Re: cyrus autorization identifier trick
On Thu, Apr 19, 2007 at 01:11:25PM -0500, Nestor A. Diaz wrote: Hello cyrus people. Following your cyrus recomendations for a 15K users mailstore, i have a new requeriment, we will like some administrators to login to any mailbox in order to check the successfull delivery of some emails, without having to login into each account with the associated login and password, i explain: cyrus-imapd-2.3.7 imapd.conf(5) proxyservers: none A list of users and groups that are allowed to proxy for other users, separated by spaces. Any user listed in this will be allowed to login for any other user: use with caution. WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Not registered yet
Hi, today I found a new message in Logwatch (running Cyrus 2.3.8): Apr 19 16:39:42 lvr13 master[8644]: service pop3s pid 27842: while trying to process message 0x1: not registered yet Apr 19 16:39:42 lvr13 master[8644]: service pop3s pid 27842 in UNKNOWN state: processing message 0x1 Apr 19 16:39:43 lvr13 master[8644]: service pop3s pid 27842 in UNKNOWN state: now available and in READY state I don't think I've ever seen that one before. I don't worry too much about it, but I'm curious what I means. -- Sebastian Hagedorn - Postmaster - RZKR-R1 (Flachbau), Zimmer 18 Zentrum für angewandte Informatik - Universitätsweiter Service RRZK Universität zu Köln / Cologne University - Tel. +49-221-478-5587 pgp0vCN5XxfUA.pgp Description: PGP signature Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: how to enable digestmd5 and crammd5 ?
On Fri, Apr 20, 2007 at 09:47:07AM +0530, JOYDEEP wrote: Goetz Babin-Ebell wrote: JOYDEEP schrieb: Roberto R. Morelli wrote: Hello Joydeep, Then we have the cyrus sasl modules installed: cyrus-sasl-md5-2.1.22-4 cyrus-sasl-2.1.22-4 cyrus-sasl-lib-2.1.22-4 cyrus-sasl-plain-2.1.22-4 But I have come to know that digest-md5 and cram-md5 need sasldb. so here I can't use it as my users and passwords are stored in LDAP. any idea ? The problem is that cram-md5 and digest-md5 need direct access to the pass phrase in plain text. AFAIK LDAP doesn't support this. You have to use TLS if you want to transmit the pass phrase securely... Thanks Goetz, I am already running SSL aka imaps. but still was interested about cram-md5 and digest-md5 for secured authorization. 1. have to store plaintext passwords in ldap directory. 2. ACL on ldap directory must be configured for open access to userPassword field for read, not only for auth. 3. cyrus imapd must use saslauthd for authentication. 4. saslauthd must have access to users passwords in ldap and must have configured ldapdb_mech option. For details see cyrus-sasl2 documentation -- options.html. WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: how to enable digestmd5 and crammd5 ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 JOYDEEP schrieb: Goetz Babin-Ebell wrote: The problem is that cram-md5 and digest-md5 need direct access to the pass phrase in plain text. AFAIK LDAP doesn't support this. You have to use TLS if you want to transmit the pass phrase securely... I am already running SSL aka imaps. but still was interested about cram-md5 and digest-md5 for secured authorization. Why ? If all passphrases for your IMAP connections are transmitted over TLS, there is no need for cram-md5 or digest md5. If the atacker can read the TLS encrypted connection, you have lost anyway... cram-md5 and digest-md5 require the pass phrase stored unencrypted. This opens another can of worms... (And AFAIK LDAP doesnt support them...) Bye Goetz - -- DMCA: The greed of the few outweights the freedom of the many -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGKGr62iGqZUF3qPYRAnX+AJ9KcdKf67B4I/7/B5cvyRZAA7iZqACeKWh/ 5O1TTXvldtdpi4tsjmFBQGo= =zEeK -END PGP SIGNATURE- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
squatter segfaults on large mailboxes - FreeBSD
Cyrus-IMAP 2.3.8 with UOA autocreate patches FreeBSD 6-STABLE The command was: su cyrus -c /usr/local/cyrus/bin/squatter -r -s -v user The error is Indexing mailbox user/spamdump/archive/2006/08... Segmentation fault kernel: pid 6988 (squatter), uid 60: exited on signal 11 There is free memory available when this happens but still it could be a system limit somehow. Anyone else out there running FreeBSD that could give a hint? Have two more boxes where this works fine on same mailbox but they do have a bit more RAM. Thanks, Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus 2.3.x and thunderbird 2.x delete issue
--On 19. April 2007 23:34:23 +0200 Wolfgang Breyha [EMAIL PROTECTED] wrote: I had troubles with cyrus 2.3.x and thunderbird 2.x. Thunderbird checks the ACLs now and issues a myrights and getacl command. Since thunderbird only checks RFC 2086 flags it disables DELETE access since cyrus 2.3.x reports the compatibility flags only with myrights but not with getacl. Hm, are there any other conditions necessary? Because I just tried TB 2 with our Cyrus 2.3.8 server and I was able to delete a message in my INBOX just fine. I didn't actually check the protocol, so I can't see if TB did myrights and getacl and - if so - what the replies were ... -- .:.Sebastian Hagedorn - RZKR-R1 (Gebäude 52), Zimmer 18.:. Zentrum für angewandte Informatik - Universitätsweiter Service RRZK .:.Universität zu Köln / Cologne University - ✆ +49-221-478-5587.:. .:.:.:.Skype: shagedorn.:.:.:. pgpsDPlDVz9ke.pgp Description: PGP signature Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: how to enable digestmd5 and crammd5 ?
On Fri, Apr 20, 2007 at 09:26:33AM +0200, Goetz Babin-Ebell wrote: cram-md5 and digest-md5 require the pass phrase stored unencrypted. This opens another can of worms... (And AFAIK LDAP doesnt support them...) OpenLDAP support unencrypted passwords. WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus 2.3.x and thunderbird 2.x delete issue
Sebastian Hagedorn wrote, on 20.04.2007 10:00: Hm, are there any other conditions necessary? Because I just tried TB 2 with our Cyrus 2.3.8 server and I was able to delete a message in my INBOX just fine. I didn't actually check the protocol, so I can't see if TB did myrights and getacl and - if so - what the replies were ... Check your cyrus.header files. Maybe you upgraded your installation from older cyrus and there are still c and d flags set on your folders. Mailboxes here only have RFC 4314 flags set. Regards, Wolfgang -- Wolfgang Breyha [EMAIL PROTECTED] | http://www.blafasel.at/ Vienna University Computer Center | Austria Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: How many copies of the mupdate master should run?
On our mupdate master server, mupdate is defined in cyrus.conf with `prefork=1'. However, two of them are running, both children of master... UID PID PPID CSTIME TTY TIME CMD cyrus 1594 483 0 Apr 15 ? 0:00 mupdate -C /etc/mupdate/imapd.conf -m cyrus 1596 483 0 Apr 15 ? 22:18 mupdate -C /etc/mupdate/imapd.conf -m The second one seems to be doing all the work. What's the first one for? Probably related to the preforking mechanism. One can reproduce the behaviour with the pop3 and imap service daemons. Ours is Cyrus 2.2.13 on Solaris 9. prefork=2 causes 4 instances to be started, prefork=5 produces 10 instances of a service daemon Eric. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: how to enable digestmd5 and crammd5 ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dmitriy Kirhlarov schrieb: On Fri, Apr 20, 2007 at 09:47:07AM +0530, JOYDEEP wrote: Goetz Babin-Ebell wrote: JOYDEEP schrieb: But I have come to know that digest-md5 and cram-md5 need sasldb. so here I can't use it as my users and passwords are stored in LDAP. any idea ? I am already running SSL aka imaps. but still was interested about cram-md5 and digest-md5 for secured authorization. 1. have to store plaintext passwords in ldap directory. 2. ACL on ldap directory must be configured for open access to userPassword field for read, not only for auth. And with that open a can of worms I don't think Joydeep want to open... 3. cyrus imapd must use saslauthd for authentication. 4. saslauthd must have access to users passwords in ldap and must have configured ldapdb_mech option. So cyrus can't do plain cram-md5 / digest-md5 with LDAP But saslauthd can. Something new... Bye Goetz - -- DMCA: The greed of the few outweights the freedom of the many -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGKH/32iGqZUF3qPYRAhcPAJ45bQSFXw2WPWs1bsn+HxVlSiyV4ACggBf/ zPRxZjvSXJ9P1YoPQrdzUbk= =P2TE -END PGP SIGNATURE- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
FastMail.FM and autocreate folder/sieve patch conflict
Hello, I have applied most of the FastMail.FM patches. The only problem that I found that is the patch conflict of , autocreate folder/sieve patch, and statuscache patch. As FastMail.FM never provides autocreate folder/sieve patch, I have to remove this old patch on 2.3.8 version. I would like to know, if there is an alternative of autocreate patch? Many thanks Patrick Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: how to enable digestmd5 and crammd5 ?
En/na Goetz Babin-Ebell ha escrit: cram-md5 and digest-md5 require the pass phrase stored unencrypted. This opens another can of worms... (And AFAIK LDAP doesnt support them...) it does. Bye -- Luca Olivetti Wetron Automatización S.A. http://www.wetron.es/ Tel. +34 93 5883004 Fax +34 93 5883007 Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus 2.3.x and thunderbird 2.x delete issue
--On 20. April 2007 10:46:49 +0200 Wolfgang Breyha [EMAIL PROTECTED] wrote: Sebastian Hagedorn wrote, on 20.04.2007 10:00: Hm, are there any other conditions necessary? Because I just tried TB 2 with our Cyrus 2.3.8 server and I was able to delete a message in my INBOX just fine. I didn't actually check the protocol, so I can't see if TB did myrights and getacl and - if so - what the replies were ... Check your cyrus.header files. Maybe you upgraded your installation from older cyrus I did. and there are still c and d flags set on your folders. Yes, they are set. But I checked the flag for new folders that were created after the upgrade and they have those flags as well! Mailboxes here only have RFC 4314 flags set. I'm not sure I understand why. Are you saying that a 2.3.8 installed from scratch behaves differently than an upgraded one? -- .:.Sebastian Hagedorn - RZKR-R1 (Gebäude 52), Zimmer 18.:. Zentrum für angewandte Informatik - Universitätsweiter Service RRZK .:.Universität zu Köln / Cologne University - ✆ +49-221-478-5587.:. .:.:.:.Skype: shagedorn.:.:.:. pgptat7OddiA0.pgp Description: PGP signature Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: how to enable digestmd5 and crammd5 ?
Dmitriy Kirhlarov wrote:
On Fri, Apr 20, 2007 at 09:47:07AM +0530, JOYDEEP wrote:
Goetz Babin-Ebell wrote:
JOYDEEP schrieb:
Roberto R. Morelli wrote:
Hello Joydeep,
Then we have the cyrus sasl modules installed:
cyrus-sasl-md5-2.1.22-4
cyrus-sasl-2.1.22-4
cyrus-sasl-lib-2.1.22-4
cyrus-sasl-plain-2.1.22-4
But I have come to know that digest-md5 and cram-md5 need sasldb. so
here I can't use it as my users and passwords are stored in LDAP.
any idea ?
The problem is that cram-md5 and digest-md5 need direct access to the
pass phrase in plain text.
AFAIK LDAP doesn't support this.
You have to use TLS if you want to transmit the pass phrase securely...
Thanks Goetz,
I am already running SSL aka imaps. but still was interested about
cram-md5 and digest-md5 for secured authorization.
1. have to store plaintext passwords in ldap directory.
Password is stored using {crypt}
2. ACL on ldap directory must be configured for open access to
userPassword field for read, not only for auth.
This one I can't understand :-(
3. cyrus imapd must use saslauthd for authentication.
OK, here saslauthd is using pam amd pam is using pam_unix.so and pam_ldap.so
4. saslauthd must have access to users passwords in ldap and must have
configured ldapdb_mech option.
saslauthd can access the ldap database for authentication
For details see cyrus-sasl2 documentation -- options.html.
WBR.
Dmitriy
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
sieveshell and sivtest is not working here :-(
Dear list,
in my system sieve is not working. I check the user cyrus by imtest.
the command is imtest -a cyrus -u cyrus localhost -s
---
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
S: * OK lvps87-230-8-228.dedicated.hosteurope.de Cyrus IMAP4 v2.2.12
server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
AUTH=PLAIN AUTH=LOGIN SASL-IR X-NETSCAPE
S: C01 OK Completed
Please enter your password:
C: A01 AUTHENTICATE PLAIN Y3lydXMAY3lydXMAbWFoYWRldg==
S: A01 OK Success (tls protection)
Authenticated.
Security strength factor: 256
---
now sivtest -a cyrus localhost reports
S: IMPLEMENTATION Cyrus timsieved v2.2.12
S: SASL PLAIN LOGIN
S: SIEVE fileinto reject envelope vacation imapflags notify
subaddress relational comparator-i;ascii-numeric regex
S: STARTTLS
S: OK
Please enter your password:
C: AUTHENTICATE PLAIN {20+}
AGN5cnVzAG1haGFkZXY=
S: NO Authentication Error
Authentication failed. generic failure
Security strength factor: 0
--
where may be the problem here ?
Even sieveshell localhost is not working too.
see below
lvps87-230-8-228:~ # sieveshell localhost
connecting to localhost
Please enter your password:
unable to connect to server at /usr/bin/sieveshell line 169, STDIN line 1.
---
here is the log
Apr 19 09:15:23 lvps87-230-8-228 sieve[3675]: attempting server step
after doneflag
Apr 19 09:15:23 lvps87-230-8-228 sieve[3675]: badlogin:
lvps87-230-8-228.dedicated.hosteurope.de[127.0.0.1] LOGIN generic failure
Apr 19 09:15:23 lvps87-230-8-228 perl: No worthy mechs found
Apr 19 09:15:23 lvps87-230-8-228 master[31987]: process 3675 exited,
status 0
---
please note I have cyrus-sasl-plain and cyrus-sasl-Login module installed.
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus 2.3.x and thunderbird 2.x delete issue
Sebastian Hagedorn wrote, on 20.04.2007 11:00: I'm not sure I understand why. Are you saying that a 2.3.8 installed from scratch behaves differently than an upgraded one? I don't know;-) Most of the mailboxes here have lrswipkxtea set. And searching the source I found code in cmd_myrights, which adds c and d if they are missing. So I thought cmd_getacl should do that, too. But it seems there was a change from 2.3.7 to 2.3.8 in handling legacy flags. At least a diff on lib/acl.c makes me think so. In 2.3.7 the flags where added on-the-fly and in 2.3.8 they are added permanently. If I'm right that means that I've to update all my ACLs to fix that. Regards, Wolfgang -- Wolfgang Breyha [EMAIL PROTECTED] | http://www.blafasel.at/ Vienna University Computer Center | Austria Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
inbox creration in cyrus
Dear list, I am using felamimail as email client and the server is cyrus imap. now the account is created by felamimail automatically. but the accounts are created as user.username user.username.sent user.username.trash and these folders are also appeared as such manner in felamimail. I like the account as user/usernameuser/username/trash user/username/sent so what to do so cyrus creates the folder in this manner. here is my /etc/imapd.conf - configdirectory: /var/lib/imap partition-default: /var/spool/imap sievedir: /var/lib/sieve admins: cyrus allowanonymouslogin: no allowplaintext: yes sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN LOGIN sasl_minimum_layer: 0 autocreatequota: 1 reject8bit: no quotawarn: 90 timeout: 30 poptimeout: 10 dracinterval: 0 drachost: localhost servername: lvps87-230-8-228.dedicated.hosteurope.de defaultdomain: dedicated.hosteurope.de loginrealms: dedicated.hosteurope.de unixhierarchysep: yes virtdomains: yes hashimapspool: true lmtp_overquota_perm_failure: no lmtp_downcase_rcpt: yes lmtpsocket: /var/lib/imap/socket/lmtp -- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: how to enable digestmd5 and crammd5 ?
On Fri, Apr 20, 2007 at 10:55:19AM +0200, Goetz Babin-Ebell wrote: 1. have to store plaintext passwords in ldap directory. 2. ACL on ldap directory must be configured for open access to userPassword field for read, not only for auth. And with that open a can of worms I don't think Joydeep want to open... 3. cyrus imapd must use saslauthd for authentication. 4. saslauthd must have access to users passwords in ldap and must have configured ldapdb_mech option. So cyrus can't do plain cram-md5 / digest-md5 with LDAP But saslauthd can. Something new... o-ops... Shared secrets mechanisms Put another way, you cannot use saslauthd with these methods. Auxiliary Properties SASLv2 introduces the concept of Auxilliary Properties. That is, the ability for information related to authentication and authorization to all be looked up at once from a directory during the authentication process. SASL Plugins internally take advantage of this to do password lookups in directories such as the SASLdb, LDAP or a SQL database. Applications can look up arbitrary properties through them. imapd.conf(5): sasl_pwcheck_method: none The mechanism used by the server to verify plaintext passwords. Possible values include auxprop, ... May be it can help, but I'm not sure. WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: inbox creration in cyrus
Hi, i don't know felamimail, but the option unixhierarchysep: yes sets / as folder seperator. You still can create user.test and user.test.trash, but that are two totally independet folders and user.test.trash is not a subfolder of user.test . The user test will not have an INBOX because of user.test is not a subfolder of user . So you have to tell felamimail to create the accounts as user/username Quoting JOYDEEP [EMAIL PROTECTED]: Dear list, I am using felamimail as email client and the server is cyrus imap. now the account is created by felamimail automatically. but the accounts are created as user.username user.username.sent user.username.trash and these folders are also appeared as such manner in felamimail. I like the account as user/usernameuser/username/trash user/username/sent so what to do so cyrus creates the folder in this manner. here is my /etc/imapd.conf - configdirectory: /var/lib/imap partition-default: /var/spool/imap sievedir: /var/lib/sieve admins: cyrus allowanonymouslogin: no allowplaintext: yes sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN LOGIN sasl_minimum_layer: 0 autocreatequota: 1 reject8bit: no quotawarn: 90 timeout: 30 poptimeout: 10 dracinterval: 0 drachost: localhost servername: lvps87-230-8-228.dedicated.hosteurope.de defaultdomain: dedicated.hosteurope.de loginrealms: dedicated.hosteurope.de unixhierarchysep: yes virtdomains: yes hashimapspool: true lmtp_overquota_perm_failure: no lmtp_downcase_rcpt: yes lmtpsocket: /var/lib/imap/socket/lmtp -- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html M.Menge Tel.: (49) 7071/29-70316 Universitaet Tuebingen Fax.: (49) 7071/29-5912 Zentrum fuer Datenverarbeitung mail: [EMAIL PROTECTED] Waechterstrasse 76 72074 Tuebingen smime.p7s Description: S/MIME krytographische Unterschrift Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
explain the murder
Greetings I have been thinking about deploying a murder aggregator for two OSX servers. I have noticed my email headers contain Received: from murder ([unix socket]) , does this mean that murder is already installed? -jeff Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: RTCyrus3 - sendmail and cyrus-imap integration
Hi Andrzej, It's great to see you still working on this. Currently we are using a murder setup, with virtual domains and socketmap for user checking. We are using version 2 of your sendmail/cyrus integration. I've setup this version 3 with slight modification. My virtual hosts are stored in LDAP, for example, so I've changed the define in sendmail.mc to: [EMAIL PROTECTED] (with the appropriate LDAP entries and config in sendmail.mc). So I have version 3 working, and everything seems to be fine. I am wondering if there's any reason to switch from version 2 to version 3? Is there a benefit I'm not seeing? Also, is there no way of making the over quota message something other than User unknown or would that have to be handled in cyrus source? Thanks! -Lenny Andrzej Adam Filip wrote: I would like to announce new version of RTCyrus recipes for Sendmail and Cyrus IMAP integration. RTCyrus3 has been designed for easy integration of sendmail with virtual domains provided by Cyrus IMAP. It includes support for aliases. http://anfi.homeunix.net/sendmail/rtcyrus3.html Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: inbox creration in cyrus
Michael Menge wrote: Hi, i don't know felamimail, but the option unixhierarchysep: yes sets / as folder seperator. You still can create user.test and user.test.trash, but that are two totally independet folders and user.test.trash is not a subfolder of user.test . The user test will not have an INBOX because of user.test is not a subfolder of user . So you have to tell felamimail to create the accounts as user/username Hi Michael, thanks for your response but as u can see my config below I already have [unixhierarchysep: yes] there is no such configuration in felamimail so that I can set user/username more over when I manually create an user.username by cyradm I can't use sam command as sam cyrius -c user.usernamereports mailbox doesn't exist. do u have any idea why it is happening ? any mistake in my /etc/imapd.conf ? the file is at below thanks Quoting JOYDEEP [EMAIL PROTECTED]: Dear list, I am using felamimail as email client and the server is cyrus imap. now the account is created by felamimail automatically. but the accounts are created as user.username user.username.sent user.username.trash and these folders are also appeared as such manner in felamimail. I like the account as user/usernameuser/username/trash user/username/sent so what to do so cyrus creates the folder in this manner. here is my /etc/imapd.conf - configdirectory: /var/lib/imap partition-default: /var/spool/imap sievedir: /var/lib/sieve admins: cyrus allowanonymouslogin: no allowplaintext: yes sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN LOGIN sasl_minimum_layer: 0 autocreatequota: 1 reject8bit: no quotawarn: 90 timeout: 30 poptimeout: 10 dracinterval: 0 drachost: localhost servername: lvps87-230-8-228.dedicated.hosteurope.de defaultdomain: dedicated.hosteurope.de loginrealms: dedicated.hosteurope.de unixhierarchysep: yes virtdomains: yes hashimapspool: true lmtp_overquota_perm_failure: no lmtp_downcase_rcpt: yes lmtpsocket: /var/lib/imap/socket/lmtp -- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html M.Menge Tel.: (49) 7071/29-70316 Universitaet Tuebingen Fax.: (49) 7071/29-5912 Zentrum fuer Datenverarbeitung mail: [EMAIL PROTECTED] Waechterstrasse 76 72074 Tuebingen Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: RTCyrus3 - sendmail and cyrus-imap integration
Lenny wrote: Andrzej Adam Filip wrote: I would like to announce new version of RTCyrus recipes for Sendmail and Cyrus IMAP integration. RTCyrus3 has been designed for easy integration of sendmail with virtual domains provided by Cyrus IMAP. It includes support for aliases. http://anfi.homeunix.net/sendmail/rtcyrus3.html Hi Andrzej, It's great to see you still working on this. Currently we are using a murder setup, with virtual domains and socketmap for user checking. We are using version 2 of your sendmail/cyrus integration. I've setup this version 3 with slight modification. My virtual hosts are stored in LDAP, for example, so I've changed the define in sendmail.mc to: [EMAIL PROTECTED] (with the appropriate LDAP entries and config in sendmail.mc). So I have version 3 working, and everything seems to be fine. I am wondering if there's any reason to switch from version 2 to version 3? Is there a benefit I'm not seeing? There are two main improvements: a) *full* support for aliases in cyrus virtual domains [EMAIL PROTECTED]: ... [there were problems with aliases for no such mailbox] b) cyrus virtual domains are listed in *single* place/file In RTCyrus2-mailertable the domains have to be listed in: * mailertable * access db [HUPing sendmail daemon is required in case of changing the list] Also, is there no way of making the over quota message something other than User unknown or would that have to be handled in cyrus source? Due to *sendmail.cf* limitations it would require changes in Cyrus-IMAP implementation of socket map server. In current implementation Cyrus-IMAP ignores map name. Proper over quota handling should do something like recipe below: * return current results for map named cyrus * return in reply mailbox status for map named cyrus2 mailbox OK = return OK:mailbox instead of current mailbox mailbox over quota = return ERR:OVER:mailbox instead of current way of signaling problem [sendmail.cf can't access explanation string] P.S. I think it is a YASA (yet another simple after) solution :-) -- [plen: Andrew] Andrzej Adam Filip : [EMAIL PROTECTED] : [EMAIL PROTECTED] Home site: http://anfi.homeunix.net/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: squatter segfaults on large mailboxes - FreeBSD
The error is Indexing mailbox user/spamdump/archive/2006/08... Segmentation fault kernel: pid 6988 (squatter), uid 60: exited on signal 11 Never mind - corrupted mailbox - sorry for the noise. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus autorization identifier trick
On Thu, 19 Apr 2007, Nestor A. Diaz wrote: Andrew Morgan wrote: Easy. When you want to look at another user's mail, just modify the permissions on their mailbox. You can do this with cyradm like so: sam user.foo adminuser all We use a perl script that does this recursively for each folder that belongs to a specify user, and a second script that recursively removes the permission when we are finished. After granting these permissions, you'll see the user's mailbox in your IMAP namespace as Other Users.foo. Ok, that's clear for me, but since i am going to have a huge mailstore i don't like the idea of the person having to subscribe to each user mailbox, or modifying the user mailbox acl each time the person want to access data, so as an easy way i was thinking on using sasl as a helper, if that's not possible what i am thinking to create at first time, is that when the admin (which is really a supervisor with just read privilegies) wants to see others users mailbox, it just open a web application, that ask for their password, if validation went ok, then ask for the mailbox he wants to see and recurisvely change permissions, this way the Supervisor can see what others user have into their mailbox without using cyradm command line. You don't want to have these permissions set for all users, continuously. It is also a bad idea to have any of your Cyrus admin users (ones defined in imapd.conf as admins) have mailboxes. Your idea of using a web page to temporarily grant access sounds like a reasonable idea to me. Andy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sieveshell and sivtest is not working here :-(
On Fri, 20 Apr 2007, JOYDEEP wrote:
Dear list,
in my system sieve is not working. I check the user cyrus by imtest.
the command is imtest -a cyrus -u cyrus localhost -s
---
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
S: * OK lvps87-230-8-228.dedicated.hosteurope.de Cyrus IMAP4 v2.2.12
server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
AUTH=PLAIN AUTH=LOGIN SASL-IR X-NETSCAPE
S: C01 OK Completed
Please enter your password:
C: A01 AUTHENTICATE PLAIN Y3lydXMAY3lydXMAbWFoYWRldg==
S: A01 OK Success (tls protection)
Authenticated.
Security strength factor: 256
---
now sivtest -a cyrus localhost reports
S: IMPLEMENTATION Cyrus timsieved v2.2.12
S: SASL PLAIN LOGIN
S: SIEVE fileinto reject envelope vacation imapflags notify
subaddress relational comparator-i;ascii-numeric regex
S: STARTTLS
S: OK
Please enter your password:
C: AUTHENTICATE PLAIN {20+}
AGN5cnVzAG1haGFkZXY=
S: NO Authentication Error
Authentication failed. generic failure
Security strength factor: 0
--
where may be the problem here ?
Even sieveshell localhost is not working too.
see below
lvps87-230-8-228:~ # sieveshell localhost
connecting to localhost
Please enter your password:
unable to connect to server at /usr/bin/sieveshell line 169, STDIN line 1.
---
here is the log
Apr 19 09:15:23 lvps87-230-8-228 sieve[3675]: attempting server step
after doneflag
Apr 19 09:15:23 lvps87-230-8-228 sieve[3675]: badlogin:
lvps87-230-8-228.dedicated.hosteurope.de[127.0.0.1] LOGIN generic failure
Apr 19 09:15:23 lvps87-230-8-228 perl: No worthy mechs found
Apr 19 09:15:23 lvps87-230-8-228 master[31987]: process 3675 exited,
status 0
---
please note I have cyrus-sasl-plain and cyrus-sasl-Login module installed.
Are you using saslauthd with the 'pam' mechanism? Did you copy
/etc/pam.d/imap to /etc/pam.d/sieve?
Andy
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
how to run sieve scripts?
I created a simple sieve script using the sieve extension in Thunderbird. The script gets installed under /var/lib/imap/seive/j/jeremy/copyAndy.script, and makes a copyAndy.bc file in the same directory. However, it never gets run. What do I need to do to get invoked? In the maillog, I see an error: lmtpunix[..]: IOERROR: fstating sieve script /var/lib/imap/sieve/j/jeremy/defaultbc: No such file or directory So, it looks like its searching for a default, but why not the one I installed? Thanks, Andy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: how to run sieve scripts?
On Fri, 20 Apr 2007, Andy Howell wrote: I created a simple sieve script using the sieve extension in Thunderbird. The script gets installed under /var/lib/imap/seive/j/jeremy/copyAndy.script, and makes a copyAndy.bc file in the same directory. However, it never gets run. What do I need to do to get invoked? In the maillog, I see an error: lmtpunix[..]: IOERROR: fstating sieve script /var/lib/imap/sieve/j/jeremy/defaultbc: No such file or directory So, it looks like its searching for a default, but why not the one I installed? I have no idea how it works in Thunderbird. When you are using sieveshell, you upload the script and then activate it. The activation step creates a symlink from defaultbc to your script, marking it as the script in use. With sieveshell you can upload multiple scripts and switch between them using activate. Andy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
