Re: ldap groups in acl
Marc Patermann wrote: Hi, IMAPd 2.2.12 is connected with sasl ldapdb (ptloader) to an OpenLDAP (2.3.x) server. I can set acls with existing groups. I cannot set acls with non existing groups. So far: IMAPd is checking for groups in LDAP just right. Afair, ldap group fixed in 2.3.13 ptloader. Try to update. WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus ACLs and groups from LDAP
Stefan Pampel wrote: Dmitriy Kirhlarov [EMAIL PROTECTED] schrieb: Christopher DeMarco wrote: I want to put a group: into an ACL, but I want to expand the group using LDAP rather than /etc/groups. A thread from this list circa 2006 seems to indicate that if PAM uses LDAP (or NIS for that matter), that Cyrus will use LDAP without even knowing it. I'd actually prefer that Cyrus do this explicitly -- for clarity's sake and because I don't want to switch the mail server over to LDAP-via-PAM authentication just yet. Is it possible, and if so, how? Yes. It's possible: https://dev.vega.ru/twiki/bin/view/SysAdmin/Sprint2008-11-18-2008-11-24 Hello Dmitriy, is this document also available in a public place? This place is password protected. Oops. :) http://lists.andrew.cmu.edu/pipermail/info-cyrus/2007-June/026192.html WBR Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus ACLs and groups from LDAP
Christopher DeMarco wrote: I want to put a group: into an ACL, but I want to expand the group using LDAP rather than /etc/groups. A thread from this list circa 2006 seems to indicate that if PAM uses LDAP (or NIS for that matter), that Cyrus will use LDAP without even knowing it. I'd actually prefer that Cyrus do this explicitly -- for clarity's sake and because I don't want to switch the mail server over to LDAP-via-PAM authentication just yet. Is it possible, and if so, how? Yes. It's possible: https://dev.vega.ru/twiki/bin/view/SysAdmin/Sprint2008-11-18-2008-11-24 also, afair, now issue with registering user in several groups fixed. WBR Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: ptloader problem
I can't do it. I try to create new login for my e-mail. Register it. Waiting several days for confirmation link without success. Could you, please, open this bug report? Wesley Craig wrote: You can add it to the bugzilla here: https://bugzilla.andrew.cmu.edu/ Thanks! :wes On 30 Jul 2008, at 05:57, Dmitriy Kirhlarov wrote: We find a problem -- when ptloader build with ldap support by gcc4 on amd64 platform it's doesn't work. After investigation ptloader core with gdb we find a problem. (I'm sorry, for possible unpropper problem description) 1. ldap.h have hints: #if LDAP_DEPRECATED LDAP_F( char ** ) ldap_get_values LDAP_P((/* deprecated, use ldap_get_values_len */ LDAP *ld, LDAPMessage *entry, LDAP_CONST char *target )); 2. cyrus building without -DLDAP_DEPRECATED, by default and ldap_get_values is int32 3. ptloader running 3.1 call libldap 3.2 libldap get values from server 3.3 return pointer to ptloader as int64 3.4 ptloader get it as _int32_ and core dumping My test configuration: cyrus-imapd-2.3.{8,11} with ldap support cyrus-sasl-saslauthd-2.1.22 with ldap support openldap 2.{3,4} FreeBSD 7.0 amd64 This configuration work very good on FreeBSD 6.x amd64. userbase in ldap, authentication over saslauthd, authorization over ptloader. How I can report a but to developers? I can provide my configs and detalize test procedure, if needed. WBR Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
ptloader problem
Hi, list We find a problem -- when ptloader build with ldap support by gcc4 on amd64 platform it's doesn't work. After investigation ptloader core with gdb we find a problem. (I'm sorry, for possible unpropper problem description) 1. ldap.h have hints: #if LDAP_DEPRECATED LDAP_F( char ** ) ldap_get_values LDAP_P((/* deprecated, use ldap_get_values_len */ LDAP *ld, LDAPMessage *entry, LDAP_CONST char *target )); 2. cyrus building without -DLDAP_DEPRECATED, by default and ldap_get_values is int32 3. ptloader running 3.1 call libldap 3.2 libldap get values from server 3.3 return pointer to ptloader as int64 3.4 ptloader get it as _int32_ and core dumping My test configuration: cyrus-imapd-2.3.{8,11} with ldap support cyrus-sasl-saslauthd-2.1.22 with ldap support openldap 2.{3,4} FreeBSD 7.0 amd64 This configuration work very good on FreeBSD 6.x amd64. userbase in ldap, authentication over saslauthd, authorization over ptloader. How I can report a but to developers? I can provide my configs and detalize test procedure, if needed. WBR Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
ptloader problem
Hi, list We find a problem -- when ptloader build with ldap support by gcc4 on amd64 platform it's doesn't work. After investigation ptloader core with gdb we find a problem. (I'm sorry, for possible unpropper problem description) 1. ldap.h have hints: #if LDAP_DEPRECATED LDAP_F( char ** ) ldap_get_values LDAP_P((/* deprecated, use ldap_get_values_len */ LDAP *ld, LDAPMessage *entry, LDAP_CONST char *target )); 2. cyrus building without -DLDAP_DEPRECATED, by default and ldap_get_values is int32 3. ptloader running 3.1 call libldap 3.2 libldap get values from server 3.3 return pointer to ptloader as int64 3.4 ptloader get it as _int32_ and core dumping My test configuration: cyrus-imapd-2.3.{8,11} with ldap support cyrus-sasl-saslauthd-2.1.22 with ldap support openldap 2.{3,4} FreeBSD 7.0 amd64 This configuration work very good on FreeBSD 6.x amd64. userbase in ldap, authentication over saslauthd, authorization over ptloader. How I can report a but to developers? I can provide my configs and detalize test procedure, if needed. WBR Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus + Ldap + sasl question
Sergio Belkin wrote: I have a server running with Centos 5.1 and: Cyrus: Lan POP and IMAP server both with SSL and plain and login mechanisms LDAP with SSL + SASL User passwords in LDAP are encrypted. Everything works fine. But I'd want to reduce overhead due SSL and change to Cyrus with md5 mechanism (or another nonplain mechanism) Can I do that? Please bear in mind, that I don't want to use non-encrypyted passwords on LDAP. cram-md5 and digest-md5 need unencrypted password on client and server side. kerberos mechanism can help you, but I don't know MUA with kerberos support. WBR Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
cyrus imapd 2.3.13 with openldap 2.4.x problems
Hi, list. I have worked configuration with openldap 2.3.x User database stored in ldap, authentication over saslauthd. Working fine with cyrus imapd 2.3.x Now I want migrate to openldap 2.4.x, but have a problem. Users can't authorize. I find a cause. It's ptloader Is somebody using %subj combination? WBR Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Virtdomains + per-domain-quota
Marcelo Henrique Cabral Ariza wrote: Hello everybody! I work in an ISP, and i have a mail server with +-700 domains. I just building a Postfix+cyrus+ldap+dspam system for this domains and need a help whith domain quota. Someone can help me? you can create partition per domain and use quota per partition. WBR Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus IMAPd 2.3.12 Released
Attached patch add to log information about moving messages between folders. I am using this information from logs for relaunch dspam. Any chances for add this patch to project tree? It's useful schema and I think it can be helpful not only for me. Some details: dspam watch all incoming messages and add tag spam|innocent and unique signature to message headers. sieve use this tag for moving|not-moving incoming message to USER/spam folder (every user have personal folder spam). If dspam miss, user can manually move message from|to spam folder. This fact fixed in cyrus log file. simple script parsing log and relaunch dspam. WBR. Dmitriy --- index.c.origMon Mar 3 16:21:13 2008 +++ index.c Mon Mar 3 17:01:48 2008 @@ -1313,6 +1313,7 @@ *copyuidp = NULL; copyargs.nummsg = 0; +copyargs.name = name; index_forsequence(mailbox, sequence, usinguid, index_copysetup, (char *)copyargs, NULL); @@ -3409,6 +3410,9 @@ xrealloc((char *)copyargs-copymsg, copyargs-msgalloc * sizeof(struct copymsg)); } + +syslog(LOG_ERR, DSPAM-Hack index_copysetup(): %s - %s, hdr %s, mailbox-name, + copyargs-name, index_getheader(mailbox, msgno, X-DSPAM-Signature)); copyargs-copymsg[copyargs-nummsg].uid = UID(msgno); copyargs-copymsg[copyargs-nummsg].internaldate = INTERNALDATE(msgno); --- index.h.origMon Mar 3 16:57:35 2008 +++ index.h Mon Mar 3 16:57:53 2008 @@ -126,6 +126,7 @@ struct copymsg *copymsg; int nummsg; int msgalloc; +char *name; }; struct mapfile { Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus IMAPd 2.3.12 Released
Sebastian Hagedorn wrote: --On 23. April 2008 15:37:19 +0400 Dmitriy Kirhlarov [EMAIL PROTECTED] wrote: Attached patch add to log information about moving messages between folders. I am using this information from logs for relaunch dspam. Any chances for add this patch to project tree? FWIW, logging this at LOG_ERR level certainly isn't the right way to do that ... I'd say it should be INFO at best, if not DEBUG. And with this correction, patch can be included to cyrus imapd repo? WBR Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Vacation notices time controlled
Christian Garling wrote: Hello, is there a user-friendly way to create time controlled vacation notices? We want to define start date and end date for vacation. I did not find something that would work while my internet search. rfc 5230. echo sieve_extensions: vacation imapd.conf WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Refusing users without a mailbox?
Paul van der Vlis wrote: Hello, A customer is using a system with a mailserver and a FTP-server on one machine. Now a FTP-user found out, that he can login with his FTP-username and password into the webmail (Horde/IMP), and send mail. FTP-users do not have a mailbox. Is there a way to make the authentication not OK for users without a mailbox? Or only OK for users who are member of a group? I am using Cyrus with saslauthd, PAM and the traditional Unix authentication mechanism (pam_unix.so). Look like you need: http://www.splitbrain.org/projects/pam_require/ WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Deleted cyrus.* files
David Flegl wrote: Hi all, I've a big broblem with my one mailbox. May someone help me, please?. User has got more then 3.500 messages in his mailbox and asked me to remove them directly without web-interface (SquirrelMail). I've unfortunattelly removed all file include cyrus.header, cyrus.index cyrus.cache. And now I'm not able neither reconstruct nor delete mailbox. I've tried this: 1] $cyradm --user [EMAIL PROTECTED] localhost localhostreconstruct -r user/bad.user reconstruct: System I/O Error localhostdm user/bad.user 2] localhostsam user/[EMAIL PROTECTED] [EMAIL PROTECTED] all setaclmailbox: [EMAIL PROTECTED]: lrswipcda: System I/O Error 3] logged as cyrus user to system: $ctl_cyrusdb -r try reconstruct from command line. 1. login as cyrus. 2. /usr/local/cyrus/bin/reconstruct -r user/bad.user WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Deleted cyrus.* files
David Flegl wrote: Hi, try reconstruct from command line. 1. login as cyrus. 2. /usr/local/cyrus/bin/reconstruct -r user/bad.user Thank's for a reply. I've tried but no effect. Reconstruct said: $/usr/local/cyrus/bin/reconstruct -r user/[EMAIL PROTECTED] domain.cz!user.bad^user: Mailbox has an invalid format and when I've tried this (without domain): $/usr/local/cyrus/bin/reconstruct -r user/bad.user $ Command has no response. And no log information. read /usr/local/cyrus/man/man8/reconstruct.8.gz and try to experiment with -p and -f. If it doesn't help, you can try to combine it with dump mboxlist, remove user account from dump, restore mboxlist (ctl_mboxlist(8)) and run reconstruct again or create user/account from cyradm. Don't forget backup user mailbox before experiments! WBR Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Backup advice
Nikos Gatsis wrote: I had to be more specific. I need advices for backing up cyrus emails... My solution is: 1. Some tuning for Berkley DB confg: [EMAIL PROTECTED] ~]# cat /var/imap/db/DB_CONFIG set_lg_max 104857600 set_lg_bsize 204800 set_lg_regionmax 409600 set_cachesize 0 512 2 2. regular dump of mbox list: [EMAIL PROTECTED] ~]# grep mbox /usr/local/etc/cyrus.conf mboxlist cmd=ctl_mboxlist.sh period=60 [EMAIL PROTECTED] ~]# cat /usr/local/cyrus/bin/ctl_mboxlist.sh #!/bin/sh /usr/local/cyrus/bin/ctl_mboxlist -d /var/imap/mboxlist.dump 3.backing up /var/imap/mboxlist.dump to cvs with ftp://segfault.kiev.ua/pub/cvsbackup.pl ftp://segfault.kiev.ua/pub/cvsbackup.cf.sample 4. backing up mail spool with http://www.rsnapshot.org 5. Also, I using replication (sync_{client,server}) for Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus IMAPd 2.3.10 Released
Ian G Batten wrote: On 25 Oct 07, at 1248, Ken Murchison wrote: What does imapd.conf look like? See second mail. Does the output of 'ctl_mboxlist -d' look reasonable? Yes. ctl_mboxlist -d /tmp/foo ctl_mboxlist -u /tmp/foo ctl_mboxlist -d | diff -c - /tmp/foo Check /tmp/foo for @domain part in folder acl. If it present, remove domain part, import /tmp/foo and restart server. WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: mbox to cyrus migration
Mike Zupan wrote: Are there any toold to migrate a mbox to cyrus mailbox? I have a mbox dumb from a dbmail mailbox and need to put it on a cyrus mailbox Any tools or pointers? http://www.linux-france.org/prj/imapsync WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: expunging deleted messages?
mikee wrote: [EMAIL PROTECTED] ~]$ time cyr_expire -v -E 3 -X 3 users snipped expiring messages in user.mikee.backup older than 2 days expiring messages in user.mikee.spam older than 5 days users snipped expunged 5405 out of 21470 messages from 21 mailboxes ^^^ It's work. [EMAIL PROTECTED] ~]$ cyrdump -v user.mikee.hobbit | grep 'flag' | less gs flag name=\Answered user=*/flag flag name=\Deleted user=*119862 119863 119864 119865 119866 119867 119868 119869 119870 119871 119872 119 ^^^ This messages not deleted. Just marked as \Deleted. see imapd.conf(5) about expunge_mode option WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: expunging deleted messages?
mikee wrote: Is there a command to go ahead and purge any messages that are flagged as \Deleted and the \Deleted flag was set X days ago? What I'm trying to accomplish is the automatic removal of any messages my users have 'deleted' and not yet purged. No. You need some external tool for making this. You can use proxyservers option for proxy account. May be, you can use ipurge -d 3 -i -s mailboxpattern but, it can be dangerously. Also, see: http://osdir.com/ml/mail.imap.cyrus/2003-03/msg00167.html And try to ask in [EMAIL PROTECTED] list for enabling this functionality in next releases. WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: expunging deleted messages?
mikee wrote: Reading the man page for cyr_expire it seems like this command is designed to expunge messages that are deleted over -E DAYS -X DAYS ago. I have a folder in my cyrus-imapd account that I have a few thousands of messages that do not seem to go away (each morning I look at the oldest message, and the old message does not go away). Is this messages are deleted? Possible, you need ipurge -f -d DAYS I do have a job for cyr_expire in the /etc/cyrus.conf file. Please, show your string. WBR Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: expunging deleted messages?
mikee wrote: # this is only necessary if using duplicate delivery suppression, # Sieve or NNTP delprune cmd=cyr_expire -E 3 -X 0 at=0400 Looks correct. And your messages have \Deleted flag? Something interesting in log files? WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: expunging deleted messages?
mikee wrote: And your messages have \Deleted flag? Something interesting in log files? Nothing that I find in the log files, just messages not getting deleted. I have a folder in Outlook that has the same number of messages each day. What you get, if run this manually: sudo su - cyrus bin/cyr_expire -v -E 3 -X 3 bin/cyrdump -v $your_mailbox | grep 'flag' ? Also, try to increase verbosity of log files (syslog.conf). WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
subscribtion and seen flags
Hi, list Possible, my question stupid, but I can't find solution. I have cyrus-2.3.8 imapd server with configured virtual domains. But we are using only one domain -- team.domain.com. I want to make this domain default for cyrus. I'm testing procedure in sandbox. After stopping imapd server I doing: 1. dumping all my current mailboxes with removing 'team.domain.com'. ctl_mboxlist -d | sed -e 's/^team.domain.com!//; s/@team.domain.com// mboxlist.dump 2. moving all messages to root mail partition and removing old subfolder mv -i /var/spool/imap/domain/O/team.domain.com/* /var/spool/imap/ rm -rf /var/spool/imap/domain 3. removing current mailboxes database and creating it again from patched dump rm /var/imap/mailboxes.db cat mboxlist.dump | ctl_mboxlist -u 4. replacing defaultdomain in imapd.conf After starting imapd that I can login with my short name dimma instead [EMAIL PROTECTED] and I can see all my folders and messages. But all messages unread and not flagges and I lost my subscriptions to the folders. How I can backup and restore message flags and folders subscription status? WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Renaming top-level user mailboxes. Is it still impossible?
Igor Zhbanov wrote: I need to rename user [EMAIL PROTECTED] to [EMAIL PROTECTED], so I issue following command and see (a use slashes as separators): 192.168.0.9 renm user/[EMAIL PROTECTED] user/[EMAIL PROTECTED] renamemailbox: Operation is not supported on mailbox I have reed some pages about that. They suggest to create new mailbox manually, then transfer all mail, then delete old mailbox. Is there better solutions now? Patches? imapd.conf: admins: cyrusadmin [EMAIL PROTECTED] cyradm -u [EMAIL PROTECTED] renm user/a user/b WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus with a NFS storage. random DBERROR
Michael Menge wrote: Hi, after the problem with the wiki was solved, i added a summery about CyrusCluster http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/CyrusCluster . Could you, please, describe more detailed problems with replication: CyrusReplication: ... The replication is asynchrony so you might lose some mails. I test this functionality and doesn't find problem. If sync_client lost connection to sync_server (link down, firewalls drops tcp sessions, etc) I just run 'sync_client -u username' for fixing problem. It's enough. WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus with a NFS storage. random DBERROR
Michael Menge wrote: Hi, i havent used the replication my selfe, so the information is only based on what i have read on this list. The sync_client discovers all changes on the mailboxes queues them and send them to the server. In case of a system crash ther might be changes that are still queued and not send to the server. It can be fixed with manualy running 'sync_client -f not_finished_logfile' option or 'sync_client -u user', if logfile is lose. Paul describe more interesting situation. I think will be good add little more details to twiki for this topic. WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus with a NFS storage. random DBERROR
Hi, list. Nik Conwell wrote: Do people run sync_client in the SERVICES section rather than START? The install-replication docs indicate to put it in START. If my replica goes away for a little while, sync_client exits and then I have to restart it manually and then process any pending logs. Would be nice if it just started automatically and picked up where it left off. It doesn't work with ldap ptloader: http://lists.andrew.cmu.edu/pipermail/cyrus-devel/2007-April/000293.html WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Writeup on Cyrus authentication config
Hi, list Torsten Schlabach wrote: http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/CyrusAuthentication and comment or correct. I am especially keen on that last section when it comes to LDAP. A lot of what I have written is a bit based on guesswork an conclusion and it would be nice if someone could confirm or deny. I'm using only saslauthd authentication. This part looks fine. With saslauthd also possible build authorization saslauthd.conf: ... ldap_group_attr: uniqueMember ldap_group_dn: cn=imap,ou=mail,o=domain ldap_group_match_method: attr ... I'm not sure about topic, but cyrus group ACL's also can be creating with ldap-based groups imapd.conf: ... ldap_group_base: ou=cyrus,ou=mail,o=domain ldap_group_filter: (cn=%U) ldap_group_scope: one ldap_member_attribute: cn ldap_member_base: ou=cyrus,ou=mail,o=domain ldap_member_filter: (uniqueMember=%D) ldap_member_method: filter ... cyradm: lam shared/design group:boss lrswipktecd group:info lrswipktecd anyone p But user can be membered only one group! If it's not true, ptloader can't authenticate user (yes. user cant bind to server) with strange diagnose. WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: groups, members, LDAP and ptloader
Hi, list. 1. I'm also using ldap-based groups ACL in cyrus. When I add any user to more them 1 group, cyrus can't autorize them. I can't find any documentation about this behavior. Is it normal? 2. How to configure default ldap_realm for connecting to saslauthd? I have two domains -- 'domain.com' and 'team.domain.com' and want to make second my default (users must connect to server as 'user', not '[EMAIL PROTECTED]'). Is it possible? My imapd.conf: ... auth_mech: pts defaultdomain: domain.com ldap_base: ou=users,o=domain ldap_filter: (uid=%U) ldap_group_base: ou=cyrus,ou=mail,o=domain ldap_group_filter: (cn=%U) ldap_group_scope: one ldap_member_attribute: cn ldap_member_base: ou=cyrus,ou=mail,o=domain ldap_member_filter: (uniqueMember=%D) ldap_member_method: filter ldap_sasl: no ldap_scope: one ldap_start_tls: yes ldap_tls_cacert_file: /etc/ssl/cacert.pem ldap_uri: ldap://ldap.domain.com pts_module: ldap sasl_mech_list: plain login sasl_pwcheck_method: saslauthd servername: mail.domain.com tls_ca_file: /etc/ssl/cacert.pem tls_cert_file: /usr/local/etc/ssl/mail.domain.com.crt tls_key_file: /usr/local/etc/ssl/mail.domain.com.key unixhierarchysep: yes virtdomains: yes saslauthd.conf: ldap_servers: ldap://ldap.domain.com ldap_tls_cacert_file: /etc/ssl/cacert.pem ldap_search_base: ou=%3,o=%2 ldap_default_realm: users.domain.com ldap_filter: uid=%U ldap_start_tls: yes Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: problem with virtualdomain
JOYDEEP wrote: I have configured cyrus-imapd also to authenticate user by LDAP. hence during the creation of an user account ; his/her imap folder will be created automatically. To do this I have provided the cyrus admin user-id and password into email-admin of egroupware. The web-interface I'm using is felamimail. During the creation of a new account I can see the successful loginto the cyrus by its admin user by email admin. But mail 1. add '[EMAIL PROTECTED]' to cyrus admins 2. use this account into email-admin for creating user1, user2, ... cyrus automaticaly create user/[EMAIL PROTECTED] and user/[EMAIL PROTECTED] for you. WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: problem in Authentication.
On Wed, May 16, 2007 at 11:56:19AM +0400, Rajeev R Veedu wrote: The system was up about 1 year and I never faced this problem. Also I haven't changed any settings in the configuration. Since yesterday I am getting this RANDOM authentication failure and would appreciate if you could help me, try to clean saslauthd cache with saslcache and restart saslauthd. WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: problem in Authentication.
On Wed, May 16, 2007 at 02:53:49PM +0400, Rajeev R Veedu wrote: I can not locate saslcache. Can you tell me where it could be (Iam running Cyrus on Centos4) hm.. can't see on CentOS4 too. But on FreeBSD: $ pkg_info -Lx saslauthd | grep cache /usr/local/sbin/saslcache I'm looking my port Makefile: do-build: ... cd ${WRKSRC}/saslauthd ${MAKE} saslcache ... I think you must properly configure your spec-file and rebuild sasl's rpm's. WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus with a NFS storage. random DBERROR
On Thu, May 03, 2007 at 05:08:52PM +0200, Paul Dekkers wrote: I recently tried to use NFS (on a RedHat client, both to a NetApp filer as well as a RedHat NFS server) and I'll share my experiences: Michael Menge wrote: Cyrus has 2 problems with NFS. 1. Cyrus depends on filesystem locking. NFS-4 should have solved this problem but i have not tested it. 2. BerkleyDB uses shared Memory which does not work accros multiple servers. I used skiplist in the tests (default with Simon's RPM), and initially just used NFSv3 (and I also tested NFSv4): as long as I mounted with the -o nolock option it actually worked quite well (also on NFSv3). The performance was even better with the NetApp as target than with a local filesystem (and NFSv3 was faster than v4). The nolock options does not disable locking (as I understand it) for the filesystem, it just disables locking over NFS, so other nodes won't have the same file locked. (Correct me if I'm wrong.) My intention was not to have an active-active setup, so in that regard this might not be that bad. Not sure what other catches there are though. Are you try metapartition* options? If you don't need active-active setup it can be useful. I stressed the setup with the imaptest tool from Dovecot, I saw problems with that in the past (also with NFSv3 and v4, but in combination with Cyrus 2.2 and I'm not sure if I tried nolock), now it seemed to do just fine. Only NFSv4 does not seem to be the answer, it seems that -o nolock is (on Linux as client). I'm very hesitant to put this into production, I just wanted to do some more tests and ask others after that if they think this is wise or not... I couldn't find the time to do more tests... (like see how RedHat 5 behaves instead of RedHat 4, if the tric also works on FreeBSD, if I can make it fail one way or another... suggestions always welcome...) On FreeBSD you can use gmirror+ggated for mirroring disk partition between servers. WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Restrictive access to some users
On Thu, Apr 26, 2007 at 12:14:13PM +0530, ram wrote: On our cyrus server some users need access from office as well as from outside our LAN. So we nat the imap port on our firewall and people are able to access But Contract employees need not access mails from outside the office. How can I allow access for such users only from the office Cyrus imapd doesn't have source ip filter feature, afaik and support only one authorization group (ldap_filter). With this reason you have to use some tric. You need to configure two access groups and two cyrus servers (with replication or murder configuration) and use different groups on this servers. Possible, some imap proxy can be configured for using second group. WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Restrictive access to some users
On Thu, Apr 26, 2007 at 12:07:20PM +0400, Dmitriy Kirhlarov wrote: On Thu, Apr 26, 2007 at 12:14:13PM +0530, ram wrote: On our cyrus server some users need access from office as well as from outside our LAN. So we nat the imap port on our firewall and people are able to access But Contract employees need not access mails from outside the office. How can I allow access for such users only from the office Cyrus imapd doesn't have source ip filter feature, afaik and support only one authorization group (ldap_filter). With this reason you have to use some tric. You need to configure two access groups and two cyrus servers (with replication or murder configuration) and use different groups on this servers. Possible, some imap proxy can be configured for using second group. O-ops.. :) cyrus.conf: ... SERVICES { public cmd=imapd -C /public.imapd.conf listen=public_ip:imap private cmd=imapd listen=private_ip:imap } WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Restrictive access to some users
On Thu, Apr 26, 2007 at 12:09:28PM +0200, Rudy Gevaert wrote: cyrus.conf: ... SERVICES { public cmd=imapd -C /public.imapd.conf listen=public_ip:imap private cmd=imapd listen=private_ip:imap } That doesn't fix the problem because you can't say which user can log in on what interface. But you could maybe do it like this: two different imapd.confs. In one of them you use a different Yes. I mean this. saslauthd (if you would be using this) socket. And run a second saslauthd with different config. Using ldap_group_* and ldap_member_* imapd.conf parameters more accurate, for me WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: How to move mailbox across domains?
On Mon, Apr 23, 2007 at 05:09:17PM +0400, Igor Zhbanov wrote: Hello! How to correctly move all user mailboxes (preserving hierarchy and letters) from one domain to another? I mean rename user [EMAIL PROTECTED] to [EMAIL PROTECTED] afaik cyrus imapd doesn't have standard feature for this, but you can use mailutil with proxyservers option in imapd.conf. WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus autorization identifier trick
On Thu, Apr 19, 2007 at 01:11:25PM -0500, Nestor A. Diaz wrote: Hello cyrus people. Following your cyrus recomendations for a 15K users mailstore, i have a new requeriment, we will like some administrators to login to any mailbox in order to check the successfull delivery of some emails, without having to login into each account with the associated login and password, i explain: cyrus-imapd-2.3.7 imapd.conf(5) proxyservers: none A list of users and groups that are allowed to proxy for other users, separated by spaces. Any user listed in this will be allowed to login for any other user: use with caution. WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: how to enable digestmd5 and crammd5 ?
On Fri, Apr 20, 2007 at 09:47:07AM +0530, JOYDEEP wrote: Goetz Babin-Ebell wrote: JOYDEEP schrieb: Roberto R. Morelli wrote: Hello Joydeep, Then we have the cyrus sasl modules installed: cyrus-sasl-md5-2.1.22-4 cyrus-sasl-2.1.22-4 cyrus-sasl-lib-2.1.22-4 cyrus-sasl-plain-2.1.22-4 But I have come to know that digest-md5 and cram-md5 need sasldb. so here I can't use it as my users and passwords are stored in LDAP. any idea ? The problem is that cram-md5 and digest-md5 need direct access to the pass phrase in plain text. AFAIK LDAP doesn't support this. You have to use TLS if you want to transmit the pass phrase securely... Thanks Goetz, I am already running SSL aka imaps. but still was interested about cram-md5 and digest-md5 for secured authorization. 1. have to store plaintext passwords in ldap directory. 2. ACL on ldap directory must be configured for open access to userPassword field for read, not only for auth. 3. cyrus imapd must use saslauthd for authentication. 4. saslauthd must have access to users passwords in ldap and must have configured ldapdb_mech option. For details see cyrus-sasl2 documentation -- options.html. WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: how to enable digestmd5 and crammd5 ?
On Fri, Apr 20, 2007 at 09:26:33AM +0200, Goetz Babin-Ebell wrote: cram-md5 and digest-md5 require the pass phrase stored unencrypted. This opens another can of worms... (And AFAIK LDAP doesnt support them...) OpenLDAP support unencrypted passwords. WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: how to enable digestmd5 and crammd5 ?
On Fri, Apr 20, 2007 at 10:55:19AM +0200, Goetz Babin-Ebell wrote: 1. have to store plaintext passwords in ldap directory. 2. ACL on ldap directory must be configured for open access to userPassword field for read, not only for auth. And with that open a can of worms I don't think Joydeep want to open... 3. cyrus imapd must use saslauthd for authentication. 4. saslauthd must have access to users passwords in ldap and must have configured ldapdb_mech option. So cyrus can't do plain cram-md5 / digest-md5 with LDAP But saslauthd can. Something new... o-ops... Shared secrets mechanisms Put another way, you cannot use saslauthd with these methods. Auxiliary Properties SASLv2 introduces the concept of Auxilliary Properties. That is, the ability for information related to authentication and authorization to all be looked up at once from a directory during the authentication process. SASL Plugins internally take advantage of this to do password lookups in directories such as the SASLdb, LDAP or a SQL database. Applications can look up arbitrary properties through them. imapd.conf(5): sasl_pwcheck_method: none The mechanism used by the server to verify plaintext passwords. Possible values include auxprop, ... May be it can help, but I'm not sure. WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: can I use encrypted ldap_bind_pw ?
On Wed, Apr 18, 2007 at 10:23:51AM +0530, JOYDEEP wrote: saslauthd need clear text password for binding procedure. But, you can use anonymous binding (for me it's more secure). thanks for the answer. but I can't understand how anonymous can secure the system. I have many untrusted hosts with ldap-based authentication. With this reason no difference between anonymous bind and bind under potentialy compromized id. But second case I have to specialy describe in ACL section slapd.conf. Also, I can't see difference for user authentication between initial anonymous and non-anonymous bind. WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: can I use encrypted ldap_bind_pw ?
On Tue, Apr 17, 2007 at 05:10:40PM +0530, JOYDEEP wrote: I am using openldap2 and my cyrus -imap is based on ldap authentication. in my /etc/sysconfig/saslauthd the password entry is clear text like ldap_bind_pw: secret can I use the encrypted password which I have in slapd.conf file ? No. saslauthd need clear text password for binding procedure. But, you can use anonymous binding (for me it's more secure). WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Lost mail 2.3.8
On Tue, Apr 17, 2007 at 12:23:29PM +0200, Casper wrote: Yes, the mail is not there, there are only mail from today. He download mail with pop Any imapd.conf option for not delete mail from server when downloading with pop? expunge_mode? WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
cyrus imapd MIBS?
cyrus imapd 2.3.8 can be builded with net-snmp support, but I can't find cyrus MIBs anywhere. Can somebody consult me -- what data can be provided from cyrus over snmp, how to connect cyrus imapd to runned snmpd and where I can find MIB files? WBR Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
sync_client ptloader problem
Some time ago I was report about problem with sync_client (sync_client can't be run from cyrus.conf, when ptloader used) For details: http://lists.andrew.cmu.edu/pipermail/info-cyrus/2006-October/024121.html 2.3.8 have same issue. How I can inform developers about it? Some other list? bug-tracking system? WBR Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus authentication with ADS
On Fri, Apr 13, 2007 at 01:38:09PM +0530, ram wrote: Is there a how to of authenticaing cyrus against and ADS server Can I use sasl with PAM and configure the ADS in my /etc/ldap.conf AD can authenticate users as standard ldap server. Take a look to saslauthd. WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: limiting unsuccessful login attempts?
On Wed, Apr 11, 2007 at 04:39:41PM +0200, Per olof Ljungmark wrote: Dmitriy Kirhlarov wrote: On Wed, Apr 11, 2007 at 02:15:52PM +0200, Per olof Ljungmark wrote: Cyrus 2.2.12 saslauthd with OpenLDAP 2.3 directory FreeBSD 5.5 Does anyone know a good way to limit the number of unsuccessful login attempts? slapo-ppolicy(5) pwdMaxFailure ? Yes, looks like that would do it, thanks! Just keep in mind -- cache using for saslauthd must be properly configured. WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus replication validation
On Fri, Apr 06, 2007 at 05:52:28PM -0400, John Capo wrote: On both servers: find imap/ -type f | awk '!/(cache|index|header)/ {print}' | sort server1.lst find imap/ -type f | awk '!/(cache|index|header)/ {print}' | sort server2.lst and diff -u server1.lst server2.lst Quick mailboxes.db check. ctl_mboxlist -d | md5 on server1 ctl_mboxlist -d | md5 on server2 Both hashes should be identical. Or diff the ctl_mboxlist -d outputs. Please, correct me, if I wrong. It's just check of mailbox lists, but not messages numbers. WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: how to secure authentication ?
Hi! On Mon, Apr 09, 2007 at 10:53:34AM +0530, JOYDEEP wrote: Sorry, I forget, what version of cyrus imapd you are using? it is cyrus-imapd-2.2.12-27.6. thanks a lot I have same problem with 2.2.12_1 on FreeBSD. Thunderbird sieve plugin can't setup secure connection to timesieved. Possible, it's a timesieved bug, but I'm not sure. 2.3.8_1 doesn't have any problem with SSL-ed connection to timesieved. By. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: how to secure authentication ?
On Mon, Apr 09, 2007 at 11:04:31AM +0200, Rudy Gevaert wrote: I have same problem with 2.2.12_1 on FreeBSD. Thunderbird sieve plugin can't setup secure connection to timesieved. Possible, it's a timesieved bug, but I'm not sure. 2.3.8_1 doesn't have any problem with SSL-ed connection to timesieved. Are you sure? I'm running 2.3.7, but have a 2.3.8 test environment, and didn't thought it was possible. I didn't see anything in the changelog mentionning sieve over ssl. sivtest doesn't support ssl in 2.3.8. Don't you mean tls in stead of ssl? Yes. I mean tls. But it doesn't work for me on 2.2.12. WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus replication validation
On Thu, Apr 05, 2007 at 12:10:14PM -0400, Ilya Vishnyakov wrote: Hello Cyrus Gurus! I was wondering if there is any specific way to check if the replication was done properly? I set up cyrus replication between two servers (documentation I used: http://cyrusimap.web.cmu.edu/imapd/install-replication.html). However, before switching our production servers we would like to make sure that replication was done properly. We checked if the directories are On both servers: find imap/ -type f | awk '!/(cache|index|header)/ {print}' | sort server1.lst find imap/ -type f | awk '!/(cache|index|header)/ {print}' | sort server2.lst and diff -u server1.lst server2.lst WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: how to secure authentication ?
On Thu, Apr 05, 2007 at 11:37:29AM +0530, JOYDEEP wrote: SSL encryption is working now :-) the next step of security is securing the authentication. I am using PLAIN and LOGIN. is it secure ? How to securely authenticate ? please enlighten me ? here is my /etc/imapd.conf --- configdirectory: /var/lib/imap partition-default: /var/spool/imap sievedir: /var/lib/sieve admins: cyrus allowplaintext: yes sasl_minimum_layer: 0 sasl_minimum_layer 128 Try this. By. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: how to secure authentication ?
Hi! On Thu, Apr 05, 2007 at 01:40:03PM +0530, JOYDEEP wrote: I have changed sasl_minimum_layer: 0 to 128. I have no problem to login to the inbox. but sieve is not working with Is your sieve client support TLS? Is it properly configured (CAcert.pem at least)? sasl_minimum_layer: 128. I have 2 question here 1 how can I check that authentication is secure by the setting sasl_minimum_layer 128 ? Try to force connection without using SSL/TLS. 2 what to do to enable the sieve ? Sorry, I forget, what version of cyrus imapd you are using? WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: ptloader
On Wed, Apr 04, 2007 at 05:56:12PM +0100, Bernhard D Rohrer wrote: Hi folks I am trying to authorise ldap groups with cyrus for use in public folders. now looking though the mailing list has led me to finding that ptloader is responsible for this. I have not been able to find any documentation for this on my computer, even though the doc package is installed. I also have not found a library for this :( distro is ubuntu dapper. could you point me at a starting point or two please? Your imapd must be builded with --with-ldap option. After that, you get file (path for FreeBSD) /usr/local/cyrus/bin/ptloader. host2# ldd /usr/local/cyrus/bin/ptloader | grep ldap libldap-2.3.so.2 = /usr/local/lib/libldap-2.3.so.2 (0x28131000) imapd.conf(5) have quite enough information, when package builded with ldap support enabled. WBR Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus+spamassassin howto ?
On Mon, Apr 02, 2007 at 02:24:27PM +0530, JOYDEEP wrote: 2 how to configure spamassassin to monitot spam and ham folders of all the user ? isync + cyrus proxy-user? WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: POP3 to CyrusIMAP migration howto ?
On Wed, Mar 28, 2007 at 12:10:39PM +0530, BipinDas wrote: I would like to migrate my existing POP3 inboxs to newly created Cyrus IMAP mailbox. Is anybody gone across this requirement. Please give me a right solution. Thanks in advance. Sir, I do have more than 10,000 mailboxes. May be a stupid question,but i have to found an answer. I write yesterday. You need mailsync from http://mailsync.sourceforge.net/ This software present in FreeBSD port collection. I think, you can also find rpm for Linux. Just several steps needed: 1. create cyrus mailboxes (this can be scripted with perl or python. Possible, other languages also have cyrus libraries). 2. write simple config for mailsync. 3. run mailsync with cyrus proxy user account for import mail. 4. switch off your old mail server. WBR Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sync_client doesn't sync sieve scripts
On Tue, Mar 27, 2007 at 09:44:56AM +0100, David Carter wrote: On Mon, 26 Mar 2007, Dmitriy Kirhlarov wrote: I have properly configured sync between two cyrus-imapd 2.3.8 servers. Mailboxes rolling synchronization work good. This also updates sieve scripts. Now I want to synchronized sieve scripts too. sync_client -v -s sync_client -v -s $username -s is new in 2.3, but it looks like it was only there for testing. The manual page says: Principally used for debugging purposes: not exposed to sync_client -u should replicate an entire user including the Sieve files. Doesn't work. Replicate only folders. WBR -- Dmitriy Kirhlarov OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia P:+7 495 105 7245 ext.208 F:+7 495 105 7246 E:[EMAIL PROTECTED] Building Successful Supply Chains - One Solution At A Time. www.oilspace.com Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: POP3 to CyrusIMAP migration howto ?
On Tue, Mar 27, 2007 at 10:15:26AM +0530, BipinDas wrote: I would like to migrate my existing POP3 inboxs to newly created Cyrus IMAP mailbox. Is anybody gone across this requirement. Please give me a right solution. http://mailsync.sourceforge.net/ WBR -- Dmitriy Kirhlarov OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia P:+7 495 105 7245 ext.208 F:+7 495 105 7246 E:[EMAIL PROTECTED] Building Successful Supply Chains - One Solution At A Time. www.oilspace.com Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sync_client doesn't sync sieve scripts
On Tue, Mar 27, 2007 at 09:49:22PM +1000, Bron Gondwana wrote: -u should replicate an entire user including the Sieve files. Doesn't work. Replicate only folders. Are you perhaps creating the sieve files directly rather than uploading them via timsieved? Uploaded over sieveshell+timsieved. Are you perhaps creating a file called default as a file? You mean activate action in sieveshell? Yes. I did this. I only ask because we had the same problem, and it turns out that the correct directory layout for sieve files is actually something like our final layout of: [EMAIL PROTECTED] brong]$ ls -la ^^^ It's interesting... jailhost2# ls -lR /var/imap/sieve/ total 2 drwx-- 2 cyrus cyrus 512 Mar 27 12:01 global /var/imap/sieve/global: total 4 lrwx-- 1 cyrus cyrus7 Mar 27 12:01 defaultbc - mdrm.bc -rw--- 1 cyrus cyrus 124 Mar 27 12:01 mdrm.bc -rw--- 1 cyrus cyrus 83 Mar 27 12:01 mdrm.script I have only global subdirectory. Global? Is it correct? I find a problem! It's resolved now! If sieve script uploaded from admin user, it's a global script and doesn't replicate! When I remove my ID from admins list, I get my own sieve directory with my scripts. Thnx! WBR -- Dmitriy Kirhlarov OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia P:+7 495 105 7245 ext.208 F:+7 495 105 7246 E:[EMAIL PROTECTED] Building Successful Supply Chains - One Solution At A Time. www.oilspace.com Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
sync_client doesn't sync sieve scripts
Hi, list I have properly configured sync between two cyrus-imapd 2.3.8 servers. Mailboxes rolling synchronization work good. Now I want to synchronized sieve scripts too. I try: sync_client -v -s sync_client -v -s $username sync_client -C /usr/local/etc/imapd.conf -s $username sync_client -v -s $username/$script_name But sync_client doesn't do anything without any comments. Where I'm wrong? How to debug sync_client? sync_authname: cyrus sync_host: node1.XXX.com sync_log: yes sync_machid: 2 sync_password: pass sync_shutdown_file: /var/imap/sync/shutdown sync_realm: XXX.com FreeBSD 6.1-STABLE cyrus-imapd-2.3.8_1 WBR -- Dmitriy Kirhlarov OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia P:+7 495 105 7245 ext.208 F:+7 495 105 7246 E:[EMAIL PROTECTED] Building Successful Supply Chains - One Solution At A Time. www.oilspace.com Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus replication problems
On Mon, Feb 26, 2007 at 02:35:05PM +0100, [EMAIL PROTECTED] wrote: I'm not able anymore to make as cyrus user a cyradm localhost I get : cyradm: cannot connect to server http://cyrusimap.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrusmsg=41779 You must start sync_client over different script AFTER starting cyrus imapd server. WBR -- Dmitriy Kirhlarov OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia P:+7 495 105 7245 ext.208 F:+7 495 105 7246 E:[EMAIL PROTECTED] Building Successful Supply Chains - One Solution At A Time. www.oilspace.com Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: example for ldap options in imapd.conf?
On Thu, Jan 04, 2007 at 11:23:08PM +0100, Marten Lehmann wrote: Hello, the manpage for imapd.conf shows a lot of options for ldap but I cannot find an example configuration using these in the Cyrus documentation or wiki. Is anyone aware of such examples and can point me to related websites? Thanks in advance. ldap_filter: (uid=%u) ldap_scope: one ldap_base: ou=users,o=company ldap_tls_cacert_file: /etc/ssl/cacert.pem ldap_sasl: no ldap_uri: ldap://ldap ldap_start_tls: yes pts_module: ldap With this options your imapd server allow to connect only users from ou=users,o=company. WBR -- Dmitriy Kirhlarov OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia P:+7 495 105 7247 ext.208 F:+7 495 105 7246 E:[EMAIL PROTECTED] Building Successful Supply Chains - One Solution At A Time. www.oilspace.com Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus replication question
On Mon, Dec 11, 2006 at 04:35:24PM -0500, [EMAIL PROTECTED] wrote: i started looking around for one i found that for whatever reason both sync and some other default process was using 2005/tcp port (in /etc/services ) after taking care of that i kicked off on sync_client on master server (after logging in as cyrus) on master server i get can not connect to server 'replica.mydomain.com trying in 15 seconds. and in /var/log/messages the following comes up (still on master server) Dec 11 16:09:56 master_server sync_client[93038]: TLS client engine: cannot load CA data Dec 11 16:09:56 master_server sync_client[93038]: Doing a peer verify Dec 11 16:09:56 master_server sync_client[93038]: verify error:num=18:self signed certificate Dec 11 16:09:56 master_server sync_client[93038]: starttls: TLSv1 with cipher AES256-SHA (256/256 bits new) no authentication Dec 11 16:09:57 master_server sync_client[93038]: No worthy mechs found Dec 11 16:09:57 master_server sync_client[93038]: couldn't authenticate to backend server: no mechanism available - Check tls_key_file: tls_ca_file: tls_cert_file: in your imapd.conf WBR -- Dmitriy Kirhlarov OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia P:+7 495 105 7247 ext.208 F:+7 495 105 7246 E:[EMAIL PROTECTED] OILspace - The resource enriched - www.oilspace.com Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus replication question
On Mon, Dec 11, 2006 at 04:36:38PM -0500, [EMAIL PROTECTED] wrote: another question : do i need to create mailboxes on the replica server or will they be created by the replication process ? You don't need create mailboxes manually. WBR -- Dmitriy Kirhlarov OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia P:+7 495 105 7247 ext.208 F:+7 495 105 7246 E:[EMAIL PROTECTED] OILspace - The resource enriched - www.oilspace.com Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sendmail, virtualdomain, alias
On Wed, Nov 29, 2006 at 09:54:21AM +0100, Jerome Nenert wrote: Hello, We try to build a virtualdomain cyrus server with sendmail. Sendmail must manage aliases. Here's the goal architecture : _ the fqdn of our cyrus server is imap.domain.com _ sendmail on this server must accept messages for both domain1.domain.com domain2.domain.com dealing with aliases for both these domains _ cyrus has two virtual domains domain1.domain.com domain2.domain.com We didn't find any tips for this. Any suggestions ? Two variants for sendmail: 1. use procmail. 2. sendmail don't use domain part of address, when deliver over lmtp. Edit sendmail.cf for adding full headers to lmtp transport: sendmail.cf Mcyrusv2, ... S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP/HdrToL, E=\r\n, ... sendmail.cf Also, you can make this changes over MAILER_DEFINITIONS in .mc file, if you friendly with m4. This example don't checked by me: sendmail.mc MAILER_DEFINITIONS Mcyrusv2, P=[IPC], F=lsDFMnqA@/:|SmwXzW, E=\r\n, S=EnvFromSMTP, R=EnvToSMTP/HdrToL, T=DNS/RFC822/X-Unix, W=120s, A=FILE /var/imap/socket/lmtp sendmail.mc HOWTO in russian is: http://www.binkd.spb.ru/howto/cyrus-sendmail.howto.txt WBR -- Dmitriy Kirhlarov OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia P:+7 495 105 7247 ext.208 F:+7 495 105 7246 E:[EMAIL PROTECTED] OILspace - The resource enriched - www.oilspace.com Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: problem with replication using cyrus imap suse packages?
On Fri, Nov 17, 2006 at 04:34:45PM +, Steve Howe wrote: All looks fine, easy and not taking too much work.Then I realise that I don't have the command sync_server anywhere on my suse box. which is something of a problem according to the website above. Running the command rpm -qpl cyrus-imapd-2.2.12-29.x86_64.rpm | grep bin It's part of cyrus-imapd-2.3.x WBR -- Dmitriy Kirhlarov OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia P:+7 495 105 7247 ext.208 F:+7 495 105 7246 E:[EMAIL PROTECTED] OILspace - The resource enriched - www.oilspace.com Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Moving from a server without virtual domains to one with virtual domains.
On Wed, Nov 08, 2006 at 10:08:02PM +0100, Mikael Nehlsen wrote: I have an old MacOS X server with cyrus 2.2.12. Now I want to move it to a solaris box with cyrus 2.3.3. This should be no problem I believe, but I am trying to move from a server without virtual domains to one with virtual domains. I wonder if there is any problems with that? My idea of the move is like: * Rsync the osx server to the solaris server /var/spool/imap/ to /var/spool/imap/domain/domain.com/ You can get a problem. Different bdb versions, different OS, different versions of cyrus. Also, you want to use virtual domains. Is it mean, usernames changed from user to [EMAIL PROTECTED]? I guess imapsync best solution in your case. As a bonus question I wonder how I get the users out of ldap on the osx but that's for another place I guess :) . You can use saslauthd for this. WBR -- Dmitriy Kirhlarov OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia P:+7 495 105 7247 ext.208 F:+7 495 105 7246 E:[EMAIL PROTECTED] OILspace - The resource enriched - www.oilspace.com Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
ldap authentication problem
Hi, list I'm using cyrus imapd 2.3.7 with ldap user database and everything works fine in simple case. For user accounts I use ou=users,o=firm. Now I want make admin account in different part of DIT uid=cyrus,ou=virtusers,o=firm but have a problem. My imapd.conf: ... ldap_filter: (uid=%u) ldap_scope: one ldap_base: ou=users,o=firm ldap_tls_cacert_file: /etc/ssl/cacert.pem ldap_sasl: no ldap_uri: ldap://ldap ldap_start_tls: yes pts_module: ldap ... My saslauthd.conf: ldap_servers: ldaps://ldap ldap_tls_cacert_file: /etc/ssl/cacert.pem ldap_search_base: ou=%3,o=%2 ldap_default_realm: users.firm.com ldap_filter: uid=%U saslauthd work fine -- I test it with testsaslauthd. I can authentificate as 'user' '[EMAIL PROTECTED]' and '[EMAIL PROTECTED]' in one ldap DIT. But cyrus imapd works only with short names of users. I test it with imtest. Variations with ldap_filter (uid=%u | uid=%U | uid=%U,ou=%3,o=%2), ldap_scope (one | sub) and ldap_base (ou=users,o=firm | o=firm) in different combinations do not help to make authentication for [EMAIL PROTECTED] Where is problem? Thanks. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
sync_(client|server) problem
Hi, list I'm trying to make master-master rolling replication with sync_(client|server) on two cyrus imapd servers. It's working, but only when I run sync_client process manually, after cyrus is starting. When I run it from cyrus.conf START section (as recommended http://cyrusimap.web.cmu.edu/imapd/install-replication.html) only two processes start -- idled and sync_client. Both servers are using ldap database for user accounts and possibly the problem is in ptloader -- it might not be started before sync_client. Option -w, for sync_client also, doesn't resolve this problem. Can somebody help me? My system: FreeBSD 6.1-STABLE cyrus-imapd-2.3.7 cyrus-sasl-saslauthd-2.1.22 openldap-sasl-client-2.3.27 In debug.log: Oct 26 13:12:07 jailhost2 sync_client[88131]: received server certificate Oct 26 13:12:07 jailhost2 sync_client[88131]: ptload(): pinging ptloader Oct 26 13:12:07 jailhost2 sync_client[88131]: No data available at all from ptload() truss output: gettimeofday({1161868266.654938},0x0)= 0 (0x0) getpid() = 88131 (0x15843) sendto(8,183Oct 26 13:11:06 sync_client...,68,0x0,NULL,0x0) = 68 (0x44) gettimeofday({1161868266.656500},0x0)= 0 (0x0) getpid() = 88131 (0x15843) sendto(8,181Oct 26 13:11:06 sync_client...,116,0x0,NULL,0x0) = 116 (0x74) gettimeofday({1161868266.658221},0x0)= 0 (0x0) read(7,\^W\^C\^A\0`,5) = 5 (0x5) read(7,\\V\M-qF\M^M.\M^M\240\M-aTO\M-S...,96) = 96 (0x60) stat(/var/imap/ptclient/ptscache.db,{mode=-rw--- ,inode=376856,size=32768,blksize=4096}) = 0 (0x0) open(/var/imap/ptclient/ptscache.db,O_RDWR,00) = 14 (0xe) fcntl(14,F_SETFD,FD_CLOEXEC) = 0 (0x0) read(14,\^A\0\0\0\M-%X\^D\0\0\0\0\0b1\^E...,512) = 512 (0x200) close(14)= 0 (0x0) open(/var/imap/ptclient/ptscache.db,O_RDWR|O_CREAT,00) = 14 (0xe) fcntl(14,F_SETFD,FD_CLOEXEC) = 0 (0x0) fstat(14,{mode=-rw--- ,inode=376856,size=32768,blksize=4096}) = 0 (0x0) gettimeofday({1161868266.713132},0x0)= 0 (0x0) gettimeofday({1161868266.713730},0x0)= 0 (0x0) getpid() = 88131 (0x15843) sendto(8,183Oct 26 13:11:06 sync_client...,67,0x0,NULL,0x0) = 67 (0x43) socket(PF_LOCAL,SOCK_STREAM,0) = 15 (0xf) fcntl(15,F_GETFL,) = 2 (0x2) fcntl(15,F_SETFL,O_NONBLOCK|0x2) = 0 (0x0) connect(15,{ AF_UNIX /var/imap/ptclient/ptsock },106) ERR#61 'Connection refused' gettimeofday({1161868266.717179},0x0)= 0 (0x0) getpid() = 88131 (0x15843) sendto(8,179Oct 26 13:11:06 sync_client...,103,0x0,NULL,0x0) = 103 (0x67) close(15)= 0 (0x0) gettimeofday({1161868266.719725},0x0)= 0 (0x0) getpid() = 88131 (0x15843) sendto(8,183Oct 26 13:11:06 sync_client...,79,0x0,NULL,0x0) = 79 (0x4f) close(14)= 0 (0x0) gettimeofday({1161868266.721774},0x0)= 0 (0x0) getpid() = 88131 (0x15843) sendto(8,179Oct 26 13:11:06 sync_client...,108,0x0,NULL,0x0) = 108 (0x6c) gettimeofday({1161868266.723592},0x0)= 0 (0x0) getpid() = 88131 (0x15843) sendto(8,37Oct 26 13:11:06 sync_client[...,64,0x0,NULL,0x0) = 64 (0x40) gettimeofday({1161868266.725660},0x0)= 0 (0x0) getpid() = 88131 (0x15843) sendto(8,179Oct 26 13:11:06 sync_client...,104,0x0,NULL,0x0) = 104 (0x68) close(7) = 0 (0x0) write(2,Can not connect to server 'imapn...,75) = 75 (0x4b) My configs from second node (first have same configs, exclude sync_host and sync_machid, of course): imapd.conf: auth_mech: pts hashimapspool: 1 sasl_mech_list: login plain ldap_filter: (uid=%u) allowallsubscribe: yes ldap_scope: one ldap_base: ou=users,o=firm sievedir: /var/imap/sieve sasl_pwcheck_method: saslauthd configdirectory: /var/imap sievenotifier: log defaultdomain: firm.com defaultacl: anyone lrswip debug_command: /usr/bin/truss /usr/local/cyrus/bin/%s %d /var/tmp/truss.cyrus.%s.%d 21 tls_key_file: /usr/local/etc/cyrus/ssl/imap.firm.com.key flushseenstate: yes ldap_tls_cacert_file: /etc/ssl/cacert.pem ldap_sasl: no mailnotifier: log expunge_mode: delayed partition-default: /usr/home/imap servername: imap.firm.com autocreatequota:
master-master replication
Hi, list Currently I'm looking for mail solution for our company. We need two syncronized imap-servers -- server1 on colocation (for home, travelling users and several small additional offices) and server2 in our main office (in general, it's internal corporate mail). mailbox can be changed either on server1 or server2 and changes must be replicate to peer. I have red http://cyrusimap.web.cmu.edu/imapd/install-replication.html and http://cyrusimap.web.cmu.edu/imapd/install-murder.html Murder looks like overkill for our tasks and can be examined as reserv variant. I'm interesting about sync_{client,server} replication. From one hand replication engine is designed to replicate the mailstore on standalone Cyrus servers, but, may be, it is possible with using UUID on my servers? If my idea can't be implemented with cyrus imapd 2.3.7, I would like to ask developers -- is this functionality planned and, if yes, when it will be implemented? I can be tester for this feature, if needed. WBR -- Dmitriy Kirhlarov OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia P:+7 495 105 7247 ext.208 F:+7 495 105 7246 E:[EMAIL PROTECTED] OILspace - The resource enriched - www.oilspace.com Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus virtdomains + saslauthd trouble
On Tue, Aug 09, 2005 at 02:24:13AM +0400, Igor wrote: I heard about sasl auxprop. It need patch for crypt passwords. I do not understand, what for to use auxprop with patch, if there is more simple decision with saslauthd -r ? Somebody knows whether cyrus imapd able pass realm to saslauthd ? Why realm is missing in saslauthd error message: saslauthd[19921]: do_auth: auth failure: [user=egorkin.i] [service=imap] [realm=] [mech=pam] [reason=PAM auth error] try run saslauthd -da for look getting information look params in imapd.conf: defaultdomain: your_domain servername: your_hostname virtdomains: userid and look in saslauthd.conf params ldap_default_realm: your_realm ldap_search_base: ou=users,o=%2 # (in my case -- use filters) WBR -- Dmitriy Kirhlarov OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia P:+7 095 105 7247 F:+7 095 105 7246 E:[EMAIL PROTECTED] OILspace - The resource enriched - www.oilspace.com --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus virtdomains + saslauthd trouble
On Tue, Aug 09, 2005 at 02:40:16PM +0400, Igor wrote: # saslauthd -m /var/run/saslauthd -a pam -r -d I have worked system with: /usr/local/sbin/saslauthd -a ldap -O /usr/local/etc/saslauthd.conf and: $ cat /usr/local/etc/saslauthd.conf ldap_servers: ldaps://my_ldap_server/ ldap_tls_cacert_file: /usr/local/etc/openldap/ssl/cacert.pem ldap_search_base: ou=users,o=%2 ldap_default_realm: my_realm.com After adding servername: nothing changes for me. ..and this servername same as hostname on this machine? # cat imapd.conf ... sasl_mech_list: PLAIN I use sasl_mech_list: login plain hostname_mechs: login plain I use saslauthd + pam with pam_mysql, not ldap. And it works: #testsaslauthd -u egorkin.i -r v-art.ru -p 123 0: OK Success. try imtest -m login -a [EMAIL PROTECTED] localhost and look result in saslauthd dump But does not work imapd virtdomains + saslauthd. btw, is virtdomains feature compile in cyrus? -- Dmitriy Kirhlarov OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia P:+7 095 105 7247 F:+7 095 105 7246 E:[EMAIL PROTECTED] OILspace - The resource enriched - www.oilspace.com --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: [EMAIL PROTECTED]: forder rights]
On Sat, Aug 06, 2005 at 09:04:08AM -0700, Craig White wrote: Are you sure that the cyrus you installed has the 'auto features' patch installed? I install this from freebsd ports. I can't look patch with similar name, but this feature described in man imapd.conf. I think it must work. -- Dmitriy Kirhlarov OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia P:+7 095 105 7247 F:+7 095 105 7246 E:[EMAIL PROTECTED] OILspace - The resource enriched - www.oilspace.com --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: [EMAIL PROTECTED]: forder rights]
On Sat, Aug 06, 2005 at 05:41:57PM +0200, Simon Matter wrote: $ sudo ls -l /var/spool/imap/G/user/dimma lrwxr-xr-x 1 root cyrus 34 Aug 4 20:21 /var/spool/imap/G/user/dimma - /var/spool/imap/D/user/dkirhlarov/ Why did you get a link in you cyrus message store? Did you manipulate files and directories here by hand? That's not going to work, only cyrus should touch anything here. I fix this with ctl_mboxlist -- Dmitriy Kirhlarov OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia P:+7 095 105 7247 F:+7 095 105 7246 E:[EMAIL PROTECTED] OILspace - The resource enriched - www.oilspace.com --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
[EMAIL PROTECTED]: forder rights]
List, I realy need the help. Is all my questions can't be resolved? Or, maybe I must get more info? In this case -- what the information needed? - Forwarded message from Dmitriy Kirhlarov [EMAIL PROTECTED] - Hi, list I have some questions: - My defaultquota not work. Why? $ grep quota /usr/local/etc/imapd.conf autocreatequota: 524288 But cyradm can't find any quota for new user: localhost lq user.dimma localhost lqr user.dimma - What the difference between listquota and listquotaroot? - When I playing I get some broken folder. How I can delete that? localhost dm user.dimma.layer1 deletemailbox: Permission denied localhost sam user.dimma.layer1 anyone all setaclmailbox: anyone: lrswipcda: System I/O error localhost lm user.dimma.layer1 user.dimma.layer1 (\HasNoChildren) localhost lam user.dimma.layer1 dimma lrswipcda Is it important: $ sudo ls -l /var/spool/imap/G/user/dimma lrwxr-xr-x 1 root cyrus 34 Aug 4 20:21 /var/spool/imap/G/user/dimma - /var/spool/imap/D/user/dkirhlarov/ - When I start sylpheed and connect to my server I look list of all users folders and sylpheed create mailbox Trash with full access for everyone. How I can restrict access for watching list of users mailboxes and creaning new folders in root? - Think, its second part of previous question. I want use shared folders with specific prefix only, but I can create folder over cyradm in the root with full access. How I can disable this feature? $ grep shared /usr/local/etc/imapd.conf sharedprefix: shared localhost cm folder-for-all localhost lam folder-for-all anyone lrswip localhost lm folder-for-all folder-for-all (\HasNoChildren) My system: $ pkg_info -Ix imapd; uname -rs cyrus-imapd-2.2.12_1 The cyrus mail server, supporting POP3 and IMAP4 protocols FreeBSD 5.4-RELEASE-p5 WBR -- Dmitriy Kirhlarov OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia P:+7 095 105 7247 F:+7 095 105 7246 E:[EMAIL PROTECTED] OILspace - The resource enriched - www.oilspace.com --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html - End forwarded message - -- Dmitriy Kirhlarov OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia P:+7 095 105 7247 F:+7 095 105 7246 E:[EMAIL PROTECTED] OILspace - The resource enriched - www.oilspace.com --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
forder rights
Hi, list I have some questions: - My defaultquota not work. Why? $ grep quota /usr/local/etc/imapd.conf autocreatequota: 524288 But cyradm can't find any quota for new user: localhost lq user.dimma localhost lqr user.dimma - What the difference between listquota and listquotaroot? - When I playing I get some broken folder. How I can delete that? localhost dm user.dimma.layer1 deletemailbox: Permission denied localhost sam user.dimma.layer1 anyone all setaclmailbox: anyone: lrswipcda: System I/O error localhost lm user.dimma.layer1 user.dimma.layer1 (\HasNoChildren) localhost lam user.dimma.layer1 dimma lrswipcda Is it important: $ sudo ls -l /var/spool/imap/G/user/dimma lrwxr-xr-x 1 root cyrus 34 Aug 4 20:21 /var/spool/imap/G/user/dimma - /var/spool/imap/D/user/dkirhlarov/ - When I start sylpheed and connect to my server I look list of all users folders and sylpheed create mailbox Trash with full access for everyone. How I can restrict access for watching list of users mailboxes and creaning new folders in root? - Think, its second part of previous question. I want use shared folders with specific prefix only, but I can create folder over cyradm in the root with full access. How I can disable this feature? $ grep shared /usr/local/etc/imapd.conf sharedprefix: shared localhost cm folder-for-all localhost lam folder-for-all anyone lrswip localhost lm folder-for-all folder-for-all (\HasNoChildren) My system: $ pkg_info -Ix imapd; uname -rs cyrus-imapd-2.2.12_1 The cyrus mail server, supporting POP3 and IMAP4 protocols FreeBSD 5.4-RELEASE-p5 WBR -- Dmitriy Kirhlarov OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia P:+7 095 105 7247 F:+7 095 105 7246 E:[EMAIL PROTECTED] OILspace - The resource enriched - www.oilspace.com --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Problem
On Tue, Jul 26, 2005 at 02:06:52PM +0400, Andrew Edunov wrote: Any ideas about this lines? Is this normal? How can i fix this? Look like using SLP protocol (RFC 2165). You can switch off this protocol or tune (start?) SLP-server. -- Dmitriy Kirhlarov OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia P:+7 095 105 7247 F:+7 095 105 7246 E:[EMAIL PROTECTED] OILspace - The resource enriched - www.oilspace.com --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
cyrus imapd auth
Hi, list. I try use ldap-autentication. When I try work with imap-server without TLS/SSL -- all work. When I try use starttls -- autentication not work and, as I can see in slapd debug -- nobody try connect to server in this moment. My configs: --- $ cat /usr/local/etc/imapd.conf configdirectory: /var/imap partition-default: /var/spool/imap sieveusehomedir: false sievedir: /var/imap/sieve sasl_pwcheck_method: saslauthd servername: free2.mow.oilspace.com admins: cyrus root dkirhlarov tls_ca_file: /usr/local/etc/ssl/cacert.pem tls_cert_file: /usr/local/etc/ssl/imap-free2.crt tls_key_file: /usr/local/etc/ssl/imap-free2.key --- $ cat /usr/local/etc/saslauthd.conf ldap_servers: ldaps://free2.mow.oilspace.com/ ldap_search_base: ou=users,o=oilspace ldap_tls_cacert_file: /usr/local/etc/openldap/ssl/cacert.pem --- /var/log/messages in moment of connect I get: Jul 25 12:38:29 free2 imap[66302]: auxpropfunc error invalid parameter supplied Jul 25 12:38:29 free2 imap[66302]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied Jul 25 12:38:30 free2 imap[66302]: starttls: TLSv1 with cipher RC4-SHA (128/128 bits new) no authentication Jul 25 12:38:30 free2 imap[66302]: no user in db Jul 25 12:38:30 free2 imap[66302]: no user in db Jul 25 12:38:30 free2 imap[66302]: no secret in database Jul 25 12:38:30 free2 imap[66302]: badlogin: dkirhlarov.mow.oilspace.com [172.17.1.254] CRAM-MD5 [SASL(-13): user not found: no secret in database] --- $ uname -rs FreeBSD 5.4-STABLE I try use plaintext password over SSL for autentication. I must use only crypted connection between imap client-server, saslauthd-slapd. PS. Sorry for my english. -- Dmitriy Kirhlarov OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia P:+7 095 105 7247 F:+7 095 105 7246 E:[EMAIL PROTECTED] OILspace - The resource enriched - www.oilspace.com --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus imapd auth
On Mon, Jul 25, 2005 at 03:09:42PM +0200, Thomas B?rnert wrote: with cram-md5 your password should be stored in plaintext in ldap. is it encrypted ? No. Many hosts use this ldap db for system auth. {CRYPT} mechanism used for userPasswd. -- Dmitriy Kirhlarov OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia P:+7 095 105 7247 F:+7 095 105 7246 E:[EMAIL PROTECTED] OILspace - The resource enriched - www.oilspace.com --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Saslauthd and 2 authentication mechanism
On Wed, Jun 29, 2005 at 10:59:29AM +0200, Paul van der Vlis wrote: Hello, I want to use 2 authentication mechanisms with Saslauthd. When the first one gives no, it should try the other one. The man-page says: saslauthd supports one or more 'authentication mechanisms', but it does not work, saslauthd uses only the first mechanism. [EMAIL PROTECTED]:~/techniek$ ps ax | grep sasl 4951 ?Ss 0:00 /usr/sbin/saslauthd -a pam ldap 4952 ?S 0:00 /usr/sbin/saslauthd -a pam ldap 4953 ?S 0:00 /usr/sbin/saslauthd -a pam ldap 4954 ?S 0:00 /usr/sbin/saslauthd -a pam ldap 4955 ?S 0:00 /usr/sbin/saslauthd -a pam ldap I have also tried -a 'pam ldap' but then saslauthd does not start. Try -a pam -a ldap By. Dmitriy --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: ldap/imapd
On Tue, Jun 07, 2005 at 12:10:31PM -0400, Igor Brezac wrote: Many stories in the internet with using saslauthd and NOT using ldapS. What stories? saslauthd can use ldaps just fine. http://asg.web.cmu.edu/cyrus/download/imapd/install-configure.html http://deb.utalca.cl/?p=26 http://www.magic-lamp.org/howto_cyrusimap_ldap.0.html as example. I not want use saslauthd and want use ldap-over-ssl. Are you saying you want to use auxprop rather than saslauthd or your only requirement is to use ldaps. Both auxprop and saslauthd can be configured to use ldaps. I want use auxprop rather than saslauthd if possible (not strong requirement). And I have to use ldapS (it's strong requirement) You setup pts/ldap. You do not have any ldapdb related configuration. I suggest you learn more about sasl. See https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/doc/options.html?rev=1.30content-type=text/x-cvsweb-markup for ldapdb options. Yes. Thnx -- Dmitriy Kirhlarov OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia P:+7 095 105 7245 F:+7 095 105 7246 E:[EMAIL PROTECTED] OILspace - The resource enriched - www.oilspace.com --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
ldap/imapd
Hi, list. I want use cyrus-imapd with ldap authentication. ldap-server not local. Many stories in the internet with using saslauthd and NOT using ldapS. I not want use saslauthd and want use ldap-over-ssl. My system and packages: uname -rs pkg_info -Ix cyrus FreeBSD 5.4-RELEASE-p1 cyrus-imapd-2.2.12 The cyrus mail server, supporting POP3 and IMAP4 protocols cyrus-sasl-2.1.20_1 RFC SASL (Simple Authentication and Security Layer) cyrus-sasl-ldapdb-2.1.21 SASL LDAPDB auxprop plugin my imapd.conf: admins: root cyrus khamits allowanonymouslogin: 1 configdirectory: /var/imap defaultdomain: clh.cluster partition-default: /var/spool/imap fulldirhash: 1 hashimapspool: 1 imapidresponse: 1 ldap_filter: (uid=%D) ldap_member_attribute: uid ldap_member_base: ou=users,o=higis ldap_member_method: filter ldap_restart: 1 ldap_uri: ldaps://clh.cluster/ sasl_pwcheck_method: auxprop sievedir: /var/imap/sieve sieveusehomedir: 1 servername: clh.cluster singleinstancestore: 1 tls_ca_file: /etc/ssl/CA/cacert.pem tls_cert_file: /etc/ssl/CA/certs/cyrus-imapd.crt tls_key_file: /etc/ssl/CA/ssl.key/cyrus-imapd.key I install cmu-backend.conf as cyrus.conf When I run /usr/local/etc/rc.d/imapd.sh start I get this messages in the log: Jun 7 17:25:30 clh0 master[65028]: process started Jun 7 17:25:31 clh0 master[65032]: about to exec /usr/local/bin/ksrvtgt Jun 7 17:25:31 clh0 master[65032]: can't exec /usr/local/bin/ksrvtgt for startup: No such file or directory Jun 7 17:25:31 clh0 master[65028]: process 65032 exited, status 71 Jun 7 17:25:31 clh0 master[65033]: about to exec /usr/local/cyrus/bin/ctl_cyrusdb Jun 7 17:25:31 clh0 ctl_cyrusdb[65033]: recovering cyrus databases Jun 7 17:25:31 clh0 ctl_cyrusdb[65033]: skiplist: recovered /var/imap/mailboxes.db (0 records, 144 bytes) in 0 seconds Jun 7 17:25:31 clh0 ctl_cyrusdb[65033]: skiplist: recovered /var/imap/annotations.db (0 records, 144 bytes) in 0 seconds Jun 7 17:25:31 clh0 ctl_cyrusdb[65033]: done recovering cyrus databases Jun 7 17:25:31 clh0 master[65034]: about to exec /usr/local/cyrus/bin/ctl_mboxlist Jun 7 17:25:31 clh0 master[65028]: process 65034 exited, status 75 Jun 7 17:25:31 clh0 master[65028]: unable to create notifyd listener socket: No such file or directory Jun 7 17:25:31 clh0 master[65028]: unable to create lmtpunix listener socket: No such file or directory Jun 7 17:25:31 clh0 master[65028]: unable to create ptloader listener socket: No such file or directory Jun 7 17:25:31 clh0 master[65028]: ready for work Jun 7 17:25:31 clh0 master[65035]: about to exec /usr/local/bin/ksrvtgt Jun 7 17:25:31 clh0 master[65035]: can't exec /usr/local/bin/ksrvtgt on schedule: No such file or directory Where is error in my config? -- Dmitriy Kirhlarov OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia P:+7 095 105 7245 F:+7 095 105 7246 E:[EMAIL PROTECTED] OILspace - The resource enriched - www.oilspace.com --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html