Re: setup problem - mail doesn't seem to move?
I wrote: Stuff about my config. Further to this, user acl checks from cyradm show : localhost lam user/carl carl lrswipcda localhost lam user/carl/Trash carl lrswipcda Which is the same as I have seen on a (working properly!) setup on a RedHat 7.3 server. so I don't *think* the problem is the acl's? --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Problems with createonpost
Hi i installed my Cyrus-IMAPD 2.2.3 with the patches from http://email.uoa.gr/projects/cyrus/autocreate/ when i try to send a mail to a user that does not have a mailbox i get the following error: Mar 16 12:41:08 mail master[29564]: about to exec /usr/lib/cyrus/lmtpd Mar 16 12:41:08 mail lmtpunix[29564]: executed Mar 16 12:41:08 mail lmtpunix[29564]: accepted connection Mar 16 12:41:08 mail lmtpunix[29564]: lmtp connection preauth'd as postman Mar 16 12:41:08 mail lmtpunix[29564]: autocreateinbox: User [EMAIL PROTECTED], INBOX failed. Permission denied Mar 16 12:41:08 mail lmtpunix[29564]: append_check() of '[EMAIL PROTECTED]' failed (Permission denied) Mar 16 12:41:08 mail lmtpunix[29564]: accepted connection Mar 16 12:41:08 mail lmtpunix[29564]: lmtp connection preauth'd as postman Does anybody knows why there is no permission or something else? Thanks for help in advance. Greets Kevin -- +--+ |Kevin Moschallski | |Stockacker 48 | |79252 Stegen | |[EMAIL PROTECTED] | +--+ --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Remote User's SMTP relay authorization
Quoting John Gibson [EMAIL PROTECTED]: Roaming ( my def.) : Users who access the internet from multiple IP addresses most of which are dynamically allocated (therefore unknown in advance). We do not want to support permanent email storage at this time. We just want people to be able to retrieve their mail and provide SMTP sending capability. We want the IMAP/POP mail server to not require our linux host to have system logins for any of the mail users. We want a scalable solution which can be flexible when our requirements change. We would prefer to allow users to select their own mail client (or at least provide a list of ones that will work with our setup). The SMTP sending capability seems to be the biggest issue. Any suggestions would be much appreciated. There are two popular ways of doing this. The first, and preferred by most, is SMTP AUTH - I believe that support of relaying for roaming, authorized users is one of the reasons SMTP AUTH exists. This, however, isn't a Cyrus question, but an MTA question, and is better researched where ever you find information about your MTA of choice. The second is POP-before-SMTP, which is, in general, a bad hack, but might be worth investigating. Essentially, there is a third process (not the POP3d or SMTPd) that looks at the POP logs and tells the SMTPd that it can allow sending from IP addresses that had recent successful POP sessions. This involves a tight integration between your POP server (one of many) and your SMTP server (again, one of many). Because of the large number of possible combinations, this is generally not well supported, but Googling for pop before send my MTA name my POP server name might turn up something for you. Hope this helps, good luck (and, imo, you should use SMTP AUTH+TLS, with SASL passwords). -- Andrew Caird --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Problems with createonpost
Sure: imapd.conf # $Header: /home/cvsroot/gentoo-x86/net-mail/cyrus-imapd/files/imapd_2.conf,v 1.1 2002/10/11 14:51:49 raker Exp $ # # Don't forget to use chattr +S (if you are using ext[23]) # when you change these directories (read the docs). configdirectory:/var/imap partition-default: /var/spool/imap sievedir: /var/imap/sieve tls_ca_file:/etc/cyrusimapd/server.pem tls_cert_file: /etc/cyrusimapd/server.pem tls_key_file: /etc/cyrusimapd/server.pem # Don't use an everyday user as admin. admins: cyrus [EMAIL PROTECTED] hashimapspool: yes allowanonymouslogin:no allowplaintext: yes # Use this if sieve-scripts could be in ~user/.sieve. #sieveusehomedir: yes # Use saslauthd if you want to use pam for imap. # But be warned: login with DIGEST-MD5 or CRAM-MD5 # is not possible using pam. sasl_mech_list: PLAIN sasl_pwcheck_method: auxprop sasl_auxprop_plugin: sql sasl_password_format: crypt sasl_sql_user: X sasl_sql_passwd: X sasl_sql_hostnames: X sasl_sql_database: X sasl_sql_select: SELECT password FROM users WHERE username = '%u' AND domainname = '%r' AND status = '1' unixhierarchysep: yes altnamespace: yes #virtdomains: yes #defaultdomain: 3digit.de postuser: cyrus defaultacl: anyone p createonpost: yes autocreateinboxfolders: Sent | Drafts | Trash | spam | virus autosubscribeinboxfolders: Sent | Drafts | Trash | spam | virus autocreatequota: 15000 quotawarn: 90 loginrealms: * moschallski.net 3digit.de pimmelklabauter.de twiceaday.de erber-lehmbau.de silber-und-mehr.de blumenbindekurse.de P.S.:maybe somebody knows how too handle with the realm i read somewhere that loginrealms: * would make the deal but i must add any of the domains a handle mails for or i get a cross-realm login denied error. Am Di, den 16.03.2004 schrieb Aristotelis um 14:44: On Tue, 16 Mar 2004, Kevin Moschallski wrote: Hello, Hi i installed my Cyrus-IMAPD 2.2.3 with the patches from http://email.uoa.gr/projects/cyrus/autocreate/ Does anybody knows why there is no permission or something else? COuld you please post the configuration file of your setup?? Regards, Aristotelis -- +--+ |Kevin Moschallski | |Stockacker 48 | |79252 Stegen | |[EMAIL PROTECTED] | +--+ --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Remote User's SMTP relay authorization
On Mon, 15 Mar 2004, Kendrick Vargas wrote: It wouldn't surprise me if some in the know net admins would block this too simply cuz it's in an RFC. Therefore, I still like my port better :-) Besides, something like 2525 will be easier to remember than 587. Unlike port 25, port 587 isn't useful for spammers (MTAs are not widely configured to recieve mail from arbitrary external sources on port 587 -- only from either authenticated sources or atleast senders from that domain)... So there'd really be no need. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: pop3d proxy
On Tue, 16 Mar 2004, Rob Siemborski wrote: What is the pop3proxy process doing during all of this? Getting the actual times the syscalls take would be helpful too. (-T to strace) [snip] I don't see how I could strace the pop3proxy. I would be glad to do so if you have any suggestions. Sorry, just saw this question... Configure a process to prefork, then attach strace to the preforked process, then connect. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: pop3d proxy
What is the pop3proxy process doing during all of this? Getting the actual times the syscalls take would be helpful too. (-T to strace) On Mon, 15 Mar 2004, Michael J Farina wrote: Ok that worked well. Thanks. It seems to be hanging on a socket read. It looks up the address from /etc/host then wait for the connections to start. then it flies really fast. here is a blurb. read(3, # Begin /etc/hosts (network card..., 4096) = 231 close(3)= 0 munmap(0x40365000, 4096)= 0 socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 3 connect(3, {sa_family=AF_INET, sin_port=htons(110), sin_addr=inet_addr(63.xxx.xxx.29)}, 16) = 0 getpeername(3, {sa_family=AF_INET, sin_port=htons(110), sin_addr=inet_addr(63.xxx.xxx.29)}, [16]) = 0 getsockname(3, {sa_family=AF_INET, sin_port=htons(32775), sin_addr=inet_addr(63.xxx.xxx.6)}, [16]) = 0 brk(0x8066000) = 0x8066000 uname({sys=Linux, node=poptester, ...}) = 0 brk(0x8068000) = 0x8068000 read(3, Kind of sits right there for a while then it takes off like a run away train for a few then stops at that point again. - Original Message - From: Ken Murchison [EMAIL PROTECTED] To: Michael J Farina [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, March 15, 2004 4:08 PM Subject: Re: pop3d proxy Michael J Farina wrote: I have the backend server's hostname in /etc/hosts that should make the lookup fast and pop3test doesn't seem to take a password on the command line for rapid fire logins. -w passwd I don't see how I could strace the pop3proxy. I would be glad to do so if you have any suggestions. - Original Message - From: Ken Murchison [EMAIL PROTECTED] To: Michael J Farina [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, March 15, 2004 3:20 PM Subject: Re: pop3d proxy Michael J Farina wrote: I am still chasing this pop3 problem. I have now tried PLAIN+TLS for proxy authentication. I see the same issue of pop3 proxy being slow. With more investigation I see that I can open alot of connections on the frontend server but they don't see to get passed to the backend. I have tried starting master with a -l 1024 and in my cyrus.conf I have preforked 50 pop3d and maxchild=-1. Nothing seems to make the connection counts greater. Could I be hitting some max connection per IP limit that I can't see when I connect directly to the backend? I still think this is network related. Is it possible that DNS is slow? Can you strace/truss the process to see what it is doing? What happens if you use pop3test against the proxy, specifying the number of logins with the -n option. - Original Message - From: Michael J Farina [EMAIL PROTECTED] To: Ken Murchison [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, March 12, 2004 1:13 PM Subject: Re: pop3d proxy It seems that the delay is in the connection. I have played with the backlog queue, the max child, and prefork settings without being able to make it any faster. I am logging in a doing a list command. The mailboxes are all empty so I am not thinking that once the connection is authed it is slow. It is just getting the frontend to open enough connections to the backend. I can't seem to nail down what the problem is. If I connect the stress test to the backend it is very fast less than a second a connection. If I can provide anymore info let me know. I am looking to have over 150,000 boxes they are all pop now but I want to offer IMAP. --Mike - Original Message - From: Ken Murchison [EMAIL PROTECTED] To: Michael J Farina [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, March 12, 2004 9:54 AM Subject: Re: pop3d proxy Michael J Farina wrote: Ken, Is there a way to do PLAIN from the frontends to the backends? The servers I am testing are on a isolated network no network traffic other than the mail servers. Any help would be appreciated. sasl_maximum_layer:0 didn't seem to change the pop3 proxy timing. The server are also dual 1.4s with 2 gigs of ram if that helps at all. You can do PLAIN, but the frontends will also need to use TLS, since PLAIN won't be advertised by the backends unless a security layer is in place. Are you saying that there is a delay for every command, or for every login? Is your stress test only doing one command per login? - Original Message - From: Ken Murchison [EMAIL PROTECTED] To: Michael J Farina [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, March 11, 2004 4:58 PM Subject: Re: pop3d proxy Michael J Farina wrote:
denying plaintext
Hi, I'm trying to make sure my users only use secure passwords when logging into my server. Therefore I've used to set: allowplainwithouttls:no and sasl_minimum_layer:128 sasl_mech_list: digest-MD5 CRAM-MD5 However, when I checked my logs, I saw stuff like: Date hostename imapd[123]: login: hostname[ip] username plaintext From a place that clearly should not have this happening. So I have now added: allowplaintext: no as well. My question is: Is this enough? And, why isn't setting the sasl_minimum_layer enough to make sure I got encrypted passwords? Tarjei -- Tarjei Huse Rådgiver Bergfald Co AS Telefon: 23 00 05 90 Mobiltelefon: 920 63 413 www.bergfald.no --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Low Cost Term Life Insurance
Welcome to Americas newest insurance referral network. We offer term-life coverage at up to 70% off. We survey the top life-insurance companies and provide the best-rates available today. Smokers may qualify for special rates. Get Your Quote Today If you do not wish to receive these offers in the future, un-list yourself Confirmation#H91
Re: pop3d proxy
On Tue, 16 Mar 2004, Michael J Farina wrote: I followed you suggestions and it seems to be hanging when it reads /dev/random. If I remove /dev/random it is very fast. I have recreated /dev/random and I get the same stutter and slow proxy pops. Without random it is very quick. If I can provide anymore info let me know. Two options -- link /dev/urandom to /dev/random (poor). Or recompile SASL with --with-devrandom=/dev/urandom -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: pop3d proxy
On Tue, 16 Mar 2004, Michael J Farina wrote: That worked like a champ. Thanks I've added this to the FAQ (sort of surprised it wasn't there already, but whatever). -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: pop3d proxy
Rob, That worked like a champ. Thanks -Mike - Original Message - From: Rob Siemborski [EMAIL PROTECTED] To: Michael J Farina [EMAIL PROTECTED] Cc: Ken Murchison [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, March 16, 2004 12:41 PM Subject: Re: pop3d proxy On Tue, 16 Mar 2004, Michael J Farina wrote: I followed you suggestions and it seems to be hanging when it reads /dev/random. If I remove /dev/random it is very fast. I have recreated /dev/random and I get the same stutter and slow proxy pops. Without random it is very quick. If I can provide anymore info let me know. Two options -- link /dev/urandom to /dev/random (poor). Or recompile SASL with --with-devrandom=/dev/urandom -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
seen database destroyed - how to recover?
My seen database got corrupted, so I deleted it, based on what I'd read on other posts. In the past this worked (I'm only testing a prototype system). Today, I did that, and now I can't see ANY of the messages in my INBOX, or several other mail folders. I know the messages are still in /var/spool/imap. Why can't I see them at all? Is there any way to fix this? I've also been getting ominous errors in my log files related to this: Mar 16 14:37:18 pdb-mail-1 imaps[14699]: login: bobblehead.rutgers.edu [128.6.70 .62] prentice plain+TLS User logged in Mar 16 14:37:18 pdb-mail-1 imaps[14699]: DBERROR: skiplist recovery: 0090 should be ADD or DELETE Mar 16 14:37:18 pdb-mail-1 imaps[14699]: DBERROR: opening /var/lib/imap/user/p/p rentice.seen: cyrusdb error Mar 16 14:37:18 pdb-mail-1 imaps[14699]: Could not open seen state for prentice (System I/O error) Mar 16 14:37:18 pdb-mail-1 imaps[14699]: open: user prentice opened INBOX.Sent Mar 16 14:38:14 pdb-mail-1 imaps[14693]: DBERROR: skiplist recovery: 0090 should be ADD or DELETE Mar 16 14:38:14 pdb-mail-1 imaps[14693]: DBERROR: opening /var/lib/imap/user/p/p rentice.seen: cyrusdb error Mar 16 14:38:14 pdb-mail-1 imaps[14693]: Could not open seen state for prentice (System I/O error) Mar 16 14:38:14 pdb-mail-1 imaps[14693]: open: user prentice opened INBOX.deposi t Mar 16 14:38:15 pdb-mail-1 imaps[14693]: DBERROR: skiplist recovery: 0090 should be ADD or DELETE Mar 16 14:38:15 pdb-mail-1 imaps[14693]: DBERROR: opening /var/lib/imap/user/p/p rentice.seen: cyrusdb error Mar 16 14:38:15 pdb-mail-1 imaps[14693]: Could not open seen state for prentice (System I/O error) Mar 16 14:38:15 pdb-mail-1 imaps[14693]: open: user prentice opened INBOX.HP -- Prentice Bisbal Computer System Administrator Protein Data Bank Rutgers University --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus IMAPd, SASL, GSSAPI, Proxy Authorization
On Tue, 16 Mar 2004 [EMAIL PROTECTED] wrote: Thanks for the help - I thought proxyservers meant something to do with murder ... That said, is any finer control available? I don't want to authorize jablko to all other users, just admin. Yes, look at the loginuseacl imapd.conf option. If enabled, if a user-a has the 'a' right on user-b's inbox, user-a can authorize as user-b. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
cyrus stopped working -- corrupted files ?
Our cyrus server(2.1.15) has been running like a charm for about 5 months now on RedHat Enterprise 3 .. We are also using web-cyradm /postfix(2.0.16) with it if it matters. This morning we had an episode where the pop3 clients couldn't connect to the server. IMAP was working still fine. Noticed that port 110 wasn't open,and re-started cyrus server. Then pop3 and imap quit working.Nothing worked. Below is snippet of the cyrus errors logs. I noticed in the archive that someone was told to delete all the files under /var/imap/db to eliminate errors that were similiar to mine. I did that and lo and behold everything is working again. My question is what exactly would cause this problem or why would the files under db become corrupt ? We naturally want to try and prevent this from happening in the future. Thanks ! Mar 16 08:26:06 AFMAIL1 ctl_cyrusdb[6976]: DBERROR db4: PANIC: DB_RUNRECOVERY: Fatal error, run database recovery Mar 16 09:04:30 AFMAIL1 ctl_cyrusdb[3660]: DBERROR: dbenv-open '/var/imap/db' failed: DB_RUNRECOVERY: Fatal error, run database recoveryMar 16 09:04:30 AFMAIL1 ctl_cyrusdb[3660]: DBERROR: init /var/imap/db: cyrusdb errorMar 16 09:04:30 AFMAIL1 ctl_deliver[3659]: DBERROR db4: fatal region error detected; run recovery
Re: cyrus stopped working -- corrupted files ?
On Tue, 2004-03-16 at 13:09, Tracy Bost wrote: My question is what exactly would cause this problem or why would the files under db become corrupt ? We naturally want to try and prevent this from happening in the future. Thanks ! Mar 16 08:26:06 AFMAIL1 ctl_cyrusdb[6976]: DBERROR db4: PANIC: DB_RUNRECOVERY: Fatal error, run database recovery Mar 16 09:04:30 AFMAIL1 ctl_cyrusdb[3660]: DBERROR: dbenv-open '/var/imap/db' failed: DB_RUNRECOVERY: Fatal error, run database recovery Mar 16 09:04:30 AFMAIL1 ctl_cyrusdb[3660]: DBERROR: init /var/imap/db: cyrusdb error Mar 16 09:04:30 AFMAIL1 ctl_deliver[3659]: DBERROR db4: fatal region error detected; run recovery I've been seeing this lately myself. In our case, it appears to happen anytime we shut the system down, such as rebooting after installing a new kernel package. We're running cyrus 2.1.16 on Fedora Core 1. In my case, I discovered that I could shutdown the cyrus-imapd service, run ctl_cyrusdb, run cvt_cyrusdb_all and then restart cyrus-imapd service to solve the problem. But it's a pain. This doesn't happen every time we restart the system. I should add that this is on an ext3 file system...which may or may not be important. -- Fred W. Bacon [EMAIL PROTECTED] Aerodyne Research, Inc. --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
MySQL authentication options
Hi, I had been doing some research about authenticating user against a MySQL database, and from what I can see the only option is via PAM through saslauthd. Is this correct, or there are other way to do it ? Thanks ! -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Clear text password and MySQL
On Wed, Feb 04, 2004 at 11:41:06AM -0800, Eric S. Pulley wrote: In this scenario you are still passing the SALT in clear text to the db but IMO this is much better than having your users logging in with plaintext passwords over an open network. Especially if your DB is on the same host as cyrus-imap since you can contain it to a socket and not use a network at all for the DB lookups. So what is the gain here, really? I may be wrong, but I suspect that you've confused yourself on what you are protecting. If you aren't using TLS, then the password is going over the network in cleartext anyway. If imapd is on a different host than the db, then the encrypted password is going with the salt... so effectively cleartext. -- Joe Rhett Chief Geek [EMAIL PROTECTED] Isite Services, Inc. --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: MySQL authentication options
I had been doing some research about authenticating user against a MySQL database, and from what I can see the only option is via PAM through saslauthd. Is this correct, or there are other way to do it ? Nope -- you can compile SASL with direct mysql support and skip PAM entirely. We use it that way. -- Joe Rhett Chief Geek [EMAIL PROTECTED] Isite Services, Inc. --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Clear text password and MySQL
--On Tuesday, March 16, 2004 2:13 PM -0800 Joe Rhett [EMAIL PROTECTED] wrote: On Wed, Feb 04, 2004 at 11:41:06AM -0800, Eric S. Pulley wrote: In this scenario you are still passing the SALT in clear text to the db but IMO this is much better than having your users logging in with plaintext passwords over an open network. Especially if your DB is on the same host as cyrus-imap since you can contain it to a socket and not use a network at all for the DB lookups. So what is the gain here, really? I may be wrong, but I suspect that you've confused yourself on what you are protecting. If you aren't using TLS, then the password is going over the network in cleartext anyway. If imapd is on a different host than the db, then the encrypted password is going with the salt... so effectively cleartext. Yes, you are correct. However, the SQL query is going over a switched network segment you have control over not the Internet at large. Or even better a socket on a black box. If your config requires you to pass the SQL query over an insecure subnet then you should, of course, SSL encode the DB connection. This allows you to use cram or digest at the mail client leaving the admin to deal with the security of the backend, not some confused user setting up their account. Plus it still allows the admin access to the cleartext password in the DB. But it all comes down to were you want to take your risks. I'm not saying you shouldn't use TLS/SSL where ever you can in addition to any other security you have in place. This solution is specifically to allow cram and digest connection to the imap server from the Internet while still having a cleartext password in the SQL table. I would not recommend it if you do not have this requirement. --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Remote User's SMTP relay authorization
On Tue, 16 Mar 2004, Andrew J Caird wrote: a bad hack, but might be worth investigating. Essentially, there is a third process (not the POP3d or SMTPd) that looks at the POP logs and tells the SMTPd Nothing that ugly. See the DRAC patch in cyrus contrib/. It is even applied by default by some vendors (I certainly do this for Debian's package of cyrus 2.1). -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
(Postfix/Cyrus)+SpamAssassin ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Has anyone implemented this successfully? If so,how? Everything I've found from Google uses the old cyrdeliver methods. - -IMB -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (MingW32) iD8DBQFAV5CgRGycTB/It0gRAp2nAKCSXjpA6J7Z6nQp6oCQ7IKVf2AinwCeKYUY i26lmL+gAdc8a4hPBik50xI= =pwdz -END PGP SIGNATURE- --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: (Postfix/Cyrus)+SpamAssassin ?
On Tue, 2004-03-16 at 15:41, Ian Beyer wrote: Has anyone implemented this successfully? If so,how? Everything I've found from Google uses the old cyrdeliver methods. Postfix main.cf: mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp For SpamAssassin, I use amavisd-new (http://www.ijs.si/software/amavisd/). It doesn't give you all of the per-user config you can have using SA w/in procmail or other pipeline, but it's pretty fast and works pretty well. If you need all the per-user settings possible with SA, then you do have to use 'deliver'. Again in main.cf: content_filter = smtp-amavis:[127.0.0.1]:10024 And master.cf: smtp-amavis unix - - y - 6 smtp -o smtp_data_done_timeout=1200 -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - y - - smtpd -o content_filter= -o local_recipient_maps= -o myhostname=localhost.nakedape.priv -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 These settings are explained in detail in the amavisd-new docs. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * * Naked Ape Consulting http://nakedape.cc * * Contract Sys Admin http://nakedape.cc/r/csa * signature.asc Description: This is a digitally signed message part
Re: (Postfix/Cyrus)+SpamAssassin ?
On Tue, 2004-03-16 at 19:13, Wil Cooley wrote: For SpamAssassin, I use amavisd-new (http://www.ijs.si/software/amavisd/). It doesn't give you all of the per-user config you can have using SA w/in procmail or other pipeline, but it's pretty fast and works pretty well. If you need all the per-user settings possible with SA, then you do have to use 'deliver'. I was pretty sure I read somewhere on the amavisd mailing list that you would get it to work with per user settings out of MySQL. Maybe it was just a fantasy of mine :) -- Scott Russell [EMAIL PROTECTED] Linux Technology Center System Admin --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: pop3d proxy
Rob Siemborski wrote: On Tue, 16 Mar 2004, Michael J Farina wrote: I followed you suggestions and it seems to be hanging when it reads /dev/random. If I remove /dev/random it is very fast. I have recreated /dev/random and I get the same stutter and slow proxy pops. Without random it is very quick. If I can provide anymore info let me know. Two options -- link /dev/urandom to /dev/random (poor). Or recompile SASL with --with-devrandom=/dev/urandom Another option is to set allowapop: 0 If pop3d (or pop3proxyd) is slow in providing the banner, its because its trying to generate a challenge for APOP. Disabling APOP should solve this. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: (Postfix/Cyrus)+SpamAssassin ?
On Tue, 2004-03-16 at 17:12, Scott Russell wrote: I was pretty sure I read somewhere on the amavisd mailing list that you would get it to work with per user settings out of MySQL. Maybe it was just a fantasy of mine :) You are correct, however, the granularity of control is much coarser with amavisd-new. Basically you can control tag, tag2 and kill levels per-user/domain/sub-domain. Using SA through procmail each user can control nearly every aspect. Of course, you also cannot use site-wide Bayesian filtering with the procmail approach. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * * * Linux Consulting in Portland, Oregon * * * * * * * Naked Ape Consultinghttp://nakedape.cc * signature.asc Description: This is a digitally signed message part
Re: cyrus stopped working -- corrupted files ?
Exactly. Now that you mention it, its happening everytime I stop the cyrus server. After deleting the files under /var/imap it will work again. I discovered that I could shutdown the cyrus-imapd service, run ctl_cyrusdb, run cvt_cyrusdb_all and then restart cyrus-imapd service to solve the problem. But it's a pain. This doesn't happen every time we restart the system. What exactly are the commands you run for this to get it to work this way ? I tried ctl_cyrusdb -r and am so lost on the cvt_cyrusdb, i was afraid to get too adventrous with it. - Original Message - From: Tracy Bost [EMAIL PROTECTED] To: Tracy Bost [EMAIL PROTECTED] Sent: Tuesday, March 16, 2004 8:47 PM Subject: Fw: cyrus stopped working -- corrupted files ? - Original Message - From: Fred W. Bacon [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 16, 2004 6:42 PM Subject: Re: cyrus stopped working -- corrupted files ? On Tue, 2004-03-16 at 13:09, Tracy Bost wrote: My question is what exactly would cause this problem or why would the files under db become corrupt ? We naturally want to try and prevent this from happening in the future. Thanks ! Mar 16 08:26:06 AFMAIL1 ctl_cyrusdb[6976]: DBERROR db4: PANIC: DB_RUNRECOVERY: Fatal error, run database recovery Mar 16 09:04:30 AFMAIL1 ctl_cyrusdb[3660]: DBERROR: dbenv-open '/var/imap/db' failed: DB_RUNRECOVERY: Fatal error, run database recovery Mar 16 09:04:30 AFMAIL1 ctl_cyrusdb[3660]: DBERROR: init /var/imap/db: cyrusdb error Mar 16 09:04:30 AFMAIL1 ctl_deliver[3659]: DBERROR db4: fatal region error detected; run recovery I've been seeing this lately myself. In our case, it appears to happen anytime we shut the system down, such as rebooting after installing a new kernel package. We're running cyrus 2.1.16 on Fedora Core 1. In my case, I discovered that I could shutdown the cyrus-imapd service, run ctl_cyrusdb, run cvt_cyrusdb_all and then restart cyrus-imapd service to solve the problem. But it's a pain. This doesn't happen every time we restart the system. I should add that this is on an ext3 file system...which may or may not be important. -- Fred W. Bacon [EMAIL PROTECTED] Aerodyne Research, Inc. --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html