Re: cyrus-imspd-v1.6a3
Since I haven't seen a response to this yet, I'll take a shot. Make sure you compiled imspd with the appropriate options (my assumption would be that you should use the same as imapd). You might try to explicitly disable-sasl (not sure if imspd supports that flag). You also might try and touch /etc/sasldb just to see what it does when there actually is a file there. You haven't given us much else to work with. We would need to know what authentication mechanism you were expecting to use and what compile time options you used with imapd vs imspd to really say anything concrete. Since I don't use imspd I can't say much more. Is there a configuration file? Check to ensure you are using the right authentication mechanism. -- Michael -- - Original Message - From: P Christie [EMAIL PROTECTED] To: info-cyrus [EMAIL PROTECTED] Sent: Tuesday, June 05, 2001 2:34 AM Subject: cyrus-imspd-v1.6a3 I have installed the cyrus-imspd 1.6 on a Solaris machine which is already running cyrus imap 1.6.24. On testing with imtest the following happens and I am not sure what to try next. bash$ /usr/local/bin/imtest -p 406 -m login localhost C: C01 CAPABILITY S: * OK Cyrus IMSP version 1.6a3 ready S: * CAPABILITY AUTH=PLAIN AUTH=KERBEROS_V4 LITERAL+ S: C01 OK capability completed Password: + go L01 NO generic failure Authenticated. Security strength factor: 0 . logout * BYE Logging user out . OK Logging user out Connection closed. bash$ The /var/adm/messages has the following Jun 5 10:31:23 anaheim.bath.ac.uk imsp[12688]: unable to open Berkeley db /etc/sasldb: No such file or directory Any ideas? --- P Christie [EMAIL PROTECTED]
Re: Backuping mail boxes (fwd)
Being the generator of the email I at first thought it might have been a problem with the Evolution mail client I've been testing on Linux. However, upon closer examination, what has actually happened is that china.com has delivered a second copy back to the info-cyrus mailing list. I can only assume that the china.com server thought it was supposed to take responsibility for delivering email to the address listed in the CC line. Hopefully it thinks it did its job and will not be sending any more copies. Of course why it waited 4 days before sending the second copy is anyone's guess. Below are the headers from both emails. Notice the second gets received by lists2.andrew.edu a second time after going through china.com. You can safely ignore the Received: (from postman@localhost) lines as I think this is an artifact from queueing for later delivery. = Here is the first appearance of the email: = X-Sieve: cmu-sieve 1.3 Received: from lists2.andrew.cmu.edu ([128.2.10.216]) by mrpibb.metawire.com with esmtp (Exim 3.21 #1) id 155EXK-MM-00 for [EMAIL PROTECTED]; Wed, 30 May 2001 15:33:54 -0700 == -- Received by CMU here -- == Received: (from postman@localhost) by lists2.andrew.cmu.edu (8.11.1/8.11.0) id f4UJqTj04985 for info-cyrus-list; Wed, 30 May 2001 15:52:29 -0400 (EDT) Received: from bandit.metawire.com (bandit.metawire.com [204.80.114.68]) by lists2.andrew.cmu.edu (8.11.1/8.11.0) with ESMTP id f4UJqDi04981 for [EMAIL PROTECTED]; Wed, 30 May 2001 15:52:13 -0400 (EDT) Received: from mw-204-80-117-123.metawire.com (mw-204-80-117-123.metawire.com [204.80.117.123]) by bandit.metawire.com (8.9.1/8.9.1) with ESMTP id MAA26304; Wed, 30 May 2001 12:52:04 -0700 = Here is the second: = Received: from lists2.andrew.cmu.edu ([128.2.10.216]) by mrpibb.metawire.com with esmtp (Exim 3.21 #1) id 1570A8-t2-00 for [EMAIL PROTECTED]; Mon, 04 Jun 2001 12:37:16 -0700 Received: (from postman@localhost) by lists2.andrew.cmu.edu (8.11.1/8.11.0) id f54GUsN11684 for info-cyrus-list; Mon, 4 Jun 2001 12:30:54 -0400 (EDT) == -- Received by CMU again (this time from china.com) here - == Received: from china.com (TCE-E-7-182-16.bta.net.cn [202.106.182.16]) by lists2.andrew.cmu.edu (8.11.1/8.11.0) with SMTP id f54GUki11680 for [EMAIL PROTECTED]; Mon, 4 Jun 2001 12:30:50 -0400 (EDT) Received: from china.com([10.1.7.104]) by china.com(AIMC 2.9.5.1) with SMTP id jm43b1bc8c2; Tue, 05 Jun 2001 00:27:50 +0800 Received: from lists2.andrew.cmu.edu([128.2.10.216]) by china.com(AIMC 2.9.5.1) with SMTP id jm123b1597bf; Thr, 31 May 2001 06:29:17 +0800 Received: (from postman@localhost) by lists2.andrew.cmu.edu (8.11.1/8.11.0) id f4UJqTj04985 for info-cyrus-list; Wed, 30 May 2001 15:52:29 -0400 (EDT) == -- Received by CMU here -- == Received: from bandit.metawire.com (bandit.metawire.com [204.80.114.68]) by lists2.andrew.cmu.edu (8.11.1/8.11.0) with ESMTP id f4UJqDi04981 for [EMAIL PROTECTED]; Wed, 30 May 2001 15:52:13 -0400 (EDT) Received: from mw-204-80-117-123.metawire.com (mw-204-80-117-123.metawire.com [204.80.117.123]) by bandit.metawire.com (8.9.1/8.9.1) with ESMTP id MAA26304; Wed, 30 May 2001 12:52:04 -0700 -- Michael --
FWD: consistent ldap login problem
hi all, i looked into the logs, and it seems during the first try, imapd dies before calling pam. any ideas? Jun 7 14:49:32 homer master[3385]: process 5486 exited, signaled to death by 11 -- this is 1st try with a correct pw Jun 7 14:53:33 homer imapd[5492]: pam_ldap: error trying to bind as user cn=test2,dc=magicallydns,dc=net (Invalid credentials) -- this is 2nd with a bad pw Jun 7 14:53:42 homer imapd[5492]: login: localhost.localdomain[127.0.0.1] test2 plaintext -- this is 3rd try with a good pw thank you. manuel. ** [EMAIL PROTECTED] wrote on Thu Jun 07 12:24:39 CST 2001 ** hi everyone, i've search thru the mailing list without success to look for an answer to my question. simply put, i have to login the first time with a wrong password and then again with the correct one to login to the imap server. if on the first try i supply a correct one, the server will return a prot layer failure. i do not know where the problem lies, so after thinking for a while i decided to go for the pwcheck_ldap option. but then i discovered that i can't use it on cyrus-imapd 1.6 hmm... what else can i try? setup: cyrus-sasl 1.5.24 libraries openldap 2.0.11 stores uid, userPassword pam_ldap-111 used 4 authentication cyrus-imapd 2.0.13 server thank you. manuel.
Cyrus - mysql - sasl ( and postfix too )
Because of time constraints,I haven't been keeping up with the mailing list. Not sure what the current state of things are. I've got cyrus-imapd-1.6.24 and cyrus-sasl-1.5.24 setup with mysql mods ( from someone on the list ) thatlet me use mysql tables for authentication. I modified the code some so that I can use crypt and mysql encrypted passwords along with plain text passwords. Ialso havemod_auth_mysql set up to read the same tables. I also have postfix with SMTP AUTH enabled. Now the onlydifficulty I have is that CRAM-MD5 uses the sasldb file and pretty much everything elseuses the mysql/sasl mod code. Does anyone know how to have the CRAM-MD5 stuff NOT use the sasldb file? I'd like to get ridof the sasldb file altogether. Thanks - jack
Re: Backuping mail boxes (fwd)
On Wed, 6 Jun 2001, Michael Fair wrote: Being the generator of the email I at first thought it might have been a problem with the Evolution mail client I've been testing on Linux. However, upon closer examination, what has actually happened is that china.com has delivered a second copy back to the info-cyrus mailing list. I can only assume I had the same problem with one of my mailinglists (KEITAI-L) with one user who used china.com as an smtp server. I tried to contact postmaster and root at china.com but never got any replies. Since the problem never went away and did not got any answer I simply blocked china.com away. -- Mika Tuupola http://www.appelsiini.net/~tuupola/
Alternate namespace and sieve problem
We would like to use 2.0.14-NAMESPACE with the alternate namespace enabled. This works when naming a mailbox through the IMAP protocol but does not seem to extend to mailbox names in sieve scripts. It does mean that existing sieve scripts will continue to work, but it seems wrong that users should have to use different namespaces for reading mail and composing sieve scripts. Of course websieve will need modification to work with the alternate namespace, but that is a different issue and should be fairly straightforward. Thanks, John.
Re: Alternate namespace and sieve problem
John Holman wrote: We would like to use 2.0.14-NAMESPACE with the alternate namespace enabled. This works when naming a mailbox through the IMAP protocol but does not seem to extend to mailbox names in sieve scripts. It does mean that existing sieve scripts will continue to work, but it seems wrong that users should have to use different namespaces for reading mail and composing sieve scripts. You're correct in that the code I released last week does not work correctly with sieve. Actually, its not really a sieve problem, but a problem with lmtpd. I fixed this problem over the weekend, but haven't created a distribution yet. I hope to post the code by the end of the day. For the time being, your users (or the admin) will have to modify the scripts to use the new folder names. I hope to write a conversion script soon, and will either post it separately, create another NAMESPACE distro, or release it with 2.0.15. Stay tuned, Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Sieve Vacation
Hi, I installed cyrus 2.0.14 with sendmail 8.11.4 and with this sieve script: vacation :addresses [EMAIL PROTECTED] test; redirect [EMAIL PROTECTED]; keep; and the result is: no vacation message, mail redirected to [EMAIL PROTECTED] and kept in the inbox of the user. I don't understand. Could you help me? Bacioni Siur K. --- __O Stefano Coatti - MAP _-\,_ Inferentia S.p.A. (_)/ (_) Tel. 02.59928.258
Re: ANN: Alternate namespace for Cyrus IMAP
John Holman wrote: Ken I do have one query though. Since personal folders and INBOX now exist at the same level for the logged-in user I had expected the same to be true also for Other Users - e.g. there might be mailboxes Other Users.Mike.INBOX Other Users.Mike.Saved etc. (There is a similar example on p.7 of RFC2342) However this is not the case - instead the messages in Mike's INBOX are found in Other Users.Mike Is it worth reconsidering this while the enhancement is still not official - or are there theoretical or practical reasons for the way it's done at present? No reason, either practical or theoretical, that I can think of right now (it just never occurred to me). I can take a look at the code to see if this is feasible. If it's going to break a lot of other stuff, I'll probably skip it for the time being. In fact, I'll look at this tonight. I was just about to release a new beta with updates to lmtpd, but I'll hold off until I check this out. I'm interested in what other people think about this. Is this change a MUST or a SHOULD for people that intend to use the alternate namespace? Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: consistent ldap login problem
[EMAIL PROTECTED] wrote: hi everyone, i've search thru the mailing list without success to look for an answer to my question. simply put, i have to login the first time with a wrong password and then again with the correct one to login to the imap server. if on the first try i supply a correct one, the server will return a prot layer failure. i do not know where the problem lies, so after thinking for a while i decided to go for the pwcheck_ldap option. but then i discovered that i can't use it on cyrus-imapd 1.6 Unfortunately, I've nailed the problem down to pam_ldap/nss_ldap, both of which have bugs that close the LDAP connections before they should be closed. I want to find the people who wrote the pam nss ldap modules, and beat them over the head with a 17 monitor - the source code consists of a ton of macros... it's ridiculous. I'm afraid to patch the source for fear I'll generate more bugs. My solution was to do pwcheck_ldap -- actually, a patched pwcheck that can authenticate out of /etc/shadow OR ldap - but as you've mentioned, that isn't an option with 2.0. Perhaps we can make some noise on the nss_ldap and pam_ldap mailing lists. :) I'm already subscribed. I'm going to see if someone has patches for the current versions of pam_ldap and nss_ldap that will fix the problems. Just to confirm that I'm seeing the same thing you are, please telnet to port 110 of your mail server and manually enter the correct Pop3 User and Pass commands for an account that is authenticated off your LDAP server, and tell me you get an error message about an assertion regarding ldo_valid(). Also try manually logging in via a telnet session to port 143 (IMAP). Thanks. -- Tired of Earthlink? Get JustTheNet! Nationwide Dialup, ISDN, DSL, ATM, Frame Relay, T-1, T-3, and more. EARTHLINK AMNESTY PROGRAM: Buy a year, get two months free More info coming soon to http://JustThe.net, or e-mail me! B!ff: K3wl, w3'v3 r00t3D da [EMAIL PROTECTED] 0h CrAp, INC0M!Ng $%^NO CARRIER
ANN: alternate namespace beta2
I just made the second (and hopefully final) beta of the alternate namespace code available at: ftp://ftp.oceana.com/pub/cyrus-imapd-2.0.14-NAMESPACE-r2.tar.gz You can also grab it via anonymous CVS at CMU by checking out the alt-namespace branch or alt-namespace-r2 tag. The new code only has two changes from the previous release: - fixed a small buglet where a 'LIST %' outputs '* LIST (\Noselect) . Shared Folders' even if no shared folders are listable by the user - added support for the new namespace to lmtpd This last change only effects sites using Sieve. For the time being, existing Sieve scripts with 'fileinto' actions will have to be manually edited to use the correct folder names corresponding to the alternate namespace. I plan on writing a tool which will convert all scripts in 'sievedir'. I will either post this to the list when available or simply include it in the next beta (if necessary) or 2.0.15. The changes to lmtpd do NOT effect plus addressing, ie, mailing directly to shared folders. Shared Folder.foo still has an email address of [EMAIL PROTECTED] or [EMAIL PROTECTED] As always, all feedback welcome. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Sieve Vacation
Stefano Coatti wrote: Stefano Coatti wrote: Hi, I installed cyrus 2.0.14 with sendmail 8.11.4 and with this sieve script: vacation :addresses [EMAIL PROTECTED] test; redirect [EMAIL PROTECTED]; keep; and the result is: no vacation message, mail redirected to [EMAIL PROTECTED] and kept in the inbox of the user. I don't understand. Could you help me? - Any errors in imapd.log? - If you're sending a test message from [EMAIL PROTECTED], vacation won't reply to yourself. - If you're sending from a different address and you've sent more than one message, try changing the reply text in your vacation rule. Sieve will only send ONE vacation response per sender per reply text. Ken --- Thank you very much for the answered: - I have not error in imapd.log; - Yes I know, addresses are different; - I changed the text but nothing happens. Hmm. Try using the sieve 'test' program on your script and one of the messages that you've sent. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Sieve Vacation
Are you using LMTP as your delivery mechanism (deliver -l or direct to lmtp socket)? I believe this is required for the vacation feature in Sieve to work. -Shawn Sivy Stefano Coatti wrote: Hi, I installed cyrus 2.0.14 with sendmail 8.11.4 and with this sieve script: vacation :addresses [EMAIL PROTECTED] test; redirect [EMAIL PROTECTED]; keep; and the result is: no vacation message, mail redirected to [EMAIL PROTECTED] and kept in the inbox of the user. I don't understand. Could you help me? Bacioni Siur K. --- __O Stefano Coatti - MAP _-\,_ Inferentia S.p.A. (_)/ (_) Tel. 02.59928.258
cyradm administration via krb5 admin instance
Hi all,
Is it possible to use a krb5 style admin instance with cyradm? It's
not working for me.
I've been testing a cyrus imapd installation using SASL GSSAPI
authentication. Aside from the problem with the above, everything is
working quite nicely, it's really great software!
I'm guessing the problem is with the '/' character, i.e. 'benp/admin'.
It doesn't seem to be shell related, since I've tried a dozen different
quoting and escaping methods ('benp/admin', benp/admin, benp\/admin,
etc...).
The man page for imapd.conf states:
admins: none
The list of userids with administrative rights. Separate each userid
with a space. Sites using Kerberos authentication may use separate
admin instances.
Currently the 'admins' line of my imapd.conf file looks like:
admins: benpadmin 'benp/admin'
I've resorted to creating an additional benpadmin principle... (with
which I'm able to GSSAPI authenticate using cyradm).
The error logged by imapd when I attempt to use cyradm with benp/admin
is:
Jun 7 15:31:45 imogen imapd[4477]: badlogin: .reed.edu[...]
GSSAPI authentication failure [bad userid authenticated]
cyradm fails with this error:
/usr/local/bin/cyradm --user 'benp/admin' --auth GSSAPI .reed.edu
cyradm: cannot authenticate to server with GSSAPI as benp/admin
[ BTW I don't have any problems getting a kerberos *ticket* for the
benp/admin instance ]
The server is an x86 Red Hat Linux 7.1 system and we're running
cyrus-imapd-2.0.12 and cyrus-sasl-1.5.24 both built from source.
I'm somewhat new to being a krb5 administrator (so the problem may not
be related to cyrus), but I haven't had any other problems with this
'benp/admin' instance.
Any thoughts?
Ben
--
---
Ben Poliakoff email: [EMAIL PROTECTED]
Reed College tel: (503)-788-6674
Unix System Administrator PGP key: http://www.reed.edu/~benp/key.html
---
0x6AF52019 fingerprint = A131 F813 7A0F C5B7 E74D C972 9118 A94D 6AF5 2019
Re: ANN: Alternate namespace for Cyrus IMAP
Ken Murchison wrote: John Holman wrote: Ken I do have one query though. Since personal folders and INBOX now exist at the same level for the logged-in user I had expected the same to be true also for Other Users - e.g. there might be mailboxes Other Users.Mike.INBOX Other Users.Mike.Saved etc. (There is a similar example on p.7 of RFC2342) However this is not the case - instead the messages in Mike's INBOX are found in Other Users.Mike Is it worth reconsidering this while the enhancement is still not official - or are there theoretical or practical reasons for the way it's done at present? No reason, either practical or theoretical, that I can think of right now (it just never occurred to me). I can take a look at the code to see if this is feasible. If it's going to break a lot of other stuff, I'll probably skip it for the time being. In fact, I'll look at this tonight. I was just about to release a new beta with updates to lmtpd, but I'll hold off until I check this out. I took a look at this and it IS doable (I actually hacked some code), but it makes the LIST/LSUB code uglier than it already is. For this reason, and the fact that Larry and I both feel that most users won't be sharing their INBOXes, I'm not going to implement this right now. That being said, if the current behavior is determined to be a violation of RFC2342 or the people that contracted me to implement the alternate namespace want this 'feature' or demand for this 'feature' is overwhelming, then I WILL implement it. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Solaris 8 errors
I had a similar problem and was able to fix it by reconfiguring/compiling/installing SASL using the --disable-gssapi option. I then recompiled cyrus and reinstalled it (I don't know if this was needed). I still got the errors, but noticed that the libgssapiv2.* files were still in the sasl library directory. I delete them since they were probably left over from the original install. After all that, I would suggest just deleting (or renaming) these files first and see what happens. You may not need to recompile sasl and cyrus packages. -Shawn Sivy J.D. Bronson wrote: Hello! I am running solaris 8 and have all the correct files needed to compile and build cyrus imap (per the topics on the list achives)... It configured and build with NO errors and I completed the install... Howeverthe master process starts fine, but as soon as a request is made to the pop3/imap daemon - here is the results: Jun 5 14:24:14 pop3d[3248]: unable to dlopen /usr/lib/sasl/libgssapiv2.so: ld.so.1: pop3d: fatal: relocation error: file /usr/lib/sasl/libgssapiv2.so: symbol GSS_C_NT_HOSTBASED_SERVICE: referenced symbol not found Jun 5 14:24:31 imapd[3256]: unable to dlopen /usr/lib/sasl/libgssapiv2.so: ld.so.1: imapd: fatal: relocation error: file /usr/lib/sasl/libgssapiv2.so: symbol GSS_C_NT_HOSTBASED_SERVICE: referenced symbol not found I used the small.conf file.. If its forked, the errors on non stop! I did of course successfully install sasl and symlinked /usr/lib/sasl to /usr/local/lib/sasl Any thoughts or help on this? TIA! -- J.D. Bronson Aurora Health Care - Info Servcs Milwaukee WI USA Office: 414.978.8282Pager: 414.314.8282Fax: 414.328.8282 -= Sent via PINE 4.33: Internet News Email for Solaris/Sparc =-
