Solved: [Re: Converting mbox to cyrus maildir w/ seen state preservation]
> The perms are not the problem, it is the content of the file. Double > check your ssl/tls setup. Rechecked - error still persist. > > > I made the certs by following this description: > > http://www.irbs.net/internet/info-cyrus/0207/0265.html > Instructions here seem pretty reasonable. Recreated the whole certificate - now works. I don't know, what was the error, maybe I misunderstood something at first read. Anyway, thanks a lot for the support! :-) Miham. PS: And Merry Christmas to Everyone :-) -- * *System Administrator / University Library, Szeged / Hungary* *[ [EMAIL PROTECTED] ]**
Re: Converting mbox to cyrus maildir w/ seen state preservation
On Mon, 22 Dec 2003, Miham KEREKES wrote: > > I do not know where you store your secrets, I assume sasldb? If so, > Yes. > > > sasl_pwcheck_method: auxprop > > sasl_auxprop_plugin: sasldb > > sasl_mech_list: plain > Ok. Works. Or at least: the error changed :-( > > * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS > ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT > THREAD=REFERENCES IDLE STARTTLS LISTEXT LIST-SUBSCRIBED ANNOTATEMORE > OK Completed > 0001 STARTTLS > 0001 NO Error initializing TLS > Unable to negotiate TLS with this server > 0002 LOGOUT > * BYE LOGOUT received > 0002 OK Completed > Unable to negotiate TLS with this server > > In syslog: > Dec 22 23:29:15 merope cyrus/imapd[31767]: unable to get private key from > '/etc/ssl/private/cyrus-global.key' > Dec 22 23:29:15 merope cyrus/imapd[31767]: TLS engine: cannot load cert/key data > Dec 22 23:29:15 merope cyrus/imapd[31767]: error initializing TLS > > What is mistaken? File is readable, even world-wide for sure! The perms are not the problem, it is the content of the file. Double check your ssl/tls setup. > I made the certs by following this description: > http://www.irbs.net/internet/info-cyrus/0207/0265.html > Instructions here seem pretty reasonable. -- Igor
Re: Converting mbox to cyrus maildir w/ seen state preservation
> I do not know where you store your secrets, I assume sasldb? If so, Yes. > sasl_pwcheck_method: auxprop > sasl_auxprop_plugin: sasldb > sasl_mech_list: plain Ok. Works. Or at least: the error changed :-( * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS LISTEXT LIST-SUBSCRIBED ANNOTATEMORE OK Completed 0001 STARTTLS 0001 NO Error initializing TLS Unable to negotiate TLS with this server 0002 LOGOUT * BYE LOGOUT received 0002 OK Completed Unable to negotiate TLS with this server In syslog: Dec 22 23:29:15 merope cyrus/imapd[31767]: unable to get private key from '/etc/ssl/private/cyrus-global.key' Dec 22 23:29:15 merope cyrus/imapd[31767]: TLS engine: cannot load cert/key data Dec 22 23:29:15 merope cyrus/imapd[31767]: error initializing TLS What is mistaken? File is readable, even world-wide for sure! I made the certs by following this description: http://www.irbs.net/internet/info-cyrus/0207/0265.html Miham. -- * *System Administrator / University Library, Szeged / Hungary* *[ [EMAIL PROTECTED] ]**
Re: Converting mbox to cyrus maildir w/ seen state preservation
On Mon, 22 Dec 2003, Miham KEREKES wrote: > > > >>However, I can't find anywhere in the config files where I could stop > > > >>CRAM-MD5 from being advertised. > > > >>I searched in /etc/cyrus.conf and /etc/imapd.conf, without any success. > > > >> > > > >>Any docs or help suggested? > > > > > > > > > > > > Add > > > > > > > > sasl_mech_list: plain login digest-md5 ntlm > > > LOGIN and NTLM don't support proxying either. > > For this conversion he just needs > > sasl_mech_list: plain > I've already tried that before I wrote my second letter in this thread. > > I tried it with > sasl_pwcheck_method: auxprop > AND > sasl_pwcheck_method: saslauthd > > My auxprop plugin is: > sasl_auxprop_plugin: sasldb This is not correct: I do not know where you store your secrets, I assume sasldb? If so, sasl_pwcheck_method: auxprop sasl_auxprop_plugin: sasldb sasl_mech_list: plain Check $cyrus-sasl/doc/options.html for more. -- Igor
Re: Converting mbox to cyrus maildir w/ seen state preservation
> > >>However, I can't find anywhere in the config files where I could stop > > >>CRAM-MD5 from being advertised. > > >>I searched in /etc/cyrus.conf and /etc/imapd.conf, without any success. > > >> > > >>Any docs or help suggested? > > > > > > > > > Add > > > > > > sasl_mech_list: plain login digest-md5 ntlm > > LOGIN and NTLM don't support proxying either. > For this conversion he just needs > sasl_mech_list: plain I've already tried that before I wrote my second letter in this thread. I tried it with sasl_pwcheck_method: auxprop AND sasl_pwcheck_method: saslauthd My auxprop plugin is: sasl_auxprop_plugin: sasldb None of the above worked as I expected. Any idea why? Miham. -- * *System Administrator / University Library, Szeged / Hungary* *[ [EMAIL PROTECTED] ]**
Re: Converting mbox to cyrus maildir w/ seen state preservation
On Mon, 22 Dec 2003, Ken Murchison wrote: > Igor Brezac wrote: > > > > > On Mon, 22 Dec 2003, Miham KEREKES wrote: > > > > > >>Hi, > >> > >> > I have the following capabilities: > * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS > NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND > SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=NTLM > AUTH=DIGEST-MD5 AUTH=CRAM-MD5 LISTEXT LIST-SUBSCRIBED ANNOTATEMORE > >> > >>>mailutil is picking CRAM-MD5 up which does not support proxy > >>>authentication. Stop advertising CRAM-MD5 on the cyrus side. Add /tls > >>>which will allow mailutil to use PLAIN. PLAIN is the only mech > >>>implemented by c-client which support proxy auth. > >> > >>After I've sent my previous message, I found a similar advice in > >>archive. > >>However, I can't find anywhere in the config files where I could stop > >>CRAM-MD5 from being advertised. > >>I searched in /etc/cyrus.conf and /etc/imapd.conf, without any success. > >> > >>Any docs or help suggested? > > > > > > Add > > > > sasl_mech_list: plain login digest-md5 ntlm > > LOGIN and NTLM don't support proxying either. I know. I was trying to duplicate his setup minus cram-md5. For this conversion he just needs sasl_mech_list: plain -- Igor
Re: Converting mbox to cyrus maildir w/ seen state preservation
Igor Brezac wrote: On Mon, 22 Dec 2003, Miham KEREKES wrote: Hi, I have the following capabilities: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=NTLM AUTH=DIGEST-MD5 AUTH=CRAM-MD5 LISTEXT LIST-SUBSCRIBED ANNOTATEMORE mailutil is picking CRAM-MD5 up which does not support proxy authentication. Stop advertising CRAM-MD5 on the cyrus side. Add /tls which will allow mailutil to use PLAIN. PLAIN is the only mech implemented by c-client which support proxy auth. After I've sent my previous message, I found a similar advice in archive. However, I can't find anywhere in the config files where I could stop CRAM-MD5 from being advertised. I searched in /etc/cyrus.conf and /etc/imapd.conf, without any success. Any docs or help suggested? Add sasl_mech_list: plain login digest-md5 ntlm LOGIN and NTLM don't support proxying either. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Converting mbox to cyrus maildir w/ seen state preservation
On Mon, 22 Dec 2003, Miham KEREKES wrote: > Hi, > > > > I have the following capabilities: > > > * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS > > > NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND > > > SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=NTLM > > > AUTH=DIGEST-MD5 AUTH=CRAM-MD5 LISTEXT LIST-SUBSCRIBED ANNOTATEMORE > > > mailutil is picking CRAM-MD5 up which does not support proxy > > authentication. Stop advertising CRAM-MD5 on the cyrus side. Add /tls > > which will allow mailutil to use PLAIN. PLAIN is the only mech > > implemented by c-client which support proxy auth. > After I've sent my previous message, I found a similar advice in > archive. > However, I can't find anywhere in the config files where I could stop > CRAM-MD5 from being advertised. > I searched in /etc/cyrus.conf and /etc/imapd.conf, without any success. > > Any docs or help suggested? Add sasl_mech_list: plain login digest-md5 ntlm to /etc/imapd.conf -- Igor
Re: Converting mbox to cyrus maildir w/ seen state preservation
Hi, > > I have the following capabilities: > > * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS > > NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND > > SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=NTLM > > AUTH=DIGEST-MD5 AUTH=CRAM-MD5 LISTEXT LIST-SUBSCRIBED ANNOTATEMORE > mailutil is picking CRAM-MD5 up which does not support proxy > authentication. Stop advertising CRAM-MD5 on the cyrus side. Add /tls > which will allow mailutil to use PLAIN. PLAIN is the only mech > implemented by c-client which support proxy auth. After I've sent my previous message, I found a similar advice in archive. However, I can't find anywhere in the config files where I could stop CRAM-MD5 from being advertised. I searched in /etc/cyrus.conf and /etc/imapd.conf, without any success. Any docs or help suggested? Miham. -- * *System Administrator / University Library, Szeged / Hungary* *[ [EMAIL PROTECTED] ]**
Re: Converting mbox to cyrus maildir w/ seen state preservation
On Mon, 22 Dec 2003, Miham KEREKES wrote:
> Hi,
>
> I'm about to migrate user mailboxes from unix mbox mailbox format
> to cyrus maildir. Unfortunately, users have lots of separate
> mailfolders in mbox format, which i should convert, too.
>
> I dig into the archive, and found the mailutil utility for doing this:
> mailutil append /path/to/mbox
> {new.cyrus.server/user=mbox_cyrus_user/authuser=proxy_user/norsh}INBOX
> and I figured out, that it is capable to creating mailboxes, too.
>
> I've migrated the users Inbox already successfully, but with the
> difference: that time I knew the users password (I created them with a
> script before), so I had no need to use the /authuser=XXX option.
> Since then they've changed their password, so I don't know them.
> (Yes, I forgot about their ~/mail mailboxes :-( )
> However, this time I need to use the /authuser=XXX, if I'm not mistaken.
>
> When I try this:
> mailutil create
> {cyrus.server.name.or.ip/user=targetuser/authuser=cyrus_admin_user/norsh}INBOX.subfolder
> I got the following errormessage:
>
> Can't do /authuser with this server
> Can't do /authuser with this server
>
> I already strace'd and ltrace'd the process in order to know what is the
> problem, but all I got to know, that mailutil parsing the output of the
> CAPABILITY command, and decides whether the server is capable of
> authuser.
>
> I don't have much time for this conversion, so I had no time to look
> into the source, yet.
>
> I have the following capabilities:
> * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
> NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
> SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=NTLM
> AUTH=DIGEST-MD5 AUTH=CRAM-MD5 LISTEXT LIST-SUBSCRIBED ANNOTATEMORE
>
mailutil is picking CRAM-MD5 up which does not support proxy
authentication. Stop advertising CRAM-MD5 on the cyrus side. Add /tls
which will allow mailutil to use PLAIN. PLAIN is the only mech
implemented by c-client which support proxy auth.
Hope this helps.
--
Igor
Converting mbox to cyrus maildir w/ seen state preservation
Hi,
I'm about to migrate user mailboxes from unix mbox mailbox format
to cyrus maildir. Unfortunately, users have lots of separate
mailfolders in mbox format, which i should convert, too.
I dig into the archive, and found the mailutil utility for doing this:
mailutil append /path/to/mbox
{new.cyrus.server/user=mbox_cyrus_user/authuser=proxy_user/norsh}INBOX
and I figured out, that it is capable to creating mailboxes, too.
I've migrated the users Inbox already successfully, but with the
difference: that time I knew the users password (I created them with a
script before), so I had no need to use the /authuser=XXX option.
Since then they've changed their password, so I don't know them.
(Yes, I forgot about their ~/mail mailboxes :-( )
However, this time I need to use the /authuser=XXX, if I'm not mistaken.
When I try this:
mailutil create
{cyrus.server.name.or.ip/user=targetuser/authuser=cyrus_admin_user/norsh}INBOX.subfolder
I got the following errormessage:
Can't do /authuser with this server
Can't do /authuser with this server
I already strace'd and ltrace'd the process in order to know what is the
problem, but all I got to know, that mailutil parsing the output of the
CAPABILITY command, and decides whether the server is capable of
authuser.
I don't have much time for this conversion, so I had no time to look
into the source, yet.
I have the following capabilities:
* CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=NTLM
AUTH=DIGEST-MD5 AUTH=CRAM-MD5 LISTEXT LIST-SUBSCRIBED ANNOTATEMORE
Can anyone give me a good point? I mean, which cap missing, how can I
enable, etc.
Thanks in advance,
Miham Kerekes.
--
*
*System Administrator / University Library, Szeged / HUNGARY*
*[ [EMAIL PROTECTED] ]**
