Re: telnet 993 asks for PEM passphrase
Should I have a socket for imaps and or imap in
/var/imap/socket ? Currently I only have an lmtp
socket:
/var/imap/socket
catfish# ls -l
total 0
srwxrwxrwx 1 root other 0 Aug 22 22:31
lmtp
This is the error I am seeing in my log when I use
Navigator or Outlook to connect. The connection never
works however:
Aug 23 05:01:54 catfish master[1736]: [ID 392559
local6.debug] about to exec /us
r/local/bin/ctl_mboxlist
Aug 23 05:01:54 catfish ctl_mboxlist[1736]: [ID 197397
local6.notice] checkpoint
ing mboxlist
Aug 23 05:01:54 catfish master[1692]: [ID 310780
local6.debug] process 1736 exit
ed, status 0
Now if I telnet localhost 993 I will get the
following:
catfish# telnet localhost 993
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* BYE Fatal error: tls_init() failed
Connection closed by foreign host.
The error in the log is as follows:
Aug 23 05:15:04 catfish master[1754]: [ID 392559
local6.debug] about to exec /us
r/local/bin/imapd
Aug 23 05:15:04 catfish service-imaps[1754]: [ID
518349 local6.debug] executed
Aug 23 05:15:04 catfish imapd[1754]: [ID 921384
local6.debug] accepted connectio
n
Aug 23 05:15:04 catfish imapd[1754]: [ID 459655
local6.notice] TLS engine: canno
t load CA data
Aug 23 05:15:04 catfish imapd[1754]: [ID 164529
local6.error] unable to get priv
ate key from '/var/imap/catfish-cert.pem'
Aug 23 05:15:04 catfish imapd[1754]: [ID 992616
local6.error] TLS engine: cannot
load cert/key data
Aug 23 05:15:04 catfish imapd[1754]: [ID 953259
local6.error] error initializing
TLS: [CA_file: ] [CA_path: ] [cert_file:
/var/imap/catfish-cert.pem] [key_file:
/var/imap/catfish-cert.pem]
Aug 23 05:15:04 catfish master[1692]: [ID 310780
local6.debug] process 1754 exit
ed, status 75
I have my key and cert combined in one file as this
made testing with imtest -t /path/to/cert possible
since the -t option can only take one file as an
agrument. Any ideas?
Thanks
--- Jeremy Howard [EMAIL PROTECTED] wrote:
chirs charter wrote:
So run the following then:
openssl rsa -in file.key -out newfile.key
That's right.
Does this pose a potential security threat though?
It depends. If someone gets access to your key then
they can pretend to be
you. If you keep your key secure then you'll be
fine. I'm no crypto expert,
but I think it's reasonably standard for server keys
to have no password,
since many servers need to start up without
interactive input.
Also do I need inetd running ? Many of the HOW TOs
mention the presence of inetd but I am under the
impression that this is what the 'master'
program's
responsibility is.
No you don't need inetd for IMAPd. Check
/etc/inetd.conf to see whether
there's any other services there that you need
before you kill it though. If
you don't kill inetd at least remove imap related
entries from
/etc/inetd.conf.
I have noticed though if I kill
inetd I get the following which seems a bit
spartan
no?
catfish# ps -ef | grep inetd
root 1627 1 0 21:30:54 ?0:00
/usr/sbin/inetd -s
catfish# kill 1627
catfish# telnet localhost 993
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
A bit spartan... You'd need a very advanced mail
client to display your mail
with so little to go on... although it _is_ very
secure ;-)
Make sure that /etc/cyrus.conf looks a bit like:
START {
# do not delete these entries!
mboxlist cmd=ctl_mboxlist -r
deliver cmd=ctl_deliver -r
}
# UNIX sockets start with a slash and are put into
/var/imap/socket
SERVICES {
# add or remove based on preferences
imapcmd=imapd listen=imap prefork=0
imaps cmd=imapd -s listen=imaps prefork=0
pop3cmd=pop3d listen=pop3 prefork=0
pop3s cmd=pop3d -s listen=pop3s prefork=0
sieve cmd=timsieved listen=sieve prefork=0
# at least one LMTP is required for delivery
# lmtp cmd=lmtpd listen=lmtp prefork=0
lmtpunix cmd=lmtpd
listen=/var/imap/socket/lmtp prefork=0
}
EVENTS {
# this is required
checkpoint cmd=ctl_mboxlist -c period=30
# this is only necessary if using duplicate
delivery suppression
delprune cmd=ctl_deliver -E 3 period=1440
}
Then when you start /usr/cyrus/bin/master it will be
able to fork off imapd
processes as required.
__
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
Re: telnet 993 asks for PEM passphrase
chirs charter wrote Should I have a socket for imaps and or imap in /var/imap/socket ? Currently I only have an lmtp socket: /var/imap/socket catfish# ls -l total 0 srwxrwxrwx 1 root other 0 Aug 22 22:31 lmtp No. imaps and imap use TCP sockets, not Unix sockets. So what you see is fine. Aug 23 05:15:04 catfish master[1754]: [ID 392559 local6.debug] about to exec /us r/local/bin/imapd Aug 23 05:15:04 catfish service-imaps[1754]: [ID 518349 local6.debug] executed Aug 23 05:15:04 catfish imapd[1754]: [ID 921384 local6.debug] accepted connectio n Aug 23 05:15:04 catfish imapd[1754]: [ID 459655 local6.notice] TLS engine: canno t load CA data Aug 23 05:15:04 catfish imapd[1754]: [ID 164529 local6.error] unable to get priv ate key from '/var/imap/catfish-cert.pem' Does the cyrus user have access to /var/imap/catfish-cert.pem and its parent directories?
Re: telnet 993 asks for PEM passphrase
chirs charter wrote: HEllo, I uncomented the imaps entry in /etc/cyrus.conf. Now if I telnet to localhost on port 993 I am prompted to enter a PEM pass phrase. Somethings seems misconfiugred no? If I enter the PEM passphrase for the server's cert it fails. I know something is wrong here I am just unsure what. If you could give me some feedback I would greatly appreciate it. Thanks. Here is the transcript: Ccatfish# telnet localhost 993 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Enter PEM pass phrase:XX * BYE Fatal error: tls_init() failed Connection closed by foreign host. Confused. Whether or not you have a passphrase, you can't telnet to a SSL wrapped service port and expect to see anything. You have to use something like 'openssl s_client -connect localhost:993' Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Problem with Sieve Vacation message
Stefano Coatti wrote:
Hi,
I use cyrus 2.0.16 with sendmail and sendmail 8.11.6.
I retry to solve the problem of sieve vacation message.
My actual Mailer configuration in sendmail is:
Mcyrus,P=[IPC], F=lsDFMnqA5@/:|SmXz, E=\r\n,
S=EnvFromL, R=EnvToL/HdrToL, T=DNS/RFC822/X-Unix,
A=FILE /var/imap/socket/lmtp
With this configuration, sieve mechanism works fine but vacation message no.
For example the script:
require [reject,fileinto];
if address :is :all From [EMAIL PROTECTED]
{
reject testing;
}
is OK while in the execution of this script:
require [vacation];
vacation :days 20 :addresses [EMAIL PROTECTED] Delirio tremens...;
nothing happens.
With this action, the only messages that will generate vacation
responses are those sent to stefano.coatti and
[EMAIL PROTECTED]. I'm guessing that you want to add at least
[EMAIL PROTECTED] to the list of :addresses.
Ken
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
News for SIG11: imapd only crashes when account is configured for subscribed folders.
Yeah! I don't believe it! I can access my imapd account. All I did was changing the advanced options in mozilla to get all folders and not only the subscribed ones. Maybe this will help you find the bug finally. Thanks a lot. Bye, Levo. P.S. That unknown option -s for imapd and pop3d still persists and causes SIG11, too. 2.0.16, sasl 1.5.24
acapd build
I try to build cyrus-smlacapd-0.5 and get the following: ### Making all in /tmp/inst/cyrus-smlacapd-0.5/backend gmake[1]: Âõîä â êàòàëîã `/tmp/inst/cyrus-smlacapd-0.5/backend' sml compileit || true Standard ML of New Jersey v110.34 [FLINT v1.5], July 10, 2001 - [autoloading] [library $smlnj/cm/cm.cm is stable] [library $smlnj/internal/cm-sig-lib.cm is stable] [library $smlnj/internal/srcpath-lib.cm is stable] [autoloading done] stdIn:1.1-1.11 Error: operator and operand don't agree [tycon mismatch] operator domain: string operand: unit in expression: CM.make () uncaught exception Error raised at: ../compiler/TopLevel/interact/evalloop.sml:80.41-80.49 ../compiler/TopLevel/interact/evalloop.sml:60.55 what's wrong?
Re: Problem with Sieve Vacation message
[EMAIL PROTECTED] wrote: Kenneth Murchison writes: vacation :days 20 :addresses [EMAIL PROTECTED] Delirio tremens...; With this action, the only messages that will generate vacation responses are those sent to stefano.coatti and [EMAIL PROTECTED]. You are assuming that `servername' is not specified in /etc/imapd.conf. If it is, `vacation' will append that domain to stefano.coatti. My sendmail configuration, for example, always qualifies unqualified addresses, so that I must define `servername' to get a working default for sieve `vacation'. I think you're mistaken. Please show me where in the code vacation does anything with the servername. Vacation makes no assumptions about what the server or domain name is when comparing addresses, it simply compares the envelope TO address and any :addresses specified in the vacation action to those in the TO, CC and BCC headers in the message body. I worked on a lot of this code, so I'm pretty sure that I'm right. But please correct me if I'm wrong, I might actually learn something today :^) Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: News for SIG11: imapd only crashes when account is configured for subscribed folders.
Levent Gündogdu [EMAIL PROTECTED] wrote:
Yeah!
I don't believe it! I can access my imapd account. All I did was
changing the advanced options in mozilla to get all folders and not only
the subscribed ones. Maybe this will help you find the bug finally.
Thanks a lot.
Bye,
Levo.
P.S. That unknown option -s for imapd and pop3d still persists and
causes SIG11, too.
I noticed this before, but only when I ran master in 'debug' mode (master -D)
which doesn't close stderr etc. The following patch suppresses the error
message. This was from 2.0.15 or thereabouts.
--- master/service.c.orig Fri Jun 15 17:58:53 2001
+++ master/service.cFri Jun 15 15:04:29 2001
@@ -145,6 +145,7 @@
int opt;
char *alt_config = NULL;
+opterr = 0;
while ((opt = getopt(argc, argv, C:)) != EOF) {
switch (opt) {
case 'C': /* alt config file */
--
Cillian
Re: Cyrus IMAP 2.0.16 released
Date: Thu, 23 Aug 2001 14:53:45 +0200 (CEST) From: Klaus Jaehne [EMAIL PROTECTED] On Fri, 27 Jul 2001, Lawrence Greenfield wrote: I've thrown Cyrus IMAP 2.0.16 on ftp.andrew.cmu.edu. I didn't test the ancillary utilities as much as I would've liked (cyradm, etc.) but the base server should be solid. This version has some important db3 fixes, so I strongly encourage people to upgrade, especially in high volume sites. Thanks very much to everybody who sent patches for various things. Does this release fix the DB3-Problems reported by Paul Graham an 6 Aug 2001? We believe so, yes. Larry
Re: telnet 993 asks for PEM passphrase
chirs charter wrote: Ken, Makes total sense thanks. Here is the putput using the s_client to opensl: catfish# openssl s_client -connect localhost:993 -cert /var/imap/cert.pem unable to get certificate from '/var/imap/cert.pem' 1853:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:662:Expect ing: CERTIFICATE 1853:error:140AD009:SSL routines:SSL_CTX_use_certificate_file:missing asn1 eos:s sl_rsa.c:534: More to go on but I have not had any luck finding out more on this error messages. Any ideas? Thanks again. Try it without -cert. See if it works without a client cert first (baby steps). --- Ken Murchison [EMAIL PROTECTED] wrote: chirs charter wrote: HEllo, I uncomented the imaps entry in /etc/cyrus.conf. Now if I telnet to localhost on port 993 I am prompted to enter a PEM pass phrase. Somethings seems misconfiugred no? If I enter the PEM passphrase for the server's cert it fails. I know something is wrong here I am just unsure what. If you could give me some feedback I would greatly appreciate it. Thanks. Here is the transcript: Ccatfish# telnet localhost 993 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Enter PEM pass phrase:XX * BYE Fatal error: tls_init() failed Connection closed by foreign host. Confused. Whether or not you have a passphrase, you can't telnet to a SSL wrapped service port and expect to see anything. You have to use something like 'openssl s_client -connect localhost:993' Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: telnet 993 asks for PEM passphrase
Looks like an error in the opening dialogue? catfish# openssl s_client -connect localhost:993 CONNECTED(0003) 1855:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_cln t.c:460: What do you think? Thanks --- Ken Murchison [EMAIL PROTECTED] wrote: chirs charter wrote: Ken, Makes total sense thanks. Here is the putput using the s_client to opensl: catfish# openssl s_client -connect localhost:993 -cert /var/imap/cert.pem unable to get certificate from '/var/imap/cert.pem' 1853:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:662:Expect ing: CERTIFICATE 1853:error:140AD009:SSL routines:SSL_CTX_use_certificate_file:missing asn1 eos:s sl_rsa.c:534: More to go on but I have not had any luck finding out more on this error messages. Any ideas? Thanks again. Try it without -cert. See if it works without a client cert first (baby steps). --- Ken Murchison [EMAIL PROTECTED] wrote: chirs charter wrote: HEllo, I uncomented the imaps entry in /etc/cyrus.conf. Now if I telnet to localhost on port 993 I am prompted to enter a PEM pass phrase. Somethings seems misconfiugred no? If I enter the PEM passphrase for the server's cert it fails. I know something is wrong here I am just unsure what. If you could give me some feedback I would greatly appreciate it. Thanks. Here is the transcript: Ccatfish# telnet localhost 993 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Enter PEM pass phrase:XX * BYE Fatal error: tls_init() failed Connection closed by foreign host. Confused. Whether or not you have a passphrase, you can't telnet to a SSL wrapped service port and expect to see anything. You have to use something like 'openssl s_client -connect localhost:993' Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/
Re: perl scripts
I use the following perl script to create users: (Put in valid
userid/passwd for $user and $pass)
#!/usr/bin/perl -w
# adduser.pl
# Usage: adduser.pl newuser
#
use File::Basename;
use Net::IMAP;
$newuser = user.$ARGV[0];
$user = user;
$pass = password;
# Set this to the hostname of your IMAP server
#$IMAPSERVER = 142.227.51.106;
$IMAPSERVER = localhost;
#
# Main Code
#
# Login to IMAP server
$imap = new Net::IMAP($IMAPSERVER, Synchronous = 1) || die no go
$! !;
$response = $imap-login($user, $pass);
print Login: , $response-status, -, $response-status_text, \n;
# Create the new mailbox
$response = $imap-create($newuser);
print Create: , $response-status, -, $response-status_text, \n;
# Disconnect from IMAP server
$response = $imap-logout();
print Logout: , $response-status, -, $response-status_text, \n;
Sandra Regina wrote:
I have been searching the archive messages for a script to create
mailbox, but I have found it only in TCL. I have read on man pages
that cyradm in tcl is not supported any more.
Does anyone has the following script in Perl ?
Thanks a lot
Sandra
su first
cyradm -file adduser.tcl
if {$argc != 1} {
puts usage: No user list specifiled.
exit 1
}
set infile [lindex $argv 0 ]
set quota 512
eval cyradm connect cyr_conn host
eval cyr_conn authenticate -pwcommand {{
set hostname myhost
set adminid cyrus
set adminpw the password
list $adminid $adminpw
}
}
if [catch {open $infile} IN] {
puts stderr Can not open file $infile: $IN
exit 1
}
while {[gets $IN mailbox] = 0} {
exec /usr/sbin/adduser -batch $mailbox email $mailbox $mailbox
cyr_conn createmailbox user.$mailbox
cyr_conn setquota user.$mailbox storage $quota
cyr_conn createmailbox user.$mailbox.sentmail
}
close $IN
Re: telnet 993 asks for PEM passphrase
chirs charter wrote: Looks like an error in the opening dialogue? catfish# openssl s_client -connect localhost:993 CONNECTED(0003) 1855:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_cln t.c:460: What do you think? Thanks Don't know. This is beyond my knowledge of SSL/TLS. All I know is that I follow install-configure.html to the letter and everything always works right out of the box. I'd throw out whatever HOWTO you used and use the included documentation. Ken --- Ken Murchison [EMAIL PROTECTED] wrote: chirs charter wrote: Ken, Makes total sense thanks. Here is the putput using the s_client to opensl: catfish# openssl s_client -connect localhost:993 -cert /var/imap/cert.pem unable to get certificate from '/var/imap/cert.pem' 1853:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:662:Expect ing: CERTIFICATE 1853:error:140AD009:SSL routines:SSL_CTX_use_certificate_file:missing asn1 eos:s sl_rsa.c:534: More to go on but I have not had any luck finding out more on this error messages. Any ideas? Thanks again. Try it without -cert. See if it works without a client cert first (baby steps). --- Ken Murchison [EMAIL PROTECTED] wrote: chirs charter wrote: HEllo, I uncomented the imaps entry in /etc/cyrus.conf. Now if I telnet to localhost on port 993 I am prompted to enter a PEM pass phrase. Somethings seems misconfiugred no? If I enter the PEM passphrase for the server's cert it fails. I know something is wrong here I am just unsure what. If you could give me some feedback I would greatly appreciate it. Thanks. Here is the transcript: Ccatfish# telnet localhost 993 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Enter PEM pass phrase:XX * BYE Fatal error: tls_init() failed Connection closed by foreign host. Confused. Whether or not you have a passphrase, you can't telnet to a SSL wrapped service port and expect to see anything. You have to use something like 'openssl s_client -connect localhost:993' Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
RE:cyradm scripts in Perl
Thanks a lot to all of you that have help me. How is goot to sleep in peace... now I will be able to do it... :-) I have a question , anyway. Why can not I use Cyrus::IMAP::Admin module instead of IMAP::Admin? This one come with Cyrus-Imap package ... Thanks. Sandra
Re: News for SIG11: imapd only crashes when account is configured for subscribed folders.
Levent Gündogdu wrote: Thanks. Removing -D did not show this error anymore. Well, obviously this only surpresses the output of the error message but not the error itself. I'm still getting these: Aug 23 16:06:11 server02 pop3d[18391]: pop3s: required OpenSSL options not present Aug 23 16:06:11 server02 master[18382]: process 18391 exited, signaled to death by 11 Aug 23 16:06:11 server02 imapd[18389]: imaps: required OpenSSL options not present Aug 23 16:06:11 server02 master[18382]: process 18389 exited, signaled to death by 11 These errors are telling you exactly what the problem is. You haven't specified the certificate and key files for OpenSSL. If you plan on using imaps and pop3s, then you MUST set the correct options. Otherwise, remove these entries from cyrus.conf. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: perl scripts
A certain caution needs to be exercised however. I have a security
fettish and I find the nonchalance of passwords in scripts a bit
alarming (unless, of course, they are readable/executable only by
root).
A simple solution is to have the script prompt the user for the IMAP
admin password instead of supplying it in the script. This is actually
better than root only read/execute since the email adminstrator need
not have root access to create email accounts. (Sudo is a wonderful
tool, but even better when no root access is required.)
-- Rob
--On Thursday, August 23, 2001 11:57:03 AM -0300 Patrick Boutilier
[EMAIL PROTECTED] wrote:
I use the following perl script to create users: (Put in valid
userid/passwd for $user and $pass)
#!/usr/bin/perl -w
# adduser.pl
# Usage: adduser.pl newuser
#
use File::Basename;
use Net::IMAP;
$newuser = user.$ARGV[0];
$user = user;
$pass = password;
# Set this to the hostname of your IMAP server
#$IMAPSERVER = 142.227.51.106;
$IMAPSERVER = localhost;
#
# Main Code
#
# Login to IMAP server
$imap = new Net::IMAP($IMAPSERVER, Synchronous = 1) || die no
go $! !; $response = $imap-login($user, $pass);
print Login: , $response-status, -, $response-status_text,
\n; # Create the new mailbox
$response = $imap-create($newuser);
print Create: , $response-status, -, $response-status_text,
\n; # Disconnect from IMAP server
$response = $imap-logout();
print Logout: , $response-status, -, $response-status_text,
\n;
Sandra Regina wrote:
I have been searching the archive messages for a script to create
mailbox, but I have found it only in TCL. I have read on man pages
that cyradm in tcl is not supported any more.
Does anyone has the following script in Perl ?
Thanks a lot
Sandra
su first
cyradm -file adduser.tcl
if {$argc != 1} {
puts usage: No user list specifiled.
exit 1
}
set infile [lindex $argv 0 ]
set quota 512
eval cyradm connect cyr_conn host
eval cyr_conn authenticate -pwcommand {{
set hostname myhost
set adminid cyrus
set adminpw the password
list $adminid $adminpw
}
}
if [catch {open $infile} IN] {
puts stderr Can not open file $infile: $IN
exit 1
}
while {[gets $IN mailbox] = 0} {
exec /usr/sbin/adduser -batch $mailbox email $mailbox $mailbox
cyr_conn createmailbox user.$mailbox
cyr_conn setquota user.$mailbox storage $quota
cyr_conn createmailbox user.$mailbox.sentmail
}
close $IN
_ _ _ _ __ _ _ _ _
/\_\_\_\_\/\_\ /\_\_\_\_\_\
/\/_/_/_/_/ /\/_/ \/_/_/_/_/_/ QUIDQUID LATINE DICTUM SIT,
/\/_/__\/_/ __/\/_//\/_/ PROFUNDUM VIDITUR
/\/_/_/_/_/ /\_\ /\/_//\/_/
/\/_/ \/_/ /\/_/_/\/_//\/_/ (Whatever is said in Latin
\/_/ \/_/ \/_/_/_/_/ \/_/ appears profound)
Rob Tanner
UNIX and Networks Manager
Linfield College, McMinnville OR
(503) 434-2558 [EMAIL PROTECTED]
RE: Cyrus IMAP 2.0.16 released
Date: Thu, 23 Aug 2001 14:53:45 +0200 (CEST) From: Klaus Jaehne [EMAIL PROTECTED] On Fri, 27 Jul 2001, Lawrence Greenfield wrote: I've thrown Cyrus IMAP 2.0.16 on ftp.andrew.cmu.edu. I didn't test the ancillary utilities as much as I would've liked (cyradm, etc.) but the base server should be solid. This version has some important db3 fixes, so I strongly encourage people to upgrade, especially in high volume sites. Thanks very much to everybody who sent patches for various things. Does this release fix the DB3-Problems reported by Paul Graham an 6 Aug 2001? We believe so, yes. Larry Yes. Going to 2.0.16 has resolved our problem. Steven J. Heist Mail Service Coordinator Technical Services University at Buffalo ph: 716.645.7749
Cyrus LMTP daemon tries to authenticate to sendmail
I'm using sendmail-8.12.0.Beta16 with cyrus-imapd-2.0.16. Every time sendmail delivers a message to the LMTP daemon, it logs an error message like this: Aug 23 15:29:59 setup16 sm-mta[331]: [ID 702911 mail.warning] AUTH=client, relay=localhost [(null)], authinfo failed Apparently, the LMTP daemon is attempting to authenticate to sendmail, and sendmail is seeing invalid information. When I posted this question to comp.mail.sendmail, Claus Assmann suggested that I turn off AUTH support in the LMTP daemon. Is there a way to do this with Cyrus lmtpd? -- -Gary Mills--Unix Support--U of M Academic Computing and Networking-
pine + cyrus-imapd subfolder problem
This is probably a well-known problem, but I have yet to find a
solution. Here's hoping someone on this list can help.
I am running pine-4.33 installed from rpm on a RH 7.1 system. When I
use pine to read cyrus-imapd mail, I can read my inbox and
inbox.folders, but both the message list and individual messages in
inbox.folders.subfolders show up all misformated and wierd. Other MUAs
have no problems. Has anyone encountered this before? Anyone know a
solution?
My .pinerc line is:
folder-collections={heidegger.rprc.washington.edu}inbox.[]
Thanks,
David
Re: Cyrus LMTP daemon tries to authenticate to sendmail
On Thu, 23 Aug 2001 15:43:42 -0500 (CDT), mills [EMAIL PROTECTED] (m) writes: m I'm using sendmail-8.12.0.Beta16 with cyrus-imapd-2.0.16. m Every time sendmail delivers a message to the LMTP daemon, it m logs an error message like this: m Aug 23 15:29:59 setup16 sm-mta[331]: [ID 702911 mail.warning] AUTH=client, relay=localhost [(null)], authinfo failed m Apparently, the LMTP daemon is attempting to authenticate to m sendmail, and sendmail is seeing invalid information. When I posted m this question to comp.mail.sendmail, Claus Assmann suggested that m I turn off AUTH support in the LMTP daemon. m Is there a way to do this with Cyrus lmtpd? Use the `-a' flag. But if you do, use tcpwrappers or bind it to a protected IP or both to make sure joe blow on the net can shove mail down that pipe. -- Amos
Re: Cyrus LMTP daemon tries to authenticate to sendmail
Amos Gouaux writes: mills [EMAIL PROTECTED] (m) writes: m Apparently, the LMTP daemon is attempting to authenticate to m sendmail, and sendmail is seeing invalid information. When I posted m this question to comp.mail.sendmail, Claus Assmann suggested that m I turn off AUTH support in the LMTP daemon. m Is there a way to do this with Cyrus lmtpd? Use the `-a' flag. But if you do, use tcpwrappers or bind it to a protected IP or both to make sure joe blow on the net can shove mail down that pipe. It's a unix-domain socket writable only by root and cyrus. -- -Gary Mills--Unix Support--U of M Academic Computing and Networking-
Re: Help us! :)
Date: Thu, 23 Aug 2001 19:20:47 -0400 From: Scott Adkins [EMAIL PROTECTED] cc: Lawrence Greenfield [EMAIL PROTECTED], Cyrus-Bugs [EMAIL PROTECTED] Okay, we upgraded to IMAP 2.0.16 with Sendmail 8.12.0. Everything seems to be working except for delivery of email to subfolders. What is happening instead is the emails are getting dumped to the user's INBOX. The ACLs are correct, and everything was working previously before the upgrade (using sendmail 8.12.0 and deliver). Anyone have ideas on what is happening here? You have to make sure that Sendmail isn't stripping off the plus sign from the delivery. Try adding FEATURE(`preserve_local_plus_detail') to your Sendmail 8.12 mc file. Larry
Re: Help us! :)
--On Thursday, August 23, 2001 7:25 PM -0400 Lawrence Greenfield [EMAIL PROTECTED] wrote: Date: Thu, 23 Aug 2001 19:20:47 -0400 From: Scott Adkins [EMAIL PROTECTED] cc: Lawrence Greenfield [EMAIL PROTECTED], Cyrus-Bugs [EMAIL PROTECTED] Okay, we upgraded to IMAP 2.0.16 with Sendmail 8.12.0. Everything seemsto be working except for delivery of email to subfolders. What ishappening instead is the emails are getting dumped to the user's INBOX.The ACLs are correct, and everything was working previously before theupgrade (using sendmail 8.12.0 and deliver). Anyone have ideas on whatis happening here? You have to make sure that Sendmail isn't stripping off the plus sign from the delivery. Try adding FEATURE(`preserve_local_plus_detail') to your Sendmail 8.12 mc file. Larry Okay, we just did that and we are still having problems. Mail can be delivered to the INBOX just fine, but a user+mbox@address causes a user unknown error and bounces the message back. Can you tell us exactly what your sendmail configuration is? This is what our cyrus section is in sendmail.cf: Mcyrus, P=[IPC], F=lsDFMnqAw@/:|SmXz, E=\r\n, S=EnvFromL, R=EnvToL/HdrToL, T=DNS/RFC822/X-Unix, U=cyrus:mail, A=FILE /var/imap/socket/lmtp Also, attached is the actual MC file we are using to create our sendmail.cf file. Any help is greatly appreciated! We are in a lurch with a partial upgrade and a slightly broken email delivery system :-( Scott -- +-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-+ Scott W. Adkinshttp://www.cns.ohiou.edu/~sadkins/ UNIX Systems Engineer mailto:[EMAIL PROTECTED] ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 +-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-+ CNS, HDL Center, Suite 301, Ohio University, Athens, OH 45701-2979 # divert(-1) # # (C) Copyright 2000 by Carnegie Mellon University # # This sample mc file is for a site that uses the Cyrus IMAP server # exclusively for local mail. This requires Sendmail 8.10 or later. # # $Id: cyrusv2.mc,v 1.3 2000/09/09 04:02:11 leg Exp $ divert(0)dnl VERSIONID(`cyrus v2 sample configuartion') OSTYPE(osf1) define(`confBIND_OPTS',`-DNSRCH -DEFNAMES') define(`confTO_IDENT',`0') define(`confQUEUE_LA',`25')dnl define(`confREFUSE_LA',`30')dnl define(`confCONNECTION_RATE_THROTTLE',`10')dnl define(`confMAX_DAEMON_CHILDREN',`200')dnl define(`confMAX_MESSAGE_SIZE',`1700')dnl define(`confTO_QUEUERETURN',`2d')dnl dnl setting cyrus as the trusted user will make it easier to pass dnl Sendmail's safefile checks. however, it means that someone with the dnl cyrus password could easily become root. dnl define(`confTRUSTED_USER', `cyrus') define(`confLOCAL_MAILER', `cyrus') FEATURE(`nocanonify') FEATURE(`always_add_domain') FEATURE(smrsh)dnl FEATURE(use_cw_file)dnl FEATURE(access_db)dnl FEATURE(blacklist_recipients)dnl FEATURE(`preserve_local_plus_detail')dnl MAILER(`local') MAILER(`smtp') MAILER_DEFINITIONS Mcyrus, P=[IPC], F=lsDFMnqAw@/:|SmXz, E=\r\n, S=EnvFromL, R=EnvToL/HdrToL, T=DNS/RFC822/X-Unix, U=cyrus:mail, A=FILE /var/imap/socket/lmtp LOCAL_RULE_0 Rbb + $+ @ $=w . $#cyrus $: + $1
Re: Help us! :)
The 'w' flag for the mailer says to make sure that all users it accepts mail for are in /etc/passwd. You'll probably need to remove it. Fortunately or unfortunately, this will also disable ~/.forward file processing. Since we don't use .forward file processing, it will be hard for me to immediately tell you how to make both work. Larry Date: Thu, 23 Aug 2001 20:05:19 -0400 From: Scott Adkins [EMAIL PROTECTED] cc: Cyrus-Bugs [EMAIL PROTECTED] --==1923943158== Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline --On Thursday, August 23, 2001 7:25 PM -0400 Lawrence Greenfield [EMAIL PROTECTED] wrote: Date: Thu, 23 Aug 2001 19:20:47 -0400 From: Scott Adkins [EMAIL PROTECTED] cc: Lawrence Greenfield [EMAIL PROTECTED], Cyrus-Bugs [EMAIL PROTECTED] Okay, we upgraded to IMAP 2.0.16 with Sendmail 8.12.0. Everything seemsto be working except for delivery of email to subfolders. What ishappening instead is the emails are getting dumped to the user's INBOX.The ACLs are correct, and everything was working previously before theupgrade (using sendmail 8.12.0 and deliver). Anyone have ideas on whatis happening here? You have to make sure that Sendmail isn't stripping off the plus sign from the delivery. Try adding FEATURE(`preserve_local_plus_detail') to your Sendmail 8.12 mc file. Larry Okay, we just did that and we are still having problems. Mail can be delivered to the INBOX just fine, but a user+mbox@address causes a user unknown error and bounces the message back. Can you tell us exactly what your sendmail configuration is? This is what our cyrus section is in sendmail.cf: Mcyrus, P=[IPC], F=lsDFMnqAw@/:|SmXz, E=\r\n, S=EnvFromL, R=EnvToL/HdrToL, T=DNS/RFC822/X-Unix, U=cyrus:mail, A=FILE /var/imap/socket/lmtp Also, attached is the actual MC file we are using to create our sendmail.cf file. Any help is greatly appreciated! We are in a lurch with a partial upgrade and a slightly broken email delivery system :-( Scott -- +-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-+ Scott W. Adkinshttp://www.cns.ohiou.edu/~sadkins/ UNIX Systems Engineer mailto:[EMAIL PROTECTED] ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 +-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-+ CNS, HDL Center, Suite 301, Ohio University, Athens, OH 45701-2979 --==1923943158== Content-Type: text/plain; charset=us-ascii; name=cyrusv2_ou2.txt Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=cyrusv2_ou2.txt; size=1387 # divert(-1) # #(C) Copyright 2000 by Carnegie Mellon University # #This sample mc file is for a site that uses the Cyrus IMAP server #exclusively for local mail. This requires Sendmail 8.10 or later. # # $Id: cyrusv2.mc,v 1.3 2000/09/09 04:02:11 leg Exp $ divert(0)dnl VERSIONID(`cyrus v2 sample configuartion') OSTYPE(osf1) define(`confBIND_OPTS',`-DNSRCH -DEFNAMES') define(`confTO_IDENT',`0') define(`confQUEUE_LA',`25')dnl define(`confREFUSE_LA',`30')dnl define(`confCONNECTION_RATE_THROTTLE',`10')dnl define(`confMAX_DAEMON_CHILDREN',`200')dnl define(`confMAX_MESSAGE_SIZE',`1700')dnl define(`confTO_QUEUERETURN',`2d')dnl dnl setting cyrus as the trusted user will make it easier to pass dnl Sendmail's safefile checks. however, it means that someone with the dnl cyrus password could easily become root. dnl define(`confTRUSTED_USER', `cyrus') define(`confLOCAL_MAILER', `cyrus') FEATURE(`nocanonify') FEATURE(`always_add_domain') FEATURE(smrsh)dnl FEATURE(use_cw_file)dnl FEATURE(access_db)dnl FEATURE(blacklist_recipients)dnl FEATURE(`preserve_local_plus_detail')dnl MAILER(`local') MAILER(`smtp') MAILER_DEFINITIONS Mcyrus, P=[IPC], F=lsDFMnqAw@/:|SmXz, E=\r\n, S=EnvFromL, R=EnvToL/HdrToL, T=DNS/RFC822/X-Unix, U=cyrus:mail, A=FILE /var/imap/socket/lmtp LOCAL_RULE_0 Rbb + $+ @ $=w . $#cyrus $: + $1 --==1923943158==--
