no more dyld: Library not loaded (fixed), but now unable to dlopen ...
hi, per earlier post, changing: --- --with-openssl=/usr/local/ssl +++ --with-openssl=/usr/local/ssl/lib i no longer see errors: dyld: Library not loaded: /usr/local/ssl/lib/libssl.0.9.8.dylib Referenced from: /usr/local/cyrus-imap//libexec/ctl_cyrusdb Reason: image not found in shell on launch with -D. again, no errors in DEBUG mode in shell window ... but i DO now see in syslog: Sep 7 08:39:54 devuser CYRUSIMAP/master[1722]: process started Sep 7 08:39:55 devuser CYRUSIMAP/ctl_cyrusdb[1723]: recovering cyrus databases Sep 7 08:39:56 devuser CYRUSIMAP/ctl_cyrusdb[1723]: done recovering cyrus databases Sep 7 08:39:57 devuser CYRUSIMAP/master[1722]: ready for work Sep 7 08:39:58 devuser CYRUSIMAP/ctl_cyrusdb[1726]: checkpointing cyrus databases Sep 7 08:39:58 devuser CYRUSIMAP/lmtpunix[1730]: unable to dlopen /usr/local/cyrus-sasl/lib/sasl2/libdigestmd5.2.0.22.so: dlopen(/usr/local/cyrus-sasl/lib/sasl2/libdigestmd5.2.0.22.so, 2): Library not loaded: /usr/local/ssl/lib/libcrypto.0.9.8.dylib\n Referenced from: /usr/local/cyrus-sasl/lib/sasl2/libdigestmd5.2.0.22.so\n Reason: image not found Sep 7 08:39:58 devuser CYRUSIMAP/lmtpunix[1730]: unable to dlopen /usr/local/cyrus-sasl/lib/sasl2/libdigestmd5.2.so: dlopen(/usr/local/cyrus-sasl/lib/sasl2/libdigestmd5.2.so, 2): Library not loaded: /usr/local/ssl/lib/libcrypto.0.9.8.dylib\n Referenced from: /usr/local/cyrus-sasl/lib/sasl2/libdigestmd5.2.0.22.so\n Reason: image not found Sep 7 08:39:58 devuser CYRUSIMAP/imap[1727]: unable to dlopen /usr/local/cyrus-sasl/lib/sasl2/libdigestmd5.2.0.22.so: dlopen(/usr/local/cyrus-sasl/lib/sasl2/libdigestmd5.2.0.22.so, 2): Library not loaded: /usr/local/ssl/lib/libcrypto.0.9.8.dylib\n Referenced from: /usr/local/cyrus-sasl/lib/sasl2/libdigestmd5.2.0.22.so\n Reason: image not found Sep 7 08:39:58 devuser CYRUSIMAP/imap[1727]: unable to dlopen /usr/local/cyrus-sasl/lib/sasl2/libdigestmd5.2.so: dlopen(/usr/local/cyrus-sasl/lib/sasl2/libdigestmd5.2.so, 2): Library not loaded: /usr/local/ssl/lib/libcrypto.0.9.8.dylib\n Referenced from: /usr/local/cyrus-sasl/lib/sasl2/libdigestmd5.2.0.22.so\n Reason: image not found Sep 7 08:39:58 devuser CYRUSIMAP/imap[1727]: unable to dlopen /usr/local/cyrus-sasl/lib/sasl2/libdigestmd5.2.so: dlopen(/usr/local/cyrus-sasl/lib/sasl2/libdigestmd5.2.so, 2): Library not loaded: /usr/local/ssl/lib/libcrypto.0.9.8.dylib\n Referenced from: /usr/local/cyrus-sasl/lib/sasl2/libdigestmd5.2.0.22.so\n Reason: image not found Sep 7 08:39:58 devuser CYRUSIMAP/imap[1727]: unable to dlopen /usr/local/cyrus-sasl/lib/sasl2/libdigestmd5.2.0.22.so: dlopen(/usr/local/cyrus-sasl/lib/sasl2/libdigestmd5.2.0.22.so, 2): Library not loaded: /usr/local/ssl/lib/libcrypto.0.9.8.dylib\n Referenced from: /usr/local/cyrus-sasl/lib/sasl2/libdigestmd5.2.0.22.so\n Reason: image not found Sep 7 08:39:58 devuser CYRUSIMAP/imap[1727]: unable to dlopen /usr/local/cyrus-sasl/lib/sasl2/libdigestmd5.2.so: dlopen(/usr/local/cyrus-sasl/lib/sasl2/libdigestmd5.2.so, 2): Library not loaded: /usr/local/ssl/lib/libcrypto.0.9.8.dylib\n Referenced from: /usr/local/cyrus-sasl/lib/sasl2/libdigestmd5.2.0.22.so\n Reason: image not found Sep 7 08:39:58 devuser CYRUSIMAP/imap[1727]: unable to dlopen /usr/local/cyrus-sasl/lib/sasl2/libdigestmd5.2.so: dlopen(/usr/local/cyrus-sasl/lib/sasl2/libdigestmd5.2.so, 2): Library not loaded: /usr/local/ssl/lib/libcrypto.0.9.8.dylib\n Referenced from: /usr/local/cyrus-sasl/lib/sasl2/libdigestmd5.2.0.22.so\n Reason: image not found ... checking: % ls -al /usr/local/cyrus-sasl/lib/sasl2/libdigestmd5 -rwxr-xr-x 1 root wheel 133636 Sep 6 15:12 /usr/local/cyrus-sasl/lib/sasl2/libdigestmd5.2.0.22.so lrwxrwx--- 1 root wheel 22 Sep 6 15:12 /usr/local/cyrus-sasl/lib/sasl2/libdigestmd5.2.so - libdigestmd5.2.0.22.so -rwxr-xr-x 1 root wheel812 Sep 6 15:12 /usr/local/cyrus-sasl/lib/sasl2/libdigestmd5.la lrwxrwx--- 1 root wheel 22 Sep 6 15:12 /usr/local/cyrus-sasl/lib/sasl2/libdigestmd5.so - libdigestmd5.2.0.22.so as usual, no obvious clue as to what the problem is NOW :-( one thing that does strike me a little odd is the explicit presence of those \n in the log output ... thoughts? richard - -- /\ \ / ASCII Ribbon Campaign X against HTML email, vCards / \ micro$oft attachments [GPG] OpenMacNews at gmail dot com fingerprint: 50C9 1C46 2F8F DE42 2EDB D460 95F7 DDBD 3671 08C6 Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
ssl dyld: Library not loaded with either cyrus-imap v2.3.7 *or* cvs-head
Reason: image not found dyld: Library not loaded: /usr/local/ssl/lib/libssl.0.9.8.dylib Referenced from: /usr/local/cyrus-imap//libexec/lmtpd Reason: image not found dyld: Library not loaded: /usr/local/ssl/lib/libssl.0.9.8.dylib Referenced from: /usr/local/cyrus-imap//libexec/lmtpd Reason: image not found dyld: Library not loaded: /usr/local/ssl/lib/libssl.0.9.8.dylib Referenced from: /usr/local/cyrus-imap//libexec/imapd Reason: image not found dyld: Library not loaded: /usr/local/ssl/lib/libssl.0.9.8.dylib Referenced from: /usr/local/cyrus-imap//libexec/lmtpd Reason: image not found dyld: Library not loaded: /usr/local/ssl/lib/libssl.0.9.8.dylib Referenced from: /usr/local/cyrus-imap//libexec/lmtpd Reason: image not found dyld: Library not loaded: /usr/local/ssl/lib/libssl.0.9.8.dylib Referenced from: /usr/local/cyrus-imap//libexec/lmtpd Reason: image not found dyld: Library not loaded: /usr/local/ssl/lib/libssl.0.9.8.dylib Referenced from: /usr/local/cyrus-imap//libexec/imapd Reason: image not found dyld: Library not loaded: /usr/local/ssl/lib/libssl.0.9.8.dylib Referenced from: /usr/local/cyrus-imap//libexec/imapd Reason: image not found dyld: Library not loaded: /usr/local/ssl/lib/libssl.0.9.8.dylib Referenced from: /usr/local/cyrus-imap//libexec/lmtpd Reason: image not found dyld: Library not loaded: /usr/local/ssl/lib/libssl.0.9.8.dylib Referenced from: /usr/local/cyrus-imap//libexec/imapd Reason: image not found dyld: Library not loaded: /usr/local/ssl/lib/libssl.0.9.8.dylib Referenced from: /usr/local/cyrus-imap//libexec/lmtpd Reason: image not found dyld: Library not loaded: /usr/local/ssl/lib/libssl.0.9.8.dylib Referenced from: /usr/local/cyrus-imap//libexec/lmtpd Reason: image not found ... but /usr/local/ssl/lib/libssl.0.9.8.dylib, most certainly exists and is widely used by other apps. what do I need to do to get the ssl lib recognized? thanks, richard -- /\ \ / ASCII Ribbon Campaign X against HTML email, vCards / \ micro$oft attachments [GPG] OpenMacNews at gmail dot com fingerprint: 50C9 1C46 2F8F DE42 2EDB D460 95F7 DDBD 3671 08C6 Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: ssl dyld: Library not loaded with either cyrus-imap v2.3.7 *or* cvs-head
hi wes, thx for the reply! -- On September 6, 2006 10:50:21 PM -0400 Wesley Craig [EMAIL PROTECTED] wrote: On 06 Sep 2006, at 21:55, OpenMacNews wrote: i've been fighting this for awhile; i've posted b4, with no 'bites'. I've seen other reports on the list, including solutions. One common one was to use the instructions here: http://cyrus-imapd.darwinports.com/ yes, i've seen this ... and note simply: --with-openssl=${prefix} which i've done. without it, the make fails to even fink link the ssl libs into the generated executables. As I recall, another was to build your own openssl. which i also have done ... that's my own instance in /usr/local/ssl Frankly, this is a pretty common problem on Mac OS X. There's a lot of open source software that ships with the Mac that can't be used to build other open source software. true. which is why i typically build my own from src ... as i'm attempting to do tiwh cyrus, as well. that said, every other app i've built that links/uses 'my' ssl libs is problem-free. just cyrus-imap that's having 'issues' atm :-/ cheers, richard -- /\ \ / ASCII Ribbon Campaign X against HTML email, vCards / \ micro$oft attachments [GPG] OpenMacNews at gmail dot com fingerprint: 50C9 1C46 2F8F DE42 2EDB D460 95F7 DDBD 3671 08C6 Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: ssl dyld: Library not loaded with either cyrus-imap v2.3.7 *or* cvs-head
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 wes, - -- On September 6, 2006 11:49:44 PM -0400 Wesley Craig [EMAIL PROTECTED] wrote: OK, now I'm frustrated. I knew I'd seen a problem that sounded similar reported on the list before. Here's the reference: http://www.mail-archive.com/info-cyrus@lists.andrew.cmu.edu/ msg29699.html Reading through the two again, I'm not sure if this is the same at all. But at least I found the reference I was looking for. No mean feat, that. heh, that was me ;-) that gmp-related issue i made go away. no, not (exactly) the same ... but part of the seemingly never-ending struggle (well, at least 4 me ...) to get cyrus to behave w/ ssl ... like i said ... been plaguing me for awhile. richard - -- /\ \ / ASCII Ribbon Campaign X against HTML email, vCards / \ micro$oft attachments [GPG] OpenMacNews at gmail dot com fingerprint: 50C9 1C46 2F8F DE42 2EDB D460 95F7 DDBD 3671 08C6 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iEYEARECAAYFAkT/makACgkQlffdvTZxCMa20ACfUrCSz2wpRZshfdQdX4cTpe0W S6wAnAuNUuPn1ptsT55YYPMnnnFNjpO0 =TzU5 -END PGP SIGNATURE- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: ssl dyld: Library not loaded with either cyrus-imap v2.3.7 *or* cvs-head
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 hi wes, looks like the problem is (related to?) the: --with-openssl=PATH use OpenSSL from PATH my understanding was that PATH == ssl INSTALL path e.g., /usr/local/ssl looking in/at SMakefile, however, i note a reference to: SSL_CONFIG=/usr/local/lib pointing, obviously, to the LIB location ... that said, i replaced: --- --with-openssl=/usr/local/ssl +++ --with-openssl=/usr/local/ssl/lib and, now, i do NOT see the errors on launch. perhaps that should have been obvious ... alas, not 2 me :-/ anyway, yay. i think. now to see if 'everything else' is working. richard - -- /\ \ / ASCII Ribbon Campaign X against HTML email, vCards / \ micro$oft attachments [GPG] OpenMacNews at gmail dot com fingerprint: 50C9 1C46 2F8F DE42 2EDB D460 95F7 DDBD 3671 08C6 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iEYEARECAAYFAkT/rywACgkQlffdvTZxCMZCegCfRPo/NbcQ2dQLqU70CX1Dj/L1 +hQAoLddoWibaIXyPedPmmoz4+WSdbj5 =pQ2F -END PGP SIGNATURE- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
servername: assignment not displaying correctly
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 hi all, i've cyrus-imap v2.3.1 built/installed on osx 10.4.5. when i: % telnet mail.myserver.com imap the session response is: Connected to mail.myserver.com. Escape character is '^]'. * OK devserver Cyrus IMAP4 v2.3.1 server ready note, the 'devserver'. 'devserver' is the local host name of the box: % echo $host devserver but in my imapd.conf, i've assigned: defaultdomain: mail.myserver.com servername: mail.myserver.com -- THIS should do it where, i *thought* servername: defines what that the * OK ... response string should be. where/what must i define to properly assign/display that string? thx! richard - -- /\ \ / ASCII Ribbon Campaign X against HTML email, vCards / \ micro$oft attachments [GPG] OpenMacNews at gmail dot com fingerprint: 50C9 1C46 2F8F DE42 2EDB D460 95F7 DDBD 3671 08C6 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (Darwin) iEYEAREDAAYFAkP6NNYACgkQlffdvTZxCMZAfACeLt1B1ghcTC3pzDXpV0gV5bqc w3gAmwbh17RgK+rODbvSzRDEglADWXSR =YfXN -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: servername: assignment not displaying correctly
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 hi steve, where, i *thought* servername: defines what that the * OK ... response string should be. where/what must i define to properly assign/display that string? That's the right place, there's a bug in 2.3.1 (already fixed in CVS). See the thread starting here: http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrusmsg=38423 hey, for once it's NOT me being stupid :-) thx for the heads-up ... my quandry, as always, is whether to move to CVS for the latest-n-greatest fixes, or stick with the release (2.3.1) for which my 'favorite' patches (http://email.uoa.gr's autocreate autosievefolder) are 'safe' ... i am presuming that this fix, and fixes in general, are not backported to releases. i, of course, can apply the fix as a patch to 2.3.1 source myself ... do you, perchance, have a link to the *actual* cvs fix checkin? or is it as simple as your post implied, namely: s/hostname/config_servername/ in imap/imapd.c @ ln949 in void cmdloop()? cheers, richard - -- /\ \ / ASCII Ribbon Campaign X against HTML email, vCards / \ micro$oft attachments [GPG] OpenMacNews at gmail dot com fingerprint: 50C9 1C46 2F8F DE42 2EDB D460 95F7 DDBD 3671 08C6 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (Darwin) iEYEAREDAAYFAkP6OyEACgkQlffdvTZxCMZksACgr0l5jFs69GO0fkxvzvoCO/Pm Fl0AoMI0QxWU5rqU1uXa/upzpOxZmVUd =5Vd6 -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: servername: assignment not displaying correctly
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 hi steve, Nope, they didn't backport any of it, and it's basically that simple. ... This is all I changed on mine, and it Works for Me(tm) ez nuf ... works like a champ! % telnet mail.myserver.com imap Trying 10.0.0.5... Connected to mail.myserver.com. Escape character is '^]'. * OK mail.myserver.com Cyrus IMAP4 v2.3.1 server ready thx! cheers, richard - -- /\ \ / ASCII Ribbon Campaign X against HTML email, vCards / \ micro$oft attachments [GPG] OpenMacNews at gmail dot com fingerprint: 50C9 1C46 2F8F DE42 2EDB D460 95F7 DDBD 3671 08C6 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (Darwin) iEYEAREDAAYFAkP6RooACgkQlffdvTZxCMYa5QCdHpIWscdaQPn9BbE7XtwLwhdn GqEAn1ujbjI12qIaxIy3CRNq1yCd5HRO =KLV0 -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
no agentx master agent warnings ... huh?
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 hi all, i'm running cyrus-imapd 2.3.1 on osx 10.4.5. i can login, open files, etc etc. loggings fine ... or so it seems. if i restart in debug mode, -D, i see @ console: No log handling enabled - turning on stderr logging Warning: Failed to connect to the agentx master agent (/var/agentx/master): Unknown host (/var/agentx/master) (No such file or directory) what is this error/warning from? i have no: % ls -al /var/agentx /usr/local/bin/ls: /var/agentx: No such file or directory iiuc, this is net-snmp's agentx. my cyrus *is* compiled with: --with-snmp=/usr/local/net-snmp where: % /usr/local/net-snmp/sbin/snmpd --version NET-SNMP version: 5.2.2 Web: http://www.net-snmp.org/ Email: net-snmp-coders@lists.sourceforge.net and my net-snmp is config'd with: --with-mib-modules=agentx disman/event-mib smux ucd_snmp examples/example \ resulting in: - Net-SNMP configuration summary: - SNMP Versions Supported:1 2c 3 Net-SNMP Version: 5.2.2 Building for: darwin8 Network transport support: UDP TCP Unix Callback SNMPv3 Security Modules:usm Agent MIB code: snmpv3mibs mibII/snmp_mib mibII/system_mib mibII/sysORTable mibII/vacm_vars utilities/execute agentx disman/event-mib smux ucd_snmp SNMP Perl modules: building -- embeddable Embedded perl support: enabled Authentication support: MD5 SHA1 Encryption support: DES AES - thx! richard - -- /\ \ / ASCII Ribbon Campaign X against HTML email, vCards / \ micro$oft attachments [GPG] OpenMacNews at gmail dot com fingerprint: 50C9 1C46 2F8F DE42 2EDB D460 95F7 DDBD 3671 08C6 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (Darwin) iEYEAREDAAYFAkP6glkACgkQlffdvTZxCMaI5gCdHasD8l9MX71aeGpuZEybM2az 0j0Amwfx3mXdZ2Q+uV3fOZS0nEweZm9Z =w4xP -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: errors being incorrectly logged -- codes only, no descriptions
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 anyone? richard - -- /\ \ / ASCII Ribbon Campaign X against HTML email, vCards / \ micro$oft attachments [GPG] OpenMacNews at gmail dot com fingerprint: 50C9 1C46 2F8F DE42 2EDB D460 95F7 DDBD 3671 08C6 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (Darwin) iEYEAREDAAYFAkOBKowACgkQlffdvTZxCMYqBgCfddIhsZiF7m0RgHm5iEjWhB2C tEYAoIsy4NxZiqzMmZuTTRkrndEDnxFP =JBvA -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
errors being incorrectly logged -- codes only, no descriptions
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 hi all. i've cyrus imap v2.2.12 cvs-head on osx 10.4.3. in my error logs, i'm seeing errors like: devbox lmtp[11095]: Unknown Error Code: -### where these error_codes are defined in: ./imap/imap_err.strings as, generally : KEManager -### = imap; KEMessage -### = description of error; when correctly mapped, i'd expected to see the more-descriptive text in error-logs, e.g.: devbox lmtp[11095]: Error : description of error or some such ... fwiw, i've posted a bug a month ago @: https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=2721 suggestions? more infor needed? thx! richard - -- /\ \ / ASCII Ribbon Campaign X against HTML email, vCards / \ micro$oft attachments [GPG] OpenMacNews at gmail dot com fingerprint: 50C9 1C46 2F8F DE42 2EDB D460 95F7 DDBD 3671 08C6 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (Darwin) iEYEAREDAAYFAkN6iLgACgkQlffdvTZxCMaQogCfaNDuKl25DfJTqbX4oU7yvXG8 W8wAoLYVwSuoF0QFORMZf4h2CXgJLS7b =+Dw5 -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: errors being incorrectly logged -- codes only, no descriptions
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 hi henrique, thx 4 the reply =) Did you try rm -rf et/ in the cyrus toplevel dir, and installing your distribution's package that provides compile_et? (it is comerr-dev in Debian, if that helps). iiuc, close enuf ... here's the build notes for my current 'state' ... the result of a bunch of prior discussions, etc. note the compile_et stemps ... [ sorry for the cp here, but 'pastebin' is not reponding at the moment ... :-( ] cheers, richard cvs co cyrus (11/2/05 19:39:16) unsetenv CFLAGS CPPFLAGS CXX CXXFLAGS LDFLAGS LDDLFLAGS LD_PREBIND LC_ALL LANG LINGUAS setenv LDFLAGS -bind_at_load -ldl -L/usr/local/berkeley-db/lib -ldb -L/usr/local/cyrus-sasl/lib - -lsasl2 -lresolv -ldl setenv CPPFLAGS -I/usr/local/berkeley-db/include -I/usr/local/cyrus-sasl/include perl -pi -e 's/AC_PROG_RANLIB/AC_PROG_LIBTOOL/g' configure.in glibtoolize --force --copy aclocal -I cmulocal autoheader autoconf # cref: https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=2729 === ${EDITOR} master/service-thread.c @107 struct sockaddr_storage sin; socklen_t len = sizeof(sin); +/* XXX: OSX doesn't fill sockaddr correctly against AF_UNIX */ +sin.ss_family = AF_UNIX; + /* is this a connection from the local host? */ if (getpeername(fd, (struct sockaddr *) sin, len) == 0) { if (((struct sockaddr *)sin)-sa_family == AF_UNIX) { === === ${EDITOR} master/service.c @112 struct sockaddr_storage sin; socklen_t len = sizeof(sin); +/* XXX: OSX doesn't fill sockaddr correctly against AF_UNIX */ +sin.ss_family = AF_UNIX; + /* is this a connection from the local host? */ if (getpeername(fd, (struct sockaddr *) sin, len) == 0) { if (((struct sockaddr *)sin)-sa_family == AF_UNIX) { === ./configure \ - --enable-static=yes --enable-shared=yes \ --prefix=/usr/local/cyrus-imap \ --exec-prefix=/usr/local/cyrus-imap \ --bindir=/usr/local/cyrus-imap/bin \ --sbindir=/usr/local/cyrus-imap/sbin \ --libexecdir=/usr/local/cyrus-imap/libexec \ --libdir=/usr/local/cyrus-imap/lib \ --includedir=/usr/local/cyrus-imap/include \ --with-cyrus-prefix=/usr/local/cyrus-imap/bin \ --with-service-path=/usr/local/cyrus-imap/libexec \ --sysconfdir=/var/MailServer/Conf \ --datadir=/var/MailServer/Data/cyrus-imap \ --localstatedir=/var/MailServer/Process \ --with-pidfile=/var/MailServer/Process/cyrus-imap.pid \ --mandir=/var/Documentation/man \ - --with-bdb \ - --with-bdb-libdir=/usr/local/berkeley-db/lib \ - --with-bdb-incdir=/usr/local/berkeley-db/include \ --with-sasl=/usr/local/cyrus-sasl/ \ - --with-openssl=/usr/local/ssl \ - --with-perl=/usr/local/perl5/bin/perl \ - --with-libwrap \ - --with-auth=unix \ - --with-idle=idled \ - --disable-gssapi --without-gss_impl \ - --enable-listext \ - --enable-server \ - --enable-cyradm \ - --disable-cmulocal \ - --enable-murder \ - --with-syslogfacility=LOCAL6 \ - --with-com_err=/usr \ - --enable-sieve \ - --with-snmp=/usr/local/net-snmp \ - --disable-nntp perl -pi -e 's/\/usr\/lib\/libcom_err.a/-lcom_err/g' ./imap/Makefile perl -pi -e 's/\/usr\/lib\/libcom_err.a/-lcom_err/g' ./master/Makefile perl -pi -e 's/\/usr\/lib\/libcom_err.a/-lcom_err/g' ./notifyd/Makefile perl -pi -e 's/\/usr\/lib\/libcom_err.a/-lcom_err/g' ./SIEVE/Makefile perl -pi -e 's/\/usr\/lib\/libcom_err.a/-lcom_err/g' ./timsieved/Makefile cd /usr/ports/cyrus-imap/et compile_et test1.et cd /usr/ports/cyrus-imap/et compile_et test2.et cd /usr/ports/cyrus-imap/imap compile_et imap_err.et cd /usr/ports/cyrus-imap/imap compile_et mupdate_err.et cd /usr/ports/cyrus-imap/imap compile_et nntp_err.et cd /usr/ports/cyrus-imap/SIEVE compile_et sieve_err.et cd /usr/ports/cyrus-imap make depend make all make install - -- /\ \ / ASCII Ribbon Campaign X against HTML email, vCards / \ micro$oft attachments [GPG] OpenMacNews at gmail dot com fingerprint: 50C9 1C46 2F8F DE42 2EDB D460 95F7 DDBD 3671 08C6 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (Darwin) iEYEAREDAAYFAkN6pqsACgkQlffdvTZxCMaOzACePAW8v/ZxCVQFTTdboGrBkiuF YzIAn2a9KTu+64mX9U4BasLlOsuCa+bi =m6qk -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
only numeric Unknown Error Code in logs; KEMessage from imap_err.strings not being logged
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 hi all. i've cyrus imap v2.2.12 on osx 10.4.3. in my error logs, i'm seeing errors like: devbox lmtp[11095]: Unknown Error Code: -### where these error_codes are defined in: ./imap/imap_err.strings as, generally : KEManager -### = imap; KEMessage -### = description of error; when correctly mapped, i'd expected to see the more-decriptive text in error-logs, e.g.: devbox lmtp[11095]: Error : description of error or some such ... fwiw, i've posted a bug ~ a month ago @: https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=2721 suggestions? thx! richard - -- /\ \ / ASCII Ribbon Campaign X against HTML email, vCards / \ micro$oft attachments [GPG] OpenMacNews at gmail dot com fingerprint: 780A 5C81 D446 C616 B113 AA3A 9BF4 3736 88A5 678E -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (Darwin) iEYEAREDAAYFAkNwNVkACgkQm/Q3NoilZ46tWQCfV9XiRwMwyHQOWGozStrLgHmk 25EAn2xNVKmyqMoJh9TAz9qcHLRv5gyT =bcys -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
lmtp delivery to cyrus store over unix socket requires /etc/hosts.allow entry. why?
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 hi all, first -- i'd posted this 1st on exim-users, suspecting it may be an exim issue, but the thinking is that it may well be a cyrus issue, or prehaps OSX ... that said, i'm delivering to my cyrus-imap (CVS) store using an lmtp socket transport from exim 4.54: cyrus_lmtp_unixsock: debug_print = EXIM-DEBUG [T:cyrus_lmtp_unixsock] for [EMAIL PROTECTED] driver = lmtp socket = /var/MailServer/Process/lmtp.socket envelope_to_add user= MY_USER cyrus.conf is configured with: lmtpunix cmd=lmtpd -a -C /var/MailServer/Conf/imapd.conf listen=/var/MailServer/Process/lmtp.socket prefork=2 on delivery attempt, my EXIM log shows a failed attempt, indicating that the LMTP connection is closed: 2005-10-17 20:35:14 -0700 IOJDYN-FT-OY == [EMAIL PROTECTED]@testdomain.com [EMAIL PROTECTED] R=cyrus_localuser T=cyrus_lmtp_unixsock defer (-1): LMTP connection closed after initial connection and syslog shows: Oct 17 20:35:14 devbox CYRUS/lmtpunix[564]: refused connection from 0.0.0.0 after a bit of thrashing around, i find that if i add to /etc/hosts.allow lmtpunix : 0.0.0.0 delivery completes successfully! now, cyrus IS config'd/built --with-libwrap, so i can use tcpwrappers to secure my OTHER cyrus services (imap, imaps, sieve, etc) which are running on TCPSockets ... QUESTION: why is a hosts.allow entry required in the 1st place for lmtpunix transport over a UNIXsocket? and, why 0.0.0.0 for localhost, rather than 127.0.0.1 or 'localhost' in hosts.allow? the suggestion on exim-users (thx Tony!) is that: the code looks like it won't call tcpwrappers for Unix domain sockets. BUT, if the kernel 'lies' to it and returns the wrong kind of socket address from getpeername() then Cyrus will do the wrong thing. thanks for any/all clarification! cheers, richard - -- /\ \ / ASCII Ribbon Campaign X against HTML email, vCards / \ micro$oft attachments [GPG] OpenMacNews at gmail dot com fingerprint: 780A 5C81 D446 C616 B113 AA3A 9BF4 3736 88A5 678E -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (Darwin) iEYEAREDAAYFAkNVI7oACgkQm/Q3NoilZ467uACffdE79XLZ4cyT6t+A8JAr10ih eg4Anil6XuL6WkWqRn/JuLtVzlW//B/l =LanL -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: lmtp delivery to cyrus store over unix socket requires /etc/hosts.allow entry. why?
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 hi, Hajimu UMEMOTO wrote: I don't know about MacOS X, but there was similar bug in FreeBSD. So, our port still applies following patch to avoid the bug in old version of FreeBSD: Index: master/service-thread.c diff -u master/service-thread.c.orig master/service-thread.c --- master/service-thread.c.orig Wed Jan 22 22:52:36 2003 +++ master/service-thread.c Wed Jan 22 23:09:52 2003 @@ -99,6 +99,9 @@ struct sockaddr_storage sin; socklen_t len = sizeof(sin); +/* XXX: old FreeBSD didn't fill sockaddr correctly against AF_UNIX */ +sin.ss_family = AF_UNIX; + /* is this a connection from the local host? */ if (getpeername(fd, (struct sockaddr *) sin, len) == 0) { if (((struct sockaddr *)sin)-sa_family == AF_UNIX) { i tried making this _specific_ change to my cyrus code, but, to no avail ... delivery _still_ requires the presence of: lmtpunix : 0.0.0.0 in /etc/hosts.allow i think i'll file this as a bug ... cheers, richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (Darwin) iEYEAREDAAYFAkNVP9kACgkQm/Q3NoilZ44kZACfbwxXGKd0LY2qt9GvrXay7QI2 gqsAn1cgRBVODBfpryW3bN/MK87vW38/ =KXHp -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: lmtp delivery to cyrus store over unix socket requires /etc/hosts.allow entry. why?
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 hi again, Oops, there is same chunk in master/service.c, and it is used in usual. ok. making changes to BOTH files seems to workaround the problem ... i NO LONGER NEED the /etc/hosts.allow entry ... i'll enter the info to the bug (#2729) for someone on the dev team to consider. thx! cheers, richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (Darwin) iEYEAREDAAYFAkNVTEoACgkQm/Q3NoilZ46P/gCeL42y0J68ph6tseLqpmOUKX0s uasAnjwN75KUvvhHlVSRPfHYR1AESZ6f =emok -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: how are 'sasl_minimum_layer' TLS related/dependent?
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 hi mitu, thx for the detailed reply! 1st, my 'bottom line': imtest: i CAN login w/ TLS via STARTTLS on port 143 TBird: i CAN login w/ TLS, but no trace of STARTLS and only on port 993 details follow ... here: my understanding was that 'sasl_minimum_layer' = 64 (128?) was *REQUIRED* for TLS protection ... it should be required from the client's point of view and not from the server. But sasl_minimum_layer is set up to 64 even without encryption, just with integrity protection (e.g. DIGEST-MD5 without TLS yields an ssf of 128). here is a snippet of a imtest session: S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE STARTTLS AUTH=DIGEST-MD5 SASL-IR S: C01 OK Completed C: A01 AUTHENTICATE DIGEST-MD5 [..] S: A01 OK Success (privacy protection) Authenticated. Security strength factor: 128 x logout * BYE LOGOUT received x OK Completed ok. with: imtest -v \ - -t CERTS/mail.testdomain.com.CYRUSkey.rsa.pem \ - -p imap \ - -m cram-md5 \ - -a [EMAIL PROTECTED] \ - -u [EMAIL PROTECTED] \ - -r mail.testdomain.com\ mail.testdomain.com and: sasl_minimum_layer: 128 sasl_mech_list: PLAIN CRAM-MD5 DIGEST-MD5 allowplaintext: no here's a similar snippet of mine: C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE STARTTLS LOGINDISABLED AUTH=DIGEST-MD5 SASL-IR LISTEXT LIST-SUBSCRIBED S: C01 OK Unknown Error Code: -1904809420 C: S01 STARTTLS S: S01 OK Begin TLS negotiation now starting TLS engine setting up TLS connection SSL_connect:before/connect initialization [..] SSL_connect:SSLv3 write client hello A [..] SSL_connect:SSLv3 read finished A subject_CN=mail.testdomain.com, issuer_CN=PRESENCE Group .network CA TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits) Asking for capabilities again since they might have changed [..] C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=PLAIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR LISTEXT LIST-SUBSCRIBED [..] S: C01 OK Unknown Error Code: -1904809420 C: A01 AUTHENTICATE CRAM-MD5 S: A01 OK Success (tls protection) Authenticated. Security strength factor: 256 with LOG showing: [..] Oct 9 08:46:37 devbox DMCYRUS/imap[5319]: starttls: TLSv1 with cipher AES256-SHA (256/256 bits new) authenticated as mail.testdomain.com Oct 9 08:46:46 devbox DMCYRUS/imap[5319]: login: devbox.internal.presence-group.net [172.30.11.5] [EMAIL PROTECTED] CRAM-MD5+TLS User logged in [..] ok, LOGGED in with TLS! if I set sasl_minimum_layer to 128 then I cannot login with cram-md5 (without SSL/TLS), here is the cyrus log: badlogin: host [10.1.0.3] PLAIN [SASL(-4): no mechanism available: mech CRAM-MD5 is too weak] and the imtest response was: [...] S: C01 OK Completed C: A01 AUTHENTICATE CRAM-MD5 S: A01 NO mechanism too weak for this user Authentication failed. generic failure Security strength factor: 0 But with SSL involved this works: [..] S: C01 OK Completed C: A01 AUTHENTICATE CRAM-MD5 S: A01 OK Success (tls protection) Authenticated. Security strength factor: 256 ok. withOUT tls: imtest -v \ -p imap \ -m cram-md5 \ -a [EMAIL PROTECTED] \ -u [EMAIL PROTECTED] \ -r mail.testdomain.com \ mail.testdomain.com Oct 9 08:49:04 devbox DMCYRUS/imap[5348]: badlogin: devbox.internal.presence-group.net [172.30.11.5] CRAM-MD5 [SASL(-15): mechanism too weak for this user: mech CRAM-MD5 is too weak] yup. failed as you explained/suggested. good! what *is* the relationship/dependency of sasl_minimum_layer TLS? TLS increases the SSF (security strength factor) and sasl_minimum_layer enforces a minumum SSF. ok. clear. Please note that using an authentication mech that provides integrity (such as DIGEST-MD5 or GSSAPI) increases the SSF also (see my example on DIGEST-MD5 without SSL/TLS). did not know that! fwiw, here's an add'l helpful reference: SASL Authentication http://java.sun.com/products/jndi/tutorial/ldap/security/sasl.html one 'suspect' ... to connect via TLS, TBird *requires* the following setup: [..] is there, perhaps, an 'issue' with the port993 use defaulting to some minimum_layer strength despite my imapd.conf setting? Traditionally port 993 is for imaps (that it IMAP/SSL) in which the client starts connects 'directly' over a SSL connection and negotiates encryption, it's not like TLS/STARTTLS in which the client starts in plain text the
Re: how are 'sasl_minimum_layer' TLS related/dependent?
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 hi mitu, fyi. after digging thru mozilla's bugzilla site, i find that, in ADDITION TO the default TBird config in prefs.js of: security.enable_tlsdefault boolean true one has to ADD: mail.server.default.useTLS userset boolean true if you ask me, that is NOT very obvious ... :-{ anyway, NOW on TBird config'd as: Server Type: IMAP Mail Server Server Name: {mail.testdomain.com} Port: {993} Default: 993 [x] Use secure connection (SSL) [x] Use secure authentication i can connect to Cyrus port 993 (143 still does NOT 'work' ...), i see in my cyrus log: Oct 9 11:23:14 devbox DMCYRUS/imaps[5576]: starttls: TLSv1 with cipher AES256-SHA (256/256 bits new) no authentication Oct 9 11:23:14 devbox DMCYRUS/imaps[5576]: login: mail.testdomain.com [10.0.0.6] [EMAIL PROTECTED] CRAM-MD5+TLS User logged in which, i think, is what i SHOULD be seeing strangely, i still do NOT see STARTTLS advertised in TBird's imap session protocol log: 39686656[514d090]: 25dde00:mail.testdomain.com:NA:CreateNewLineFromSocket: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=PLAIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR LISTEXT LIST-SUBSCRIBED 39686656[514d090]: ReadNextLine [stream=514d3e8 nb=38 needmore=0] 39686656[514d090]: 25dde00:mail.testdomain.com:NA:CreateNewLineFromSocket: 1 OK Unknown Error Code: -1904809420 39686656[514d090]: 25dde00:mail.testdomain.com:NA:SendData: 2 authenticate CRAM-MD5 39686656[514d090]: ReadNextLine [stream=514d3e8 nb=56 needmore=0] 39686656[514d090]: 25dde00:mail.testdomain.com:NA:CreateNewLineFromSocket: + PDMyMzMzOTYyDUxNmM4NTZYWlsLm9wZW5leGVjLmNvbT4= 39686656[514d090]: 25dde00:mail.testdomain.com:NA:SendData: Ymxha2Vyc0BvcGVuZXhlYy5jb20gM2Q4ZNDgwOTY2OEBtYjk2ZjZjhlNjE1YmY= 39686656[514d090]: ReadNextLine [stream=514d3e8 nb=31 needmore=0] 39686656[514d090]: 25dde00:mail.testdomain.com:NA:CreateNewLineFromSocket: 2 OK Success (tls protection) why do i have this sneaking suspicion that TBird's STARTTLS implementation is not 100% ... ? richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (Darwin) iEYEAREDAAYFAkNJZPYACgkQGnqMy4gvZ6GfdQCfR2m8kuatoawVO8Ul2+vprwTx pR4AmQHbVz5pVZslps/mzvwzb90cwvVO =nuRJ -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: how are 'sasl_minimum_layer' TLS related/dependent?
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 hi mitu, 1st, THANKS very much for your time ... your comments have been a great guide! =) which, i think, is what i SHOULD be seeing yes, this is correct. gr8! strangely, i still do NOT see STARTTLS advertised in TBird's imap session protocol log: [..] That's because the connection is already under the SSL layer, logging was done by cyrus/imaps. Cyrus logs this connection as starttls and adds 'no authentication' [..] It's perfectly normal. aha. THAT'S why 'no authentication' is there :-} why do i have this sneaking suspicion that TBird's STARTTLS implementation is not 100% ... ? ... I forgot about TB's inability to support the 'STARTTLS' command and a quick test at my server showed that. ok, so i'm NOT losing my mind. (at least not on THIS issue ...) TB (1.5beta2) and voila ! This is TLS over the 143 port, which I cannot convince TB 1.0.7 to do. In the new TB build you have as security options [ ] TLS, if available [ ] TLS [ ] SSL. there are the same settings TB has currently (1.0.7) for the SMTP server (which has it's own STMP 'STARTTLS' command and smtps mode just as IMAP has). excellent. I cannot tell right now if the older Mozilla suite builds have the same options as the recent Seamonkey build has, but since you use TB then it means that for now you'll just use imaps and wait for a new release. can't move to it yet, as most of the extensions i want aren't yet compatible :-/ but, that's good news on the horizon! now, TO SUMMARIZE ... for those likewise interested, here's what i've landed on, given mitu's help/clarification ... my goal state: server == CyrusIMAP 2.2.12 cvs TBird v107 TLS connection + encrypted login cyradm connection to server ONLY via: SSH TO server logging in to server's LOCALHOST intfc under encryption layer using: cyradm \ --user my.admin \ --auth DIGEST-MD5 \ --port 143 \ --server localhost to make this all work (from now, until TBird 1.5b2 is an option for me ...), since cyradm does NOT apparently have capability to login w/ TLS encryption, i've split my imap config in two, { QUESTION NOTE: it is NOT clear to me, yet, whether sasl_minimum_layer 129 has any further effect, as all allowed MECHS (plain, cram, digest) are already forced to use TLS ... i.e., is there ANY further difference between, e.g., sasl_minimum_layer: 129 and sasl_minimum_layer: 256? } imapd.conf: # this is for all IMAP logins to mail server's EXTERNAL intfc # cyradm to EXTERNAL intfc will NOT work, reporting: # badlogin: ... DIGEST-MD5 [SASL(-15): mechanism too weak for this user: mech DIGEST-MD5 is too weak] sasl_mech_list: PLAIN CRAM-MD5 DIGEST-MD5 allowplaintext: no sasl_minimum_layer: 129 # if 'sasl_minimum_layer' then CAPABILITY advertises # --- -- # 0 STARTTLS LOGINDISABLED AUTH=DIGEST-MD5 AUTH=CRAM-MD5 # 1-128 STARTTLS LOGINDISABLED AUTH=DIGEST-MD5 # =129 STARTTLS LOGINDISABLED @include: imapd-common.conf imapd-local.conf # this defines/enables cyradm login for LOCALHOST, requiring # DIGEST-MD5's encryption 'strength' sasl_minimum_layer: 128 sasl_mech_list: DIGEST-MD5 allowplaintext: no @include: imapd-common.conf with cyrus.conf config'd as: ... SERVICES { imap cmd=imapd-C imapd.conf listen=10.0.0.5:imap prefork=1 imapscmd=imapd -s -C imapd.conf listen=10.0.0.5:imaps prefork=1 imaplocalcmd=imapd-C imapd-local.conf listen=127.0.0.1:imap prefork=1 ... finally, i've configured TBird v107 as: Account Settings(this account)Server Settings Server Type: IMAP Mail Server Server Name: {mail.testdomain.com} Port: {993} Default: 993 [x] Use secure connection (SSL) [x] Use secure authentication Advanced ...
how are 'sasl_minimum_layer' TLS related/dependent?
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 hi all, i'm connecting to my cyrus-imap 2.2.12-cvs server on OSX 10.4.2 with a Thunderbird v107 client. i've configured for TLS use, with imapd.conf including: sasl_minimum_layer: 128 sasl_mech_list: PLAIN allowplaintext: no i can login successfully, my TBird protocol log shows TLS 'protection': 40102400[5160f90]: 2330600:mail.testdomain.com:NA:CreateNewLineFromSocket: 1 OK Success (tls protection) per a long-ago post: Re: is TLS/SSL selection/connection ONLY via port 993? http://www.irbs.net/internet/info-cyrus/0411/0216.html from: Henrique de Moraes Holschuh my understanding was that 'sasl_minimum_layer' = 64 (128?) was *REQUIRED* for TLS protection ... BUT, my config _seems_ to be insenitive to it. if i change my imapd.conf entry to: sasl_minimum_layer: 0 i would have expected the connect to fail, but i *still* get TLS enabled: 38991872[53b89c0]: 26a2c00:mail.testdomain.com:NA:CreateNewLineFromSocket: 1 OK Success (tls protection) ### QUESTION: ### what *is* the relationship/dependency of sasl_minimum_layer TLS? one 'suspect' ... to connect via TLS, TBird *requires* the following setup: Account Settings(this account)Server Settings Server Type: IMAP Mail Server Server Name: {mail.testdomain.com} Port: {993} Default: 993 [x] Use secure connection (SSL) [ ] Use secure authentication that Use secure connection (SSL) *must be checked ... per that earlier referenced post: imapd -s is for IMAP connections that are externally wrapped by SSL (bad). imapd is for non-encrypted IMAP connections, and IMAP connections that use TLS (good). is there, perhaps, an 'issue' with the port993 use defaulting to some minimum_layer strength despite my imapd.conf setting? confused here ... any insight would be much appreciated! thx! richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (Darwin) iEYEAREDAAYFAkNIq/sACgkQGnqMy4gvZ6FikwCeLjo/kaRQTuJQtORNwnmqO410 FEQAnisM89Wzdr6ukQ+DaZBUVrL8QOgq =uI3P -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: help pls? imtest OK for localhost, fails for same box @ IP .... where to start looking?
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 hi georg, thx for the reply ! i have the same problem. The problem is the realm that cyrus adds to the username. Am I correct that you have set virtdomains: yes? yes, that is correct. my virtdomains == yes watching the debug log, it looks like this: imtest localhost: login with [EMAIL PROTECTED] ok. mine is: imtest -t -p imap -m plain -a my.admin -u [EMAIL PROTECTED] 127.0.0.1 login: localhost [127.0.0.1] testuser PLAIN+TLS imtest servername.domain.com: login with [EMAIL PROTECTED] ok. mine is: imtest -t -p imap -m plain -a my.admin -u [EMAIL PROTECTED] mail.testdomain.com badlogin: mail.testdomain.com [10.0.0.6] PLAIN [SASL(-13): user not found: Password verification failed] BUT, iiuc, it seems YOU have a successful login, but i do not :-{ hmmm. i think i'm confused ... what do you mean login with, epcifically? imtest servername.domain.com (from another machine): login with [EMAIL PROTECTED] i don't (yet) have imtest installed on another machine ... -- I don't understand this part! But since I know this behaviour I just accept it :( thx! richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (Darwin) iEYEAREDAAYFAkNGJhQACgkQGnqMy4gvZ6H4FACdHSlPCjrm2CyGFJJGk9XUWXws ZGAAnRv3W47dWuQ4zRxVq2MqLNC3vyjx =X1fg -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Unknown Error Code on imtest ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 hi all, i've installed: imap 2.2.12 + sasl 2.1.20 when i test with, imtest -t -p imap -m plain-a my.admin -u my.admin localhost i get successful AUTH, but an Unknown Error Code here's the session's console output: S: * OK mail.testdomain.com Cyrus IMAP4 v2.2.12 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE STARTTLS AUTH=DIGEST-MD5 AUTH=DIGEST-MD5 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=CRAM-MD5 AUTH=CRAM-MD5 SASL-IR LISTEXT LIST-SUBSCRIBED S: C01 OK Unknown Error Code: -1904809420 C: S01 STARTTLS S: S01 OK Begin TLS negotiation now verify error:num=19:self signed certificate in certificate chain TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits) C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=PLAIN AUTH=PLAIN AUTH=PLAIN AUTH=LOGIN AUTH=LOGIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=DIGEST-MD5 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=CRAM-MD5 AUTH=CRAM-MD5 SASL-IR LISTEXT LIST-SUBSCRIBED S: C01 OK Unknown Error Code: -1904809420 Please enter your password: C: A01 AUTHENTICATE PLAIN = S: A01 OK Success (tls protection) Authenticated. Security strength factor: 256 is this a bug, or know issue? fwiw, uname -a Darwin devbox 8.2.0 Darwin Kernel Version 8.2.0: Fri Jun 24 17:46:54 PDT 2005; root:xnu-792.2.4.obj~3/RELEASE_PPC Power Macintosh powerpc thx. richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (Darwin) iEYEARECAAYFAkNFm20ACgkQGnqMy4gvZ6FopwCffmmuzBbe5U/lB3CnOjOHCzCY 4fgAnj9MTkPO33+CEKnpx59vsG+ADutY =4ayz -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Unknown Errors are, actually, known, but not logging the descriptions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 hi all, on a whim, i grep'd the src for the Unknown Error Codes reported in my two different posts: Unknown Error Code on imtest ? S: C01 OK Unknown Error Code: -1904809420 [bug?] lmtpd prefork=1 results in FATAL: Unknown Error Code Oct 5 14:44:06 devbox master[11053]: service lmtp pid 11094 in READY state: terminated abnormally Oct 5 14:44:07 devbox lmtp[11095]: Unknown Error Code: -1904809464 Oct 5 14:44:07 devbox lmtp[11095]: FATAL: Unknown Error Code: -190480946 and, to my surprise, found them all in ./imap/imap_err.strings KEManager -1904809420 = imap; KEMessage -1904809420 = Completed; KEManager -1904809464 = imap; KEMessage -1904809464 = Invalid namespace prefix in configuration file; KEManager -1904809469 = imap; KEMessage -1904809469 = mail system storage has been exceeded; so, the good news is that i now know what's CAUSING these error, and can go track the problems down ... lesson learned. but, now, there's the issue of WHY the error codes are being logged as Unknown rather than picking up the descriptions from 'imap_err.strings'. suggestions? richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (Darwin) iEYEARECAAYFAkNFqW0ACgkQGnqMy4gvZ6FnDQCfZel5QTQClyXw5QkP8FVkiNYo 2YgAnjBm2JVO1VsjjvDPjA59A6HrTeT6 =fNXp -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
help pls? imtest OK for localhost, fails for same box @ IP .... where to start looking?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 hi all, testing my cyrus imap v 2.2.12 + sasl v 2.1.22, with: % imtest -t -p imap -m plain -a my.admin -u [EMAIL PROTECTED] 127.0.0.1 i CAN login successfully log: -- Oct 6 22:24:24 devbox DMCYRUS/imaplocal[2012]: login: localhost [127.0.0.1] blakers PLAIN+TLS User logged in BUT, if i change localhost--mail.testdomain.com, which is the SAME BOX, just the external IP, login fails: imtest -t -p imap -m plain -a my.admin -u [EMAIL PROTECTED] mail.testdomain.com log: -- Oct 6 22:24:10 devbox DMCYRUS/imap[2010]: badlogin: mail.testdomain.com [10.0.0.6] PLAIN [SASL(-13): user not found: Password verification failed] i'm going nuts trying to track down the problem ... from my understanding, these two should return the same result for the same box :-/ i'm GUESSING there's a config problem in imapd.conf, but for the life of me i dunno. suggestions as to where to look? thx! richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (Darwin) iEYEARECAAYFAkNGChkACgkQGnqMy4gvZ6EvrACfT0hNIpulKB4t+0//hnKVop2g r/MAoIVjgFiGsGwXlLJuAo7LsZKPLul9 =JcLo -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
[bug?] lmtpd prefork=1 results in FATAL: Unknown Error Code
hi all, a little more info on this problem ... i can now stop/reproduce it. i've cyrus imap 2.2.12 + sasl 2.1.22 beta on OSX 10.4.2 i'm able to launch/use lmtpd w/ no problems, if prefork=0, config'd (in cyrus.conf) as: lmtp cmd=lmtpd -a -C imapd.conf listen=127.0.0.1:lmtp prefork=0 however, if i CHANGE to prefork=1, i get the following repeating error: Oct 5 14:44:06 devbox master[11053]: service lmtp pid 11094 in READY state: terminated abnormally Oct 5 14:44:07 devbox lmtp[11095]: Unknown Error Code: -1904809464 Oct 5 14:44:07 devbox lmtp[11095]: FATAL: Unknown Error Code: -190480946 this ONLY happens when prefork-ing lmtpd; other SERVICES are OK. any help in tracking this down would be appreciated. cheers, richard = requested info === • version of imapd 2.2.12 • version of libsasl 2.1.22 beta • your system type Darwin devbox 8.2.0 Darwin Kernel Version 8.2.0: Fri Jun 24 17:46:54 PDT 2005; root:xnu-792.2.4.obj~3/RELEASE_PPC Power Macintosh powerpc • the options you passed to ./configure ./configure \ --enable-static=yes --enable-shared=yes \ --with-cyrus-user=darkmatter --with-cyrus-group=darkmatter \ --with-bdb \ --with-bdb-libdir=/usr/local/berkeley-db/lib \ --with-bdb-incdir=/usr/local/berkeley-db/include \ --with-openssl=/usr/local/ssl \ --with-perl=/usr/bin/perl \ --with-libwrap \ --with-auth=unix \ --with-idle=idled \ --disable-gssapi --without-gss_impl \ --enable-listext \ --enable-server \ --enable-cyradm \ --disable-cmulocal \ --disable-murder \ --enable-nntp \ --with-syslogfacility=LOCAL6 \ --with-com_err=/usr \ --enable-sieve \ --without-snmp • the errors from make none • the config.status file generated by configure it's big ... let me know if needed. Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
getting Unknown FATAL error from lmtp. where to start?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 hi all, on starting my cyrus master (v 2.2.12), i get the following @ console: Oct 4 00:17:53 devbox master[17865]: process started Oct 4 00:17:54 devbox ctl_cyrusdb[17867]: recovering cyrus databases Oct 4 00:17:54 devbox ctl_cyrusdb[17867]: skiplist: recovered /var/MailServer/Data/cyrus-imap/mailboxes.db (0 records, 144 bytes) in 0 seconds Oct 4 00:17:54 devbox ctl_cyrusdb[17867]: skiplist: recovered /var/MailServer/Data/cyrus-imap/annotations.db (0 records, 144 bytes) in 0 seconds Oct 4 00:17:56 devbox ctl_cyrusdb[17867]: done recovering cyrus databases Oct 4 00:17:56 devbox ctl_cyrusdb[17874]: checkpointing cyrus databases Oct 4 00:17:56 devbox lmtp[17875]: Unknown Error Code: -1904809464 Oct 4 00:17:56 devbox lmtp[17875]: FATAL: Unknown Error Code: -1904809464 Oct 4 00:17:57 devbox lmtp[17876]: Unknown Error Code: -1904809464 Oct 4 00:17:57 devbox lmtp[17876]: FATAL: Unknown Error Code: -1904809464 Oct 4 00:17:58 devbox lmtp[17877]: Unknown Error Code: -1904809464 Oct 4 00:17:58 devbox lmtp[17877]: FATAL: Unknown Error Code: -1904809464 (... repeat loop ...) i don't even know where to begin to debug this ... suggestions? thx! richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (Darwin) iEYEARECAAYFAkNCMKgACgkQGnqMy4gvZ6ENLgCfR7j27pZ0A1Db5uetQlW/b7ug ZcYAniU0jGr5Itw9CYEaJrxmg+eJLouM =jKnh -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
mkimap fails if @include in imapd.conf
hi, this was reported, per suggestion, as a bug (https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=2604) in Jan '05 ... in Cyrus-IMAP ver = 2.1.20, on OSX 10.4.1, % sudo -u adminuser mkimap works as expected, and without error, in creating: %ls db log msg proc ptclient socket as long as the referenced imapd.conf: == (EDITOR) mkimap @62 $imapdconf = shift || /etc/imapd.conf; == does NOT contain an @ include: directive. however, if i change imapd.conf to refer to an include file, e.g: == (EDITOR) imapd.conf admins: my_admin lmtp_admins: my_admin.lmtp sasl_minimum_layer: 128 @include: /var/cyrus-imap/settings/imapd-common.conf == then % sudo -u adminuser mkimap returns an error: reading configure file... done Use of uninitialized value in concatenation (.) or string at (eval 1) line 55. configuring ... Use of uninitialized value in chdir at (eval 1) line 59. Use of chdir('') or chdir(undef) as chdir() is deprecated at (eval 1) line 59. Use of uninitialized value in concatenation (.) or string at (eval 1) line 59. couldn't change to at (eval 1) line 59. % fwiw, if i run mkimap on an imapd.conf w/o an include, then subsequently restructure my imapd*.conf(s) to include the references i'd like, everything ELSE seems (so far) to not mind the include directive ... cheers, richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus-IMAPd-cvs OK on OSX 10.4.1 w/ --disable-sieve; Bus Error w/ --enable-sieve
hi, bldg unpatched Cyrus-IMAPd-cvs (6/20/05 01:00:00) w/ Cyrus-SASL v2.1.22 on OSX 10.4.1 if configured w/: ... --disable-sieve ... install is successful: % otool -L /usr/local/cyrus-imap/libexec/imapd /usr/local/cyrus-imap/libexec/imapd: /usr/local/cyrus-sasl/lib/libsasl2.2.dylib (compatibility version 3.0.0, current version 3.22.0) /usr/lib/libresolv.9.dylib (compatibility version 1.0.0, current version 365.0.0) /usr/local/berkeley-db/lib/libdb-4.3.dylib (compatibility version 0.0.0, current version 0.0.0) /usr/local/ssl/lib/libssl.0.9.7.dylib (compatibility version 0.9.0, current version 0.9.7) /usr/local/ssl/lib/libcrypto.0.9.7.dylib (compatibility version 0.9.0, current version 0.9.7) /System/Library/Frameworks/Kerberos.framework/Versions/A/Kerberos (compatibility version 5.0.0, current version 5.0.0) /usr/lib/libmx.A.dylib (compatibility version 1.0.0, current version 92.0.0) /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 88.0.0) BUT, if configured w/: ... --enable-sieve ... 'make all' fails (in ./SIEVE/) with: gcc -c -I.. -I./../lib -I/usr/include -I/usr/local/berkeley-db/include -I/usr/local/berkeley-db/include -I/usr/local/cyrus-sasl/include -I/usr/local/ssl/include -I/usr/local/cyrus-sasl//include -DHAVE_CONFIG_H -g -O2 \ tree.c bison -y -d -p addr ./addr.y make[1]: *** [addr.c] Bus error make: *** [all] Error 1 i found nothing on Bugzilla ... thoughts? can provide a crash dump, of course ... richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
fyi: bison-related bus errors on cyrus-imapd build need bison update to v2.0a
hi all, fwiw ... bldg unpatched Cyrus-IMAPd-cvs (6/20/05 01:00:00) w/ Cyrus-SASL v2.1.22 on OSX 10.4.1, if configured w/: ... --disable-sieve ... install is successful. BUT, if configured w/: ... --enable-sieve ... 'make all' fails (in ./SIEVE/) with: gcc -c -I.. -I./../lib -I/usr/include -I/usr/local/berkeley-db/include -I/usr/local/berkeley-db/include -I/usr/local/cyrus-sasl/include -I/usr/local/ssl/include -I/usr/local/cyrus-sasl//include -DHAVE_CONFIG_H -g -O2 \ tree.c bison -y -d -p addr ./addr.y make[1]: *** [addr.c] Bus error make: *** [all] Error 1 this is, apparently, a bison (on Mac?) issue. Apple ships: % /usr/bin/bison --version GNU Bison version 1.28 which is so old as to cause grief for a bunch of other apps; the answer (4 me, 2 date) has been to use/build: % /usr/local/bin/bison --version bison (GNU Bison) 1.875 (released Jan 01 2003) which, under Tiger (at least), causes this cyrus-imapd-build bus error. a bison 'make check' shows all sorts of test failures ... a thread here: http://lists.gnu.org/archive/html/bug-bison/2005-03/msg00060.html suggests the resolution is the 'new' bison: wget ftp://alpha.gnu.org/gnu/bison/bison-2.0a.tar.gz using the resultant: % /usr/local/bin/bison --version bison (GNU Bison) 2.0a (released May 23 2005) cyrus-imap builds/installs without error hth! richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
imapopts.h:191: error: array type has incomplete element type (take 2)
hi, building cyrus-imapd-2.2.12 on a 'fresh' OSX 10.4.1 dev box ... after config, 'make all' dies with: % make all ### Making all in /usr/ports/cyrus/cyrus-imapd-2.2.12/man creating imapd.conf.5 ./../tools/config2man ./../lib/imapoptions ./imapd.conf.5 ### Making all in /usr/ports/cyrus/cyrus-imapd-2.2.12/lib ./../tools/config2header CC=gcc ./imapopts.c ./imapopts.h ./imapoptions gcc -c -I.. -I/usr/local//berkeley-db/include -I/usr/local//berkeley-db/include -I/Library/Frameworks/SASL2.framework/Headers -I/usr/local/ssl/include -I/usr/include -I/usr/local//cyrus-sasl/include -DHAVE_CONFIG_H -g -O2 \ libconfig.c In file included from libconfig.h:47, from libconfig.c:57: imapopts.h:191: error: array type has incomplete element type make[1]: *** [libconfig.o] Error 1 make: *** [all] Error 1 any suggestions? richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
imapd 2.2.12 on OSX 10.4.1 w/ perl 587: imapopts.h:191: error: array type has incomplete element type
hi all, cyrus-imapd-2.2.12 had been building ok for me on OSX 10.4.1 w/ an ext build of perl v586 ... after an update to perl v587: perl -V Summary of my perl5 (revision 5 version 8 subversion 7) configuration: Platform: osname=darwin, osvers=8.1.0, archname=darwin-thread-multi-2level uname='darwin devbox.internal.testdomain.com 8.1.0 darwin kernel version 8.1.0: tue may 10 18:16:08 pdt 2005; root:xnu-792.1.5.obj~4release_ppc power macintosh powerpc ' ... ad a successful 'configure' w/ : ./configure \ ... --with-cyrus-prefix=/usr/local/cyrus-imap/bin \ --with-service-path=/usr/local/cyrus-imap/libexec \ --with-sasl=/usr/local/cyrus-sasl \ --with-bdb \ --with-bdb-libdir=/usr/local/berkeley-db/lib \ --with-bdb-incdir=/usr/local/berkeley-db/include \ --with-openssl=/usr/local/ssl \ --with-perl=/usr/bin/perl \ --with-libwrap \ --with-auth=unix \ --disable-gssapi --without-gss_impl \ --without-krb --without-krbimpl --without-krbdes \ --enable-listext \ --enable-server \ --enable-cyradm \ --with-syslogfacility=LOCAL6 \ --without-snmp \ --enable-sieve \ --with-com_err=/usr and 'make depend', a subsequent 'make all' fails with: ### Making all in /usr/ports/cyrus/cyrus-imapd-2.2.12/man creating imapd.conf.5 ./../tools/config2man ./../lib/imapoptions ./imapd.conf.5 ### Making all in /usr/ports/cyrus/cyrus-imapd-2.2.12/lib ./../tools/config2header CC=gcc ./imapopts.c ./imapopts.h ./imapoptions gcc -c -I.. -I/usr/local/berkeley-db/include -I/usr/local/berkeley-db/include -I/Library/Frameworks/SASL2.framework/Headers -I/usr/local/ssl/include -I/usr/include -I/usr/local/cyrus-sasl/include -DHAVE_CONFIG_H -g -O2 \ libconfig.c In file included from libconfig.h:47, from libconfig.c:57: imapopts.h:191: error: array type has incomplete element type make[1]: *** [libconfig.o] Error 1 make: *** [all] Error 1 from this thread: Portability fixes for 2.2.6 (auth: Albert Chin) http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-develmsg=655 and looking at tools/config2header wherein perl is 'thick', my first guess is that the problem is config2header vs perl related ... any ideas/suggestions? thx, richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: [WORKAROUND SUCCESS] Re: et_list com-err vs imapd v2.2.12 on OSX 10.4.1
That was a summary not how it came across. fair nuf. The ultimate fix upstream is for these files to not be included dealer's choice, of course but I can't go back in time to fix 2.2.12. really wasn't asking/expecting you to ... thx for your help! cheers, richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
et_list com-err vs imapd v2.2.12 on OSX 10.4.1
derrick, fwiw, i'm seeing et_list-related errors as well, but on OSX 10.4.1 `initialize_imap_error_table_r': /usr/local/warez/cyrus-imapd-2.2.10/imap/imap_err.c:68: undefined reference to `initialize_error_table_r' libimap.a(imap_err.o)(.text+0x14):/usr/local/warez/cyrus-imapd-2.2.10/imap/i map_err.c:68: undefined reference to `initialize_error_table_r' Wild guess, the compile_et and libcom_err are not from the same source. for a cyrus-imapd-2.2.12 config as: % unsetenv CFLAGS CPPFLAGS CXX CXXFLAGS LDFLAGS LDDLFLAGS LD_PREBIND LC_ALL LANG LINGUAS % setenv LDFLAGS -bind_at_load -ldl -L/usr/local/berkeley-db/lib -ldb -F/Library/Frameworks -framework SASL2 % setenv CPPFLAGS -I/usr/local/berkeley-db/include -I/Library/Frameworks/SASL2.framework/Headers % ./configure \ --with-cyrus-user=cyradm \ --with-cyrus-group=cyradm \ --with-cyrus-prefix=/usr/local/cyrus-imap/bin \ --with-service-path=/usr/local/cyrus-imap/libexec \ --with-sasl=/usr/local/cyrus-sasl \ --with-bdb \ --with-bdb-libdir=/usr/local/berkeley-db/lib \ --with-bdb-incdir=/usr/local/berkeley-db/include \ --with-openssl=/usr/local/ssl \ --with-perl=/usr/bin/perl \ --with-libwrap \ --with-auth=unix \ --disable-gssapi --without-gss_impl \ --without-krb --without-krbimpl --without-krbdes \ --enable-listext \ --enable-server \ --enable-cyradm \ --with-syslogfacility=LOCAL6 \ --without-snmp \ --enable-sieve \ --with-com_err=/usr % make depend is OK, but a subsequent 'make all' fails @: ... ranlib libsieve.a gcc -c -I.. -I./../lib -I/usr/include -I/usr/local/DarkMatter/berkeley-db/include -I/usr/local/DarkMatter/berkeley-db/include -I/Library/Frameworks/SASL2.framework/Headers -I/usr/local/ssl/include -I/usr/local/DarkMatter/cyrus-sasl/include -DHAVE_CONFIG_H -g -O2 \ sievec.c gcc -L/usr/local/ssl/lib -L/usr/local/DarkMatter/berkeley-db/lib -bind_at_load -ldl -L/usr/local/DarkMatter/berkeley-db/lib -ldb -F/Library/Frameworks -framework SASL2 -o sievec sievec.o libsieve.a ../lib/libcyrus.a ../lib/libcyrus_min.a libsieve.a -L/usr/local/DarkMatter/cyrus-sasl/lib -lsasl2 -lfl -L/usr/local/DarkMatter/berkeley-db/lib -ldb-4.3 -lssl -lcrypto /usr/lib/libcom_err.a powerpc-apple-darwin8-gcc-4.0.0: /usr/lib/libcom_err.a: No such file or directory make[1]: *** [sievec] Error 1 make: *** [all] Error 1 note the problem here is that, as reported, there is NO /usr/lib/libcom_err.a on OSX, rather it's /usr/lib/libcom_err.dylib simply removing the: --with-com_err=/usr from the configure, 'make all' fails, not surprisingly, @: ranlib libsieve.a gcc -c -I.. -I./../lib -I/usr/local/DarkMatter/berkeley-db/include -I/usr/local/DarkMatter/berkeley-db/include -I/Library/Frameworks/SASL2.framework/Headers -I/usr/local/ssl/include -I/usr/local/DarkMatter/cyrus-sasl/include -DHAVE_CONFIG_H -g -O2 \ sievec.c gcc -L/usr/local/ssl/lib -L/usr/local/DarkMatter/berkeley-db/lib -bind_at_load -ldl -L/usr/local/DarkMatter/berkeley-db/lib -ldb -F/Library/Frameworks -framework SASL2 -o sievec sievec.o libsieve.a ../lib/libcyrus.a ../lib/libcyrus_min.a libsieve.a -L/usr/local/DarkMatter/cyrus-sasl/lib -lsasl2 -lfl -L/usr/local/DarkMatter/berkeley-db/lib -ldb-4.3 -lssl -lcrypto -lcom_err /usr/bin/ld: Undefined symbols: __et_list collect2: ld returned 1 exit status make[1]: *** [sievec] Error 1 make: *** [all] Error 1 finally, fyi: % which compile_et /usr/bin/compile_et % ls -al /usr/bin/compile_et -rwxr-xr-x 1 root wheel 9174 Mar 23 14:00 /usr/bin/compile_et % ls -al /usr/include/com_err.h -rw-r--r-- 1 root wheel 3494 Mar 23 14:06 /usr/include/com_err.h % ls -al /usr/lib/libcom_err.dylib lrwxr-xr-x 1 root wheel 54 May 10 09:40 /usr/lib/libcom_err.dylib - /System/Library/Frameworks/Kerberos.framework/Kerberos % ls -al /System/Library/Frameworks/Kerberos.framework/Kerberos lrwxr-xr-x 1 root wheel 25 May 10 09:41 /System/Library/Frameworks/Kerberos.framework/Kerberos - Versions/Current/Kerberos % ls -al /System/Library/Frameworks/Kerberos.framework/Versions/Current/Kerberos -rwxr-xr-x 1 root wheel 1759868 May 17 15:14 /System/Library/Frameworks/Kerberos.framework/Versions/Current/Kerberos although i'm not certain, i think the problem may stem from the fact that et_list is not defined in libcom_err/com_err.h, i.e.: % nm /usr/lib/libcom_err.dylib | grep et_list % (-- empty) % grep et_list /usr/include/com_err.h % (-- empty) and/or the .a vs .dylib issue, as above ... any ideas? i'm happy to provide what detail is needed/helpful ... cheers, richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: et_list com-err vs imapd v2.2.12 on OSX 10.4.1
hi derrick, thx for the reply =) On Mon, 23 May 2005, OpenMacNews wrote: -L/usr/local/berkeley-db/lib -ldb-4.3 -lssl -lcrypto /usr/lib/libcom_err.a powerpc-apple-darwin8-gcc-4.0.0: /usr/lib/libcom_err.a: No such file or directory I assume they provide /usr/lib/libcom_err.dylib. yes ... well, indirectly, anyway ... snip finally, fyi: snip % ls -al /usr/lib/libcom_err.dylib lrwxr-xr-x 1 root wheel 54 May 10 09:40 /usr/lib/libcom_err.dylib - /System/Library/Frameworks/Kerberos.framework/Kerberos % ls -al /System/Library/Frameworks/Kerberos.framework/Kerberos lrwxr-xr-x 1 root wheel 25 May 10 09:41 /System/Library/Frameworks/Kerberos.framework/Kerberos - Versions/Current/Kerberos % ls -al /System/Library/Frameworks/Kerberos.framework/Versions/Current/Kerberos -rwxr-xr-x 1 root wheel 1759868 May 17 15:14 /System/Library/Frameworks/Kerberos.framework/Versions/Current/Kerberos Edit the makefile to refer only to -lcom_err and not /usr/lib/libcom_err.a, and keep --with-com_err=/usr since: ... powerpc-apple-darwin8-gcc-4.0.0: /usr/lib/libcom_err.a: No such file or directory make[1]: *** [sievec] Error 1 make: *** [all] Error 1 i presume you specifically/just mean the SIEVE/Makefile, yes? cuz: % grep -rln libcom_err.a . ./aclocal.m4 ./autom4te.cache/output.0 ./cmulocal/afs.m4 ./cmulocal/sasl2.m4 ./config.log ./config.status ./configure ./configure.in ./doc/changes.html ./doc/text/changes ./et/com_err.texinfo ./et/Makefile ./et/Makefile.in ./imap/Makefile ./master/Makefile ./notifyd/Makefile ./SIEVE/Makefile ./timsieved/Makefile assuming (until you say otherwise) 'yes', then, after: ./configure \ ... \ --with-com_err=/usr editing: = (EDITOR) SIEVE/Makefile @49 MAKEDEPEND = makedepend IMAP_LIBS = -L/usr/local/cyrus-sasl/lib -lsasl2 -lfl -L/usr/local/berkeley-db/lib -ldb-4.3 -lssl -lcrypto --- IMAP_COM_ERR_LIBS = /usr/lib/libcom_err.a +++ IMAP_COM_ERR_LIBS = -lcom_err IMAP_LIBS = -L/usr/local/cyrus-sasl/lib -lsasl2 -lfl -L/usr/local/berkeley-db/lib -ldb-4.3 -lssl -lcrypto LIBS = libsieve.a $(IMAP_LIBS) $(IMAP_COM_ERR_LIBS) = then: % make depend % make all fails @: ... sievec.c gcc -L/usr/local/ssl/lib -L/usr/local/berkeley-db/lib -bind_at_load -ldl -L/usr/local/berkeley-db/lib -ldb -F/Library/Frameworks -framework SASL2 -o sievec sievec.o libsieve.a ../lib/libcyrus.a ../lib/libcyrus_min.a libsieve.a -L/usr/local/cyrus-sasl/lib -lsasl2 -lfl -L/usr/local/berkeley-db/lib -ldb-4.3 -lssl -lcrypto -lcom_err /usr/bin/ld: Undefined symbols: __et_list collect2: ld returned 1 exit status make[1]: *** [sievec] Error 1 make: *** [all] Error 1 which, as b4, i'd gather stems from: ... the fact that et_list is not defined in libcom_err/com_err.h, i.e.: % nm /usr/lib/libcom_err.dylib | grep et_list % (-- empty) % grep et_list /usr/include/com_err.h % (-- empty) fyi, as i'm googling to unnderstand this, and figure out what - if anything - changes re: kerberos under Tiger -- i'm finding an old thread at: http://www.stacken.kth.se/lists/heimdal-discuss/2000-10/msg00064.html which at first glance may be relevant (is Tiger's Kerberos framework an MIT or Heimdal implementation? iirc, Panther was MIT's ...). dunno if its smoke or relevant, yet ... cheers, richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: et_list com-err vs imapd v2.2.12 on OSX 10.4.1
hi again, Well, so, if you manually use compile_et from /usr/bin to compile the et file, does it emit a __et_list reference? sorry, confused. the et_file ... -- which file in the imapd distro? Otherwise, you have some other compile_et being used. Get rid of it. There can be only one ... all i've got is ... % locate compile_et /usr/bin/compile_et /usr/share/man/man1/compile_et.1 /usr/ports/cyrus/cyrus-imapd-2.2.12/et/compile_et.1 /usr/ports/cyrus/cyrus-imapd-2.2.12/et/compile_et.sh % which compile_et /usr/bin/compile_et apparently, under Panther there WAS a difference in the Kerberos framework, specifically: % ls -al /System/Library/Frameworks/Kerberos.framework/Versions/A/Support/compile_et -rwxr-xr-x 1 root wheel 9174 Jul 23 2003 /System/Library/Frameworks/Kerberos.framework/Versions/A/Support/compil e_et % ls -al /System/Library/Frameworks/Kerberos.framework/Versions/A/Support/ total 12 drwxr-xr-x 3 root wheel 102 Sep 27 2003 . drwxr-xr-x 7 root wheel 238 Feb 9 23:05 .. -rwxr-xr-x 1 root wheel 9174 Jul 23 2003 compile_et whereas, under Tiger, there seems to be no such Support-dir 'critter' in the Framework: % ls -al /System/Library/Frameworks/Kerberos.framework/Versions/A/Support/ total 1720 drwxr-xr-x 5 root wheel 170 May 17 15:15 . drwxr-xr-x 4 root wheel 136 Mar 27 20:08 .. drwxr-xr-x 21 root wheel 714 May 13 16:52 Headers -rwxr-xr-x 1 root wheel 1759868 May 17 15:14 Kerberos drwxr-xr-x 6 root wheel 204 Mar 27 20:09 Resources finding, rather, only: -rwxr-xr-x 1 root wheel 9174 Mar 23 14:00 /usr/bin/compile_et richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: et_list com-err vs imapd v2.2.12 on OSX 10.4.1
hi again, Well, so, if you manually use compile_et from /usr/bin to compile the et file, does it emit a __et_list reference? Not the et_file; The et file. There are several. Ultimately you want them all, but for test purposes one will do imap/imap_err.et imap/nntp_err.et imap/mupdate_err.et ah. clear. thx. % which compile_et /usr/bin/compile_et % compile_et imap/imap_err.et Error Table imap has base -1904809472 % compile_et imap/nntp_err.et Error Table nntp has base -1567905280 % compile_et imap/mupdate_err.et Error Table mupd has base -1627742720 doesn't look like the reference you're looking for. Otherwise, you have some other compile_et being used. Get rid of it. There can be only one ... all i've got is ... % locate compile_et /usr/bin/compile_et /usr/share/man/man1/compile_et.1 /usr/ports/cyrus/cyrus-imapd-2.2.12/et/compile_et.1 /usr/ports/cyrus/cyrus-imapd-2.2.12/et/compile_et.sh And not, say, /usr/ports/cyrus/cyrus-imapd-2.2.12/et/compile_et (or wherver it's building)? nope. just the .sh man1 files: % ls -al /usr/ports/cyrus/cyrus-imapd-2.2.12/et/compile_et* -rw-r--r-- 1 17985 staff 4039 May 23 2000 /usr/ports/cyrus/cyrus-imapd-2.2.12/et/compile_et.1 -rwxr-xr-x 1 17985 staff 1953 May 23 2000 /usr/ports/cyrus/cyrus-imapd-2.2.12/et/compile_et.sh nothin' else there ... richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: et_list com-err vs imapd v2.2.12 on OSX 10.4.1
hi derrick, a bit more info/data ... well it sure seems that com_err/et_list originate from / revolve around Kerberos. so, I decided to try take Apple's Kerberos implementation out of the picture, and build my own. a build of MIT's krb5-1.4.1 (http://web.mit.edu/kerberos/www/krb5-1.4/) as: % unsetenv CFLAGS CPPFLAGS CXX CXXFLAGS LDFLAGS LDDLFLAGS LD_PREBIND EXTRA_LDFLAGS EXTRA_LIBS LC_ALL LANG LINGUAS % setenv CPPFLAGS -I/usr/local/berkeley-db/include % setenv LDFLAGS -ldl -L/usr/local/berkeley-db/lib -ldb % glibtoolize --force --copy % aclocal % autoheader % autoconf % ./configure \ --prefix=/usr/local/kerberos \ --with-tcl=/Library/Frameworks/Tcl.framework \ --with-system-db % make % make install is successful ... % cd /usr/local/kerberos/ % ls -al bin/ lib/ include/ bin/: total 4 drwxr-xr-x 3 root staff 102 May 23 19:44 . drwxr-xr-x 8 root staff 272 May 23 19:44 .. -rwxr-xr-x 1 root staff 458 May 23 19:44 compile_et include/: total 112 drwxr-xr-x 8 root staff 272 May 23 19:44 . drwxr-xr-x 8 root staff 272 May 23 19:44 .. -rw-r--r-- 1 root staff 1767 May 23 19:44 com_err.h drwxr-xr-x 2 root staff68 May 23 19:44 gssapi drwxr-xr-x 2 root staff68 May 23 19:44 gssrpc drwxr-xr-x 7 root staff 238 May 23 19:44 kerberosIV -rw-r--r-- 1 root staff 98397 May 23 19:44 krb5.h -rw-r--r-- 1 root staff 5979 May 23 19:44 profile.h lib/: total 2772 drwxr-xr-x 8 root staff 272 May 23 19:44 . drwxr-xr-x 8 root staff 272 May 23 19:44 .. -rw-r--r-- 1 root staff 29616 May 23 19:44 libcom_err.a -rw-r--r-- 1 root staff 34984 May 23 19:44 libdes425.a -rw-r--r-- 1 root staff 441376 May 23 19:44 libk5crypto.a -rw-r--r-- 1 root staff 356944 May 23 19:44 libkrb4.a -rw-r--r-- 1 root staff 1940720 May 23 19:44 libkrb5.a -rw-r--r-- 1 root staff 21864 May 23 19:44 libkrb5support.a now on to cyrus-imap. 1st, after a fresh DL, we still have the 'suspect': % grep et_list imap_err.c struct et_list { struct et_list *next; extern struct et_list *_et_list; static struct et_list link = { 0, 0 }; link.next = _et_list; _et_list = link; cimpoiling with MY kerberos' compile_et: % /usr/local/kerberos/bin/compile_et imap_err.et + gawk -f /usr/local/kerberos/share/et/et_h.awk outfile=imap_err.h imap_err.et + gawk -f /usr/local/kerberos/share/et/et_c.awk outfile=imap_err.c imap_err.et and checking, % grep et_list imap_err.c % (-- still EMPTY) hmmm . building: % cd /usr/ports/cyrus/cyrus-imapd-2.2.12 % setenv PATH /usr/local/kerberos/bin:$PATH % which compile_et /usr/local/kerberos/bin/compile_et ./configure \ ... (as b4) ... --with-com_err=/usr/local/kerberos NOTE: my kerberos' libcom_err.a is .a, NOT .dylib, so we'll NOT mod the SIEVE/Makefile ... subsequent: % make depend % make all _still_ fails at: gcc -L/usr/local/ssl/lib -L/usr/local/berkeley-db/lib -bind_at_load -ldl -L/usr/local/kerberos/lib -lcom_err -L/usr/local/berkeley-db/lib -ldb -F/Library/Frameworks -framework SASL2 -o sievec sievec.o libsieve.a ../lib/libcyrus.a ../lib/libcyrus_min.a libsieve.a -L/usr/local/cyrus-sasl/lib -lsasl2 -lfl -L/usr/local/berkeley-db/lib -ldb-4.3 -lssl -lcrypto /usr/local/kerberos/lib/libcom_err.a /usr/bin/ld: Undefined symbols: __et_list collect2: ld returned 1 exit status make[1]: *** [sievec] Error 1 make: *** [all] Error 1 so, i'm not conviced that this is a Apple-specific issue ... argh. next ideas? cheers, richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: [WORKAROUND SUCCESS] Re: et_list com-err vs imapd v2.2.12 on OSX 10.4.1
they come with the release distro: Fine, so just remove them, let them be regenerated, and move on with life. huh? you asked, i answered ... and shared with you the results of making 'it' work on OSX 10.4.1. i've been trying to be helpful ... why the sudden attitude change? richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
[WORKAROUND SUCCESS] Re: et_list com-err vs imapd v2.2.12 on OSX 10.4.1
hi derrick, well it sure seems that com_err/et_list originate from / revolve around Kerberos. Kerberos uses them, and they are from MIT, but there are non-Kerberos things which do. Apple provides it with/due to Kerberos. clear. 1st, after a fresh DL, we still have the 'suspect': % grep et_list imap_err.c struct et_list { How were these generated? they come with the release distro: % cd /usr/ports/temp % ls % % wget ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-imapd-2.2.12.tar.gz % gnutar zxf cyrus-imapd-2.2.12.tar.gz % cd cyrus-imapd-2.2.12/imap % ls -al imap_err* -rw-r--r-- 1 17985 staff 2394 Feb 14 09:59 imap_err.c -rw-r--r-- 1 17985 staff 4568 Oct 22 2003 imap_err.et -rw-r--r-- 1 17985 staff 3713 Feb 14 09:59 imap_err.h % grep et_list imap_err.c struct et_list { struct et_list *next; extern struct et_list *_et_list; static struct et_list link = { 0, 0 }; link.next = _et_list; _et_list = link; and checking, % grep et_list imap_err.c % (-- still EMPTY) Which is good. ok. But, did you rebuild the other et files also, or do they still have the references? And did you remake only the objects or did make regenerate the foo_err.c and foo_err.h files out from under you with the __et_list references again. fair nuf. good question, and i've honestly got too much chaos here now to guarantee what 'was' ... s, let's do it all from scratch for sanity completeness -- SEVEN THE HARD WAY! clean up: % rm -rf /usr/ports/cyrus/* % rm -rf /usr/local/cyrus-imap* % rm -rf /usr/local/perl_libs/sitelib/darwin-thread-multi-2level/Cyrus DL: % cd /usr/ports/cyrus % wget ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-imapd-2.2.12.tar.gz % gnutar zxf cyrus-imapd-2.2.12.tar.gz % cp /usr/local/share/libtool/config.* /usr/ports/cyrus/cyrus-imapd-2.2.12/ % setenv WORK /usr/ports/cyrus/cyrus-imapd-2.2.12 Patches: % cd /usr/ports/cyrus % setenv DL_LOC12 http://email.uoa.gr/download/cyrus/cyrus-imapd-2.2.12; % wget $DL_LOC12/cyrus-imapd-2.2.12-autocreate-0.9.2.diff % wget $DL_LOC12/cyrus-imapd-2.2.12-autoreply-0.1-0.diff % wget $DL_LOC12/cyrus-imapd-2.2.12-autosievefolder-0.6.diff % wget $DL_LOC12/cyrus-imapd-2.2.12-deletemailbox-0.2-0.diff % wget $DL_LOC12/cyrus-imapd-2.2.12-rmquota-0.5-0.diff % cd $WORK % patch -p1 ../cyrus-imapd-2.2.12-autocreate-0.9.2.diff % patch -p1 ../cyrus-imapd-2.2.12-autoreply-0.1-0.diff % patch -p1 ../cyrus-imapd-2.2.12-autosievefolder-0.6.diff % patch -p1 ../cyrus-imapd-2.2.12-rmquota-0.5-0.diff % patch -p1 ../cyrus-imapd-2.2.12-deletemailbox-0.2-0.diff clean up an old, dusty issue (http://permalink.gmane.org/gmane.mail.imap.cyrus/16096): % perl -pi -e 's/\#include \sys\/msg.h\/ /g' imap/cvt_cyrusdb.c % perl -pi -e 's/\#include \sys\/msg.h\/ /g' imap/mboxlist.c % perl -pi -e 's/\#include \sys\/msg.h\/ /g' imap/mboxlist.c.orig % perl -pi -e 's/\#include \sys\/msg.h\/ /g' imtest/imtest.c % perl -pi -e 's/\#include \sys\/msg.h\/ /g' installsieve/installscript.c % perl -pi -e 's/\#include \sys\/msg.h\/ /g' installsieve/request.c % perl -pi -e 's/\#include \sys\/msg.h\/ /g' netnews/remotepurge.c % perl -pi -e 's/\#include \sys\/msg.h\/ /g' perl/sieve/lib/request.c set ENV: % unsetenv CFLAGS CPPFLAGS CXX CXXFLAGS LDFLAGS LDDLFLAGS LD_PREBIND LC_ALL LANG LINGUAS % setenv LDFLAGS -bind_at_load -ldl -L/usr/local/berkeley-db/lib -ldb -F/Library/Frameworks -framework SASL2 % setenv CPPFLAGS -I/usr/local/berkeley-db/include -I/Library/Frameworks/SASL2.framework/Headers % which compile_et /usr/local/kerberos/bin/compile_et configure: % ./configure \ --with-cyrus-user=cyradm \ --with-cyrus-group=cyradm \ --prefix=/usr/local/cyrus-imap \ --with-cyrus-prefix=/usr/local/cyrus-imap/bin \ --with-service-path=/usr/local/cyrus-imap/libexec \ --with-sasl=/usr/local/cyrus-sasl \ --with-bdb \ --with-bdb-libdir=/usr/local/berkeley-db/lib \ --with-bdb-incdir=/usr/local/berkeley-db/include \ --with-openssl=/usr/local/ssl \ --with-perl=/usr/bin/perl \ --with-libwrap \ --with-auth=unix \ --disable-gssapi --without-gss_impl \ --without-krb --without-krbimpl --without-krbdes \ --enable-listext \ --enable-server \ --enable-cyradm \ --with-syslogfacility=LOCAL6 \ --without-snmp \ --enable-sieve \ --with-com_err=/usr clean up the .a vs .dylib issue ... % grep -rln /usr/lib/libcom_err.a . ./imap/Makefile ./master/Makefile ./notifyd/Makefile ./SIEVE/Makefile ./timsieved/Makefile % perl -pi -e 's/\/usr\/lib\/libcom_err.a/-lcom_err/g' ./imap/Makefile % perl -pi -e
Re: cyrus-sasl-2.1.20 and db-4.3.27 problem (atleast I think its in db)
hi oliver, fwiw, sasl-2.1.20 + bdb-4.3.27 runs just great on my OSX 10.3.7 sys ... which, alas, is diff from yours. that said, i've had a similar issue b4 that may be worth mentioning here; dunno if it's your solution =) if you poke around in sasl's code, you'll note that the sasl code, walks -ldb-4.2 -ldb-4 -ldb for ID'ing DB libs ... trouble is, a fresh build of bdb 4.3.27 has *no* -ldb-4.2 (at least 4 me), so if you've got db-4.2, etc. (i.e., your OLD or DEFAULT install ...) in another dir in your default path, e.g. /usr/lib etc., the Makefile seemingly/eventually picks up THAT _default_install, hence not finding your intended install. the workaround's fairly simple ... after your DB 4.3.27 build, % cd ...berkeley-db-4.3.27/lib % ln -sf libdb-4.3.a libdb-4.2.a % ln -sf libdb-4.3.dylib libdb-4.2.dylib % ln -sf libdb-4.3.la libdb-4.2.la or, of course, the equivalent for your platform extensions ... add to that: setenv CPPFLAGS -I/usr/local/DarkMatter/berkeley-db/include ... setenv LDFLAGS -L/usr/local/DarkMatter/berkeley-db/lib -ldb ... ./configure \ ... --with-dblib=berkeley \ --with-bdb-libdir=/usr/local/DarkMatter/berkeley-db/lib \ --with-bdb-incdir=/usr/local/DarkMatter/berkeley-db/include \ ... , so far, this has done the trick for me: % otool -L libsasl2.dylib libsasl2.dylib: /usr/local/cyrus-sasl/lib/libsasl2.2.dylib (compatibility version 3.0.0, current version 3.20.0) /usr/local/berkeley-db/lib/libdb-4.3.dylib (compatibility version 0.0.0, current version 0.0.0) /usr/lib/libdl.1.dylib (compatibility version 1.0.0, current version 1.0.0) /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 71.1.1) /usr/lib/libresolv.9.dylib (compatibility version 1.0.0, current version 324.9.0) for all I know, this has been addressed in sasl-CVS, but, unfortunately, it does not build successfully for me ... so can't testify. hope this actually helps cheers, richard -- On February 4, 2005 12:08:14 PM -0500 Igor Brezac [EMAIL PROTECTED] wrote: Check config.log for more clues, however I do not think cyrus-sasl-2.1.20 build script supports berkeley 4.3.x. You need to fetch the cvs version. -Igor On Fri, 4 Feb 2005, [ISO-8859-1] Oliver Aruvli wrote: Hi, I am trying to compile cyrus-sasl-2.1.20, but during the configure I get checking db.h usability... yes checking db.h presence... yes checking for db.h... yes checking DB library to use... no configure: WARNING: Disabling SASL authentication database support - why can't it find the library? the ./configure line I use is: ./configure \ --enable-anon \ --enable-plain \ --enable-login \ --disable-krb4 \ --disable-otp \ --disable-cram \ --disable-digest \ --with-saslauthd=/var/run/saslauthd \ --with-pam=/lib/security \ --with-dblib=berkeley \ --with-bdb-libdir=/usr/local/bdb/current/lib \ --with-bdb-incdir=/usr/local/bdb/current/include \ --with-openssl=/usr/local/ssl \ --with-plugindir=/usr/local/lib/sasl2 \ --with-pgsql=/usr/local/pgsql/current \ --with-mysql=/usr/local/mysql/current This is a problem with Berkeley, right? I have compiled and installed version 4.3.27. (/usr/local/bdb/current/lib is in /etc/ld.so.conf and I have done ldconfig) atlantis:/usr/src/cyrus-sasl-2.1.20# ls -la /usr/local/bdb/current/lib/ total 5640 drwxr-xr-x 2 chaser chaser4096 Feb 4 12:29 . drwxr-xr-x 6 chaser staff 4096 Feb 4 12:29 .. -r--r--r-- 1 chaser chaser 193857 Feb 4 12:29 db.jar -rw-r--r-- 1 chaser src1132142 Feb 4 12:29 libdb-4.3.a -rw-r--r-- 1 chaser src806 Feb 4 12:27 libdb-4.3.la -rwxr-xr-x 1 chaser src 910934 Feb 4 12:27 libdb-4.3.so lrwxr-xr-x 1 chaser chaser 12 Feb 4 12:29 libdb-4.so - libdb-4.3.so -rw-r--r-- 1 chaser src1132142 Feb 4 12:29 libdb.a lrwxr-xr-x 1 chaser chaser 12 Feb 4 12:29 libdb.so - libdb-4.3.so -rw-r--r-- 1 chaser src1280498 Feb 4 12:29 libdb_java-4.3.a -rw-r--r-- 1 chaser src851 Feb 4 12:28 libdb_java-4.3.la -rwxr-xr-x 1 chaser src1070486 Feb 4 12:28 libdb_java-4.3.so lrwxr-xr-x 1 chaser chaser 17 Feb 4 12:29 libdb_java-4.3_g.so - libdb_java-4.3.so lrwxr-xr-x 1 chaser chaser 17 Feb 4 12:29 libdb_java-4.so - libdb_java-4.3.so lrwxr-xr-x 1 chaser chaser 17 Feb 4 12:29 libdb_java.so - libdb_java-4.3.so atlantis:/usr/src/cyrus-sasl-2.1.20# Seems that the libraries are there, maybe my problem is in something else, but I suspect berkeley. Any kind of help is welcome. PS. I have searched the mailing-list for the past half a year and done some googleing, but haven't found a solution. PS2. Trying to follow this howto http://howtos.linux.com/howtos/Postfix-Cyrus-Web-cyradm-HOWTO/install.shtml# CYRUS-INSTALL PS3. Running Debian testing, kernel 2.6.8 , i686 Thank You all in advance, Oliver --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info:
Re: Cyradm TLS/SSL
For some reason after I enable TSL/SSL with Cyrus IMAP, cyradm wont connect. Why is this??? http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrusmsg=17963 You can't turn plaintext off and specify PLAIN as the only SASL mechanism, because cyram doesn't support SSL/TLS (which is this only way that PLAIN or IMAP LOGIN would be allowed with your config). Either allow plaintext, or add some other mechs (ie, CRAM-MD5) to the sasl_mech_list. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
message line endings on MacOSX -- UNIX vs DOS? referred from postfix list ...
hi all, i've built cyrus-imap-2.1.20 postfix-2.2-20041221+tls-nonprod on osx 10.3.7 i'm using cyrus-imap as an external message store, and local deliveries are handled stricly via LMTP listening on an IP Domain socket ... using a text editor, i note that messages (currently sent FROM a virtual domain/account TO a virtual domain/account on the same server ...) show up in the message store where/as expected, but have DOS-style (^M) line-endings. i'd expect that messages are stored in the OS's 'native' format -- for OSX, UNIX-style. though my initial trudge thru the forums led me to believe that its' the 'job of the MTA' to convert line-endings to native format, postfix's author kindly pointed out on the postfix forum that when using LMTP delivery: In that case, Postfix delivers no mail to the mailbox, and all questions about POSTFIX MAILBOX FORMAT become completely irrelevant. which leaves me with cyrus-imap. (it's always the OTHER one ... argh!) anyway, can/does cyrus-imap store/process msgs w/ UNIX line endings? where/how do i specify such? thanks! richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: message line endings on MacOSX -- UNIX vs DOS? referred from postfix list ...
hi ken, thx for the reply =) anyway, can/does cyrus-imap store/process msgs w/ UNIX line endings? where/how do i specify such? Cyrus doesn't mangle line endings of messages in any way. It expects them to be in RFC 2822 format (CRLF) and stores them that way on disk. ok. reading ... http://www.faqs.org/rfcs/rfc2822.html. thx. i guess some of my (current) confusion stems from the fact that the same message sent from my client (Mulberry) to a cyrus imap store, and to a 'different' server (CGPro, in this case), both of which are _supposed_ to be 'standards compliant' (which i assume means/includes RFC 2822), ends up stored on disk with different line-ending formats. specifically, cyrus-imap has DOS-style, and CGPro has UNIX-style. How they are stored on disk, shouldn't really matter, because *all* access to the messages should be via one of the Cyrus supported protocols (POP3, IMAP, NNTP) or tools, not by direct access to the mail store. fair enuf. prob'ly good advice =) fwiw, the primary reason i'm looking at the line endings is that i'll eventually be writing a migration script from other message stores to cyrus ... although your comments lead me to think that i should NOT do such a task via direct file-level access/manipulation, but rather via a protocol tool, like openeing/using an imap session itself ... another reason i'm 'looking inside' is that i'm (perhaps unwisely and if/until i learn more abt cyrus's indexing capabilities ...) considering the use of a search engine (mnogosearch, in my case) on my message store, and hence, am interested in msgs' text formats ... so, all that said, and recognizing that it 'shouldn't matter', and that *cyrus* 'isn't' mangling' the line endings, am i correct in understanding, then, that it's NEITHER a postfix or cyrus issue? should i be looking to my client (Mulberry) for a solution? it just seems odd to be ending up with DOS line endings on a Mac/UNIX platform ... and that something _must_ be 'wrong'. thx again cheers, richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: message line endings on MacOSX -- UNIX vs DOS? referred frompostfix list ...
hi john, I will say that as long as you are using standards based protocols to access and inject mail into the mail store, the internal format is irrelevant.It is best to view cyrus as a black box, any custom code you write to access cyrus internals could easily be broken in the next release. yup. that's the understanding i'm coming to ... The only problem I have had with this is that sieve re-injects mail into the queue via sendmail and the sendmail interface is not defined by a standard. (but instead by the default current behavior of sendmail.)Since cyrus stores in CR/LF it injects into sendmail with CR/LF and qmail's sendmail replacement expects LF only. I suspect that qmail is the only MTA that has this problem since no one else has reported it. (BTW, if anyone is using qmail, I have a fix in place now that resolve this by patching qmail's sendmail replacement.) sieve's 'on my list', but haven't gotten round to it yet. my install is using postfix as MTA, and *it* also has a sendmail-replacement, but as I'm using only cyurus' LMTP for all local delivery, i'd THINK (hope?) that sieve will 'play nice' with imap/lmtp w/o necessarily using the sendmail clone ... but i'm guessing for now :-S The only time you would want to mess with the internal format is when you are doing something like a mailstore conversion (I know we converted from UW's IMAP server a while back using this technique), but even then you may be better of using protocol based tools to copy. the conversion is exactly what i'm considering. nonetheless, protocol-based tools may be much less headache despite being (arguably) slower thx, richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Installing cyrus-imapd-2.2.9 on MacOS X 10.3 (Panther)
hi chuck, checking build system type... configure: error: cannot guess build type; you must specify one this _should_ do the trick ... % cd /path_to_/cyrus-imapd-2.2.10 % cp /usr/share/libtool/config.* . then, remove the line: ---#include sys/msg.h from all code instances. for me, after patches, that's: imap/cvt_cyrusdb.c imap/mboxlist.c imap/mboxlist.c.orig imtest/imtest.c installsieve/installscript.c installsieve/request.c netnews/remotepurge.c perl/sieve/lib/request.c then simply ./configure (...) make depend make all make install To that end, here's my question! Has anyone successfully built cyrus-imapd for MacOS X 10.3 (Panther)? What magic did you have to do to get past the configure? Is there another version I should be trying? afaik, should work for both 2.2.9 2.2.10. the build should go relatively pain-free. the 'tough part' (well, at least for me) is getting imap, sasl your MTA to play nice together. oh, and fwiw, it's all running fine on OSX 10.3.7 =) cheers, richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
cyradm mailbox creation behaving differently if using CRAM-MD5 or DIGEST-MD5 auth
hi all, after building: cyrus-sasl-2.1.20 cyrus-imapd-2.2.10 w/ patches from http://email.uoa.gr/projects/cyrus/ cyrus-imapd-2.2.10-autocreate-0.1.diff cyrus-imapd-2.2.10-rmquota-0.1.diff cyrus-imapd-2.2.10-deletemailbox-0.1.diff cyrus-imapd-2.2.10-autosieve-0.1.diff on OSX 10.3.7, i'm finding cyradm behaves differently when using CRAM-MD5 vs DIGEST-MD5 authentication. i've created in sasldb2 an admin user (my.admin) for my canonical domain (devbox.internal.testdomain.com): % echo blahblah | saslpasswd2 -p -c -u devbox.internal.testdomain.com my.admin veifying: % sasldblistusers2 [EMAIL PROTECTED]: userPassword now, if i use cyradm with DIGEST-MD5 auth: % cyradm --auth DIGEST-MD5 --user [EMAIL PROTECTED] --server devbox.internal.testdomain.com --port 143 and attempt to create a new virutal [EMAIL PROTECTED] devbox.internal.testdomain.com cm [EMAIL PROTECTED] all is OK. devbox.internal.testdomain.com lm [EMAIL PROTECTED] (\HasNoChildren) however, if i start over, and do the same with CRAM-MD5 % cyradm --auth CRAM-MD5 --user [EMAIL PROTECTED] --server devbox.internal.testdomain.com --port 143 devbox.internal.testdomain.com cm [EMAIL PROTECTED] i get an ERROR: createmailbox: Invalid mailbox name but, if i add the canonical domain (realm?) ... devbox.internal.testdomain.com cm [EMAIL PROTECTED]@devbox.internal.testdomain.com it now works as expected: devbox.internal.testdomain.com lm [EMAIL PROTECTED] (\HasNoChildren) ## QUESTION # why the different behavior -- DIGEST-MD5 requiring the additional domain/realm? is this expected behavior, or a BUG? thx! richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus-IMAP BUG (?): 'mkimap' fails when target imapdconf has/uses @ include: hi all, on Cyrus-IMAP 2.1.20, % sudo -u adminuser mkimap works as expected in creating %ls db log msg proc ptclient socket as long as the referenced imapd.conf ============================== (EDITOR) mkimap @62 $imapdconf = shift || /etc/imapd.conf; ============================== does NOT contain an @ include directive. however, if i change imapd.conf to refer to an include file, e.g: ============================== (EDITOR) imapd.conf admins: blakers.admin lmtp_admins: darkmatter.lmtp sasl_minimum_layer: 128 @include: /var/cyrus-imap/settings/imapd-common.conf ============================== then % sudo -u adminuser mkimap returns an error: reading configure file... done Use of uninitialized value in concatenation (.) or string at (eval 1) line 55. configuring ... Use of uninitialized value in chdir at (eval 1) line 59. Use of chdir('') or chdir(undef) as chdir() is deprecated at (eval 1) line 59. Use of uninitialized value in concatenation (.) or string at (eval 1) line 59. couldn't change to at (eval 1) line 59. % if i run mkimap on an imapd.conf w/o an include, then subsequently restructure my imapd*.conf to include the references i'd like, everythine ELSE seems (so far) to not mind the include directive ... cheers, richard
hi all, in Cyrus-IMAP 2.1.20 on OSX 10.3.7, % sudo -u adminuser mkimap works as expected, and without error, in creating: %ls db log msg proc ptclient socket as long as the referenced imapd.conf == (EDITOR) mkimap @62 $imapdconf = shift || /etc/imapd.conf; == does NOT contain an @ include: directive. however, if i change imapd.conf to refer to an include file, e.g: == (EDITOR) imapd.conf admins: my_admin lmtp_admins: my_admin.lmtp sasl_minimum_layer: 128 @include: /var/cyrus-imap/settings/imapd-common.conf == then % sudo -u adminuser mkimap returns an error: reading configure file... done Use of uninitialized value in concatenation (.) or string at (eval 1) line 55. configuring ... Use of uninitialized value in chdir at (eval 1) line 59. Use of chdir('') or chdir(undef) as chdir() is deprecated at (eval 1) line 59. Use of uninitialized value in concatenation (.) or string at (eval 1) line 59. couldn't change to at (eval 1) line 59. % fwiw, if i run mkimap on an imapd.conf w/o an include, then subsequently restructure my imapd*.conf(s) to include the references i'd like, everything ELSE seems (so far) to not mind the include directive ... cheers, richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
lmtp auth log complains abt mysql digest-md5 -- *but* i'm not using either ?!
hi all, i've cyrus-sasl + cyrus-imap + postfix configured for virtual domain support, using a cyrus mailstore. telnet, cyradm, imtests client (Mulberry) 'tests' of imap are all OK. i've config'd postfix to hand off local delivery to an lmtp IP Domain socket. when i send a message from a virtual domain/account to itself, the message leaves but never appears. my auth log shows: Dec 29 17:37:16 devbox lmtp[947]: SQL engine 'mysql' not supported Dec 29 17:37:16 devbox lmtp[947]: auxpropfunc error no mechanism available Dec 29 17:37:16 devbox lmtp[947]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql Dec 29 17:37:16 devbox lmtp[947]: SQL engine 'mysql' not supported Dec 29 17:37:16 devbox lmtp[947]: auxpropfunc error no mechanism available Dec 29 17:37:16 devbox lmtp[947]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql Dec 29 17:37:16 devbox lmtp[947]: SQL engine 'mysql' not supported Dec 29 17:37:16 devbox lmtp[947]: auxpropfunc error no mechanism available Dec 29 17:37:16 devbox lmtp[947]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql Dec 29 17:37:16 devbox lmtp[947]: DIGEST-MD5 server step 1 Dec 29 17:37:16 devbox lmtp[947]: DIGEST-MD5 server step 2 Dec 29 17:37:16 devbox lmtp[947]: required parameters missing which has two 'oddities' ... (1) i've no trace of mysql on my box or anywhere in my builds. (2) my client (Mulberry) is set up for CRAM-MD5 use, *not* DIGEST-MD5 ... so i'm not sure why the DIGEST-MD5 steps are shown/invoked above. do i need to limit lmtp auth mechs somewhere? fyi, my env: i've built on OSX 10.3.7: cyrus-sasl-2.1.20 config'd: ./configure \ ... --with-pgsql \ ... --enable-login --enable-plain --enable-cram --enable-digest --enable-ntlm --enable-sql \ --disable-anon --disable-krb4 --disable-gssapi --disable-otp --disable-srp \ ... cyrus-imapd-2.2.10 w/ patches from http://email.uoa.gr/projects/cyrus/ cyrus-imapd-2.2.10-autocreate-0.1.diff cyrus-imapd-2.2.10-rmquota-0.1.diff cyrus-imapd-2.2.10-deletemailbox-0.1.diff cyrus-imapd-2.2.10-autosieve-0.1.diff postfix-2.2-20041221+tls-nonprod pointers are, as always, appreciated ... cheers, richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: old issue, again: cyradm: cannot authenticate to server with DIGEST-MD5
hi sebastian, my imapd.conf is: --- ... sasl_pwcheck_method: auxprop sasl_auxprop_plugin: sasldb allowanonymouslogin: no allowplaintext: no sasl_mech_list: PLAIN DIGEST-MD5 CRAM-MD5 sasl_auto_transition: no sasl_minimum_layer: 256 I think this line is your problem. I don't know any application that actually uses a layer for DIGEST-MD5. All the ones I've tried use it only for authentication. Try setting sasl_minimum_layer to 0. My guess is it'll work after that ... i made the suggested change: --- sasl_minimum_layer: 256 +++ sasl_minimum_layer: 0 and tried again. alas, same error log entries as before, with one minor difference -- i'm now asked for a pwd ... % cyradm --auth DIGEST-MD5 --user testuser --server mail.internal.testdomain.com --port 143 Password: cyradm: cannot authenticate to server with DIGEST-MD5 as darkmatter thx! richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
[SOLVED] Re: old issue, again: cyradm: cannot authenticate to server with DIGEST-MD5
hi, after a bunch of digging (who knew there were 238+ list messages re: this issue ... ?!), it seems that the error I was getting is _somehow_ related to (in my case) an undef'd ENV var, specifically: $PERL5LIBS the Cyrus-IMAP build installs perl modules in based on '$PERLPREFIX' '$SITEPREFIX' vars, which it picks up from PERL_MM_OPT. checking, everything _is_ installed where it should be. in my case, that dir is: /usr/local/perl_libs/sitelib/darwin-thread-multi-2level wherein i find: % ls -R Cyrus Cyrus: IMAP IMAP.pm SIEVE Cyrus/IMAP: Admin.pm IMSP.pm Shell.pm Cyrus/SIEVE: managesieve.pm if i set $PERL5LIBS to the perl modules' parent dir: % setenv PERL5LIBS /usr/local/perl_libs/sitelib/darwin-thread-multi-2level ... then, with, imapd.conf settings incl: sasl_pwcheck_method: auxprop sasl_auxprop_plugin: sasldb allowanonymouslogin: no allowplaintext: no sasl_mech_list: PLAIN DIGEST-MD5 CRAM-MD5 sasl_auto_transition: no sasl_minimum_layer: 128 sasl_maximum_layer: 1024 tls_cipher_list: ALL:!SSLv2:!aNULL:!NULL:!EXPORT:!DES:!LOW:@STRENGTH tls_require_cert: 0 tls_session_timeout: 0 i can (finally!) successfully login with cyradm: %cyradm --auth DIGEST-MD5 --user [EMAIL PROTECTED] --server mail.internal.testdomain.com --port 143 Password: mail.internal.testdomain.com version mail.internal.testdomain.com version name : Cyrus IMAPD version: v2.2.10 2004/11/23 17:52:52 vendor : Project Cyrus support-url: http://asg.web.cmu.edu/cyrus os : Darwin os-version : 7.7.0 environment: Built w/Cyrus SASL 2.1.20 Running w/Cyrus SASL 2.1.20 Built w/Sleepycat Software: Berkeley DB 4.2.52: (December 9, 2004) Running w/Sleepycat Software: Berkeley DB 4.2.52: (December 9, 2004) Built w/OpenSSL 0.9.7e 25 Oct 2004 Running w/OpenSSL 0.9.7e 25 Oct 2004 CMU Sieve 2.2 TCP Wrappers mmap = shared lock = fcntl nonblock = fcntl auth = unix idle = poll one important note ... if you set 'sasl_minimum_layer' GREATER THAN '128 (bits)', you'll get an error on login, e.g.: [SASL(-15): mechanism too weak for this user: mech DIGEST-MD5 is too weak] OTOH, @ = 128 bits, all is OK, and TLS still works as advertised/expected. the frustrating part of this is that a grep on PERL5LIB in either my cyrus-sasl or cyrus-imap src/doc trees comes back empty ... i'd love to know where this dependency comes from! hope this helps someone else! cheers, richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
old issue, again: cyradm: cannot authenticate to server with DIGEST-MD5
hi all, i'm trying to login to administer via cyradm, but am failing at: % cyradm --auth DIGEST-MD5 --user testuser --server mail.internal.testdomain.com --port 143 cyradm: cannot authenticate to server with DIGEST-MD5 as testuser with logs = Dec 19 23:00:21 master[1611]: process 1618 exited, status 0 Dec 19 23:00:34 master[1622]: about to exec /usr/local/cyrus-imap/libexec/imapd Dec 19 23:00:34 imap[1622]: executed Dec 19 23:00:34 imap[1622]: accepted connection details follow here: i've successfully created the admin user: % echo test | saslpasswd2 -p -c -u mail.internal.testdomain.com testuser ;\ % sasldblistusers2 [EMAIL PROTECTED]: userPassword my imapd.conf is: --- admins: testuser virtdomains: yes postmaster: postmaster defaultdomain: mail.internal.testdomain.com servername: mail.internal.testdomain.com configdirectory:/var/mail/imap defaultpartition: default partition-default: /var/mail/mailstore sievedir: /var/mail/sieve/ sendmail: /usr/local/postfix/sbin/sendmail loginrealms: localhost mail.internal.testdomain.com sasl_pwcheck_method: auxprop sasl_auxprop_plugin: sasldb allowanonymouslogin: no allowplaintext: no sasl_mech_list: PLAIN DIGEST-MD5 CRAM-MD5 sasl_auto_transition: no sasl_minimum_layer: 256 sasl_maximum_layer: 1024 ## ## TLS config tls_ca_file:/var/security/my_CA_cert.pem tls_cert_file: /var/security/testdomain.pem tls_key_file: /var/security/testdomain_req.pem tls_cipher_list: ALL:!SSLv2:!aNULL:!NULL:!EXPORT:!DES:!LOW:@STRENGTH tls_require_cert: 0 tls_session_timeout: 0 autocreatequota: 1 drachost: localhost dracinterval: 0 poptimeout: 10 quotawarn: 90 reject8bit: no timeout: 30 unixhierarchysep: yes altnamespace: yes sharedprefix: Shared Folders userprefix: Other Folders --- my listeners are listening: %netstat -an|grep LISTEN tcp4 0 0 127.0.0.1.143 *.* LISTEN tcp4 0 0 10.0.0.6.143 *.* LISTEN i can telnet in to port 143: % telnet localhost imap Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * OK mail.internal.testdomain.com Cyrus IMAP4 v2.2.10 server ready . logout * BYE LOGOUT received . OK Completed Connection closed by foreign host. imtest via all allowed mechs Authenticates as expected: % imtest -t -p imap -m plain -a testuser -u testuser localhost % imtest -t -p imap -m cram-md5 -a testuser -u testuser localhost % imtest -t -p imap -m digest-md5 -a testuser -u testuser localhost C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=PLAIN AUTH=PLAIN AUTH=PLAIN AUTH=DIGEST-MD5 AUTH=DIGEST-MD5 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=CRAM-MD5 AUTH=CRAM-MD5 SASL-IR LISTEXT LIST-SUBSCRIBED S: C01 OK Completed C: A01 AUTHENTICATE PLAIN/CRAM-MD5/DIGEST-MD5 ... S: A01 OK Success (tls protection) Authenticated. Security strength factor: 256 taking note of Ken Murchison's comments here: # http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrusmsg=17963 # You can't turn plaintext off and specify PLAIN as the only SASL # mechanism, because cyram doesn't support SSL/TLS (which is this only way # that PLAIN or IMAP LOGIN would be allowed with your config). Either # allow plaintext, or add some other mechs (ie, CRAM-MD5) to the # sasl_mech_list. and trying: % cyradm --auth DIGEST-MD5 --user testuser --server mail.internal.testdomain.com --port 143 results only in: cyradm: cannot authenticate to server with DIGEST-MD5 as testuser and the following in my cyrus-imap log: Dec 19 23:00:21 master[1611]: process 1618 exited, status 0 Dec 19 23:00:34 master[1622]: about to exec /usr/local/cyrus-imap/libexec/imapd Dec 19 23:00:34 imap[1622]: executed Dec 19 23:00:34 imap[1622]: accepted connection i _thought_ i'd found-n-followed the prior threads on this issue, making the appropriate changes in imapd.conf, etc. clearly, i've missed something ... any suggestions? i'm stumped for the moment =^| thanks! richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info:
Re: Compile fix for DB 4.3.x (Re: `DB_VERB_CHKPOINT' (deprecated) error in CyrusIMAP build with new BerkeleyDB4.3.21)
hi oliver, But do be warned that YOU are going to be the guinea pig on how Cyrus works with DB 4.3. So far it seems fine on _my_ test-system... the BDB build/install went perfectly for me, but i was having lots of 'odd' behaviors with BDB 4.3.x in a number of dependent apps ... incl. cyrus. too many other issues for now to add BDB to the mix. i'll revisit in awhile ... richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
IMSP-CVS-head installing in 'wrong' dir
hi all, i've cyrus-sasl-2.1.20 cyrus-imap-2.2.8 on OSX 10.3.6 as per http://www.mail-archive.com/info-cyrus@lists.andrew.cmu.edu/msg10980.html, the IMSP 1.7b release is not compatible w/ SASL2, so i've DL'd today's CVS-head. configure w/ aclocal -I cmulocal autoheader autoconf ./configure \ --prefix=/usr/local/cyrus-imsp \ --with-sasldir=/usr/local/cyrus-sasl/lib \ --disable-gssapi \ --with-lock=flock \ --with-auth=unix and subsequent 'make' 'make install' complete w/o errors. but 'make install' installs in /cyrus/usr/cyrus/bin/imspd, rather than the spec'd cmd-line prefix. clearly, it's being overridden ... in Makefile: install:: - mkdir ${DESTDIR}/cyrus - mkdir ${DESTDIR}/cyrus/usr - mkdir ${DESTDIR}/cyrus/usr/cyrus - mkdir ${DESTDIR}/cyrus/usr/cyrus/bin @for d in $(SUBDIRS); \ do \ (cd $$d; echo ### Making install in `pwd`; \ $(MAKE) $(MFLAGS) DESTDIR=$(DESTDIR) install ; \ echo ### Done with `pwd`);\ done ### ## QUESTION where/how best to get the install to honor my location spec'n? is there another cmd-line param that i need to set, or sumthin' , or should i just hack the Makefile? thx, richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
can IMSP auth via auxprop? or just sasldb?
hi all, i'm unable to auth PLAIN under TLS layer to my IMSP server via auxprop. is it even posssible? details of what i've found follow below. pointers/clarifiation much appreciated! thx, richard = i've cyrus-imap-2.2.8 cyrus-sasl-2.1.20 postfix-2.2-20041023-tls on OSX 10.3.6 i've setup imap to use: sasl_pwcheck_method: auxprop sasl_auxprop_plugin: sql and config'd for authentication smtp _only_ under a TLS layer. everything is working as expected. now, i'd like to add IMSP to the equation. since i'm using SASL2 plugins, imsp v1.7b is a no-go, so i've DL'd built cyrus-imspd-CVS IIUC, imspd *can* authenticate via PLAINTEXT Kerberos, and if HAVE_SSL is defined, operation under a TLS layer is turned on. as my target is PLAINTEXT auth over TLS -- just like my imap setup, this seems the right direction ... but, it seems AUTH is only supported via sasldb, NOT auxprop+sql. am i correct here? i've found no info (yet) re: use of auxprop-based auth with IMSP ... 'blindly' trying additions to the imsp/options file to mirror my imap/sasl config, such as: imsp.sasl.pwcheck_method N auxprop imsp.sasl.mech_list N (plain) imsp.sasl.auxprop_plugin sql imsp.sasl.sql_hostnames N localhost imsp.sasl.sql_database N mail imsp.sasl.sql_user N mail imsp.sasl.sql_passwd N # imsp.sasl.sql_statement N select password from accountuser where username='[EMAIL PROTECTED]' or (username='%u' and domain_name='') does no obvious good, and my syslog still shows: imsp[23498]: sql_select option missing imsp[23498]: auxpropfunc error no mechanism available imsp[23498]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql imsp[23498]: sql_select option missing imsp[23498]: auxpropfunc error no mechanism available imsp[23498]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql imsp[23498]: sql_select option missing imsp[23498]: auxpropfunc error no mechanism available imsp[23498]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql imsp[23498]: imspd: start nonetheless, imspd *does* launch. if, foru yucks, i 'imtest' to it: % imtest -p imsp -m PLAIN -t testserver.internal.testdomain.com with plaintext disabled imsp.sasl.allowplaintext N - i get a message that TLS is *not* supported. S: * OK Cyrus IMSP version 1.7b ready C: C01 CAPABILITY S: * CAPABILITY AUTH=SRP AUTH=SRP AUTH=SRP AUTH=OTP AUTH=OTP AUTH=OTP AUTH=NTLM AUTH=NTLM AUTH=NTLM AUTH=DIGEST-MD5 AUTH=DIGEST-MD5 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=CRAM-MD5 AUTH=CRAM-MD5 LITERAL+ S: C01 OK capability completed failure: STARTTLS not supported by the server! note: as expected, no PLAIN auth is advertised. on the other hand, 'imtest' with plaintext ENabled imsp.sasl.allowplaintext N + results in: kernel: at_obdev_KUC: registerTaskRule: call of newTaskEntry: FATAL ! MALLOC FAILEDat_obdev_KUC: kernel: newTaskEntry: attempt to create task with NULL path NOT good. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: is TLS/SSL selection/connection ONLY via port 993?
hi henrique! On Mon, 15 Nov 2004, OpenMacNews wrote: SERVICES { # imap cmd=imapd listen=imap prefork=0 imaps cmd=imapd -s listen=imaps prefork=0 That's not what you want. snip aha. nice clear again. thx! but, why is imapd -s is for IMAP connections that are externally wrapped by SSL -- considered BAD? TLS starts with plaintext, and goes to encryption early (before any sensitive information is exchanged, but *after* important stuff that could be useful to select encryption/authentication keys like the server name is exchanged). the 'starts with plaintext' explains why the UNencrypted 'imap' port (vs 'imaps') is used for the TLS connection. i presume, then, that SSLvX *starts* encrypted ... hence the port 993. true? BTW add this to imapd.conf: tls_cipher_list: ALL:!ADH:!NULL:!EXPORT:!DES:!LOW:@STRENGTH That will disable all weak ciphers, and leave you with medium grade and high grade ciphers. Try openssl cipher -v 'what you have in tls_cipher_list' to see what you get. If you can get away with it, remove SSLv2 (add !SSLv2 after ALL:) too. man ciphers (openssl ciphers) to see how this works. i actually had: tls_cipher_list: TLSv1:SSLv3:!NULL:!EXPORT:!DES:!LOW:@STRENGTH i _thought_ the !ADH is there by default ... and i see no reason NOT to explicitly include (ALL) the high/med grade ciphers. ok. fair enuf! And try to have both sides of the connection authenticated (require client certificates with a certification path known to the server). i already have, setting up my own local CA ... i've just removed the step from the equation for now while i step-by-step the testing/configuration ... cheers, richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: is TLS/SSL selection/connection ONLY via port 993?
hi again, but, why is imapd -s is for IMAP connections that are externally wrapped by SSL -- considered BAD? Because TLS allows one to select which certificate to present, and SSL doesn't. aha. SSLv2 should not be used at all if you can help it gone. i presume, then, that SSLvX *starts* encrypted ... hence the port 993. true? Yes. it's actually starting to make sense =) BTW add this to imapd.conf: tls_cipher_list: ALL:!ADH:!NULL:!EXPORT:!DES:!LOW:@STRENGTH Actually, ALL:!aNULL:!NULL:!EXPORT:!DES:!LOW:@STRENGTH is even better; I did some extra reading. tls_cipher_list: TLSv1:SSLv3:!NULL:!EXPORT:!DES:!LOW:@STRENGTH i _thought_ the !ADH is there by default ... and i see no reason NOT to explicitly include (ALL) the high/med grade ciphers. It is not. TLSv1 will include it... so you need either !ADH or !aNULL (the later is better). Try openssl ciphers -v, and you'll see. got it. cryptic, but with a little staring ... clear. thx! it's working perfectly now ... on to the next step. best, richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
is TLS/SSL selection/connection ONLY via port 993?
hi all, on a MacOSX 10.3.6 sys with: cyrus-imap 2.2.8 cyrus-sasl 2.1.20 i've a canoncial server: testserver.internal.testdomain.com and a virtual domain: mail2.internal.testdomain.com i'm currently auth'ing PLAINTEXT via auxprop+sql (MySQL 4.1.7) i've setup cyrus.conf to LISTEN *only* on the imaps svc (port 993) ... SERVICES { # imap cmd=imapd listen=imap prefork=0 imaps cmd=imapd -s listen=imaps prefork=0 ... and, imapd.conf to include: ... sasl_mech_list: PLAIN LOGIN sasl_password_format: crypt sasl_minimum_layer: 0 sasl_maximum_layer: 1024 ... tls_cipher_list: TLSv1:SSLv3:!NULL:!EXPORT:!DES:!LOW:@STRENGTH tls_require_cert: 0 tls_session_timeout: 60 ... using my imap client (mulberry), i can successfully login to an account, 'testuser' in the virtual domain, with server == mail2.internal.testdomain.com:993 and security == SSLv3. however, if i instead login to with server == mail2.internal.testdomain.com:993 and security == STARTTLS-TLSv1, no connection occurs, and the attempt times out after the tls_session_timeout (60 seconds). if i then drop back to listen ONLY on imap service, i.e. cyrus.conf: ... SERVICES { imap cmd=imapd listen=imap prefork=0 # imaps cmd=imapd -s listen=imaps prefork=0 ... i can successfully make connections to port server:143 with security == NO SECURITY !!or!! security == STARTTLS-TLSv1 !!or!! security == SSLv3. i.e., TLS negotiated sessions are occuring over to port 143 -- the 'wrong' port. bottom line: client to server:143, security = NO SECURITY -- OK (right) client to server:143, security = SSLv3, STARTTLS-TLSv1 -- OK (wrong) client to server:993, security = NO SECURITY -- NO CONNECTION (right) client to server:993, security = SSLv3 -- OK (right) client to server:993, security = STARTTLS-TLSv1-- NO CONNECTION (wrong) # ## QUESTION i don't think this is right, is it? aren't TLS SSL sessions ONLY supposed to connect to port 993, and sessions with no-security ONLY to port 143? or, have i misunderstood how this is supposed to operate? threads here: http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrusmsg=19483 http://www.mail-archive.com/info-cyrus@lists.andrew.cmu.edu/msg02411.html have me suspecting this may be the client ... thanks, richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
resolving SASL vs. crypt'd pwds in MySQL, auxprop vs pam_mysql, support for secret-based auth mechs [x-posted]
hi all, yes, i know 'ugh'. i've spent seemingly countless hours googling around in circles -- well actually, in dozens of disjointed threads -- and getting oft conflicting answers/instructions from contributing authors. thanks for all the coments/help, tho! (you know who you are ...) it was suggested that i repost the Q to the lists ... so, to limit the bouncing around again, please bear with me on cross-posting this to: Cyrus SASL List [EMAIL PROTECTED] Cyrus INFO List [EMAIL PROTECTED] Web-Cyradm List [EMAIL PROTECTED] this *should* (i hope) reopen a stagnant thread or two ... to the details: my target (on OSX 10.3.6) is: postfix (2.1.15) cyrus-imap (2.2.8) cyrus-sasl (2.1.20) mysql (4.1.7) web-cyradm as a front-end setup for virtual domains/accounts only. an included goals is to enable support of all auth mechs (plain, login, gssapi, ntlm, cram-md5, digest-md5) for client connections, both with, without, SSL/TLS encryption. i've built all the pieces successfully, and am currently awash in trying to solve numerous authentication issues ... to that end, here are my QUESTION(s): (a) web-cyradm's HOWTO instructs that pam_mysql be used with SASL2 for authentication. however, i've found http://groups.google.com/groups?hl=enlr=threadm=bvvqjf%2425rh%241%40FreeBSD.csie.NCTU.edu.twrnum=2prev=/groups%3Fq%3Dpam_mysql%253A%2520MySQL%2520err%2520Access%2520denied%2520for%2520user%26hl%3Den%26lr%3D%26sa%3DN%26tab%3Dwg or if the problem is in sasl2, pam_mysql.so or mysql itself. SASL - pam_mysql SASL2 - auxprop_mysql choose either one, but do not mix them. but, i can find no further reference/documentation on the issue. # ## QUESTION does, IN FACT, the use of SASL2 preclude the use of pam_mysql? (b) as i'm migrating TO a cyrus IMAP/SASL based from commercial-ware, i'm 'used to' seeing full support for all of the multiple auth mechs i've learned that there's an 'issue' (problem?) of Cyrus' lack of native support for encrypted pwds in MySQL which prevents one from using the secret-based auth mechs via saslauthd ... there are patches around (all of? some of?) this problem: cref: http://brunny.com/content/view/12/0/ and 'authdaemond' from courier-imap seems to be an alternative: cref: http://groups.google.com/groups?hl=enlr=threadm=c3ucsu%24a12%241%40FreeBSD.csie.NCTU.edu.twrnum=21prev=/groups%3Fq%3Dsasl%2Bcyrus%2Bcrypt%2Bmysql%26hl%3Den%26lr%3D%26start%3D20%26sa%3DN but, of course, the goals is to get THIS system working, rather that 'abandoning ship'. to THAT end, for the moment, i've settled on (still working on it ... ): (1) patch to web-cyradm: http://www.shaolinux.org/web-cyradm-0.5.4.new.diff cref discussion thread @: http://www.web-cyradm.org/pipermail/web-cyradm/2004-April/017305.html cd /var/DarkMatter/WebTools (2) patch to cyrus-sasl: http://frost.ath.cx/software/cyrus-sasl-patches/ (3) modify web-cyradm install's impad.conf smtpd.conf to use sasl auxprop's sql/mysql plugin, rather than pam_mysql # ## QUESTION(s) (i) is this, IN FACT, a 'problem'/missing functionality in Cyrus? (ii) is it planned to be addressed/fixed anytime soon? (it's been implied that it requires a 'major rewrite' ...)? (iii) what specifically would need to be fixed/changed in SASL? NOTE: i've heard from the maintainers that this is 'not on the top of their priority list ... but that a discussion here might instigate a patch ... i appreciate any/all insights, direction and look forward to the discussion -- and 'closure'! cheers, richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
stumped: cyrus-imap master hanging w/ imap[506]: refused connection from ::1
hi all, i've cyrus-imap, cyrus-sasl, postfix and mysql+web-cyradm installed on OSX. logging is turned on for apache, mysql, postfix cyrus when i click on a particular link ('accounts') in web-cyradm, my CPU pegs @ 100%. here's what (little) i know (a) the following error in apache error log: PHP Notice: Undefined index: action in /var/www/WebCyrAdm/index.php on line 111, referer: http://testserver.internal.testdomain.com/webcyradm/index.php?action=editdomaindomain=virtual1.internal.testdomain.com (b) my CPU monitor rises to 100% utilization (c) my browser just 'cycles' endlessly (d) 'top', strangely, shows nothing above ~5% CPU (e) *no* errors are shown in mysql, postfix or system logs (f) on execution of the accounts link, i *do* see the following in my cyrus-imap log: imap[507]: executed imap[506]: refused connection from ::1 now, i'm not certain it's relevant, but cyrus-imap *is* compiled w/ libwrap, and /etc/hosts 127.0.0.1 localhost 255.255.255.255 broadcasthost ::1 localhost 10.0.0.6testserver.internal.testdomain.com and, /etc/hosts.allow ALL: ::1 127.0.0.1 172.30.11.0/255.255.255.248 (g) in order to reclaim CPU, i have to 'kill -9' the cyrus-imap 'master' (NOT the postfix master ...) process. originally, i thought it was killing off mysql, but it's apparently correlary? (h) some of the time -- not 100% reproducibly -- killing off the master process causes something else (dunno yet) to die off as well, such that none of my console processes respond ... e.g., a simple 'ls' does simply nothing. hard reboot is then required. this looks like an issue with an attempted/failed connection to the cyrus imapd socket invoked by clicking on the web-cyradm accounts link ... but that's as far as i've drilled down. this seems to be a many-body problem specific to the combination of webcyradm, postfix and/or cyrus-imap -- as exim + vexim + cyrus-imap were fine w/ *no* socket issues that i noticed. any ideas where the problem *starts*? richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
[REOLVED, BUT STILL KINDA STUMPED] Re: stumped: cyrus-imap master hanging w/ imap[506]: refused connection from ::1
On Sun, 07 Nov 2004, OpenMacNews wrote: i've cyrus-imap, cyrus-sasl, postfix and mysql+web-cyradm installed on OSX. Versions, please! oops ... sorry cyrus-imap 2.2.8 cyrus-sasl 2.1.19 postfix 2.1.15 mysql 4.1.7 osx 10.3.6 imap[507]: executed imap[506]: refused connection from ::1 This is libwrap doing something [in]sane. /etc/hosts.allow ALL: ::1 127.0.0.1 172.30.11.0/255.255.255.248 any ideas where the problem *starts*? Broken IPv6 support on libwrap and others... bingo (-ish). afaik, ipv6 is *supposed* to be reliable on OSX, but who knows .. completely randomly, i added 'localhost' to the /etc/hosts.allow --- ALL: ::1 127.0.0.1 172.30.11.0/255.255.255.248 +++ ALL: ::1 127.0.0.1 172.30.11.0/255.255.255.248 localhost and, for some %^$ reason, it now works; well at least the Broken Pipe error has disappeared. why '::1' or '127.0.0.1' doesn't do it, and 'localhost' does, i dunno ... now, i've to contend with: % cyradm -u postmaster localhost cyradm: cannot authenticate to server i *think* this is a sasl2 plugin issue ... off to the races! thanks! richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
any web-cyradm users? unable to create/edit accounts + killing MySQL
hi all, i've already posted a question abt this on the web-cyradm list; i'm hoping to broaden the exposure for some wisdom/insight from any other web-cyradm users lurking abt *here*. so, to the details -- for reference, i've installed the following on osx 10.3.5: mysql 4.1.7 php 5.0.2 apache 2.0.52 cyrus-imapd-2.2.8 cyrus-sasl-2.1.19 postfix-2.1.5 having followed Luc Delouw's Postfix-Cyrus-Web-cyradm-HOWTO, i'm able to successfully login to web-cyradm, and create domains. however, the 'next step' of clicking on any of the available 'accounts' links, whether or not having selected a domain (via, e.g., Edit Domain) first results in a PHP Notice: PHP Notice: Undefined index: action in /var/www/WebCyrAdm/index.php on line 111, referer: http://testserver.internal.testdomain.com/webcyradm/index.php?action=editdomaindomain=virtual1.internal.testdomain.com unfortunately, this action also results in MySQL suddenly grabbing 100% cpu w/ no immediately obvious error fired off ... nothing in any logs i can find. my only recovery is to kill/restart MySQL. looking in index.php, one finds: 109:# For password related stuff we also need to allow POST vars for some actions 110: 111:else if (in_array($_POST['action'], array('change_password', 'newaccount', 'newadminuser', 'editadminuser'))){ 112:include sprintf('%s/%s.php', WC_BASE, $_POST['action']); noting that this is the code's first $_POST instance ... this recalled a familiar problem with the use of register_globals; but i thought the use of Superglobals via $_POST $_GET was the SOLUTION ... i also took a naive stab at turning register_globals on in php.ini -- no dice. i've been spinnin' my wheels on this one. nothing i've found on the web *as yet* has solved the issue, and i'm a bit stymied as to why this apparently is working for others ... thoughts? suggestions? thanks! richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
is this a 'realm' or query issue? imtest PLAIN auth works, but LOGIN auth fails
hi all, i've setup Exim(4.43), Cyrus-IMAP(2.1.19) Cyrus-SASL(2.2.8) for use with VExim -- i.e. MySQL(4.1.7) usage/mgmt of virtual domains. replies from the folks on the vexim list suggest that i might be better off with this issue here ... after setup, with saslauthd's -r option set (sasldauth -r -a pam) so as to correcly handle users with @ signs, i can validate PLAIN auth: % imtest -p imap -m PLAIN -t -a [EMAIL PROTECTED] tiedgar Authenticated. where syslog shows: saslauthd[2391]: SELECT crypt FROM users WHERE username='siteadmin' so far, so good. but, LOGIN auth fails with: % imtest -p imap -m LOGIN -t -a [EMAIL PROTECTED] tiedgar S: L01 NO Login failed: authentication failure Authentication failed. generic failure where snips from syslog.log show: saslauthd[2232]: pam_mysql: where clause = saslauthd[2232]: SELECT crypt FROM users WHERE username='[EMAIL PROTECTED]' saslauthd[2232]: pam_mysql: select returned more than one result saslauthd[2232]: returning 7 after db_checkpasswd. saslauthd[2232]: DEBUG: auth_pam: pam_authenticate failed: Permission denied saslauthd[2232]: do_auth : auth failure: [EMAIL PROTECTED] [service=imap] [realm=internal.testserver.com] [mech=pam] [reason=PAM auth error] imap[2294]: badlogin: testserver.internal.testserver.com [10.0.0.6] plaintext siteadmin SASL(-13): authentication failure: checkpass failed now, after a little digging, i've learned that: When there is no record match in mysql table, pam-mysql returned error select returned more than one result a miss-leading message. cref: http://groups.google.com/groups?hl=enlr=threadm=ckt0af%24273h%241%40news.hgc.com.hkrnum=1prev=/groups%3Fq%3Dpam_mysql:%2Bselect%2Breturned%2Bmore%2Bthan%2Bone%2Bresult%26hl%3Den%26lr%3D%26sa%3DN%26scoring%3Dd which makes sense, since the query on '[EMAIL PROTECTED]' WILL return an empty result as there's no such user ... rather the user is '[EMAIL PROTECTED]'. clearly, there's an issue w/ the SELECT statement's username ... but i dunno where it's contructed/pluued-from. in the first case (PLAIN auth) there's only a localpart, in the 2nd case (LOGIN auth) there a localpart + fqdn, but the WRONG fqdn. is the answer in the Exim authenticators? from my exim.conf: plain_login: driver = plaintext public_name = PLAIN server_condition = ${lookup mysql{SELECT '1' FROM users WHERE \ username = '${quote_mysql:$2}' AND \ clear = '${quote_mysql:$3}'} {yes}{no}} server_set_id = $2 fixed_login: driver = plaintext public_name = LOGIN server_prompts = Username:: : Password:: server_condition = ${lookup mysql{SELECT '1' FROM users WHERE \ username = '${quote_mysql:$1}' AND \ clear = '${quote_mysql:$2}'} {yes}{no}} server_set_id = $1 fyi, both auth mechs (PLAIN LOGIN) ARE set in imapd.conf, and the releveant libs DO exist in the sasl2 plug-in lib. ideas/suggestions? thanks, richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
[BINGO! ... IT'S A BUG] Re: imtest fails w/ Authentication failed. no mechanism available
hi earl, -- On Tuesday, November 2, 2004 8:17 AM -0500 Earl R Shannon [EMAIL PROTECTED] wrote: I see the PLAIN mech being advertised by the server. I'd check and make sure the SASL libraries can be found by the imtest client. Regards, Earl Shannon well, I'll be ... I thought I'd proactively fixed this !? i'll share what i've found. BOTTOM LINE: i think (?) there's a bug that needs to be fixed ... or at least behavior that needs to be better clarified. on my system (OSX 10.3.5), cyrus-sasl-2.1.19 has been built/installed in cd /usr/local/cyrus-sasl (the OSX SASL2.framework still gets installed in /Library/Frameworks ... i'll worry abt this later) with (among other settings): ./configure \ --prefix=/usr/local/cyrus-sasl \ --with-plugindir=/usr/local/cyrus-sasl/lib/sasl2 \ ... --with-openssl=/usr/local/ssl \ ... --with-dblib=berkeley \ --with-bdb-libdir=/usr/lib \ --with-bdb-incdir=/usr/include \ ... of course, per numerous messages on the board, in building cyrus-imap you've got to make sure to pick up the right sasl2 libs ... NOT the OSX 'native' installs in /usr. to that end, i SPECIFICALLY built cyrus-imapd-2.2.8 with: setenv LDFLAGS -L/usr/local/cyrus-sasl/lib -lsasl2 setenv CPPFLAGS -I/usr/local/cyrus-sasl/include/sasl and --with-sasl=/usr/local/cyrus-sasl \ as: ./configure \ --prefix=/usr/local/cyrus-imap \ --with-cyrus-prefix=/usr/local/cyrus-imap/bin \ --with-service-path=/usr/local/cyrus-imap/libexec \ --with-sasl=/usr/local/cyrus-sasl \ --with-snmp=/usr/local/net-snmp \ --with-auth=unix \ --enable-listext \ --with-bdb \ --with-bdb-libdir=/usr/lib \ --with-bdb-incdir=/usr/include \ --with-openssl=/usr/local/ssl \ --with-syslogfacility=LOCAL6 \ --with-perl=/usr/bin/perl \ --with-libwrap \ --enable-sieve \ --enable-server \ --disable-gssapi \ --with-syslogfacility=LOCAL6 then make depend make all changing # this is another issue for later ... -- (EDITOR) perl/imap/Makefile perl/sieve/managesieve/Makefile --- PERLPREFIX = $(PREFIX) +++ PERLPREFIX = / -- followed by make install all was (so i thought) OK. per your mail message, tho i checked AGAIN: otool -L /usr/local/cyrus-imap/bin/imtest to find: Load command 5 cmd LC_LOAD_DYLIB cmdsize 56 name /usr/lib/libsasl2.2.0.1.dylib (offset 24) STILL linked against the wrong library! some digging finds multiple ocurrences of: EXTRALIBS = -L/usr/lib -ldb-4.2 -L/usr/local/cyrus-sasl/lib -lsasl2 -L/usr/local/ssl/lib -L/usr/local/ssl/lib -lssl -lcrypto and LDLOADLIBS = -L/usr/lib -ldb-4.2 -L/usr/local/cyrus-sasl/lib -lsasl2 -L/usr/local/ssl/lib -L/usr/local/ssl/lib -lssl -lcrypto note the -ldb-4.2 PREPENDED by -L/usr/lib! this seems to be picked up from the specification of: --with-bdb \ --with-bdb-libdir=/usr/lib \ --with-bdb-incdir=/usr/include \ in configure. if I remove the libdir/incdir lines from configure, and reconfigure with just --with-bdb \ after: make depend make all i find: EXTRALIBS = -ldb-4.2 -L/usr/local/cyrus-sasl/lib -lsasl2 -L/usr/local/ssl/lib -L/usr/local/ssl/lib -lssl -lcrypto and LDLOADLIBS = -ldb-4.2 -L/usr/local/cyrus-sasl/lib -lsasl2 -L/usr/local/ssl/lib -L/usr/local/ssl/lib -lssl -lcrypto NOTE: *NO* prepended -L/usr/lib a subsequent: make install goes smoothly, and a check of the rebuilt bin: otool -L /usr/local/cyrus-imap/bin/imtest shows what I expected the first time around: Load command 5 cmd LC_LOAD_DYLIB cmdsize 80 name /usr/local/cyrus-sasl/lib/libsasl2.2.dylib (offset 24) now linked against the SASL *I* built ... I'd suggest that the code should be mod'd to pull SASL2 from where it's told to EVEN IN THE EVENT that another lib (e.g., dbd) is being pulled from /usr. thanks for the 'thump' on the head! richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus-IMAP perl libs installing in WRONG LOCATION (via PERLPREFIX)
hi, i've installed cyrus-imapd-2.2.8 on OSX 10.3.5. OSX's perl (5.8.5) libs are installed below /System/Library/Perl/5.8.5 in the cyrus build, PERLPREFIX = $(PREFIX) ( found in 'perl/imap/Makefile' 'perl/sieve/managesieve/Makefile' *after* makde depend, make all) defines where the Cyrus Perl libs are installed however the PERLPREFIX is apparently incorrectly (?) appended to the install prefix. i.e., if left at default: PERLPREFIX = $(PREFIX) with a configure prefix of /usr/local/cyrus-imap, the libs are incorrectly installed in: % ls /usr/local/cyrus-imap/usr/local/cyrus-imap/lib/perl5/site_perl/5.8.5/darwin-thread-multi-2level/ Cyrus auto if, however i change both instances of: --- PERLPREFIX = $(PREFIX) +++ PERLPREFIX = / with a configure prefix of /usr/local/cyrus-imap, the libs are installed as: % /usr/local/cyrus-imap/lib/perl5/site_perl/5.8.5/darwin-thread-multi-2level/ Cyrus auto which is better, but STILL not where I want them to be: below /System/Library/Perl/5.8.5/... of course, changing --- PERLPREFIX = $(PREFIX) +++ PERLPREFIX = /System/Library/Perl/5.8.5/... will only result in the install of: % ls /usr/local/cyrus-imap/System/Library/Perl/5.8.5/.../lib/perl5/site_perl/5.8.5/darwin-thread-multi-2level/ Cyrus auto so, QUESTION: what/where do i need to CHANGE to get the libs properly installed? thx, richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
LOGIN PLAIN auth OK; CRAM-MD5 DIGEST-MD5 fail w/ no mechanism available: security flags do not match required
hi all, one step at a time with this business ... =) i've: Cyrus-SASL-2.1.9 Cyrus-IMAP-2.2.8 built on OSX. after verifying that my imtest etc. are actually linked to the RIGHT libsasl (previous post), i can verify LOGIN AUTH works: % imtest -t -m LOGIN -u [EMAIL PROTECTED] -a [EMAIL PROTECTED] -p imap testserver.testdomain.com S: C01 OK Completed Please enter your password: C: L01 LOGIN [EMAIL PROTECTED] {6} S: + go ahead C: omitted S: L01 OK User logged in Authenticated. Security strength factor: 256 as well as PLAIN AUTH w/ a TLS WRAPPER % imtest -t -m PLAIN -u [EMAIL PROTECTED] -a [EMAIL PROTECTED] -p imap testserver.testdomain.com S: C01 OK Completed Please enter your password: C: A01 AUTHENTICATE PLAIN c2l0ZbmNlLWdyb3VwLm5lHJlc2pbkB0aVuY2UWFkbWluQHRpZWRnYXIuaW50ZXJuYWwucmFsLnByZXNltZ3JvdXAubmV0AHNpdGVhZG1WVkZ2FyLmludGVybdABDSEFOR0U= S: A01 OK Success (tls protection) Authenticated. Security strength factor: 256 BUT, neither CRAM-MD5 nor DIGEST-MD5 seem to work: % imtest -t -m CRAM-MD5 -u [EMAIL PROTECTED] -a [EMAIL PROTECTED] -p imap testserver.testdomain.com S: C01 OK Completed C: A01 AUTHENTICATE CRAM-MD5 S: A01 NO no mechanism available Authentication failed. generic failure Security strength factor: 256 % imtest -t -m DIGEST-MD5 -u [EMAIL PROTECTED] -a [EMAIL PROTECTED] -p imap testserver.testdomain.com S: C01 OK Completed C: A01 AUTHENTICATE DIGEST-MD5 S: A01 NO no mechanism available Authentication failed. generic failure Security strength factor: 256 tailing system.log, i see: imap[892]: starttls: TLSv1 with cipher AES256-SHA (256/256 bits new) no authentication imap[893]: badlogin: testserver.testdomain.com [10.0.0.1] CRAM-MD5 [SASL(-4): no mechanism available: security flags do not match required] imap[899]: starttls: TLSv1 with cipher AES256-SHA (256/256 bits new) no authentication imap[900]: badlogin: testserver.testdomain.com [10.0.0.1] DIGEST-MD5 [SASL(-4): no mechanism available: security flags do not match required] , respectively. checking in my SASL plugin dir (/usr/local/cyrus-sasl/lib/sasl2) it looks as if all the appropriate modules are there ... i'm a mite confused as to why ONE mechanism IS available (PLAIN), and the others are not. pointers in the right direction? thx, richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
imtest fails w/ Authentication failed. no mechanism available
hi all, i've newly built/installed: exim-4.43 cyrus-imap-2.28 cyrus-sasl-2.1.19 on OSX 10.3.5 plus, i've been moving to MySQL support for vitrual domanis using VExim ... so, at this point, exim seems to run fine, responding to send-tests, etc. as expected. when testing cyrus-imap w/ TLS, however, i'm having some issues. specifically, when i: % /usr/local/cyrus-imap/bin/imtest -t -m plain -a testuser -p imap testdomain.com it fails with an Authentication failed. no mechanism available: S: * OK testserver.testdomain.com Cyrus IMAP4 v2.2.8 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE STARTTLS LISTEXT LIST-SUBSCRIBED S: C01 OK Completed C: S01 STARTTLS S: S01 OK Begin TLS negotiation now verify error:num=18:self signed certificate TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits) C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=PLAIN AUTH=PLAIN AUTH=PLAIN SASL-IR LISTEXT LIST-SUBSCRIBED S: C01 OK Completed Authentication failed. no mechanism available Security strength factor: 256 now, i'll bet i've misconfigured something ... but durned if i can find it (yet). i'm crusing the list, as well, but am not yet familiar enuf with what to even look for. fwiw, my imapd.conf is: admins: testuser postmaster: postmaster virtdomains: yes defaultdomain: testdomain.com servername: testserver.testdomain.com configdirectory: /etc/cyrus-imap/ partition-default: /var/spool/imap sievedir: /var/sieve sieve_maxscriptsize: 32 sieve_maxscripts: 5 autocreatequota: 1 reject8bit: no quotawarn: 90 timeout: 30 poptimeout: 10 dracinterval: 0 drachost: localhost sendmail: /usr/local/exim/bin/exim allowanonymouslogin: no allowplaintext: yes sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN any/all pointers/suggestions are much appreciated, richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html