Re: django-cyradm
On 12.12.2019 21.26, Niels Dettenbach wrote: Am Donnerstag, 12. Dezember 2019, 21:06:46 CET schrieb Jesper Schmitz Mouridsen via Info-cyrus: It has self service support. The system has 3 roles "admin","domain admin" and "account user". If you are interested take a look at sounds very interesting - i planned to write a similiar open source product (after the very flexible web-cyradm was very outdated) - but with exim / pam_mysql (should be similiar) and reserved some spare time over christmas and january for it... After planning with django years ago, my current plan was to use flask or similiar more light, because installation of django (compared to the old LAMP based web-cyradm) is more difficult for many users / impossible in some typical mass hosting environments and easier to maintain in regards of security over longer timespan (django typically needs security updates several times a year from what i experienced with it in other projects). And with flask it is (at least by my intention so far...) more easy to use it on i.e. embedded hardware or "small email servers" with a DevOps like software / "firmware" management. I very like the very intelligent (because it allows very flexible email configs as MTA integrations) database design of web_cyradm. While i've not found a way to easily "reuse" that existing database structure (or "rebuilt" it with the django DB subsystem) in flask is has to be done by hand - so "no prob" at this edge for me. But will definitely check it - and (if interested) contribute (where it may makes sense). it may possibly still is a nice base or working solution for what i'm looking for (saving me time to write something complete byself) and if flask or so is still an option, the similiar concept should allow to "reuse" at least the more fiddely python code from a django project. is there any public "main" repo of the project? https://github.com/jsm222/django-cyradm/ many thanks for your time and posting, niels. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: django-cyradm
Am Donnerstag, 12. Dezember 2019, 21:06:46 CET schrieb Jesper Schmitz Mouridsen via Info-cyrus: > It has self service support. The system has 3 roles "admin","domain > admin" and "account user". > > If you are interested take a look at sounds very interesting - i planned to write a similiar open source product (after the very flexible web-cyradm was very outdated) - but with exim / pam_mysql (should be similiar) and reserved some spare time over christmas and january for it... After planning with django years ago, my current plan was to use flask or similiar more light, because installation of django (compared to the old LAMP based web-cyradm) is more difficult for many users / impossible in some typical mass hosting environments and easier to maintain in regards of security over longer timespan (django typically needs security updates several times a year from what i experienced with it in other projects). And with flask it is (at least by my intention so far...) more easy to use it on i.e. embedded hardware or "small email servers" with a DevOps like software / "firmware" management. I very like the very intelligent (because it allows very flexible email configs as MTA integrations) database design of web_cyradm. While i've not found a way to easily "reuse" that existing database structure (or "rebuilt" it with the django DB subsystem) in flask is has to be done by hand - so "no prob" at this edge for me. But will definitely check it - and (if interested) contribute (where it may makes sense). it may possibly still is a nice base or working solution for what i'm looking for (saving me time to write something complete byself) and if flask or so is still an option, the similiar concept should allow to "reuse" at least the more fiddely python code from a django project. is there any public "main" repo of the project? many thanks for your time and posting, niels. -- --- Niels Dettenbach Syndicat IT & Internet http://www.syndicat.com PGP: https://syndicat.com/pub_key.asc --- signature.asc Description: This is a digitally signed message part. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
django-cyradm
Hi cyrus list. (This email contains self promotion of a cyrus/imap related piece of software..) I wrote some years ago (and recently updated) a small django application for cyrus and postfix, with database lookup tables. It has self service support. The system has 3 roles "admin","domain admin" and "account user". If you are interested take a look at https://djcyradm.schmitz.computer Kind regards Jesper Schmitz Mouridsen Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyradm and TLS 1.2
Thanks! You have the more correct fix: From: https://www.openssl.org/docs/man1.1.0/man3/TLSv1_client_method.html "TLS_method(), TLS_server_method(), TLS_client_method() These are the general-purpose version-flexible SSL/TLS methods. The actual protocol version used will be negotiated to the highest version mutually supported by the client and the server. The supported protocols are SSLv3, TLSv1, TLSv1.1 and TLSv1.2. Applications should use these methods, and avoid the version-specific methods described below." Thanks, John On 10/15/2019 6:04 PM, ellie timoney wrote: ** CAUTION: EXTERNAL MAIL ** Thanks for reporting back. For whatever its worth, the equivalent fix on 2.5+ uses "TLS_client_method()", not "TLSv1_2_client_method()". I'm not sure what difference it makes, but maybe it requires a newer OpenSSL than you have? Here's the commit to master, fyi: https://github.com/cyrusimap/cyrus-imapd/commit/78f79ea53238c8596e2f8602b7b1e29a16863ae9 On Tue, Oct 15, 2019, at 7:43 AM, John Widera wrote: Turns out imclient (at least in the latest RHEL7 pkg) is hardcoded to use TLSv1. Since we're building binary RPMs from Source RPMs anyway we modified imclient.c, rebuilt the RPMs, reinstalled the cyrus-imapd-utils package: Here's the patch we used: ** *--- imclient.c.orig 2012-12-01 13:57:54.0 -0600* *+++ imclient.c 2019-10-03 14:40:11.254566297 -0500* *@@ -1695,7 +1695,7 @@* *return -1;* *}* *- imclient->tls_ctx = SSL_CTX_new(TLSv1_client_method());* *+ imclient->tls_ctx = SSL_CTX_new(TLSv1_2_client_method());* *if (imclient->tls_ctx == NULL) {* *return -1;* *};* --- Maybe this helps someone else. Regards, Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyradm and TLS 1.2
Thanks for reporting back. For whatever its worth, the equivalent fix on 2.5+ uses "TLS_client_method()", not "TLSv1_2_client_method()". I'm not sure what difference it makes, but maybe it requires a newer OpenSSL than you have? Here's the commit to master, fyi: https://github.com/cyrusimap/cyrus-imapd/commit/78f79ea53238c8596e2f8602b7b1e29a16863ae9 On Tue, Oct 15, 2019, at 7:43 AM, John Widera wrote: > Turns out imclient (at least in the latest RHEL7 pkg) is hardcoded to use > TLSv1. Since we're building binary RPMs from Source RPMs anyway we modified > imclient.c, rebuilt the RPMs, reinstalled the cyrus-imapd-utils package: > Here's the patch we used: > ** > *--- imclient.c.orig 2012-12-01 13:57:54.0 -0600* > *+++ imclient.c 2019-10-03 14:40:11.254566297 -0500* > *@@ -1695,7 +1695,7 @@* > *return -1;* > *}* > *- imclient->tls_ctx = SSL_CTX_new(TLSv1_client_method());* > *+ imclient->tls_ctx = SSL_CTX_new(TLSv1_2_client_method());* > *if (imclient->tls_ctx == NULL) {* > *return -1;* > *};* > --- > Maybe this helps someone else. > Regards, Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyradm and TLS 1.2
Turns out imclient (at least in the latest RHEL7 pkg) is hardcoded to use TLSv1. Since we're building binary RPMs from Source RPMs anyway we modified imclient.c, rebuilt the RPMs, reinstalled the cyrus-imapd-utils package: Here's the patch we used: --- IMCLIENT.C.ORIG 2012-12-01 13:57:54.0 -0600 +++ IMCLIENT.C 2019-10-03 14:40:11.254566297 -0500 @@ -1695,7 +1695,7 @@ RETURN -1; } - IMCLIENT->TLS_CTX = SSL_CTX_NEW(TLSV1_CLIENT_METHOD()); + IMCLIENT->TLS_CTX = SSL_CTX_NEW(TLSV1_2_CLIENT_METHOD()); IF (IMCLIENT->TLS_CTX == NULL) { RETURN -1; }; --- Maybe this helps someone else. Regards, > Hi All, > > We're hoping to find some help on the list... > > We are running Cyrus-IMAP on RHEL7, using an RPM pkg > (CYRUS-IMAPD-2.4.17-13.EL7) built from the Red Hat SRC RPM. We also have > SASL, Utils, devel etc pkgs all from RH. > > Now we're looking to finally move Cyrus completely off insecure TLS versions. > But now there is a lingering issue... > > We removed tls1_0 from impad.conf, and the CYRADM shell stopped working. We > can no longer connect at all: > > CYRADM -U CYRUS > [ SSL_CONNECT ERROR -1 ] > [ SSL SESSION REMOVED ] > [ TLS NEGOTIATION DID NOT SUCCEED ] > CYRADM: CANNOT AUTHENTICATE TO SERVER WITH AS CYRUS > > CYRADM -U CYRUS --NOTLS > [ SSL_CONNECT ERROR -1 ] > [ SSL SESSION REMOVED ] > [ TLS NEGOTIATION DID NOT SUCCEED ] > CYRADM: CANNOT AUTHENTICATE TO SERVER WITH AS CYRUS > > The presumption is (as cyradm is just a wrapper script) any PERL scripts > calling Cyrus::IMAP::Admin over a STARTTLS connection could likewise be > broken (?) if we block TLS 1.0. > > cyradm is using TLSv1 per maillog: > > IMAPS[14096]: STARTTLS: TLSV1 WITH CIPHER > > Our MAN page for cyradm shows a "--notls" option, which does not work/changes > nothing. Oddly, the cyradm HELP FLAG does NOT show this option, yet cyradm > doesn't bark when it's passed: > > USAGE: CYRADM [ARGS] SERVER > --USER CONNECT AS (AUTHENTICATION NAME) > --AUTHZ AUTHORIZE AS > --[NO]RC (DO NOT) LOAD THE CONFIGURATION FILES > --SYSTEMRC USE SYSTEM-WIDE CONFIGURATION > --USERRC USE USER CONFIGURATION > --PORT CONNECT TO SERVER ON > --AUTH AUTHENTICATE WITH > > A web search reveals the MAN page for cyradm in Cyrus v.3, and it shows NOTLS > as an option to AUTHENTICATE, after a server connection is made, so its > unclear to me what's going on... > > Does anyone have cyradm working with TLS1.2? > > Regards & THANKS in advance for any assistance or suggestions offered. > > -- > John > > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
cyradm and TLS 1.2
Hi All, We're hoping to find some help on the list... We are running Cyrus-IMAP on RHEL7, using an RPM pkg (CYRUS-IMAPD-2.4.17-13.EL7) built from the Red Hat SRC RPM. We also have SASL, Utils, devel etc pkgs all from RH. Now we're looking to finally move Cyrus completely off insecure TLS versions. But now there is a lingering issue... We removed tls1_0 from impad.conf, and the CYRADM shell stopped working. We can no longer connect at all: CYRADM -U CYRUS [ SSL_CONNECT ERROR -1 ] [ SSL SESSION REMOVED ] [ TLS NEGOTIATION DID NOT SUCCEED ] CYRADM: CANNOT AUTHENTICATE TO SERVER WITH AS CYRUS CYRADM -U CYRUS --NOTLS [ SSL_CONNECT ERROR -1 ] [ SSL SESSION REMOVED ] [ TLS NEGOTIATION DID NOT SUCCEED ] CYRADM: CANNOT AUTHENTICATE TO SERVER WITH AS CYRUS The presumption is (as cyradm is just a wrapper script) any PERL scripts calling Cyrus::IMAP::Admin over a STARTTLS connection could likewise be broken (?) if we block TLS 1.0. cyradm is using TLSv1 per maillog: IMAPS[14096]: STARTTLS: TLSV1 WITH CIPHER Our MAN page for cyradm shows a "--notls" option, which does not work/changes nothing. Oddly, the cyradm HELP FLAG does NOT show this option, yet cyradm doesn't bark when it's passed: USAGE: CYRADM [ARGS] SERVER --USER CONNECT AS (AUTHENTICATION NAME) --AUTHZ AUTHORIZE AS --[NO]RC (DO NOT) LOAD THE CONFIGURATION FILES --SYSTEMRC USE SYSTEM-WIDE CONFIGURATION --USERRC USE USER CONFIGURATION --PORT CONNECT TO SERVER ON --AUTH AUTHENTICATE WITH A web search reveals the MAN page for cyradm in Cyrus v.3, and it shows NOTLS as an option to AUTHENTICATE, after a server connection is made, so its unclear to me what's going on... Does anyone have cyradm working with TLS1.2? Regards & THANKS in advance for any assistance or suggestions offered. -- John Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyradm | Duplicate specification
Thanks Ellie, https://github.com/cyrusimap/cyrus-imapd/issues/2747 -- Ismaël Le 26/04/2019 à 10:11, ellie timoney a écrit : Hi Ismaël, Which version of perl are you running? (`perl --version` will tell you) A fairly newish one, I guess? The cyradm tools were written using a quite old version of perl, which didn't produce a lot of warnings. I expect it's working fine, but your newer perl version is producing warnings that the older versions did not. It would be good to fix up a lot of this cruft -- do you want to raise an issue on https://github.com/cyrusimap/cyrus-imapd/issues and include the details from your email and your perl version? I can't promise it'll get looked at quickly, but at least it won't get forgotten. :) Cheers, ellie On Thu, Apr 25, 2019, at 5:49 AM, Ismaël Tanguy wrote: Hello, I've got this error after connecting to cyrus with cyradm (as root or cyrus user): # cyradm -u cyrus localhost Variable "$cyrref" will not stay shared at /usr/lib64/perl5/vendor_perl/Cyrus/IMAP/Shell.pm line 724. Variable "$lfh" will not stay shared at /usr/lib64/perl5/vendor_perl/Cyrus/IMAP/Shell.pm line 726. Duplicate specification "server|s=s" for option "s" I can make operation on mailbox (lam, sam, xfer, ..), everything seems to work fine but I'm not confident to put that in production.. Cyrus version is 3.08 installed with rpm on Centos7. I've build the rpms, so maybe I've made mistake at this step. cyrus was build like that : # cyr_buildinfo { "component": { "event_notification": true, "gssapi": true, "autocreate": true, "idled": true, "httpd": true, "kerberos_v4": false, "murder": true, "nntpd": true, "replication": true, "sieve": true, "calalarmd": true, "objectstore": false, "backup": true }, "dependency": { "ldap": true, "openssl": true, "pcre": true, "clamav": true }, "database": { "mysql": false, "pgsql": false, "sqlite": true, "lmdb": false }, "search": { "squat": true, "sphinx": false, "xapian": false, "xapian_flavor": "none" }, "hardware": { "sse42": true } } Thank you --- Ismaël TANGUY Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyradm | Duplicate specification
Hi Ismaël, Which version of perl are you running? (`perl --version` will tell you) A fairly newish one, I guess? The cyradm tools were written using a quite old version of perl, which didn't produce a lot of warnings. I expect it's working fine, but your newer perl version is producing warnings that the older versions did not. It would be good to fix up a lot of this cruft -- do you want to raise an issue on https://github.com/cyrusimap/cyrus-imapd/issues and include the details from your email and your perl version? I can't promise it'll get looked at quickly, but at least it won't get forgotten. :) Cheers, ellie On Thu, Apr 25, 2019, at 5:49 AM, Ismaël Tanguy wrote: > Hello, > I've got this error after connecting to cyrus with cyradm (as root or cyrus > user): > # cyradm -u cyrus localhost Variable "$cyrref" will not stay shared at /usr/lib64/perl5/vendor_perl/Cyrus/IMAP/Shell.pm line 724. Variable "$lfh" will not stay shared at /usr/lib64/perl5/vendor_perl/Cyrus/IMAP/Shell.pm line 726. Duplicate specification "server|s=s" for option "s" > > I can make operation on mailbox (lam, sam, xfer, ..), everything seems to > work fine but I'm not confident to put that in production.. > Cyrus version is 3.08 installed with rpm on Centos7. > I've build the rpms, so maybe I've made mistake at this step. > cyrus was build like that : > # cyr_buildinfo { "component": { "event_notification": true, "gssapi": true, "autocreate": true, "idled": true, "httpd": true, "kerberos_v4": false, "murder": true, "nntpd": true, "replication": true, "sieve": true, "calalarmd": true, "objectstore": false, "backup": true }, "dependency": { "ldap": true, "openssl": true, "pcre": true, "clamav": true }, "database": { "mysql": false, "pgsql": false, "sqlite": true, "lmdb": false }, "search": { "squat": true, "sphinx": false, "xapian": false, "xapian_flavor": "none" }, "hardware": { "sse42": true } } > Thank you > --- > Ismaël TANGUY > > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
cyradm | Duplicate specification
Hello, I've got this error after connecting to cyrus with cyradm (as root or cyrus user): # cyradm -u cyrus localhost Variable "$cyrref" will not stay shared at /usr/lib64/perl5/vendor_perl/Cyrus/IMAP/Shell.pm line 724. Variable "$lfh" will not stay shared at /usr/lib64/perl5/vendor_perl/Cyrus/IMAP/Shell.pm line 726. Duplicate specification "server|s=s" for option "s" I can make operation on mailbox (lam, sam, xfer, ..), everything seems to work fine but I'm not confident to put that in production.. Cyrus version is 3.08 installed with rpm on Centos7. I've build the rpms, so maybe I've made mistake at this step. cyrus was build like that : # cyr_buildinfo { "component": { "event_notification": true, "gssapi": true, "autocreate": true, "idled": true, "httpd": true, "kerberos_v4": false, "murder": true, "nntpd": true, "replication": true, "sieve": true, "calalarmd": true, "objectstore": false, "backup": true }, "dependency": { "ldap": true, "openssl": true, "pcre": true, "clamav": true }, "database": { "mysql": false, "pgsql": false, "sqlite": true, "lmdb": false }, "search": { "squat": true, "sphinx": false, "xapian": false, "xapian_flavor": "none" }, "hardware": { "sse42": true } } Thank you --- Ismaël TANGUY Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Running a script with cyradm throwing ReadLine errors
Dear ellie, > I did a bit of reading, and apparently Term::ReadLine is a stub module that just loads "an implementation", which in your case wants to be Term::ReadLine::Gnu. My guess is that, when you uninstall Term::ReadLine::Gnu, Term::ReadLine no longer successfully compiles because it's missing an implementation, and consequently the fallback code I pointed out previously is used instead. So, from this I'm concluding that the "correct setup" from above is adequate for the Cyrus::IMAP::DummyReadline interface, but is not sufficient for a real ReadLine implementation. Sounds like we've found our bug! the more I thought about it, the clearer it got. I do not think any more that the *real* issue is which stub Term::ReadLine uses. Different stubs might react differently when fed with undefined file handles, but this is only a distracting secondary issue. The real culprit is how the run function is implemented. Let's consider the original code for that function again: # trivial; wrapper for _run with correct setup sub run { my $cyradm; _run(\$cyradm, [*STDIN, *STDOUT, *STDERR], *__DATA__); } How should *__DATA__ have become a handle to the desired file (which should be executed) in any way? There is absolutely no parameter parsing, and after having researched what special meaning __DATA__ has, it became also clear that *__DATA__ isn't mysteriously assigned a reasonable value before run() is called. So I made some very trivial changes. The function now reads: # trivial; wrapper for _run with correct setup sub run { my ($cyradm, $fh); my $file = shift; defined $file || die "No filename given, aborting.\n"; open($fh, $file) || die "Could not open file '$file', aborting.\n"; _run(\$cyradm, [*STDIN, *STDOUT, *STDERR], $fh); } Now the whole thing works as expected, regardless of what stub modules are installed for Term::ReadLine. We could improve that code further; for example, it lacks a check if there is the right number of parameters (additional parameters are currently just ignored). Personally, I wouldn't need detailed checks; I just want it to execute that script file, avoiding ugly error messages from Perl itself relating to undefined values and so on. At a first glance, I couldn't see how the new code could be incompatible to the existing version. At least, there are no other calls to run() in that module (only to _run() which I didn't alter). I am quite sure that you have a bunch regression tests for all your modules, so let's see what they reveal. I am looking forward to your comments ... Thank you very much again! Regards, Binarus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Running a script with cyradm throwing ReadLine errors
Dear ellie, On 19.12.2018 01:38, ellie timoney wrote: > I did a bit of reading, and apparently Term::ReadLine is a stub module that > just loads "an implementation", which in your case wants to be > Term::ReadLine::Gnu. My guess is that, when you uninstall > Term::ReadLine::Gnu, Term::ReadLine no longer successfully compiles because > it's missing an implementation, and consequently the fallback code I pointed > out previously is used instead. So, from this I'm concluding that the > "correct setup" from above is adequate for the Cyrus::IMAP::DummyReadline > interface, but is not sufficient for a real ReadLine implementation. Sounds > like we've found our bug! Some additional findings: 1) Cyrus::IMAP::DummyReadLine - Looking again at that code # ugh. ugh. suck. aieee. my $use_rl = 'Cyrus::IMAP::DummyReadline'; { if (eval { require Term::ReadLine; }) { $use_rl = 'Term::ReadLine'; } } I believe that $use_rl *always* equals 'Term::ReadLine' after having executed it. This is for the following reason: In newer Perl versions, Term::ReadLine is a core module. Everybody has it installed. This means that the require Term::ReadLine will always be successful. I did a test to prove that. I uninstalled Term::ReadLine::Gnu again and changed the code above to the following (note the last line): # ugh. ugh. suck. aieee. my $use_rl = 'Cyrus::IMAP::DummyReadline'; { if (eval { require Term::ReadLine; }) { $use_rl = 'Term::ReadLine'; } } print $use_rl."\n"; As expected, perl -MCyrus::IMAP::Shell -e 'run("./000")' now prints Term::ReadLine as first line on the terminal. This was still the case (as expected again) after reinstalling Term::ReadLine::Gnu. *That means:* Cyrus::IMAP::DummyReadLine is not related to the problem or its solution in any way. It never gets pulled in, at least with recent Perl distributions which have Term::ReadLine included [as a core module]. 2) *__DATA__ variable / file handle --- After having read the Perl docs about that mysterious __DATA__ variable (see below), grep'ing the whole Perl module trees for the string __DATA__, and analyzing the results, I came to the conclusion that the *__DATA__ variable *never* is assigned any value during normal program execution, meaning that _run() always is called with undef as its last parameter. As a proof, I have replaced the following code # trivial; wrapper for _run with correct setup sub run { my $cyradm; _run(\$cyradm, [*STDIN, *STDOUT, *STDERR], *__DATA__); } by # trivial; wrapper for _run with correct setup sub run { my $cyradm; print Dumper(${*Cyrus::IMAP::Shell::__DATA__})."\n"; _run(\$cyradm, [*STDIN, *STDOUT, *STDERR], *__DATA__); } and have added use Data::Dumper at the beginning of the file. Now, when executing perl -MCyrus::IMAP::Shell -e 'run("./000")', it printed $VAR1 = undef; as the first line on the terminal. This was the case whether Term::ReadLine::Gnu was installed or not. To further back that finding, I reverted my changes and then changed the code again as follows (note the last parameter to _run()): # trivial; wrapper for _run with correct setup sub run { my $cyradm; _run(\$cyradm, [*STDIN, *STDOUT, *STDERR], undef); } This did not change the module's behavior compared to the original code. While it now threw the errors described in my first post again (as expected) when Term::ReadLine::Gnu was installed, it threw no errors when it was not installed. *That means:* *__DATA__ (the third parameter to _run) is always undef, and this does not lead to errors being thrown or the compilation / execution being aborted as long as Term::ReadLine::Gnu is not installed, but makes Term::ReadLine::Gnu (if it is installed) throw errors and abort the compilation / execution of the script. (Too) short explanation of the __DATA__ variable: This is a predefined filehandle in Perl which could be used as follows. Suppose you have a script: package ... [code here] __DATA__ data value 1 data value 2 ... Then you can access the data values (i.e. all values which come behind the __DATA__ statement) using the special filehandle [PACKAGE NAME]::DATA (or __DATA__ as well?) from within the package code. For details, see https://perldoc.perl.org/perldata.html#Special-Literals Since there is no __DATA__ statement in any of Cyrus' Perl modules or in modules they use, it is clear that the *__DATA__ filehandle is always undef. To be honest, I can't understand why it is used. I originally thought that it would be initialized by some other module (directly or indirectly) which is used by Cyrus::IMAP::Shell, but my analysis showed that it isn't (unless I have missed something, which might well be the case). 3) No script execution at all - I have to apologize that I didn't mention this in my first post; the re
Re: Running a script with cyradm throwing ReadLine errors
Dear ellie, On 19.12.2018 01:38, ellie timoney wrote: >> Then I have replaced the following code in Cyrus::IMAP::Shell > > That's very interesting. Does the same modified code continue to work if you > uninstall Term::Readline::Gnu again? That is to say, does the non-gnu > version break with that addition, or continue to work? I have just done that test: Yes, the same modified code continues to work even if Term::ReadLine::Gnu is uninstalled, i.e. my "patch" does not break the non-gnu version. >> In other words, I just have made sure that this mysterious *__DATA__ >> variable is reasonably defined in every case before _run is called. > > I had a look in Shell.pm and found this comment near the top: > >> # run(*FH|'FH') >> # read commands from the filehandle and pass to exec(); defaults to >> # __DATA__ I also had seen this comment, but couldn't make any sense from it. > So maybe that explains where the expectation for __DATA__ is coming from... > so: > >> # trivial; wrapper for _run with correct setup > > I wonder if the "correct setup" is not correct enough! There are many aspects I didn't understand yet. To me, it seems that _run is called with a bunch of uninitialized parameters. For example, where are $cyradm and *__DATA__ initialized? I am currently lacking the time to do my homework (i.e. to completely understand how this is supposed to work under normal circumstances), so I don't want to let other persons waste their time for explaining it to me ... However, despite the fact that I haven't grasped the overall concept yet, there is obviously a bug with parsing the command line. >> I have no idea why the "buggy" command line / argument parsing does not >> strike when Term::ReadLine::Gnu is uninstalled; I haven't grasped yet >> how *__DATA__ is supposed to be assigned a reasonable value to during >> the normal course of execution. I currently can only speculate that >> Term::ReadLine:: does this for us, while >> Term::ReadLine::Gnu doesn't. > > I did a bit of reading, and apparently Term::ReadLine is a stub module that > just loads "an implementation", which in your case wants to be > Term::ReadLine::Gnu. My guess is that, when you uninstall > Term::ReadLine::Gnu, Term::ReadLine no longer successfully compiles because > it's missing an implementation, and consequently the fallback code I pointed > out previously is used instead. So, from this I'm concluding that the > "correct setup" from above is adequate for the Cyrus::IMAP::DummyReadline > interface, but is not sufficient for a real ReadLine implementation. Sounds > like we've found our bug! I have come to a similar conclusion, and "not sufficient" in this case probably means that *__DATA__ is not initialized (or assigned to) correctly. I still have no idea which part of the program is responsible to assign it the desired file descriptor under normal circumstances. Possibly Cyrus::IMAP::DummyReadLine does initialize *__DATA__ correctly (because that module knows who it belongs to :-) and what is needed later), while Term::ReadLine::Gnu can't know about *__DATA__'s existence at all. But this is just a completely uneducated guess. > I'll have a bit of a play with it and see if I can find/fix the discrepancy > between the interfaces :) I'll try to free some time and eventually have a look into Cyrus::IMAP::DummyReadLine. I think we'll have to find out where *__DATA__ is normally initialized, and move that initialization to another place so that it happens regardless of the actual ReadLine "plugin". > Cheers, Again, thank you very much for all your help and your support! Binarus > ellie > > On Wed, Dec 19, 2018, at 5:00 AM, Binarus wrote: >> Dear ellie, >> >> On 17.12.2018 23:57, ellie timoney wrote: >>> Hi Binarus, >>> >>>> Could anybody please tell me what I might do wrong here? >>> >>> This kind of smells like maybe your system has two versions of perl >>> installed (or two versions of Term::ReadLine, or maybe even two versions of >>> Cyrus::IMAP::Shell), and they're getting in each other's way? >>> >>> I'm having a quick glance at the (2.5.10) source of Cyrus::IMAP::Shell and >>> this caught my eye: >>> >>>> # ugh. ugh. suck. aieee. >>>> my $use_rl = 'Cyrus::IMAP::DummyReadline'; >>>> { >>>> if (eval { require Term::ReadLine; }) { >>>> $use_rl = 'Term::ReadLine'; >>>> } >>>> } >> >> I have done some further investigations (very roughly because I don't >> have the time at the moment). It seems that the code which pars
Re: Running a script with cyradm throwing ReadLine errors
Hi Binarus, > Then I have replaced the following code in Cyrus::IMAP::Shell That's very interesting. Does the same modified code continue to work if you uninstall Term::Readline::Gnu again? That is to say, does the non-gnu version break with that addition, or continue to work? > In other words, I just have made sure that this mysterious *__DATA__ > variable is reasonably defined in every case before _run is called. I had a look in Shell.pm and found this comment near the top: > # run(*FH|'FH') > # read commands from the filehandle and pass to exec(); defaults to > # __DATA__ So maybe that explains where the expectation for __DATA__ is coming from... so: > # trivial; wrapper for _run with correct setup I wonder if the "correct setup" is not correct enough! > I have no idea why the "buggy" command line / argument parsing does not > strike when Term::ReadLine::Gnu is uninstalled; I haven't grasped yet > how *__DATA__ is supposed to be assigned a reasonable value to during > the normal course of execution. I currently can only speculate that > Term::ReadLine:: does this for us, while > Term::ReadLine::Gnu doesn't. I did a bit of reading, and apparently Term::ReadLine is a stub module that just loads "an implementation", which in your case wants to be Term::ReadLine::Gnu. My guess is that, when you uninstall Term::ReadLine::Gnu, Term::ReadLine no longer successfully compiles because it's missing an implementation, and consequently the fallback code I pointed out previously is used instead. So, from this I'm concluding that the "correct setup" from above is adequate for the Cyrus::IMAP::DummyReadline interface, but is not sufficient for a real ReadLine implementation. Sounds like we've found our bug! I'll have a bit of a play with it and see if I can find/fix the discrepancy between the interfaces :) Cheers, ellie On Wed, Dec 19, 2018, at 5:00 AM, Binarus wrote: > Dear ellie, > > On 17.12.2018 23:57, ellie timoney wrote: > > Hi Binarus, > > > >> Could anybody please tell me what I might do wrong here? > > > > This kind of smells like maybe your system has two versions of perl > > installed (or two versions of Term::ReadLine, or maybe even two versions of > > Cyrus::IMAP::Shell), and they're getting in each other's way? > > > > I'm having a quick glance at the (2.5.10) source of Cyrus::IMAP::Shell and > > this caught my eye: > > > >> # ugh. ugh. suck. aieee. > >> my $use_rl = 'Cyrus::IMAP::DummyReadline'; > >> { > >> if (eval { require Term::ReadLine; }) { > >> $use_rl = 'Term::ReadLine'; > >> } > >> } > > I have done some further investigations (very roughly because I don't > have the time at the moment). It seems that the code which parses the > command line and the run parameters in Cyrus::IMAP::Shell is buggy (or > at least not prepared to handle Term::ReadLine::Gnu). > > As a proof, I have reinstalled Term::ReadLine:Gnu and verified that the > problem was showing again. > > Then I have replaced the following code in Cyrus::IMAP::Shell > > # trivial; wrapper for _run with correct setup > sub run { > my $cyradm; > _run(\$cyradm, [*STDIN, *STDOUT, *STDERR], *__DATA__); > } > > by the following code: > > # trivial; wrapper for _run with correct setup > sub run { > my $cyradm; > open(*__DATA__, "./000"); > _run(\$cyradm, [*STDIN, *STDOUT, *STDERR], *__DATA__); > } > > In other words, I just have made sure that this mysterious *__DATA__ > variable is reasonably defined in every case before _run is called. > > Now the command > > perl -MCyrus::IMAP::Shell -e 'run("000")' > > executed without any error message. > > To verify that the script worked as intended, I added a few lines to it: > > connect -noauthenticate localhost > auth cyrus > lm > > When run as shown above, it did exactly what it was supposed to. It > asked for the password and then listed all mailboxes and their subfolders. > > So now I have at least a system where I can have Term::ReadLine::Gnu > installed (and thus can have a history and command editing capabilities > in cyradm) _and_ can execute a script, although the script's filename is > hardcoded. > > Probably it would be absolutely trivial for the authors of > Cyrus::IMAP::Shell to fix this issue. It would be very nice if somebody > could care about it. Perhaps it's already fixed in the newer versions? I > am still on 2.5.10. > > I have no idea why the "buggy" command line / argument parsing does not > strike when Term::ReadLine::Gnu is uninstalled; I haven't grasped yet > how *__DATA__ is sup
Re: Running a script with cyradm throwing ReadLine errors
Dear ellie, On 17.12.2018 23:57, ellie timoney wrote: > Hi Binarus, > >> Could anybody please tell me what I might do wrong here? > > This kind of smells like maybe your system has two versions of perl installed > (or two versions of Term::ReadLine, or maybe even two versions of > Cyrus::IMAP::Shell), and they're getting in each other's way? > > I'm having a quick glance at the (2.5.10) source of Cyrus::IMAP::Shell and > this caught my eye: > >> # ugh. ugh. suck. aieee. >> my $use_rl = 'Cyrus::IMAP::DummyReadline'; >> { >> if (eval { require Term::ReadLine; }) { >> $use_rl = 'Term::ReadLine'; >> } >> } I have done some further investigations (very roughly because I don't have the time at the moment). It seems that the code which parses the command line and the run parameters in Cyrus::IMAP::Shell is buggy (or at least not prepared to handle Term::ReadLine::Gnu). As a proof, I have reinstalled Term::ReadLine:Gnu and verified that the problem was showing again. Then I have replaced the following code in Cyrus::IMAP::Shell # trivial; wrapper for _run with correct setup sub run { my $cyradm; _run(\$cyradm, [*STDIN, *STDOUT, *STDERR], *__DATA__); } by the following code: # trivial; wrapper for _run with correct setup sub run { my $cyradm; open(*__DATA__, "./000"); _run(\$cyradm, [*STDIN, *STDOUT, *STDERR], *__DATA__); } In other words, I just have made sure that this mysterious *__DATA__ variable is reasonably defined in every case before _run is called. Now the command perl -MCyrus::IMAP::Shell -e 'run("000")' executed without any error message. To verify that the script worked as intended, I added a few lines to it: connect -noauthenticate localhost auth cyrus lm When run as shown above, it did exactly what it was supposed to. It asked for the password and then listed all mailboxes and their subfolders. So now I have at least a system where I can have Term::ReadLine::Gnu installed (and thus can have a history and command editing capabilities in cyradm) _and_ can execute a script, although the script's filename is hardcoded. Probably it would be absolutely trivial for the authors of Cyrus::IMAP::Shell to fix this issue. It would be very nice if somebody could care about it. Perhaps it's already fixed in the newer versions? I am still on 2.5.10. I have no idea why the "buggy" command line / argument parsing does not strike when Term::ReadLine::Gnu is uninstalled; I haven't grasped yet how *__DATA__ is supposed to be assigned a reasonable value to during the normal course of execution. I currently can only speculate that Term::ReadLine:: does this for us, while Term::ReadLine::Gnu doesn't. Regards, Binarus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Running a script with cyradm throwing ReadLine errors
Dear ellie, thank you very much for your help! On 17.12.2018 23:57, ellie timoney wrote: > Hi Binarus, > >> Could anybody please tell me what I might do wrong here? > > This kind of smells like maybe your system has two versions of perl installed > (or two versions of Term::ReadLine, or maybe even two versions of > Cyrus::IMAP::Shell), and they're getting in each other's way? Since this is a fresh installation of Debian stretch, and since I didn't compile or install anything by hand yet, and since the Debian package management is usually very reliable, I am quite sure that this is not the problem. > Which... fills me with confidence. Looks like a workaround for missing > (broken?) Term::Readline but that comment isn't super enlightening. I wonder > if it will Just Work if you uninstall Term::Readline? This idea is very interesting, and you are absolutely right! While I didn't want to remove Term::ReadLine itself (because it is a core module and the usual module uninstall tools have difficulties with uninstalling it), I removed Term::ReadLine:Gnu (which I had additionally installed) instead. This made the error go away, and it seems that I can execute scripts now. So you have provided the solution and solved the problem. However, there is a downside. I am using cyradm quite often, mainly for setting permissions in a large shared folder (i.e. public) hierarchy. For this reason, I really need the nice feature which bash and many sorts of other shells provide: Hit the "Cursor-Up" key and have the shell repeat the previous command; the ability to edit the command line is often associated with this. Obviously, we can't have this feature in cyradm when only Term::ReadLine is installed. When this is the case, I even can't use "Cursor-Left" or "Cursor-Right" keys because they only produce weird character sequences instead of moving the cursor. This was the reason why I installed Term::ReadLine::Gnu in addition to Term::ReadLine. When Term::ReadLine:Gnu is installed, the command history feature in cyradm works as expected, and I can edit the command line (including using cursor keys) in a reasonable manner. Now it looks that I can either run scripts with cyradm _or_ can have its command line history and editing, but not both features at the same time. I think I could live with that, but of course I would be grateful if somebody would share a method to enable both features. Perhaps there is another module which I could use as a replacement for Term::ReadLine::Gnu and which does not break scripting? Thank you very much again, Binarus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Running a script with cyradm throwing ReadLine errors
Hi Binarus, > Could anybody please tell me what I might do wrong here? This kind of smells like maybe your system has two versions of perl installed (or two versions of Term::ReadLine, or maybe even two versions of Cyrus::IMAP::Shell), and they're getting in each other's way? I'm having a quick glance at the (2.5.10) source of Cyrus::IMAP::Shell and this caught my eye: > # ugh. ugh. suck. aieee. > my $use_rl = 'Cyrus::IMAP::DummyReadline'; > { > if (eval { require Term::ReadLine; }) { > $use_rl = 'Term::ReadLine'; > } > } Which... fills me with confidence. Looks like a workaround for missing (broken?) Term::Readline but that comment isn't super enlightening. I wonder if it will Just Work if you uninstall Term::Readline? I haven't really used cyradm at all myself, so take all this with a grain of salt. Hopefully someone who has can chime in! Cheers, ellie On Sun, Dec 16, 2018, at 8:04 PM, Binarus wrote: > Dear all, > > I was just trying to explore cyradm a little bit further and hence was > experimenting with its scripting capabilities. Having cyradm run a > script should be pretty easy. man cyradm tells us: > > perl -MCyrus::IMAP::Shell -e 'run("myscript")' > > So I created the simplest possible script (that means an empty one) and > tried to run it: > > touch 000 > chmod a+x 000 (just in case ...) > perl -MCyrus::IMAP::Shell -e 'run("000")' > > The only thing I got was: > > Use of uninitialized value within @layers in string eq at /usr/local/ > lib/x86_64-linux-gnu/perl/5.24.1/Term/ReadLine/Gnu.pm line 280. > Bad filehandle: __DATA__ at /usr/local/lib/x86_64-linux-gnu/perl/ > 5.24.1/Term/ReadLine/Gnu.pm line 769. > > Putting something meaningful into the script did not change the situation. > > I have googled and read documentation (mainly on cyrusimapd.org) for > several hours, but could not find the reason for the problem. > > I even have put allowplaintext=yes into imapd.conf and restarted imapd > (knowing that this probably wasn't very smart, but the term "layers" in > the error message made me mistrustful because there are authentication > "layers", and I don't have any problems with Term::ReadLine::Gnu in > general). As expected, this didn't change the situation either. > > This happened with 2.4.16 as well as with 2.5.10. > > Could anybody please tell me what I might do wrong here? > > Thank you very much in advance, > > Binarus > > > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Running a script with cyradm throwing ReadLine errors
Dear all, I was just trying to explore cyradm a little bit further and hence was experimenting with its scripting capabilities. Having cyradm run a script should be pretty easy. man cyradm tells us: perl -MCyrus::IMAP::Shell -e 'run("myscript")' So I created the simplest possible script (that means an empty one) and tried to run it: touch 000 chmod a+x 000 (just in case ...) perl -MCyrus::IMAP::Shell -e 'run("000")' The only thing I got was: Use of uninitialized value within @layers in string eq at /usr/local/lib/x86_64-linux-gnu/perl/5.24.1/Term/ReadLine/Gnu.pm line 280. Bad filehandle: __DATA__ at /usr/local/lib/x86_64-linux-gnu/perl/5.24.1/Term/ReadLine/Gnu.pm line 769. Putting something meaningful into the script did not change the situation. I have googled and read documentation (mainly on cyrusimapd.org) for several hours, but could not find the reason for the problem. I even have put allowplaintext=yes into imapd.conf and restarted imapd (knowing that this probably wasn't very smart, but the term "layers" in the error message made me mistrustful because there are authentication "layers", and I don't have any problems with Term::ReadLine::Gnu in general). As expected, this didn't change the situation either. This happened with 2.4.16 as well as with 2.5.10. Could anybody please tell me what I might do wrong here? Thank you very much in advance, Binarus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyradm problem
Op 15-09-18 om 08:25 schreef bluntroller via Info-cyrus: > Day, > I totally dislike it but I need help here. > I have postfix installed, up and running as a MTA. > I have saslauthd installed up and running and an authentication server. > I use the auxprop-sasldb2 alternative as a user/password database (and > thought this were the easiest way to get it all up before turning to the > mysql option, automating procedures, php-scripting etc) > I can do remote-logins into my server via sasl authentication. > I can do remote-logings into my (imaps) server with the aid of TLS > Certificates only. > I do not use the POP3 protocol at all. > I do not use unsecured connections at all. > Everything goes over TLS/sasl authentication/authorization. > > However... > If it comes to testsaslauthd, imtest or cyradm I can't connect to > localhost.localdomain (via SSH) on my remote server or get a '*can't > connect to server*' (cyradm) reply. Not sure what you mean with "with ssh". What I do is log into the machine with ssh, and then: cyradm -u cyrus localhost testsaslauthd -u paul -p xx -f /var/spool/postfix/var/run/saslauthd/mux > I'm pretty sure it's a simple configuration problem or misunderstanding > of the stack at all but I am stuck finding the needle in the haystack. > It's probably a SSH problem but I am not sure. > Inside SSH I use a certificate-based authentication too with root-logins > not allowed ('without password') > > Any help is very appreciated. Hope it helps! With regards, Paul -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
cyradm problem
Day, I totally dislike it but I need help here. I have postfix installed, up and running as a MTA. I have saslauthd installed up and running and an authentication server. I use the auxprop-sasldb2 alternative as a user/password database (and thought this were the easiest way to get it all up before turning to the mysql option, automating procedures, php-scripting etc) I can do remote-logins into my server via sasl authentication. I can do remote-logings into my (imaps) server with the aid of TLS Certificates only. I do not use the POP3 protocol at all. I do not use unsecured connections at all. Everything goes over TLS/sasl authentication/authorization. However... If it comes to testsaslauthd, imtest or cyradm I can't connect to localhost.localdomain (via SSH) on my remote server or get a 'can't connect to server' (cyradm) reply. I'm pretty sure it's a simple configuration problem or misunderstanding of the stack at all but I am stuck finding the needle in the haystack. It's probably a SSH problem but I am not sure. Inside SSH I use a certificate-based authentication too with root-logins not allowed ('without password') Any help is very appreciated. Greets Gee Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: odd problem with cyradm
On 2017-08-21 08:57, Egoitz Aurrekoetxea wrote: > Have you copied from another machine or similar the quota database?? > > > You should never do that No. The mailstore was transferred with imapsync many months ago. The test enviroment behaves identical, ie. the MUA'a and bin/quota with and without -f all report correct values for quota. Only thing that does not work is cyradm for reading qoutas, "set quota" works. I think I'm giving up on this one for now because it is not a problem really production-wise. Thanks, > > El 21/8/17 a las 8:42, Per olof Ljungmark escribió: >> On 2017-08-21 08:11, Egoitz Aurrekoetxea wrote: >>> Good morning, >>> >>> >>> What happens if you launch the cyradm from a remote machine?. For >>> instance in a FreeBSD with another Perl version?. Does it work?. >>> >> >> No, tried that and results are the same. Current line of thought is >> that something is not right with the quota database, I am building a >> testing setup now to verify. >> >>> >>> El 19/8/17 a las 13:18, Per olof Ljungmark escribió: >>>> Hi all, >>>> >>>> Wonder if someone can offer help. >>>> >>>> Host is FreeBSD 11.0-STABLE #0 r316644M and cyrus 2.5.11 in a jail. >>>> If I run cyradm as user cyrus (admin) and issue the lq command, usually >>>> there is a proper response at first, but subsequent commands fail. This >>>> could very well be a FreeBSD problem but I thought I'll ask here first. >>>> >>>> 1st: >>>> >>>> read(0,"lq user/\n",8192) = 15 (0xf) >>>> write(3,"8 GETQUOTA user/\r\n",24) = 24 (0x18) >>>> select(4,{ 3 },{ },0x0,0x0) = 1 (0x1) >>>> read(3,"* QUOTA user/ (STORAGE 888619 1000)\r\n8 OK >>>> Completed\r\n",4096) = 63 (0x3f) >>>> write(1," STORAGE 888619/1000",24) = 24 (0x18) >>>> write(1," (8.88619%)",11)= 11 (0xb) >>>> write(1,"\n",1) = 1 (0x1) >>>> write(1,"192.168.64.12> ",15)= 15 (0xf) >>>> >>>> and following >>>> >>>> read(0,"lq user/\n",8192) = 15 (0xf) >>>> write(3,"10 GETQUOTA user/\r\n",25)= 25 (0x19) >>>> select(4,{ 3 },{ },0x0,0x0) = 1 (0x1) >>>> read(3,"* QUOTA user/ (STORAGE 888619 1000)\r\n10 OK >>>> Completed\r\n",4096) = 64 (0x40) >>>> write(1,"192.168.64.12> ",15)= 15 (0xf) >>>> >>>> As one can see, cyradm does not write out the info, just reads it. >>>> >>>> There are no quota problems AFAICS, bin/quota and -f all works as >>>> expected and mail agents sees proper quota info, so I am inclined to >>>> think there is something fishy with cyradm or possibly something I >>>> cannot see with the quotas. >>>> >>>> Same with both quotas.db twoskip and quotalegacy. Other cyradm commands >>>> works fine. >>>> >>>> Thanks! >>>> >>>> //per >>>> >>>> Cyrus Home Page: http://www.cyrusimap.org/ >>>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >>>> To Unsubscribe: >>>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus >>> >>> -- >>> >>> >>> sarenet >>> *Egoitz Aurrekoetxea* >>> Departamento de sistemas >>> 944 209 470 >>> Parque Tecnológico. Edificio 103 >>> 48170 Zamudio (Bizkaia) >>> ego...@sarenet.es <mailto:ego...@sarenet.es> >>> www.sarenet.es <https://www.sarenet.es> >>> >>> Antes de imprimir este correo electrónico piense si es necesario >>> hacerlo. >>> >>> >>> >>> Cyrus Home Page: http://www.cyrusimap.org/ >>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >>> To Unsubscribe: >>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus >>> >> >> Cyrus Home Page: http://www.cyrusimap.org/ >> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >> To Unsubscribe: >> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > > -- > > > sarenet > *Egoitz Aurrekoetxea* > Departamento de sistemas > 944 209 470 > Parque Tecnológico. Edificio 103 > 48170 Zamudio (Bizkaia) > ego...@sarenet.es <mailto:ego...@sarenet.es> > www.sarenet.es <https://www.sarenet.es> > > Antes de imprimir este correo electrónico piense si es necesario hacerlo. > > > > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: odd problem with cyradm
Have you copied from another machine or similar the quota database?? You should never do that Best regards, El 21/8/17 a las 8:42, Per olof Ljungmark escribió: On 2017-08-21 08:11, Egoitz Aurrekoetxea wrote: Good morning, What happens if you launch the cyradm from a remote machine?. For instance in a FreeBSD with another Perl version?. Does it work?. No, tried that and results are the same. Current line of thought is that something is not right with the quota database, I am building a testing setup now to verify. El 19/8/17 a las 13:18, Per olof Ljungmark escribió: Hi all, Wonder if someone can offer help. Host is FreeBSD 11.0-STABLE #0 r316644M and cyrus 2.5.11 in a jail. If I run cyradm as user cyrus (admin) and issue the lq command, usually there is a proper response at first, but subsequent commands fail. This could very well be a FreeBSD problem but I thought I'll ask here first. 1st: read(0,"lq user/\n",8192) = 15 (0xf) write(3,"8 GETQUOTA user/\r\n",24) = 24 (0x18) select(4,{ 3 },{ },0x0,0x0) = 1 (0x1) read(3,"* QUOTA user/ (STORAGE 888619 1000)\r\n8 OK Completed\r\n",4096) = 63 (0x3f) write(1," STORAGE 888619/1000",24) = 24 (0x18) write(1," (8.88619%)",11)= 11 (0xb) write(1,"\n",1) = 1 (0x1) write(1,"192.168.64.12> ",15)= 15 (0xf) and following read(0,"lq user/\n",8192) = 15 (0xf) write(3,"10 GETQUOTA user/\r\n",25)= 25 (0x19) select(4,{ 3 },{ },0x0,0x0) = 1 (0x1) read(3,"* QUOTA user/ (STORAGE 888619 1000)\r\n10 OK Completed\r\n",4096) = 64 (0x40) write(1,"192.168.64.12> ",15)= 15 (0xf) As one can see, cyradm does not write out the info, just reads it. There are no quota problems AFAICS, bin/quota and -f all works as expected and mail agents sees proper quota info, so I am inclined to think there is something fishy with cyradm or possibly something I cannot see with the quotas. Same with both quotas.db twoskip and quotalegacy. Other cyradm commands works fine. Thanks! //per Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus -- sarenet *Egoitz Aurrekoetxea* Departamento de sistemas 944 209 470 Parque Tecnológico. Edificio 103 48170 Zamudio (Bizkaia) ego...@sarenet.es <mailto:ego...@sarenet.es> www.sarenet.es <https://www.sarenet.es> Antes de imprimir este correo electrónico piense si es necesario hacerlo. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus -- sarenet *Egoitz Aurrekoetxea* Departamento de sistemas 944 209 470 Parque Tecnológico. Edificio 103 48170 Zamudio (Bizkaia) ego...@sarenet.es <mailto:ego...@sarenet.es> www.sarenet.es <https://www.sarenet.es> Antes de imprimir este correo electrónico piense si es necesario hacerlo. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: odd problem with cyradm
On 2017-08-21 08:11, Egoitz Aurrekoetxea wrote: Good morning, What happens if you launch the cyradm from a remote machine?. For instance in a FreeBSD with another Perl version?. Does it work?. No, tried that and results are the same. Current line of thought is that something is not right with the quota database, I am building a testing setup now to verify. El 19/8/17 a las 13:18, Per olof Ljungmark escribió: Hi all, Wonder if someone can offer help. Host is FreeBSD 11.0-STABLE #0 r316644M and cyrus 2.5.11 in a jail. If I run cyradm as user cyrus (admin) and issue the lq command, usually there is a proper response at first, but subsequent commands fail. This could very well be a FreeBSD problem but I thought I'll ask here first. 1st: read(0,"lq user/\n",8192) = 15 (0xf) write(3,"8 GETQUOTA user/\r\n",24) = 24 (0x18) select(4,{ 3 },{ },0x0,0x0) = 1 (0x1) read(3,"* QUOTA user/ (STORAGE 888619 1000)\r\n8 OK Completed\r\n",4096) = 63 (0x3f) write(1," STORAGE 888619/1000",24) = 24 (0x18) write(1," (8.88619%)",11)= 11 (0xb) write(1,"\n",1) = 1 (0x1) write(1,"192.168.64.12> ",15)= 15 (0xf) and following read(0,"lq user/\n",8192) = 15 (0xf) write(3,"10 GETQUOTA user/\r\n",25)= 25 (0x19) select(4,{ 3 },{ },0x0,0x0) = 1 (0x1) read(3,"* QUOTA user/ (STORAGE 888619 1000)\r\n10 OK Completed\r\n",4096) = 64 (0x40) write(1,"192.168.64.12> ",15)= 15 (0xf) As one can see, cyradm does not write out the info, just reads it. There are no quota problems AFAICS, bin/quota and -f all works as expected and mail agents sees proper quota info, so I am inclined to think there is something fishy with cyradm or possibly something I cannot see with the quotas. Same with both quotas.db twoskip and quotalegacy. Other cyradm commands works fine. Thanks! //per Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus -- sarenet *Egoitz Aurrekoetxea* Departamento de sistemas 944 209 470 Parque Tecnológico. Edificio 103 48170 Zamudio (Bizkaia) ego...@sarenet.es <mailto:ego...@sarenet.es> www.sarenet.es <https://www.sarenet.es> Antes de imprimir este correo electrónico piense si es necesario hacerlo. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
odd problem with cyradm
Hi all, Wonder if someone can offer help. Host is FreeBSD 11.0-STABLE #0 r316644M and cyrus 2.5.11 in a jail. If I run cyradm as user cyrus (admin) and issue the lq command, usually there is a proper response at first, but subsequent commands fail. This could very well be a FreeBSD problem but I thought I'll ask here first. 1st: read(0,"lq user/\n",8192) = 15 (0xf) write(3,"8 GETQUOTA user/\r\n",24) = 24 (0x18) select(4,{ 3 },{ },0x0,0x0) = 1 (0x1) read(3,"* QUOTA user/ (STORAGE 888619 1000)\r\n8 OK Completed\r\n",4096) = 63 (0x3f) write(1," STORAGE 888619/1000",24) = 24 (0x18) write(1," (8.88619%)",11)= 11 (0xb) write(1,"\n",1) = 1 (0x1) write(1,"192.168.64.12> ",15)= 15 (0xf) and following read(0,"lq user/\n",8192) = 15 (0xf) write(3,"10 GETQUOTA user/\r\n",25)= 25 (0x19) select(4,{ 3 },{ },0x0,0x0) = 1 (0x1) read(3,"* QUOTA user/ (STORAGE 888619 1000)\r\n10 OK Completed\r\n",4096) = 64 (0x40) write(1,"192.168.64.12> ",15)= 15 (0xf) As one can see, cyradm does not write out the info, just reads it. There are no quota problems AFAICS, bin/quota and -f all works as expected and mail agents sees proper quota info, so I am inclined to think there is something fishy with cyradm or possibly something I cannot see with the quotas. Same with both quotas.db twoskip and quotalegacy. Other cyradm commands works fine. Thanks! //per Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: 3.0.2 cyradm: listmailbox and info does not find any mailbox
Hi Ken, Zitat von Ken Murchison: Try user/foo instead of user.foo poorly this doesn't help...: localhost> info user/foo Mailbox does not exist localhost> info user^foo Mailbox does not exist localhost> info user.foo Mailbox does not exist localhost> lam user.foo cyrus lrswipkxtecda localhost> -- Liebe Gruesse, with best regards Stephan Lauffer Pedagogical University Freiburg - Germany http://www.ph-freiburg.de/zik/ Fon/ Fax: +49 761 682 -559/ -486 smime.p7s Description: S/MIME-Signatur Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: 3.0.2 cyradm: listmailbox and info does not find any mailbox
Try user/foo instead of user.foo On 07/27/2017 05:34 AM, Stephan Lauffer wrote: Hello! I am on building "newer" cyrus-imapd rpms for recent opensSUSE distributions because opensuse only offers 2.4*. Atm I am testing my first 3.0.2 bulds (see https://build.opensuse.org/project/show/home:nixda:branches:home:nixda:devel). Poorly there must be something wrong somehow... somewhere... on an "fresh" and new system with no mailbox I did the following steps: mailfr-hx:~ # cyradm --user cyrus localhost Password: localhost> lm * localhost> lm user.foo localhost> info user.foo Mailbox does not exist localhost> cm user.foo localhost> lm localhost> lm user.foo localhost> info user.foo Mailbox does not exist localhost> sam user.foo cyrus all localhost> lam user.foo cyrus lrswipkxtecda localhost> sam user.bar cyrus all setaclmailbox: cyrus: lrswipkxtea: Mailbox does not exist So you can see: sam and lam are working right, they can see if there is a mailbox... but lm and info is wrong. The ctl_mboxlist command is ok, too: cyrus@mailfr-hx:~> /usr/lib/cyrus/bin/ctl_mboxlist -d user^foo0 00 cyrus lrswipkxtecda Any hints and ideas?! Build and config informations (thx for the new tools!): --- cyrus@mailfr-hx:~> /usr/lib/cyrus/bin/cyr_info conf admins: cyrus murder allowallsubscribe: yes allowplaintext: yes allowusermoves: yes anyoneuseracl: no autocreate_quota: 1 configdirectory: /var/lib/imap defaultacl: anyone defaultpartition: 00 duplicate_db_path: /var/lib/imap/deliver.db fulldirhash: yes hashimapspool: yes mboxname_lockpath: /run/cyrus/lock mupdate_authname: cyrus mupdate_password: X mupdate_server: mailproxy mupdate_username: cyrus proc_path: /run/cyrus/proc proxy_authname: murder proxy_password: XXX proxyservers: murder ptscache_db_path: /var/lib/imap/ptscache.db quotawarn: 95 sieve_extensions: fileinto reject vacation imapflags notify include envelope body relational regex subaddress copy sievedir: /var/lib/sieve sievenotifier: mailto statuscache_db_path: /var/lib/imap/statuscache.db timeout: 35 tls_sessions_db_path: /var/lib/imap/tls_sessions.db partition-04: /srv/cyrus/var/spool/imap/04 partition-05: /srv/cyrus/var/spool/imap/05 partition-06: /srv/cyrus/var/spool/imap/06 partition-07: /srv/cyrus/var/spool/imap/07 partition-00: /srv/cyrus/var/spool/imap/00 partition-01: /srv/cyrus/var/spool/imap/01 xlist-drafts: Drafts partition-02: /srv/cyrus/var/spool/imap/02 sasl_mech_list: plain xlist-sent: Sent partition-03: /srv/cyrus/var/spool/imap/03 xlist-trash: Trash sasl_pwcheck_method: saslauthd partition-08: /srv/cyrus/var/spool/imap/08 xlist-spam: SPAM lmtp_admins: murder partition-09: /srv/cyrus/var/spool/imap/09 cyrus@mailfr-hx:~> /usr/lib/cyrus/bin/cyr_buildinfo { "component": { "event_notification": true, "gssapi": true, "autocreate": false, "idled": true, "httpd": true, "kerberos_v4": false, "murder": true, "nntpd": true, "replication": true, "sieve": true, "calalarmd": false, "jmap": false, "objectstore": false, "backup": false }, "dependency": { "ldap": true, "openssl": true, "pcre": false, "clamav": true }, "database": { "mysql": false, "pgsql": false, "sqlite": true, "lmdb": false }, "search": { "squat": true, "sphinx": false, "xapian": false, "xapian_flavor": "none" }, "hardware": { "sse42": true } } Sidenote: If I disable/not use the murder I can't see a different behavoir. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus -- Kenneth Murchison Cyrus Development Team FastMail Pty Ltd Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
3.0.2 cyradm: listmailbox and info does not find any mailbox
Hello! I am on building "newer" cyrus-imapd rpms for recent opensSUSE distributions because opensuse only offers 2.4*. Atm I am testing my first 3.0.2 bulds (see https://build.opensuse.org/project/show/home:nixda:branches:home:nixda:devel). Poorly there must be something wrong somehow... somewhere... on an "fresh" and new system with no mailbox I did the following steps: mailfr-hx:~ # cyradm --user cyrus localhost Password: localhost> lm * localhost> lm user.foo localhost> info user.foo Mailbox does not exist localhost> cm user.foo localhost> lm localhost> lm user.foo localhost> info user.foo Mailbox does not exist localhost> sam user.foo cyrus all localhost> lam user.foo cyrus lrswipkxtecda localhost> sam user.bar cyrus all setaclmailbox: cyrus: lrswipkxtea: Mailbox does not exist So you can see: sam and lam are working right, they can see if there is a mailbox... but lm and info is wrong. The ctl_mboxlist command is ok, too: cyrus@mailfr-hx:~> /usr/lib/cyrus/bin/ctl_mboxlist -d user^foo0 00 cyrus lrswipkxtecda Any hints and ideas?! Build and config informations (thx for the new tools!): --- cyrus@mailfr-hx:~> /usr/lib/cyrus/bin/cyr_info conf admins: cyrus murder allowallsubscribe: yes allowplaintext: yes allowusermoves: yes anyoneuseracl: no autocreate_quota: 1 configdirectory: /var/lib/imap defaultacl: anyone defaultpartition: 00 duplicate_db_path: /var/lib/imap/deliver.db fulldirhash: yes hashimapspool: yes mboxname_lockpath: /run/cyrus/lock mupdate_authname: cyrus mupdate_password: X mupdate_server: mailproxy mupdate_username: cyrus proc_path: /run/cyrus/proc proxy_authname: murder proxy_password: XXX proxyservers: murder ptscache_db_path: /var/lib/imap/ptscache.db quotawarn: 95 sieve_extensions: fileinto reject vacation imapflags notify include envelope body relational regex subaddress copy sievedir: /var/lib/sieve sievenotifier: mailto statuscache_db_path: /var/lib/imap/statuscache.db timeout: 35 tls_sessions_db_path: /var/lib/imap/tls_sessions.db partition-04: /srv/cyrus/var/spool/imap/04 partition-05: /srv/cyrus/var/spool/imap/05 partition-06: /srv/cyrus/var/spool/imap/06 partition-07: /srv/cyrus/var/spool/imap/07 partition-00: /srv/cyrus/var/spool/imap/00 partition-01: /srv/cyrus/var/spool/imap/01 xlist-drafts: Drafts partition-02: /srv/cyrus/var/spool/imap/02 sasl_mech_list: plain xlist-sent: Sent partition-03: /srv/cyrus/var/spool/imap/03 xlist-trash: Trash sasl_pwcheck_method: saslauthd partition-08: /srv/cyrus/var/spool/imap/08 xlist-spam: SPAM lmtp_admins: murder partition-09: /srv/cyrus/var/spool/imap/09 cyrus@mailfr-hx:~> /usr/lib/cyrus/bin/cyr_buildinfo { "component": { "event_notification": true, "gssapi": true, "autocreate": false, "idled": true, "httpd": true, "kerberos_v4": false, "murder": true, "nntpd": true, "replication": true, "sieve": true, "calalarmd": false, "jmap": false, "objectstore": false, "backup": false }, "dependency": { "ldap": true, "openssl": true, "pcre": false, "clamav": true }, "database": { "mysql": false, "pgsql": false, "sqlite": true, "lmdb": false }, "search": { "squat": true, "sphinx": false, "xapian": false, "xapian_flavor": "none" }, "hardware": { "sse42": true } } Sidenote: If I disable/not use the murder I can't see a different behavoir. -- Liebe Gruesse, with best regards Stephan Lauffer Pedagogical University Freiburg - Germany http://www.ph-freiburg.de/zik/ Fon/ Fax: +49 761 682 -559/ -486 smime.p7s Description: S/MIME-Signatur Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyradm not showing metadata if logged as admin
Not really, no. It's the same problem we have with the \Seen flag, which is private to each user. Bron. On Fri, 7 Apr 2017, at 12:32, ellie timoney wrote: > Hi Olaf, > > I think this is expected behaviour. Mailbox annotations in the > "/private/" namespace are per user -- such that if multiple users have > access to the same mailbox, they can each have their own annotations on > it. > > So, when you log into this account with IMAP and set /private/specialuse > annotations, you're setting those annotations for the user you logged in > as. > > When you log in as an admin and look at the same mailbox, you're seeing > the admin's annotations (which you haven't set any), not the user's. > > I don't know if there's an effective way to do what you want. Can > anyone else chime in? > > Cheers, > > ellie > > On Fri, Apr 7, 2017, at 12:29 AM, Olaf Frączyk wrote: > > Hello, > > > > cyrus-imapd-2.5.10-2.3.el7.x86_64 from open build system > > > > I have set metadata for mailboxes: > > > > t3 SETMETADATA "INBOX/Sent" (/private/specialuse "\\Sent") > > > > I can see the metadata from imap connection and from cyradm but only > > when logged as user: > > > > t3 LIST (SPECIAL-USE) "" "*" > > * LIST (\HasNoChildren \Drafts) "/" INBOX/Drafts > > * LIST (\HasNoChildren \Sent) "/" INBOX/Sent > > * LIST (\HasNoChildren \Trash) "/" INBOX/Trash > > * LIST (\HasNoChildren \Junk) "/" INBOX/spam > > > > 192.168.1.8> getmd INBOX/Sent > > {INBOX/Sent}: > >private: > > check: NIL > > checkperiod: NIL > > comment: NIL > > sort: NIL > > specialuse: \Sent > > thread: NIL > > expire: NIL > > news2mail: NIL > > sieve: NIL > > squat: NIL > > > > When logged as cyrus admin I get: > > > > 192.168.1.8> getmd user/info/s...@navi.pl > > {user/info/s...@navi.pl}: > >private: > > check: NIL > > checkperiod: NIL > > comment: NIL > > sort: NIL > > specialuse: NIL > > thread: NIL > > expire: NIL > > news2mail: NIL > > sieve: NIL > > squat: NIL > > > > I want to be able to set the metadata for users' mailboxes, so the > > Outlook and Thunderbird use correct folders. > > > > I tried to give the admin full ACL rights for this mailbox but it didn't > > help. > > > > Is there any configuration option to change this behaviour? > > > > Best regards, > > > > Olaf Frączyk > > > > -- > > NAVI Sp. z o.o. > > Promienista 5/1 > > 60-288 Poznań > > > > mobile: +48609769035 > > phone: +48616622881 > > fax: +48616622882 > > http://www.navi.pl > > > > > > Cyrus Home Page: http://www.cyrusimap.org/ > > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > > To Unsubscribe: > > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus -- Bron Gondwana br...@fastmail.fm Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyradm not showing metadata if logged as admin
Hi Olaf, I think this is expected behaviour. Mailbox annotations in the "/private/" namespace are per user -- such that if multiple users have access to the same mailbox, they can each have their own annotations on it. So, when you log into this account with IMAP and set /private/specialuse annotations, you're setting those annotations for the user you logged in as. When you log in as an admin and look at the same mailbox, you're seeing the admin's annotations (which you haven't set any), not the user's. I don't know if there's an effective way to do what you want. Can anyone else chime in? Cheers, ellie On Fri, Apr 7, 2017, at 12:29 AM, Olaf Frączyk wrote: > Hello, > > cyrus-imapd-2.5.10-2.3.el7.x86_64 from open build system > > I have set metadata for mailboxes: > > t3 SETMETADATA "INBOX/Sent" (/private/specialuse "\\Sent") > > I can see the metadata from imap connection and from cyradm but only > when logged as user: > > t3 LIST (SPECIAL-USE) "" "*" > * LIST (\HasNoChildren \Drafts) "/" INBOX/Drafts > * LIST (\HasNoChildren \Sent) "/" INBOX/Sent > * LIST (\HasNoChildren \Trash) "/" INBOX/Trash > * LIST (\HasNoChildren \Junk) "/" INBOX/spam > > 192.168.1.8> getmd INBOX/Sent > {INBOX/Sent}: >private: > check: NIL > checkperiod: NIL > comment: NIL > sort: NIL > specialuse: \Sent > thread: NIL > expire: NIL > news2mail: NIL > sieve: NIL > squat: NIL > > When logged as cyrus admin I get: > > 192.168.1.8> getmd user/info/s...@navi.pl > {user/info/s...@navi.pl}: >private: > check: NIL > checkperiod: NIL > comment: NIL > sort: NIL > specialuse: NIL > thread: NIL > expire: NIL > news2mail: NIL > sieve: NIL > squat: NIL > > I want to be able to set the metadata for users' mailboxes, so the > Outlook and Thunderbird use correct folders. > > I tried to give the admin full ACL rights for this mailbox but it didn't > help. > > Is there any configuration option to change this behaviour? > > Best regards, > > Olaf Frączyk > > -- > NAVI Sp. z o.o. > Promienista 5/1 > 60-288 Poznań > > mobile: +48609769035 > phone: +48616622881 > fax: +48616622882 > http://www.navi.pl > > > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
cyradm not showing metadata if logged as admin
Hello, cyrus-imapd-2.5.10-2.3.el7.x86_64 from open build system I have set metadata for mailboxes: t3 SETMETADATA "INBOX/Sent" (/private/specialuse "\\Sent") I can see the metadata from imap connection and from cyradm but only when logged as user: t3 LIST (SPECIAL-USE) "" "*" * LIST (\HasNoChildren \Drafts) "/" INBOX/Drafts * LIST (\HasNoChildren \Sent) "/" INBOX/Sent * LIST (\HasNoChildren \Trash) "/" INBOX/Trash * LIST (\HasNoChildren \Junk) "/" INBOX/spam 192.168.1.8> getmd INBOX/Sent {INBOX/Sent}: private: check: NIL checkperiod: NIL comment: NIL sort: NIL specialuse: \Sent thread: NIL expire: NIL news2mail: NIL sieve: NIL squat: NIL When logged as cyrus admin I get: 192.168.1.8> getmd user/info/s...@navi.pl {user/info/s...@navi.pl}: private: check: NIL checkperiod: NIL comment: NIL sort: NIL specialuse: NIL thread: NIL expire: NIL news2mail: NIL sieve: NIL squat: NIL I want to be able to set the metadata for users' mailboxes, so the Outlook and Thunderbird use correct folders. I tried to give the admin full ACL rights for this mailbox but it didn't help. Is there any configuration option to change this behaviour? Best regards, Olaf Frączyk -- NAVI Sp. z o.o. Promienista 5/1 60-288 Poznań mobile: +48609769035 phone: +48616622881 fax: +48616622882 http://www.navi.pl Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Can't authorize as different user in cyradm and sieveshell
Dan, You nailed it. Mere presence of sasldb plugin makes it work. The code doesn't look kosher to me though. In sasl_server_new() there's a line: serverconn->sparams->canon_user = &_sasl_canon_user_lookup; which unconditionally set canon_user callback to the function that performs both canonicalization and auxprop lookup. In case there's no auxprop plugins it results in SASL_NOMECH. I guess it should check whether auxprop plugins are available in the system and either set it to _sasl_canon_user_lookup() or _sasl_canon_user(). Anyway installing sasldb plugin is easy enough workaround. Thanks everybody, Michael On Monday, November 21, 2016 04:36:01 PM Dan White wrote: > In the absence of an [sasl_]auxprop_plugins statement, all plugins will be > queried. For example, running pluginviewer (or saslpluginviewer on debian) > should typically list sasldb if it's installed on your system. > > The canon_user plugins and auxprop plugins are coded within the same code, > and so are tied together somewhat, although I haven't dug into the code to > explain the error Michael is experiencing. > > Michael, > > I'd suggest installing the sasldb auxprop to see if that clears up the > issue. That may not even require a configuration change. > > On 11/21/16 13:43 -0800, Andrew Morgan via Info-cyrus wrote: > >I'm using Debian packages for sasl. Here is what libsasl2-modules > >includes: > > > >/usr/lib/x86_64-linux-gnu/sasl2/libplain.so.2.0.25 > >/usr/lib/x86_64-linux-gnu/sasl2/libcrammd5.so.2.0.25 > >/usr/lib/x86_64-linux-gnu/sasl2/libdigestmd5.so.2.0.25 > >/usr/lib/x86_64-linux-gnu/sasl2/liblogin.so.2.0.25 > >/usr/lib/x86_64-linux-gnu/sasl2/libanonymous.so.2.0.25 > >/usr/lib/x86_64-linux-gnu/sasl2/libntlm.so.2.0.25 > > > >But in my imapd.conf, I'm not specifying an auxprop plugins: > > > ># grep sasl /etc/imapd.conf > >sasl_mech_list: PLAIN > >sasl_minimum_layer: 0 > >#sasl_maximum_layer: 256 > >sasl_pwcheck_method: saslauthd > > > >Since we are using saslauthd, we don't use auxprop plugins, I think... > > > > Andy > > > >On Mon, 21 Nov 2016, Michael Ulitskiy wrote: > > > >>I'm trying to read the code and it seems that it tries to lookup > >>authorization id > >>in auxprop plugin. since I don't have any auxprop plugins that returns > >>SASL_NOMECH and results > >>in the error I'm seeing. > >> > >>By any chance do you have any auxprop plugin defined? > > Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Can't authorize as different user in cyradm and sieveshell
In the absence of an [sasl_]auxprop_plugins statement, all plugins will be queried. For example, running pluginviewer (or saslpluginviewer on debian) should typically list sasldb if it's installed on your system. The canon_user plugins and auxprop plugins are coded within the same code, and so are tied together somewhat, although I haven't dug into the code to explain the error Michael is experiencing. Michael, I'd suggest installing the sasldb auxprop to see if that clears up the issue. That may not even require a configuration change. On 11/21/16 13:43 -0800, Andrew Morgan via Info-cyrus wrote: I'm using Debian packages for sasl. Here is what libsasl2-modules includes: /usr/lib/x86_64-linux-gnu/sasl2/libplain.so.2.0.25 /usr/lib/x86_64-linux-gnu/sasl2/libcrammd5.so.2.0.25 /usr/lib/x86_64-linux-gnu/sasl2/libdigestmd5.so.2.0.25 /usr/lib/x86_64-linux-gnu/sasl2/liblogin.so.2.0.25 /usr/lib/x86_64-linux-gnu/sasl2/libanonymous.so.2.0.25 /usr/lib/x86_64-linux-gnu/sasl2/libntlm.so.2.0.25 But in my imapd.conf, I'm not specifying an auxprop plugins: # grep sasl /etc/imapd.conf sasl_mech_list: PLAIN sasl_minimum_layer: 0 #sasl_maximum_layer: 256 sasl_pwcheck_method: saslauthd Since we are using saslauthd, we don't use auxprop plugins, I think... Andy On Mon, 21 Nov 2016, Michael Ulitskiy wrote: I'm trying to read the code and it seems that it tries to lookup authorization id in auxprop plugin. since I don't have any auxprop plugins that returns SASL_NOMECH and results in the error I'm seeing. By any chance do you have any auxprop plugin defined? -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Can't authorize as different user in cyradm and sieveshell
ords i want to use a special user for authentication and authorize as the target user. Here's what I have. imapd.conf: admins: mailadmin proxyservers: proxyadmin sasl_pwcheck_method: saslauthd #sasl_pwcheck_method: alwaystrue sasl_mech_list: PLAIN allowplaintext: yes here's what i do: root@rway-imap-vm:~# sieveshell -a proxyadmin -u t...@virtualcrap.com localhost connecting to localhost Please enter your password: unable to connect to server at /usr/bin/sieveshell line 191, line 1. here's the log: Nov 17 18:24:44 rway-imap-vm sieve[2256]: TLS is available. Nov 17 18:24:46 rway-imap-vm saslauthd[1169]: pam_userdb(sieve:auth): user 'proxyadmin' granted access Nov 17 18:24:46 rway-imap-vm sieve[2256]: badlogin: localhost [127.0.0.1] PLAIN no mechanism available Nov 17 18:24:46 rway-imap-vm sieve[2256]: Lost connection to client -- exiting as you can see user proxyadmin authenticated successfully, but then something (authorization?) went wrong and it says "PLAIN no mechanism available". this only happens if i try to authorize as different user. if i don't everything works fine: root@rway-imap-vm:~# sieveshell -a t...@virtualcrap.com -u t...@virtualcrap.com localhost connecting to localhost Please enter your password: log: Nov 17 18:24:11 rway-imap-vm sieve[2247]: TLS is available. Nov 17 18:24:15 rway-imap-vm saslauthd[1167]: pam_userdb(sieve:auth): user 't...@virtualcrap.com' granted access Nov 17 18:24:15 rway-imap-vm sieve[2247]: login: localhost [127.0.0.1] t...@virtualcrap.com PLAIN User logged in the same happends to cyradm: root@rway-imap-vm:~# cyradm --user=proxyadmin --authz=t...@virtualcrap.com --auth=plain localhost Password: IMAP Password: log: Nov 17 18:26:27 rway-imap-vm saslauthd[1166]: pam_userdb(imap:auth): user 'proxyadmin' granted access Nov 17 18:26:27 rway-imap-vm imap[2277]: badlogin: localhost [127.0.0.1] PLAIN [SASL(-4): no mechanism available: Unable to find a callback: 32773] but ok without trying to authorize as different user: root@rway-imap-vm:~# cyradm --user=t...@virtualcrap.com --auth=plain localhost Password: localhost> Nov 17 18:27:31 rway-imap-vm saslauthd[1167]: pam_userdb(imap:auth): user 't...@virtualcrap.com' granted access Nov 17 18:27:31 rway-imap-vm imap[2276]: login: localhost [127.0.0.1] t...@virtualcrap.com PLAIN User logged in SESSIONID= Can somebody tell me what I am doing wrong? Thanks a lot, Michael Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Can't authorize as different user in cyradm and sieveshell
t; >>Andy > >> > >> On Sun, 20 Nov 2016, Michael Ulitskiy via Info-cyrus wrote: > >> > >>> Since nobody answered, I guess, nobody has any idea. > >>> I wonder if anybody uses this feature and it works for you? > >>> I mean I'd like to know if that's just me and something is wrong with my > >>> setup or may be that feature isn't functional at all? > >>> Thanks in advance, > >>> > >>> Michael > >>> > >>> On Thursday, November 17, 2016 06:30:18 PM Michael Ulitskiy via > >>> Info-cyrus wrote: > >>>> Hello, > >>>> > >>>> I'm playing with cyrus-imap 2.5.10 and cyrus-sasl 2.1.26. > >>>> i'm trying to use sieveshell to setup users sieve scripts, but since > >>>> i don't know users passwords i want to use a special user for > >>>> authentication > >>>> and authorize as the target user. > >>>> Here's what I have. > >>>> > >>>> imapd.conf: > >>>> admins: mailadmin > >>>> proxyservers: proxyadmin > >>>> sasl_pwcheck_method: saslauthd > >>>> #sasl_pwcheck_method: alwaystrue > >>>> sasl_mech_list: PLAIN > >>>> allowplaintext: yes > >>>> > >>>> here's what i do: > >>>> > >>>> root@rway-imap-vm:~# sieveshell -a proxyadmin -u t...@virtualcrap.com > >>>> localhost > >>>> connecting to localhost > >>>> Please enter your password: > >>>> unable to connect to server at /usr/bin/sieveshell line 191, > >>>> line 1. > >>>> > >>>> here's the log: > >>>> Nov 17 18:24:44 rway-imap-vm sieve[2256]: TLS is available. > >>>> Nov 17 18:24:46 rway-imap-vm saslauthd[1169]: pam_userdb(sieve:auth): > >>>> user 'proxyadmin' granted access > >>>> Nov 17 18:24:46 rway-imap-vm sieve[2256]: badlogin: localhost > >>>> [127.0.0.1] PLAIN no mechanism available > >>>> Nov 17 18:24:46 rway-imap-vm sieve[2256]: Lost connection to client -- > >>>> exiting > >>>> > >>>> as you can see user proxyadmin authenticated successfully, but then > >>>> something (authorization?) went wrong > >>>> and it says "PLAIN no mechanism available". > >>>> this only happens if i try to authorize as different user. if i don't > >>>> everything works fine: > >>>> > >>>> root@rway-imap-vm:~# sieveshell -a t...@virtualcrap.com -u > >>>> t...@virtualcrap.com localhost > >>>> connecting to localhost > >>>> Please enter your password: > >>>>> > >>>> > >>>> log: > >>>> Nov 17 18:24:11 rway-imap-vm sieve[2247]: TLS is available. > >>>> Nov 17 18:24:15 rway-imap-vm saslauthd[1167]: pam_userdb(sieve:auth): > >>>> user 't...@virtualcrap.com' granted access > >>>> Nov 17 18:24:15 rway-imap-vm sieve[2247]: login: localhost [127.0.0.1] > >>>> t...@virtualcrap.com PLAIN User logged in > >>>> > >>>> the same happends to cyradm: > >>>> root@rway-imap-vm:~# cyradm --user=proxyadmin > >>>> --authz=t...@virtualcrap.com --auth=plain localhost > >>>> Password: > >>>> IMAP Password: > >>>> > >>>> log: > >>>> Nov 17 18:26:27 rway-imap-vm saslauthd[1166]: pam_userdb(imap:auth): > >>>> user 'proxyadmin' granted access > >>>> Nov 17 18:26:27 rway-imap-vm imap[2277]: badlogin: localhost [127.0.0.1] > >>>> PLAIN [SASL(-4): no mechanism available: Unable to find a callback: > >>>> 32773] > >>>> > >>>> but ok without trying to authorize as different user: > >>>> root@rway-imap-vm:~# cyradm --user=t...@virtualcrap.com --auth=plain > >>>> localhost > >>>> Password: > >>>> localhost> > >>>> Nov 17 18:27:31 rway-imap-vm saslauthd[1167]: pam_userdb(imap:auth): > >>>> user 't...@virtualcrap.com' granted access > >>>> Nov 17 18:27:31 rway-imap-vm imap[2276]: login: localhost [127.0.0.1] > >>>> t...@virtualcrap.com PLAIN User logged in > >>>> SESSIONID= > >>>> > >>>> Can somebody tell me what I am doing wrong? > >>>> Thanks a lot, > >>>> > >>>> Michael Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Can't authorize as different user in cyradm and sieveshell
copy" > >> S: "STARTTLS" > >> S: "UNAUTHENTICATE" > >> S: OK > >> Please enter your password: > >> C: AUTHENTICATE "PLAIN" {28+} > >> > >> S: OK > >> Authenticated. > >> Security strength factor: 0 > >> C: LOGOUT > >> OK "Logout Complete" > >> Connection closed. > >> > >> > >>Andy > >> > >> On Sun, 20 Nov 2016, Michael Ulitskiy via Info-cyrus wrote: > >> > >>> Since nobody answered, I guess, nobody has any idea. > >>> I wonder if anybody uses this feature and it works for you? > >>> I mean I'd like to know if that's just me and something is wrong with my > >>> setup or may be that feature isn't functional at all? > >>> Thanks in advance, > >>> > >>> Michael > >>> > >>> On Thursday, November 17, 2016 06:30:18 PM Michael Ulitskiy via > >>> Info-cyrus wrote: > >>>> Hello, > >>>> > >>>> I'm playing with cyrus-imap 2.5.10 and cyrus-sasl 2.1.26. > >>>> i'm trying to use sieveshell to setup users sieve scripts, but since > >>>> i don't know users passwords i want to use a special user for > >>>> authentication > >>>> and authorize as the target user. > >>>> Here's what I have. > >>>> > >>>> imapd.conf: > >>>> admins: mailadmin > >>>> proxyservers: proxyadmin > >>>> sasl_pwcheck_method: saslauthd > >>>> #sasl_pwcheck_method: alwaystrue > >>>> sasl_mech_list: PLAIN > >>>> allowplaintext: yes > >>>> > >>>> here's what i do: > >>>> > >>>> root@rway-imap-vm:~# sieveshell -a proxyadmin -u t...@virtualcrap.com > >>>> localhost > >>>> connecting to localhost > >>>> Please enter your password: > >>>> unable to connect to server at /usr/bin/sieveshell line 191, > >>>> line 1. > >>>> > >>>> here's the log: > >>>> Nov 17 18:24:44 rway-imap-vm sieve[2256]: TLS is available. > >>>> Nov 17 18:24:46 rway-imap-vm saslauthd[1169]: pam_userdb(sieve:auth): > >>>> user 'proxyadmin' granted access > >>>> Nov 17 18:24:46 rway-imap-vm sieve[2256]: badlogin: localhost > >>>> [127.0.0.1] PLAIN no mechanism available > >>>> Nov 17 18:24:46 rway-imap-vm sieve[2256]: Lost connection to client -- > >>>> exiting > >>>> > >>>> as you can see user proxyadmin authenticated successfully, but then > >>>> something (authorization?) went wrong > >>>> and it says "PLAIN no mechanism available". > >>>> this only happens if i try to authorize as different user. if i don't > >>>> everything works fine: > >>>> > >>>> root@rway-imap-vm:~# sieveshell -a t...@virtualcrap.com -u > >>>> t...@virtualcrap.com localhost > >>>> connecting to localhost > >>>> Please enter your password: > >>>>> > >>>> > >>>> log: > >>>> Nov 17 18:24:11 rway-imap-vm sieve[2247]: TLS is available. > >>>> Nov 17 18:24:15 rway-imap-vm saslauthd[1167]: pam_userdb(sieve:auth): > >>>> user 't...@virtualcrap.com' granted access > >>>> Nov 17 18:24:15 rway-imap-vm sieve[2247]: login: localhost [127.0.0.1] > >>>> t...@virtualcrap.com PLAIN User logged in > >>>> > >>>> the same happends to cyradm: > >>>> root@rway-imap-vm:~# cyradm --user=proxyadmin > >>>> --authz=t...@virtualcrap.com --auth=plain localhost > >>>> Password: > >>>> IMAP Password: > >>>> > >>>> log: > >>>> Nov 17 18:26:27 rway-imap-vm saslauthd[1166]: pam_userdb(imap:auth): > >>>> user 'proxyadmin' granted access > >>>> Nov 17 18:26:27 rway-imap-vm imap[2277]: badlogin: localhost [127.0.0.1] > >>>> PLAIN [SASL(-4): no mechanism available: Unable to find a callback: > >>>> 32773] > >>>> > >>>> but ok without trying to authorize as different user: > >>>> root@rway-imap-vm:~# cyradm --user=t...@virtualcrap.com --auth=plain > >>>> localhost > >>>> Password: > >>>> localhost> > >>>> Nov 17 18:27:31 rway-imap-vm saslauthd[1167]: pam_userdb(imap:auth): > >>>> user 't...@virtualcrap.com' granted access > >>>> Nov 17 18:27:31 rway-imap-vm imap[2276]: login: localhost [127.0.0.1] > >>>> t...@virtualcrap.com PLAIN User logged in > >>>> SESSIONID= > >>>> > >>>> Can somebody tell me what I am doing wrong? > >>>> Thanks a lot, > >>>> > >>>> Michael Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Can't authorize as different user in cyradm and sieveshell
uthorize as different user. if i don't everything works fine: root@rway-imap-vm:~# sieveshell -a t...@virtualcrap.com -u t...@virtualcrap.com localhost connecting to localhost Please enter your password: log: Nov 17 18:24:11 rway-imap-vm sieve[2247]: TLS is available. Nov 17 18:24:15 rway-imap-vm saslauthd[1167]: pam_userdb(sieve:auth): user 't...@virtualcrap.com' granted access Nov 17 18:24:15 rway-imap-vm sieve[2247]: login: localhost [127.0.0.1] t...@virtualcrap.com PLAIN User logged in the same happends to cyradm: root@rway-imap-vm:~# cyradm --user=proxyadmin --authz=t...@virtualcrap.com --auth=plain localhost Password: IMAP Password: log: Nov 17 18:26:27 rway-imap-vm saslauthd[1166]: pam_userdb(imap:auth): user 'proxyadmin' granted access Nov 17 18:26:27 rway-imap-vm imap[2277]: badlogin: localhost [127.0.0.1] PLAIN [SASL(-4): no mechanism available: Unable to find a callback: 32773] but ok without trying to authorize as different user: root@rway-imap-vm:~# cyradm --user=t...@virtualcrap.com --auth=plain localhost Password: localhost> Nov 17 18:27:31 rway-imap-vm saslauthd[1167]: pam_userdb(imap:auth): user 't...@virtualcrap.com' granted access Nov 17 18:27:31 rway-imap-vm imap[2276]: login: localhost [127.0.0.1] t...@virtualcrap.com PLAIN User logged in SESSIONID= Can somebody tell me what I am doing wrong? Thanks a lot, Michael Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Can't authorize as different user in cyradm and sieveshell
18:24:46 rway-imap-vm sieve[2256]: Lost connection to client -- > >> exiting > >> > >> as you can see user proxyadmin authenticated successfully, but then > >> something (authorization?) went wrong > >> and it says "PLAIN no mechanism available". > >> this only happens if i try to authorize as different user. if i don't > >> everything works fine: > >> > >> root@rway-imap-vm:~# sieveshell -a t...@virtualcrap.com -u > >> t...@virtualcrap.com localhost > >> connecting to localhost > >> Please enter your password: > >>> > >> > >> log: > >> Nov 17 18:24:11 rway-imap-vm sieve[2247]: TLS is available. > >> Nov 17 18:24:15 rway-imap-vm saslauthd[1167]: pam_userdb(sieve:auth): user > >> 't...@virtualcrap.com' granted access > >> Nov 17 18:24:15 rway-imap-vm sieve[2247]: login: localhost [127.0.0.1] > >> t...@virtualcrap.com PLAIN User logged in > >> > >> the same happends to cyradm: > >> root@rway-imap-vm:~# cyradm --user=proxyadmin --authz=t...@virtualcrap.com > >> --auth=plain localhost > >> Password: > >> IMAP Password: > >> > >> log: > >> Nov 17 18:26:27 rway-imap-vm saslauthd[1166]: pam_userdb(imap:auth): user > >> 'proxyadmin' granted access > >> Nov 17 18:26:27 rway-imap-vm imap[2277]: badlogin: localhost [127.0.0.1] > >> PLAIN [SASL(-4): no mechanism available: Unable to find a callback: 32773] > >> > >> but ok without trying to authorize as different user: > >> root@rway-imap-vm:~# cyradm --user=t...@virtualcrap.com --auth=plain > >> localhost > >> Password: > >> localhost> > >> Nov 17 18:27:31 rway-imap-vm saslauthd[1167]: pam_userdb(imap:auth): user > >> 't...@virtualcrap.com' granted access > >> Nov 17 18:27:31 rway-imap-vm imap[2276]: login: localhost [127.0.0.1] > >> t...@virtualcrap.com PLAIN User logged in > >> SESSIONID= > >> > >> Can somebody tell me what I am doing wrong? > >> Thanks a lot, > >> > >> Michael Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Can't authorize as different user in cyradm and sieveshell
This works for me under v2.4.18. I'm able to run sieveshell against a frontend or backend authenticating as a cyrus "admins" user or a "proxyservers" user (on the backend). Against a frontend: # sieveshell -u morgan -a cyrus imap.onid.oregonstate.edu connecting to imap.onid.oregonstate.edu Please enter your password: list onid-web real <- active script quit Against a backend: # sieveshell -u morgan -a cyr_proxy cyrus-be1.onid.oregonstate.edu connecting to cyrus-be1.onid.oregonstate.edu Please enter your password: list onid-web real <- active script quit My imapd.conf settings: admins: cyrus allowplaintext: 0 sasl_mech_list: PLAIN sasl_minimum_layer: 0 sasl_pwcheck_method: saslauthd sieve_allowreferrals: 0 sieve_allowplaintext: 1 Have you tried using the "sivtest" program? It will show you the protocol handshakes, which might help. Here is an example for me: # sivtest -u morgan -a cyrus localhost S: "IMPLEMENTATION" "Cyrus timsieved (Murder) v2.4.18" S: "SASL" "PLAIN" S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope body relational regex subaddress copy" S: "STARTTLS" S: "UNAUTHENTICATE" S: OK Please enter your password: C: AUTHENTICATE "PLAIN" {28+} S: OK Authenticated. Security strength factor: 0 C: LOGOUT OK "Logout Complete" Connection closed. Andy On Sun, 20 Nov 2016, Michael Ulitskiy via Info-cyrus wrote: Since nobody answered, I guess, nobody has any idea. I wonder if anybody uses this feature and it works for you? I mean I'd like to know if that's just me and something is wrong with my setup or may be that feature isn't functional at all? Thanks in advance, Michael On Thursday, November 17, 2016 06:30:18 PM Michael Ulitskiy via Info-cyrus wrote: Hello, I'm playing with cyrus-imap 2.5.10 and cyrus-sasl 2.1.26. i'm trying to use sieveshell to setup users sieve scripts, but since i don't know users passwords i want to use a special user for authentication and authorize as the target user. Here's what I have. imapd.conf: admins: mailadmin proxyservers: proxyadmin sasl_pwcheck_method: saslauthd #sasl_pwcheck_method: alwaystrue sasl_mech_list: PLAIN allowplaintext: yes here's what i do: root@rway-imap-vm:~# sieveshell -a proxyadmin -u t...@virtualcrap.com localhost connecting to localhost Please enter your password: unable to connect to server at /usr/bin/sieveshell line 191, line 1. here's the log: Nov 17 18:24:44 rway-imap-vm sieve[2256]: TLS is available. Nov 17 18:24:46 rway-imap-vm saslauthd[1169]: pam_userdb(sieve:auth): user 'proxyadmin' granted access Nov 17 18:24:46 rway-imap-vm sieve[2256]: badlogin: localhost [127.0.0.1] PLAIN no mechanism available Nov 17 18:24:46 rway-imap-vm sieve[2256]: Lost connection to client -- exiting as you can see user proxyadmin authenticated successfully, but then something (authorization?) went wrong and it says "PLAIN no mechanism available". this only happens if i try to authorize as different user. if i don't everything works fine: root@rway-imap-vm:~# sieveshell -a t...@virtualcrap.com -u t...@virtualcrap.com localhost connecting to localhost Please enter your password: log: Nov 17 18:24:11 rway-imap-vm sieve[2247]: TLS is available. Nov 17 18:24:15 rway-imap-vm saslauthd[1167]: pam_userdb(sieve:auth): user 't...@virtualcrap.com' granted access Nov 17 18:24:15 rway-imap-vm sieve[2247]: login: localhost [127.0.0.1] t...@virtualcrap.com PLAIN User logged in the same happends to cyradm: root@rway-imap-vm:~# cyradm --user=proxyadmin --authz=t...@virtualcrap.com --auth=plain localhost Password: IMAP Password: log: Nov 17 18:26:27 rway-imap-vm saslauthd[1166]: pam_userdb(imap:auth): user 'proxyadmin' granted access Nov 17 18:26:27 rway-imap-vm imap[2277]: badlogin: localhost [127.0.0.1] PLAIN [SASL(-4): no mechanism available: Unable to find a callback: 32773] but ok without trying to authorize as different user: root@rway-imap-vm:~# cyradm --user=t...@virtualcrap.com --auth=plain localhost Password: localhost> Nov 17 18:27:31 rway-imap-vm saslauthd[1167]: pam_userdb(imap:auth): user 't...@virtualcrap.com' granted access Nov 17 18:27:31 rway-imap-vm imap[2276]: login: localhost [127.0.0.1] t...@virtualcrap.com PLAIN User logged in SESSIONID= Can somebody tell me what I am doing wrong? Thanks a lot, Michael Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Can't authorize as different user in cyradm and sieveshell
Since nobody answered, I guess, nobody has any idea. I wonder if anybody uses this feature and it works for you? I mean I'd like to know if that's just me and something is wrong with my setup or may be that feature isn't functional at all? Thanks in advance, Michael On Thursday, November 17, 2016 06:30:18 PM Michael Ulitskiy via Info-cyrus wrote: > Hello, > > I'm playing with cyrus-imap 2.5.10 and cyrus-sasl 2.1.26. > i'm trying to use sieveshell to setup users sieve scripts, but since > i don't know users passwords i want to use a special user for authentication > and authorize as the target user. > Here's what I have. > > imapd.conf: > admins: mailadmin > proxyservers: proxyadmin > sasl_pwcheck_method: saslauthd > #sasl_pwcheck_method: alwaystrue > sasl_mech_list: PLAIN > allowplaintext: yes > > here's what i do: > > root@rway-imap-vm:~# sieveshell -a proxyadmin -u t...@virtualcrap.com > localhost > connecting to localhost > Please enter your password: > unable to connect to server at /usr/bin/sieveshell line 191, line 1. > > here's the log: > Nov 17 18:24:44 rway-imap-vm sieve[2256]: TLS is available. > Nov 17 18:24:46 rway-imap-vm saslauthd[1169]: pam_userdb(sieve:auth): user > 'proxyadmin' granted access > Nov 17 18:24:46 rway-imap-vm sieve[2256]: badlogin: localhost [127.0.0.1] > PLAIN no mechanism available > Nov 17 18:24:46 rway-imap-vm sieve[2256]: Lost connection to client -- exiting > > as you can see user proxyadmin authenticated successfully, but then something > (authorization?) went wrong > and it says "PLAIN no mechanism available". > this only happens if i try to authorize as different user. if i don't > everything works fine: > > root@rway-imap-vm:~# sieveshell -a t...@virtualcrap.com -u > t...@virtualcrap.com localhost > connecting to localhost > Please enter your password: > > > > log: > Nov 17 18:24:11 rway-imap-vm sieve[2247]: TLS is available. > Nov 17 18:24:15 rway-imap-vm saslauthd[1167]: pam_userdb(sieve:auth): user > 't...@virtualcrap.com' granted access > Nov 17 18:24:15 rway-imap-vm sieve[2247]: login: localhost [127.0.0.1] > t...@virtualcrap.com PLAIN User logged in > > the same happends to cyradm: > root@rway-imap-vm:~# cyradm --user=proxyadmin --authz=t...@virtualcrap.com > --auth=plain localhost > Password: > IMAP Password: > > log: > Nov 17 18:26:27 rway-imap-vm saslauthd[1166]: pam_userdb(imap:auth): user > 'proxyadmin' granted access > Nov 17 18:26:27 rway-imap-vm imap[2277]: badlogin: localhost [127.0.0.1] > PLAIN [SASL(-4): no mechanism available: Unable to find a callback: 32773] > > but ok without trying to authorize as different user: > root@rway-imap-vm:~# cyradm --user=t...@virtualcrap.com --auth=plain localhost > Password: > localhost> > Nov 17 18:27:31 rway-imap-vm saslauthd[1167]: pam_userdb(imap:auth): user > 't...@virtualcrap.com' granted access > Nov 17 18:27:31 rway-imap-vm imap[2276]: login: localhost [127.0.0.1] > t...@virtualcrap.com PLAIN User logged in > SESSIONID= > > Can somebody tell me what I am doing wrong? > Thanks a lot, > > Michael Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Can't authorize as different user in cyradm and sieveshell
Hello, I'm playing with cyrus-imap 2.5.10 and cyrus-sasl 2.1.26. i'm trying to use sieveshell to setup users sieve scripts, but since i don't know users passwords i want to use a special user for authentication and authorize as the target user. Here's what I have. imapd.conf: admins: mailadmin proxyservers: proxyadmin sasl_pwcheck_method: saslauthd #sasl_pwcheck_method: alwaystrue sasl_mech_list: PLAIN allowplaintext: yes here's what i do: root@rway-imap-vm:~# sieveshell -a proxyadmin -u t...@virtualcrap.com localhost connecting to localhost Please enter your password: unable to connect to server at /usr/bin/sieveshell line 191, line 1. here's the log: Nov 17 18:24:44 rway-imap-vm sieve[2256]: TLS is available. Nov 17 18:24:46 rway-imap-vm saslauthd[1169]: pam_userdb(sieve:auth): user 'proxyadmin' granted access Nov 17 18:24:46 rway-imap-vm sieve[2256]: badlogin: localhost [127.0.0.1] PLAIN no mechanism available Nov 17 18:24:46 rway-imap-vm sieve[2256]: Lost connection to client -- exiting as you can see user proxyadmin authenticated successfully, but then something (authorization?) went wrong and it says "PLAIN no mechanism available". this only happens if i try to authorize as different user. if i don't everything works fine: root@rway-imap-vm:~# sieveshell -a t...@virtualcrap.com -u t...@virtualcrap.com localhost connecting to localhost Please enter your password: > log: Nov 17 18:24:11 rway-imap-vm sieve[2247]: TLS is available. Nov 17 18:24:15 rway-imap-vm saslauthd[1167]: pam_userdb(sieve:auth): user 't...@virtualcrap.com' granted access Nov 17 18:24:15 rway-imap-vm sieve[2247]: login: localhost [127.0.0.1] t...@virtualcrap.com PLAIN User logged in the same happends to cyradm: root@rway-imap-vm:~# cyradm --user=proxyadmin --authz=t...@virtualcrap.com --auth=plain localhost Password: IMAP Password: log: Nov 17 18:26:27 rway-imap-vm saslauthd[1166]: pam_userdb(imap:auth): user 'proxyadmin' granted access Nov 17 18:26:27 rway-imap-vm imap[2277]: badlogin: localhost [127.0.0.1] PLAIN [SASL(-4): no mechanism available: Unable to find a callback: 32773] but ok without trying to authorize as different user: root@rway-imap-vm:~# cyradm --user=t...@virtualcrap.com --auth=plain localhost Password: localhost> Nov 17 18:27:31 rway-imap-vm saslauthd[1167]: pam_userdb(imap:auth): user 't...@virtualcrap.com' granted access Nov 17 18:27:31 rway-imap-vm imap[2276]: login: localhost [127.0.0.1] t...@virtualcrap.com PLAIN User logged in SESSIONID= Can somebody tell me what I am doing wrong? Thanks a lot, Michael Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyradm "info" behavior after cyrus-imapd-2.3.16 -> 2.5.9 upgrade
On 08/26/2016 09:47 AM, Tod A. Sandman via Info-cyrus wrote: I noticed after upgrading from cyrus-imapd-2.3.16 to cyrus-imapd-2.5.9 that the "info" cyradm command no longer works: it prints out nothing. Furhermore, after issuing the info command, no other commands print anything either. For instance: cyrus@cyrus2a:/var/imap/sync> cyradm --user mailadmin `hostname` cyrus2a.mail.rice.edu> lm user/lamemm7 user/lamemm7 (\HasChildren) cyrus2a.mail.rice.edu> lam user/lamemm7 mailadmin lrswipkxtecda lamemm7 lrswipkxtecda cyrus2a.mail.rice.edu> info user/lamemm7 cyrus2a.mail.rice.edu> lam user/lamemm7 cyrus2a.mail.rice.edu> lm user/lamemm7 Anyone else experiencing this? Tod Sandman Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Tod, we just finished upgrading several debian servers from 2.4.18 to 2.5.9 and do not see the behavior you are describing. I will note that debian dependencies did not seem to catch that we needed to upgrade cyrus-admin at the same time as cyrus-imap, so maybe you are still using cyrus-admin 2.3.x? Regards, -- Andy Dorman Ironic Design, Inc. AnteSpam.com Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyradm "info" behavior after cyrus-imapd-2.3.16 -> 2.5.9 upgrade
Are you sure that you are using the cyradm from 2.5.9? IIRC, older cyradm doesn't like the responses sent by 2.5.x servers. On 08/26/2016 10:47 AM, Tod A. Sandman via Info-cyrus wrote: I noticed after upgrading from cyrus-imapd-2.3.16 to cyrus-imapd-2.5.9 that the "info" cyradm command no longer works: it prints out nothing. Furhermore, after issuing the info command, no other commands print anything either. For instance: cyrus@cyrus2a:/var/imap/sync> cyradm --user mailadmin `hostname` cyrus2a.mail.rice.edu> lm user/lamemm7 user/lamemm7 (\HasChildren) cyrus2a.mail.rice.edu> lam user/lamemm7 mailadmin lrswipkxtecda lamemm7 lrswipkxtecda cyrus2a.mail.rice.edu> info user/lamemm7 cyrus2a.mail.rice.edu> lam user/lamemm7 cyrus2a.mail.rice.edu> lm user/lamemm7 Anyone else experiencing this? Tod Sandman Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus -- Kenneth Murchison Principal Systems Software Engineer Carnegie Mellon University Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
cyradm "info" behavior after cyrus-imapd-2.3.16 -> 2.5.9 upgrade
I noticed after upgrading from cyrus-imapd-2.3.16 to cyrus-imapd-2.5.9 that the "info" cyradm command no longer works: it prints out nothing. Furhermore, after issuing the info command, no other commands print anything either. For instance: cyrus@cyrus2a:/var/imap/sync> cyradm --user mailadmin `hostname` cyrus2a.mail.rice.edu> lm user/lamemm7 user/lamemm7 (\HasChildren) cyrus2a.mail.rice.edu> lam user/lamemm7 mailadmin lrswipkxtecda lamemm7 lrswipkxtecda cyrus2a.mail.rice.edu> info user/lamemm7 cyrus2a.mail.rice.edu> lam user/lamemm7 cyrus2a.mail.rice.edu> lm user/lamemm7 Anyone else experiencing this? Tod Sandman Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Cannot connect with cyradm
On 06/05/16 04:24, Stuart Castergine via Info-cyrus wrote: > C: A01 AUTHENTICATE PLAIN Y3lydXMAY3lydXMAaGVsbC1oYXRoLW5vLWZ1cnk= I recommend changing the password from the "fury" thingy to something else. Maybe you want to strip base64 encoded credentials in the future. Greetings, Wolfgang -- Wolfgang Breyha| http://www.blafasel.at/ Vienna University Computer Center | Austria Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Cannot connect with cyradm
> That did it, but why did I have to specify PLAIN? None of the docs mention > having to do that with a default install. I don't know, but you don't have a default install but a configuration tailored by fedora. Simon > > > On Fri, May 6, 2016 at 2:16 AM, Simon Matter <simon.mat...@invoca.ch> > wrote: > >> > I am trying to set up a basic system with cyrus-imap and postfix on >> amazon >> > linux >> > >> > I can connect using imtest, but cannot connect with cyradm: >> > >> > Additionally, when I connect via a client with a user I know has mail, >> > it's >> > saying that no INBOX exists. Postfix's mail spool is /var/spool/mail, >> but >> > I >> > don't see anywhere to verify that imapd or lmtpd is looking there. >> > >> > Sorry if these are dumb questions. I'm completely new to cyrus-imap >> and >> > the >> > documentation at cyrusimap.org is extremely sketchy. >> > >> > Any advice appreciated. >> > >> > $ more /etc/imapd.conf >> > configdirectory: /var/lib/imap >> > partition-default: /var/spool/imap >> > admins: cyrus >> > sievedir: /var/lib/imap/sieve >> > sendmail: /usr/sbin/sendmail >> > hashimapspool: true >> > sasl_pwcheck_method: saslauthd >> > sasl_mech_list: PLAIN LOGIN >> > tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem >> > tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem >> > tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt >> > >> > $ grep MECH /etc/init.d/saslauthd >> > MECH=pam >> > >> > $ imtest -t "" -u cyrus -a cyrus localhost >> > S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS LOGINDISABLED >> > COMPRESS=DEFLATE] ip-172-31-1-214 Cyrus IMAP >> > v2.3.16-Fedora-RPM-2.3.16-6.9.amzn1 server ready >> > C: S01 STARTTLS >> > S: S01 OK Begin TLS negotiation now >> > verify error:num=18:self signed certificate >> > TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA >> (256/256 >> > bits) >> > C: C01 CAPABILITY >> > S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN AUTH=LOGIN >> SASL-IR >> > COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE >> UIDPLUS >> > NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ >> > THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE >> CONDSTORE >> > SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH >> > S: C01 OK Completed >> > Please enter your password: >> > C: A01 AUTHENTICATE PLAIN Y3lydXMAY3lydXMAaGVsbC1oYXRoLW5vLWZ1cnk= >> > S: A01 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED >> > COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE >> UIDPLUS >> > NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ >> > THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE >> CONDSTORE >> > SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH] Success (tls >> > protection) >> > Authenticated. >> > Security strength factor: 256 >> > . LIST "" "*" >> > . OK Completed (0.000 secs 1 calls) >> > . LOGOUT >> > * BYE LOGOUT received >> > . OK Completed >> > Connection closed. >> > >> > $ cyradm --user cyrus --authz cyrus localhost >> > Login disabled. >> > cyradm: cannot authenticate to server with as cyrus >> > $ cyradm --user cyrus --authz cyrus --auth pam localhost >> > verify error:num=18:self signed certificate >> > cyradm: cannot authenticate to server with pam as cyrus >> > $ cyradm --user cyrus --authz cyrus --auth shadow localhost >> > verify error:num=18:self signed certificate >> > cyradm: cannot authenticate to server with shadow as cyrus >> >> What does it do if you run with "--auch PLAIN" instead? >> >> Regards, >> Simon >> >> > Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Cannot connect with cyradm
That did it, but why did I have to specify PLAIN? None of the docs mention having to do that with a default install. On Fri, May 6, 2016 at 2:16 AM, Simon Matter <simon.mat...@invoca.ch> wrote: > > I am trying to set up a basic system with cyrus-imap and postfix on > amazon > > linux > > > > I can connect using imtest, but cannot connect with cyradm: > > > > Additionally, when I connect via a client with a user I know has mail, > > it's > > saying that no INBOX exists. Postfix's mail spool is /var/spool/mail, but > > I > > don't see anywhere to verify that imapd or lmtpd is looking there. > > > > Sorry if these are dumb questions. I'm completely new to cyrus-imap and > > the > > documentation at cyrusimap.org is extremely sketchy. > > > > Any advice appreciated. > > > > $ more /etc/imapd.conf > > configdirectory: /var/lib/imap > > partition-default: /var/spool/imap > > admins: cyrus > > sievedir: /var/lib/imap/sieve > > sendmail: /usr/sbin/sendmail > > hashimapspool: true > > sasl_pwcheck_method: saslauthd > > sasl_mech_list: PLAIN LOGIN > > tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem > > tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem > > tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt > > > > $ grep MECH /etc/init.d/saslauthd > > MECH=pam > > > > $ imtest -t "" -u cyrus -a cyrus localhost > > S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS LOGINDISABLED > > COMPRESS=DEFLATE] ip-172-31-1-214 Cyrus IMAP > > v2.3.16-Fedora-RPM-2.3.16-6.9.amzn1 server ready > > C: S01 STARTTLS > > S: S01 OK Begin TLS negotiation now > > verify error:num=18:self signed certificate > > TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 > > bits) > > C: C01 CAPABILITY > > S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN AUTH=LOGIN SASL-IR > > COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE > UIDPLUS > > NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ > > THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE > > SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH > > S: C01 OK Completed > > Please enter your password: > > C: A01 AUTHENTICATE PLAIN Y3lydXMAY3lydXMAaGVsbC1oYXRoLW5vLWZ1cnk= > > S: A01 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED > > COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE > UIDPLUS > > NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ > > THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE > > SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH] Success (tls > > protection) > > Authenticated. > > Security strength factor: 256 > > . LIST "" "*" > > . OK Completed (0.000 secs 1 calls) > > . LOGOUT > > * BYE LOGOUT received > > . OK Completed > > Connection closed. > > > > $ cyradm --user cyrus --authz cyrus localhost > > Login disabled. > > cyradm: cannot authenticate to server with as cyrus > > $ cyradm --user cyrus --authz cyrus --auth pam localhost > > verify error:num=18:self signed certificate > > cyradm: cannot authenticate to server with pam as cyrus > > $ cyradm --user cyrus --authz cyrus --auth shadow localhost > > verify error:num=18:self signed certificate > > cyradm: cannot authenticate to server with shadow as cyrus > > What does it do if you run with "--auch PLAIN" instead? > > Regards, > Simon > > Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Cannot connect with cyradm
> I am trying to set up a basic system with cyrus-imap and postfix on amazon > linux > > I can connect using imtest, but cannot connect with cyradm: > > Additionally, when I connect via a client with a user I know has mail, > it's > saying that no INBOX exists. Postfix's mail spool is /var/spool/mail, but > I > don't see anywhere to verify that imapd or lmtpd is looking there. > > Sorry if these are dumb questions. I'm completely new to cyrus-imap and > the > documentation at cyrusimap.org is extremely sketchy. > > Any advice appreciated. > > $ more /etc/imapd.conf > configdirectory: /var/lib/imap > partition-default: /var/spool/imap > admins: cyrus > sievedir: /var/lib/imap/sieve > sendmail: /usr/sbin/sendmail > hashimapspool: true > sasl_pwcheck_method: saslauthd > sasl_mech_list: PLAIN LOGIN > tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem > tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem > tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt > > $ grep MECH /etc/init.d/saslauthd > MECH=pam > > $ imtest -t "" -u cyrus -a cyrus localhost > S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS LOGINDISABLED > COMPRESS=DEFLATE] ip-172-31-1-214 Cyrus IMAP > v2.3.16-Fedora-RPM-2.3.16-6.9.amzn1 server ready > C: S01 STARTTLS > S: S01 OK Begin TLS negotiation now > verify error:num=18:self signed certificate > TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 > bits) > C: C01 CAPABILITY > S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN AUTH=LOGIN SASL-IR > COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS > NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ > THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE > SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH > S: C01 OK Completed > Please enter your password: > C: A01 AUTHENTICATE PLAIN Y3lydXMAY3lydXMAaGVsbC1oYXRoLW5vLWZ1cnk= > S: A01 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED > COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS > NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ > THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE > SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH] Success (tls > protection) > Authenticated. > Security strength factor: 256 > . LIST "" "*" > . OK Completed (0.000 secs 1 calls) > . LOGOUT > * BYE LOGOUT received > . OK Completed > Connection closed. > > $ cyradm --user cyrus --authz cyrus localhost > Login disabled. > cyradm: cannot authenticate to server with as cyrus > $ cyradm --user cyrus --authz cyrus --auth pam localhost > verify error:num=18:self signed certificate > cyradm: cannot authenticate to server with pam as cyrus > $ cyradm --user cyrus --authz cyrus --auth shadow localhost > verify error:num=18:self signed certificate > cyradm: cannot authenticate to server with shadow as cyrus What does it do if you run with "--auch PLAIN" instead? Regards, Simon Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Cannot connect with cyradm
I am trying to set up a basic system with cyrus-imap and postfix on amazon linux I can connect using imtest, but cannot connect with cyradm: Additionally, when I connect via a client with a user I know has mail, it's saying that no INBOX exists. Postfix's mail spool is /var/spool/mail, but I don't see anywhere to verify that imapd or lmtpd is looking there. Sorry if these are dumb questions. I'm completely new to cyrus-imap and the documentation at cyrusimap.org is extremely sketchy. Any advice appreciated. $ more /etc/imapd.conf configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN LOGIN tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt $ grep MECH /etc/init.d/saslauthd MECH=pam $ imtest -t "" -u cyrus -a cyrus localhost S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS LOGINDISABLED COMPRESS=DEFLATE] ip-172-31-1-214 Cyrus IMAP v2.3.16-Fedora-RPM-2.3.16-6.9.amzn1 server ready C: S01 STARTTLS S: S01 OK Begin TLS negotiation now verify error:num=18:self signed certificate TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN AUTH=LOGIN SASL-IR COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH S: C01 OK Completed Please enter your password: C: A01 AUTHENTICATE PLAIN Y3lydXMAY3lydXMAaGVsbC1oYXRoLW5vLWZ1cnk= S: A01 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH] Success (tls protection) Authenticated. Security strength factor: 256 . LIST "" "*" . OK Completed (0.000 secs 1 calls) . LOGOUT * BYE LOGOUT received . OK Completed Connection closed. $ cyradm --user cyrus --authz cyrus localhost Login disabled. cyradm: cannot authenticate to server with as cyrus $ cyradm --user cyrus --authz cyrus --auth pam localhost verify error:num=18:self signed certificate cyradm: cannot authenticate to server with pam as cyrus $ cyradm --user cyrus --authz cyrus --auth shadow localhost verify error:num=18:self signed certificate cyradm: cannot authenticate to server with shadow as cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyradm: perl: symbol lookup error?
Just a quick note: IMAP::Admin appears to be broken, at the moment, and can't be compiled. The Debian people submitted a patch 3 months ago with no activity, indicating that the Perl module is semi-abandoned. On 9/17/2015 3:03 PM, Patrick Boutilier wrote: > On 09/17/2015 04:07 PM, Patrick Goetz wrote: >> Thanks. I'm just now getting around to looking at this script. This >> creates a mailbox, but don't you also need to set access privileges for >> the user associated with this mailbox? > > Only if you are going to change the default rights. User will have > access by default. > > > > > >> >> >> >> On 09/16/2015 12:00 PM, Patrick Boutilier wrote: >>> >>> We use this simple perl script to add users. Fill in appropriate >>> username and password. >>> >>> >>> >>> >>> >>> #!/usr/bin/perl -w >>> # >>> use File::Basename; >>> use IMAP::Admin; >>> >>> if ( 0 == scalar( @ARGV ) ) { >>> die( "\n Usuage: $0 userid\n"); >>> } >>> >>> >>> $mailbox = "user.$ARGV[0]"; >>> $username = ""; >>> $password = ""; >>> >>> # Set this to the hostname of your IMAP server >>> $IMAPSERVER = "localhost"; >>> # >>> >>> # Main Code >>> # >>> # Login to IMAP server >>> $imap = IMAP::Admin->new('Server' => $IMAPSERVER, >>>'Login' => $username, >>>'Password' => $password,) || die "no go $! >>> !"; >>> >>> print "Login: " . $imap->error . "\n"; >>> >>> # Add user >>> $add = $imap->create("$mailbox"); >>> >>> if ($add != 0) { >>> print "Error: " . $imap->error . "\n"; >>> } >>> else { >>> print "$ARGV[0] added.\n"; >>> } >>> >>> >>> # Close connection >>> $imap->close; >>> exit; >>> >>> >>> >>> Cyrus Home Page: http://www.cyrusimap.org/ >>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >>> To Unsubscribe: >>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus >>> >> >> Cyrus Home Page: http://www.cyrusimap.org/ >> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >> To Unsubscribe: >> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus >> > > > > > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyradm: perl: symbol lookup error?
Thanks. I'm just now getting around to looking at this script. This creates a mailbox, but don't you also need to set access privileges for the user associated with this mailbox? On 09/16/2015 12:00 PM, Patrick Boutilier wrote: > > We use this simple perl script to add users. Fill in appropriate > username and password. > > > > > > #!/usr/bin/perl -w > # > use File::Basename; > use IMAP::Admin; > > if ( 0 == scalar( @ARGV ) ) { >die( "\n Usuage: $0 userid\n"); > } > > > $mailbox = "user.$ARGV[0]"; > $username = ""; > $password = ""; > > # Set this to the hostname of your IMAP server > $IMAPSERVER = "localhost"; > # > > # Main Code > # > # Login to IMAP server > $imap = IMAP::Admin->new('Server' => $IMAPSERVER, > 'Login' => $username, > 'Password' => $password,) || die "no go $! !"; > > print "Login: " . $imap->error . "\n"; > > # Add user > $add = $imap->create("$mailbox"); > > if ($add != 0) { > print "Error: " . $imap->error . "\n"; > } > else { > print "$ARGV[0] added.\n"; > } > > > # Close connection > $imap->close; > exit; > > > > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyradm: perl: symbol lookup error?
On 09/17/2015 04:07 PM, Patrick Goetz wrote: Thanks. I'm just now getting around to looking at this script. This creates a mailbox, but don't you also need to set access privileges for the user associated with this mailbox? Only if you are going to change the default rights. User will have access by default. On 09/16/2015 12:00 PM, Patrick Boutilier wrote: We use this simple perl script to add users. Fill in appropriate username and password. #!/usr/bin/perl -w # use File::Basename; use IMAP::Admin; if ( 0 == scalar( @ARGV ) ) { die( "\n Usuage: $0 userid\n"); } $mailbox = "user.$ARGV[0]"; $username = ""; $password = ""; # Set this to the hostname of your IMAP server $IMAPSERVER = "localhost"; # # Main Code # # Login to IMAP server $imap = IMAP::Admin->new('Server' => $IMAPSERVER, 'Login' => $username, 'Password' => $password,) || die "no go $! !"; print "Login: " . $imap->error . "\n"; # Add user $add = $imap->create("$mailbox"); if ($add != 0) { print "Error: " . $imap->error . "\n"; } else { print "$ARGV[0] added.\n"; } # Close connection $imap->close; exit; Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus <> Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyradm: perl: symbol lookup error?
Interesting. When I use cyradm to set up a new account, I always execute 2 commands: cyradm --user administrator localhost localhost> cm user/daffyduck localhost> sam user/daffyduck daffyduck write Does this mean that the second command has been superfluous all along and that these are the permissions that are created by default anyway? I.e. it would be sufficient to just do this? localhost> cm user/daffyduck On 09/17/2015 03:03 PM, Patrick Boutilier wrote: > On 09/17/2015 04:07 PM, Patrick Goetz wrote: >> Thanks. I'm just now getting around to looking at this script. This >> creates a mailbox, but don't you also need to set access privileges for >> the user associated with this mailbox? > > Only if you are going to change the default rights. User will have > access by default. > > > > > >> >> >> >> On 09/16/2015 12:00 PM, Patrick Boutilier wrote: >>> >>> We use this simple perl script to add users. Fill in appropriate >>> username and password. >>> >>> >>> >>> >>> >>> #!/usr/bin/perl -w >>> # >>> use File::Basename; >>> use IMAP::Admin; >>> >>> if ( 0 == scalar( @ARGV ) ) { >>> die( "\n Usuage: $0 userid\n"); >>> } >>> >>> >>> $mailbox = "user.$ARGV[0]"; >>> $username = ""; >>> $password = ""; >>> >>> # Set this to the hostname of your IMAP server >>> $IMAPSERVER = "localhost"; >>> # >>> >>> # Main Code >>> # >>> # Login to IMAP server >>> $imap = IMAP::Admin->new('Server' => $IMAPSERVER, >>>'Login' => $username, >>>'Password' => $password,) || die "no go $! >>> !"; >>> >>> print "Login: " . $imap->error . "\n"; >>> >>> # Add user >>> $add = $imap->create("$mailbox"); >>> >>> if ($add != 0) { >>> print "Error: " . $imap->error . "\n"; >>> } >>> else { >>> print "$ARGV[0] added.\n"; >>> } >>> >>> >>> # Close connection >>> $imap->close; >>> exit; >>> >>> >>> >>> Cyrus Home Page: http://www.cyrusimap.org/ >>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >>> To Unsubscribe: >>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus >>> >> >> Cyrus Home Page: http://www.cyrusimap.org/ >> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >> To Unsubscribe: >> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus >> > > > > > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyradm: perl: symbol lookup error?
That could be easily tested with "lam " COMMAND. On 2015-09-18 03:40, Patrick Goetz wrote: > Interesting. When I use cyradm to set up a new account, I always > execute 2 commands: > >cyradm --user administrator localhost > >localhost> cm user/daffyduck localhost> lam user/daffyduck >localhost> sam user/daffyduck daffyduck write > > Does this mean that the second command has been superfluous all along > and that these are the permissions that are created by default anyway? > > I.e. it would be sufficient to just do this? > >localhost> cm user/daffyduck > > > On 09/17/2015 03:03 PM, Patrick Boutilier wrote: >> On 09/17/2015 04:07 PM, Patrick Goetz wrote: >>> Thanks. I'm just now getting around to looking at this script. This >>> creates a mailbox, but don't you also need to set access privileges >>> for >>> the user associated with this mailbox? >> >> Only if you are going to change the default rights. User will have >> access by default. >> >> >> >> >> >>> >>> >>> >>> On 09/16/2015 12:00 PM, Patrick Boutilier wrote: >>>> >>>> We use this simple perl script to add users. Fill in appropriate >>>> username and password. >>>> >>>> >>>> >>>> >>>> >>>> #!/usr/bin/perl -w >>>> # >>>> use File::Basename; >>>> use IMAP::Admin; >>>> >>>> if ( 0 == scalar( @ARGV ) ) { >>>> die( "\n Usuage: $0 userid\n"); >>>> } >>>> >>>> >>>> $mailbox = "user.$ARGV[0]"; >>>> $username = ""; >>>> $password = ""; >>>> >>>> # Set this to the hostname of your IMAP server >>>> $IMAPSERVER = "localhost"; >>>> # >>>> >>>> # Main Code >>>> # >>>> # Login to IMAP server >>>> $imap = IMAP::Admin->new('Server' => $IMAPSERVER, >>>>'Login' => $username, >>>>'Password' => $password,) || die "no go >>>> $! >>>> !"; >>>> >>>> print "Login: " . $imap->error . "\n"; >>>> >>>> # Add user >>>> $add = $imap->create("$mailbox"); >>>> >>>> if ($add != 0) { >>>> print "Error: " . $imap->error . "\n"; >>>> } >>>> else { >>>> print "$ARGV[0] added.\n"; >>>> } >>>> >>>> >>>> # Close connection >>>> $imap->close; >>>> exit; >>>> >>>> >>>> >>>> Cyrus Home Page: http://www.cyrusimap.org/ >>>> List Archives/Info: >>>> http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >>>> To Unsubscribe: >>>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus >>>> >>> >>> Cyrus Home Page: http://www.cyrusimap.org/ >>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >>> To Unsubscribe: >>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus >>> >> >> >> >> >> Cyrus Home Page: http://www.cyrusimap.org/ >> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >> To Unsubscribe: >> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus >> > > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus -- Mogens +66 8701 33224 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyradm: perl: symbol lookup error?
Patrick, About question 3, is possible to use a php script or even a python script to manage users. Would be possible but I don't know if would be to you,install a new machine with a standard operational system just to manager these users. -- Miguel Mucio Santos Moreira Analista - LPIC 1 Linux Professional Institute Certified GRE - Gerência de Redes (31)3339-1401 PRODEMGE - Companhia de Tecnologia da Informação do Estado de Minas Gerais Aviso: Esta mensagem é destinada exclusivamente para a(s) pessoa(s) a quem é dirigida, podendo conter informação confidencial e legalmente protegida. Se você não for destinatário dela, desde já fica notificado de abster-se a divulgar, copiar, distribuir, examinar ou, de qualquer forma, utilizar a informação contida nesta mensagem, por ser ilegal. Caso você tenha recebido por engano, pedimos que responda essa mensagem informando o acontecido. Em 16/09/2015 13:33:42, Patrick Goetz escreveu: > So, I've been happily avoiding upgrading cyrus imap because everything has been working and I'm generally in the "if it ain't broke, don't fix it" category. Cyrus version: 2.4.17 Perl version: 5.22.0 However, this morning I tried to create a new user using cyradm and got a perl error message: pgoetz@www:~$ cyradm --user administrator localhost perl: symbol lookup error: /usr/lib/perl5/site_perl/auto/Cyrus/IMAP/IMAP.so: undefined symbol: Perl_xs_apiversion_bootcheck I'm running Arch linux, which aggressively updates software packages. Apparently some Perl upgrade broke cyradm? 3 questions: 1. Does this mean I need to bite the bullet and upgrade my cyrus installs? 2. Is upgrading to 2.5.6 painless? Should I just wait for 3.0? 3. Is there a workaround for cyradm not working for adding users? I've only ever used cyradm and have no idea how to add users otherwise. Cyrus Home Page: > http://www.cyrusimap.org/> List Archives/Info: > http://lists.andrew.cmu.edu/pipermail/info-cyrus/> To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus> Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyradm: perl: symbol lookup error?
On 09/16/2015 01:33 PM, Patrick Goetz wrote: So, I've been happily avoiding upgrading cyrus imap because everything has been working and I'm generally in the "if it ain't broke, don't fix it" category. Cyrus version: 2.4.17 Perl version: 5.22.0 However, this morning I tried to create a new user using cyradm and got a perl error message: pgoetz@www:~$ cyradm --user administrator localhost perl: symbol lookup error: /usr/lib/perl5/site_perl/auto/Cyrus/IMAP/IMAP.so: undefined symbol: Perl_xs_apiversion_bootcheck I'm running Arch linux, which aggressively updates software packages. Apparently some Perl upgrade broke cyradm? 3 questions: 1. Does this mean I need to bite the bullet and upgrade my cyrus installs? 2. Is upgrading to 2.5.6 painless? Should I just wait for 3.0? 3. Is there a workaround for cyradm not working for adding users? I've only ever used cyradm and have no idea how to add users otherwise. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus We use this simple perl script to add users. Fill in appropriate username and password. #!/usr/bin/perl -w # use File::Basename; use IMAP::Admin; if ( 0 == scalar( @ARGV ) ) { die( "\n Usuage: $0 userid\n"); } $mailbox = "user.$ARGV[0]"; $username = ""; $password = ""; # Set this to the hostname of your IMAP server $IMAPSERVER = "localhost"; # # Main Code # # Login to IMAP server $imap = IMAP::Admin->new('Server' => $IMAPSERVER, 'Login' => $username, 'Password' => $password,) || die "no go $! !"; print "Login: " . $imap->error . "\n"; # Add user $add = $imap->create("$mailbox"); if ($add != 0) { print "Error: " . $imap->error . "\n"; } else { print "$ARGV[0] added.\n"; } # Close connection $imap->close; exit; <> Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
cyradm: perl: symbol lookup error?
So, I've been happily avoiding upgrading cyrus imap because everything has been working and I'm generally in the "if it ain't broke, don't fix it" category. Cyrus version: 2.4.17 Perl version: 5.22.0 However, this morning I tried to create a new user using cyradm and got a perl error message: pgoetz@www:~$ cyradm --user administrator localhost perl: symbol lookup error: /usr/lib/perl5/site_perl/auto/Cyrus/IMAP/IMAP.so: undefined symbol: Perl_xs_apiversion_bootcheck I'm running Arch linux, which aggressively updates software packages. Apparently some Perl upgrade broke cyradm? 3 questions: 1. Does this mean I need to bite the bullet and upgrade my cyrus installs? 2. Is upgrading to 2.5.6 painless? Should I just wait for 3.0? 3. Is there a workaround for cyradm not working for adding users? I've only ever used cyradm and have no idea how to add users otherwise. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyradm: perl: symbol lookup error?
On Thu, 17 Sep 2015, at 02:33 AM, Patrick Goetz wrote: > pgoetz@www:~$ cyradm --user administrator localhost perl: symbol > lookup error: /usr/lib/perl5/site_perl/auto/Cyrus/IMAP/IMAP.so: > undefined symbol: Perl_xs_apiversion_bootcheck > > > I'm running Arch linux, which aggressively updates software packages. > Apparently some Perl upgrade broke cyradm? Perl modules aren't binary-compatible across major releases (the second number, 22 in your case - Perl versioning is a little odd). If you recompile Cyrus::IMAP against the new Perl it should all just come back to life. I haven't done that in isolation before but perl/imap/README looks correct from what I know of Cyrus and Perl. Give it a try. Rob N. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
GUI replacement for cyradm
Using cyradm to add mailboxes and do some acl stuff isn't too convenient if you're not doing it 50 times a day and you're a command line geek. So I hacked up an IMAP plugin to the Admin4 framework as cyradm replacement. It should work on any IMAP server, but has only been tested on several cyrus imapd installations so far. Currently, browsing/creating/renaming/deleting of mailboxes is implemented, as well as setting comments and acls. Quota will be displayed, setacl isn't implemented yet. Non-ASCII mailbox names are supported as well, displaying their utf-decoded name. check it here: https://admin4.org Comments/contributions welcome! Regards, Andreas Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: GUI replacement for cyradm
2014-11-06 14:29 GMT-02:00 Andreas Pflug andr...@admin4.org: Using cyradm to add mailboxes and do some acl stuff isn't too convenient if you're not doing it 50 times a day and you're a command line geek. So I hacked up an IMAP plugin to the Admin4 framework as cyradm replacement. It should work on any IMAP server, but has only been tested on several cyrus imapd installations so far. Currently, browsing/creating/renaming/deleting of mailboxes is implemented, as well as setting comments and acls. Quota will be displayed, setacl isn't implemented yet. Non-ASCII mailbox names are supported as well, displaying their utf-decoded name. check it here: https://admin4.org Comments/contributions welcome! See http://korreio.sf.net to get ideias Reinaldo Gil Lima de Carvalho http://dbsync.rtfd.org http://korreio.sf.net While not fully understand a software, don't try to adapt this software to the way you work, but rather yourself to the way the software works (myself) Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyradm cannot connect to cyrus imap server
Dear Cyrus Friends, On Thu, Feb 20, 2014 at 04:12:29PM -0600, Scott Lambert wrote: On Thu, Feb 20, 2014 at 10:35:42AM +0100, Willy Offermans wrote: Dear Cyrus Friends, I need your help to solve the following: I'm setting up cyrus on my new FreeBSD 10.0 server. I have used the following package: cyrus-imapd24-2.4.17_4 If I test my setup with imtest, I get connection to the imap server. MyName@MyComputer:~$ imtest -m login -u username -a username -s localhost It works However, if I try to connect via cyradm, I cannot login. MyName@MyComputer:~$ cyradm --user username localhost Password: verify error:num=19:self signed certificate in certificate chain cyradm: cannot authenticate to server with as username You specified your authentication mechanism to be login with imtest. You did not specify an authentication mechanism with cyradm. Perhaps it would work if you try : cyradm --auth login --user username localhost That is only a guess. -- Scott LambertKC5MLE Unix SysAdmin lamb...@lambertfam.org Indeed, I needed to specify an authentication mechanism and then I could use the command line interface of cyradm: cyradm --user username --auth PLAIN localhost If we are at this point anyway, I was wondering what I need to do to use another authentication mechanism. Is this possible? And what do I need to consider? The IMAP server response with the following authentication mechanism: AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM AUTH=PLAIN AUTH=LOGIN If I login with SCRAM-SHA-1: MyName@MyComputer:~$ cyradm --user username --auth SCRAM-SHA-1 localhost Password: verify error:num=19:self signed certificate in certificate chain cyradm: cannot authenticate to server with SCRAM-SHA-1 as username In the logs: Feb 21 09:48:36 MyComputer imap[17576]: badlogin: localhost [127.0.0.1] SCRAM-SHA-1 [SASL(-13): user not found: unable to canonify user and get auxprops] I'm pretty sure that the user is registered in the ldap database. -- Met vriendelijke groeten, With kind regards, Mit freundlichen Gruessen, De jrus wah, Wiel * W.K. Offermans Home: +31 45 544 49 44 Mobile: +31 681 15 87 68 e-mail: wi...@offermans.rompen.nl Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyradm cannot connect to cyrus imap server
On 02/21/14 10:50 +0100, Willy Offermans wrote: Indeed, I needed to specify an authentication mechanism and then I could use the command line interface of cyradm: cyradm --user username --auth PLAIN localhost If we are at this point anyway, I was wondering what I need to do to use another authentication mechanism. Is this possible? And what do I need to consider? The IMAP server response with the following authentication mechanism: AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM AUTH=PLAIN AUTH=LOGIN If I login with SCRAM-SHA-1: MyName@MyComputer:~$ cyradm --user username --auth SCRAM-SHA-1 localhost Password: verify error:num=19:self signed certificate in certificate chain cyradm: cannot authenticate to server with SCRAM-SHA-1 as username In the logs: Feb 21 09:48:36 MyComputer imap[17576]: badlogin: localhost [127.0.0.1] SCRAM-SHA-1 [SASL(-13): user not found: unable to canonify user and get auxprops] I'm pretty sure that the user is registered in the ldap database. DIGEST-MD5, CRAM-MD5, and SCRAM-SHA-1 all require cyrus sasl to have access to the shared secret (clear text password) to complete authentication. If you're using LDAP to store your user credentials, you'll need to use the ldapdb auxprop plugin and store users' clear text passwords in userPassword. Presumably you're using 'sasl_pwcheck_method: saslauthd' currently, which is sufficient for PLAIN and LOGIN authentication. If you choose not to go the ldapdb route, I recommend specifying a sasl_mech_list to limit your mechanisms to PLAIN and LOGIN (and EXTERNAL if you intend to do starttls client authentication). If you don't do that, in your current setup, most clients will attempt to first authenticate using a shared secret mechanism (including cyradm in your initial attempt), which will always fail on that attempt. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyradm cannot connect to cyrus imap server
Hallo Dan, On Fri, Feb 21, 2014 at 08:50:41AM -0600, Dan White wrote: On 02/21/14 10:50 +0100, Willy Offermans wrote: Indeed, I needed to specify an authentication mechanism and then I could use the command line interface of cyradm: cyradm --user username --auth PLAIN localhost If we are at this point anyway, I was wondering what I need to do to use another authentication mechanism. Is this possible? And what do I need to consider? The IMAP server response with the following authentication mechanism: AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM AUTH=PLAIN AUTH=LOGIN If I login with SCRAM-SHA-1: MyName@MyComputer:~$ cyradm --user username --auth SCRAM-SHA-1 localhost Password: verify error:num=19:self signed certificate in certificate chain cyradm: cannot authenticate to server with SCRAM-SHA-1 as username In the logs: Feb 21 09:48:36 MyComputer imap[17576]: badlogin: localhost [127.0.0.1] SCRAM-SHA-1 [SASL(-13): user not found: unable to canonify user and get auxprops] I'm pretty sure that the user is registered in the ldap database. DIGEST-MD5, CRAM-MD5, and SCRAM-SHA-1 all require cyrus sasl to have access to the shared secret (clear text password) to complete authentication. If you're using LDAP to store your user credentials, you'll need to use the ldapdb auxprop plugin and store users' clear text passwords in userPassword. Presumably you're using 'sasl_pwcheck_method: saslauthd' currently, which is sufficient for PLAIN and LOGIN authentication. If you choose not to go the ldapdb route, I recommend specifying a sasl_mech_list to limit your mechanisms to PLAIN and LOGIN (and EXTERNAL if you intend to do starttls client authentication). If you don't do that, in your current setup, most clients will attempt to first authenticate using a shared secret mechanism (including cyradm in your initial attempt), which will always fail on that attempt. -- Dan White Thank you a lot for the clarification. I did some search on the internet myself and I got some increased understanding myself. I changed the imapd.conf on the imap server and added: sasl_mech_list: PLAIN LOGIN to the settings. This solved several issues. So I can already confirm your suggestion for solution. But many thnx anyway. You are pointing to EXTERNAL, next to PLAIN and LOGIN. I do not understand this mechanism yet. At the moment I believe I have PLAIN password wrapped into TLS. So I already do starttls client authentication. What will EXTERNAL do? -- Met vriendelijke groeten, With kind regards, Mit freundlichen Gruessen, De jrus wah, Wiel * W.K. Offermans Home: +31 45 544 49 44 Mobile: +31 681 15 87 68 e-mail: wi...@offermans.rompen.nl Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyradm cannot connect to cyrus imap server
On 02/21/14 16:11 +0100, Willy Offermans wrote: You are pointing to EXTERNAL, next to PLAIN and LOGIN. I do not understand this mechanism yet. At the moment I believe I have PLAIN password wrapped into TLS. So I already do starttls client authentication. What will EXTERNAL do? TLS client authentication is a scenario where you perform TLS authentication where the client also has a certificate. The server can then use the contents of the client certificate to derive the username (with no password, per se). For example, 'cyradm --tlskey file'. The EXTERNAL mechanism should not be offered unless TLS client authentication was successful during the starttls step. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyradm cannot connect to cyrus imap server
Hello Dan, On Fri, Feb 21, 2014 at 09:22:55AM -0600, Dan White wrote: On 02/21/14 16:11 +0100, Willy Offermans wrote: You are pointing to EXTERNAL, next to PLAIN and LOGIN. I do not understand this mechanism yet. At the moment I believe I have PLAIN password wrapped into TLS. So I already do starttls client authentication. What will EXTERNAL do? TLS client authentication is a scenario where you perform TLS authentication where the client also has a certificate. The server can then use the contents of the client certificate to derive the username (with no password, per se). For example, 'cyradm --tlskey file'. The EXTERNAL mechanism should not be offered unless TLS client authentication was successful during the starttls step. -- Dan White This sounds interesting. I thought that TLSVerifyClient demand in slapd.conf was forcing this behavior. I like to read more about the EXTERNAL mechanism. Do you recommend some reading? At the moment I will stick to PLAIN and play with replication, serving multiple domains etc. -- Met vriendelijke groeten, With kind regards, Mit freundlichen Gruessen, De jrus wah, Wiel * W.K. Offermans Home: +31 45 544 49 44 Mobile: +31 681 15 87 68 e-mail: wi...@offermans.rompen.nl Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyradm cannot connect to cyrus imap server
On 02/21/14 16:33 +0100, Willy Offermans wrote: This sounds interesting. I thought that TLSVerifyClient demand in slapd.conf was forcing this behavior. I like to read more about the EXTERNAL mechanism. Do you recommend some reading? At the moment I will stick to PLAIN and play with replication, serving multiple domains etc. A TLS primer would be the best place to start. A problem that you may encounter with EXTERNAL over STARTTLS, is that the username mapping process is not standardized, and is left up to the server implementation to perform. Cyrus imapd and slapd may do so in inconsistent ways. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyradm cannot connect to cyrus imap server
On 02/20/14 10:35 +0100, Willy Offermans wrote: I'm setting up cyrus on my new FreeBSD 10.0 server. I have used the following package: cyrus-imapd24-2.4.17_4 If I test my setup with imtest, I get connection to the imap server. MyName@MyComputer:~$ imtest -m login -u username -a username -s localhost verify error:num=19:self signed certificate in certificate chain TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM AUTH=PLAIN AUTH=LOGIN SASL-IR] MyComputer Cyrus IMAP v2.4.17 server ready Please enter your password: C: L01 LOGIN username {13} S: + go ahead C: omitted S: L01 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY LOGINDISABLED AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM AUTH=PLAIN AUTH=LOGIN COMPRESS=DEFLATE IDLE] User logged in SESSIONID=MyComputer-11451-1392884061-1 Authenticated. Security strength factor: 256 From the message log file: Feb 19 09:00:11 MyComputer imaps[3437]: imapd:Loading hard-coded DH parameters Feb 19 09:00:11 MyComputer imaps[3437]: starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication Feb 19 09:00:11 MyComputer imaps[3437]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied Feb 19 09:00:15 MyComputer imaps[3437]: badlogin: localhost [127.0.0.1] plaintext username SASL(-13): authentication failure: checkpass failed Feb 19 09:00:30 MyComputer imaps[3437]: starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication Feb 19 09:00:30 MyComputer imaps[3437]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied Feb 19 09:00:39 MyComputer imaps[3437]: login: localhost [127.0.0.1] username plaintext+TLS User logged in SESSIONID=MyComputer-3437-1392800430-1 Feb 19 09:02:18 MyComputer imaps[3437]: USAGE username user: 0.007544 sys: 0.022632 However, if I try to connect via cyradm, I cannot login. MyName@MyComputer:~$ cyradm --user username localhost Password: verify error:num=19:self signed certificate in certificate chain cyradm: cannot authenticate to server with as username Does the output really say this (empty username)? I'm assuming you just removed it when pasting it. from the message log file: Feb 19 09:02:41 MyComputer imap[3440]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied Feb 19 09:02:48 MyComputer imap[3440]: badlogin: localhost [127.0.0.1] SCRAM-SHA-1 [SASL(-13): user not found: unable to canonify user and get auxprops] Feb 19 09:02:51 MyComputer imap[3440]: badlogin: localhost [127.0.0.1] DIGEST-MD5 [SASL(-13): user not found: unable to canonify user and get auxprops] Feb 19 09:02:55 MyComputer imap[3440]: imapd:Loading hard-coded DH parameters Feb 19 09:02:55 MyComputer imap[3440]: starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication Feb 19 09:02:55 MyComputer imap[3440]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied In imapd.conf, set: sasl_mech_list: PLAIN LOGIN EXTERNAL to remove some extraneous error messages. Try specifying a mechanism (--auth=PLAIN) in your cyradm command. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyradm cannot connect to cyrus imap server
Hello Dan and Cyrus Friends, On Thu, Feb 20, 2014 at 08:38:42AM -0600, Dan White wrote: On 02/20/14 10:35 +0100, Willy Offermans wrote: I'm setting up cyrus on my new FreeBSD 10.0 server. I have used the following package: cyrus-imapd24-2.4.17_4 If I test my setup with imtest, I get connection to the imap server. MyName@MyComputer:~$ imtest -m login -u username -a username -s localhost verify error:num=19:self signed certificate in certificate chain TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM AUTH=PLAIN AUTH=LOGIN SASL-IR] MyComputer Cyrus IMAP v2.4.17 server ready Please enter your password: C: L01 LOGIN username {13} S: + go ahead C: omitted S: L01 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY LOGINDISABLED AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM AUTH=PLAIN AUTH=LOGIN COMPRESS=DEFLATE IDLE] User logged in SESSIONID=MyComputer-11451-1392884061-1 Authenticated. Security strength factor: 256 From the message log file: Feb 19 09:00:11 MyComputer imaps[3437]: imapd:Loading hard-coded DH parameters Feb 19 09:00:11 MyComputer imaps[3437]: starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication Feb 19 09:00:11 MyComputer imaps[3437]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied Feb 19 09:00:15 MyComputer imaps[3437]: badlogin: localhost [127.0.0.1] plaintext username SASL(-13): authentication failure: checkpass failed Feb 19 09:00:30 MyComputer imaps[3437]: starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication Feb 19 09:00:30 MyComputer imaps[3437]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied Feb 19 09:00:39 MyComputer imaps[3437]: login: localhost [127.0.0.1] username plaintext+TLS User logged in SESSIONID=MyComputer-3437-1392800430-1 Feb 19 09:02:18 MyComputer imaps[3437]: USAGE username user: 0.007544 sys: 0.022632 However, if I try to connect via cyradm, I cannot login. MyName@MyComputer:~$ cyradm --user username localhost Password: verify error:num=19:self signed certificate in certificate chain cyradm: cannot authenticate to server with as username Does the output really say this (empty username)? I'm assuming you just removed it when pasting it. No Dan, I did not remove anything. I just replaced the actual username by username. There is a whitespace between with and as in the output! from the message log file: Feb 19 09:02:41 MyComputer imap[3440]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied Feb 19 09:02:48 MyComputer imap[3440]: badlogin: localhost [127.0.0.1] SCRAM-SHA-1 [SASL(-13): user not found: unable to canonify user and get auxprops] Feb 19 09:02:51 MyComputer imap[3440]: badlogin: localhost [127.0.0.1] DIGEST-MD5 [SASL(-13): user not found: unable to canonify user and get auxprops] Feb 19 09:02:55 MyComputer imap[3440]: imapd:Loading hard-coded DH parameters Feb 19 09:02:55 MyComputer imap[3440]: starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication Feb 19 09:02:55 MyComputer imap[3440]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied In imapd.conf, set: sasl_mech_list: PLAIN LOGIN EXTERNAL to remove some extraneous error messages. Try specifying a mechanism (--auth=PLAIN) in your cyradm command. -- Dan White I did this and it worked: MyName@MyComputer:~$ cyradm --user username --auth PLAIN localhost verify error:num=19:self signed certificate in certificate chain Password: localhost Many thnx for your help! -- Met vriendelijke groeten, With kind regards, Mit freundlichen Gruessen, Wiel * W.K. Offermans Home: +31 45 544 49 44 Mobile: +31 681 15 87 68 e-mail: wi...@offermans.rompen.nl Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyradm cannot connect to cyrus imap server
On Thu, Feb 20, 2014 at 10:35:42AM +0100, Willy Offermans wrote: Dear Cyrus Friends, I need your help to solve the following: I'm setting up cyrus on my new FreeBSD 10.0 server. I have used the following package: cyrus-imapd24-2.4.17_4 If I test my setup with imtest, I get connection to the imap server. MyName@MyComputer:~$ imtest -m login -u username -a username -s localhost It works However, if I try to connect via cyradm, I cannot login. MyName@MyComputer:~$ cyradm --user username localhost Password: verify error:num=19:self signed certificate in certificate chain cyradm: cannot authenticate to server with as username You specified your authentication mechanism to be login with imtest. You did not specify an authentication mechanism with cyradm. Perhaps it would work if you try : cyradm --auth login --user username localhost That is only a guess. -- Scott LambertKC5MLE Unix SysAdmin lamb...@lambertfam.org Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyradm cannot connect to cyrus imap server
if cyrus is your user admin just do cyradm --user cyrus --server localhost and it will work depending on your password backend you may need to add user cyrus with sasldb2 or if you use local unix account with saslauthd you just need to set a password for user cyrus with passwd On 2/20/14 11:12 PM, Scott Lambert wrote: On Thu, Feb 20, 2014 at 10:35:42AM +0100, Willy Offermans wrote: Dear Cyrus Friends, I need your help to solve the following: I'm setting up cyrus on my new FreeBSD 10.0 server. I have used the following package: cyrus-imapd24-2.4.17_4 If I test my setup with imtest, I get connection to the imap server. MyName@MyComputer:~$ imtest -m login -u username -a username -s localhost It works However, if I try to connect via cyradm, I cannot login. MyName@MyComputer:~$ cyradm --user username localhost Password: verify error:num=19:self signed certificate in certificate chain cyradm: cannot authenticate to server with as username You specified your authentication mechanism to be login with imtest. You did not specify an authentication mechanism with cyradm. Perhaps it would work if you try : cyradm --auth login --user username localhost That is only a guess. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: `cyradm` login `lm` behavior with Virtual Domains
On 01/21/12 02:59 -0800, Reg Proctor wrote: Hi, I just want to confirm that logging into cyradm as I am experiencing it is normal and that lm is behaving as it should be. It seems a little unusual to me. First cyradm logging in, here is what I am seeing: To log into cyradm I have to set my defaultdomain to localhost and then I can login like this: cyradm -u cyrus localhost pwd: xx However, using MySQL and setting the tracing so I can see the SQL statements I actually see this: SELECT AES_DECRYPT(`password`, 'x') AS password FROM `accounts` WHERE `user`='cyrus' AND `realm`='www.domain.com' AND `virtual` != 0; where `www.domain.com` is the fully qualified domain name (FQDN) of the server. This means in the database if the user is stored as [user: cyrus, realm: localhost], the login will fail. Instead the use has to be stored as [user: cyrus, realm: www.domain.com ], and once that change is made I can login. While this is trivial once you know it I couldn't find where is mentioned that that would be the behavior in the docs. Also, and perhaps more importantly, it makes the database non-portable to other servers which may cause problems with a high availability setup through multiple servers where someone is replicating a database periodically. Do you have? virtdomains: on If so, try: virtdomains: userid See the manpage for imapd.conf, and: http://www.cyrusimap.org/docs/cyrus-imapd/2.4.13/install-virtdomains.php Also, some mechanisms may derive your realm from the authentication exchange (digest-md5 and gssapi). I'm not clear if that realm value is relevant before authentication is complete. If necessary, try explicitly specifying another mechanism like plain or login (--auth). Second, `lm` wildcard behavior: With `lm`, once I am logged in this is the behavior I am seeing with wildcards: Works: lm lm * lm *@fulldomain Doesn't work: lm *@* lm *@partialdomain* It seems to me that if my domain was abc.com and I wanted to list all users I should be able to do so with lm *@abc* or lm *@ab* etc. however anything but the full domain will not work. Neither I guess would something like fred@* if you wanted to find all the fred's (not that I can see any reason to do that). I'm just wondering if this is by design or perhaps could be improved or maybe my distr. has a bug? I don't know. Cyrus stores mailboxes internally like: example.org!user.jsmith.Trash -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: `cyradm` login `lm` behavior with Virtual Domains
If you have 'virtdomains: userid' but you are still seeing a realm get passed to mysql, but are not passing on in the client, then I'm guessing you're doing DIGEST-MD5 authentication. How DIGEST-MD5 and realms are intended to function is probably best described in RFC 2831. You could try using another mechanism, or just ignore the realm altogether in your SQL statement. Depending on your configuration, you may be able to ignore the realm altogether, and still support virtual domains. On 01/23/12 11:03 -0800, Reg wrote: Hello Dan, Thanks for the reply. virtdomains: userid - Yep, this is the way I have it set up. See the manpage for imapd.conf, and: http://www.cyrusimap.org/docs/cyrus-imapd/2.4.13/install-virtdomains.php; Virtual domains do work, I've had it working for over a year. My question isn't How to get it to work?, the question is Is the behavior I described normal? because it seems odd and I couldn't find any documention for some of what I saw, as I mentioned. Anyway if it's one of those unknowns I guess we'll just let it go. Thanks, Reg Monday, January 23, 2012, 9:40:45 AM, you wrote: On 01/21/12 02:59 -0800, Reg Proctor wrote: Hi, I just want to confirm that logging into cyradm as I am experiencing it is normal and that lm is behaving as it should be. It seems a little unusual to me. First cyradm logging in, here is what I am seeing: To log into cyradm I have to set my defaultdomain to localhost and then I can login like this: cyradm -u cyrus localhost pwd: xx However, using MySQL and setting the tracing so I can see the SQL statements I actually see this: SELECT AES_DECRYPT(`password`, 'x') AS password FROM `accounts` WHERE `user`='cyrus' AND `realm`='www.domain.com' AND `virtual` != 0; where `www.domain.com` is the fully qualified domain name (FQDN) of the server. This means in the database if the user is stored as [user: cyrus, realm: localhost], the login will fail. Instead the use has to be stored as [user: cyrus, realm: www.domain.com ], and once that change is made I can login. While this is trivial once you know it I couldn't find where is mentioned that that would be the behavior in the docs. Also, and perhaps more importantly, it makes the database non-portable to other servers which may cause problems with a high availability setup through multiple servers where someone is replicating a database periodically. Do you have? virtdomains: on If so, try: virtdomains: userid See the manpage for imapd.conf, and: http://www.cyrusimap.org/docs/cyrus-imapd/2.4.13/install-virtdomains.php Also, some mechanisms may derive your realm from the authentication exchange (digest-md5 and gssapi). I'm not clear if that realm value is relevant before authentication is complete. If necessary, try explicitly specifying another mechanism like plain or login (--auth). Second, `lm` wildcard behavior: With `lm`, once I am logged in this is the behavior I am seeing with wildcards: Works: lm lm * lm *@fulldomain Doesn't work: lm *@* lm *@partialdomain* It seems to me that if my domain was abc.com and I wanted to list all users I should be able to do so with lm *@abc* or lm *@ab* etc. however anything but the full domain will not work. Neither I guess would something like fred@* if you wanted to find all the fred's (not that I can see any reason to do that). I'm just wondering if this is by design or perhaps could be improved or maybe my distr. has a bug? I don't know. Cyrus stores mailboxes internally like: example.org!user.jsmith.Trash -- Dan White BTC Broadband Ph 918.366.0248 (direct) main: (918)366-8000 Fax 918.366.6610email: dwh...@olp.net http://www.btcbroadband.com Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
`cyradm` login `lm` behavior with Virtual Domains
Hi, I just want to confirm that logging into cyradm as I am experiencing it is normal and that lm is behaving as it should be. It seems a little unusual to me. First cyradm logging in, here is what I am seeing: To log into cyradm I have to set my defaultdomain to localhost and then I can login like this: cyradm -u cyrus localhost pwd: xx However, using MySQL and setting the tracing so I can see the SQL statements I actually see this: SELECT AES_DECRYPT(`password`, 'x') AS password FROM `accounts` WHERE `user`='cyrus' AND `realm`='www.domain.com' AND `virtual` != 0; where `www.domain.com` is the fully qualified domain name (FQDN) of the server. This means in the database if the user is stored as [user: cyrus, realm: localhost], the login will fail. Instead the use has to be stored as [user: cyrus, realm: www.domain.com ], and once that change is made I can login. While this is trivial once you know it I couldn't find where is mentioned that that would be the behavior in the docs. Also, and perhaps more importantly, it makes the database non-portable to other servers which may cause problems with a high availability setup through multiple servers where someone is replicating a database periodically. Second, `lm` wildcard behavior: With `lm`, once I am logged in this is the behavior I am seeing with wildcards: Works: lm lm * lm *@fulldomain Doesn't work: lm *@* lm *@partialdomain* It seems to me that if my domain was abc.com and I wanted to list all users I should be able to do so with lm *@abc* or lm *@ab* etc. however anything but the full domain will not work. Neither I guess would something like fred@* if you wanted to find all the fred's (not that I can see any reason to do that). I'm just wondering if this is by design or perhaps could be improved or maybe my distr. has a bug? Thanks, Reg Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
cyradm +reconstruct all mailboxes (2.3.xx)
Hello, after copying mails to the new server and reconstructing emails with a command sudo -u cyrus /usr/lib/cyrus/bin/reconstruct -r -f user.username seems to be all fine. But after some fights with plugin for check quota in the Squirrelmail I tried a command for listing quota in the cyradm. Command mentioned above didn't reconstructed usage. Reconstruction of the usage works fine only in the cyradm. But it doesn't accept wildcard * to reconstruct all mailboxes. So there is a question - how to reconstruct all ? Any ideas ? Thanks and best regards J.K. -- Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and check. If you've problem with sending emails to me, start using email origin methods mentioned above. Thank you. This message was sent using IMP, the Internet Messaging Program. bin2No4uqVG9o.bin Description: Veřejný PGP klíč Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: cyradm +reconstruct all mailboxes (2.3.xx)
Hello, after copying mails to the new server and reconstructing emails with a command sudo -u cyrus /usr/lib/cyrus/bin/reconstruct -r -f user.username seems to be all fine. But after some fights with plugin for check quota in the Squirrelmail I tried a command for listing quota in the cyradm. Command mentioned above didn't reconstructed usage. Reconstruction of the usage works fine only in the cyradm. But it doesn't accept wildcard * to reconstruct all mailboxes. So there is a question - how to reconstruct all ? Any ideas ? Did you try simply reconstruct -r -f without mailbox name? Simon Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: cyradm +reconstruct all mailboxes (2.3.xx)
Hi, reconstructing not in the cyradm reconstructs mails and folders, not the quota that I need to reconstruct :-/ localhost reconstruct * reconstruct: Mailbox does not exist localhost reconstruct user.* reconstruct: Mailbox does not exist localhost reconstruct usage: reconstruct [-r] mailbox localhost reconstruct -r -f usage: reconstruct [-r] mailbox localhost reconstruct -r usage: reconstruct [-r] mailbox Thanks J.K. Cituji Simon Matter simon.mat...@invoca.ch: Hello, after copying mails to the new server and reconstructing emails with a command sudo -u cyrus /usr/lib/cyrus/bin/reconstruct -r -f user.username seems to be all fine. But after some fights with plugin for check quota in the Squirrelmail I tried a command for listing quota in the cyradm. Command mentioned above didn't reconstructed usage. Reconstruction of the usage works fine only in the cyradm. But it doesn't accept wildcard * to reconstruct all mailboxes. So there is a question - how to reconstruct all ? Any ideas ? Did you try simply reconstruct -r -f without mailbox name? Simon -- Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and check. If you've problem with sending emails to me, start using email origin methods mentioned above. Thank you. This message was sent using IMP, the Internet Messaging Program. binzSEv217SuS.bin Description: Veřejný PGP klíč Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: cyradm +reconstruct all mailboxes (2.3.xx)
I believe the wildcard is a % not a *. Try using % or since you are dealing with user accounts, user.% or user/% whichever way your options are set. On Jul 21, 2011, at 1:17 AM, Josef Karliak wrote: reconstructing not in the cyradm reconstructs mails and folders, not the quota that I need to reconstruct :-/ localhost reconstruct * reconstruct: Mailbox does not exist localhost reconstruct user.* reconstruct: Mailbox does not exist localhost reconstruct usage: reconstruct [-r] mailbox localhost reconstruct -r -f usage: reconstruct [-r] mailbox localhost reconstruct -r usage: reconstruct [-r] mailbox Thanks J.K. Cituji Simon Matter simon.mat...@invoca.ch: Hello, after copying mails to the new server and reconstructing emails with a command sudo -u cyrus /usr/lib/cyrus/bin/reconstruct -r -f user.username seems to be all fine. But after some fights with plugin for check quota in the Squirrelmail I tried a command for listing quota in the cyradm. Command mentioned above didn't reconstructed usage. Reconstruction of the usage works fine only in the cyradm. But it doesn't accept wildcard * to reconstruct all mailboxes. So there is a question - how to reconstruct all ? Any ideas ? Did you try simply reconstruct -r -f without mailbox name? Simon -- Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and check. If you've problem with sending emails to me, start using email origin methods mentioned above. Thank you. This message was sent using IMP, the Internet Messaging Program. Mail Attachment Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: cyradm login loops
Occasionally, I see something mentioned about tracing a particular cyrus process to determine what's going on (or wrong, as the case may be). How is this done? I'm not getting very far at resolving my particular problem, so I'd like to know what the proxyd process thinks it's doing each time it spawns a new connection to itself. Rob On 7/1/11 9:10 AM, Robert Spellman wrote: We have recently upgraded to cyrus 2.4.6. Our environment includes a server running as a murder server, four back end mailstores, and two front end servers. If we mistakenly create a user mailbox on one of the front end servers using cyradm, and then try to manage it (dm, sam, info, lm), cpu load on the front end server increases until the box is unusable. Syslogs show the user cyrus (our admin user) logging in over and over, each time creating a new proxyd process, which explains the high cpu load. Managing mailboxes on the back end servers from the front end servers works fine. Here's my imapd.conf for one of my front end servers: configdirectory: /var/lib/imap partition-default: /home/imap defaultpartition: default sievedir: /var/lib/imap/sieve admins: cyrus backend sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN GSSAPI altnamespace: true hashimapspool: true allowallsubscribe: true allowusermoves: true autocreateinboxfolders: Trash|Sent|Junk autosubscribeinboxfolders: Trash|Sent|Junk autosubscribesharedfolders: shared.announce lmtp_downcase_rcpt: true tls_cert_file: /etc/pki/tls/certs/mail.bates.edu-cert.pem tls_key_file: /etc/pki/tls/certs/mail.bates.edu-key.pem tls_ca_file: /etc/pki/tls/certs/bates.edu-cert.pem proxy_authname: backend proxyservers: backend mupdate_server: murder.bates.edu mupdate_username: backend Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ attachment: rspell.vcf Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: cyradm login loops
See: http://stuff.mit.edu/afs/sipb/project/linerva/project/packages/cyrus/cyrus21-imapd-2.1.18/debian/README.Debian.debug On 05/07/11 13:38 -0400, Robert Spellman wrote: Occasionally, I see something mentioned about tracing a particular cyrus process to determine what's going on (or wrong, as the case may be). How is this done? I'm not getting very far at resolving my particular problem, so I'd like to know what the proxyd process thinks it's doing each time it spawns a new connection to itself. Rob On 7/1/11 9:10 AM, Robert Spellman wrote: We have recently upgraded to cyrus 2.4.6. Our environment includes a server running as a murder server, four back end mailstores, and two front end servers. If we mistakenly create a user mailbox on one of the front end servers using cyradm, and then try to manage it (dm, sam, info, lm), cpu load on the front end server increases until the box is unusable. Syslogs show the user cyrus (our admin user) logging in over and over, each time creating a new proxyd process, which explains the high cpu load. Managing mailboxes on the back end servers from the front end servers works fine. Here's my imapd.conf for one of my front end servers: configdirectory: /var/lib/imap partition-default: /home/imap defaultpartition: default sievedir: /var/lib/imap/sieve admins: cyrus backend sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN GSSAPI altnamespace: true hashimapspool: true allowallsubscribe: true allowusermoves: true autocreateinboxfolders: Trash|Sent|Junk autosubscribeinboxfolders: Trash|Sent|Junk autosubscribesharedfolders: shared.announce lmtp_downcase_rcpt: true tls_cert_file: /etc/pki/tls/certs/mail.bates.edu-cert.pem tls_key_file: /etc/pki/tls/certs/mail.bates.edu-key.pem tls_ca_file: /etc/pki/tls/certs/bates.edu-cert.pem proxy_authname: backend proxyservers: backend mupdate_server: murder.bates.edu mupdate_username: backend Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ begin:vcard fn:Robert Spellman n:Spellman;Robert org:Bates College;Information and Library Services adr;dom:;;110 Russell Street;Lewiston;Maine;04240 email;internet:rsp...@bates.edu title:Assistant Directory, Network Services tel;work:207-786-6422 note;quoted-printable:01000111011000100101001001100101011001000101001101100= 011=0D=0A= url:http://www.bates.edu/ version:2.1 end:vcard Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
cyradm login loops
We have recently upgraded to cyrus 2.4.6. Our environment includes a server running as a murder server, four back end mailstores, and two front end servers. If we mistakenly create a user mailbox on one of the front end servers using cyradm, and then try to manage it (dm, sam, info, lm), cpu load on the front end server increases until the box is unusable. Syslogs show the user cyrus (our admin user) logging in over and over, each time creating a new proxyd process, which explains the high cpu load. Managing mailboxes on the back end servers from the front end servers works fine. Here's my imapd.conf for one of my front end servers: configdirectory: /var/lib/imap partition-default: /home/imap defaultpartition: default sievedir: /var/lib/imap/sieve admins: cyrus backend sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN GSSAPI altnamespace: true hashimapspool: true allowallsubscribe: true allowusermoves: true autocreateinboxfolders: Trash|Sent|Junk autosubscribeinboxfolders: Trash|Sent|Junk autosubscribesharedfolders: shared.announce lmtp_downcase_rcpt: true tls_cert_file: /etc/pki/tls/certs/mail.bates.edu-cert.pem tls_key_file: /etc/pki/tls/certs/mail.bates.edu-key.pem tls_ca_file: /etc/pki/tls/certs/bates.edu-cert.pem proxy_authname: backend proxyservers: backend mupdate_server: murder.bates.edu mupdate_username: backend attachment: rspell.vcf Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: cyradm login loops
On 01/07/11 09:10 -0400, Robert Spellman wrote: We have recently upgraded to cyrus 2.4.6. Our environment includes a server running as a murder server, four back end mailstores, and two front end servers. If we mistakenly create a user mailbox on one of the front end servers using cyradm, and then try to manage it (dm, sam, info, lm), cpu load on the front end server increases until the box is unusable. Syslogs show the user cyrus (our admin user) logging in over and over, each time creating a new proxyd process, which explains the high cpu load. Managing mailboxes on the back end servers from the front end servers works fine. Here's my imapd.conf for one of my front end servers: configdirectory: /var/lib/imap partition-default: /home/imap defaultpartition: default sievedir: /var/lib/imap/sieve admins: cyrus backend sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN GSSAPI altnamespace: true hashimapspool: true allowallsubscribe: true allowusermoves: true autocreateinboxfolders: Trash|Sent|Junk autosubscribeinboxfolders: Trash|Sent|Junk autosubscribesharedfolders: shared.announce lmtp_downcase_rcpt: true tls_cert_file: /etc/pki/tls/certs/mail.bates.edu-cert.pem tls_key_file: /etc/pki/tls/certs/mail.bates.edu-key.pem tls_ca_file: /etc/pki/tls/certs/bates.edu-cert.pem proxy_authname: backend proxyservers: backend mupdate_server: murder.bates.edu mupdate_username: backend Could it be due to a referral loop, where the frontend believes the mailbox exists on the backend, but the backend doesn't know about it? What does the mailbox look like in the output of cyr_dbtool on the frontend and the backend?, and does it 'fix' the problem if you delete it manually on the frontend with cyr_dbtool? Here's a usage example: cyrus@mail:/var/spool/imap$ file /var/lib/imap/mailboxes.db /var/lib/imap/mailboxes.db: Cyrus skiplist DB cyrus@mail:/var/spool/imap$ cyr_dbtool /var/lib/imap/mailboxes.db skiplist show user.test1234 user.test1234 (uniqueid 6ebe0fe04dad935f) 0 default test1234 lrswipkxtecda user.test1234.trash (uniqueid 638c3a464dad9368) 0 default test1234 lrswipkxtecda cyrus@mail:/var/spool/imap$ cyr_dbtool /var/lib/imap/mailboxes.db skiplist get 'user.test1234.trash' (uniqueid 638c3a464dad9368) 0 default test1234 lrswipkxtecda cyrus@mail:/var/spool/imap$ cyr_dbtool /var/lib/imap/mailboxes.db skiplist delete 'user.test1234.trash' cyrus@mail:/var/spool/imap$ cyr_dbtool /var/lib/imap/mailboxes.db skiplist get 'user.test1234.trash' -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: cyradm login loops
It appears that the front end does know that it has the mailbox: [cyrus@postoffice09 ~]$ cyr_dbtool `pwd`/mailboxes.db skiplist show user.frodo user.frodo1 postoffice09.bates.edu!default frodolrswipkxtecda The backend knows nothing about the user frodo: [cyrus@mailstore07 ~]$ cyr_dbtool /var/lib/imap/mailboxes.db skiplist show user.frodo [cyrus@mailstore07 ~]$ Murder does know: [cyrus@murder ~]$ cyr_dbtool /var/lib/imap/mailboxes.db skiplist show user.frodo user.frodo1 postoffice09.bates.edu!default frodolrswipkxtecda Deleting the mailbox using cyr_dbtool works, which does resolve the problem. Rob On 7/1/11 9:49 AM, Dan White wrote: Could it be due to a referral loop, where the frontend believes the mailbox exists on the backend, but the backend doesn't know about it? What does the mailbox look like in the output of cyr_dbtool on the frontend and the backend?, and does it 'fix' the problem if you delete it manually on the frontend with cyr_dbtool? Here's a usage example: cyrus@mail:/var/spool/imap$ file /var/lib/imap/mailboxes.db /var/lib/imap/mailboxes.db: Cyrus skiplist DB cyrus@mail:/var/spool/imap$ cyr_dbtool /var/lib/imap/mailboxes.db skiplist show user.test1234 user.test1234 (uniqueid 6ebe0fe04dad935f) 0 default test1234 lrswipkxtecda user.test1234.trash (uniqueid 638c3a464dad9368) 0 default test1234 lrswipkxtecda cyrus@mail:/var/spool/imap$ cyr_dbtool /var/lib/imap/mailboxes.db skiplist get 'user.test1234.trash' (uniqueid 638c3a464dad9368) 0 default test1234 lrswipkxtecda cyrus@mail:/var/spool/imap$ cyr_dbtool /var/lib/imap/mailboxes.db skiplist delete 'user.test1234.trash' cyrus@mail:/var/spool/imap$ cyr_dbtool /var/lib/imap/mailboxes.db skiplist get 'user.test1234.trash' attachment: rspell.vcf Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
cyradm referall 2.4.1 version
I have 3 Frontends in DMZ, 4 Backends in Intranet and a Administrative Station in other network. The administrative station, and clients stations can not connect direct to backend servers. In imapd.conf i enable the parameter: proxyd_disable_mailbox_referrals: 1 With 2.3.16 dont have problem to issue commands direct in frontends using cyradm. cyradm --user cyrus frontend2316 info user/mailbox - OK lam user/mailbox - OK sam user/mailbox - OK cm user/mailbox - OK With 2.4.X : cyradm --user cyrus frontend241 info user/mailbox - OK lam user/mailbox - OK sam user/mailbox - timeout error cm user/mailbox - timeout error Without firewall ( frontend - firewall - backend ) : info user/mailbox - OK lam user/mailbox - OK sam user/mailbox - Ask for backend password cm user/mailbox - Ask for backend password I keep same config between cyrus 2.4.1 and cyrus 2.3.16. Its possible to disable referall to cyradm ? Regards Zinato Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: cyradm referall 2.4.1 version
I'm not sure what the story is with this one. Ken might have a better idea since they use murder and cyradm at CMU (I just use telnet directly or Perl modules that talk pure IMAP, and we don't use murder at FastMail). I've CC'd him. Would be great if you can create bugs in bugzilla too, just so we can track them. And thanks for all your testing and feedback. You've found more bugs than anyone else so far (not counting FastMail users of course - they got to test all this stuff long before the public release!) Bron. On Tue, Oct 19, 2010 at 07:54:13AM -0200, Lucas Zinato Carraro wrote: I have 3 Frontends in DMZ, 4 Backends in Intranet and a Administrative Station in other network. The administrative station, and clients stations can not connect direct to backend servers. In imapd.conf i enable the parameter: proxyd_disable_mailbox_referrals: 1 With 2.3.16 dont have problem to issue commands direct in frontends using cyradm. cyradm --user cyrus frontend2316 info user/mailbox - OK lam user/mailbox - OK sam user/mailbox - OK cm user/mailbox - OK With 2.4.X : cyradm --user cyrus frontend241 info user/mailbox - OK lam user/mailbox - OK sam user/mailbox - timeout error cm user/mailbox - timeout error Without firewall ( frontend - firewall - backend ) : info user/mailbox - OK lam user/mailbox - OK sam user/mailbox - Ask for backend password cm user/mailbox - Ask for backend password I keep same config between cyrus 2.4.1 and cyrus 2.3.16. Its possible to disable referall to cyradm ? Regards Zinato Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: cyradm referall 2.4.1 version
On 19 Oct 2010, at 05:54, Lucas Zinato Carraro wrote: I have 3 Frontends in DMZ, 4 Backends in Intranet and a Administrative Station in other network. The administrative station, and clients stations can not connect direct to backend servers. In imapd.conf i enable the parameter: proxyd_disable_mailbox_referrals: 1 With 2.3.16 dont have problem to issue commands direct in frontends using cyradm. cyradm --user cyrus frontend2316 info user/mailbox - OK lam user/mailbox - OK sam user/mailbox - OK cm user/mailbox - OK With 2.4.X : cyradm --user cyrus frontend241 info user/mailbox - OK lam user/mailbox - OK sam user/mailbox - timeout error cm user/mailbox - timeout error Without firewall ( frontend - firewall - backend ) : info user/mailbox - OK lam user/mailbox - OK sam user/mailbox - Ask for backend password cm user/mailbox - Ask for backend password I keep same config between cyrus 2.4.1 and cyrus 2.3.16. Its possible to disable referall to cyradm ? In 2.3.16, the getquotaroot command was referred if an administrator issued the command, even if mailbox referrals were disabled. As of 2.4.0, getquotaroot is proxied if the mailbox is remote, regardless of who issues the command or whether mailbox referrals are enabled. This is more correct, IMO. Here's the commit: http://git.cyrusimap.org/cyrus-imapd/commit/?id=9177afa1f1ab80da5334b2318e2c8f62362c361f http://git.cyrusimap.org/cyrus-imapd/commit/?id=06979236d2319ad586208c554a53aed7c50dc5e5 In 2.3.16, your admin station was most like connecting directly to the appropriate backend. I expect the behavior you're seeing in 2.4.x is related to your network configuration. I suggest tracing the imapd on the 2.4.x frontend to see what it's doing wrong. Perhaps it's attempting to connect from the wrong interface? :wes Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: cyradm and allowing only encrypted passwords with 2.3.16?
On 04 Oct 2010, at 01:09, Patrick Goetz wrote: I was having problems making Cyrus 2.2.x work with only encrypted passwords. Setting allowplaintext: no in imapd.conf prevents plain text logins, but then cyradm stops working: ibis:~etc$ cyradm localhost Login disabled. cyradm: cannot authenticate to server as pgoetz I thought this was fixed in 2.3.x, but apparently not. I'm having exactly the same problem. If I set allowplaintext: no, then cyradm stops working as described above. TLS isn't available to Cyrus::IMAP pre 2.3.2. I expect it's a bug. Perhaps it's similar to the problems in the C code, e.g., comparing available offered authN mechanisms, calling starttls, re-retriving available mechanisms, etc. :wes Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
cyradm and allowing only encrypted passwords with 2.3.16?
I was having problems making Cyrus 2.2.x work with only encrypted passwords. Setting allowplaintext: no in imapd.conf prevents plain text logins, but then cyradm stops working: ibis:~etc$ cyradm localhost Login disabled. cyradm: cannot authenticate to server as pgoetz I thought this was fixed in 2.3.x, but apparently not. I'm having exactly the same problem. If I set allowplaintext: no, then cyradm stops working as described above. Any thoughts on this? Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: cyradm and allowing only encrypted passwords with 2.3.16?
On 10/04/2010 08:41 AM, Wesley Craig wrote: TLS isn't available to Cyrus::IMAP pre 2.3.2. I expect it's a bug. Sorry,I didn't specifically say that I'm using the latest release, 2.3.16. I find cyradm to be very convenient to use for smaller sites, but is this essentially a dead tool and I need to be rolling my own administrative tools? Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: cyradm and allowing only encrypted passwords with 2.3.16?
On 04/10/10 09:26 -0500, Patrick Goetz wrote: On 10/04/2010 08:41 AM, Wesley Craig wrote: TLS isn't available to Cyrus::IMAP pre 2.3.2. I expect it's a bug. Sorry,I didn't specifically say that I'm using the latest release, 2.3.16. I find cyradm to be very convenient to use for smaller sites, but is this essentially a dead tool and I need to be rolling my own administrative tools? You can connect via a non plaintext mechanism, like digest-md5. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: cyradm and allowing only encrypted passwords with 2.3.16?
On 04 Oct 2010, at 10:26, Patrick Goetz wrote: Sorry,I didn't specifically say that I'm using the latest release, 2.3.16. I understood that, tho I did notice you pasted the 2.2.x error, not the 2.3.x error. I find cyradm to be very convenient to use for smaller sites, but is this essentially a dead tool and I need to be rolling my own administrative tools? Not at all. Most very large sites do roll their own tools, I find, but only because they are integrating with a lot of non-cyrus automation. Even in sites with heavy automation, cyradm is still used for troubleshooting and the like. Why would you suppose it's a dead tool? Because it has a bug? :wes Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: cyradm and allowing only encrypted passwords with 2.3.16?
On 10/04/2010 11:07 AM, Dan White wrote: You can connect via a non plaintext mechanism, like digest-md5. This seems like a straightforward case of RTFM, but how does one determine the auth mechanism? I'm using saslauthd, pam, and have a self-signed certificate (which I know works): - ibis:~~$ cyradm --auth digest-md5 --tlskey /etc/ssl/private/ssl-cert-mail.internetbs.com.key localhost [ unable to get certificate from '/etc/ssl/private/ssl-cert-mail.internetbs.com.key' ] [ TLS engine: cannot load cert/key data, might be a cert/key mismatch] [ TLS engine failed ] ^C ibis:~~$ ibis:~ssl$ sudo ls -l /etc/ssl/private total 8 -rw-r- 1 root ssl-cert 887 2009-09-13 14:02 ssl-cert-mail.internetbs.com.key -rw-r- 1 root ssl-cert 887 2010-04-11 14:00 ssl-cert-snakeoil.key ibis:~ssl$ groups cyrus cyrus : mail sasl ssl-cert Maybe the problem is I'm still not 100% clear on how SASL works. I have saslauthd running with MECHANISMS=pam OPTIONS=-c -m /var/run/saslauthd However, there's no sasl pam.d config file -- presumably SASL somehow uses /etc/pam.d/imap /etc/pam.d/lmtp ??? I don't have lmtp running in a chroot jail, which is how I can get away with this. smtp does run in a chroot jail, but has it's own saslauthd with OPTIONS=-c -m /var/spool/postfix/var/run/saslauthd I don't remember anyone mentioning this possibility (running multiple saslauthd daemons) in any howto; most people seem to jump through inordinate hoops to get all other programs to use the sasl socket in the smtp chroot jail, which seems to unnecessarily complicate things. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: cyradm and allowing only encrypted passwords with 2.3.16?
On 10/04/2010 11:41 AM, Wesley Craig wrote: I understood that, tho I did notice you pasted the 2.2.x error, not the 2.3.x error. Nope, this is precisely the error I'm getting on my 2.3.16 install: ibis:~~$ dpkg -l | grep cyrus-common ii cyrus-common-2.32.3.16-1 Cyrus mail system - common files ibis:~~$ cyradm localhost Login disabled. cyradm: cannot authenticate to server as pgoetz ibis:~~$ Why would you suppose it's a dead tool? Because it has a bug? I'm just asking because it's not working for me when I disable plain text authentication. :) See my previous message for efforts to use cyradm [--auth mechanism] [--tlskey keyfile] flags to get around this. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: cyradm and allowing only encrypted passwords with 2.3.16?
On Mon, 4 Oct 2010, Patrick Goetz wrote: On 10/04/2010 08:41 AM, Wesley Craig wrote: TLS isn't available to Cyrus::IMAP pre 2.3.2. I expect it's a bug. Sorry,I didn't specifically say that I'm using the latest release, 2.3.16. I find cyradm to be very convenient to use for smaller sites, but is this essentially a dead tool and I need to be rolling my own administrative tools? We have some of our own scripts we use, of course, but cyradm works fine for me with TLS: cyrus-be4:~# cyradm --user cyrus --tlskey '' localhost verify error:num=19:self signed certificate in certificate chain Password: localhost This is Cyrus 2.3.16. Andy Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: cyradm and allowing only encrypted passwords with 2.3.16?
On 10/04/2010 12:29 PM, Andrew Morgan wrote: cyrus-be4:~# cyradm --user cyrus --tlskey '' localhost That did it! The trick is to use --tlskey with an empty field as demonstrated above. Who knew? -- ibis:~~$ cyradm --user pgoetz --tlskey '' localhost verify error:num=18:self signed certificate Password: localhost -- Thanks for your help with this. The next question is how anyone would have figured this out without help from this list.. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: cyradm and allowing only encrypted passwords with 2.3.16?
On Mon, 4 Oct 2010, Patrick Goetz wrote: On 10/04/2010 12:29 PM, Andrew Morgan wrote: cyrus-be4:~# cyradm --user cyrus --tlskey '' localhost That did it! The trick is to use --tlskey with an empty field as demonstrated above. Who knew? -- ibis:~~$ cyradm --user pgoetz --tlskey '' localhost verify error:num=18:self signed certificate Password: localhost -- Thanks for your help with this. The next question is how anyone would have figured this out without help from this list.. I took it from the help for imtest: -t file : Enable TLS. file has the TLS public and private keys (specify to not use TLS for authentication) Not exactly obvious! :) Andy Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: cyradm and allowing only encrypted passwords with 2.3.16?
On 04/10/10 11:51 -0500, Patrick Goetz wrote: On 10/04/2010 11:07 AM, Dan White wrote: You can connect via a non plaintext mechanism, like digest-md5. This seems like a straightforward case of RTFM, but how does one determine the auth mechanism? I'm using saslauthd, pam, and have a self-signed certificate (which I know works): saslauthd does not support shared secret mechanisms (you'd need to use an auxprop plugin to do so). with cyradm, you'd choose the mechanism with the '--auth' option. See: http://www.cyrusimap.org/docs/cyrus-sasl/2.1.23/sysadmin.php for details. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: cyradm and allowing only encrypted passwords with 2.3.16?
On 04 Oct 2010, at 13:37, Patrick Goetz wrote: On 10/04/2010 12:29 PM, Andrew Morgan wrote: cyrus-be4:~# cyradm --user cyrus --tlskey '' localhost That did it! The trick is to use --tlskey with an empty field as demonstrated above. Who knew? That's a bug, please report it. It ought to notice that there are no auth mechs in common, implicitly try TLS, and look again for common auth mechs. That it doesn't is a flaw, not an undocumented feature. :wes Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
cyradm lm wildcard and the @ sign
Hi people, I'm looking for a way to list all mailboxes for a given domain, i.e. in cyradm: lm *...@example.com* This does not return anything. lm *example.com* does though. It appears the @ sign screws up the wildcard matching. But what I really really need is the ability to list the mailboxes of a given user, i.e.: lm user.j...@example.com* but this does not work. Is there any workaround or fix? My environment is Ubuntu 9.10 (Karmic) with Cyrus 2.2. -- All pointers appreciated, Berend de Boer Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyradm lm wildcard and the @ sign
On Wed, May 12, 2010 at 3:34 PM, Berend de Boer ber...@pobox.com wrote: Hi people, I'm looking for a way to list all mailboxes for a given domain, i.e. in cyradm: lm *...@example.com* This does not return anything. lm *example.com* does though. It appears the @ sign screws up the wildcard matching. But what I really really need is the ability to list the mailboxes of a given user, i.e.: lm user.j...@example.com* but this does not work. Is there any workaround or fix? Maybe the authenticated user isn't global admin. -- Reinaldo de Carvalho http://korreio.sf.net http://python-cyrus.sf.net Don't try to adapt the software to the way you work, but rather yourself to the way the software works (myself) Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyradm lm wildcard and the @ sign
Reinaldo == Reinaldo de Carvalho reinal...@gmail.com writes: I'm looking for a way to list all mailboxes for a given domain, i.e. in cyradm: lm *...@example.com* This does not return anything. lm *example.com* does though. It appears the @ sign screws up the wildcard matching. Maybe the authenticated user isn't global admin. Clearly I can get the mailboxes to list if I don't use the @ sign so doesn't that indicate I am indeed the global admin? The user I'm logged in at can change the acl on all mailboxes for example, so that indicates to me it is a global admin as wel. -- Cheers, Berend de Boer Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyradm lm wildcard and the @ sign
On Wed, May 12, 2010 at 4:04 PM, Berend de Boer ber...@pobox.com wrote: Clearly I can get the mailboxes to list if I don't use the @ sign so doesn't that indicate I am indeed the global admin? The user I'm logged in at can change the acl on all mailboxes for example, so that indicates to me it is a global admin as wel. I agree. Try: # all mailboxes $ nc server 143 * OK maindeua Cyrus IMAP4 [...] server ready . LOGIN admin password . OK User logged in . LIST * *...@example.com # user top folders $ nc server 143 * OK maindeua Cyrus IMAP4 [...] server ready . LOGIN admin password . OK User logged in . LIST * user/%...@example.com -- Reinaldo de Carvalho http://korreio.sf.net http://python-cyrus.sf.net Don't try to adapt the software to the way you work, but rather yourself to the way the software works (myself) Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html