Re: Permission problem

2001-05-01 Thread David Fuchs 

Previous versions of Cyrus used the 'd' permission for this.  Cyrus now
requires that you set the 'c' permission in your ACL...

Hope that helps...

-David Fuchs

- Original Message -
From: Marius Kirschner [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, April 30, 2001 8:08 PM
Subject: Permission problem


 I've set up cyrus-imapd 2.0.12 last week and everything seems to be
working
 okay (at least the sending and receiving part), except I have a
permission
 problem.  To be more exact, the admin can't delete mailboxes and the
user
 can't create them.  If I go into cyradm as admin I can create
'user.mailbox'
 or 'user.mailbox.whatever' but when I try to delete them I get a
permission
 denied error.  And, yes, I do grant myself delete access before trying
to
 delete them.  Also, as user when I try to create a mailbox I get also
a
 permission denied error, however, as user I am able to delete
mailboxes
 created by admin.

 All the /var/imap directories are owned by cyrus.cyrus and the rwx
 permissions are set as well, and imapd runs as cyrus.  I've been
trying to
 figure this out for days now but to no avail.  I'd appreciate it if
somebody
 could steer me in the right directions.  FWIW, I'm running FreeBSD
4.3.
 Thanks,

 ---Marius

forking problem and SleepyCat

2001-05-01 Thread Spark 

Hey guys,

Regarding the forking problem that some of us seem to be having. I've
been in touch with the SleepyCat support department. We discussed a few
things about the problem and finally i sent him a copy of the
cyrusdb_db3.c file.. At first the response was that maybe opening it
read/write contantly could be the problem. Then i received the following
email:

--

One of our senior engineers reviewed Support Request #3838, and
comments:

 Berkeley DB only transactionally protects the open if you're
 doing a DB_CREATE.  Even if the Cyrus application is opening
 the file read/write, we don't need a transaction.  I see
 from their source that they are always specifying DB_CREATE.
 I bet if they changed it to not specifying CREATE and only
 creating if necessary, the problem would probably go away.

Regards,
--keith

--

Maybe somebody can comeup with change to the code that can implement this??

Greetings,

Hugo

--
That i'm paranoid doesn't mean they aren't out to get me!
--
Hugo Trippaers (HT2-6BONE)  ISION Internet BV
System Engineer (RHCE)  http://www.ision.nl
[EMAIL PROTECTED]

Re: e with accent

2001-05-01 Thread Michael Salmon 

+-- On Monday, April 30, 2001 16:11:02 +0200 Jean-Michel Doublet 
+[EMAIL PROTECTED] wrote:

| Hi,
|
| i use cyrus-2.0.12 and when i send a mail with an é or è in the
| suject, the é is replace with X.
|
| How can i fix this ?
+--

Don't send any non-ascii characters. The problem is that the receiver has no way of 
knowing just which character set you meant. Is it encoded in iso8859-1, iso8859-15 or 
utf-8? You need to encode the characters in your subject as described in RFC2047 i.e. 
=?ISO-8859-1?Q?=e8=e9?= for èé.

/Michael
-- This space intentionally left non-blank.

configure can't find sasl_getprop (v. 2.0.13)

2001-05-01 Thread Werner Reisberger 

I want to upgrade from 1.6.24 to 2.0.13 but configure isn't able to find
libsasl although I am using the library since many month with 1.6.24:

  checking for sasl_getprop in -lsasl... no

My sasl libraries are in 

  /usr/local/sasl/lib

and I called configure with --with-sasl=/usr/local/sasl

If I check libsasl.so.7.1.8 with nm I see the sasl_getprop symbol.

Any hints?

 Werner

Re: configure can't find sasl_getprop (v. 2.0.13)

2001-05-01 Thread Scott Adkins 

--On Tuesday, May 01, 2001 2:44 PM +0200 Werner Reisberger [EMAIL PROTECTED] 
wrote:

 I want to upgrade from 1.6.24 to 2.0.13 but configure isn't able to find
 libsasl although I am using the library since many month with 1.6.24:

   checking for sasl_getprop in -lsasl... no

 My sasl libraries are in

   /usr/local/sasl/lib

 and I called configure with --with-sasl=/usr/local/sasl

 If I check libsasl.so.7.1.8 with nm I see the sasl_getprop symbol.

 Any hints?

  Werner

A new SASL library was released as beta at the end of last March.  It
was released as 1.5.27.  In any the case, it has the sasl_getprop()
function that you described.

My question is this... Even though configure doesn't see sasl_getprop()
in your SASL library, it shouldn't be disabling SASL as a whole... Are you
still able to compile the IMAP server and get it to work?  I would expect
that to be the case (but may not be at the moment), especially since the
latest SASL release was considered beta.

Anyways, if you need the library, you can get it at the following location:

  ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/BETA/cyrus-sasl-1.5.27.tar.gz

Scott
--
 +-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-+
  Scott W. Adkinshttp://www.cns.ohiou.edu/~sadkins/
   UNIX Systems Engineer  mailto:[EMAIL PROTECTED]
ICQ 7626282 Work (740)593-9478 Fax (740)593-1944
 +-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-+
 CNS, HDL Center, Suite 301, Ohio University, Athens, OH 45701-2979

Re: 1.6.24 + STARTTLS + cyradm

2001-05-01 Thread Amos Gouaux 

 On Tue, 1 May 2001 13:04:30 +0100,
 Richard Hopkins [EMAIL PROTECTED] (rh) writes:

rh I've got 1.6.24 configured with SSL and can get a TLS session established 
rh using Mulberry without any problem.

Does anybody have a listing of what clients support TLS?  While I
personally wouldn't mind freezing out all clients but Mulberry, I
have a feeling a lynch mob would be after me.  ;-)

-- 
Amos

Cyrus IMAPd using PAM authentication under FreeBSD ...

2001-05-01 Thread Marc G. Fournier 


Okay, I'm at a loss here, and hope someone has an idea of what I'm missing
...

I installed cyrus-imapd and cyrus-sasl from ports under FreeBSD, that all
appears to work great as long as I don't try and set sasl_pwcheck_method
to PAM ... as soon as I set that, it fails.

I'm trying to use the pam_smb_auth module, v1.9.8 ...

Using it for ftpd, in /etc/pam.conf, it works great:

==
May  1 11:31:05 new-relay ftpd[45475]: unable to resolve symbol: pam_sm_authenticate
May  1 11:31:05 new-relay ftpd[45475]: unable to resolve symbol: pam_sm_setcred
May  1 11:31:05 new-relay ftpd[45475]: auth_pam: Module is unknown
==

and

==
demeter# ftp new-relay
Connected to new-relay.acadiau.ca.
220 new-relay.acadiau.ca FTP server (Version 6.00LS) ready.
Name (new-relay:root): marc
331 Password required for marc.
Password:
230 User marc logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp
==

but if I try pop3:

==
demeter# telnet new-relay pop3
Trying 131.162.200.78...
Connected to new-relay.acadiau.ca.
Escape character is '^]'.
+OK new-relay.acadiau.ca Cyrus POP3 v2.0.13 server ready
user marc
+OK Name is a valid mailbox
pass X
-ERR Invalid login

===

with the backend reporting, again:

===
May  1 11:32:33 new-relay pop3d[44673]: unable to resolve symbol: pam_sm_authenticate
May  1 11:32:33 new-relay pop3d[44673]: unable to resolve symbol: pam_sm_setcred
===

both passwords I type in are the exact same, ftpd works, pop3 fails ... so
I know that the pam module itself is working ... so the only thing I can
think of is that *something* in the cyrus-imapd port is causing the
failure ...

cyrus-imap version is: cyrus-imapd-2.0.13

configure is set as:

./configure \
--with-cyrus-prefix=/usr/local/cyrus \
--with-cyrus-group=cyrus \
--with-sasl=/usr/local \
--with-dbdir=/usr/local \
--with-auth=unix \
--with-com_err \
--with-ucdsnmp=no \
--prefix=/usr/local i386--freebsd4.3

A bug, maybe, in 2.0.13?

My pam.conf file looks like the following, in case I'm doing something
obvious in there?


login   authsufficient  pam_skey.so
login   authrequisite   pam_cleartext_pass_ok.so
login   authrequiredpam_unix.so try_first_pass

ftpdauthrequiredpam_smb_auth.so use_first_pass

imapauthrequiredpam_smb_auth.so nolocal

sieve   authsufficient  pam_unix.so
sieve   authrequiredpam_smb_auth.so use_first_pass

pop authrequiredpam_smb_auth.so

sshdauthsufficient  pam_skey.so
sshdauthrequiredpam_unix.so try_first_pass
sshdsession requiredpam_permit.so
csshd   authrequiredpam_skey.so

xserver authrequiredpam_permit.so

xdm authrequiredpam_unix.so
xdm account requiredpam_unix.so try_first_pass
xdm session requiredpam_deny.so
xdm password required   pam_deny.so

imapauthrequiredpam_unix.so try_first_pass
pop3authrequiredpam_unix.so try_first_pass

other   authrequiredpam_unix.so try_first_pass
other   account requiredpam_unix.so try_first_pass


Marc G. Fournier [EMAIL PROTECTED]
Senior Systems AdministratorAcadia University

  These are my opinions, which are not necessarily shared by my employer

TLS works, STARTTLS doesn't (imap, v2.0.13)

2001-05-01 Thread Larry M. Rosenbaum 

I have just installed Cyrus IMAP 2.0.13 on Sparc Solaris 7.  I'm 
trying to make an IMAP connection with TLS using Mac Eudora 5.1.  If 
I use the alternate port (993) setting, I can get a connection.  If 
I try to use STARTTLS (which both Cyrus and Eudora 5.1 claim to 
support) I get a STARTTLS failure.  Any ideas?

I have some debug output (I set the debugging level to 5 in tls.c).

Here it is with imaps (port 993):

May  1 10:48:50 emaildev master[16761]: about to exec 
/usr/local/cyrus/bin/imapd
May  1 10:48:50 emaildev service-imaps[16761]: executed
May  1 10:48:50 emaildev imapd[16761]: accepted connection
May  1 10:48:50 emaildev imapd[16761]: starting TLS engine
May  1 10:48:50 emaildev imapd[16761]: TLS engine: cannot load CA data
May  1 10:48:50 emaildev imapd[16761]: setting up TLS connection
May  1 10:48:50 emaildev imapd[16761]: SSL_accept:before/accept initialization
May  1 10:48:50 emaildev imapd[16761]: SSL_accept:SSLv3 read client hello A
May  1 10:48:50 emaildev imapd[16761]: SSL_accept:SSLv3 write server hello A
May  1 10:48:50 emaildev imapd[16761]: SSL_accept:SSLv3 write certificate A
May  1 10:48:50 emaildev imapd[16761]: SSL_accept:SSLv3 write server done A
May  1 10:48:50 emaildev imapd[16761]: SSL_accept:SSLv3 flush data
May  1 10:48:51 emaildev imapd[16761]: SSL_accept:SSLv3 read client 
key exchange A
May  1 10:48:51 emaildev imapd[16761]: SSL_accept:SSLv3 read finished A
May  1 10:48:51 emaildev imapd[16761]: SSL_accept:SSLv3 write change 
cipher spec A
May  1 10:48:51 emaildev imapd[16761]: SSL_accept:SSLv3 write finished A
May  1 10:48:51 emaildev imapd[16761]: SSL_accept:SSLv3 flush data
May  1 10:48:51 emaildev imapd[16761]: starttls: TLSv1 with cipher 
DES-CBC3-SHA (192/192 bits) no authentication
...


Here it is connecting on port 143 and using STARTTLS:

May  1 10:50:30 emaildev master[16775]: about to exec 
/usr/local/cyrus/bin/imapd
May  1 10:50:30 emaildev service-imap[16775]: executed
May  1 10:50:30 emaildev imapd[16775]: accepted connection
May  1 10:50:30 emaildev imapd[16775]: starting TLS engine
May  1 10:50:30 emaildev imapd[16775]: TLS engine: cannot load CA data
May  1 10:50:30 emaildev imapd[16775]: setting up TLS connection
May  1 10:50:30 emaildev imapd[16775]: SSL_accept:before/accept initialization
May  1 10:50:30 emaildev imapd[16775]: SSL_accept:SSLv3 read client hello A
May  1 10:50:30 emaildev imapd[16775]: SSL_accept:SSLv3 write server hello A
May  1 10:50:30 emaildev imapd[16775]: SSL_accept:SSLv3 write certificate A
May  1 10:50:30 emaildev imapd[16775]: SSL_accept:SSLv3 write 
certificate request A
May  1 10:50:30 emaildev imapd[16775]: SSL_accept:SSLv3 write server done A
May  1 10:50:30 emaildev imapd[16775]: SSL_accept:SSLv3 flush data
May  1 10:50:30 emaildev imapd[16775]: SSL3 alert read:warning:no certificate
May  1 10:50:30 emaildev imapd[16775]: SSL3 alert write:fatal:unexected_message
May  1 10:50:30 emaildev imapd[16775]: SSL_accept:error in SSLv3 read 
client certificate B
May  1 10:50:30 emaildev last message repeated 1 time
May  1 10:50:30 emaildev imapd[16775]: STARTTLS failed: 
lmrmac2.ctd.ornl.gov[160.91.170.73]
May  1 10:50:30 emaildev imapd[16775]: Connection reset by peer, 
closing connection
May  1 10:50:30 emaildev master[5017]: process 16775 exited, status 0

-- 
  
Larry M. Rosenbaum  [EMAIL PROTECTED]
Bldg 4500-N, Room E-218 865 574-8155 phone
PO Box 2008, MS 6271865 241-4000 fax
Oak Ridge, TN  37831-6271

Oak Ridge National Laboratory, Network Computing Services group

Can't find com_err.h

2001-05-01 Thread Rolfe Tessem 

I'm trying to compile cyrus-imapd-2.0.13 on a Redhat 6.2.3 system and am 
running into the following problem.

The compilation is barfing while in ../cyrus-imapd-2.0.13/imap with the 
complaint that com_err.h can't be found. Can anyone give me a clue here? 
I don't find this header file on ANY of our Redhat systems. I tried 
2.0.12 but had the same problem. I have compiled 2.0.12 successfully 
before, so this has me scratching my head.

Thanks for any help.

-- 
Rolfe Tessem|   Lucky Duck Productions, Inc.
[EMAIL PROTECTED]   |   96 Morton Street
(212) 463-0029  |   New York, NY 10014

Re: forking problem and SleepyCat

2001-05-01 Thread Walter Wong 

Spark [EMAIL PROTECTED] writes:
 Maybe somebody can comeup with change to the code that can implement this??

ok, the change is in cvs. I also included a diff below.

Please let us know if this makes things any better (or worse).

Walter

===
RCS file: /afs/andrew.cmu.edu/system/cvs/src/cyrus/lib/cyrusdb_db3.c,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- cyrusdb_db3.c   2001/01/02 05:53:47 1.16
+++ cyrusdb_db3.c   2001/05/01 18:31:45 1.17
@@ -91,12 +91,14 @@
 
 static int init(const char *dbdir, int myflags)
 {
-int r;
+int r, do_retry = 1;
 int flags = 0;
 
 assert(!dbinit);
 
-if (myflags  CYRUSDB_RECOVER) flags |= DB_RECOVER;
+if (myflags  CYRUSDB_RECOVER) {
+  flags |= DB_RECOVER | DB_CREATE;
+}
 
 if ((r = db_env_create(dbenv, 0)) != 0) {
syslog(LOG_ERR, DBERROR: db_appinit failed: %s, db_strerror(r));
@@ -130,7 +132,8 @@
 #endif
 
 /* what directory are we in? */
-flags |= DB_CREATE | DB_INIT_LOCK | DB_INIT_MPOOL | 
+ retry:
+flags |= DB_INIT_LOCK | DB_INIT_MPOOL | 
 DB_INIT_LOG | DB_INIT_TXN;
 #if DB_VERSION_MINOR  0
 r = dbenv-open(dbenv, dbdir, flags, 0644); 
@@ -138,6 +141,26 @@
 r = dbenv-open(dbenv, dbdir, NULL, flags, 0644); 
 #endif
 if (r) {
+if (do_retry  (r == ENOENT)) {
+ /* Per sleepycat Support Request #3838 reporting a performance problem: 
+
+   Berkeley DB only transactionally protects the open if you're
+   doing a DB_CREATE.  Even if the Cyrus application is opening
+   the file read/write, we don't need a transaction.  I see
+   from their source that they are always specifying DB_CREATE.
+   I bet if they changed it to not specifying CREATE and only
+   creating if necessary, the problem would probably go away.
+
+Given that in general the file should exist, we optimize the most 
+often case: the file exists.  So, we add DB_CREATE only if we fail 
+to open the file and thereby avoid doing a stat(2) needlessly. Sure, it 
+should be cached by why waste the cycles anyway?
+ */
+ flags |= DB_CREATE;
+ do_retry = 0;
+ goto retry;
+}
+
syslog(LOG_ERR, DBERROR: dbenv-open '%s' failed: %s, dbdir,
   db_strerror(r));
return CYRUSDB_IOERROR;