Re: Automatic Sieve Script Subscription
Ok, I'm not perl script Writer.. So i decided to create mailboxes with Websieve, and add differents sieve script with Squirrelmail avelsieve plugin. If I create them on Websieve and user create one one Squirrelmail, the Websieve script is lost and not concatenate. I haven't got so much mailboxes to create... That will be ok. Thanks. Message du 22/08/07 11:26 De : Christian Kratzer [EMAIL PROTECTED] A : Peter [EMAIL PROTECTED] Copie à : info-cyrus@lists.andrew.cmu.edu Objet : Re: Automatic Sieve Script Subscription Hi, On Wed, 22 Aug 2007, Peter wrote: Hello. Where can i find the perl module Cyrus::SIEVE::managesieve for download ?? its a part of cyrus imap so you should already have it. ps: please keep the list on the cc. Greetings Christian /Peter Thanks a lot! I will try it. Message du 21/08/07 12:12 De : Christian Kratzer [EMAIL PROTECTED] A : [EMAIL PROTECTED] [EMAIL PROTECTED] Copie à : info-cyrus info-cyrus@lists.andrew.cmu.edu Objet : Re: Automatic Sieve Script Subscription Hi, On Tue, 21 Aug 2007, [EMAIL PROTECTED] wrote: Hy all, Do you know if there's a way for any mailboxes to subscribe automaticaly to a sieve script at creation of the mailbox? I would like for all users to transfert SPAM tagged subject to a SPAM folders, or mailling list mail to mailling list folder without having to explain all users to write it with avelsieve. I tought Autosieve patch was able to do it but it only creates folders if it doesn't exist. we use a perl script to automatically create new accounts, create and subscribe the Spam mailbox and also install and activate a default sieve script. We use following perl modules: use Cyrus::IMAP::Admin; use Cyrus::SIEVE::managesieve; use IMAP::Admin; IMAP::Admin required a patch to allow logging in with separate authentication and authorisation rules for subscribing to the newly created Spam mailbox. Apart from that it was straight forward. Greetings Christian -- Christian Kratzer CK Software GmbH Email: [EMAIL PROTECTED] Schwarzwaldstr. 31 Phone: +49 7452 889 135 D-71131 Jettingen Fax: +49 7452 889 136 HRB 245288, Amtsgericht Stuttgart Web: http://www.cksoft.de/ Geschaeftsfuehrer: Christian Kratzer Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -- Christian Kratzer CK Software GmbH Email: [EMAIL PROTECTED] Schwarzwaldstr. 31 Phone: +49 7452 889 135 D-71131 Jettingen Fax: +49 7452 889 136 HRB 245288, Amtsgericht Stuttgart Web: http://www.cksoft.de/ Geschaeftsfuehrer: Christian Kratzer [ (pas de nom de fichier) (0.2 Ko) ] Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
SSL/TLS certificates with virtual domains
Hi, all. I'm configuring a Cyrus IMAPD server for a number of virtual domains, and I'm concerned about a potential issue with SSL/TLS for the virtual hosts, which is that I can't find a way of specifying different certificates for each virtual host. We strongly encourage users to use encryption, but I don't want mail clients throwing a certificate name mismatch error every time they connect to anything other than the default domain. I checked the docs/man pages/FAQ but haven't found a per-domain way of configuring different cert/key files. I'm hoping this functionality exists, but is as yet undocumented... I'm using version 2.3.8, if that makes any difference. Thanks! Nels Lindquist Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: SSL/TLS certificates with virtual domains
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Nels Lindquist schrieb:
Hi, all.
Hello Nels,
I'm configuring a Cyrus IMAPD server for a number of virtual domains,
and I'm concerned about a potential issue with SSL/TLS for the virtual
hosts, which is that I can't find a way of specifying different
certificates for each virtual host.
This question pops up occasionally in most list concerning SSL.
You can only use one certificate for one IP address / port pair.
If you have several IP addresses on your host,
you can run several insances of cyrus to listen on
the different IP addresses and every one of them having it's own
certificate.
We strongly encourage users to use encryption, but I don't want mail
clients throwing a certificate name mismatch error every time they
connect to anything other than the default domain.
I checked the docs/man pages/FAQ but haven't found a per-domain way of
configuring different cert/key files.
I'm hoping this functionality exists, but is as yet undocumented...
If all of your servers share the same IP address it is not possible.
If you have different IP addresses, use something like:
cyrus.conf:
SERVICES {
imap cmd=imapd listen=imap prefork=1
imaps cmd=imapd -s -C /etc/imapd1.conf listen=192.168.0.1:imaps
prefork=0
imaps cmd=imapd -s -C /etc/imapd2.conf listen=192.168.0.2:imaps
prefork=0
If you have one one IP address and want it to serve several domains,
you can do it with one certificate having an subjectAltName extension
containing the domain names you use.
At least the MUA I tested can handle that.
Bye
Goetz
- --
DMCA: The greed of the few outweights the freedom of the many
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGzgxy2iGqZUF3qPYRAlj7AKCGl+hukAiIQUzWNOT6LbQpt8ULVwCfaknZ
1StKHoasYmc5ykZwih1UPMI=
=NiD0
-END PGP SIGNATURE-
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: SSL/TLS certificates with virtual domains
Goetz Babin-Ebell wrote:
This question pops up occasionally in most list concerning SSL.
You can only use one certificate for one IP address / port pair.
If you have several IP addresses on your host,
you can run several insances of cyrus to listen on
the different IP addresses and every one of them having it's own
certificate.
I do indeed have an IP address for each virtual host, so that should be
okay.
If all of your servers share the same IP address it is not possible.
If you have different IP addresses, use something like:
cyrus.conf:
SERVICES {
imap cmd=imapd listen=imap prefork=1
imaps cmd=imapd -s -C /etc/imapd1.conf listen=192.168.0.1:imaps
prefork=0
imaps cmd=imapd -s -C /etc/imapd2.conf listen=192.168.0.2:imaps
prefork=0
How much configuration similarity does there have to be between the
different config files? Can I change anything except for the
tls_[*]_file directives?
Thanks very much for the information! I think this could work for us.
Nels Lindquist
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: SSL/TLS certificates with virtual domains
How much configuration similarity does there have to be between the different config files? Can I change anything except for the tls_[*]_file directives? Thanks very much for the information! I think this could work for us. Make one master imapd.conf file with everything but the certificate definitions (or any other domain-specific settings), then @include it from the stub imapd.confs that you point your cyrus components to. Less to worry about ;) -rob Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: better techniques to identify and remove zero-day viruses from cyrus store sought
Jorey Bump wrote, On 8/22/2007 8:23 AM: John Crawford wrote: Sieve is during delivery to the cyrus store though. As we have the capability to identify hazards to our users, I'd like to be able to exercise central strategies improve their quality of life. So I seek tools to leverage after detection to aid with removal or remediation. Maybe would be nice to have a just-in-time scan interface at the cyrus message level just as a message is being accessed. CPU processing is getting cheaper all the time. Hmm, this is an interesting problem. At one extreme, you're changing the mailstore or connection while the user is logged in, which could result in some confusion (and possibly trigger some client software issues). At the other extreme, you may have an account that hasn't been checked for weeks, so it's fine to remove malicious messages that have accumulated due to lack of detection before delivery. You also have to be careful not to remove messages that have been forwarded to your support address, as they will contain strings that may trigger detection. To handle all cases safely, you'd probably want to script using Cyrus::IMAP::Shell, so all changes are performed via IMAP. You can do this safely with Cyrus because it supports concurrent R/W access. Instead of deleting these messages, you'll want to put them in a quarantine account so you can restore them in the case of false positives. I don't see that it's possible to read any particular message, or to iterate and evaluate content of messages with Cyrus::IMAP::Shell. Do I miss something? I'm still not sure I'd be comfortable doing this beneath the nose of a logged in user. I'd also hesitate to touch anything outside the INBOX (and any quarantine folders you provide), since it can be assumed that the message was moved due to user action. I'd probably test this for a long time only on accounts that aren't being checked regularly (this also has the benefit of reducing the size of abandoned accounts). Have you found that the risks justify this effort? Are your ClamAV scans of the mailstore turning up anything? Are they serious threats? Yes, I get very good results of content I would like to safely hide away. I use standard clamav with the usual clamav signatures. I've not experienced problems from any false positives. I'll have a signature update, and it will find messages received 50 minutes earlier - ones my users don't need to be exposed to. thanks, John Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
