Solved: [Re: Converting mbox to cyrus maildir w/ seen state preservation]
> The perms are not the problem, it is the content of the file. Double > check your ssl/tls setup. Rechecked - error still persist. > > > I made the certs by following this description: > > http://www.irbs.net/internet/info-cyrus/0207/0265.html > Instructions here seem pretty reasonable. Recreated the whole certificate - now works. I don't know, what was the error, maybe I misunderstood something at first read. Anyway, thanks a lot for the support! :-) Miham. PS: And Merry Christmas to Everyone :-) -- * *System Administrator / University Library, Szeged / Hungary* *[ [EMAIL PROTECTED] ]**
Re: Converting mbox to cyrus maildir w/ seen state preservation
On Mon, 22 Dec 2003, Miham KEREKES wrote: > > I do not know where you store your secrets, I assume sasldb? If so, > Yes. > > > sasl_pwcheck_method: auxprop > > sasl_auxprop_plugin: sasldb > > sasl_mech_list: plain > Ok. Works. Or at least: the error changed :-( > > * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS > ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT > THREAD=REFERENCES IDLE STARTTLS LISTEXT LIST-SUBSCRIBED ANNOTATEMORE > OK Completed > 0001 STARTTLS > 0001 NO Error initializing TLS > Unable to negotiate TLS with this server > 0002 LOGOUT > * BYE LOGOUT received > 0002 OK Completed > Unable to negotiate TLS with this server > > In syslog: > Dec 22 23:29:15 merope cyrus/imapd[31767]: unable to get private key from > '/etc/ssl/private/cyrus-global.key' > Dec 22 23:29:15 merope cyrus/imapd[31767]: TLS engine: cannot load cert/key data > Dec 22 23:29:15 merope cyrus/imapd[31767]: error initializing TLS > > What is mistaken? File is readable, even world-wide for sure! The perms are not the problem, it is the content of the file. Double check your ssl/tls setup. > I made the certs by following this description: > http://www.irbs.net/internet/info-cyrus/0207/0265.html > Instructions here seem pretty reasonable. -- Igor
Re: Converting mbox to cyrus maildir w/ seen state preservation
> I do not know where you store your secrets, I assume sasldb? If so, Yes. > sasl_pwcheck_method: auxprop > sasl_auxprop_plugin: sasldb > sasl_mech_list: plain Ok. Works. Or at least: the error changed :-( * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS LISTEXT LIST-SUBSCRIBED ANNOTATEMORE OK Completed 0001 STARTTLS 0001 NO Error initializing TLS Unable to negotiate TLS with this server 0002 LOGOUT * BYE LOGOUT received 0002 OK Completed Unable to negotiate TLS with this server In syslog: Dec 22 23:29:15 merope cyrus/imapd[31767]: unable to get private key from '/etc/ssl/private/cyrus-global.key' Dec 22 23:29:15 merope cyrus/imapd[31767]: TLS engine: cannot load cert/key data Dec 22 23:29:15 merope cyrus/imapd[31767]: error initializing TLS What is mistaken? File is readable, even world-wide for sure! I made the certs by following this description: http://www.irbs.net/internet/info-cyrus/0207/0265.html Miham. -- * *System Administrator / University Library, Szeged / Hungary* *[ [EMAIL PROTECTED] ]**
Re: Converting mbox to cyrus maildir w/ seen state preservation
On Mon, 22 Dec 2003, Miham KEREKES wrote: > > > >>However, I can't find anywhere in the config files where I could stop > > > >>CRAM-MD5 from being advertised. > > > >>I searched in /etc/cyrus.conf and /etc/imapd.conf, without any success. > > > >> > > > >>Any docs or help suggested? > > > > > > > > > > > > Add > > > > > > > > sasl_mech_list: plain login digest-md5 ntlm > > > LOGIN and NTLM don't support proxying either. > > For this conversion he just needs > > sasl_mech_list: plain > I've already tried that before I wrote my second letter in this thread. > > I tried it with > sasl_pwcheck_method: auxprop > AND > sasl_pwcheck_method: saslauthd > > My auxprop plugin is: > sasl_auxprop_plugin: sasldb This is not correct: I do not know where you store your secrets, I assume sasldb? If so, sasl_pwcheck_method: auxprop sasl_auxprop_plugin: sasldb sasl_mech_list: plain Check $cyrus-sasl/doc/options.html for more. -- Igor
Re: Converting mbox to cyrus maildir w/ seen state preservation
> > >>However, I can't find anywhere in the config files where I could stop > > >>CRAM-MD5 from being advertised. > > >>I searched in /etc/cyrus.conf and /etc/imapd.conf, without any success. > > >> > > >>Any docs or help suggested? > > > > > > > > > Add > > > > > > sasl_mech_list: plain login digest-md5 ntlm > > LOGIN and NTLM don't support proxying either. > For this conversion he just needs > sasl_mech_list: plain I've already tried that before I wrote my second letter in this thread. I tried it with sasl_pwcheck_method: auxprop AND sasl_pwcheck_method: saslauthd My auxprop plugin is: sasl_auxprop_plugin: sasldb None of the above worked as I expected. Any idea why? Miham. -- * *System Administrator / University Library, Szeged / Hungary* *[ [EMAIL PROTECTED] ]**
Re: Converting mbox to cyrus maildir w/ seen state preservation
On Mon, 22 Dec 2003, Ken Murchison wrote: > Igor Brezac wrote: > > > > > On Mon, 22 Dec 2003, Miham KEREKES wrote: > > > > > >>Hi, > >> > >> > I have the following capabilities: > * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS > NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND > SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=NTLM > AUTH=DIGEST-MD5 AUTH=CRAM-MD5 LISTEXT LIST-SUBSCRIBED ANNOTATEMORE > >> > >>>mailutil is picking CRAM-MD5 up which does not support proxy > >>>authentication. Stop advertising CRAM-MD5 on the cyrus side. Add /tls > >>>which will allow mailutil to use PLAIN. PLAIN is the only mech > >>>implemented by c-client which support proxy auth. > >> > >>After I've sent my previous message, I found a similar advice in > >>archive. > >>However, I can't find anywhere in the config files where I could stop > >>CRAM-MD5 from being advertised. > >>I searched in /etc/cyrus.conf and /etc/imapd.conf, without any success. > >> > >>Any docs or help suggested? > > > > > > Add > > > > sasl_mech_list: plain login digest-md5 ntlm > > LOGIN and NTLM don't support proxying either. I know. I was trying to duplicate his setup minus cram-md5. For this conversion he just needs sasl_mech_list: plain -- Igor
Re: Converting mbox to cyrus maildir w/ seen state preservation
Igor Brezac wrote: On Mon, 22 Dec 2003, Miham KEREKES wrote: Hi, I have the following capabilities: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=NTLM AUTH=DIGEST-MD5 AUTH=CRAM-MD5 LISTEXT LIST-SUBSCRIBED ANNOTATEMORE mailutil is picking CRAM-MD5 up which does not support proxy authentication. Stop advertising CRAM-MD5 on the cyrus side. Add /tls which will allow mailutil to use PLAIN. PLAIN is the only mech implemented by c-client which support proxy auth. After I've sent my previous message, I found a similar advice in archive. However, I can't find anywhere in the config files where I could stop CRAM-MD5 from being advertised. I searched in /etc/cyrus.conf and /etc/imapd.conf, without any success. Any docs or help suggested? Add sasl_mech_list: plain login digest-md5 ntlm LOGIN and NTLM don't support proxying either. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Converting mbox to cyrus maildir w/ seen state preservation
On Mon, 22 Dec 2003, Miham KEREKES wrote: > Hi, > > > > I have the following capabilities: > > > * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS > > > NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND > > > SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=NTLM > > > AUTH=DIGEST-MD5 AUTH=CRAM-MD5 LISTEXT LIST-SUBSCRIBED ANNOTATEMORE > > > mailutil is picking CRAM-MD5 up which does not support proxy > > authentication. Stop advertising CRAM-MD5 on the cyrus side. Add /tls > > which will allow mailutil to use PLAIN. PLAIN is the only mech > > implemented by c-client which support proxy auth. > After I've sent my previous message, I found a similar advice in > archive. > However, I can't find anywhere in the config files where I could stop > CRAM-MD5 from being advertised. > I searched in /etc/cyrus.conf and /etc/imapd.conf, without any success. > > Any docs or help suggested? Add sasl_mech_list: plain login digest-md5 ntlm to /etc/imapd.conf -- Igor
Re: Converting mbox to cyrus maildir w/ seen state preservation
Hi, > > I have the following capabilities: > > * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS > > NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND > > SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=NTLM > > AUTH=DIGEST-MD5 AUTH=CRAM-MD5 LISTEXT LIST-SUBSCRIBED ANNOTATEMORE > mailutil is picking CRAM-MD5 up which does not support proxy > authentication. Stop advertising CRAM-MD5 on the cyrus side. Add /tls > which will allow mailutil to use PLAIN. PLAIN is the only mech > implemented by c-client which support proxy auth. After I've sent my previous message, I found a similar advice in archive. However, I can't find anywhere in the config files where I could stop CRAM-MD5 from being advertised. I searched in /etc/cyrus.conf and /etc/imapd.conf, without any success. Any docs or help suggested? Miham. -- * *System Administrator / University Library, Szeged / Hungary* *[ [EMAIL PROTECTED] ]**
Re: Converting mbox to cyrus maildir w/ seen state preservation
On Mon, 22 Dec 2003, Miham KEREKES wrote: > Hi, > > I'm about to migrate user mailboxes from unix mbox mailbox format > to cyrus maildir. Unfortunately, users have lots of separate > mailfolders in mbox format, which i should convert, too. > > I dig into the archive, and found the mailutil utility for doing this: > mailutil append /path/to/mbox > {new.cyrus.server/user=mbox_cyrus_user/authuser=proxy_user/norsh}INBOX > and I figured out, that it is capable to creating mailboxes, too. > > I've migrated the users Inbox already successfully, but with the > difference: that time I knew the users password (I created them with a > script before), so I had no need to use the /authuser=XXX option. > Since then they've changed their password, so I don't know them. > (Yes, I forgot about their ~/mail mailboxes :-( ) > However, this time I need to use the /authuser=XXX, if I'm not mistaken. > > When I try this: > mailutil create > {cyrus.server.name.or.ip/user=targetuser/authuser=cyrus_admin_user/norsh}INBOX.subfolder > I got the following errormessage: > > Can't do /authuser with this server > Can't do /authuser with this server > > I already strace'd and ltrace'd the process in order to know what is the > problem, but all I got to know, that mailutil parsing the output of the > CAPABILITY command, and decides whether the server is capable of > authuser. > > I don't have much time for this conversion, so I had no time to look > into the source, yet. > > I have the following capabilities: > * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS > NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND > SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=NTLM > AUTH=DIGEST-MD5 AUTH=CRAM-MD5 LISTEXT LIST-SUBSCRIBED ANNOTATEMORE > mailutil is picking CRAM-MD5 up which does not support proxy authentication. Stop advertising CRAM-MD5 on the cyrus side. Add /tls which will allow mailutil to use PLAIN. PLAIN is the only mech implemented by c-client which support proxy auth. Hope this helps. -- Igor
Converting mbox to cyrus maildir w/ seen state preservation
Hi, I'm about to migrate user mailboxes from unix mbox mailbox format to cyrus maildir. Unfortunately, users have lots of separate mailfolders in mbox format, which i should convert, too. I dig into the archive, and found the mailutil utility for doing this: mailutil append /path/to/mbox {new.cyrus.server/user=mbox_cyrus_user/authuser=proxy_user/norsh}INBOX and I figured out, that it is capable to creating mailboxes, too. I've migrated the users Inbox already successfully, but with the difference: that time I knew the users password (I created them with a script before), so I had no need to use the /authuser=XXX option. Since then they've changed their password, so I don't know them. (Yes, I forgot about their ~/mail mailboxes :-( ) However, this time I need to use the /authuser=XXX, if I'm not mistaken. When I try this: mailutil create {cyrus.server.name.or.ip/user=targetuser/authuser=cyrus_admin_user/norsh}INBOX.subfolder I got the following errormessage: Can't do /authuser with this server Can't do /authuser with this server I already strace'd and ltrace'd the process in order to know what is the problem, but all I got to know, that mailutil parsing the output of the CAPABILITY command, and decides whether the server is capable of authuser. I don't have much time for this conversion, so I had no time to look into the source, yet. I have the following capabilities: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=NTLM AUTH=DIGEST-MD5 AUTH=CRAM-MD5 LISTEXT LIST-SUBSCRIBED ANNOTATEMORE Can anyone give me a good point? I mean, which cap missing, how can I enable, etc. Thanks in advance, Miham Kerekes. -- * *System Administrator / University Library, Szeged / HUNGARY* *[ [EMAIL PROTECTED] ]**