Re: Using Roundcube with cyrus?
On Thu, 2015-02-12 at 00:35 +0100, Marcus Schopen wrote: Am Dienstag, den 03.02.2015, 10:10 -0600 schrieb Patrick Goetz: Argh! That was it. I thought I had removed this, but it must have re-appeared while I was substituting configuration options in and out while trying to get this to work. Thanks so much for your help! For performance check imapproxy too. I've installed imapproxy on roundcube side and connect via openvpn to cyrus on another host. With any webmail interface you will want to use imapproxy. -- Adam Tauno Williams mailto:awill...@whitemice.org GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Using Roundcube with cyrus?
Am Dienstag, den 03.02.2015, 10:10 -0600 schrieb Patrick Goetz: On 2/3/2015 9:49 AM, Patrick Boutilier wrote: Roundcube is appending the domain; I'm logging in with pgoetz. http://trac.roundcube.net/wiki/Howto_Config#IMAPserverconnection indicates that username_domain may be set. Argh! That was it. I thought I had removed this, but it must have re-appeared while I was substituting configuration options in and out while trying to get this to work. Thanks so much for your help! For performance check imapproxy too. I've installed imapproxy on roundcube side and connect via openvpn to cyrus on another host. Ciao! Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Using Roundcube with cyrus?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2/3/2015 6:20 AM, Patrick Goetz wrote: Related question: what are people using for webmail these days? I was shocked to see that php-horde isn't even packaged for Arch linux. Using Horde (Groupware Webmail Edition 5.2.x) here. The Horde folks are recommending pear-based installation these days, so many distros (at least the ones I've looked at) seem to not bother packaging it. - -- Nels Lindquist nli...@maei.ca -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.20 (MingW32) iEYEARECAAYFAlTTqVUACgkQh6z5POoOLgQZlQCggGpaqlDaWgH2pcSnzCvVGmy0 iKcAoJj3f4nYVG8wuvQe7kxY5S3DKkEq =PrmQ -END PGP SIGNATURE- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Using Roundcube with cyrus?
This is a bit off topic, but is anyone using Roundcube webmail with cyrus? I've lost most of my hair trying to get this to work, and although it is working now, I'm not sure my fix is the correct way to solve the problem. Context: I only allow plain text STARTTLS connections to the imap server: /etc/cyrus/imap.conf: allowplaintext: no (as per the default) sasl_mech_list: PLAIN sasl_pwcheck_method: saslauthd tls_cert_file: /etc/ssl/certs/ssl-cert-cyrus.episcopalarchives.org.pem tls_cipher_list: TLSv1+HIGH:!aNull:@STRENGTH Here is the relevant PHP configuration from Roundcube's config.php.conf: $config['default_host'] = 'tls://mail.episcopalarchives.org'; $config['imap_conn_options'] = array( 'ssl' = array( 'verify_peer' = true, 'allow_self_signed' = true, 'ciphers' = 'TLSv1+HIGH:!aNull:@STRENGTH', 'peer_name' = 'mail.episcopalarchives.org', 'cafile' = '/etc/ssl/certs/ssl-cert-cyrus.episcopalarchives.org.pem', ), ); I tried multiple combinations of PHP connection options as documented on this page: http://php.net/manual/en/context.ssl.php No matter what I changed in the Roundcube PHP configuration, I would alway get this error message in the cyrus error logs: Feb 03 01:06:40 www cyrus/imap[29622]: starttls: TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits new) no authentication Feb 03 01:06:40 www cyrus/imap[29622]: badlogin: www.episcopalarchives.org [216.82.212.230] PLAIN [SASL(-13): authentication failure: cross-realm login pgo...@episcopalarchives.org denied] After a little googling I added this to /etc/cyrus/imapd.conf: defaultdomain: episcopalarchives.org virtdomains: on Now I can authenticate through Roundcube, but this solution seems a little weird to me, since I'm in particular *not* using virtual domains on this server. Question: is it really necessary to turn virtual domains on to get PHP webmail authentication to work, or is there another way to do this? Related question: what are people using for webmail these days? I was shocked to see that php-horde isn't even packaged for Arch linux. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Using Roundcube with cyrus?
On 02/03/2015 11:39 AM, Patrick Goetz wrote: On 2/3/2015 7:28 AM, Patrick Boutilier wrote: Are you using pgo...@episcopalarchives.org as the userid or is Roundcube appending the domain automatically? Roundcube is appending the domain; I'm logging in with pgoetz. http://trac.roundcube.net/wiki/Howto_Config#IMAPserverconnection indicates that username_domain may be set. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus attachment: boutilpj.vcf Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Using Roundcube with cyrus?
On 2/3/2015 9:49 AM, Patrick Boutilier wrote: Roundcube is appending the domain; I'm logging in with pgoetz. http://trac.roundcube.net/wiki/Howto_Config#IMAPserverconnection indicates that username_domain may be set. Argh! That was it. I thought I had removed this, but it must have re-appeared while I was substituting configuration options in and out while trying to get this to work. Thanks so much for your help! Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Using Roundcube with cyrus?
On 2/3/2015 7:28 AM, Patrick Boutilier wrote: Are you using pgo...@episcopalarchives.org as the userid or is Roundcube appending the domain automatically? Roundcube is appending the domain; I'm logging in with pgoetz. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Using Roundcube with cyrus?
On 2/3/2015 7:54 AM, marty wrote: Yes - but as my webmail interface is on the same box as the cyrus server, I've got cyrus to 'listen' on localhost:imap only, and roundcube connects over the loopback interface to cyrus. I do have roundcube installed on the same host as cyrus, but the vast majority of connections to the cyrus server are from Thunderbird from hosts that can be located anywhere. This is why I turned unencrypted plain text passwords off. In a previous installation, I was still allowing users to connect with unencrypted passwords, which simplified the Roundcube install considerably. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Using Roundcube with cyrus?
On 02/03/2015 09:20 AM, Patrick Goetz wrote: This is a bit off topic, but is anyone using Roundcube webmail with cyrus? I've lost most of my hair trying to get this to work, and although it is working now, I'm not sure my fix is the correct way to solve the problem. Context: I only allow plain text STARTTLS connections to the imap server: /etc/cyrus/imap.conf: allowplaintext: no (as per the default) sasl_mech_list: PLAIN sasl_pwcheck_method: saslauthd tls_cert_file: /etc/ssl/certs/ssl-cert-cyrus.episcopalarchives.org.pem tls_cipher_list: TLSv1+HIGH:!aNull:@STRENGTH Here is the relevant PHP configuration from Roundcube's config.php.conf: $config['default_host'] = 'tls://mail.episcopalarchives.org'; $config['imap_conn_options'] = array( 'ssl' = array( 'verify_peer' = true, 'allow_self_signed' = true, 'ciphers' = 'TLSv1+HIGH:!aNull:@STRENGTH', 'peer_name' = 'mail.episcopalarchives.org', 'cafile' = '/etc/ssl/certs/ssl-cert-cyrus.episcopalarchives.org.pem', ), ); I tried multiple combinations of PHP connection options as documented on this page: http://php.net/manual/en/context.ssl.php No matter what I changed in the Roundcube PHP configuration, I would alway get this error message in the cyrus error logs: Feb 03 01:06:40 www cyrus/imap[29622]: starttls: TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits new) no authentication Feb 03 01:06:40 www cyrus/imap[29622]: badlogin: www.episcopalarchives.org [216.82.212.230] PLAIN [SASL(-13): authentication failure: cross-realm login pgo...@episcopalarchives.org denied] After a little googling I added this to /etc/cyrus/imapd.conf: defaultdomain: episcopalarchives.org virtdomains: on Now I can authenticate through Roundcube, but this solution seems a little weird to me, since I'm in particular *not* using virtual domains on this server. Question: is it really necessary to turn virtual domains on to get PHP webmail authentication to work, or is there another way to do this? Related question: what are people using for webmail these days? I was shocked to see that php-horde isn't even packaged for Arch linux. Are you using pgo...@episcopalarchives.org as the userid or is Roundcube appending the domain automatically? Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus attachment: boutilpj.vcf Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Using Roundcube with cyrus?
Am Dienstag, 3. Februar 2015, 07:20:46 schrieb Patrick Goetz: Question: is it really necessary to turn virtual domains on to get PHP webmail authentication to work, or is there another way to do this? No, we use it without virtual domains too. Related question: what are people using for webmail these days? I was shocked to see that php-horde isn't even packaged for Arch linux. hmm, any kind of (from roundcube, squirrelmail, Horde5 IMP and many others incl. PIM / Groupware solutions out) - roundcube is one (relatively famous) option of. Horde has it's own packaging / update mechanism since Horde5 (which makes sense in many horde scenarios today - i.e. Horde virtual and multi hosting) - see Horde website for details. Horde5 is really cool and a big step forward compared to Horde 3/4 in my opinion - but if you just need webmail, Horde 5 IMP alone still may be much more then enough ß)... We offer roundcube, squirrel and Horde5 to our users in parallel att., because any of them offer SIEVE access and there are PGP/GnuPG / S/MIME modules available. just my two cents... Niels. -- --- Niels Dettenbach Syndicat IT Internet http://www.syndicat.com PGP: https://syndicat.com/pub_key.asc --- signature.asc Description: This is a digitally signed message part. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Using Roundcube with cyrus?
On 2015-02-03 13:20, Patrick Goetz wrote: This is a bit off topic, but is anyone using Roundcube webmail with cyrus? I've lost most of my hair trying to get this to work, and although it is working now, I'm not sure my fix is the correct way to solve the problem. Yes - but as my webmail interface is on the same box as the cyrus server, I've got cyrus to 'listen' on localhost:imap only, and roundcube connects over the loopback interface to cyrus. Haven't tried to connect over imaps to it, if I get a chance in the next couple of days, I can try to point my dev webmail box at the production mail server over imaps and see what happens. Sorry I can't offer any help about roundcube-imaps-cyrus, but if your roundcube box is on the same system as cyrus, then the loopback interface using imap works a charm. Cheers marty - Marty Lee e: ma...@maui-systems.co.uk Technical Directorv: +44 845 869 2661 Maui Systems Ltd f: +44 871 433 8922 Scotland, UK w: http://www.maui-systems.co.uk Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus