cyrus-imap + cyrus-sasl : "user not found"
Hello - I subscribed here because I'm having a heck of a time with something I would imagine should be pretty easy: namely, I want to cyrus-imap with the saslpasswd. But I after a few hours and much reading and trial-and-error, I've had no success. I'm on gentoo linux, using cyrus-sasl-2.1.22 and cyrus-imapd-2.2.12: mybox ~ # saslpasswd2 -a smtpauth cyrus mybox ~ # sasldblistusers2 [EMAIL PROTECTED]: userPassword mybox ~ # cyradm --user cyrus localhost IMAP Password: localhost> log output shows: May 15 13:04:22 mybox imap[8862]: accepted connection May 15 13:04:22 mybox perl: No worthy mechs found May 15 13:04:23 mybox imap[8862]: login: localhost [127.0.0.1] cyrus plaintext User logged in First question: why the "No worthy mechs found"? mybox ~ # imtest -u cyrus localhost -t "" S: * OK mybox Cyrus IMAP4 v2.2.12-Gentoo server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE STARTTLS LISTEXT LIST-SUBSCRIBED X-NETSCAPE S: C01 OK Completed C: S01 STARTTLS S: S01 OK Begin TLS negotiation now verify error:num=18:self signed certificate verify error:num=7:certificate signature failure TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits) C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=PLAIN SASL-IR LISTEXT LIST-SUBSCRIBED X-NETSCAPE S: C01 OK Completed Please enter your password: C: A01 AUTHENTICATE PLAIN Y3lydXMAcm9vdABjeXJ1cw== S: A01 NO user not found Authentication failed. generic failure Security strength factor: 256 log output shows: May 15 13:06:16 mybox imap[8862]: accepted connection May 15 13:06:16 mybox imap[8862]: starttls: TLSv1 with cipher AES256-SHA (256/256 bits new) no authentication May 15 13:06:20 mybox imap[8862]: badlogin: localhost [127.0.0.1] PLAIN [SASL(-13): user not found: Password verification failed] Second question: why am I getting "user not found"? Here's my imap.conf: postmaster: postmaster sendmail: /usr/sbin/sendmail altnamespace: yes unixhierarchysep: yes configdirectory:/var/imap partition-default: /var/spool/imap tls_ca_path:/etc/ssl/certs tls_cert_file: /etc/ssl/cyrus/server.crt tls_key_file: /etc/ssl/cyrus/server.key hashimapspool: yes allowanonymouslogin:no allowplaintext: yes sasl_pwcheck_method:auxprop sasl_mech_list: PLAIN Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
subfolder delivery with plus addressing, lmtp
I am delivering mail into subfolders with plus addressing, using lmtp over Unix domain sockets. I discovered that in order to do this I needed to, e.g. (in cyradm) setacl INBOX.comp anyone p (from a message by Phil Pennock on exim-users 2006-04-22). Otherwise they end up in the main INBOX. I thought that delivery by Unix domain sockets was done as an administrator, and no additional rights would be necessary. Is my understanding of administrator rights wrong, or is something off about my setup with the sockets? The Cyrus IMAP server FAQ says This submailbox must allow the posting user the 'p' right (generally, this means 'anyone' must have the 'p' right), otherwise the message will just be filed into the user's INBOX. The Overview says Alternatively you may deliver via LMTP to a unix domain socket, and the connection will be preauthenticated as an administrative user (and access control is accomplished by controlling access to the socket). I'm using exim 4.6.13-7 and cyrus 2.2.13-10 on Debian GNU/Linux; all operations are on the same machine. Since I discoverd a few things about how to get this working, this setup info may be helpful to others with exim + cyrus. imapd.conf includes admins: cyrus exim's config includes the router imap_user: debug_print = "R: imap_user for [EMAIL PROTECTED]" driver = accept local_part_suffix_optional = true local_part_suffix = +* local_parts = +imap_users transport = cyrus with transport # Deliver to local cyrus IMAP server via LMTP cyrus: debug_print = "T: cyrus for [EMAIL PROTECTED]" driver = lmtp delivery_date_add envelope_to_add return_path_add rcpt_include_affixes = yes user = cyrus socket = /var/run/cyrus/socket/lmtp batch_max = 40 When I send a message to [EMAIL PROTECTED] the exim log shows 2007-05-14 11:32:31 1HnfLQ-GB-Bu => ross+comp <[EMAIL PROTECTED]> R=imap_user T=cyrus and the cyrus log shows May 14 11:24:50 corn cyrus/lmtpunix[752]: Delivered: <[EMAIL PROTECTED]> to mailbox: user.ross I also tried ross+INBOX.comp When I added the "anyone p" acl shown at the top of the message, this finally worked. Ross Boylan P.S. My original version of the router lacked the suffix options and the transport lacked the affixes option. It would be nice if cyradm had a feature allowing recursive setting of acls. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
sync startup script
Hello Everyone, Could someone please post their version of the cyrus sync startup script used by linux o/s. I want to separate out the sync startup stuff from the main cyrus imap startup since we are having problems keeping sync running. I am open to suggestions. Cheers, Roberto Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve vacation does not catch alias-address es? [auf Viren überprüft]
[EMAIL PROTECTED] schrieb: 5. Select "Vacation", set the Addresses-textfield to '[EMAIL PROTECTED],[EMAIL PROTECTED]'. Click Move on to Step 4 > [...] ["[EMAIL PROTECTED]","[EMAIL PROTECTED]"] text: I'm not sure. Maybe you have to put more than a address into brackets ("addr","addr") to group them. I think sieve checks the mail header (to:, cc:, bcc:). So the address in the header must match the one in the vacation statement. Hand Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus with a NFS storage. random DBERROR
On Thu, May 03, 2007 at 05:08:52PM +0200, Paul Dekkers wrote: > I recently tried to use NFS (on a RedHat client, both to a NetApp filer > as well as a RedHat NFS server) and I'll share my experiences: > > Michael Menge wrote: > > Cyrus has 2 problems with NFS. > > > > 1. Cyrus depends on filesystem locking. NFS-4 should have solved this > > problem > > but i have not tested it. > > > > 2. BerkleyDB uses shared Memory which does not work accros multiple > > servers. > > I used skiplist in the tests (default with Simon's RPM), and initially > just used NFSv3 (and I also tested NFSv4): as long as I mounted with the > -o nolock option it actually worked quite well (also on NFSv3). The > performance was even better with the NetApp as target than with a local > filesystem (and NFSv3 was faster than v4). > > The nolock options does not disable locking (as I understand it) for the > filesystem, it just disables locking over NFS, so other nodes won't have > the same file locked. (Correct me if I'm wrong.) My intention was not to > have an active-active setup, so in that regard this might not be that > bad. Not sure what other catches there are though. Are you try metapartition* options? If you don't need active-active setup it can be useful. > I stressed the setup with the imaptest tool from Dovecot, I saw problems > with that in the past (also with NFSv3 and v4, but in combination with > Cyrus 2.2 and I'm not sure if I tried nolock), now it seemed to do just > fine. Only NFSv4 does not seem to be the answer, it seems that -o nolock > is (on Linux as client). > > I'm very hesitant to put this into production, I just wanted to do some > more tests and ask others after that if they think this is wise or > not... I couldn't find the time to do more tests... (like see how RedHat > 5 behaves instead of RedHat 4, if the tric also works on FreeBSD, if I > can make it fail one way or another... suggestions always welcome...) On FreeBSD you can use gmirror+ggated for mirroring disk partition between servers. WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
A setting method of REPLICATION in Cyrus-IMAP
Hello. There is a question about REPLICATION in Cyrus-IMAP. At first, can I manage Cyrus-IMAP with MASTER-MASTER constitution with two servers when I use REPLICATION? I searched a document and ML, but think that I have you teach it because only a method to manage as MASTER-SLAVE seems to be carried. By the way, I set it in the following examination environment at first to manage it by MASTER-SLAVE constitution. Server: IP: 1.1.1.1 The OS: Solaris9(SPARC) Software: Cyrus-IMAP 2.2.10 (./configure --disable-gssapi --with-sasl --with-bdb \ --with-openssl --with-libwrap) Cyrus-SASL 2.1.20 (./configure --disable-krb4 --disable-gssapi --enable-login \ --with-pam --with-des --with-openssl) Mail Spool: /var/spool/imap(on NFS) DBs: /var/imap Replica: IP: 1.1.1.2 The OS: Solaris9(SPARC) Software: Cyrus-IMAP 2.2.10 (The same as above) Cyrus-SASL 2.1.20 (The same as above) Mail Spool: /var/spool/imap(on NFS) DBs: /var/imap I worked as follows. 1) Setting up Server - /etc/imapd.conf configdirectory: /var/imap partition-default: /var/spool/imap admins: cyrus, cyrus-admin sasl_pwcheck_method: saslauthd pop3_tls_cert_file: /var/imap/server.pem pop3_tls_key_file: /var/imap/server.pem imap_tls_cert_file: /var/imap/server.pem imap_tls_key_file: /var/imap/server.pem tls_cert_file: /var/imap/server.pem tls_key_file: /var/imap/server.pem expunge_mode: delayed sync_host: 1.1.1.2 sync_authname: cyrus-admin sync_password: password sync_log: 1 - /etc/services csync 2005/tcp 2) Setting up Replica - /etc/imapd.conf configdirectory: /var/imap partition-default: /var/spool/imap admins: cyrus, cyrus-admin sasl_pwcheck_method: saslauthd pop3_tls_cert_file: /var/imap/server.pem pop3_tls_key_file: /var/imap/server.pem imap_tls_cert_file: /var/imap/server.pem imap_tls_key_file: /var/imap/server.pem tls_cert_file: /var/imap/server.pem tls_key_file: /var/imap/server.pem - /etc/cyrus.conf SERVICES { # add or remove based on preferences imap cmd="imapd" listen="imap" prefork=0 imaps cmd="imapd -s" listen="imaps" prefork=0 provide_uuid=1 pop3 cmd="pop3d" listen="pop3" prefork=0 pop3s cmd="pop3d -s" listen="pop3s" prefork=0 sieve cmd="timsieved" listen="sieve" prefork=0 # these are only necessary if receiving/exporting usenet via NNTP # Nntp cmd="nntpd" listen="nntp" prefork=0 provide_uuid=1 # nntps cmd="nntpd -s" listen="nntps" prefork=0 # at least one LMTP is required for delivery # lmtp cmd="lmtpd" listen="lmtp" prefork=0 lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0 provide_uuid=1 # this is only necessary if using notifications # notifycmd="notifyd" listen="/var/imap/socket/notify" proto="udp" prefork=1 syncserver cmd="/usr/cyrus/bin/sync_server" listen="csync" } ... - /etc/services csync 2005/tcp 3) Start Cyrus-IMAP on Server/Replica saslauthd -a pam -n 0 & /usr/cyrus/bin/master & 4) Start sync_client on Server I carry it out in Server as follows /usr/cyrus/bin/sync_client -l -v -u username Then the following messages display in a terminal 1.1.1.2 Can not connect to server '', 15 retrying in seconds And the following messages output in /var/log/imapd.log May 14 15:59:05 Replica syncserver[17840]: [ID 518349 local6.debug] executed May 14 15:59:05 Replica syncserver[17840]: [ID 921384 local6.debug] accepted connection May 14 15:59:05 Replica syncserver[17840]: [ID 177842 local6.debug] cmdloop(): startup May 14 15:59:05 Replica syncserver[17840]: [ID 824502 local6.notice] badlogin: Server [1.1.1.1] DIGEST-MD5 [SASL(-13): user not found: no secret in database] May 14 15:59:09 Replica syncserver[17840]: [ID 921384 local6.debug] accepted connection May 14 15:59:09 Replica syncserver[17840]: [ID 177842 local6.debug] cmdloop(): startup May 14 15:59:09 Replica syncserver[17840]: [ID 824502 local6.notice] badlogin: Server [1.1.1.1] DIGEST-MD5 [SASL(-13): user not found: no secret in database] On Replica side, saslauthd starts with -a pam option, and cyrus-admin user exist in /etc/passwd. I am happy as things mentioned above when I can have advice. - flathill Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Sieve vacation does not catch alias-addresses?
Hello, I have a weird problem where sieve does not match properly the recipient alias address when using the vacation rule. Specifically: I run a CentOS4.4 Linux box with postfix (2.2.10-1.RHEL4.2) + cyrus-imapd (2.2.12-3.RHEL4.1). The rules are created via Squirrelmail (1.4.10-1.el4) + avelsieve (1.0.1). Cyrus-Imapd is set up to use virtual domains (which work otherwise ok) and the users log on to read their email with the [EMAIL PROTECTED] login. Aliases (in the form of [EMAIL PROTECTED]) has been created for each user in Postfix (via the virtual_alias_maps-configuration). The problem is that sieve only 'catches' messages sent to the [EMAIL PROTECTED] address, when created in avelsieve followingly: 1. Go to Options 2. Select Message Filters 3. Click Add a New Rule 4. Select All Messages, click Move on to Step 3 5. Select "Vacation", set the Addresses-textfield to '[EMAIL PROTECTED],[EMAIL PROTECTED]'. Click Move on to Step 4 6. Click Finish 7. Click Save Changes When viewing through the sieveshell, the rule looks like this: # This script has been automatically generated by avelsieve # (Sieve Mail Filters Plugin for Squirrelmail) #AVELSIEVE_VERSIONYTo0OntzOjU6Im1ham9yIjtpOjE7czo1OiJtaW5vciI7aTowO3M6NzoicmVsZWFzZSI7aToxO3M6Njoic3RyaW5nIjtzOjU6IjEuMC4xIjt9 #AVELSIEVE_CREATED1178788687 #AVELSIEVE_MODIFIED1179124924 require ["fileinto","reject","vacation","imapflags","relational","comparator-i;ascii-numeric","regex","notify"]; if #START_SIEVE_RULEYTo1OntzOjQ6InR5cGUiO3M6MToiNCI7czo2OiJhY3Rpb24iO3M6MToiNiI7czoxMzoidmFjX2FkZHJlc3NlcyI7czo0ODoicG9sdHNpQDc3Ny10ZWFtLm9yZyxwYXVsLWVyaWsudG9ycm9uZW5AcG9sdHNpLmZpIjtzOjg6InZ hY19kYXlzIjtzOjE6IjciO3M6MTE6InZhY19tZXNzYWdlIjtzOjEzMDoiVGhpcyBpcyBhbiBhdXRvbWF0ZWQgcmVwbHk7IEkgYW0gYXdheSBhbmQgd2lsbCBub3QgYmUgYWJsZSB0byByZXBseSB0byB5b3UgaW1tZWRpYXRlbHkuSSB3aWxsIGdldCBiYWNrIHRvIHlvdSBhcyBzb29uIGFzIEkgcmV0dXJuLiI7fQ%3D%3DEND_SIEVE_RULE true { vacation :days 7 :addresses ["[EMAIL PROTECTED]","[EMAIL PROTECTED]"] text: This is an automated reply; I am away and will not be able to reply to you immediately.I will get back to you as soon as I return. . ; } Sending a message (from another account) to the [EMAIL PROTECTED] works as it should, but fails when I send a message to the [EMAIL PROTECTED] No notification is sent back to the original sender. I've also tried leaving the Address-textfield empty (in hopes of this being a real 'match-anything'), as well as only using the [EMAIL PROTECTED] address, but neither works. Is there something I have missed, or does the vacation only work with 'real' addresses? TIA, Poltsi Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html