Re: Questions,fixes,problems: Cyrus 2.0.9, NetBSD 1.5 [LONG]
Lawrence Greenfield [EMAIL PROTECTED] wrote: - With plaintext login [using pwcheck], cyradm asks for the password twice: first "Please enter your password:" then "IMAP Password:" - any reason why? I'm not sure. Has anyone else run across this? Can anyone else solve this? Yeah, I think the first password is requested in order to do a saslified authentication, which fails, and then other code asks for another password. Actually, I appear to be crashing cyradm with the --auth option right now, so I'm going to say that this code really needs some work. Yes, in my case above, the PLAIN method was failing to authenticate (because PLAIN mechanism isn't available on a non-encrypted connection) and so the cyradm shell itself printed out the "IMAP Password:" prompt to use with the IMAP LOGIN method as a last resort (which works fine). I can get around this problem of the "duplicate" password prompt if I do 'cyradm --auth login'. Out of curiosity I used imtest to see if PLAIN was working. I did 'imtest -m PLAIN -t "" localhost' and AUTH=PLAIN appeared in the capability banner (as the connection was encrypted now) but the authentication failed with a bad protocol error (IIRC - working from memory here). Anyway, this is more of an aside, as my MUA doesn't uses LOGIN so it doesn't pose a problem to me yet. -- Cillian
Re: Questions,fixes,problems: Cyrus 2.0.9, NetBSD 1.5 [LONG]
--On Wednesday, February 07, 2001 10:53:25 PM -0500 Ken Murchison [EMAIL PROTECTED] wrote: IMHO, idled is the best. It provides for near-realtime updates without bombarding the server with NOOPs or blindly polling the mailbox. There might be cases were the overhead of the idled communication channel outweights that of infrequent polling (at the expense of slow updates), but I don't know where the cross-over point is. Until someone who has a *lot* of users using clients which support IDLE gives us some feedback, all we have is theory and speculation. Yes, this is my general reading on the problem as well. IDLE raises some significant scalability questions. While it's a win in many situations (it cuts down the amount of network traffic needed) the additional idled process could become a bottleneck or unreliable. - With plaintext login [using pwcheck], cyradm asks for the password twice: first "Please enter your password:" then "IMAP Password:" - any reason why? I'm not sure. Has anyone else run across this? Can anyone else solve this? Yes (using PAM). I don't know. I assumed this was username/authname issue or a callback issue, but it hasn't bothered me to the point of trying to fix it. Yeah, I think the first password is requested in order to do a saslified authentication, which fails, and then other code asks for another password. Actually, I appear to be crashing cyradm with the --auth option right now, so I'm going to say that this code really needs some work. I'll try to get around to it, though if anyone else wants to try to understand, start at "sub authenticate" in IMAP.pm. Larry
Re: Questions,fixes,problems: Cyrus 2.0.9, NetBSD 1.5 [LONG]
On Fri, Feb 16, 2001 at 02:47:08PM +1100, Grant Beattie wrote: Feb 16 14:33:58 wombat perl[3212]: [ID 516856 auth.error] unable to dlopen /opt/local/cyrus/lib/sasl/libdigestmd5.so: ld.so.1: perl: fatal: relocation error: file /opt/local/cyrus/lib/sasl/libdigestmd5.so: symbol __eprintf: referenced symbol not found What compiler did you use? On AIX I get similar errors if I try to mix code compiled with gcc and with xlc. Try linking libdigestmd5.so against libgcc.a directly. Gabor -- Gabor Gombas Eotvos Lorand University E-mail: [EMAIL PROTECTED]Hungary
Re: Questions,fixes,problems: Cyrus 2.0.9, NetBSD 1.5 [LONG]
Lawrence Greenfield [EMAIL PROTECTED] wrote: Berkeley DB 3 on NetBSD (and similarly in FreeBSD) is installed as: /usr/pkg/lib/libdb3.a and /usr/pkg/include/db3/*.h so as not to conflict with the "native" db in NetBSD. I'm not sure how I'm suppose to deal with this; I could be chasing db files all around eternity. I'd welcome patches. Ok i just compiled 2.0.11 on netbsd 1.5. All I had to do was s/db-3/db3 in configure. so all that needs to be done is to stick in (yet) another test for db3, i.e. '-ldb3' in configure.in just before or after the test for db-3. the script picks up the include files ok (/usr/pkg/include/db3) once i specify --with-dbdir=/usr/pkg so no changes there, just the library check. Sometimes mismatched db libraries cause crashes. The documentation could also say to compile libsasl without db support (--with-dblib=none). Yes, this seems to work, however I had to patch utils/sasldblistusers.c as follows: --- sasldblistusers.c.orig Thu Feb 15 13:44:03 2001 +++ sasldblistusers.c Thu Feb 15 13:44:41 2001 @@ -309,7 +309,7 @@ #else -int listusers(listcb_t *cb) +int listusers(const char *path, listcb_t *cb) { fprintf(stderr,"Unsupported DB format"); exit(1); For imapd I had to do CPPFLAGS="-I/usr/include/krb5 -I/usr/include/openssl" before running configure to pick up include files. However some of the Makefiles under perl/ didn't "inherit" these CPPFLAGS, so I had to add the includes to the "INC" hash key in Makefile.PL as these seem to be (post-configure) generated Makefiles If there are generic fixes for these problems, I'd love to have them. (I don't really have time to chase this down right now.) I'll have a look at this, should just be a few Makefile tweaks. - libwrap wasn't detected, even though it exists and works! /usr/lib/libwrap.a, /usr/lib/libwrap.so* and /usr/include/tcpd.h are there ok. passing --with-libwrap=/usr doesn't work either. I think the next release will fix this. Ok, I haven't tried this yet as master can now bind services to specific IPs. I thought there was a way of making Netscape check multiple folders. Not that I'm aware of.. Regards, -- Cillian
Re: Questions,fixes,problems: Cyrus 2.0.9, NetBSD 1.5 [LONG]
Lawrence Greenfield [EMAIL PROTECTED] wrote: - With plaintext login [using pwcheck], cyradm asks for the password twice: first "Please enter your password:" then "IMAP Password:" - any reason why? I'm not sure. Has anyone else run across this? Can anyone else solve this? On closer investigation, it seems cyradm tries to use PLAIN auth, but because PLAIN is only available when SSL/TLS is in use (which cyradm doesn't use) this mechanism fails, so it falls back to the IMAP login method (as my setup has no other authentication methods enabled). Thus, the first password prompt is asked by the SASL PLAIN plugin (which fails) and the second prompt by cyradm (or rather, Cyrus::IMAP::Shell) which succeeds. Either enabling SSL/TLS support in cyradm or disabling attempts to use PLAIN when SSL/TLS is not being used, should fix this 'duplicate' password prompt. Or at least that's my understanding.. Regards, -- Cillian
RE: Questions,fixes,problems: Cyrus 2.0.9, NetBSD 1.5 [LONG]
- With plaintext login [using pwcheck], cyradm asks for the password twice: first "Please enter your password:" then "IMAP Password:" - any reason why? I'm not sure. Has anyone else run across this? Can anyone else solve this? This happens with my build of 2.0.11/Solaris 7. It appears that the IMAP password is the one it wants. I think this has something to do with the MD5 passwords, because when I attempt to log in with cyradm, I get this: Feb 16 14:33:58 wombat perl[3212]: [ID 516856 auth.error] unable to dlopen /opt/local/cyrus/lib/sasl/libdigestmd5.so: ld.so.1: perl: fatal: relocation error: file /opt/local/cyrus/lib/sasl/libdigestmd5.so: symbol __eprintf: referenced symbol not found Feb 16 14:33:58 wombat last message repeated 1 time Feb 16 14:34:01 wombat imapd[3207]: [ID 656617 local6.notice] badlogin: wombat[192.168.211.23] PLAIN no mechanism available Feb 16 14:34:06 wombat imapd[3207]: [ID 237943 local6.notice] login: wombat[192.168.211.23] root plaintext
Re: Questions,fixes,problems: Cyrus 2.0.9, NetBSD 1.5 [LONG]
Date: Thu, 4 Jan 2001 22:56:48 + From: Cillian Sharkey [EMAIL PROTECTED] Now for the problems: ;) Berkeley DB 3 on NetBSD (and similarly in FreeBSD) is installed as: /usr/pkg/lib/libdb3.a and /usr/pkg/include/db3/*.h so as not to conflict with the "native" db in NetBSD. I'm not sure how I'm suppose to deal with this; I could be chasing db files all around eternity. I'd welcome patches. In configure I had to change db-3 to db3 and in some source files had to change includes for db*.h to db3/db*.h. This is for both IMAPD and SASL. [Incidentally, I'm not using sasldb in SASL so is it truly necessary to compile both with the same DB version as is recommended?] Sometimes mismatched db libraries cause crashes. The documentation could also say to compile libsasl without db support (--with-dblib=none). For imapd I had to do CPPFLAGS="-I/usr/include/krb5 -I/usr/include/openssl" before running configure to pick up include files. However some of the Makefiles under perl/ didn't "inherit" these CPPFLAGS, so I had to add the includes to the "INC" hash key in Makefile.PL as these seem to be (post-configure) generated Makefiles If there are generic fixes for these problems, I'd love to have them. (I don't really have time to chase this down right now.) - libwrap wasn't detected, even though it exists and works! /usr/lib/libwrap.a, /usr/lib/libwrap.so* and /usr/include/tcpd.h are there ok. passing --with-libwrap=/usr doesn't work either. I think the next release will fix this. - configure has a problem with NetBSD's mmap() and warns: *** This system does not have a working mmap() Expect a *** considerable performance penalty Is this serious? The IMAP system will eventually have ~700 accounts and at most 30 simultaneous IMAP sessions, with a 'reasonable' volume of incoming mail via lmtpd. For 30 simultaneous IMAP sessions it's not going to be a big deal. Would NetBSD's Unified Buffer Cache (not in 1.5) solve this? Yes. - Do you recommend poll or idled for the "IDLE" method? How do these benefit the server/client if they make use of them? Ken Murchison is the man for IDLE; I'll let him tackle this and then argue with him about it. - Is ~700 accounts enough to warrant enabling "hashimapspool"? On the currentPOP3 system there is ~700 mail spoolfiles in /var/mail (FFS + soft updates) with no noticeable problems or complaints. Probably doesn't matter. - With plaintext login [using pwcheck], cyradm asks for the password twice: first "Please enter your password:" then "IMAP Password:" - any reason why? I'm not sure. Has anyone else run across this? Can anyone else solve this? - Is it safe to make the same user cyrus runs as ("cyrus") part of the "admins" list in imapd.conf? Should I just create another user ("cyradm") for the sole purpose of this? (Yes I could use "root") It's safe; the biggest worry would be your cyrus password being compromised if you send it over the wire in cleartext. [...] - What do people recommend for "distribution lists" in an IMAP environment: - Use a shared folder with an email alias for posting to it and then use ACLs to grant/deny people access the folder? Unfortunately, the Netscape MUA only checks "Inbox" for new mail so it's easy to miss new mail in other folders.. I thought there was a way of making Netscape check multiple folders. Anyway, this is somewhat of a religious issue. At CMU, we use shared folders extensively; our production server has well over 2 shared mailboxes. Larry
Re: Questions,fixes,problems: Cyrus 2.0.9, NetBSD 1.5 [LONG]
Lawrence Greenfield wrote: - Do you recommend poll or idled for the "IDLE" method? How do these benefit the server/client if they make use of them? Ken Murchison is the man for IDLE; I'll let him tackle this and then argue with him about it. IMHO, idled is the best. It provides for near-realtime updates without bombarding the server with NOOPs or blindly polling the mailbox. There might be cases were the overhead of the idled communication channel outweights that of infrequent polling (at the expense of slow updates), but I don't know where the cross-over point is. Until someone who has a *lot* of users using clients which support IDLE gives us some feedback, all we have is theory and speculation. I *think* this is vague enough to not give Larry any ammo ;-) - With plaintext login [using pwcheck], cyradm asks for the password twice: first "Please enter your password:" then "IMAP Password:" - any reason why? I'm not sure. Has anyone else run across this? Can anyone else solve this? Yes (using PAM). I don't know. I assumed this was username/authname issue or a callback issue, but it hasn't bothered me to the point of trying to fix it. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Questions,fixes,problems: Cyrus 2.0.9, NetBSD 1.5 [LONG]
Cillian Sharkey wrote: - Finally, any good IMAP MUAs for Windows? Netscape 4.7x is a bit braindead in many ways. I know there is Mulberry and I think Pegasus does IMAP too... You might also look at Outlook Express. It's not that smart underneath (it tends not to use the best IMAP commands to achieve what it needs) and it doesn't support secure authentication, but it is probably the easiest for users to deal with once correctly installed. It does support SSL too, so security isn't a dead loss. Mulberry assumes a lot of knowledge on the part of the user--if your users are technically inclined, then they'll get a lot out of it.
Re: Questions,fixes,problems: Cyrus 2.0.9, NetBSD 1.5 [LONG]
EXCUSE me for my bad enlgish Take me off this god damn mail list..or someone indicate WHO I can email regarding this emailing list. Is there no STANDARD UNSUBSCRIBE option? Joe On 5 Jan 2001, Amos Gouaux wrote: On Thu, 4 Jan 2001 22:56:48 +, Cillian Sharkey [EMAIL PROTECTED] (cs) writes: cs Hi folks, cs [Apologies for length of email] [Not being too familiar with NetBSD, there isn't much here I can comment on, but...] cs - libwrap wasn't detected, even though it exists and works! cs /usr/lib/libwrap.a, /usr/lib/libwrap.so* and /usr/include/tcpd.h are there cs ok. passing --with-libwrap=/usr doesn't work either. I believe this has been fixed for the forthcoming 2.0.10. cs - What do people recommend for "distribution lists" in an IMAP environment: I believe this has come up from time to time in the past, so you might check the archives. I don't think there is really a magic bullet approach, at least not for all. cs - Use a shared folder with an email alias for posting to it and then use cs ACLs to grant/deny people access the folder? Unfortunately, the Netscape cs MUA only checks "Inbox" for new mail so it's easy to miss new mail in cs other folders.. We've experimented with this, and still use it in some cases. The problem, as you noted, is the notification of new mail. Few clients really handle this well, and so this approach has proven to be less popular, especially with those that have never used USENET, or those that feel their posts are sufficiently important that they must be "direct delivered". (Though, I'll concede that there are times this is actually necessary.) cs OR cs - Use dedicated mailing list software [like mailman with a web interface cs for admin tasks] In this case mail would be delivered to Inbox. There is cs also the concept of having "list owners", although this could be achieved cs by giving someone the "a" right on the shared folder discussed above. And we do this as well. Actually, we've also experimented with a rather perverse melding of both, with mixed success. For various reasons, we're using Listar. One convenient thing about Listar is that the users file is plain text, which makes it very easy to scan. So with many of the high-volume/large member lists, we've created a shared IMAP folder to archive the list, much like what CMU does with info-cyrus. If you're merely a member of the list, you get read-only access. If you're a list moderator, you get read/write access. So, if someone wants to just rely on the shared folder to keep up with the mayhem, all they have to do is set their list configuration to be in 'vacation' mode. That way they won't get the list traffic in their inbox, but still retain access to the shared folder. I told you it was perverse. One convenient thing about this approach is that if they neglect to manage their inbox and run over quota, they are automatically put into vacation mode. Fortunately Listar does this for us without any extra effort. cs - Finally, any good IMAP MUAs for Windows? Netscape 4.7x is a bit braindead cs in many ways. I know there is Mulberry and I think Pegasus does IMAP too, but cs the advantage over them with Netscape is: That topic is too opinionated for me to feel included to jump in, especially at this hour. cs - The netscape UI is quite nice cs - Our users are used to this (i.e. just click on the little "mail" icon!) cs - Our current setup has netscape 'auto-configuration' so users never have to cs setup their a/c. And they can't screw up the config either as it's "fixed" cs on next login. In other words, "it just works" (TM) which is very handy cs for us admins. If it works, use it. Personally, I'd like to see Netscape 7 support ACAP. Oh, I wasn't going to do that. -- Amos
Re: Questions,fixes,problems: Cyrus 2.0.9, NetBSD 1.5 [LONG]
Cillian Sharkey wrote: - Do you recommend poll or idled for the "IDLE" method? How do these benefit the server/client if they make use of them? First off, this only matters if your users are using a client which supports IDLE. The only mainstream client that I know of that supports IDLE is Outlook. The IDLE command allows the client to receive mailbox updates without having to poll the server (ie, reduced traffic, etc). The 'poll' method simply polls the selected mailbox as the client would. This essentially simulates the client polling without the client having to send the NOOP command. This might be a good option if you only have a handful of IDLE clients. The 'idled' method uses a separate daemon which receives 'mailbox update' messages from lmtpd/imapd/pop3d and then signals IDLEing imapds that the mailbox has changed. On a system with a lot of IDLE clients, this is a win because it eliminates unnecessary polling of the mailbox. The mailbox is only checked when it has been changed. It also allows for 'real-time' updates, where the poll method only sends updates every 'imapidlepoll' seconds. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp