybe I should write a wrapper for deliver so postfix will extract the username and domain and pass the correct mailbox to cyrus. Anyone doing this? I hope I'm clear on what I'm asking. -- Joe Ellis http://www.lithodyne.net Jas 5:7,8
2.2cvs, imapd OK, pop3d hangs before sending banner to clients
On one of our (Red Hat 7.3, dual PIII CPU) servers running cyrus-imapd (2.2 CVS as of late September 2002), last night POP3 and POP3S access mysteriously stopped working. IMAP and IMAPS access are still fine. Looking at the logs shows things like: Jan 10 02:11:16 aerogram pop3s[17907]: DBERROR db4: 459 lockers Which is, shall we say, unusual. Since October we have seen only very small numbers of lockers in these messages. This server has only some tens of email users at present. Only the duplicate and tls db's use berkeley. Attempting to access the server via POP3 gets a connect and then nothing. Access via pop3s gets a connect, the full SSL handshake sequence, then nothing. Restarting cyrus-imapd did not help. cyradm version output is: name : Cyrus IMAPD version: v2.2.prealpha-GRC-RPM-2.2-cvs.20020926 2002/09/26 19:19:16 vendor : Project Cyrus support-url: http://asg.web.cmu.edu/cyrus os : Linux os-version : 2.4.18-17.7.xsmp environment: Built w/Cyrus SASL 2.1.7 Running w/Cyrus SASL 2.1.10 Sleepycat Software: Berkeley DB 4.0.14: (November 18, 2001) OpenSSL 0.9.6b [engine] 9 Jul 2001 CMU Sieve 2.2 TCP Wrappers mmap = shared lock = fcntl nonblock = fcntl auth = unix idle = poll mboxlist.db = skiplist subs.db = flat seen.db = skiplist duplicate.db = berkeley-nosync tls.db = berkeley-nosync We had upgraded cyrus-sasl to 2.1.10, but downgrading back to 2.1.7 did not change this issue. Attaching to one 'connected to but hung' pop3d with gdb shows a backtrace of: (gdb) bt #0 0x420dadf4 in read () from /lib/i686/libc.so.6 #1 0x4002a480 in __DTOR_END__ () from /usr/lib/libsasl2.so.2 #2 0x40024186 in randinit () from /usr/lib/libsasl2.so.2 #3 0x400241cd in sasl_rand () from /usr/lib/libsasl2.so.2 #4 0x40023e3f in sasl_mkchal () from /usr/lib/libsasl2.so.2 #5 0x0804cccb in service_main () #6 0x0805149b in main () #7 0x42017589 in __libc_start_main () from /lib/i686/libc.so.6 (gdb) How can I best troubleshoot this further -- or is a quick fix already known? Thanks, Jonathan -- Jonathan Marsden| Internet: [EMAIL PROTECTED] | Making electronic 1252 Judson Street | Phone: +1 (909) 795-3877 | communications work Redlands, CA 92374 | Fax: +1 (909) 795-0327 | reliably for Christian USA | http://www.xc.org/jonathan| missions worldwide
delete selected folder leaves empty dir on disk
I'm submitting a message from one of my co-workers who's not subscribed directly to the list... Original Message Subject: delete selected folder leaves empty dir on disk Date: Wed, 08 Jan 2003 13:26:24 -0500 From: Christopher Schanzle [EMAIL PROTECTED] To: [EMAIL PROTECTED] This isn't a huge problem, but it would be nice to get cleaned up if possible. Occasionally we have discovered empty directories in a user's spool area. Empty means no cyrus.* files, or messages. They are not in the mailbox.db as a current mailbox. I have discovered that if the folder to delete is first selected, all files are removed (including cyrus.*), it is removed from the mailbox db, but the (empty) directory remains on disk. I've also duplicated this by just telnetting to the imap port, created a folder, selected it, then deleted it. The directory remained. What I have found is the directory does not remain if the folder is not selected before the delete. Here's a log of the one that leaves a directory: -- schanzle Wed Jan 8 12:38:34 2003 10420475142 select INBOX.newfolder 1042047514* FLAGS (\Answered \Flagged \Draft \Deleted \Seen) * OK [PERMANENTFLAGS (\Answered \Flagged \Draft \Deleted \Seen \*)] * 0 EXISTS * 0 RECENT * OK [UIDVALIDITY 1042047507] * OK [UIDNEXT 1] 2 OK [READ-WRITE] Completed 10420475143 getacl INBOX.newfolder 1042047514* ACL INBOX.newfolder schanzle lrswipcda cyrusadm lrswipcda anyone p3 OK Completed 10420480464 list INBOX.newfolder.* 10420480464 OK Completed (0.000 secs 1 calls) 10420480465 close 10420480465 OK Completed 10420480466 delete INBOX.newfolder 10420480476 OK Completed 10420480477 unsubscribe INBOX.newfolder 10420480477 OK Completed 10420480768 logout 1042048076* BYE LOGOUT received 8 OK Completed Log of one that does NOT leave a directory (never selected): -- schanzle Wed Jan 8 12:52:33 2003 10420483532 list INBOX.foobar.* 10420483532 OK Completed (0.000 secs 1 calls) 10420483533 delete INBOX.foobar 10420483533 OK Completed 10420483534 unsubscribe INBOX.foobar 10420483534 OK Completed 10420483715 logout 1042048371* BYE LOGOUT received 5 OK Completed name : Cyrus IMAPD version: v2.1.11 2002/12/04 14:53:12 vendor : Project Cyrus support-url: http://asg.web.cmu.edu/cyrus os : SunOS os-version : 5.8 environment: Cyrus SASL 2.1.10 Sleepycat Software: Berkeley DB 4.1.24: (September 13, 2002) CMU Sieve 2.2 TCP Wrappers mmap = shared lock = fcntl nonblock = fcntl auth = unix idle = idled dirhash = full mboxlist.db = skiplist subs.db = flat seen.db = skiplist duplicate.db = db3-nosync tls.db = db3-nosync
Re: 2.2cvs, imapd OK, pop3d hangs before sending banner to clients
You might be running out of enthropy. cat /dev/random to check. Jonathan Marsden wrote: On one of our (Red Hat 7.3, dual PIII CPU) servers running cyrus-imapd (2.2 CVS as of late September 2002), last night POP3 and POP3S access mysteriously stopped working. IMAP and IMAPS access are still fine. Looking at the logs shows things like: Jan 10 02:11:16 aerogram pop3s[17907]: DBERROR db4: 459 lockers Which is, shall we say, unusual. Since October we have seen only very small numbers of lockers in these messages. This server has only some tens of email users at present. Only the duplicate and tls db's use berkeley. Attempting to access the server via POP3 gets a connect and then nothing. Access via pop3s gets a connect, the full SSL handshake sequence, then nothing. Restarting cyrus-imapd did not help. cyradm version output is: name : Cyrus IMAPD version: v2.2.prealpha-GRC-RPM-2.2-cvs.20020926 2002/09/26 19:19:16 vendor : Project Cyrus support-url: http://asg.web.cmu.edu/cyrus os : Linux os-version : 2.4.18-17.7.xsmp environment: Built w/Cyrus SASL 2.1.7 Running w/Cyrus SASL 2.1.10 Sleepycat Software: Berkeley DB 4.0.14: (November 18, 2001) OpenSSL 0.9.6b [engine] 9 Jul 2001 CMU Sieve 2.2 TCP Wrappers mmap = shared lock = fcntl nonblock = fcntl auth = unix idle = poll mboxlist.db = skiplist subs.db = flat seen.db = skiplist duplicate.db = berkeley-nosync tls.db = berkeley-nosync We had upgraded cyrus-sasl to 2.1.10, but downgrading back to 2.1.7 did not change this issue. Attaching to one 'connected to but hung' pop3d with gdb shows a backtrace of: (gdb) bt #0 0x420dadf4 in read () from /lib/i686/libc.so.6 #1 0x4002a480 in __DTOR_END__ () from /usr/lib/libsasl2.so.2 #2 0x40024186 in randinit () from /usr/lib/libsasl2.so.2 #3 0x400241cd in sasl_rand () from /usr/lib/libsasl2.so.2 #4 0x40023e3f in sasl_mkchal () from /usr/lib/libsasl2.so.2 #5 0x0804cccb in service_main () #6 0x0805149b in main () #7 0x42017589 in __libc_start_main () from /lib/i686/libc.so.6 (gdb) How can I best troubleshoot this further -- or is a quick fix already known? Thanks, Jonathan -- Jonathan Marsden | Internet: [EMAIL PROTECTED] | Making electronic 1252 Judson Street | Phone: +1 (909) 795-3877 | communications work Redlands, CA 92374 | Fax: +1 (909) 795-0327 | reliably for Christian USA | http://www.xc.org/jonathan | missions worldwide
STARTTLS negotiation failed
This is more of a Pine problem than Cyrus, but I'm hoping someone here might know what I can do... I'm setting up a test server to check out the latest release of Cyrus IMAPD, as well as a few other things (sendmail+TLS+SMTP AUTH, squirrelmail, spamassassin amavis). I've got Cyrus installed and running, and can read mail fine with it (though there isn't any to read right now). My problem is connecting with Pine. Now, our current Cyrus server has a self-signed cert which Pine doesn't like unless you add /novalidate-cert to the hostname of the server. But this time, that doesn't even help as it just says There was an SSL/TLS failure for the server The reason for the failure was: SSL Negotiation failed Cyrus also reports the same thing in the logs. I understand the point of '/novalidate-cert', meaning don't try to check the signing authority on the cert, and I could overlook things if that was the only error. But the whole negotiation failed part has me worried, as I can't buy a cert for a test server, and can't deploy the new Cyrus if Pine won't work with it (it's the only departmentally-supported mail client, I've guaranteed it will work even if the IMAP-client-du-jour doesn't). Cranking up the debugging in Pine (thanks RedHat for making me recompile it to add what should be there by default) only gets me that Pine issues the STARTTLS command, and then right after that complains that negotiation failed, no reason why. Anyone have an idea? I suppose I could dig up the CA cert I created before to sign the current server's cert, and sign the test server's cert with it, and even install that in /usr/share/ssl/ so it will be 'recognized' as authentic. But it doesn't seem to be complaining about validity, just that it can't negotiate. I can, however, using Mozilla or Apple's Mail program, so I don't think there's anything wrong with Cyrus (and Pine 4.44 works with the current server just fine). -- Steve Huston - Unix Systems Administrator, Dept. of Astrophysical Sciences Princeton University | ICBM Address: 40.346525 -74.651285 126 Peyton Hall |On my ship, the Rocinante, wheeling through Princeton, NJ 08544 | the galaxies; headed for the heart of Cygnus, (609) 258-7375 | headlong into mystery. -Rush, 'Cygnus X-1'
Sieve failures
Greetings, My cyrus install has recently started to act up in that sieve does not always work properly. Has anyone seen this message before and if so, what does it mean? sieve runtime error for larryd id 0c8701c2b8e4$a0ade380$[EMAIL PROTECTED]: Vacation: Sendmail process terminated normally, exit status 75 Thanks, David
Re: delete selected folder leaves empty dir on disk
On Fri, 10 Jan 2003, John Alton Tamplin wrote: So is it ok to sweep the filesystem and delete any empty directories? Would that leave a race condition with an imapd creating a new folder? Yes, it could. It seems like it should be safe to rmdir() the directory even if some process is sitting on it or has it open -- there might need to be additional error checking to handle a directory disappearing unexpectedly, but that doesn't seem to be a big problem. We do currently call rmdir() on the directory. The applicable code is in mailbox_delete() in mailbox.c if you'd like to suggest a patch. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: delete selected folder leaves empty dir on disk
Rob Siemborski wrote: Yeah, we know about this. There's no good way around it, since a totally separate imapd could be selected on the folder as well, and the directory would still be left around. So is it ok to sweep the filesystem and delete any empty directories? Would that leave a race condition with an imapd creating a new folder? It seems like it should be safe to rmdir() the directory even if some process is sitting on it or has it open -- there might need to be additional error checking to handle a directory disappearing unexpectedly, but that doesn't seem to be a big problem. -- John A. Tamplin Unix System Administrator Emory University, School of Public Health +1 404/727-9931
Re: delete selected folder leaves empty dir on disk
Rob Siemborski wrote: We do currently call rmdir() on the directory. The applicable code is in mailbox_delete() in mailbox.c if you'd like to suggest a patch. Since rmdir() doesn't delete it, I assume that means there is some entry in the directory which wasn't deleted. Since you have apparently looked at this before, what is the cause? Is unlink failing on some file for some reason, or is it a race condition of a file being created after the opendir() and before the rmdir() loop? This has been particularly annoying here during the conversion, because Mail::IMAPClient uses temporary folders and it deletes them while they are selected, leaving thousands of empty top-level directories. I shut the server down and cleaned them up, but that isn't something I would like to do often. -- John A. Tamplin Unix System Administrator Emory University, School of Public Health +1 404/727-9931
Re: delete selected folder leaves empty dir on disk
On Fri, 10 Jan 2003, John Alton Tamplin wrote: Since rmdir() doesn't delete it, I assume that means there is some entry in the directory which wasn't deleted. Since you have apparently looked at this before, what is the cause? Is unlink failing on some file for some reason, or is it a race condition of a file being created after the opendir() and before the rmdir() loop? Well, on linux atleast, rmdir() can fail with EBUSY: EBUSY pathname is the current working directory or root directory of some process. On solaris, you do have to be the process selected on the mailbox to hit the problem. This has been particularly annoying here during the conversion, because Mail::IMAPClient uses temporary folders and it deletes them while they are selected, leaving thousands of empty top-level directories. I shut the server down and cleaned them up, but that isn't something I would like to do often. I actually suspect its easier to fix Mail::IMAPClient than to get a totally correct cyrus. The bug for this issue is here: http://bugzilla.andrew.cmu.edu/show_bug.cgi?id=1268 -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: Outlook wont work with secure Password
David Brandt wrote: Hi, i have big problems getting outlook working with Secure password (dunno how its called in english) turned on. The only Problem is that outlook sends AUTH \r\n instead of AUTH\r\n (note the space). The Cyrus POP3 then says Syntax error. Any help? The AUTH command expects the SASL mechanism to follow the AUTH command, ie AUTH NTLM\r\n Check RFC 1734. In any case if you're trying to use the checkbox in Outlook that I think you are, you'll have to have the user's passord in /etc/sasldb. Hey, its outlook ;) If there wouldn be a space at the end the popd would echo all mechs it knows. Outlook tries to do this, i dont know why. AUTH +OK List of supported mechanisms follows NTLM DIGEST-MD5 CRAM-MD5 . Even though Outlook is using the OLD way of SASL mechanism discovery AND doing it incorrectly, here is a patch: http://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/cyrus/imap/pop3d.c.diff?r1=1.130r2=1.131 -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Virtual mailboxes
Sounds to me like you want virtual domain support. This is part of Cyrus 2.2 (which is in CVS). Here is some docs: http://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/~checkout~/src/cyrus/doc/Attic/install-virtdomains.html?rev=1.1.2.5content-type=text/htmlhideattic=0 Joe Ellis wrote: Is there a way to have cyrus deliver mail to a mailbox based on the domain? for example, if [EMAIL PROTECTED] has mail deliverd, it goes to user/lithodyne.net/joee. If [EMAIL PROTECTED] has mail delivered, it goes to user/andrew.cmu.edu/joee. I'm trying to eliminate usernames as the email address. Currently, I have cyrus setup so the mailbox is [EMAIL PROTECTED] So the username is [EMAIL PROTECTED] and not just joee. I'd like to have the user as joee no matter what domain. I use postfix as the mta. Maybe I should write a wrapper for deliver so postfix will extract the username and domain and pass the correct mailbox to cyrus. Anyone doing this? I hope I'm clear on what I'm asking. -- Joe Ellis http://www.lithodyne.net Jas 5:7,8 -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Virtual mailboxes
Yeah. thats exactly what I want. ...i just built a new mail server too using cyrus-imap 2.1.11. Thanks. Ken Murchison wrote: Sounds to me like you want virtual domain support. This is part of Cyrus 2.2 (which is in CVS). Here is some docs: http://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/~checkout~/src/cyrus/doc/Attic/install-virtdomains.html?rev=1.1.2.5content-type=text/htmlhideattic=0 Joe Ellis wrote: Is there a way to have cyrus deliver mail to a mailbox based on the domain? for example, if [EMAIL PROTECTED] has mail deliverd, it goes to user/lithodyne.net/joee. If [EMAIL PROTECTED] has mail delivered, it goes to user/andrew.cmu.edu/joee. I'm trying to eliminate usernames as the email address. Currently, I have cyrus setup so the mailbox is [EMAIL PROTECTED] So the username is [EMAIL PROTECTED] and not just joee. I'd like to have the user as joee no matter what domain. I use postfix as the mta. Maybe I should write a wrapper for deliver so postfix will extract the username and domain and pass the correct mailbox to cyrus. Anyone doing this? I hope I'm clear on what I'm asking. -- Joe Ellis http://www.lithodyne.net Jas 5:7,8 -- Joe Ellis http://www.lithodyne.net Jas 5:7,8
Re: 2.2cvs, imapd OK, pop3d hangs before sending banner to clients
Jonathan Marsden wrote: Attaching to one 'connected to but hung' pop3d with gdb shows a backtrace of: (gdb) bt #0 0x420dadf4 in read () from /lib/i686/libc.so.6 #1 0x4002a480 in __DTOR_END__ () from /usr/lib/libsasl2.so.2 #2 0x40024186 in randinit () from /usr/lib/libsasl2.so.2 #3 0x400241cd in sasl_rand () from /usr/lib/libsasl2.so.2 #4 0x40023e3f in sasl_mkchal () from /usr/lib/libsasl2.so.2 #5 0x0804cccb in service_main () #6 0x0805149b in main () #7 0x42017589 in __libc_start_main () from /lib/i686/libc.so.6 (gdb) How can I best troubleshoot this further -- or is a quick fix already known? You're running out of entropy. pop3d is trying to create an APOP challenge to put in the banner. You can try recompiling SASL with --disable-checkapop (which will only hide the entropy problem) or try using /dev/urandom or EGD (which requires recompiling Cyrus --with-egd-socket). Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Virtual mailboxes
If you want to try 2.2 from CVS, you want to check out tag cyrus-imapd-2_2 Joe Ellis wrote: Yeah. thats exactly what I want. ...i just built a new mail server too using cyrus-imap 2.1.11. Thanks. Ken Murchison wrote: Sounds to me like you want virtual domain support. This is part of Cyrus 2.2 (which is in CVS). Here is some docs: http://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/~checkout~/src/cyrus/doc/Attic/install-virtdomains.html?rev=1.1.2.5content-type=text/htmlhideattic=0 Joe Ellis wrote: Is there a way to have cyrus deliver mail to a mailbox based on the domain? for example, if [EMAIL PROTECTED] has mail deliverd, it goes to user/lithodyne.net/joee. If [EMAIL PROTECTED] has mail delivered, it goes to user/andrew.cmu.edu/joee. I'm trying to eliminate usernames as the email address. Currently, I have cyrus setup so the mailbox is [EMAIL PROTECTED] So the username is [EMAIL PROTECTED] and not just joee. I'd like to have the user as joee no matter what domain. I use postfix as the mta. Maybe I should write a wrapper for deliver so postfix will extract the username and domain and pass the correct mailbox to cyrus. Anyone doing this? I hope I'm clear on what I'm asking. -- Joe Ellis http://www.lithodyne.net Jas 5:7,8 -- Joe Ellis http://www.lithodyne.net Jas 5:7,8 -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Outlook wont work with secure Password
Okay now, I capitulate, no chance to get against Outlooks straight incompatibility... NO WAY It works now, basicly, BUT outlooks asks each time I start outlook for the User/Password/Domain, then i give him User/Password EXACTLY as it is in the properties and it works until i restart outlook... Thats to much for me. thanks anyway =) - David 'esi' Brandt - wakka.de staff [EMAIL PROTECTED] - irc://irc.wakka.de/#wakka - icq:13272332 http://www.wakka.de Get your wheep - Original Message - From: Ken Murchison [EMAIL PROTECTED] To: David Brandt [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, January 10, 2003 10:58 PM Subject: Re: Outlook wont work with secure Password David Brandt wrote: Hi, i have big problems getting outlook working with Secure password (dunno how its called in english) turned on. The only Problem is that outlook sends AUTH \r\n instead of AUTH\r\n (note the space). The Cyrus POP3 then says Syntax error. Any help? The AUTH command expects the SASL mechanism to follow the AUTH command, ie AUTH NTLM\r\n Check RFC 1734. In any case if you're trying to use the checkbox in Outlook that I think you are, you'll have to have the user's passord in /etc/sasldb. Hey, its outlook ;) If there wouldn be a space at the end the popd would echo all mechs it knows. Outlook tries to do this, i dont know why. AUTH +OK List of supported mechanisms follows NTLM DIGEST-MD5 CRAM-MD5 . Even though Outlook is using the OLD way of SASL mechanism discovery AND doing it incorrectly, here is a patch: http://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/cyrus/imap/pop3d.c.dif f?r1=1.130r2=1.131 -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: STARTTLS negotiation failed
On 10 Jan 2003, Steve Huston writes: Now, our current Cyrus server has a self-signed cert which Pine doesn't like unless you add /novalidate-cert to the hostname of the server. But this time, that doesn't even help as it just says There was an SSL/TLS failure for the server The reason for the failure was: SSL Negotiation failed Cyrus also reports the same thing in the logs. I understand the point of '/novalidate-cert', meaning don't try to check the signing authority on the cert, and I could overlook things if that was the only error. Use openssl s_client -connect server.your.domain:993 to see openssl negotiate with your server. The info you see (any warnings, etc.) may give you clues about what specifically Pine is complaining about. Alternatively, use openssl x509 -text path/to/my/sslcert.pem for both the server that Pine is happy with, and the one it is unhappy with, and compare the output by hand... what attributes are different or missing in your new self-signed cert? Longer term, you might want to create your own CA and sign the server hot cert with that CA. Then provide your public CA cert to Pine and, theoretically, you won't need /novalidate-cert If you have it around, connecting with mutt rather than Pine might also be a useful test? Jonathan -- Jonathan Marsden| Internet: [EMAIL PROTECTED] | Making electronic 1252 Judson Street | Phone: +1 (909) 795-3877 | communications work Redlands, CA 92374 | Fax: +1 (909) 795-0327 | reliably for Christian USA | http://www.xc.org/jonathan| missions worldwide
Re: STARTTLS negotiation failed
On Fri, 10 Jan 2003, Jonathan Marsden wrote: On 10 Jan 2003, Steve Huston writes: Now, our current Cyrus server has a self-signed cert which Pine doesn't like unless you add /novalidate-cert to the hostname of the server. But this time, that doesn't even help as it just says There was an SSL/TLS failure for the server The reason for the failure was: SSL Negotiation failed Cyrus also reports the same thing in the logs. I understand the point of '/novalidate-cert', meaning don't try to check the signing authority on the cert, and I could overlook things if that was the only error. openssl s_client -connect server.your.domain:993 to see openssl negotiate with your server. The info you see (any warnings, etc.) may give you clues about what specifically Pine is complaining about. That works fine; the problem seems to be when connecting to 143 and negotiating up to TLS from there (which Pine now does by default, and puts a nice (INSECURE) on the screen if you set /notls). Alternatively, use openssl x509 -text path/to/my/sslcert.pem for both the server that Pine is happy with, and the one it is unhappy with, and compare the output by hand... what attributes are different or missing in your new self-signed cert? Longer term, you might want to create your own CA and sign the server hot cert with that CA. Then provide your public CA cert to Pine and, theoretically, you won't need /novalidate-cert I did this with the cert currently in use, just never installed the CA on clients. It wasn't used by more than three people, and they knew what to do, so I wasn't worried about it. Now more are getting into not having to use SSH into the building, and the fact that someone couldn't use Squirrelmail from some set-top box in a hotel due to the cert means the new server gets a real signed one. Whoopee. If you have it around, connecting with mutt rather than Pine might also be a useful test? Very useful! Same results, connecting to port 993 and starting with SSL enabled works fine, but connecting to 143 and issuing STARTTLS fails just the same. Now I know better where to look. And come to think of it, I think Mozilla, Netscape and OS X's Mail all were using SSL on 993, not TLS on 143. That explains why they worked fine. I tried signing the cert with my own CA, and installing the CA's cert, and all that did was remove the complaint about not being able to verify the cert. Still get the SSL negotiation failed message. -- Steve Huston - Unix Systems Administrator, Dept. of Astrophysical Sciences Princeton University | ICBM Address: 40.346525 -74.651285 126 Peyton Hall |On my ship, the Rocinante, wheeling through Princeton, NJ 08544 | the galaxies; headed for the heart of Cygnus, (609) 258-7375 | headlong into mystery. -Rush, 'Cygnus X-1'
Re: Outlook wont work with secure Password
David Brandt wrote: Okay now, I capitulate, no chance to get against Outlooks straight incompatibility... NO WAY It works now, basicly, BUT outlooks asks each time I start outlook for the User/Password/Domain, then i give him User/Password EXACTLY as it is in the properties and it works until i restart outlook... Thats to much for me. I tested the fix with Outlook Express using NTLM and it worked fine. - Original Message - From: Ken Murchison [EMAIL PROTECTED] To: David Brandt [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, January 10, 2003 10:58 PM Subject: Re: Outlook wont work with secure Password David Brandt wrote: Hi, i have big problems getting outlook working with Secure password (dunno how its called in english) turned on. The only Problem is that outlook sends AUTH \r\n instead of AUTH\r\n (note the space). The Cyrus POP3 then says Syntax error. Any help? The AUTH command expects the SASL mechanism to follow the AUTH command, ie AUTH NTLM\r\n Check RFC 1734. In any case if you're trying to use the checkbox in Outlook that I think you are, you'll have to have the user's passord in /etc/sasldb. Hey, its outlook ;) If there wouldn be a space at the end the popd would echo all mechs it knows. Outlook tries to do this, i dont know why. AUTH +OK List of supported mechanisms follows NTLM DIGEST-MD5 CRAM-MD5 . Even though Outlook is using the OLD way of SASL mechanism discovery AND doing it incorrectly, here is a patch: http://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/cyrus/imap/pop3d.c.dif f?r1=1.130r2=1.131 -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: STARTTLS negotiation failed
Steve Huston wrote: This is more of a Pine problem than Cyrus, but I'm hoping someone here might know what I can do... [...] Now, our current Cyrus server has a self-signed cert which Pine doesn't like unless you add /novalidate-cert to the hostname of the server. But this time, that doesn't even help as it just says There was an SSL/TLS failure for the server The reason for the failure was: SSL Negotiation failed Cyrus also reports the same thing in the logs. I understand the point of '/novalidate-cert', meaning don't try to check the signing authority on the I just tested Pine 4.44 against my Cyrus 2.1.11 using a self-signed cert (/novalidate-cert) and it works fine. Below is the output from ssldump (http://www.rtfm.com/ssldump/) for reference. I'd use ssldump to see where in the negotiation it fails. [root@eagle]# ssldump -d -i lo -k /var/imap/certs/mail.oceana.com.key port 143 New TCP connection #1: eagle.oceana.com(38414) - eagle.oceana.com(143) 0.0315 (0.0315) SC --- * OK eagle.oceana.com Cyrus IMAP4 v2.1.11 server ready --- 0.0320 (0.0005) CS --- CAPABILITY --- 0.0324 (0.0004) SC --- * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS LOGINDISABLED AUTH=SRP AUTH=OTP AUTH=NTLM AUTH=DIGEST-MD5 AUTH=CRAM-MD5 LISTEXT LIST-SUBSCRIBED ANNOTATEMORE X-NETSCAPE OK Completed --- 0.0327 (0.0002) CS --- 0001 STARTTLS --- 0.1106 (0.0779) SC --- 0001 OK Begin TLS negotiation now --- 1 1 0.1408 (0.0301) CS Handshake ClientHello Version 3.1 cipher suites TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_MD5 TLS_DHE_DSS_WITH_RC2_56_CBC_SHA TLS_RSA_EXPORT1024_WITH_RC4_56_SHA TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 TLS_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_RSA_EXPORT_WITH_RC4_40_MD5 compression methods NULL 1 2 0.1424 (0.0016) SC Handshake ServerHello Version 3.1 session_id[32]= ce 24 19 9e 16 7a da 4a 2d 2d f7 ef 83 24 ff 55 19 3d 31 9b 72 9f b9 57 17 bc 61 4a 38 4c c5 4d cipherSuite TLS_RSA_WITH_3DES_EDE_CBC_SHA compressionMethod NULL 1 3 0.1424 (0.) SC Handshake Certificate 1 4 0.1424 (0.) SC Handshake CertificateRequest certificate_types rsa_sign certificate_types dss_sign certificate_authority 30 81 a9 31 0b 30 09 06 03 55 04 06 13 02 4e 59 31 11 30 0f 06 03 55 04 08 13 08 4e 65 77 20 59 6f 72 6b 31 15 30 13 06 03 55 04 07 13 0c 4f 72 63 68 61 72 64 20 50 61 72 6b 31 0f 30 0d 06 03 55 04 0a 13 06 4f 63 65 61 6e 61 31 28 30 26 06 03 55 04 0b 13 1f 43 65 72 74 69 66 69 63 61 74 69 6f 6e 20 53 65 72 76 69 63 65 73 20 44 69 76 69 73 69 6f 6e 31 17 30 15 06 03 55 04 03 13 0e 4f 63 65 61 6e 61 20 52 6f 6f 74 20 43 41 31 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 09 01 16 0d 63 61 40 6f 63 65 61 6e 61 2e 63 6f 6d ServerHelloDone 1 5 0.1467 (0.0042) CS Handshake Certificate 1 6 0.1467 (0.) CS Handshake ClientKeyExchange 1 7 0.1467 (0.) CS ChangeCipherSpec 1 8 0.1467 (0.) CS Handshake Finished 1 9 0.1637 (0.0169) SC ChangeCipherSpec 1 10 0.1637 (0.) SC Handshake Finished 1 11 0.1643 (0.0006) CS application_data --- 0002 CAPABILITY --- 1 12 0.1655 (0.0011) SC application_data
backup mail server
I have a small cyrus setup that only a few users use but I want to setup some kind of live backup system for it. I would really just like to have two cyrus servers that keep the same mail boxes on them so if one fails (hardware, software crash, smurfs, etc...) the other will have a back up the mail and continue to receive mail. I was reading up on the murder stuff for cyrus but am not sure if it is what I want and if I have the spare systems to support everything. If anyone could point me in the right direction it would be great. Greg
No Mail Box
Ok I don't know if this is a cyrus problem or a postfix problem but when ever I try to send email to a mail box with a odd case ( [EMAIL PROTECTED] ) the email bounces. I created mail boxes in lower case and just noticed that the email bounced when sending to it in a case other than it was created with. Could anyone tell me how to fix this because I know I did not have this problem before upgrading to impad2 2.1.11 from a 2.0.x version.