Re: django-cyradm

[Jesper Schmitz Mouridsen via Info-cyrus]

On 12.12.2019 21.26, Niels Dettenbach wrote:

Am Donnerstag, 12. Dezember 2019, 21:06:46 CET schrieb Jesper Schmitz
Mouridsen via Info-cyrus:

It has self service support. The system has 3 roles "admin","domain
admin" and "account user".

If you are interested take a look at

sounds very interesting - i planned to write a similiar open source product
(after the very flexible web-cyradm was very outdated) - but with exim /
pam_mysql (should be similiar) and reserved some spare time over christmas
and january for it...

After planning with django years ago, my current plan was to use flask or
similiar more light, because installation of django (compared to the old LAMP
based web-cyradm) is more difficult for many users / impossible in some typical
mass hosting environments and easier to maintain in regards of security over
longer timespan (django typically needs security updates several times a year
from what i experienced with it in other projects). And with flask it is (at
least by my intention so far...) more easy to use it on i.e. embedded
hardware or "small email servers" with a DevOps like software / "firmware"
management.

I very like the very intelligent (because it allows very flexible email configs
as MTA integrations) database design of web_cyradm. While i've not found a
way to easily "reuse" that existing database structure (or "rebuilt" it with
the django DB subsystem) in flask is has to be done by hand - so "no prob" at
this edge for me.

But will definitely check it - and (if interested) contribute (where it may
makes sense). it may possibly still is a nice base or working solution for
what i'm looking for (saving me time to write something complete byself) and
if flask or so is still an option, the similiar concept should allow to
"reuse" at least the more fiddely python code from a django project.

is there any public "main" repo of the project?

https://github.com/jsm222/django-cyradm/


many thanks for your time and posting,



niels.


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: django-cyradm

[Niels Dettenbach via Info-cyrus]

Am Donnerstag, 12. Dezember 2019, 21:06:46 CET schrieb Jesper Schmitz 
Mouridsen via Info-cyrus:
> It has self service support. The system has 3 roles "admin","domain
> admin" and "account user".
> 
> If you are interested take a look at
sounds very interesting - i planned to write a similiar open source product 
(after the very flexible web-cyradm was very outdated) - but with exim / 
pam_mysql (should be similiar) and reserved some spare time over christmas 
and january for it...

After planning with django years ago, my current plan was to use flask or 
similiar more light, because installation of django (compared to the old LAMP 
based web-cyradm) is more difficult for many users / impossible in some typical 
mass hosting environments and easier to maintain in regards of security over 
longer timespan (django typically needs security updates several times a year 
from what i experienced with it in other projects). And with flask it is (at 
least by my intention so far...) more easy to use it on i.e. embedded 
hardware or "small email servers" with a DevOps like software / "firmware" 
management.

I very like the very intelligent (because it allows very flexible email configs 
as MTA integrations) database design of web_cyradm. While i've not found a 
way to easily "reuse" that existing database structure (or "rebuilt" it with 
the django DB subsystem) in flask is has to be done by hand - so "no prob" at 
this edge for me.

But will definitely check it - and (if interested) contribute (where it may 
makes sense). it may possibly still is a nice base or working solution for 
what i'm looking for (saving me time to write something complete byself) and 
if flask or so is still an option, the similiar concept should allow to 
"reuse" at least the more fiddely python code from a django project.

is there any public "main" repo of the project?



many thanks for your time and posting,



niels.
-- 
 ---
 Niels Dettenbach
 Syndicat IT & Internet
 http://www.syndicat.com
 PGP: https://syndicat.com/pub_key.asc
 ---
 





signature.asc
Description: This is a digitally signed message part.

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

django-cyradm

[Jesper Schmitz Mouridsen via Info-cyrus]

Hi cyrus list.

(This email contains self promotion of a cyrus/imap related piece of 
software..)


I wrote some years ago (and recently updated) a small django application 
for cyrus and postfix,


with database lookup tables.

It has self service support. The system has 3 roles "admin","domain 
admin" and "account user".


If you are interested take a look at

https://djcyradm.schmitz.computer

Kind regards

Jesper Schmitz Mouridsen



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyradm and TLS 1.2

[John Wade]

Thanks!  You have the more correct fix:

From: https://www.openssl.org/docs/man1.1.0/man3/TLSv1_client_method.html

"TLS_method(), TLS_server_method(), TLS_client_method()
These are the general-purpose version-flexible SSL/TLS methods. The 
actual protocol version used will be negotiated to the highest version 
mutually supported by the client and the server. The supported protocols 
are SSLv3, TLSv1, TLSv1.1 and TLSv1.2. Applications should use these 
methods, and avoid the version-specific methods described below."


Thanks,
John


On 10/15/2019 6:04 PM, ellie timoney wrote:


**
CAUTION: EXTERNAL MAIL
**

Thanks for reporting back.  For whatever its worth, the equivalent fix 
on 2.5+ uses "TLS_client_method()", not "TLSv1_2_client_method()". 
 I'm not sure what difference it makes, but maybe it requires a newer 
OpenSSL than you have?


Here's the commit to master, fyi: 
https://github.com/cyrusimap/cyrus-imapd/commit/78f79ea53238c8596e2f8602b7b1e29a16863ae9


On Tue, Oct 15, 2019, at 7:43 AM, John Widera wrote:


Turns out imclient (at least in the latest RHEL7 pkg) is hardcoded to 
use TLSv1.  Since we're building binary RPMs from Source RPMs anyway 
we modified imclient.c, rebuilt the RPMs, reinstalled the 
cyrus-imapd-utils package:  Here's the patch we used:


**

*--- imclient.c.orig 2012-12-01 13:57:54.0 -0600*
*+++ imclient.c 2019-10-03 14:40:11.254566297 -0500*
*@@ -1695,7 +1695,7 @@*
*return -1;*
*}*
*- imclient->tls_ctx = SSL_CTX_new(TLSv1_client_method());*
*+ imclient->tls_ctx = SSL_CTX_new(TLSv1_2_client_method());*
*if (imclient->tls_ctx == NULL) {*
*return -1;*
*};*

---

Maybe this helps someone else.

Regards,





Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyradm and TLS 1.2

[ellie timoney]

Thanks for reporting back. For whatever its worth, the equivalent fix on 2.5+ 
uses "TLS_client_method()", not "TLSv1_2_client_method()". I'm not sure what 
difference it makes, but maybe it requires a newer OpenSSL than you have?

Here's the commit to master, fyi: 
https://github.com/cyrusimap/cyrus-imapd/commit/78f79ea53238c8596e2f8602b7b1e29a16863ae9

On Tue, Oct 15, 2019, at 7:43 AM, John Widera wrote:
> Turns out imclient (at least in the latest RHEL7 pkg) is hardcoded to use 
> TLSv1. Since we're building binary RPMs from Source RPMs anyway we modified 
> imclient.c, rebuilt the RPMs, reinstalled the cyrus-imapd-utils package: 
> Here's the patch we used:

> **


> *--- imclient.c.orig 2012-12-01 13:57:54.0 -0600*
> *+++ imclient.c 2019-10-03 14:40:11.254566297 -0500*
> *@@ -1695,7 +1695,7 @@*
> *return -1;*
> *}*


> *- imclient->tls_ctx = SSL_CTX_new(TLSv1_client_method());*
> *+ imclient->tls_ctx = SSL_CTX_new(TLSv1_2_client_method());*
> *if (imclient->tls_ctx == NULL) {*
> *return -1;*
> *};*

> ---

> Maybe this helps someone else.

> Regards,


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyradm and TLS 1.2

[John Widera]

Turns out imclient (at least in the latest RHEL7 pkg) is hardcoded to
use TLSv1.  Since we're building binary RPMs from Source RPMs anyway we
modified imclient.c, rebuilt the RPMs, reinstalled the cyrus-imapd-utils
package:  Here's the patch we used: 

 

--- IMCLIENT.C.ORIG 2012-12-01 13:57:54.0 -0600
+++ IMCLIENT.C 2019-10-03 14:40:11.254566297 -0500
@@ -1695,7 +1695,7 @@
RETURN -1;
} 

- IMCLIENT->TLS_CTX = SSL_CTX_NEW(TLSV1_CLIENT_METHOD());
+ IMCLIENT->TLS_CTX = SSL_CTX_NEW(TLSV1_2_CLIENT_METHOD());
IF (IMCLIENT->TLS_CTX == NULL) {
RETURN -1;
}; 

--- 

Maybe this helps someone else. 

Regards,

> Hi All, 
> 
> We're hoping to find some help on the list... 
> 
> We are running Cyrus-IMAP on RHEL7, using an RPM pkg 
> (CYRUS-IMAPD-2.4.17-13.EL7) built from the Red Hat SRC RPM.  We also have 
> SASL, Utils, devel etc pkgs all from RH. 
> 
> Now we're looking to finally move Cyrus completely off insecure TLS versions. 
>  But now there is a lingering issue... 
> 
> We removed tls1_0 from impad.conf, and the CYRADM shell stopped working.  We 
> can no longer connect at all: 
> 
> CYRADM -U CYRUS 
> [ SSL_CONNECT ERROR -1 ]
> [ SSL SESSION REMOVED ]
> [ TLS NEGOTIATION DID NOT SUCCEED ]
> CYRADM: CANNOT AUTHENTICATE TO SERVER WITH AS CYRUS 
> 
> CYRADM -U CYRUS --NOTLS 
> [ SSL_CONNECT ERROR -1 ]
> [ SSL SESSION REMOVED ]
> [ TLS NEGOTIATION DID NOT SUCCEED ]
> CYRADM: CANNOT AUTHENTICATE TO SERVER WITH AS CYRUS 
> 
> The presumption is (as cyradm is just a wrapper script) any PERL scripts 
> calling Cyrus::IMAP::Admin over a STARTTLS connection could likewise be 
> broken (?) if we block TLS 1.0.  
> 
> cyradm is using TLSv1 per maillog: 
> 
> IMAPS[14096]: STARTTLS: TLSV1 WITH CIPHER  
> 
> Our MAN page for cyradm shows a "--notls" option, which does not work/changes 
> nothing.  Oddly, the cyradm HELP FLAG does NOT show this option, yet cyradm 
> doesn't bark when it's passed: 
> 
> USAGE: CYRADM [ARGS] SERVER
> --USER  CONNECT AS  (AUTHENTICATION NAME)
> --AUTHZ  AUTHORIZE AS 
> --[NO]RC (DO NOT) LOAD THE CONFIGURATION FILES
> --SYSTEMRC  USE SYSTEM-WIDE CONFIGURATION 
> --USERRC  USE USER CONFIGURATION 
> --PORT  CONNECT TO SERVER ON 
> --AUTH  AUTHENTICATE WITH  
> 
> A web search reveals the MAN page for cyradm in Cyrus v.3, and it shows NOTLS 
> as an option to AUTHENTICATE, after a server connection is made, so its 
> unclear to me what's going on... 
> 
> Does anyone have cyradm working with TLS1.2? 
> 
> Regards & THANKS in advance for any assistance or suggestions offered. 
> 
> -- 
> John 
> 
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

cyradm and TLS 1.2

[John Widera]

Hi All, 

We're hoping to find some help on the list... 

We are running Cyrus-IMAP on RHEL7, using an RPM pkg
(CYRUS-IMAPD-2.4.17-13.EL7) built from the Red Hat SRC RPM.  We also
have SASL, Utils, devel etc pkgs all from RH. 

Now we're looking to finally move Cyrus completely off insecure TLS
versions.  But now there is a lingering issue... 

We removed tls1_0 from impad.conf, and the CYRADM shell stopped working.
 We can no longer connect at all: 

CYRADM -U CYRUS 
[ SSL_CONNECT ERROR -1 ]
[ SSL SESSION REMOVED ]
[ TLS NEGOTIATION DID NOT SUCCEED ]
CYRADM: CANNOT AUTHENTICATE TO SERVER WITH AS CYRUS 

CYRADM -U CYRUS --NOTLS 
[ SSL_CONNECT ERROR -1 ]
[ SSL SESSION REMOVED ]
[ TLS NEGOTIATION DID NOT SUCCEED ]
CYRADM: CANNOT AUTHENTICATE TO SERVER WITH AS CYRUS 

The presumption is (as cyradm is just a wrapper script) any PERL scripts
calling Cyrus::IMAP::Admin over a STARTTLS connection could likewise be
broken (?) if we block TLS 1.0.  

cyradm is using TLSv1 per maillog: 

IMAPS[14096]: STARTTLS: TLSV1 WITH CIPHER  

Our MAN page for cyradm shows a "--notls" option, which does not
work/changes nothing.  Oddly, the cyradm HELP FLAG does NOT show this
option, yet cyradm doesn't bark when it's passed: 

USAGE: CYRADM [ARGS] SERVER
 --USER  CONNECT AS  (AUTHENTICATION NAME)
 --AUTHZ  AUTHORIZE AS 
 --[NO]RC (DO NOT) LOAD THE CONFIGURATION FILES
 --SYSTEMRC  USE SYSTEM-WIDE CONFIGURATION 
 --USERRC  USE USER CONFIGURATION 
 --PORT  CONNECT TO SERVER ON 
 --AUTH  AUTHENTICATE WITH  

A web search reveals the MAN page for cyradm in Cyrus v.3, and it shows
NOTLS as an option to AUTHENTICATE, after a server connection is made,
so its unclear to me what's going on... 

Does anyone have cyradm working with TLS1.2? 

Regards & THANKS in advance for any assistance or suggestions offered. 

-- 
John
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyradm | Duplicate specification

[Ismaël Tanguy]

Thanks Ellie,

https://github.com/cyrusimap/cyrus-imapd/issues/2747


--

Ismaël


Le 26/04/2019 à 10:11, ellie timoney a écrit :

Hi Ismaël,

Which version of perl are you running? (`perl --version` will tell 
you)  A fairly newish one, I guess?


The cyradm tools were written using a quite old version of perl, which 
didn't produce a lot of warnings.  I expect it's working fine, but 
your newer perl version is producing warnings that the older versions 
did not.


It would be good to fix up a lot of this cruft -- do you want to raise 
an issue on https://github.com/cyrusimap/cyrus-imapd/issues and 
include the details from your email and your perl version?  I can't 
promise it'll get looked at quickly, but at least it won't get 
forgotten. :)


Cheers,

ellie

On Thu, Apr 25, 2019, at 5:49 AM, Ismaël Tanguy wrote:


Hello,

I've got this error after connecting to cyrus with cyradm (as root or 
cyrus user):


# cyradm -u cyrus localhost
Variable "$cyrref" will not stay shared at 
/usr/lib64/perl5/vendor_perl/Cyrus/IMAP/Shell.pm line 724.
Variable "$lfh" will not stay shared at 
/usr/lib64/perl5/vendor_perl/Cyrus/IMAP/Shell.pm line 726.
Duplicate specification "server|s=s" for option "s"


I can make operation on mailbox (lam, sam, xfer, ..), everything 
seems to work fine but I'm not confident to put that in production..


Cyrus version is 3.08 installed with rpm on Centos7.

I've build the rpms, so maybe I've made mistake at this step.

cyrus was build like that :

# cyr_buildinfo
{
   "component": {
     "event_notification": true,
     "gssapi": true,
     "autocreate": true,
     "idled": true,
     "httpd": true,
     "kerberos_v4": false,
     "murder": true,
     "nntpd": true,
     "replication": true,
     "sieve": true,
     "calalarmd": true,
     "objectstore": false,
     "backup": true
   },
   "dependency": {
     "ldap": true,
     "openssl": true,
     "pcre": true,
     "clamav": true
   },
   "database": {
     "mysql": false,
     "pgsql": false,
     "sqlite": true,
     "lmdb": false
   },
   "search": {
     "squat": true,
     "sphinx": false,
     "xapian": false,
     "xapian_flavor": "none"
   },
   "hardware": {
     "sse42": true
   }
}

Thank you

---

Ismaël TANGUY


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus




Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyradm | Duplicate specification

[ellie timoney]

Hi Ismaël,

Which version of perl are you running? (`perl --version` will tell you) A 
fairly newish one, I guess?

The cyradm tools were written using a quite old version of perl, which didn't 
produce a lot of warnings. I expect it's working fine, but your newer perl 
version is producing warnings that the older versions did not.

It would be good to fix up a lot of this cruft -- do you want to raise an issue 
on https://github.com/cyrusimap/cyrus-imapd/issues and include the details from 
your email and your perl version? I can't promise it'll get looked at quickly, 
but at least it won't get forgotten. :)

Cheers,

ellie

On Thu, Apr 25, 2019, at 5:49 AM, Ismaël Tanguy wrote:
> Hello,

> I've got this error after connecting to cyrus with cyradm (as root or cyrus 
> user):

> # cyradm -u cyrus localhost
Variable "$cyrref" will not stay shared at 
/usr/lib64/perl5/vendor_perl/Cyrus/IMAP/Shell.pm line 724.
Variable "$lfh" will not stay shared at 
/usr/lib64/perl5/vendor_perl/Cyrus/IMAP/Shell.pm line 726.
Duplicate specification "server|s=s" for option "s"

> 
> I can make operation on mailbox (lam, sam, xfer, ..), everything seems to 
> work fine but I'm not confident to put that in production..

> Cyrus version is 3.08 installed with rpm on Centos7.

> I've build the rpms, so maybe I've made mistake at this step.

> cyrus was build like that :

> # cyr_buildinfo
{
  "component": {
    "event_notification": true,
    "gssapi": true,
    "autocreate": true,
    "idled": true,
    "httpd": true,
    "kerberos_v4": false,
    "murder": true,
    "nntpd": true,
    "replication": true,
    "sieve": true,
    "calalarmd": true,
    "objectstore": false,
    "backup": true
  },
  "dependency": {
    "ldap": true,
    "openssl": true,
    "pcre": true,
    "clamav": true
  },
  "database": {
    "mysql": false,
    "pgsql": false,
    "sqlite": true,
    "lmdb": false
  },
  "search": {
    "squat": true,
    "sphinx": false,
    "xapian": false,
    "xapian_flavor": "none"
  },
  "hardware": {
    "sse42": true
  }
}
> Thank you

> ---

> Ismaël TANGUY

> 
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

cyradm | Duplicate specification

[Ismaël Tanguy]

Hello,

I've got this error after connecting to cyrus with cyradm (as root or 
cyrus user):


# cyradm -u cyrus localhost
Variable "$cyrref" will not stay shared at 
/usr/lib64/perl5/vendor_perl/Cyrus/IMAP/Shell.pm line 724.
Variable "$lfh" will not stay shared at 
/usr/lib64/perl5/vendor_perl/Cyrus/IMAP/Shell.pm line 726.
Duplicate specification "server|s=s" for option "s"

I can make operation on mailbox (lam, sam, xfer, ..), everything seems 
to work fine but I'm not confident to put that in production..


Cyrus version is 3.08 installed with rpm on Centos7.

I've build the rpms, so maybe I've made mistake at this step.

cyrus was build like that :

# cyr_buildinfo
{
  "component": {
    "event_notification": true,
    "gssapi": true,
    "autocreate": true,
    "idled": true,
    "httpd": true,
    "kerberos_v4": false,
    "murder": true,
    "nntpd": true,
    "replication": true,
    "sieve": true,
    "calalarmd": true,
    "objectstore": false,
    "backup": true
  },
  "dependency": {
    "ldap": true,
    "openssl": true,
    "pcre": true,
    "clamav": true
  },
  "database": {
    "mysql": false,
    "pgsql": false,
    "sqlite": true,
    "lmdb": false
  },
  "search": {
    "squat": true,
    "sphinx": false,
    "xapian": false,
    "xapian_flavor": "none"
  },
  "hardware": {
    "sse42": true
  }
}

Thank you

---

Ismaël TANGUY


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Running a script with cyradm throwing ReadLine errors

[Binarus]

Dear ellie, > I did a bit of reading, and apparently Term::ReadLine is a
stub module that just loads "an implementation", which in your case
wants to be Term::ReadLine::Gnu.  My guess is that, when you uninstall
Term::ReadLine::Gnu, Term::ReadLine no longer successfully compiles
because it's missing an implementation, and consequently the fallback
code I pointed out previously is used instead.  So, from this I'm
concluding that the "correct setup" from above is adequate for the
Cyrus::IMAP::DummyReadline interface, but is not sufficient for a real
ReadLine implementation.  Sounds like we've found our bug!
the more I thought about it, the clearer it got. I do not think any more
that the *real* issue is which stub Term::ReadLine uses.

Different stubs might react differently when fed with undefined file
handles, but this is only a distracting secondary issue. The real
culprit is how the run function is implemented.

Let's consider the original code for that function again:

# trivial; wrapper for _run with correct setup
sub run {
  my $cyradm;
  _run(\$cyradm, [*STDIN, *STDOUT, *STDERR], *__DATA__);
}

How should *__DATA__ have become a handle to the desired file (which
should be executed) in any way? There is absolutely no parameter
parsing, and after having researched what special meaning __DATA__ has,
it became also clear that *__DATA__ isn't mysteriously assigned a
reasonable value before run() is called.

So I made some very trivial changes. The function now reads:

# trivial; wrapper for _run with correct setup
sub run {
  my ($cyradm, $fh);
  my $file = shift;
  defined $file || die "No filename given, aborting.\n";
  open($fh, $file) || die "Could not open file '$file', aborting.\n";
  _run(\$cyradm, [*STDIN, *STDOUT, *STDERR], $fh);
}

Now the whole thing works as expected, regardless of what stub modules
are installed for Term::ReadLine.

We could improve that code further; for example, it lacks a check if
there is the right number of parameters (additional parameters are
currently just ignored). Personally, I wouldn't need detailed checks; I
just want it to execute that script file, avoiding ugly error messages
from Perl itself relating to undefined values and so on.

At a first glance, I couldn't see how the new code could be incompatible
to the existing version. At least, there are no other calls to run() in
that module (only to _run() which I didn't alter). I am quite sure that
you have a bunch regression tests for all your modules, so let's see
what they reveal.

I am looking forward to your comments ...

Thank you very much again!

Regards,

Binarus

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Running a script with cyradm throwing ReadLine errors

[Binarus]

Dear ellie,

On 19.12.2018 01:38, ellie timoney wrote:

> I did a bit of reading, and apparently Term::ReadLine is a stub module that 
> just loads "an implementation", which in your case wants to be 
> Term::ReadLine::Gnu.  My guess is that, when you uninstall 
> Term::ReadLine::Gnu, Term::ReadLine no longer successfully compiles because 
> it's missing an implementation, and consequently the fallback code I pointed 
> out previously is used instead.  So, from this I'm concluding that the 
> "correct setup" from above is adequate for the Cyrus::IMAP::DummyReadline 
> interface, but is not sufficient for a real ReadLine implementation.  Sounds 
> like we've found our bug!

Some additional findings:

1) Cyrus::IMAP::DummyReadLine
-

Looking again at that code

# ugh.  ugh.  suck.  aieee.
my $use_rl = 'Cyrus::IMAP::DummyReadline';
{
  if (eval { require Term::ReadLine; }) {
$use_rl = 'Term::ReadLine';
  }
}

I believe that $use_rl *always* equals 'Term::ReadLine' after having
executed it. This is for the following reason: In newer Perl versions,
Term::ReadLine is a core module. Everybody has it installed. This means
that the require Term::ReadLine will always be successful.

I did a test to prove that. I uninstalled Term::ReadLine::Gnu again and
changed the code above to the following (note the last line):

# ugh.  ugh.  suck.  aieee.
my $use_rl = 'Cyrus::IMAP::DummyReadline';
{
  if (eval { require Term::ReadLine; }) {
$use_rl = 'Term::ReadLine';
  }
}
print $use_rl."\n";

As expected, perl -MCyrus::IMAP::Shell -e 'run("./000")' now prints

Term::ReadLine

as first line on the terminal. This was still the case (as expected
again) after reinstalling Term::ReadLine::Gnu.

*That means:*

Cyrus::IMAP::DummyReadLine is not related to the problem or its solution
in any way. It never gets pulled in, at least with recent Perl
distributions which have Term::ReadLine included [as a core module].

2) *__DATA__ variable / file handle
---

After having read the Perl docs about that mysterious __DATA__ variable
(see below), grep'ing the whole Perl module trees for the string
__DATA__, and analyzing the results, I came to the conclusion that the
*__DATA__ variable *never* is assigned any value during normal program
execution, meaning that _run() always is called with undef as its last
parameter.

As a proof, I have replaced the following code

# trivial; wrapper for _run with correct setup
sub run {
  my $cyradm;
  _run(\$cyradm, [*STDIN, *STDOUT, *STDERR], *__DATA__);
}

by

# trivial; wrapper for _run with correct setup
sub run {
  my $cyradm;
  print Dumper(${*Cyrus::IMAP::Shell::__DATA__})."\n";
  _run(\$cyradm, [*STDIN, *STDOUT, *STDERR], *__DATA__);
}

and have added use Data::Dumper at the beginning of the file.

Now, when executing perl -MCyrus::IMAP::Shell -e 'run("./000")', it printed

$VAR1 = undef;

as the first line on the terminal. This was the case whether
Term::ReadLine::Gnu was installed or not.

To further back that finding, I reverted my changes and then changed the
code again as follows (note the last parameter to _run()):

# trivial; wrapper for _run with correct setup
sub run {
  my $cyradm;
  _run(\$cyradm, [*STDIN, *STDOUT, *STDERR], undef);
}

This did not change the module's behavior compared to the original code.
While it now threw the errors described in my first post again (as
expected) when Term::ReadLine::Gnu was installed, it threw no errors
when it was not installed.

*That means:*

*__DATA__ (the third parameter to _run) is always undef, and this does
not lead to errors being thrown or the compilation / execution being
aborted as long as Term::ReadLine::Gnu is not installed, but makes
Term::ReadLine::Gnu (if it is installed) throw errors and abort the
compilation / execution of the script.

(Too) short explanation of the __DATA__ variable:

This is a predefined filehandle in Perl which could be used as follows.
Suppose you have a script:

package ...

[code here]

__DATA__
data value 1
data value 2
...

Then you can access the data values (i.e. all values which come behind
the __DATA__ statement) using the special filehandle [PACKAGE
NAME]::DATA (or __DATA__ as well?) from within the package code.

For details, see https://perldoc.perl.org/perldata.html#Special-Literals

Since there is no __DATA__ statement in any of Cyrus' Perl modules or in
modules they use, it is clear that the *__DATA__ filehandle is always
undef. To be honest, I can't understand why it is used. I originally
thought that it would be initialized by some other module (directly or
indirectly) which is used by Cyrus::IMAP::Shell, but my analysis showed
that it isn't (unless I have missed something, which might well be the
case).

3) No script execution at all
-

I have to apologize that I didn't mention this in my first post; the
re

Re: Running a script with cyradm throwing ReadLine errors

[Binarus]

Dear ellie,

On 19.12.2018 01:38, ellie timoney wrote:

>> Then I have replaced the following code in Cyrus::IMAP::Shell
> 
> That's very interesting.  Does the same modified code continue to work if you 
> uninstall Term::Readline::Gnu again?  That is to say, does the non-gnu 
> version break with that addition, or continue to work?

I have just done that test: Yes, the same modified code continues to
work even if Term::ReadLine::Gnu is uninstalled, i.e. my "patch" does
not break the non-gnu version.

>> In other words, I just have made sure that this mysterious *__DATA__
>> variable is reasonably defined in every case before _run is called.
> 
> I had a look in Shell.pm and found this comment near the top:
> 
>> # run(*FH|'FH')
>> #   read commands from the filehandle and pass to exec(); defaults to
>> #   __DATA__

I also had seen this comment, but couldn't make any sense from it.

> So maybe that explains where the expectation for __DATA__ is coming from... 
> so:
> 
>> # trivial; wrapper for _run with correct setup
> 
> I wonder if the "correct setup" is not correct enough!

There are many aspects I didn't understand yet. To me, it seems that
_run is called with a bunch of uninitialized parameters. For example,
where are $cyradm and *__DATA__ initialized? I am currently lacking the
time to do my homework (i.e. to completely understand how this is
supposed to work under normal circumstances), so I don't want to let
other persons waste their time for explaining it to me ...

However, despite the fact that I haven't grasped the overall concept
yet, there is obviously a bug with parsing the command line.

>> I have no idea why the "buggy" command line / argument parsing does not
>> strike when Term::ReadLine::Gnu is uninstalled; I haven't grasped yet
>> how *__DATA__ is supposed to be assigned a reasonable value to during
>> the normal course of execution. I currently can only speculate that
>> Term::ReadLine:: does this for us, while
>> Term::ReadLine::Gnu doesn't.
> 
> I did a bit of reading, and apparently Term::ReadLine is a stub module that 
> just loads "an implementation", which in your case wants to be 
> Term::ReadLine::Gnu.  My guess is that, when you uninstall 
> Term::ReadLine::Gnu, Term::ReadLine no longer successfully compiles because 
> it's missing an implementation, and consequently the fallback code I pointed 
> out previously is used instead.  So, from this I'm concluding that the 
> "correct setup" from above is adequate for the Cyrus::IMAP::DummyReadline 
> interface, but is not sufficient for a real ReadLine implementation.  Sounds 
> like we've found our bug!

I have come to a similar conclusion, and "not sufficient" in this case
probably means that *__DATA__ is not initialized (or assigned to)
correctly. I still have no idea which part of the program is responsible
to assign it the desired file descriptor under normal circumstances.

Possibly Cyrus::IMAP::DummyReadLine does initialize *__DATA__ correctly
(because that module knows who it belongs to :-) and what is needed
later), while Term::ReadLine::Gnu can't know about *__DATA__'s existence
at all. But this is just a completely uneducated guess.

> I'll have a bit of a play with it and see if I can find/fix the discrepancy 
> between the interfaces :)

I'll try to free some time and eventually have a look into
Cyrus::IMAP::DummyReadLine. I think we'll have to find out where
*__DATA__ is normally initialized, and move that initialization to
another place so that it happens regardless of the actual ReadLine "plugin".

> Cheers,

Again, thank you very much for all your help and your support!

Binarus


> ellie
> 
> On Wed, Dec 19, 2018, at 5:00 AM, Binarus wrote:
>> Dear ellie,
>>
>> On 17.12.2018 23:57, ellie timoney wrote:
>>> Hi Binarus,
>>>
>>>> Could anybody please tell me what I might do wrong here?
>>>
>>> This kind of smells like maybe your system has two versions of perl 
>>> installed (or two versions of Term::ReadLine, or maybe even two versions of 
>>> Cyrus::IMAP::Shell), and they're getting in each other's way?
>>>
>>> I'm having a quick glance at the (2.5.10) source of Cyrus::IMAP::Shell and 
>>> this caught my eye:
>>>
>>>> # ugh.  ugh.  suck.  aieee.
>>>> my $use_rl = 'Cyrus::IMAP::DummyReadline';
>>>> {
>>>>   if (eval { require Term::ReadLine; }) {
>>>> $use_rl = 'Term::ReadLine';
>>>>   }
>>>> }
>>
>> I have done some further investigations (very roughly because I don't
>> have the time at the moment). It seems that the code which pars

Re: Running a script with cyradm throwing ReadLine errors

[ellie timoney]

Hi Binarus,

> Then I have replaced the following code in Cyrus::IMAP::Shell

That's very interesting.  Does the same modified code continue to work if you 
uninstall Term::Readline::Gnu again?  That is to say, does the non-gnu version 
break with that addition, or continue to work?

> In other words, I just have made sure that this mysterious *__DATA__
> variable is reasonably defined in every case before _run is called.

I had a look in Shell.pm and found this comment near the top:

> # run(*FH|'FH')
> #   read commands from the filehandle and pass to exec(); defaults to
> #   __DATA__

So maybe that explains where the expectation for __DATA__ is coming from... so:

> # trivial; wrapper for _run with correct setup

I wonder if the "correct setup" is not correct enough!

> I have no idea why the "buggy" command line / argument parsing does not
> strike when Term::ReadLine::Gnu is uninstalled; I haven't grasped yet
> how *__DATA__ is supposed to be assigned a reasonable value to during
> the normal course of execution. I currently can only speculate that
> Term::ReadLine:: does this for us, while
> Term::ReadLine::Gnu doesn't.

I did a bit of reading, and apparently Term::ReadLine is a stub module that 
just loads "an implementation", which in your case wants to be 
Term::ReadLine::Gnu.  My guess is that, when you uninstall Term::ReadLine::Gnu, 
Term::ReadLine no longer successfully compiles because it's missing an 
implementation, and consequently the fallback code I pointed out previously is 
used instead.  So, from this I'm concluding that the "correct setup" from above 
is adequate for the Cyrus::IMAP::DummyReadline interface, but is not sufficient 
for a real ReadLine implementation.  Sounds like we've found our bug!

I'll have a bit of a play with it and see if I can find/fix the discrepancy 
between the interfaces :)

Cheers,

ellie

On Wed, Dec 19, 2018, at 5:00 AM, Binarus wrote:
> Dear ellie,
> 
> On 17.12.2018 23:57, ellie timoney wrote:
> > Hi Binarus,
> > 
> >> Could anybody please tell me what I might do wrong here?
> > 
> > This kind of smells like maybe your system has two versions of perl 
> > installed (or two versions of Term::ReadLine, or maybe even two versions of 
> > Cyrus::IMAP::Shell), and they're getting in each other's way?
> > 
> > I'm having a quick glance at the (2.5.10) source of Cyrus::IMAP::Shell and 
> > this caught my eye:
> > 
> >> # ugh.  ugh.  suck.  aieee.
> >> my $use_rl = 'Cyrus::IMAP::DummyReadline';
> >> {
> >>   if (eval { require Term::ReadLine; }) {
> >> $use_rl = 'Term::ReadLine';
> >>   }
> >> }
> 
> I have done some further investigations (very roughly because I don't
> have the time at the moment). It seems that the code which parses the
> command line and the run parameters in Cyrus::IMAP::Shell is buggy (or
> at least not prepared to handle Term::ReadLine::Gnu).
> 
> As a proof, I have reinstalled Term::ReadLine:Gnu and verified that the
> problem was showing again.
> 
> Then I have replaced the following code in Cyrus::IMAP::Shell
> 
> # trivial; wrapper for _run with correct setup
> sub run {
>   my $cyradm;
>   _run(\$cyradm, [*STDIN, *STDOUT, *STDERR], *__DATA__);
> }
> 
> by the following code:
> 
> # trivial; wrapper for _run with correct setup
> sub run {
>   my $cyradm;
> open(*__DATA__, "./000");
>   _run(\$cyradm, [*STDIN, *STDOUT, *STDERR], *__DATA__);
> }
> 
> In other words, I just have made sure that this mysterious *__DATA__
> variable is reasonably defined in every case before _run is called.
> 
> Now the command
> 
> perl -MCyrus::IMAP::Shell -e 'run("000")'
> 
> executed without any error message.
> 
> To verify that the script worked as intended, I added a few lines to it:
> 
> connect -noauthenticate localhost
> auth cyrus
> lm
> 
> When run as shown above, it did exactly what it was supposed to. It
> asked for the password and then listed all mailboxes and their subfolders.
> 
> So now I have at least a system where I can have Term::ReadLine::Gnu
> installed (and thus can have a history and command editing capabilities
> in cyradm) _and_ can execute a script, although the script's filename is
> hardcoded.
> 
> Probably it would be absolutely trivial for the authors of
> Cyrus::IMAP::Shell to fix this issue. It would be very nice if somebody
> could care about it. Perhaps it's already fixed in the newer versions? I
> am still on 2.5.10.
> 
> I have no idea why the "buggy" command line / argument parsing does not
> strike when Term::ReadLine::Gnu is uninstalled; I haven't grasped yet
> how *__DATA__ is sup

Re: Running a script with cyradm throwing ReadLine errors

[Binarus]

Dear ellie,

On 17.12.2018 23:57, ellie timoney wrote:
> Hi Binarus,
> 
>> Could anybody please tell me what I might do wrong here?
> 
> This kind of smells like maybe your system has two versions of perl installed 
> (or two versions of Term::ReadLine, or maybe even two versions of 
> Cyrus::IMAP::Shell), and they're getting in each other's way?
> 
> I'm having a quick glance at the (2.5.10) source of Cyrus::IMAP::Shell and 
> this caught my eye:
> 
>> # ugh.  ugh.  suck.  aieee.
>> my $use_rl = 'Cyrus::IMAP::DummyReadline';
>> {
>>   if (eval { require Term::ReadLine; }) {
>> $use_rl = 'Term::ReadLine';
>>   }
>> }

I have done some further investigations (very roughly because I don't
have the time at the moment). It seems that the code which parses the
command line and the run parameters in Cyrus::IMAP::Shell is buggy (or
at least not prepared to handle Term::ReadLine::Gnu).

As a proof, I have reinstalled Term::ReadLine:Gnu and verified that the
problem was showing again.

Then I have replaced the following code in Cyrus::IMAP::Shell

# trivial; wrapper for _run with correct setup
sub run {
  my $cyradm;
  _run(\$cyradm, [*STDIN, *STDOUT, *STDERR], *__DATA__);
}

by the following code:

# trivial; wrapper for _run with correct setup
sub run {
  my $cyradm;
open(*__DATA__, "./000");
  _run(\$cyradm, [*STDIN, *STDOUT, *STDERR], *__DATA__);
}

In other words, I just have made sure that this mysterious *__DATA__
variable is reasonably defined in every case before _run is called.

Now the command

perl -MCyrus::IMAP::Shell -e 'run("000")'

executed without any error message.

To verify that the script worked as intended, I added a few lines to it:

connect -noauthenticate localhost
auth cyrus
lm

When run as shown above, it did exactly what it was supposed to. It
asked for the password and then listed all mailboxes and their subfolders.

So now I have at least a system where I can have Term::ReadLine::Gnu
installed (and thus can have a history and command editing capabilities
in cyradm) _and_ can execute a script, although the script's filename is
hardcoded.

Probably it would be absolutely trivial for the authors of
Cyrus::IMAP::Shell to fix this issue. It would be very nice if somebody
could care about it. Perhaps it's already fixed in the newer versions? I
am still on 2.5.10.

I have no idea why the "buggy" command line / argument parsing does not
strike when Term::ReadLine::Gnu is uninstalled; I haven't grasped yet
how *__DATA__ is supposed to be assigned a reasonable value to during
the normal course of execution. I currently can only speculate that
Term::ReadLine:: does this for us, while
Term::ReadLine::Gnu doesn't.

Regards,

Binarus

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Running a script with cyradm throwing ReadLine errors

[Binarus]

Dear ellie,

thank you very much for your help!

On 17.12.2018 23:57, ellie timoney wrote:
> Hi Binarus,
> 
>> Could anybody please tell me what I might do wrong here?
> 
> This kind of smells like maybe your system has two versions of perl installed 
> (or two versions of Term::ReadLine, or maybe even two versions of 
> Cyrus::IMAP::Shell), and they're getting in each other's way?

Since this is a fresh installation of Debian stretch, and since I didn't
compile or install anything by hand yet, and since the Debian package
management is usually very reliable, I am quite sure that this is not
the problem.

> Which... fills me with confidence.  Looks like a workaround for missing 
> (broken?) Term::Readline but that comment isn't super enlightening.  I wonder 
> if it will Just Work if you uninstall Term::Readline?

This idea is very interesting, and you are absolutely right!

While I didn't want to remove Term::ReadLine itself (because it is a
core module and the usual module uninstall tools have difficulties with
uninstalling it), I removed Term::ReadLine:Gnu (which I had additionally
installed) instead. This made the error go away, and it seems that I can
execute scripts now.

So you have provided the solution and solved the problem.

However, there is a downside. I am using cyradm quite often, mainly for
setting permissions in a large shared folder (i.e. public) hierarchy.
For this reason, I really need the nice feature which bash and many
sorts of other shells provide: Hit the "Cursor-Up" key and have the
shell repeat the previous command; the ability to edit the command line
is often associated with this.

Obviously, we can't have this feature in cyradm when only Term::ReadLine
is installed. When this is the case, I even can't use "Cursor-Left" or
"Cursor-Right" keys because they only produce weird character sequences
instead of moving the cursor.

This was the reason why I installed Term::ReadLine::Gnu in addition to
Term::ReadLine. When Term::ReadLine:Gnu is installed, the command
history feature in cyradm works as expected, and I can edit the command
line (including using cursor keys) in a reasonable manner.

Now it looks that I can either run scripts with cyradm _or_ can have its
command line history and editing, but not both features at the same
time. I think I could live with that, but of course I would be grateful
if somebody would share a method to enable both features.

Perhaps there is another module which I could use as a replacement for
Term::ReadLine::Gnu and which does not break scripting?

Thank you very much again,

Binarus

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Running a script with cyradm throwing ReadLine errors

[ellie timoney]

Hi Binarus,

> Could anybody please tell me what I might do wrong here?

This kind of smells like maybe your system has two versions of perl installed 
(or two versions of Term::ReadLine, or maybe even two versions of 
Cyrus::IMAP::Shell), and they're getting in each other's way?

I'm having a quick glance at the (2.5.10) source of Cyrus::IMAP::Shell and this 
caught my eye:

> # ugh.  ugh.  suck.  aieee.
> my $use_rl = 'Cyrus::IMAP::DummyReadline';
> {
>   if (eval { require Term::ReadLine; }) {
> $use_rl = 'Term::ReadLine';
>   }
> }

Which... fills me with confidence.  Looks like a workaround for missing 
(broken?) Term::Readline but that comment isn't super enlightening.  I wonder 
if it will Just Work if you uninstall Term::Readline?

I haven't really used cyradm at all myself, so take all this with a grain of 
salt.  Hopefully someone who has can chime in!

Cheers,

ellie

On Sun, Dec 16, 2018, at 8:04 PM, Binarus wrote:
> Dear all,
> 
> I was just trying to explore cyradm a little bit further and hence was 
> experimenting with its scripting capabilities. Having cyradm run a 
> script should be pretty easy. man cyradm tells us:
> 
>   perl -MCyrus::IMAP::Shell -e 'run("myscript")'
> 
> So I created the simplest possible script (that means an empty one) and 
> tried to run it:
> 
>   touch 000
>   chmod a+x 000 (just in case ...)
>   perl -MCyrus::IMAP::Shell -e 'run("000")'
> 
> The only thing I got was:
> 
>   Use of uninitialized value within @layers in string eq at /usr/local/
> lib/x86_64-linux-gnu/perl/5.24.1/Term/ReadLine/Gnu.pm line 280.
>   Bad filehandle: __DATA__ at /usr/local/lib/x86_64-linux-gnu/perl/
> 5.24.1/Term/ReadLine/Gnu.pm line 769.
> 
> Putting something meaningful into the script did not change the situation.
> 
> I have googled and read documentation (mainly on cyrusimapd.org) for 
> several hours, but could not find the reason for the problem.
> 
> I even have put allowplaintext=yes into imapd.conf and restarted imapd 
> (knowing that this probably wasn't very smart, but the term "layers" in 
> the error message made me mistrustful because there are authentication 
> "layers", and I don't have any problems with Term::ReadLine::Gnu in 
> general). As expected, this didn't change the situation either.
> 
> This happened with 2.4.16 as well as with 2.5.10.
> 
> Could anybody please tell me what I might do wrong here?
> 
> Thank you very much in advance,
> 
> Binarus
> 
> 
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Running a script with cyradm throwing ReadLine errors

[Binarus]

Dear all,

I was just trying to explore cyradm a little bit further and hence was 
experimenting with its scripting capabilities. Having cyradm run a script 
should be pretty easy. man cyradm tells us:

  perl -MCyrus::IMAP::Shell -e 'run("myscript")'

So I created the simplest possible script (that means an empty one) and tried 
to run it:

  touch 000
  chmod a+x 000 (just in case ...)
  perl -MCyrus::IMAP::Shell -e 'run("000")'

The only thing I got was:

  Use of uninitialized value within @layers in string eq at 
/usr/local/lib/x86_64-linux-gnu/perl/5.24.1/Term/ReadLine/Gnu.pm line 280.
  Bad filehandle: __DATA__ at 
/usr/local/lib/x86_64-linux-gnu/perl/5.24.1/Term/ReadLine/Gnu.pm line 769.

Putting something meaningful into the script did not change the situation.

I have googled and read documentation (mainly on cyrusimapd.org) for several 
hours, but could not find the reason for the problem.

I even have put allowplaintext=yes into imapd.conf and restarted imapd (knowing 
that this probably wasn't very smart, but the term "layers" in the error 
message made me mistrustful because there are authentication "layers", and I 
don't have any problems with Term::ReadLine::Gnu in general). As expected, this 
didn't change the situation either.

This happened with 2.4.16 as well as with 2.5.10.

Could anybody please tell me what I might do wrong here?

Thank you very much in advance,

Binarus


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyradm problem

[Paul van der Vlis]

Op 15-09-18 om 08:25 schreef bluntroller via Info-cyrus:
> Day,
> I totally dislike it but I need help here.
> I have postfix installed, up and running as a MTA.
> I have saslauthd installed up and running and an authentication server.
> I use the auxprop-sasldb2 alternative as a user/password database (and
> thought this were the easiest way to get it all up before turning to the
> mysql option, automating procedures, php-scripting etc)
> I can do remote-logins into my server via sasl authentication.
> I can do remote-logings into my (imaps) server with the aid of TLS
> Certificates only.
> I do not use the POP3 protocol at all.
> I do not use unsecured connections at all.
> Everything goes over TLS/sasl authentication/authorization.
> 
> However...
> If it comes to testsaslauthd, imtest or cyradm I can't connect to
> localhost.localdomain (via SSH) on my remote server or get a '*can't
> connect to server*' (cyradm) reply.

Not sure what you mean with "with ssh". What I do is log into the
machine with ssh, and then:
cyradm -u cyrus localhost
testsaslauthd -u paul -p xx -f /var/spool/postfix/var/run/saslauthd/mux

> I'm pretty sure it's a simple configuration problem or misunderstanding
> of the stack at all but I am stuck finding the needle in the haystack.
> It's probably a SSH problem but I am not sure.
> Inside SSH I use a certificate-based authentication too with root-logins
> not allowed ('without password')
> 
> Any help is very appreciated.

Hope it helps!

With regards,
Paul




-- 
Paul van der Vlis Linux systeembeheer Groningen
https://www.vandervlis.nl/


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

cyradm problem

[bluntroller via Info-cyrus]

Day,
I totally dislike it but I need help here.
I have postfix installed, up and running as a MTA.
I have saslauthd installed up and running and an authentication server.
I use the auxprop-sasldb2 alternative as a user/password database (and thought 
this were the easiest way to get it all up before turning to the mysql option, 
automating procedures, php-scripting etc)
I can do remote-logins into my server via sasl authentication.
I can do remote-logings into my (imaps) server with the aid of TLS Certificates 
only.
I do not use the POP3 protocol at all.
I do not use unsecured connections at all.
Everything goes over TLS/sasl authentication/authorization.

However...
If it comes to testsaslauthd, imtest or cyradm I can't connect to 
localhost.localdomain (via SSH) on my remote server or get a 'can't connect to 
server' (cyradm) reply.
I'm pretty sure it's a simple configuration problem or misunderstanding of the 
stack at all but I am stuck finding the needle in the haystack.
It's probably a SSH problem but I am not sure.
Inside SSH I use a certificate-based authentication too with root-logins not 
allowed ('without password')

Any help is very appreciated.

Greets

Gee
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: odd problem with cyradm

[Per olof Ljungmark]

On 2017-08-21 08:57, Egoitz Aurrekoetxea wrote:
> Have you copied from another machine or similar the quota database??
> 
> 
> You should never do that

No. The mailstore was transferred with imapsync many months ago.

The test enviroment behaves identical, ie. the MUA'a and bin/quota with
and without -f all report correct values for quota.

Only thing that does not work is cyradm for reading qoutas, "set quota"
works.

I think I'm giving up on this one for now because it is not a problem
really production-wise.

Thanks,

> 
> El 21/8/17 a las 8:42, Per olof Ljungmark escribió:
>> On 2017-08-21 08:11, Egoitz Aurrekoetxea wrote:
>>> Good morning,
>>>
>>>
>>> What happens if you launch the cyradm from a remote machine?. For
>>> instance in a FreeBSD with another Perl version?. Does it work?.
>>>
>>
>> No, tried that and results are the same. Current line of thought is
>> that something is not right with the quota database, I am building a
>> testing setup now to verify.
>>
>>>
>>> El 19/8/17 a las 13:18, Per olof Ljungmark escribió:
>>>> Hi all,
>>>>
>>>> Wonder if someone can offer help.
>>>>
>>>> Host is FreeBSD 11.0-STABLE #0 r316644M and cyrus 2.5.11 in a jail.
>>>> If I run cyradm as user cyrus (admin) and issue the lq command, usually
>>>> there is a proper response at first, but subsequent commands fail. This
>>>> could very well be a FreeBSD problem but I thought I'll ask here first.
>>>>
>>>> 1st:
>>>>
>>>> read(0,"lq user/\n",8192)  = 15 (0xf)
>>>> write(3,"8 GETQUOTA user/\r\n",24) = 24 (0x18)
>>>> select(4,{ 3 },{ },0x0,0x0)  = 1 (0x1)
>>>> read(3,"* QUOTA user/ (STORAGE 888619 1000)\r\n8 OK
>>>> Completed\r\n",4096) = 63 (0x3f)
>>>> write(1," STORAGE 888619/1000",24)   = 24 (0x18)
>>>> write(1," (8.88619%)",11)= 11 (0xb)
>>>> write(1,"\n",1)  = 1 (0x1)
>>>> write(1,"192.168.64.12> ",15)= 15 (0xf)
>>>>
>>>> and following
>>>>
>>>> read(0,"lq user/\n",8192)  = 15 (0xf)
>>>> write(3,"10 GETQUOTA user/\r\n",25)= 25 (0x19)
>>>> select(4,{ 3 },{ },0x0,0x0)  = 1 (0x1)
>>>> read(3,"* QUOTA user/ (STORAGE 888619 1000)\r\n10 OK
>>>> Completed\r\n",4096) = 64 (0x40)
>>>> write(1,"192.168.64.12> ",15)= 15 (0xf)
>>>>
>>>> As one can see, cyradm does not write out the info, just reads it.
>>>>
>>>> There are no quota problems AFAICS, bin/quota and -f all works as
>>>> expected and mail agents sees proper quota info, so I am inclined to
>>>> think there is something fishy with cyradm or possibly something I
>>>> cannot see with the quotas.
>>>>
>>>> Same with both quotas.db twoskip and quotalegacy. Other cyradm commands
>>>> works fine.
>>>>
>>>> Thanks!
>>>>
>>>> //per
>>>> 
>>>> Cyrus Home Page: http://www.cyrusimap.org/
>>>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>>>> To Unsubscribe:
>>>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>>>
>>> -- 
>>>
>>>
>>> sarenet
>>> *Egoitz Aurrekoetxea*
>>> Departamento de sistemas
>>> 944 209 470
>>> Parque Tecnológico. Edificio 103
>>> 48170 Zamudio (Bizkaia)
>>> ego...@sarenet.es <mailto:ego...@sarenet.es>
>>> www.sarenet.es <https://www.sarenet.es>
>>>
>>> Antes de imprimir este correo electrónico piense si es necesario
>>> hacerlo.
>>>
>>>
>>> 
>>> Cyrus Home Page: http://www.cyrusimap.org/
>>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>>> To Unsubscribe:
>>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>>>
>> 
>> Cyrus Home Page: http://www.cyrusimap.org/
>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>> To Unsubscribe:
>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
> 
> -- 
> 
> 
> sarenet
> *Egoitz Aurrekoetxea*
> Departamento de sistemas
> 944 209 470
> Parque Tecnológico. Edificio 103
> 48170 Zamudio (Bizkaia)
> ego...@sarenet.es <mailto:ego...@sarenet.es>
> www.sarenet.es <https://www.sarenet.es>
> 
> Antes de imprimir este correo electrónico piense si es necesario hacerlo.
> 
> 
> 
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
> 

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: odd problem with cyradm

[Egoitz Aurrekoetxea]

Have you copied from another machine or similar the quota database??


You should never do that


Best regards,


El 21/8/17 a las 8:42, Per olof Ljungmark escribió:

On 2017-08-21 08:11, Egoitz Aurrekoetxea wrote:

Good morning,


What happens if you launch the cyradm from a remote machine?. For
instance in a FreeBSD with another Perl version?. Does it work?.



No, tried that and results are the same. Current line of thought is 
that something is not right with the quota database, I am building a 
testing setup now to verify.




El 19/8/17 a las 13:18, Per olof Ljungmark escribió:

Hi all,

Wonder if someone can offer help.

Host is FreeBSD 11.0-STABLE #0 r316644M and cyrus 2.5.11 in a jail.
If I run cyradm as user cyrus (admin) and issue the lq command, usually
there is a proper response at first, but subsequent commands fail. This
could very well be a FreeBSD problem but I thought I'll ask here first.

1st:

read(0,"lq user/\n",8192)  = 15 (0xf)
write(3,"8 GETQUOTA user/\r\n",24) = 24 (0x18)
select(4,{ 3 },{ },0x0,0x0)  = 1 (0x1)
read(3,"* QUOTA user/ (STORAGE 888619 1000)\r\n8 OK
Completed\r\n",4096) = 63 (0x3f)
write(1," STORAGE 888619/1000",24)   = 24 (0x18)
write(1," (8.88619%)",11)= 11 (0xb)
write(1,"\n",1)  = 1 (0x1)
write(1,"192.168.64.12> ",15)= 15 (0xf)

and following

read(0,"lq user/\n",8192)  = 15 (0xf)
write(3,"10 GETQUOTA user/\r\n",25)= 25 (0x19)
select(4,{ 3 },{ },0x0,0x0)  = 1 (0x1)
read(3,"* QUOTA user/ (STORAGE 888619 1000)\r\n10 OK
Completed\r\n",4096) = 64 (0x40)
write(1,"192.168.64.12> ",15)= 15 (0xf)

As one can see, cyradm does not write out the info, just reads it.

There are no quota problems AFAICS, bin/quota and -f all works as
expected and mail agents sees proper quota info, so I am inclined to
think there is something fishy with cyradm or possibly something I
cannot see with the quotas.

Same with both quotas.db twoskip and quotalegacy. Other cyradm commands
works fine.

Thanks!

//per

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


--


sarenet
*Egoitz Aurrekoetxea*
Departamento de sistemas
944 209 470
Parque Tecnológico. Edificio 103
48170 Zamudio (Bizkaia)
ego...@sarenet.es <mailto:ego...@sarenet.es>
www.sarenet.es <https://www.sarenet.es>

Antes de imprimir este correo electrónico piense si es necesario 
hacerlo.




Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


--


sarenet
*Egoitz Aurrekoetxea*
Departamento de sistemas
944 209 470
Parque Tecnológico. Edificio 103
48170 Zamudio (Bizkaia)
ego...@sarenet.es <mailto:ego...@sarenet.es>
www.sarenet.es <https://www.sarenet.es>

Antes de imprimir este correo electrónico piense si es necesario hacerlo.

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: odd problem with cyradm

[Per olof Ljungmark]

On 2017-08-21 08:11, Egoitz Aurrekoetxea wrote:

Good morning,


What happens if you launch the cyradm from a remote machine?. For
instance in a FreeBSD with another Perl version?. Does it work?.



No, tried that and results are the same. Current line of thought is that 
something is not right with the quota database, I am building a testing 
setup now to verify.




El 19/8/17 a las 13:18, Per olof Ljungmark escribió:

Hi all,

Wonder if someone can offer help.

Host is FreeBSD 11.0-STABLE #0 r316644M and cyrus 2.5.11 in a jail.
If I run cyradm as user cyrus (admin) and issue the lq command, usually
there is a proper response at first, but subsequent commands fail. This
could very well be a FreeBSD problem but I thought I'll ask here first.

1st:

read(0,"lq user/\n",8192)  = 15 (0xf)
write(3,"8 GETQUOTA user/\r\n",24) = 24 (0x18)
select(4,{ 3 },{ },0x0,0x0)  = 1 (0x1)
read(3,"* QUOTA user/ (STORAGE 888619 1000)\r\n8 OK
Completed\r\n",4096) = 63 (0x3f)
write(1," STORAGE 888619/1000",24)   = 24 (0x18)
write(1," (8.88619%)",11)= 11 (0xb)
write(1,"\n",1)  = 1 (0x1)
write(1,"192.168.64.12> ",15)= 15 (0xf)

and following

read(0,"lq user/\n",8192)  = 15 (0xf)
write(3,"10 GETQUOTA user/\r\n",25)= 25 (0x19)
select(4,{ 3 },{ },0x0,0x0)  = 1 (0x1)
read(3,"* QUOTA user/ (STORAGE 888619 1000)\r\n10 OK
Completed\r\n",4096) = 64 (0x40)
write(1,"192.168.64.12> ",15)= 15 (0xf)

As one can see, cyradm does not write out the info, just reads it.

There are no quota problems AFAICS, bin/quota and -f all works as
expected and mail agents sees proper quota info, so I am inclined to
think there is something fishy with cyradm or possibly something I
cannot see with the quotas.

Same with both quotas.db twoskip and quotalegacy. Other cyradm commands
works fine.

Thanks!

//per

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


--


sarenet
*Egoitz Aurrekoetxea*
Departamento de sistemas
944 209 470
Parque Tecnológico. Edificio 103
48170 Zamudio (Bizkaia)
ego...@sarenet.es <mailto:ego...@sarenet.es>
www.sarenet.es <https://www.sarenet.es>

Antes de imprimir este correo electrónico piense si es necesario hacerlo.



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

odd problem with cyradm

[Per olof Ljungmark]

Hi all,

Wonder if someone can offer help.

Host is FreeBSD 11.0-STABLE #0 r316644M and cyrus 2.5.11 in a jail.
If I run cyradm as user cyrus (admin) and issue the lq command, usually
there is a proper response at first, but subsequent commands fail. This
could very well be a FreeBSD problem but I thought I'll ask here first.

1st:

read(0,"lq user/\n",8192)  = 15 (0xf)
write(3,"8 GETQUOTA user/\r\n",24) = 24 (0x18)
select(4,{ 3 },{ },0x0,0x0)  = 1 (0x1)
read(3,"* QUOTA user/ (STORAGE 888619 1000)\r\n8 OK
Completed\r\n",4096) = 63 (0x3f)
write(1," STORAGE 888619/1000",24)   = 24 (0x18)
write(1," (8.88619%)",11)= 11 (0xb)
write(1,"\n",1)  = 1 (0x1)
write(1,"192.168.64.12> ",15)= 15 (0xf)

and following

read(0,"lq user/\n",8192)  = 15 (0xf)
write(3,"10 GETQUOTA user/\r\n",25)= 25 (0x19)
select(4,{ 3 },{ },0x0,0x0)  = 1 (0x1)
read(3,"* QUOTA user/ (STORAGE 888619 1000)\r\n10 OK
Completed\r\n",4096) = 64 (0x40)
write(1,"192.168.64.12> ",15)= 15 (0xf)

As one can see, cyradm does not write out the info, just reads it.

There are no quota problems AFAICS, bin/quota and -f all works as
expected and mail agents sees proper quota info, so I am inclined to
think there is something fishy with cyradm or possibly something I
cannot see with the quotas.

Same with both quotas.db twoskip and quotalegacy. Other cyradm commands
works fine.

Thanks!

//per

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: 3.0.2 cyradm: listmailbox and info does not find any mailbox

[Stephan Lauffer]

Hi Ken,

Zitat von Ken Murchison :


Try user/foo instead of user.foo


poorly this doesn't help...:

localhost> info user/foo
Mailbox does not exist
localhost> info user^foo
Mailbox does not exist
localhost> info user.foo
Mailbox does not exist
localhost> lam user.foo
cyrus lrswipkxtecda
localhost>



--
Liebe Gruesse, with best regards
Stephan Lauffer

Pedagogical University Freiburg - Germany
http://www.ph-freiburg.de/zik/
Fon/ Fax: +49 761 682 -559/ -486


smime.p7s
Description: S/MIME-Signatur

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: 3.0.2 cyradm: listmailbox and info does not find any mailbox

[Ken Murchison]

Try user/foo instead of user.foo



On 07/27/2017 05:34 AM, Stephan Lauffer wrote:

Hello!

I am on building "newer" cyrus-imapd rpms for recent opensSUSE 
distributions because opensuse only offers 2.4*.


Atm  I am testing my first 3.0.2 bulds (see 
https://build.opensuse.org/project/show/home:nixda:branches:home:nixda:devel).


Poorly there must be something wrong somehow... somewhere... on an 
"fresh" and new system with no mailbox I did the following steps:


mailfr-hx:~ # cyradm --user cyrus localhost
Password:
localhost> lm *
localhost> lm user.foo
localhost> info user.foo
Mailbox does not exist
localhost> cm user.foo
localhost> lm
localhost> lm user.foo
localhost> info user.foo
Mailbox does not exist
localhost> sam user.foo cyrus all
localhost> lam user.foo
cyrus lrswipkxtecda
localhost> sam user.bar cyrus all
setaclmailbox: cyrus: lrswipkxtea: Mailbox does not exist

So you can see: sam and lam are working right, they can see if there 
is a mailbox... but lm and info is wrong.


The ctl_mboxlist command is ok, too:

cyrus@mailfr-hx:~> /usr/lib/cyrus/bin/ctl_mboxlist -d
user^foo0 00 cyrus  lrswipkxtecda

Any hints and ideas?!

Build and config informations (thx for the new tools!):
---

cyrus@mailfr-hx:~> /usr/lib/cyrus/bin/cyr_info conf
admins: cyrus murder
allowallsubscribe: yes
allowplaintext: yes
allowusermoves: yes
anyoneuseracl: no
autocreate_quota: 1
configdirectory: /var/lib/imap
defaultacl: anyone
defaultpartition: 00
duplicate_db_path: /var/lib/imap/deliver.db
fulldirhash: yes
hashimapspool: yes
mboxname_lockpath: /run/cyrus/lock
mupdate_authname: cyrus
mupdate_password: X
mupdate_server: mailproxy
mupdate_username: cyrus
proc_path: /run/cyrus/proc
proxy_authname: murder
proxy_password: XXX
proxyservers: murder
ptscache_db_path: /var/lib/imap/ptscache.db
quotawarn: 95
sieve_extensions: fileinto reject vacation imapflags notify include 
envelope body relational regex subaddress copy

sievedir: /var/lib/sieve
sievenotifier: mailto
statuscache_db_path: /var/lib/imap/statuscache.db
timeout: 35
tls_sessions_db_path: /var/lib/imap/tls_sessions.db
partition-04: /srv/cyrus/var/spool/imap/04
partition-05: /srv/cyrus/var/spool/imap/05
partition-06: /srv/cyrus/var/spool/imap/06
partition-07: /srv/cyrus/var/spool/imap/07
partition-00: /srv/cyrus/var/spool/imap/00
partition-01: /srv/cyrus/var/spool/imap/01
xlist-drafts: Drafts
partition-02: /srv/cyrus/var/spool/imap/02
sasl_mech_list: plain
xlist-sent: Sent
partition-03: /srv/cyrus/var/spool/imap/03
xlist-trash: Trash
sasl_pwcheck_method: saslauthd
partition-08: /srv/cyrus/var/spool/imap/08
xlist-spam: SPAM
lmtp_admins: murder
partition-09: /srv/cyrus/var/spool/imap/09


cyrus@mailfr-hx:~> /usr/lib/cyrus/bin/cyr_buildinfo
{
  "component": {
"event_notification": true,
"gssapi": true,
"autocreate": false,
"idled": true,
"httpd": true,
"kerberos_v4": false,
"murder": true,
"nntpd": true,
"replication": true,
"sieve": true,
"calalarmd": false,
"jmap": false,
"objectstore": false,
"backup": false
  },
  "dependency": {
"ldap": true,
"openssl": true,
"pcre": false,
"clamav": true
  },
  "database": {
"mysql": false,
"pgsql": false,
"sqlite": true,
"lmdb": false
  },
  "search": {
"squat": true,
"sphinx": false,
"xapian": false,
"xapian_flavor": "none"
  },
  "hardware": {
"sse42": true
  }
}

Sidenote: If I disable/not use the murder I can't see a different 
behavoir.





Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


--
Kenneth Murchison
Cyrus Development Team
FastMail Pty Ltd


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

3.0.2 cyradm: listmailbox and info does not find any mailbox

[Stephan Lauffer]

Hello!

I am on building "newer" cyrus-imapd rpms for recent opensSUSE  
distributions because opensuse only offers 2.4*.


Atm  I am testing my first 3.0.2 bulds (see  
https://build.opensuse.org/project/show/home:nixda:branches:home:nixda:devel).


Poorly there must be something wrong somehow... somewhere... on an  
"fresh" and new system with no mailbox I did the following steps:


mailfr-hx:~ # cyradm --user cyrus localhost
Password:
localhost> lm *
localhost> lm user.foo
localhost> info user.foo
Mailbox does not exist
localhost> cm user.foo
localhost> lm
localhost> lm user.foo
localhost> info user.foo
Mailbox does not exist
localhost> sam user.foo cyrus all
localhost> lam user.foo
cyrus lrswipkxtecda
localhost> sam user.bar cyrus all
setaclmailbox: cyrus: lrswipkxtea: Mailbox does not exist

So you can see: sam and lam are working right, they can see if there  
is a mailbox... but lm and info is wrong.


The ctl_mboxlist command is ok, too:

cyrus@mailfr-hx:~> /usr/lib/cyrus/bin/ctl_mboxlist -d
user^foo0 00 cyrus  lrswipkxtecda

Any hints and ideas?!

Build and config informations (thx for the new tools!):
---

cyrus@mailfr-hx:~> /usr/lib/cyrus/bin/cyr_info conf
admins: cyrus murder
allowallsubscribe: yes
allowplaintext: yes
allowusermoves: yes
anyoneuseracl: no
autocreate_quota: 1
configdirectory: /var/lib/imap
defaultacl: anyone
defaultpartition: 00
duplicate_db_path: /var/lib/imap/deliver.db
fulldirhash: yes
hashimapspool: yes
mboxname_lockpath: /run/cyrus/lock
mupdate_authname: cyrus
mupdate_password: X
mupdate_server: mailproxy
mupdate_username: cyrus
proc_path: /run/cyrus/proc
proxy_authname: murder
proxy_password: XXX
proxyservers: murder
ptscache_db_path: /var/lib/imap/ptscache.db
quotawarn: 95
sieve_extensions: fileinto reject vacation imapflags notify include  
envelope body relational regex subaddress copy

sievedir: /var/lib/sieve
sievenotifier: mailto
statuscache_db_path: /var/lib/imap/statuscache.db
timeout: 35
tls_sessions_db_path: /var/lib/imap/tls_sessions.db
partition-04: /srv/cyrus/var/spool/imap/04
partition-05: /srv/cyrus/var/spool/imap/05
partition-06: /srv/cyrus/var/spool/imap/06
partition-07: /srv/cyrus/var/spool/imap/07
partition-00: /srv/cyrus/var/spool/imap/00
partition-01: /srv/cyrus/var/spool/imap/01
xlist-drafts: Drafts
partition-02: /srv/cyrus/var/spool/imap/02
sasl_mech_list: plain
xlist-sent: Sent
partition-03: /srv/cyrus/var/spool/imap/03
xlist-trash: Trash
sasl_pwcheck_method: saslauthd
partition-08: /srv/cyrus/var/spool/imap/08
xlist-spam: SPAM
lmtp_admins: murder
partition-09: /srv/cyrus/var/spool/imap/09


cyrus@mailfr-hx:~> /usr/lib/cyrus/bin/cyr_buildinfo
{
  "component": {
"event_notification": true,
"gssapi": true,
"autocreate": false,
"idled": true,
"httpd": true,
"kerberos_v4": false,
"murder": true,
"nntpd": true,
"replication": true,
"sieve": true,
"calalarmd": false,
"jmap": false,
"objectstore": false,
"backup": false
  },
  "dependency": {
"ldap": true,
"openssl": true,
"pcre": false,
"clamav": true
  },
  "database": {
"mysql": false,
"pgsql": false,
"sqlite": true,
"lmdb": false
  },
  "search": {
"squat": true,
"sphinx": false,
"xapian": false,
"xapian_flavor": "none"
  },
  "hardware": {
"sse42": true
  }
}

Sidenote: If I disable/not use the murder I can't see a different behavoir.

--
Liebe Gruesse, with best regards
Stephan Lauffer

Pedagogical University Freiburg - Germany
http://www.ph-freiburg.de/zik/
Fon/ Fax: +49 761 682 -559/ -486


smime.p7s
Description: S/MIME-Signatur

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyradm not showing metadata if logged as admin

[Bron Gondwana]

Not really, no.  It's the same problem we have with the \Seen flag, which is 
private to each user.

Bron.

On Fri, 7 Apr 2017, at 12:32, ellie timoney wrote:
> Hi Olaf,
> 
> I think this is expected behaviour.   Mailbox annotations in the
> "/private/" namespace are per user -- such that if multiple users have
> access to the same mailbox, they can each have their own annotations on
> it.
> 
> So, when you log into this account with IMAP and set /private/specialuse
> annotations, you're setting those annotations for the user you logged in
> as.
> 
> When you log in as an admin and look at the same mailbox, you're seeing
> the admin's annotations (which you haven't set any), not the user's.
> 
> I don't know if there's an effective way to do what you want.  Can
> anyone else chime in?
> 
> Cheers,
> 
> ellie
> 
> On Fri, Apr 7, 2017, at 12:29 AM, Olaf Frączyk wrote:
> > Hello,
> > 
> > cyrus-imapd-2.5.10-2.3.el7.x86_64 from open build system
> > 
> > I have set metadata for mailboxes:
> > 
> > t3 SETMETADATA "INBOX/Sent" (/private/specialuse "\\Sent")
> > 
> > I can see the metadata from imap connection and from cyradm but only 
> > when logged as user:
> > 
> > t3 LIST (SPECIAL-USE) "" "*"
> > * LIST (\HasNoChildren \Drafts) "/" INBOX/Drafts
> > * LIST (\HasNoChildren \Sent) "/" INBOX/Sent
> > * LIST (\HasNoChildren \Trash) "/" INBOX/Trash
> > * LIST (\HasNoChildren \Junk) "/" INBOX/spam
> > 
> > 192.168.1.8> getmd INBOX/Sent
> > {INBOX/Sent}:
> >private:
> >  check: NIL
> >  checkperiod: NIL
> >  comment: NIL
> >  sort: NIL
> >  specialuse: \Sent
> >  thread: NIL
> >  expire: NIL
> >  news2mail: NIL
> >  sieve: NIL
> >  squat: NIL
> > 
> > When logged as cyrus admin I get:
> > 
> > 192.168.1.8> getmd user/info/s...@navi.pl
> > {user/info/s...@navi.pl}:
> >private:
> >  check: NIL
> >  checkperiod: NIL
> >  comment: NIL
> >  sort: NIL
> >  specialuse: NIL
> >  thread: NIL
> >  expire: NIL
> >  news2mail: NIL
> >  sieve: NIL
> >  squat: NIL
> > 
> > I want to be able to set the metadata for users' mailboxes, so the 
> > Outlook and Thunderbird use correct folders.
> > 
> > I tried to give the admin full ACL rights for this mailbox but it didn't 
> > help.
> > 
> > Is there any configuration option to change this behaviour?
> > 
> > Best regards,
> > 
> > Olaf Frączyk
> > 
> > -- 
> > NAVI Sp. z o.o.
> > Promienista 5/1
> > 60-288 Poznań
> > 
> > mobile: +48609769035
> > phone: +48616622881
> > fax: +48616622882
> > http://www.navi.pl
> > 
> > 
> > Cyrus Home Page: http://www.cyrusimap.org/
> > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> > To Unsubscribe:
> > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
> 
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


-- 
  Bron Gondwana
  br...@fastmail.fm

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyradm not showing metadata if logged as admin

[ellie timoney]

Hi Olaf,

I think this is expected behaviour.   Mailbox annotations in the
"/private/" namespace are per user -- such that if multiple users have
access to the same mailbox, they can each have their own annotations on
it.

So, when you log into this account with IMAP and set /private/specialuse
annotations, you're setting those annotations for the user you logged in
as.

When you log in as an admin and look at the same mailbox, you're seeing
the admin's annotations (which you haven't set any), not the user's.

I don't know if there's an effective way to do what you want.  Can
anyone else chime in?

Cheers,

ellie

On Fri, Apr 7, 2017, at 12:29 AM, Olaf Frączyk wrote:
> Hello,
> 
> cyrus-imapd-2.5.10-2.3.el7.x86_64 from open build system
> 
> I have set metadata for mailboxes:
> 
> t3 SETMETADATA "INBOX/Sent" (/private/specialuse "\\Sent")
> 
> I can see the metadata from imap connection and from cyradm but only 
> when logged as user:
> 
> t3 LIST (SPECIAL-USE) "" "*"
> * LIST (\HasNoChildren \Drafts) "/" INBOX/Drafts
> * LIST (\HasNoChildren \Sent) "/" INBOX/Sent
> * LIST (\HasNoChildren \Trash) "/" INBOX/Trash
> * LIST (\HasNoChildren \Junk) "/" INBOX/spam
> 
> 192.168.1.8> getmd INBOX/Sent
> {INBOX/Sent}:
>private:
>  check: NIL
>  checkperiod: NIL
>  comment: NIL
>  sort: NIL
>  specialuse: \Sent
>  thread: NIL
>  expire: NIL
>  news2mail: NIL
>  sieve: NIL
>  squat: NIL
> 
> When logged as cyrus admin I get:
> 
> 192.168.1.8> getmd user/info/s...@navi.pl
> {user/info/s...@navi.pl}:
>private:
>  check: NIL
>  checkperiod: NIL
>  comment: NIL
>  sort: NIL
>  specialuse: NIL
>  thread: NIL
>  expire: NIL
>  news2mail: NIL
>  sieve: NIL
>  squat: NIL
> 
> I want to be able to set the metadata for users' mailboxes, so the 
> Outlook and Thunderbird use correct folders.
> 
> I tried to give the admin full ACL rights for this mailbox but it didn't 
> help.
> 
> Is there any configuration option to change this behaviour?
> 
> Best regards,
> 
> Olaf Frączyk
> 
> -- 
> NAVI Sp. z o.o.
> Promienista 5/1
> 60-288 Poznań
> 
> mobile: +48609769035
> phone: +48616622881
> fax: +48616622882
> http://www.navi.pl
> 
> 
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

cyradm not showing metadata if logged as admin

[Olaf Frączyk]

Hello,

cyrus-imapd-2.5.10-2.3.el7.x86_64 from open build system

I have set metadata for mailboxes:

t3 SETMETADATA "INBOX/Sent" (/private/specialuse "\\Sent")

I can see the metadata from imap connection and from cyradm but only 
when logged as user:


t3 LIST (SPECIAL-USE) "" "*"
* LIST (\HasNoChildren \Drafts) "/" INBOX/Drafts
* LIST (\HasNoChildren \Sent) "/" INBOX/Sent
* LIST (\HasNoChildren \Trash) "/" INBOX/Trash
* LIST (\HasNoChildren \Junk) "/" INBOX/spam

192.168.1.8> getmd INBOX/Sent
{INBOX/Sent}:
  private:
check: NIL
checkperiod: NIL
comment: NIL
sort: NIL
specialuse: \Sent
thread: NIL
expire: NIL
news2mail: NIL
sieve: NIL
squat: NIL

When logged as cyrus admin I get:

192.168.1.8> getmd user/info/s...@navi.pl
{user/info/s...@navi.pl}:
  private:
check: NIL
checkperiod: NIL
comment: NIL
sort: NIL
specialuse: NIL
thread: NIL
expire: NIL
news2mail: NIL
sieve: NIL
squat: NIL

I want to be able to set the metadata for users' mailboxes, so the 
Outlook and Thunderbird use correct folders.


I tried to give the admin full ACL rights for this mailbox but it didn't 
help.


Is there any configuration option to change this behaviour?

Best regards,

Olaf Frączyk

--
NAVI Sp. z o.o.
Promienista 5/1
60-288 Poznań

mobile: +48609769035
phone: +48616622881
fax: +48616622882
http://www.navi.pl


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Can't authorize as different user in cyradm and sieveshell

[Michael Ulitskiy via Info-cyrus]

Dan,

You nailed it. Mere presence of sasldb plugin makes it work.
The code doesn't look kosher to me though.

In sasl_server_new() there's a line:
serverconn->sparams->canon_user = &_sasl_canon_user_lookup;

which unconditionally set canon_user callback to the function that performs both
canonicalization and auxprop lookup. In case there's no auxprop plugins it
results in SASL_NOMECH.

I guess it should check whether auxprop plugins are available in the system and 
either
set it to _sasl_canon_user_lookup() or _sasl_canon_user().

Anyway installing sasldb plugin is easy enough workaround.

Thanks everybody,

Michael


On Monday, November 21, 2016 04:36:01 PM Dan White wrote:
> In the absence of an [sasl_]auxprop_plugins statement, all plugins will be
> queried. For example, running pluginviewer (or saslpluginviewer on debian)
> should typically list sasldb if it's installed on your system.
> 
> The canon_user plugins and auxprop plugins are coded within the same code,
> and so are tied together somewhat, although I haven't dug into the code to
> explain the error Michael is experiencing.
> 
> Michael,
> 
> I'd suggest installing the sasldb auxprop to see if that clears up the
> issue. That may not even require a configuration change.
> 
> On 11/21/16 13:43 -0800, Andrew Morgan via Info-cyrus wrote:
> >I'm using Debian packages for sasl.  Here is what libsasl2-modules 
> >includes:
> >
> >/usr/lib/x86_64-linux-gnu/sasl2/libplain.so.2.0.25
> >/usr/lib/x86_64-linux-gnu/sasl2/libcrammd5.so.2.0.25
> >/usr/lib/x86_64-linux-gnu/sasl2/libdigestmd5.so.2.0.25
> >/usr/lib/x86_64-linux-gnu/sasl2/liblogin.so.2.0.25
> >/usr/lib/x86_64-linux-gnu/sasl2/libanonymous.so.2.0.25
> >/usr/lib/x86_64-linux-gnu/sasl2/libntlm.so.2.0.25
> >
> >But in my imapd.conf, I'm not specifying an auxprop plugins:
> >
> ># grep sasl /etc/imapd.conf
> >sasl_mech_list: PLAIN
> >sasl_minimum_layer: 0
> >#sasl_maximum_layer: 256
> >sasl_pwcheck_method: saslauthd
> >
> >Since we are using saslauthd, we don't use auxprop plugins, I think...
> >
> > Andy
> >
> >On Mon, 21 Nov 2016, Michael Ulitskiy wrote:
> >
> >>I'm trying to read the code and it seems that it tries to lookup 
> >>authorization id
> >>in auxprop plugin. since I don't have any auxprop plugins that returns 
> >>SASL_NOMECH and results
> >>in the error I'm seeing.
> >>
> >>By any chance do you have any auxprop plugin defined?
> 
> 
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Can't authorize as different user in cyradm and sieveshell

[Dan White via Info-cyrus]

In the absence of an [sasl_]auxprop_plugins statement, all plugins will be
queried. For example, running pluginviewer (or saslpluginviewer on debian)
should typically list sasldb if it's installed on your system.

The canon_user plugins and auxprop plugins are coded within the same code,
and so are tied together somewhat, although I haven't dug into the code to
explain the error Michael is experiencing.

Michael,

I'd suggest installing the sasldb auxprop to see if that clears up the
issue. That may not even require a configuration change.

On 11/21/16 13:43 -0800, Andrew Morgan via Info-cyrus wrote:
I'm using Debian packages for sasl.  Here is what libsasl2-modules 
includes:


/usr/lib/x86_64-linux-gnu/sasl2/libplain.so.2.0.25
/usr/lib/x86_64-linux-gnu/sasl2/libcrammd5.so.2.0.25
/usr/lib/x86_64-linux-gnu/sasl2/libdigestmd5.so.2.0.25
/usr/lib/x86_64-linux-gnu/sasl2/liblogin.so.2.0.25
/usr/lib/x86_64-linux-gnu/sasl2/libanonymous.so.2.0.25
/usr/lib/x86_64-linux-gnu/sasl2/libntlm.so.2.0.25

But in my imapd.conf, I'm not specifying an auxprop plugins:

# grep sasl /etc/imapd.conf
sasl_mech_list: PLAIN
sasl_minimum_layer: 0
#sasl_maximum_layer: 256
sasl_pwcheck_method: saslauthd

Since we are using saslauthd, we don't use auxprop plugins, I think...

Andy

On Mon, 21 Nov 2016, Michael Ulitskiy wrote:


I'm trying to read the code and it seems that it tries to lookup authorization 
id
in auxprop plugin. since I don't have any auxprop plugins that returns 
SASL_NOMECH and results
in the error I'm seeing.

By any chance do you have any auxprop plugin defined?


--
Dan White

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Can't authorize as different user in cyradm and sieveshell

[Andrew Morgan via Info-cyrus]

ords i want to use a special user for authentication
and authorize as the target user.
Here's what I have.

imapd.conf:
admins: mailadmin
proxyservers: proxyadmin
sasl_pwcheck_method: saslauthd
#sasl_pwcheck_method: alwaystrue
sasl_mech_list: PLAIN
allowplaintext: yes

here's what i do:

root@rway-imap-vm:~# sieveshell -a proxyadmin -u t...@virtualcrap.com localhost
connecting to localhost
Please enter your password:
unable to connect to server at /usr/bin/sieveshell line 191,  line 1.

here's the log:
Nov 17 18:24:44 rway-imap-vm sieve[2256]: TLS is available.
Nov 17 18:24:46 rway-imap-vm saslauthd[1169]: pam_userdb(sieve:auth): user 
'proxyadmin' granted access
Nov 17 18:24:46 rway-imap-vm sieve[2256]: badlogin: localhost [127.0.0.1] PLAIN 
no mechanism available
Nov 17 18:24:46 rway-imap-vm sieve[2256]: Lost connection to client -- exiting

as you can see user proxyadmin authenticated successfully, but then something 
(authorization?) went wrong
and it says "PLAIN no mechanism available".
this only happens if i try to authorize as different user. if i don't 
everything works fine:

root@rway-imap-vm:~# sieveshell -a t...@virtualcrap.com -u t...@virtualcrap.com 
localhost
connecting to localhost
Please enter your password:




log:
Nov 17 18:24:11 rway-imap-vm sieve[2247]: TLS is available.
Nov 17 18:24:15 rway-imap-vm saslauthd[1167]: pam_userdb(sieve:auth): user 
't...@virtualcrap.com' granted access
Nov 17 18:24:15 rway-imap-vm sieve[2247]: login: localhost [127.0.0.1] 
t...@virtualcrap.com PLAIN User logged in

the same happends to cyradm:
root@rway-imap-vm:~# cyradm --user=proxyadmin --authz=t...@virtualcrap.com 
--auth=plain localhost
Password:
IMAP Password:

log:
Nov 17 18:26:27 rway-imap-vm saslauthd[1166]: pam_userdb(imap:auth): user 
'proxyadmin' granted access
Nov 17 18:26:27 rway-imap-vm imap[2277]: badlogin: localhost [127.0.0.1] PLAIN 
[SASL(-4): no mechanism available: Unable to find a callback: 32773]

but ok without trying to authorize as different user:
root@rway-imap-vm:~# cyradm --user=t...@virtualcrap.com --auth=plain localhost
Password:
localhost>
Nov 17 18:27:31 rway-imap-vm saslauthd[1167]: pam_userdb(imap:auth): user 
't...@virtualcrap.com' granted access
Nov 17 18:27:31 rway-imap-vm imap[2276]: login: localhost [127.0.0.1] 
t...@virtualcrap.com PLAIN User logged in 
SESSIONID=

Can somebody tell me what I am doing wrong?
Thanks a lot,

Michael


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Can't authorize as different user in cyradm and sieveshell

[Michael Ulitskiy via Info-cyrus]

t; >>Andy
> >>
> >> On Sun, 20 Nov 2016, Michael Ulitskiy via Info-cyrus wrote:
> >>
> >>> Since nobody answered, I guess, nobody has any idea.
> >>> I wonder if anybody uses this feature and it works for you?
> >>> I mean I'd like to know if that's just me and something is wrong with my 
> >>> setup or may be that feature isn't functional at all?
> >>> Thanks in advance,
> >>>
> >>> Michael
> >>>
> >>> On Thursday, November 17, 2016 06:30:18 PM Michael Ulitskiy via 
> >>> Info-cyrus wrote:
> >>>> Hello,
> >>>>
> >>>> I'm playing with cyrus-imap 2.5.10 and cyrus-sasl 2.1.26.
> >>>> i'm trying to use sieveshell to setup users sieve scripts, but since
> >>>> i don't know users passwords i want to use a special user for 
> >>>> authentication
> >>>> and authorize as the target user.
> >>>> Here's what I have.
> >>>>
> >>>> imapd.conf:
> >>>> admins: mailadmin
> >>>> proxyservers: proxyadmin
> >>>> sasl_pwcheck_method: saslauthd
> >>>> #sasl_pwcheck_method: alwaystrue
> >>>> sasl_mech_list: PLAIN
> >>>> allowplaintext: yes
> >>>>
> >>>> here's what i do:
> >>>>
> >>>> root@rway-imap-vm:~# sieveshell -a proxyadmin -u t...@virtualcrap.com 
> >>>> localhost
> >>>> connecting to localhost
> >>>> Please enter your password:
> >>>> unable to connect to server at /usr/bin/sieveshell line 191,  
> >>>> line 1.
> >>>>
> >>>> here's the log:
> >>>> Nov 17 18:24:44 rway-imap-vm sieve[2256]: TLS is available.
> >>>> Nov 17 18:24:46 rway-imap-vm saslauthd[1169]: pam_userdb(sieve:auth): 
> >>>> user 'proxyadmin' granted access
> >>>> Nov 17 18:24:46 rway-imap-vm sieve[2256]: badlogin: localhost 
> >>>> [127.0.0.1] PLAIN no mechanism available
> >>>> Nov 17 18:24:46 rway-imap-vm sieve[2256]: Lost connection to client -- 
> >>>> exiting
> >>>>
> >>>> as you can see user proxyadmin authenticated successfully, but then 
> >>>> something (authorization?) went wrong
> >>>> and it says "PLAIN no mechanism available".
> >>>> this only happens if i try to authorize as different user. if i don't 
> >>>> everything works fine:
> >>>>
> >>>> root@rway-imap-vm:~# sieveshell -a t...@virtualcrap.com -u 
> >>>> t...@virtualcrap.com localhost
> >>>> connecting to localhost
> >>>> Please enter your password:
> >>>>>
> >>>>
> >>>> log:
> >>>> Nov 17 18:24:11 rway-imap-vm sieve[2247]: TLS is available.
> >>>> Nov 17 18:24:15 rway-imap-vm saslauthd[1167]: pam_userdb(sieve:auth): 
> >>>> user 't...@virtualcrap.com' granted access
> >>>> Nov 17 18:24:15 rway-imap-vm sieve[2247]: login: localhost [127.0.0.1] 
> >>>> t...@virtualcrap.com PLAIN User logged in
> >>>>
> >>>> the same happends to cyradm:
> >>>> root@rway-imap-vm:~# cyradm --user=proxyadmin 
> >>>> --authz=t...@virtualcrap.com --auth=plain localhost
> >>>> Password:
> >>>> IMAP Password:
> >>>>
> >>>> log:
> >>>> Nov 17 18:26:27 rway-imap-vm saslauthd[1166]: pam_userdb(imap:auth): 
> >>>> user 'proxyadmin' granted access
> >>>> Nov 17 18:26:27 rway-imap-vm imap[2277]: badlogin: localhost [127.0.0.1] 
> >>>> PLAIN [SASL(-4): no mechanism available: Unable to find a callback: 
> >>>> 32773]
> >>>>
> >>>> but ok without trying to authorize as different user:
> >>>> root@rway-imap-vm:~# cyradm --user=t...@virtualcrap.com --auth=plain 
> >>>> localhost
> >>>> Password:
> >>>> localhost>
> >>>> Nov 17 18:27:31 rway-imap-vm saslauthd[1167]: pam_userdb(imap:auth): 
> >>>> user 't...@virtualcrap.com' granted access
> >>>> Nov 17 18:27:31 rway-imap-vm imap[2276]: login: localhost [127.0.0.1] 
> >>>> t...@virtualcrap.com PLAIN User logged in 
> >>>> SESSIONID=
> >>>>
> >>>> Can somebody tell me what I am doing wrong?
> >>>> Thanks a lot,
> >>>>
> >>>> Michael
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Can't authorize as different user in cyradm and sieveshell

[Michael Ulitskiy via Info-cyrus]

 copy"
> >> S: "STARTTLS"
> >> S: "UNAUTHENTICATE"
> >> S: OK
> >> Please enter your password:
> >> C: AUTHENTICATE "PLAIN" {28+}
> >> 
> >> S: OK
> >> Authenticated.
> >> Security strength factor: 0
> >> C: LOGOUT
> >> OK "Logout Complete"
> >> Connection closed.
> >>
> >>
> >>Andy
> >>
> >> On Sun, 20 Nov 2016, Michael Ulitskiy via Info-cyrus wrote:
> >>
> >>> Since nobody answered, I guess, nobody has any idea.
> >>> I wonder if anybody uses this feature and it works for you?
> >>> I mean I'd like to know if that's just me and something is wrong with my 
> >>> setup or may be that feature isn't functional at all?
> >>> Thanks in advance,
> >>>
> >>> Michael
> >>>
> >>> On Thursday, November 17, 2016 06:30:18 PM Michael Ulitskiy via 
> >>> Info-cyrus wrote:
> >>>> Hello,
> >>>>
> >>>> I'm playing with cyrus-imap 2.5.10 and cyrus-sasl 2.1.26.
> >>>> i'm trying to use sieveshell to setup users sieve scripts, but since
> >>>> i don't know users passwords i want to use a special user for 
> >>>> authentication
> >>>> and authorize as the target user.
> >>>> Here's what I have.
> >>>>
> >>>> imapd.conf:
> >>>> admins: mailadmin
> >>>> proxyservers: proxyadmin
> >>>> sasl_pwcheck_method: saslauthd
> >>>> #sasl_pwcheck_method: alwaystrue
> >>>> sasl_mech_list: PLAIN
> >>>> allowplaintext: yes
> >>>>
> >>>> here's what i do:
> >>>>
> >>>> root@rway-imap-vm:~# sieveshell -a proxyadmin -u t...@virtualcrap.com 
> >>>> localhost
> >>>> connecting to localhost
> >>>> Please enter your password:
> >>>> unable to connect to server at /usr/bin/sieveshell line 191,  
> >>>> line 1.
> >>>>
> >>>> here's the log:
> >>>> Nov 17 18:24:44 rway-imap-vm sieve[2256]: TLS is available.
> >>>> Nov 17 18:24:46 rway-imap-vm saslauthd[1169]: pam_userdb(sieve:auth): 
> >>>> user 'proxyadmin' granted access
> >>>> Nov 17 18:24:46 rway-imap-vm sieve[2256]: badlogin: localhost 
> >>>> [127.0.0.1] PLAIN no mechanism available
> >>>> Nov 17 18:24:46 rway-imap-vm sieve[2256]: Lost connection to client -- 
> >>>> exiting
> >>>>
> >>>> as you can see user proxyadmin authenticated successfully, but then 
> >>>> something (authorization?) went wrong
> >>>> and it says "PLAIN no mechanism available".
> >>>> this only happens if i try to authorize as different user. if i don't 
> >>>> everything works fine:
> >>>>
> >>>> root@rway-imap-vm:~# sieveshell -a t...@virtualcrap.com -u 
> >>>> t...@virtualcrap.com localhost
> >>>> connecting to localhost
> >>>> Please enter your password:
> >>>>>
> >>>>
> >>>> log:
> >>>> Nov 17 18:24:11 rway-imap-vm sieve[2247]: TLS is available.
> >>>> Nov 17 18:24:15 rway-imap-vm saslauthd[1167]: pam_userdb(sieve:auth): 
> >>>> user 't...@virtualcrap.com' granted access
> >>>> Nov 17 18:24:15 rway-imap-vm sieve[2247]: login: localhost [127.0.0.1] 
> >>>> t...@virtualcrap.com PLAIN User logged in
> >>>>
> >>>> the same happends to cyradm:
> >>>> root@rway-imap-vm:~# cyradm --user=proxyadmin 
> >>>> --authz=t...@virtualcrap.com --auth=plain localhost
> >>>> Password:
> >>>> IMAP Password:
> >>>>
> >>>> log:
> >>>> Nov 17 18:26:27 rway-imap-vm saslauthd[1166]: pam_userdb(imap:auth): 
> >>>> user 'proxyadmin' granted access
> >>>> Nov 17 18:26:27 rway-imap-vm imap[2277]: badlogin: localhost [127.0.0.1] 
> >>>> PLAIN [SASL(-4): no mechanism available: Unable to find a callback: 
> >>>> 32773]
> >>>>
> >>>> but ok without trying to authorize as different user:
> >>>> root@rway-imap-vm:~# cyradm --user=t...@virtualcrap.com --auth=plain 
> >>>> localhost
> >>>> Password:
> >>>> localhost>
> >>>> Nov 17 18:27:31 rway-imap-vm saslauthd[1167]: pam_userdb(imap:auth): 
> >>>> user 't...@virtualcrap.com' granted access
> >>>> Nov 17 18:27:31 rway-imap-vm imap[2276]: login: localhost [127.0.0.1] 
> >>>> t...@virtualcrap.com PLAIN User logged in 
> >>>> SESSIONID=
> >>>>
> >>>> Can somebody tell me what I am doing wrong?
> >>>> Thanks a lot,
> >>>>
> >>>> Michael
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Can't authorize as different user in cyradm and sieveshell

[Andrew Morgan via Info-cyrus]

uthorize as different user. if i don't 
everything works fine:

root@rway-imap-vm:~# sieveshell -a t...@virtualcrap.com -u t...@virtualcrap.com 
localhost
connecting to localhost
Please enter your password:




log:
Nov 17 18:24:11 rway-imap-vm sieve[2247]: TLS is available.
Nov 17 18:24:15 rway-imap-vm saslauthd[1167]: pam_userdb(sieve:auth): user 
't...@virtualcrap.com' granted access
Nov 17 18:24:15 rway-imap-vm sieve[2247]: login: localhost [127.0.0.1] 
t...@virtualcrap.com PLAIN User logged in

the same happends to cyradm:
root@rway-imap-vm:~# cyradm --user=proxyadmin --authz=t...@virtualcrap.com 
--auth=plain localhost
Password:
IMAP Password:

log:
Nov 17 18:26:27 rway-imap-vm saslauthd[1166]: pam_userdb(imap:auth): user 
'proxyadmin' granted access
Nov 17 18:26:27 rway-imap-vm imap[2277]: badlogin: localhost [127.0.0.1] PLAIN 
[SASL(-4): no mechanism available: Unable to find a callback: 32773]

but ok without trying to authorize as different user:
root@rway-imap-vm:~# cyradm --user=t...@virtualcrap.com --auth=plain localhost
Password:
localhost>
Nov 17 18:27:31 rway-imap-vm saslauthd[1167]: pam_userdb(imap:auth): user 
't...@virtualcrap.com' granted access
Nov 17 18:27:31 rway-imap-vm imap[2276]: login: localhost [127.0.0.1] 
t...@virtualcrap.com PLAIN User logged in 
SESSIONID=

Can somebody tell me what I am doing wrong?
Thanks a lot,

Michael


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Can't authorize as different user in cyradm and sieveshell

[Michael Ulitskiy via Info-cyrus]

 18:24:46 rway-imap-vm sieve[2256]: Lost connection to client -- 
> >> exiting
> >>
> >> as you can see user proxyadmin authenticated successfully, but then 
> >> something (authorization?) went wrong
> >> and it says "PLAIN no mechanism available".
> >> this only happens if i try to authorize as different user. if i don't 
> >> everything works fine:
> >>
> >> root@rway-imap-vm:~# sieveshell -a t...@virtualcrap.com -u 
> >> t...@virtualcrap.com localhost
> >> connecting to localhost
> >> Please enter your password:
> >>>
> >>
> >> log:
> >> Nov 17 18:24:11 rway-imap-vm sieve[2247]: TLS is available.
> >> Nov 17 18:24:15 rway-imap-vm saslauthd[1167]: pam_userdb(sieve:auth): user 
> >> 't...@virtualcrap.com' granted access
> >> Nov 17 18:24:15 rway-imap-vm sieve[2247]: login: localhost [127.0.0.1] 
> >> t...@virtualcrap.com PLAIN User logged in
> >>
> >> the same happends to cyradm:
> >> root@rway-imap-vm:~# cyradm --user=proxyadmin --authz=t...@virtualcrap.com 
> >> --auth=plain localhost
> >> Password:
> >> IMAP Password:
> >>
> >> log:
> >> Nov 17 18:26:27 rway-imap-vm saslauthd[1166]: pam_userdb(imap:auth): user 
> >> 'proxyadmin' granted access
> >> Nov 17 18:26:27 rway-imap-vm imap[2277]: badlogin: localhost [127.0.0.1] 
> >> PLAIN [SASL(-4): no mechanism available: Unable to find a callback: 32773]
> >>
> >> but ok without trying to authorize as different user:
> >> root@rway-imap-vm:~# cyradm --user=t...@virtualcrap.com --auth=plain 
> >> localhost
> >> Password:
> >> localhost>
> >> Nov 17 18:27:31 rway-imap-vm saslauthd[1167]: pam_userdb(imap:auth): user 
> >> 't...@virtualcrap.com' granted access
> >> Nov 17 18:27:31 rway-imap-vm imap[2276]: login: localhost [127.0.0.1] 
> >> t...@virtualcrap.com PLAIN User logged in 
> >> SESSIONID=
> >>
> >> Can somebody tell me what I am doing wrong?
> >> Thanks a lot,
> >>
> >> Michael
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Can't authorize as different user in cyradm and sieveshell

[Andrew Morgan via Info-cyrus]

This works for me under v2.4.18.  I'm able to run sieveshell against a 
frontend or backend authenticating as a cyrus "admins" user or a 
"proxyservers" user (on the backend).


Against a frontend:

# sieveshell -u morgan -a cyrus imap.onid.oregonstate.edu
connecting to imap.onid.oregonstate.edu
Please enter your password:

list

onid-web
real  <- active script

quit



Against a backend:

# sieveshell -u morgan -a cyr_proxy cyrus-be1.onid.oregonstate.edu
connecting to cyrus-be1.onid.oregonstate.edu
Please enter your password:

list

onid-web
real  <- active script

quit



My imapd.conf settings:

admins: cyrus
allowplaintext: 0
sasl_mech_list: PLAIN
sasl_minimum_layer: 0
sasl_pwcheck_method: saslauthd
sieve_allowreferrals: 0
sieve_allowplaintext: 1


Have you tried using the "sivtest" program?  It will show you the protocol 
handshakes, which might help.  Here is an example for me:


# sivtest -u morgan -a cyrus localhost
S: "IMPLEMENTATION" "Cyrus timsieved (Murder) v2.4.18"
S: "SASL" "PLAIN"
S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags 
notify envelope body relational regex subaddress copy"

S: "STARTTLS"
S: "UNAUTHENTICATE"
S: OK
Please enter your password:
C: AUTHENTICATE "PLAIN" {28+}

S: OK
Authenticated.
Security strength factor: 0
C: LOGOUT
OK "Logout Complete"
Connection closed.


Andy

On Sun, 20 Nov 2016, Michael Ulitskiy via Info-cyrus wrote:


Since nobody answered, I guess, nobody has any idea.
I wonder if anybody uses this feature and it works for you?
I mean I'd like to know if that's just me and something is wrong with my setup 
or may be that feature isn't functional at all?
Thanks in advance,

Michael

On Thursday, November 17, 2016 06:30:18 PM Michael Ulitskiy via Info-cyrus 
wrote:

Hello,

I'm playing with cyrus-imap 2.5.10 and cyrus-sasl 2.1.26.
i'm trying to use sieveshell to setup users sieve scripts, but since
i don't know users passwords i want to use a special user for authentication
and authorize as the target user.
Here's what I have.

imapd.conf:
admins: mailadmin
proxyservers: proxyadmin
sasl_pwcheck_method: saslauthd
#sasl_pwcheck_method: alwaystrue
sasl_mech_list: PLAIN
allowplaintext: yes

here's what i do:

root@rway-imap-vm:~# sieveshell -a proxyadmin -u t...@virtualcrap.com localhost
connecting to localhost
Please enter your password:
unable to connect to server at /usr/bin/sieveshell line 191,  line 1.

here's the log:
Nov 17 18:24:44 rway-imap-vm sieve[2256]: TLS is available.
Nov 17 18:24:46 rway-imap-vm saslauthd[1169]: pam_userdb(sieve:auth): user 
'proxyadmin' granted access
Nov 17 18:24:46 rway-imap-vm sieve[2256]: badlogin: localhost [127.0.0.1] PLAIN 
no mechanism available
Nov 17 18:24:46 rway-imap-vm sieve[2256]: Lost connection to client -- exiting

as you can see user proxyadmin authenticated successfully, but then something 
(authorization?) went wrong
and it says "PLAIN no mechanism available".
this only happens if i try to authorize as different user. if i don't 
everything works fine:

root@rway-imap-vm:~# sieveshell -a t...@virtualcrap.com -u t...@virtualcrap.com 
localhost
connecting to localhost
Please enter your password:




log:
Nov 17 18:24:11 rway-imap-vm sieve[2247]: TLS is available.
Nov 17 18:24:15 rway-imap-vm saslauthd[1167]: pam_userdb(sieve:auth): user 
't...@virtualcrap.com' granted access
Nov 17 18:24:15 rway-imap-vm sieve[2247]: login: localhost [127.0.0.1] 
t...@virtualcrap.com PLAIN User logged in

the same happends to cyradm:
root@rway-imap-vm:~# cyradm --user=proxyadmin --authz=t...@virtualcrap.com 
--auth=plain localhost
Password:
IMAP Password:

log:
Nov 17 18:26:27 rway-imap-vm saslauthd[1166]: pam_userdb(imap:auth): user 
'proxyadmin' granted access
Nov 17 18:26:27 rway-imap-vm imap[2277]: badlogin: localhost [127.0.0.1] PLAIN 
[SASL(-4): no mechanism available: Unable to find a callback: 32773]

but ok without trying to authorize as different user:
root@rway-imap-vm:~# cyradm --user=t...@virtualcrap.com --auth=plain localhost
Password:
localhost>
Nov 17 18:27:31 rway-imap-vm saslauthd[1167]: pam_userdb(imap:auth): user 
't...@virtualcrap.com' granted access
Nov 17 18:27:31 rway-imap-vm imap[2276]: login: localhost [127.0.0.1] 
t...@virtualcrap.com PLAIN User logged in 
SESSIONID=

Can somebody tell me what I am doing wrong?
Thanks a lot,

Michael


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Can't authorize as different user in cyradm and sieveshell

[Michael Ulitskiy via Info-cyrus]

Since nobody answered, I guess, nobody has any idea.
I wonder if anybody uses this feature and it works for you?
I mean I'd like to know if that's just me and something is wrong with my setup 
or may be that feature isn't functional at all?
Thanks in advance,

Michael

On Thursday, November 17, 2016 06:30:18 PM Michael Ulitskiy via Info-cyrus 
wrote:
> Hello,
> 
> I'm playing with cyrus-imap 2.5.10 and cyrus-sasl 2.1.26.
> i'm trying to use sieveshell to setup users sieve scripts, but since 
> i don't know users passwords i want to use a special user for authentication
> and authorize as the target user.
> Here's what I have.
> 
> imapd.conf:
> admins: mailadmin
> proxyservers: proxyadmin
> sasl_pwcheck_method: saslauthd
> #sasl_pwcheck_method: alwaystrue
> sasl_mech_list: PLAIN
> allowplaintext: yes
> 
> here's what i do:
> 
> root@rway-imap-vm:~# sieveshell -a proxyadmin -u t...@virtualcrap.com 
> localhost
> connecting to localhost
> Please enter your password: 
> unable to connect to server at /usr/bin/sieveshell line 191,  line 1.
> 
> here's the log:
> Nov 17 18:24:44 rway-imap-vm sieve[2256]: TLS is available.
> Nov 17 18:24:46 rway-imap-vm saslauthd[1169]: pam_userdb(sieve:auth): user 
> 'proxyadmin' granted access
> Nov 17 18:24:46 rway-imap-vm sieve[2256]: badlogin: localhost [127.0.0.1] 
> PLAIN no mechanism available
> Nov 17 18:24:46 rway-imap-vm sieve[2256]: Lost connection to client -- exiting
> 
> as you can see user proxyadmin authenticated successfully, but then something 
> (authorization?) went wrong 
> and it says "PLAIN no mechanism available". 
> this only happens if i try to authorize as different user. if i don't 
> everything works fine:
> 
> root@rway-imap-vm:~# sieveshell -a t...@virtualcrap.com -u 
> t...@virtualcrap.com localhost
> connecting to localhost
> Please enter your password: 
> > 
> 
> log:
> Nov 17 18:24:11 rway-imap-vm sieve[2247]: TLS is available.
> Nov 17 18:24:15 rway-imap-vm saslauthd[1167]: pam_userdb(sieve:auth): user 
> 't...@virtualcrap.com' granted access
> Nov 17 18:24:15 rway-imap-vm sieve[2247]: login: localhost [127.0.0.1] 
> t...@virtualcrap.com PLAIN User logged in
> 
> the same happends to cyradm:
> root@rway-imap-vm:~# cyradm --user=proxyadmin --authz=t...@virtualcrap.com 
> --auth=plain localhost
> Password: 
> IMAP Password: 
> 
> log:
> Nov 17 18:26:27 rway-imap-vm saslauthd[1166]: pam_userdb(imap:auth): user 
> 'proxyadmin' granted access
> Nov 17 18:26:27 rway-imap-vm imap[2277]: badlogin: localhost [127.0.0.1] 
> PLAIN [SASL(-4): no mechanism available: Unable to find a callback: 32773]
> 
> but ok without trying to authorize as different user:
> root@rway-imap-vm:~# cyradm --user=t...@virtualcrap.com --auth=plain localhost
> Password: 
> localhost> 
> Nov 17 18:27:31 rway-imap-vm saslauthd[1167]: pam_userdb(imap:auth): user 
> 't...@virtualcrap.com' granted access
> Nov 17 18:27:31 rway-imap-vm imap[2276]: login: localhost [127.0.0.1] 
> t...@virtualcrap.com PLAIN User logged in 
> SESSIONID=
> 
> Can somebody tell me what I am doing wrong?
> Thanks a lot,
> 
> Michael
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Can't authorize as different user in cyradm and sieveshell

[Michael Ulitskiy via Info-cyrus]

Hello,

I'm playing with cyrus-imap 2.5.10 and cyrus-sasl 2.1.26.
i'm trying to use sieveshell to setup users sieve scripts, but since 
i don't know users passwords i want to use a special user for authentication
and authorize as the target user.
Here's what I have.

imapd.conf:
admins: mailadmin
proxyservers: proxyadmin
sasl_pwcheck_method: saslauthd
#sasl_pwcheck_method: alwaystrue
sasl_mech_list: PLAIN
allowplaintext: yes

here's what i do:

root@rway-imap-vm:~# sieveshell -a proxyadmin -u t...@virtualcrap.com localhost
connecting to localhost
Please enter your password: 
unable to connect to server at /usr/bin/sieveshell line 191,  line 1.

here's the log:
Nov 17 18:24:44 rway-imap-vm sieve[2256]: TLS is available.
Nov 17 18:24:46 rway-imap-vm saslauthd[1169]: pam_userdb(sieve:auth): user 
'proxyadmin' granted access
Nov 17 18:24:46 rway-imap-vm sieve[2256]: badlogin: localhost [127.0.0.1] PLAIN 
no mechanism available
Nov 17 18:24:46 rway-imap-vm sieve[2256]: Lost connection to client -- exiting

as you can see user proxyadmin authenticated successfully, but then something 
(authorization?) went wrong 
and it says "PLAIN no mechanism available". 
this only happens if i try to authorize as different user. if i don't 
everything works fine:

root@rway-imap-vm:~# sieveshell -a t...@virtualcrap.com -u t...@virtualcrap.com 
localhost
connecting to localhost
Please enter your password: 
> 

log:
Nov 17 18:24:11 rway-imap-vm sieve[2247]: TLS is available.
Nov 17 18:24:15 rway-imap-vm saslauthd[1167]: pam_userdb(sieve:auth): user 
't...@virtualcrap.com' granted access
Nov 17 18:24:15 rway-imap-vm sieve[2247]: login: localhost [127.0.0.1] 
t...@virtualcrap.com PLAIN User logged in

the same happends to cyradm:
root@rway-imap-vm:~# cyradm --user=proxyadmin --authz=t...@virtualcrap.com 
--auth=plain localhost
Password: 
IMAP Password: 

log:
Nov 17 18:26:27 rway-imap-vm saslauthd[1166]: pam_userdb(imap:auth): user 
'proxyadmin' granted access
Nov 17 18:26:27 rway-imap-vm imap[2277]: badlogin: localhost [127.0.0.1] PLAIN 
[SASL(-4): no mechanism available: Unable to find a callback: 32773]

but ok without trying to authorize as different user:
root@rway-imap-vm:~# cyradm --user=t...@virtualcrap.com --auth=plain localhost
Password: 
localhost> 
Nov 17 18:27:31 rway-imap-vm saslauthd[1167]: pam_userdb(imap:auth): user 
't...@virtualcrap.com' granted access
Nov 17 18:27:31 rway-imap-vm imap[2276]: login: localhost [127.0.0.1] 
t...@virtualcrap.com PLAIN User logged in 
SESSIONID=

Can somebody tell me what I am doing wrong?
Thanks a lot,

Michael
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyradm "info" behavior after cyrus-imapd-2.3.16 -> 2.5.9 upgrade

[Andy Dorman via Info-cyrus]

On 08/26/2016 09:47 AM, Tod A. Sandman via Info-cyrus wrote:

I noticed after upgrading from cyrus-imapd-2.3.16 to cyrus-imapd-2.5.9 that the 
"info" cyradm command no longer works: it prints out nothing.  Furhermore, 
after issuing the info command, no other commands print anything either.  For instance:

  cyrus@cyrus2a:/var/imap/sync> cyradm --user mailadmin `hostname`
  cyrus2a.mail.rice.edu> lm user/lamemm7
  user/lamemm7 (\HasChildren)
  cyrus2a.mail.rice.edu> lam user/lamemm7
  mailadmin lrswipkxtecda
  lamemm7 lrswipkxtecda
  cyrus2a.mail.rice.edu> info user/lamemm7
  cyrus2a.mail.rice.edu> lam user/lamemm7
  cyrus2a.mail.rice.edu> lm user/lamemm7

Anyone else experiencing this?


Tod Sandman

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



Tod, we just finished upgrading several debian servers from 2.4.18 to 
2.5.9 and do not see the behavior you are describing.


I will note that debian dependencies did not seem to catch that we 
needed to upgrade cyrus-admin at the same time as cyrus-imap, so maybe 
you are still using cyrus-admin 2.3.x?


Regards,

--
Andy Dorman
Ironic Design, Inc.
AnteSpam.com


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyradm "info" behavior after cyrus-imapd-2.3.16 -> 2.5.9 upgrade

[Ken Murchison via Info-cyrus]

Are you sure that you are using the cyradm from 2.5.9?  IIRC, older 
cyradm doesn't like the responses sent by 2.5.x servers.



On 08/26/2016 10:47 AM, Tod A. Sandman via Info-cyrus wrote:

I noticed after upgrading from cyrus-imapd-2.3.16 to cyrus-imapd-2.5.9 that the 
"info" cyradm command no longer works: it prints out nothing.  Furhermore, 
after issuing the info command, no other commands print anything either.  For instance:

   cyrus@cyrus2a:/var/imap/sync> cyradm --user mailadmin `hostname`
   cyrus2a.mail.rice.edu> lm user/lamemm7
   user/lamemm7 (\HasChildren)
   cyrus2a.mail.rice.edu> lam user/lamemm7
   mailadmin lrswipkxtecda
   lamemm7 lrswipkxtecda
   cyrus2a.mail.rice.edu> info user/lamemm7
   cyrus2a.mail.rice.edu> lam user/lamemm7
   cyrus2a.mail.rice.edu> lm user/lamemm7

Anyone else experiencing this?


Tod Sandman

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


--
Kenneth Murchison
Principal Systems Software Engineer
Carnegie Mellon University


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

cyradm "info" behavior after cyrus-imapd-2.3.16 -> 2.5.9 upgrade

[Tod A. Sandman via Info-cyrus]

I noticed after upgrading from cyrus-imapd-2.3.16 to cyrus-imapd-2.5.9 that the 
"info" cyradm command no longer works: it prints out nothing.  Furhermore, 
after issuing the info command, no other commands print anything either.  For 
instance:

  cyrus@cyrus2a:/var/imap/sync> cyradm --user mailadmin `hostname`
  cyrus2a.mail.rice.edu> lm user/lamemm7
  user/lamemm7 (\HasChildren)  
  cyrus2a.mail.rice.edu> lam user/lamemm7
  mailadmin lrswipkxtecda
  lamemm7 lrswipkxtecda
  cyrus2a.mail.rice.edu> info user/lamemm7
  cyrus2a.mail.rice.edu> lam user/lamemm7
  cyrus2a.mail.rice.edu> lm user/lamemm7

Anyone else experiencing this?


Tod Sandman

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Cannot connect with cyradm

[Wolfgang Breyha via Info-cyrus]

On 06/05/16 04:24, Stuart Castergine via Info-cyrus wrote:
> C: A01 AUTHENTICATE PLAIN Y3lydXMAY3lydXMAaGVsbC1oYXRoLW5vLWZ1cnk=

I recommend changing the password from the "fury" thingy to something else.
Maybe you want to strip base64 encoded credentials in the future.

Greetings, Wolfgang
-- 
Wolfgang Breyha  | http://www.blafasel.at/
Vienna University Computer Center | Austria

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Cannot connect with cyradm

[Simon Matter via Info-cyrus]

> That did it, but why did I have to specify PLAIN? None of the docs mention
> having to do that with a default install.

I don't know, but you don't have a default install but a configuration
tailored by fedora.

Simon

>
>
> On Fri, May 6, 2016 at 2:16 AM, Simon Matter <simon.mat...@invoca.ch>
> wrote:
>
>> > I am trying to set up a basic system with cyrus-imap and postfix on
>> amazon
>> > linux
>> >
>> > I can connect using imtest, but cannot connect with cyradm:
>> >
>> > Additionally, when I connect via a client with a user I know has mail,
>> > it's
>> > saying that no INBOX exists. Postfix's mail spool is /var/spool/mail,
>> but
>> > I
>> > don't see anywhere to verify that imapd or lmtpd is looking there.
>> >
>> > Sorry if these are dumb questions. I'm completely new to cyrus-imap
>> and
>> > the
>> > documentation at cyrusimap.org is extremely sketchy.
>> >
>> > Any advice appreciated.
>> >
>> > $ more /etc/imapd.conf
>> > configdirectory: /var/lib/imap
>> > partition-default: /var/spool/imap
>> > admins: cyrus
>> > sievedir: /var/lib/imap/sieve
>> > sendmail: /usr/sbin/sendmail
>> > hashimapspool: true
>> > sasl_pwcheck_method: saslauthd
>> > sasl_mech_list: PLAIN LOGIN
>> > tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
>> > tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
>> > tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
>> >
>> > $ grep MECH /etc/init.d/saslauthd
>> > MECH=pam
>> >
>> > $ imtest -t "" -u cyrus -a cyrus localhost
>> > S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS LOGINDISABLED
>> > COMPRESS=DEFLATE] ip-172-31-1-214 Cyrus IMAP
>> > v2.3.16-Fedora-RPM-2.3.16-6.9.amzn1 server ready
>> > C: S01 STARTTLS
>> > S: S01 OK Begin TLS negotiation now
>> > verify error:num=18:self signed certificate
>> > TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA
>> (256/256
>> > bits)
>> > C: C01 CAPABILITY
>> > S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN AUTH=LOGIN
>> SASL-IR
>> > COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE
>> UIDPLUS
>> > NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ
>> > THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE
>> CONDSTORE
>> > SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH
>> > S: C01 OK Completed
>> > Please enter your password:
>> > C: A01 AUTHENTICATE PLAIN Y3lydXMAY3lydXMAaGVsbC1oYXRoLW5vLWZ1cnk=
>> > S: A01 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED
>> > COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE
>> UIDPLUS
>> > NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ
>> > THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE
>> CONDSTORE
>> > SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH] Success (tls
>> > protection)
>> > Authenticated.
>> > Security strength factor: 256
>> > . LIST "" "*"
>> > . OK Completed (0.000 secs 1 calls)
>> > . LOGOUT
>> > * BYE LOGOUT received
>> > . OK Completed
>> > Connection closed.
>> >
>> > $ cyradm --user cyrus --authz cyrus localhost
>> > Login disabled.
>> > cyradm: cannot authenticate to server with  as cyrus
>> > $ cyradm --user cyrus --authz cyrus --auth pam localhost
>> > verify error:num=18:self signed certificate
>> > cyradm: cannot authenticate to server with pam as cyrus
>> > $ cyradm --user cyrus --authz cyrus --auth shadow localhost
>> > verify error:num=18:self signed certificate
>> > cyradm: cannot authenticate to server with shadow as cyrus
>>
>> What does it do if you run with "--auch PLAIN" instead?
>>
>> Regards,
>> Simon
>>
>>
>



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Cannot connect with cyradm

[Stuart Castergine via Info-cyrus]

That did it, but why did I have to specify PLAIN? None of the docs mention
having to do that with a default install.


On Fri, May 6, 2016 at 2:16 AM, Simon Matter <simon.mat...@invoca.ch> wrote:

> > I am trying to set up a basic system with cyrus-imap and postfix on
> amazon
> > linux
> >
> > I can connect using imtest, but cannot connect with cyradm:
> >
> > Additionally, when I connect via a client with a user I know has mail,
> > it's
> > saying that no INBOX exists. Postfix's mail spool is /var/spool/mail, but
> > I
> > don't see anywhere to verify that imapd or lmtpd is looking there.
> >
> > Sorry if these are dumb questions. I'm completely new to cyrus-imap and
> > the
> > documentation at cyrusimap.org is extremely sketchy.
> >
> > Any advice appreciated.
> >
> > $ more /etc/imapd.conf
> > configdirectory: /var/lib/imap
> > partition-default: /var/spool/imap
> > admins: cyrus
> > sievedir: /var/lib/imap/sieve
> > sendmail: /usr/sbin/sendmail
> > hashimapspool: true
> > sasl_pwcheck_method: saslauthd
> > sasl_mech_list: PLAIN LOGIN
> > tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
> > tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
> > tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
> >
> > $ grep MECH /etc/init.d/saslauthd
> > MECH=pam
> >
> > $ imtest -t "" -u cyrus -a cyrus localhost
> > S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS LOGINDISABLED
> > COMPRESS=DEFLATE] ip-172-31-1-214 Cyrus IMAP
> > v2.3.16-Fedora-RPM-2.3.16-6.9.amzn1 server ready
> > C: S01 STARTTLS
> > S: S01 OK Begin TLS negotiation now
> > verify error:num=18:self signed certificate
> > TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256
> > bits)
> > C: C01 CAPABILITY
> > S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN AUTH=LOGIN SASL-IR
> > COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE
> UIDPLUS
> > NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ
> > THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE
> > SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH
> > S: C01 OK Completed
> > Please enter your password:
> > C: A01 AUTHENTICATE PLAIN Y3lydXMAY3lydXMAaGVsbC1oYXRoLW5vLWZ1cnk=
> > S: A01 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED
> > COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE
> UIDPLUS
> > NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ
> > THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE
> > SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH] Success (tls
> > protection)
> > Authenticated.
> > Security strength factor: 256
> > . LIST "" "*"
> > . OK Completed (0.000 secs 1 calls)
> > . LOGOUT
> > * BYE LOGOUT received
> > . OK Completed
> > Connection closed.
> >
> > $ cyradm --user cyrus --authz cyrus localhost
> > Login disabled.
> > cyradm: cannot authenticate to server with  as cyrus
> > $ cyradm --user cyrus --authz cyrus --auth pam localhost
> > verify error:num=18:self signed certificate
> > cyradm: cannot authenticate to server with pam as cyrus
> > $ cyradm --user cyrus --authz cyrus --auth shadow localhost
> > verify error:num=18:self signed certificate
> > cyradm: cannot authenticate to server with shadow as cyrus
>
> What does it do if you run with "--auch PLAIN" instead?
>
> Regards,
> Simon
>
>

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Cannot connect with cyradm

[Simon Matter via Info-cyrus]

> I am trying to set up a basic system with cyrus-imap and postfix on amazon
> linux
>
> I can connect using imtest, but cannot connect with cyradm:
>
> Additionally, when I connect via a client with a user I know has mail,
> it's
> saying that no INBOX exists. Postfix's mail spool is /var/spool/mail, but
> I
> don't see anywhere to verify that imapd or lmtpd is looking there.
>
> Sorry if these are dumb questions. I'm completely new to cyrus-imap and
> the
> documentation at cyrusimap.org is extremely sketchy.
>
> Any advice appreciated.
>
> $ more /etc/imapd.conf
> configdirectory: /var/lib/imap
> partition-default: /var/spool/imap
> admins: cyrus
> sievedir: /var/lib/imap/sieve
> sendmail: /usr/sbin/sendmail
> hashimapspool: true
> sasl_pwcheck_method: saslauthd
> sasl_mech_list: PLAIN LOGIN
> tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
> tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
> tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
>
> $ grep MECH /etc/init.d/saslauthd
> MECH=pam
>
> $ imtest -t "" -u cyrus -a cyrus localhost
> S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS LOGINDISABLED
> COMPRESS=DEFLATE] ip-172-31-1-214 Cyrus IMAP
> v2.3.16-Fedora-RPM-2.3.16-6.9.amzn1 server ready
> C: S01 STARTTLS
> S: S01 OK Begin TLS negotiation now
> verify error:num=18:self signed certificate
> TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256
> bits)
> C: C01 CAPABILITY
> S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN AUTH=LOGIN SASL-IR
> COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS
> NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ
> THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE
> SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH
> S: C01 OK Completed
> Please enter your password:
> C: A01 AUTHENTICATE PLAIN Y3lydXMAY3lydXMAaGVsbC1oYXRoLW5vLWZ1cnk=
> S: A01 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED
> COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS
> NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ
> THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE
> SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH] Success (tls
> protection)
> Authenticated.
> Security strength factor: 256
> . LIST "" "*"
> . OK Completed (0.000 secs 1 calls)
> . LOGOUT
> * BYE LOGOUT received
> . OK Completed
> Connection closed.
>
> $ cyradm --user cyrus --authz cyrus localhost
> Login disabled.
> cyradm: cannot authenticate to server with  as cyrus
> $ cyradm --user cyrus --authz cyrus --auth pam localhost
> verify error:num=18:self signed certificate
> cyradm: cannot authenticate to server with pam as cyrus
> $ cyradm --user cyrus --authz cyrus --auth shadow localhost
> verify error:num=18:self signed certificate
> cyradm: cannot authenticate to server with shadow as cyrus

What does it do if you run with "--auch PLAIN" instead?

Regards,
Simon


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Cannot connect with cyradm

[Stuart Castergine via Info-cyrus]

I am trying to set up a basic system with cyrus-imap and postfix on amazon
linux

I can connect using imtest, but cannot connect with cyradm:

Additionally, when I connect via a client with a user I know has mail, it's
saying that no INBOX exists. Postfix's mail spool is /var/spool/mail, but I
don't see anywhere to verify that imapd or lmtpd is looking there.

Sorry if these are dumb questions. I'm completely new to cyrus-imap and the
documentation at cyrusimap.org is extremely sketchy.

Any advice appreciated.

$ more /etc/imapd.conf
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN LOGIN
tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt

$ grep MECH /etc/init.d/saslauthd
MECH=pam

$ imtest -t "" -u cyrus -a cyrus localhost
S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS LOGINDISABLED
COMPRESS=DEFLATE] ip-172-31-1-214 Cyrus IMAP
v2.3.16-Fedora-RPM-2.3.16-6.9.amzn1 server ready
C: S01 STARTTLS
S: S01 OK Begin TLS negotiation now
verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256
bits)
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN AUTH=LOGIN SASL-IR
COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS
NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ
THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE
SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH
S: C01 OK Completed
Please enter your password:
C: A01 AUTHENTICATE PLAIN Y3lydXMAY3lydXMAaGVsbC1oYXRoLW5vLWZ1cnk=
S: A01 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED
COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS
NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ
THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE
SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH] Success (tls
protection)
Authenticated.
Security strength factor: 256
. LIST "" "*"
. OK Completed (0.000 secs 1 calls)
. LOGOUT
* BYE LOGOUT received
. OK Completed
Connection closed.

$ cyradm --user cyrus --authz cyrus localhost
Login disabled.
cyradm: cannot authenticate to server with  as cyrus
$ cyradm --user cyrus --authz cyrus --auth pam localhost
verify error:num=18:self signed certificate
cyradm: cannot authenticate to server with pam as cyrus
$ cyradm --user cyrus --authz cyrus --auth shadow localhost
verify error:num=18:self signed certificate
cyradm: cannot authenticate to server with shadow as cyrus

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyradm: perl: symbol lookup error?

[Patrick Goetz]

Just a quick note:  IMAP::Admin appears to be broken, at the moment, and 
can't be compiled.  The Debian people submitted a patch 3 months ago 
with no activity, indicating that the Perl module is semi-abandoned.

On 9/17/2015 3:03 PM, Patrick Boutilier wrote:
> On 09/17/2015 04:07 PM, Patrick Goetz wrote:
>> Thanks.  I'm just now getting around to looking at this script.  This
>> creates a mailbox, but don't you also need to set access privileges for
>> the user associated with this mailbox?
>
> Only if you are going to change the default rights. User will have
> access by default.
>
>
>
>
>
>>
>>
>>
>> On 09/16/2015 12:00 PM, Patrick Boutilier wrote:
>>>
>>> We use this simple perl script to add users. Fill in appropriate
>>> username and password.
>>>
>>>
>>>
>>>
>>>
>>> #!/usr/bin/perl -w
>>> #
>>> use File::Basename;
>>> use IMAP::Admin;
>>>
>>> if ( 0 == scalar( @ARGV ) ) {
>>> die( "\n  Usuage: $0 userid\n");
>>> }
>>>
>>>
>>> $mailbox = "user.$ARGV[0]";
>>> $username = "";
>>> $password = "";
>>>
>>> # Set this to the hostname of your IMAP server
>>> $IMAPSERVER = "localhost";
>>> #
>>>
>>> # Main Code
>>> #
>>> # Login to IMAP server
>>> $imap = IMAP::Admin->new('Server' => $IMAPSERVER,
>>>'Login' => $username,
>>>'Password' => $password,) || die "no go $!
>>> !";
>>>
>>> print "Login: " . $imap->error . "\n";
>>>
>>> # Add user
>>> $add = $imap->create("$mailbox");
>>>
>>> if ($add != 0) {
>>>   print "Error: " . $imap->error . "\n";
>>> }
>>> else {
>>>   print "$ARGV[0] added.\n";
>>> }
>>>
>>>
>>> # Close connection
>>> $imap->close;
>>> exit;
>>>
>>>
>>> 
>>> Cyrus Home Page: http://www.cyrusimap.org/
>>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>>> To Unsubscribe:
>>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>>>
>> 
>> Cyrus Home Page: http://www.cyrusimap.org/
>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>> To Unsubscribe:
>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>>
>
>
>
> 
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyradm: perl: symbol lookup error?

[Patrick Goetz]

Thanks.  I'm just now getting around to looking at this script.  This 
creates a mailbox, but don't you also need to set access privileges for 
the user associated with this mailbox?



On 09/16/2015 12:00 PM, Patrick Boutilier wrote:
>
> We use this simple perl script to add users. Fill in appropriate
> username and password.
>
>
>
>
>
> #!/usr/bin/perl -w
> #
> use File::Basename;
> use IMAP::Admin;
>
> if ( 0 == scalar( @ARGV ) ) {
>die( "\n  Usuage: $0 userid\n");
> }
>
>
> $mailbox = "user.$ARGV[0]";
> $username = "";
> $password = "";
>
> # Set this to the hostname of your IMAP server
> $IMAPSERVER = "localhost";
> #
>
> # Main Code
> #
> # Login to IMAP server
> $imap = IMAP::Admin->new('Server' => $IMAPSERVER,
>   'Login' => $username,
>   'Password' => $password,) || die "no go $! !";
>
> print "Login: " . $imap->error . "\n";
>
> # Add user
> $add = $imap->create("$mailbox");
>
> if ($add != 0) {
>  print "Error: " . $imap->error . "\n";
> }
> else {
>  print "$ARGV[0] added.\n";
> }
>
>
> # Close connection
> $imap->close;
> exit;
>
>
> 
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyradm: perl: symbol lookup error?

[Patrick Boutilier]

On 09/17/2015 04:07 PM, Patrick Goetz wrote:

Thanks.  I'm just now getting around to looking at this script.  This
creates a mailbox, but don't you also need to set access privileges for
the user associated with this mailbox?


Only if you are going to change the default rights. User will have 
access by default.










On 09/16/2015 12:00 PM, Patrick Boutilier wrote:


We use this simple perl script to add users. Fill in appropriate
username and password.





#!/usr/bin/perl -w
#
use File::Basename;
use IMAP::Admin;

if ( 0 == scalar( @ARGV ) ) {
die( "\n  Usuage: $0 userid\n");
}


$mailbox = "user.$ARGV[0]";
$username = "";
$password = "";

# Set this to the hostname of your IMAP server
$IMAPSERVER = "localhost";
#

# Main Code
#
# Login to IMAP server
$imap = IMAP::Admin->new('Server' => $IMAPSERVER,
   'Login' => $username,
   'Password' => $password,) || die "no go $! !";

print "Login: " . $imap->error . "\n";

# Add user
$add = $imap->create("$mailbox");

if ($add != 0) {
  print "Error: " . $imap->error . "\n";
}
else {
  print "$ARGV[0] added.\n";
}


# Close connection
$imap->close;
exit;



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyradm: perl: symbol lookup error?

[Patrick Goetz]

Interesting.  When I use cyradm to set up a new account, I always 
execute 2 commands:

   cyradm --user administrator localhost

   localhost> cm user/daffyduck
   localhost> sam user/daffyduck daffyduck write

Does this mean that the second command has been superfluous all along 
and that these are the permissions that are created by default anyway?

I.e. it would be sufficient to just do this?

   localhost> cm user/daffyduck


On 09/17/2015 03:03 PM, Patrick Boutilier wrote:
> On 09/17/2015 04:07 PM, Patrick Goetz wrote:
>> Thanks.  I'm just now getting around to looking at this script.  This
>> creates a mailbox, but don't you also need to set access privileges for
>> the user associated with this mailbox?
>
> Only if you are going to change the default rights. User will have
> access by default.
>
>
>
>
>
>>
>>
>>
>> On 09/16/2015 12:00 PM, Patrick Boutilier wrote:
>>>
>>> We use this simple perl script to add users. Fill in appropriate
>>> username and password.
>>>
>>>
>>>
>>>
>>>
>>> #!/usr/bin/perl -w
>>> #
>>> use File::Basename;
>>> use IMAP::Admin;
>>>
>>> if ( 0 == scalar( @ARGV ) ) {
>>> die( "\n  Usuage: $0 userid\n");
>>> }
>>>
>>>
>>> $mailbox = "user.$ARGV[0]";
>>> $username = "";
>>> $password = "";
>>>
>>> # Set this to the hostname of your IMAP server
>>> $IMAPSERVER = "localhost";
>>> #
>>>
>>> # Main Code
>>> #
>>> # Login to IMAP server
>>> $imap = IMAP::Admin->new('Server' => $IMAPSERVER,
>>>'Login' => $username,
>>>'Password' => $password,) || die "no go $!
>>> !";
>>>
>>> print "Login: " . $imap->error . "\n";
>>>
>>> # Add user
>>> $add = $imap->create("$mailbox");
>>>
>>> if ($add != 0) {
>>>   print "Error: " . $imap->error . "\n";
>>> }
>>> else {
>>>   print "$ARGV[0] added.\n";
>>> }
>>>
>>>
>>> # Close connection
>>> $imap->close;
>>> exit;
>>>
>>>
>>> 
>>> Cyrus Home Page: http://www.cyrusimap.org/
>>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>>> To Unsubscribe:
>>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>>>
>> 
>> Cyrus Home Page: http://www.cyrusimap.org/
>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>> To Unsubscribe:
>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>>
>
>
>
> 
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyradm: perl: symbol lookup error?

[Mogens Melander]

That could be easily tested with "lam " COMMAND.

On 2015-09-18 03:40, Patrick Goetz wrote:
> Interesting.  When I use cyradm to set up a new account, I always
> execute 2 commands:
> 
>cyradm --user administrator localhost
> 
>localhost> cm user/daffyduck

  localhost> lam user/daffyduck

>localhost> sam user/daffyduck daffyduck write
> 
> Does this mean that the second command has been superfluous all along
> and that these are the permissions that are created by default anyway?
> 
> I.e. it would be sufficient to just do this?
> 
>localhost> cm user/daffyduck
> 
> 
> On 09/17/2015 03:03 PM, Patrick Boutilier wrote:
>> On 09/17/2015 04:07 PM, Patrick Goetz wrote:
>>> Thanks.  I'm just now getting around to looking at this script.  This
>>> creates a mailbox, but don't you also need to set access privileges 
>>> for
>>> the user associated with this mailbox?
>> 
>> Only if you are going to change the default rights. User will have
>> access by default.
>> 
>> 
>> 
>> 
>> 
>>> 
>>> 
>>> 
>>> On 09/16/2015 12:00 PM, Patrick Boutilier wrote:
>>>> 
>>>> We use this simple perl script to add users. Fill in appropriate
>>>> username and password.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> #!/usr/bin/perl -w
>>>> #
>>>> use File::Basename;
>>>> use IMAP::Admin;
>>>> 
>>>> if ( 0 == scalar( @ARGV ) ) {
>>>> die( "\n  Usuage: $0 userid\n");
>>>> }
>>>> 
>>>> 
>>>> $mailbox = "user.$ARGV[0]";
>>>> $username = "";
>>>> $password = "";
>>>> 
>>>> # Set this to the hostname of your IMAP server
>>>> $IMAPSERVER = "localhost";
>>>> #
>>>> 
>>>> # Main Code
>>>> #
>>>> # Login to IMAP server
>>>> $imap = IMAP::Admin->new('Server' => $IMAPSERVER,
>>>>'Login' => $username,
>>>>'Password' => $password,) || die "no go 
>>>> $!
>>>> !";
>>>> 
>>>> print "Login: " . $imap->error . "\n";
>>>> 
>>>> # Add user
>>>> $add = $imap->create("$mailbox");
>>>> 
>>>> if ($add != 0) {
>>>>   print "Error: " . $imap->error . "\n";
>>>> }
>>>> else {
>>>>   print "$ARGV[0] added.\n";
>>>> }
>>>> 
>>>> 
>>>> # Close connection
>>>> $imap->close;
>>>> exit;
>>>> 
>>>> 
>>>> 
>>>> Cyrus Home Page: http://www.cyrusimap.org/
>>>> List Archives/Info: 
>>>> http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>>>> To Unsubscribe:
>>>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>>>> 
>>> 
>>> Cyrus Home Page: http://www.cyrusimap.org/
>>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>>> To Unsubscribe:
>>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>>> 
>> 
>> 
>> 
>> 
>> Cyrus Home Page: http://www.cyrusimap.org/
>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>> To Unsubscribe:
>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>> 
> 
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

-- 
Mogens
+66 8701 33224


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyradm: perl: symbol lookup error?

[Miguel Mucio Santos Moreira]

Patrick,

About question 3, is possible to use a php script or even a python script to 
manage users.
Would be possible but I don't know if would be to you,install a new machine 
with a standard operational system just to manager these users.



-- 
Miguel Mucio Santos Moreira
 Analista - LPIC 1 Linux Professional Institute Certified
 GRE - Gerência de Redes
 (31)3339-1401
 PRODEMGE - Companhia de Tecnologia da Informação do Estado de Minas Gerais 

Aviso:
 Esta mensagem é destinada exclusivamente para a(s) pessoa(s) a quem é 
dirigida, podendo conter informação confidencial e legalmente protegida.
 Se você não for destinatário dela, desde já fica notificado de 
abster-se a divulgar, copiar, distribuir, examinar ou, de qualquer 
forma, utilizar a informação contida nesta mensagem, por ser ilegal. 
Caso você tenha recebido por engano, pedimos que responda essa mensagem 
informando o acontecido.



Em 16/09/2015 13:33:42, Patrick Goetz escreveu:
> So, I've been happily avoiding upgrading cyrus imap because everything 
has been working and I'm generally in the "if it ain't broke, don't fix 
it" category.

   Cyrus version: 2.4.17
   Perl version:  5.22.0


However, this morning I tried to create a new user using cyradm and got 
a perl error message:


pgoetz@www:~$ cyradm --user administrator localhost
perl: symbol lookup error: 
/usr/lib/perl5/site_perl/auto/Cyrus/IMAP/IMAP.so: undefined symbol: 
Perl_xs_apiversion_bootcheck


I'm running Arch linux, which aggressively updates software packages. 
Apparently some Perl upgrade broke cyradm?

3 questions:


1. Does this mean I need to bite the bullet and upgrade my cyrus installs?

2. Is upgrading to 2.5.6 painless?  Should I just wait for 3.0?

3. Is there a workaround for cyradm not working for adding users?  I've 
only ever used cyradm and have no idea how to add users otherwise.


Cyrus Home Page: > http://www.cyrusimap.org/> 
List Archives/Info: > http://lists.andrew.cmu.edu/pipermail/info-cyrus/> 
To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus> 




Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyradm: perl: symbol lookup error?

[Patrick Boutilier]

On 09/16/2015 01:33 PM, Patrick Goetz wrote:

So, I've been happily avoiding upgrading cyrus imap because everything
has been working and I'm generally in the "if it ain't broke, don't fix
it" category.

Cyrus version: 2.4.17
Perl version:  5.22.0


However, this morning I tried to create a new user using cyradm and got
a perl error message:


pgoetz@www:~$ cyradm --user administrator localhost
perl: symbol lookup error:
/usr/lib/perl5/site_perl/auto/Cyrus/IMAP/IMAP.so: undefined symbol:
Perl_xs_apiversion_bootcheck


I'm running Arch linux, which aggressively updates software packages.
Apparently some Perl upgrade broke cyradm?

3 questions:


1. Does this mean I need to bite the bullet and upgrade my cyrus installs?

2. Is upgrading to 2.5.6 painless?  Should I just wait for 3.0?

3. Is there a workaround for cyradm not working for adding users?  I've
only ever used cyradm and have no idea how to add users otherwise.


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus






We use this simple perl script to add users. Fill in appropriate 
username and password.






#!/usr/bin/perl -w
#
use File::Basename;
use IMAP::Admin;

if ( 0 == scalar( @ARGV ) ) {
  die( "\n  Usuage: $0 userid\n");
}


$mailbox = "user.$ARGV[0]";
$username = "";
$password = "";

# Set this to the hostname of your IMAP server
$IMAPSERVER = "localhost";
#

# Main Code
#
# Login to IMAP server
$imap = IMAP::Admin->new('Server' => $IMAPSERVER,
 'Login' => $username,
 'Password' => $password,) || die "no go $! !";

print "Login: " . $imap->error . "\n";

# Add user
$add = $imap->create("$mailbox");

if ($add != 0) {
print "Error: " . $imap->error . "\n";
}
else {
print "$ARGV[0] added.\n";
}


# Close connection
$imap->close;
exit;
<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

cyradm: perl: symbol lookup error?

[Patrick Goetz]

So, I've been happily avoiding upgrading cyrus imap because everything 
has been working and I'm generally in the "if it ain't broke, don't fix 
it" category.

   Cyrus version: 2.4.17
   Perl version:  5.22.0


However, this morning I tried to create a new user using cyradm and got 
a perl error message:


pgoetz@www:~$ cyradm --user administrator localhost
perl: symbol lookup error: 
/usr/lib/perl5/site_perl/auto/Cyrus/IMAP/IMAP.so: undefined symbol: 
Perl_xs_apiversion_bootcheck


I'm running Arch linux, which aggressively updates software packages. 
Apparently some Perl upgrade broke cyradm?

3 questions:


1. Does this mean I need to bite the bullet and upgrade my cyrus installs?

2. Is upgrading to 2.5.6 painless?  Should I just wait for 3.0?

3. Is there a workaround for cyradm not working for adding users?  I've 
only ever used cyradm and have no idea how to add users otherwise.


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyradm: perl: symbol lookup error?

[Robert Norris]

On Thu, 17 Sep 2015, at 02:33 AM, Patrick Goetz wrote:
> pgoetz@www:~$ cyradm --user administrator localhost perl: symbol
> lookup error: /usr/lib/perl5/site_perl/auto/Cyrus/IMAP/IMAP.so:
> undefined symbol: Perl_xs_apiversion_bootcheck
>
>
> I'm running Arch linux, which aggressively updates software packages.
> Apparently some Perl upgrade broke cyradm?

Perl modules aren't binary-compatible across major releases (the second
number, 22 in your case - Perl versioning is a little odd). If you
recompile Cyrus::IMAP against the new Perl it should all just come back
to life. I haven't done that in isolation before but perl/imap/README
looks correct from what I know of Cyrus and Perl. Give it a try.

Rob N.

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

GUI replacement for cyradm

[Andreas Pflug]

Using cyradm to add mailboxes and do some acl stuff isn't too convenient
if you're not doing it 50 times a day and you're a command line geek. So
I hacked up an IMAP plugin to the Admin4 framework as cyradm
replacement. It should work on any IMAP server, but has only been tested
on several cyrus imapd installations so far.

Currently, browsing/creating/renaming/deleting of mailboxes is
implemented, as well as setting comments and acls. Quota will be
displayed, setacl isn't implemented yet. Non-ASCII mailbox names are
supported as well, displaying their utf-decoded name.

check it here: https://admin4.org
Comments/contributions welcome!

Regards, Andreas

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: GUI replacement for cyradm

[Reinaldo Gil Lima de Carvalho]

2014-11-06 14:29 GMT-02:00 Andreas Pflug andr...@admin4.org:

 Using cyradm to add mailboxes and do some acl stuff isn't too convenient
 if you're not doing it 50 times a day and you're a command line geek. So
 I hacked up an IMAP plugin to the Admin4 framework as cyradm
 replacement. It should work on any IMAP server, but has only been tested
 on several cyrus imapd installations so far.

 Currently, browsing/creating/renaming/deleting of mailboxes is
 implemented, as well as setting comments and acls. Quota will be
 displayed, setacl isn't implemented yet. Non-ASCII mailbox names are
 supported as well, displaying their utf-decoded name.

 check it here: https://admin4.org
 Comments/contributions welcome!


See http://korreio.sf.net to get ideias


Reinaldo Gil Lima de Carvalho
http://dbsync.rtfd.org
http://korreio.sf.net


While not fully understand a software, don't try to adapt this software to
the way you work, but rather yourself to the way the software works
(myself)

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyradm cannot connect to cyrus imap server

[Willy Offermans]

Dear Cyrus Friends,

On Thu, Feb 20, 2014 at 04:12:29PM -0600, Scott Lambert wrote:
 On Thu, Feb 20, 2014 at 10:35:42AM +0100, Willy Offermans wrote:
  Dear Cyrus Friends,
 
  I need your help to solve the following:
 
  I'm setting up cyrus on my new FreeBSD 10.0 server. I have used the 
  following
  package: cyrus-imapd24-2.4.17_4
 
  If I test my setup with imtest, I get connection to the imap server.
 
  MyName@MyComputer:~$ imtest -m login -u username -a username -s localhost
 
  It works
 
  However, if I try to connect via cyradm, I cannot login.
 
  MyName@MyComputer:~$ cyradm --user username localhost
  Password:
  verify error:num=19:self signed certificate in certificate chain
  cyradm: cannot authenticate to server with  as username
 
 
 You specified your authentication mechanism to be login with imtest.
 
 You did not specify an authentication mechanism with cyradm.
 
 Perhaps it would work if you try :
 
 cyradm --auth login --user username localhost
 
 That is only a guess.
 
 -- 
 Scott LambertKC5MLE   Unix SysAdmin
 lamb...@lambertfam.org

Indeed, I needed to specify an authentication mechanism and then I could
use the command line interface of cyradm:

cyradm --user username --auth PLAIN localhost

If we are at this point anyway, I was wondering what I need to do to use
another authentication mechanism. Is this possible? And what do I need to
consider?

The IMAP server response with the following authentication mechanism:

AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM AUTH=PLAIN AUTH=LOGIN

If I login with SCRAM-SHA-1:

MyName@MyComputer:~$ cyradm --user username --auth SCRAM-SHA-1 localhost
Password: 
verify error:num=19:self signed certificate in certificate chain
cyradm: cannot authenticate to server with SCRAM-SHA-1 as username

In the logs:

Feb 21 09:48:36 MyComputer imap[17576]: badlogin: localhost [127.0.0.1] 
SCRAM-SHA-1 [SASL(-13): user not found: unable to canonify user and get 
auxprops]

I'm pretty sure that the user is registered in the ldap database. 


-- 
Met vriendelijke groeten,
With kind regards,
Mit freundlichen Gruessen,
De jrus wah,

Wiel

*
W.K. Offermans
Home:   +31 45 544 49 44
Mobile: +31 681 15 87 68
e-mail: wi...@offermans.rompen.nl

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyradm cannot connect to cyrus imap server

[Dan White]

On 02/21/14 10:50 +0100, Willy Offermans wrote:
Indeed, I needed to specify an authentication mechanism and then I could
use the command line interface of cyradm:

cyradm --user username --auth PLAIN localhost

If we are at this point anyway, I was wondering what I need to do to use
another authentication mechanism. Is this possible? And what do I need to
consider?

The IMAP server response with the following authentication mechanism:

AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM AUTH=PLAIN AUTH=LOGIN

If I login with SCRAM-SHA-1:

MyName@MyComputer:~$ cyradm --user username --auth SCRAM-SHA-1 localhost
Password:
verify error:num=19:self signed certificate in certificate chain
cyradm: cannot authenticate to server with SCRAM-SHA-1 as username

In the logs:

Feb 21 09:48:36 MyComputer imap[17576]: badlogin: localhost [127.0.0.1] 
SCRAM-SHA-1 [SASL(-13): user not found: unable to canonify user and get 
auxprops]

I'm pretty sure that the user is registered in the ldap database.

DIGEST-MD5, CRAM-MD5, and SCRAM-SHA-1 all require cyrus sasl to have access
to the shared secret (clear text password) to complete authentication. If
you're using LDAP to store your user credentials, you'll need to use the
ldapdb auxprop plugin and store users' clear text passwords in userPassword.
Presumably you're using 'sasl_pwcheck_method: saslauthd' currently, which
is sufficient for PLAIN and LOGIN authentication.

If you choose not to go the ldapdb route, I recommend specifying a
sasl_mech_list to limit your mechanisms to PLAIN and LOGIN (and EXTERNAL if
you intend to do starttls client authentication). If you don't do that, in
your current setup, most clients will attempt to first authenticate using a
shared secret mechanism (including cyradm in your initial attempt), which
will always fail on that attempt.

-- 
Dan White

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyradm cannot connect to cyrus imap server

[Willy Offermans]

Hallo Dan,

On Fri, Feb 21, 2014 at 08:50:41AM -0600, Dan White wrote:
 On 02/21/14 10:50 +0100, Willy Offermans wrote:
 Indeed, I needed to specify an authentication mechanism and then I could
 use the command line interface of cyradm:
 
 cyradm --user username --auth PLAIN localhost
 
 If we are at this point anyway, I was wondering what I need to do to use
 another authentication mechanism. Is this possible? And what do I need to
 consider?
 
 The IMAP server response with the following authentication mechanism:
 
 AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM AUTH=PLAIN 
 AUTH=LOGIN
 
 If I login with SCRAM-SHA-1:
 
 MyName@MyComputer:~$ cyradm --user username --auth SCRAM-SHA-1 localhost
 Password:
 verify error:num=19:self signed certificate in certificate chain
 cyradm: cannot authenticate to server with SCRAM-SHA-1 as username
 
 In the logs:
 
 Feb 21 09:48:36 MyComputer imap[17576]: badlogin: localhost [127.0.0.1] 
 SCRAM-SHA-1 [SASL(-13): user not found: unable to canonify user and get 
 auxprops]
 
 I'm pretty sure that the user is registered in the ldap database.
 
 DIGEST-MD5, CRAM-MD5, and SCRAM-SHA-1 all require cyrus sasl to have access
 to the shared secret (clear text password) to complete authentication. If
 you're using LDAP to store your user credentials, you'll need to use the
 ldapdb auxprop plugin and store users' clear text passwords in userPassword.
 Presumably you're using 'sasl_pwcheck_method: saslauthd' currently, which
 is sufficient for PLAIN and LOGIN authentication.
 
 If you choose not to go the ldapdb route, I recommend specifying a
 sasl_mech_list to limit your mechanisms to PLAIN and LOGIN (and EXTERNAL if
 you intend to do starttls client authentication). If you don't do that, in
 your current setup, most clients will attempt to first authenticate using a
 shared secret mechanism (including cyradm in your initial attempt), which
 will always fail on that attempt.
 
 -- 
 Dan White

Thank you a lot for the clarification. I did some search on the internet
myself and I got some increased understanding myself. I changed the
imapd.conf on the imap server and added:

sasl_mech_list: PLAIN LOGIN

to the settings.

This solved several issues. So I can already confirm your suggestion for
solution. But many thnx anyway.

You are pointing to EXTERNAL, next to PLAIN and LOGIN. I do not understand
this mechanism yet. At the moment I believe I have PLAIN password wrapped
into TLS. So I already do starttls client authentication. What will EXTERNAL
do?

-- 
Met vriendelijke groeten,
With kind regards,
Mit freundlichen Gruessen,
De jrus wah,

Wiel

*
 W.K. Offermans
Home:   +31 45 544 49 44
Mobile: +31 681 15 87 68
e-mail: wi...@offermans.rompen.nl

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyradm cannot connect to cyrus imap server

[Dan White]

On 02/21/14 16:11 +0100, Willy Offermans wrote:
You are pointing to EXTERNAL, next to PLAIN and LOGIN. I do not understand
this mechanism yet. At the moment I believe I have PLAIN password wrapped
into TLS. So I already do starttls client authentication. What will EXTERNAL
do?

TLS client authentication is a scenario where you perform TLS
authentication where the client also has a certificate.  The server can
then use the contents of the client certificate to derive the username
(with no password, per se). For example, 'cyradm --tlskey file'.

The EXTERNAL mechanism should not be offered unless TLS client
authentication was successful during the starttls step.

-- 
Dan White

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyradm cannot connect to cyrus imap server

[Willy Offermans]

Hello Dan,

On Fri, Feb 21, 2014 at 09:22:55AM -0600, Dan White wrote:
 On 02/21/14 16:11 +0100, Willy Offermans wrote:
 You are pointing to EXTERNAL, next to PLAIN and LOGIN. I do not understand
 this mechanism yet. At the moment I believe I have PLAIN password wrapped
 into TLS. So I already do starttls client authentication. What will EXTERNAL
 do?
 
 TLS client authentication is a scenario where you perform TLS
 authentication where the client also has a certificate.  The server can
 then use the contents of the client certificate to derive the username
 (with no password, per se). For example, 'cyradm --tlskey file'.
 
 The EXTERNAL mechanism should not be offered unless TLS client
 authentication was successful during the starttls step.
 
 -- 
 Dan White

This sounds interesting. I thought that TLSVerifyClient demand in
slapd.conf was forcing this behavior. I like to read more about the
EXTERNAL mechanism. Do you recommend some reading?

At the moment I will stick to PLAIN and play with replication, serving
multiple domains etc.

-- 
Met vriendelijke groeten,
With kind regards,
Mit freundlichen Gruessen,
De jrus wah,

Wiel

*
 W.K. Offermans
Home:   +31 45 544 49 44
Mobile: +31 681 15 87 68
e-mail: wi...@offermans.rompen.nl

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyradm cannot connect to cyrus imap server

[Dan White]

On 02/21/14 16:33 +0100, Willy Offermans wrote:
This sounds interesting. I thought that TLSVerifyClient demand in
slapd.conf was forcing this behavior. I like to read more about the
EXTERNAL mechanism. Do you recommend some reading?

At the moment I will stick to PLAIN and play with replication, serving
multiple domains etc.

A TLS primer would be the best place to start. A problem that you may
encounter with EXTERNAL over STARTTLS, is that the username mapping process
is not standardized, and is left up to the server implementation to
perform. Cyrus imapd and slapd may do so in inconsistent ways.

-- 
Dan White

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyradm cannot connect to cyrus imap server

[Dan White]

On 02/20/14 10:35 +0100, Willy Offermans wrote:
I'm setting up cyrus on my new FreeBSD 10.0 server. I have used the following
package: cyrus-imapd24-2.4.17_4

If I test my setup with imtest, I get connection to the imap server.

MyName@MyComputer:~$ imtest -m login -u username -a username -s localhost
verify error:num=19:self signed certificate in certificate chain
TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE AUTH=SCRAM-SHA-1 
AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM AUTH=PLAIN AUTH=LOGIN SASL-IR] 
MyComputer Cyrus IMAP v2.4.17 server ready
Please enter your password:
C: L01 LOGIN username {13}
S: + go ahead
C: omitted
S: L01 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA 
MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN 
MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY 
THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN 
QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY LOGINDISABLED AUTH=SCRAM-SHA-1 
AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM AUTH=PLAIN AUTH=LOGIN COMPRESS=DEFLATE 
IDLE] User logged in SESSIONID=MyComputer-11451-1392884061-1
Authenticated.
Security strength factor: 256

From the message log file:

Feb 19 09:00:11 MyComputer imaps[3437]: imapd:Loading hard-coded DH parameters 
Feb 19 09:00:11 MyComputer imaps[3437]: starttls: TLSv1 with cipher 
DHE-RSA-AES256-SHA (256/256 bits new) no authentication
Feb 19 09:00:11 MyComputer imaps[3437]: OTP unavailable because can't 
read/write key database /etc/opiekeys: Permission denied
Feb 19 09:00:15 MyComputer imaps[3437]: badlogin: localhost [127.0.0.1] 
plaintext username SASL(-13): authentication failure: checkpass failed
Feb 19 09:00:30 MyComputer imaps[3437]: starttls: TLSv1 with cipher 
DHE-RSA-AES256-SHA (256/256 bits new) no authentication
Feb 19 09:00:30 MyComputer imaps[3437]: OTP unavailable because can't 
read/write key database /etc/opiekeys: Permission denied
Feb 19 09:00:39 MyComputer imaps[3437]: login: localhost [127.0.0.1] username 
plaintext+TLS User logged in SESSIONID=MyComputer-3437-1392800430-1
Feb 19 09:02:18 MyComputer imaps[3437]: USAGE username user: 0.007544 sys: 
0.022632

However, if I try to connect via cyradm, I cannot login.

MyName@MyComputer:~$ cyradm --user username localhost
Password:
verify error:num=19:self signed certificate in certificate chain
cyradm: cannot authenticate to server with  as username

Does the output really say this (empty username)? I'm assuming you just
removed it when pasting it.

from the message log file:
Feb 19 09:02:41 MyComputer imap[3440]: OTP unavailable because can't 
read/write key database /etc/opiekeys: Permission denied
Feb 19 09:02:48 MyComputer imap[3440]: badlogin: localhost [127.0.0.1] 
SCRAM-SHA-1 [SASL(-13): user not found: unable to canonify user and get 
auxprops]
Feb 19 09:02:51 MyComputer imap[3440]: badlogin: localhost [127.0.0.1] 
DIGEST-MD5 [SASL(-13): user not found: unable to canonify user and get 
auxprops]
Feb 19 09:02:55 MyComputer imap[3440]: imapd:Loading hard-coded DH parameters
Feb 19 09:02:55 MyComputer imap[3440]: starttls: TLSv1 with cipher 
DHE-RSA-AES256-SHA (256/256 bits new) no authentication
Feb 19 09:02:55 MyComputer imap[3440]: OTP unavailable because can't 
read/write key database /etc/opiekeys: Permission denied

In imapd.conf, set:

sasl_mech_list: PLAIN LOGIN EXTERNAL

to remove some extraneous error messages. Try specifying a mechanism
(--auth=PLAIN) in your cyradm command.

-- 
Dan White

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyradm cannot connect to cyrus imap server

[Willy Offermans]

Hello Dan and Cyrus Friends,

On Thu, Feb 20, 2014 at 08:38:42AM -0600, Dan White wrote:
 On 02/20/14 10:35 +0100, Willy Offermans wrote:
 I'm setting up cyrus on my new FreeBSD 10.0 server. I have used the following
 package: cyrus-imapd24-2.4.17_4
 
 If I test my setup with imtest, I get connection to the imap server.
 
 MyName@MyComputer:~$ imtest -m login -u username -a username -s localhost
 verify error:num=19:self signed certificate in certificate chain
 TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 
 bits)
 S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE AUTH=SCRAM-SHA-1 
 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM AUTH=PLAIN AUTH=LOGIN SASL-IR] 
 MyComputer Cyrus IMAP v2.4.17 server ready
 Please enter your password:
 C: L01 LOGIN username {13}
 S: + go ahead
 C: omitted
 S: L01 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA 
 MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN 
 MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY 
 THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN 
 QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY LOGINDISABLED AUTH=SCRAM-SHA-1 
 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM AUTH=PLAIN AUTH=LOGIN 
 COMPRESS=DEFLATE IDLE] User logged in 
 SESSIONID=MyComputer-11451-1392884061-1
 Authenticated.
 Security strength factor: 256
 
 From the message log file:
 
 Feb 19 09:00:11 MyComputer imaps[3437]: imapd:Loading hard-coded DH 
 parameters Feb 19 09:00:11 MyComputer imaps[3437]: starttls: TLSv1 with 
 cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication
 Feb 19 09:00:11 MyComputer imaps[3437]: OTP unavailable because can't 
 read/write key database /etc/opiekeys: Permission denied
 Feb 19 09:00:15 MyComputer imaps[3437]: badlogin: localhost [127.0.0.1] 
 plaintext username SASL(-13): authentication failure: checkpass failed
 Feb 19 09:00:30 MyComputer imaps[3437]: starttls: TLSv1 with cipher 
 DHE-RSA-AES256-SHA (256/256 bits new) no authentication
 Feb 19 09:00:30 MyComputer imaps[3437]: OTP unavailable because can't 
 read/write key database /etc/opiekeys: Permission denied
 Feb 19 09:00:39 MyComputer imaps[3437]: login: localhost [127.0.0.1] 
 username plaintext+TLS User logged in 
 SESSIONID=MyComputer-3437-1392800430-1
 Feb 19 09:02:18 MyComputer imaps[3437]: USAGE username user: 0.007544 sys: 
 0.022632
 
 However, if I try to connect via cyradm, I cannot login.
 
 MyName@MyComputer:~$ cyradm --user username localhost
 Password:
 verify error:num=19:self signed certificate in certificate chain
 cyradm: cannot authenticate to server with  as username
 
 Does the output really say this (empty username)? I'm assuming you just
 removed it when pasting it.

No Dan, I did not remove anything. I just replaced the actual username by
username. There is a whitespace between with and as in the output!

 
 from the message log file:
 Feb 19 09:02:41 MyComputer imap[3440]: OTP unavailable because can't 
 read/write key database /etc/opiekeys: Permission denied
 Feb 19 09:02:48 MyComputer imap[3440]: badlogin: localhost [127.0.0.1] 
 SCRAM-SHA-1 [SASL(-13): user not found: unable to canonify user and get 
 auxprops]
 Feb 19 09:02:51 MyComputer imap[3440]: badlogin: localhost [127.0.0.1] 
 DIGEST-MD5 [SASL(-13): user not found: unable to canonify user and get 
 auxprops]
 Feb 19 09:02:55 MyComputer imap[3440]: imapd:Loading hard-coded DH parameters
 Feb 19 09:02:55 MyComputer imap[3440]: starttls: TLSv1 with cipher 
 DHE-RSA-AES256-SHA (256/256 bits new) no authentication
 Feb 19 09:02:55 MyComputer imap[3440]: OTP unavailable because can't 
 read/write key database /etc/opiekeys: Permission denied
 
 In imapd.conf, set:
 
 sasl_mech_list: PLAIN LOGIN EXTERNAL
 
 to remove some extraneous error messages. Try specifying a mechanism
 (--auth=PLAIN) in your cyradm command.
 
 -- 
 Dan White

I did this and it worked:

MyName@MyComputer:~$ cyradm --user username --auth PLAIN localhost
verify error:num=19:self signed certificate in certificate chain
Password: 
localhost 

Many thnx for your help!

-- 
Met vriendelijke groeten,
With kind regards,
Mit freundlichen Gruessen,

Wiel

*
W.K. Offermans
Home:   +31 45 544 49 44
Mobile: +31 681 15 87 68
e-mail: wi...@offermans.rompen.nl

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyradm cannot connect to cyrus imap server

[Scott Lambert]

On Thu, Feb 20, 2014 at 10:35:42AM +0100, Willy Offermans wrote:
 Dear Cyrus Friends,

 I need your help to solve the following:

 I'm setting up cyrus on my new FreeBSD 10.0 server. I have used the following
 package: cyrus-imapd24-2.4.17_4

 If I test my setup with imtest, I get connection to the imap server.

 MyName@MyComputer:~$ imtest -m login -u username -a username -s localhost

 It works

 However, if I try to connect via cyradm, I cannot login.

 MyName@MyComputer:~$ cyradm --user username localhost
 Password:
 verify error:num=19:self signed certificate in certificate chain
 cyradm: cannot authenticate to server with  as username


You specified your authentication mechanism to be login with imtest.

You did not specify an authentication mechanism with cyradm.

Perhaps it would work if you try :

cyradm --auth login --user username localhost

That is only a guess.

-- 
Scott LambertKC5MLE   Unix SysAdmin
lamb...@lambertfam.org

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyradm cannot connect to cyrus imap server

[Riccardo Veraldi]

if cyrus is your user admin just do

cyradm --user cyrus --server localhost

and it will work

depending on your password backend you may need to add user cyrus with 
sasldb2 or
if you use local unix account with saslauthd you just need to set a 
password for user cyrus with passwd



On 2/20/14 11:12 PM, Scott Lambert wrote:
 On Thu, Feb 20, 2014 at 10:35:42AM +0100, Willy Offermans wrote:
 Dear Cyrus Friends,

 I need your help to solve the following:

 I'm setting up cyrus on my new FreeBSD 10.0 server. I have used the following
 package: cyrus-imapd24-2.4.17_4

 If I test my setup with imtest, I get connection to the imap server.

 MyName@MyComputer:~$ imtest -m login -u username -a username -s localhost

 It works

 However, if I try to connect via cyradm, I cannot login.

 MyName@MyComputer:~$ cyradm --user username localhost
 Password:
 verify error:num=19:self signed certificate in certificate chain
 cyradm: cannot authenticate to server with  as username

 You specified your authentication mechanism to be login with imtest.

 You did not specify an authentication mechanism with cyradm.

 Perhaps it would work if you try :

 cyradm --auth login --user username localhost

 That is only a guess.



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: `cyradm` login `lm` behavior with Virtual Domains

[Dan White]

On 01/21/12 02:59 -0800, Reg Proctor wrote:
Hi,

I just want to confirm that logging into cyradm as I am experiencing it
is normal and that lm is behaving as it should be. It seems a little
unusual to me.


First cyradm logging in,  here is what I am seeing:

To log into cyradm I have to set my defaultdomain to localhost and then
I can login like this:

cyradm -u cyrus localhost
pwd: xx

However, using MySQL and setting the tracing so I can see the SQL
statements I actually see this:

SELECT AES_DECRYPT(`password`, 'x') AS password
FROM `accounts`
WHERE `user`='cyrus' AND `realm`='www.domain.com' AND `virtual` != 0;

where `www.domain.com` is the fully qualified domain name (FQDN) of the
server. This means in the database if the user is stored as [user:
cyrus, realm: localhost], the login will fail. Instead the use has to be
stored as [user: cyrus, realm: www.domain.com ], and once that change is
made I can login.

While this is trivial once you know it I couldn't find where is
mentioned that that would be the behavior in the docs. Also, and perhaps
more importantly, it makes the database non-portable to other servers
which may cause problems with a high availability setup through multiple
servers where someone is replicating a database periodically.

Do you have?

virtdomains: on

If so, try:

virtdomains: userid

See the manpage for imapd.conf, and:

http://www.cyrusimap.org/docs/cyrus-imapd/2.4.13/install-virtdomains.php

Also, some mechanisms may derive your realm from the authentication
exchange (digest-md5 and gssapi). I'm not clear if that realm value is
relevant before authentication is complete. If necessary, try explicitly
specifying another mechanism like plain or login (--auth).

Second, `lm` wildcard behavior:

With `lm`, once I am logged in this is the behavior I am seeing with
wildcards:

Works:
lm
lm *
lm *@fulldomain

Doesn't work:
lm *@*
lm *@partialdomain*

It seems to me that if my domain was abc.com and I wanted to list all
users I should be able to do so with lm *@abc* or lm *@ab* etc. however
anything but the full domain will not work. Neither I guess would
something like fred@* if you wanted to find all the fred's (not that I
can see any reason to do that).

I'm just wondering if this is by design or perhaps could be improved or
maybe my distr. has a bug?

I don't know. Cyrus stores mailboxes internally like:

example.org!user.jsmith.Trash

-- 
Dan White

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

Re: `cyradm` login `lm` behavior with Virtual Domains

[Dan White]

If you have 'virtdomains: userid' but you are still seeing a realm get
passed to mysql, but are not passing on in the client, then I'm guessing
you're doing DIGEST-MD5 authentication.

How DIGEST-MD5 and realms are intended to function is probably best
described in RFC 2831.

You could try using another mechanism, or just ignore the realm altogether
in your SQL statement. Depending on your configuration, you may be able to
ignore the realm altogether, and still support virtual domains.

On 01/23/12 11:03 -0800, Reg wrote:
Hello Dan,

Thanks for the reply.

virtdomains: userid - Yep, this is the way I have it set up.

See the manpage for imapd.conf, and:

 http://www.cyrusimap.org/docs/cyrus-imapd/2.4.13/install-virtdomains.php;

Virtual domains do work, I've had it working for over a year. My question 
isn't How to get it to work?, the question is Is the behavior I described 
normal? because it seems odd and I couldn't find any documention for some of 
what I saw, as I mentioned.

Anyway if it's one of those unknowns I guess we'll just let it go.

Thanks,
Reg


Monday, January 23, 2012, 9:40:45 AM, you wrote:

 On 01/21/12 02:59 -0800, Reg Proctor wrote:
Hi,

I just want to confirm that logging into cyradm as I am experiencing it
is normal and that lm is behaving as it should be. It seems a little
unusual to me.


First cyradm logging in,  here is what I am seeing:

To log into cyradm I have to set my defaultdomain to localhost and then
I can login like this:

cyradm -u cyrus localhost
pwd: xx

However, using MySQL and setting the tracing so I can see the SQL
statements I actually see this:

SELECT AES_DECRYPT(`password`, 'x') AS password
FROM `accounts`
WHERE `user`='cyrus' AND `realm`='www.domain.com' AND `virtual` != 0;

where `www.domain.com` is the fully qualified domain name (FQDN) of the
server. This means in the database if the user is stored as [user:
cyrus, realm: localhost], the login will fail. Instead the use has to be
stored as [user: cyrus, realm: www.domain.com ], and once that change is
made I can login.

While this is trivial once you know it I couldn't find where is
mentioned that that would be the behavior in the docs. Also, and perhaps
more importantly, it makes the database non-portable to other servers
which may cause problems with a high availability setup through multiple
servers where someone is replicating a database periodically.

 Do you have?

 virtdomains: on

 If so, try:

 virtdomains: userid

 See the manpage for imapd.conf, and:

 http://www.cyrusimap.org/docs/cyrus-imapd/2.4.13/install-virtdomains.php

 Also, some mechanisms may derive your realm from the authentication
 exchange (digest-md5 and gssapi). I'm not clear if that realm value is
 relevant before authentication is complete. If necessary, try explicitly
 specifying another mechanism like plain or login (--auth).

Second, `lm` wildcard behavior:

With `lm`, once I am logged in this is the behavior I am seeing with
wildcards:

Works:
lm
lm *
lm *@fulldomain

Doesn't work:
lm *@*
lm *@partialdomain*

It seems to me that if my domain was abc.com and I wanted to list all
users I should be able to do so with lm *@abc* or lm *@ab* etc. however
anything but the full domain will not work. Neither I guess would
something like fred@* if you wanted to find all the fred's (not that I
can see any reason to do that).

I'm just wondering if this is by design or perhaps could be improved or
maybe my distr. has a bug?

 I don't know. Cyrus stores mailboxes internally like:

 example.org!user.jsmith.Trash

-- 
Dan White
BTC Broadband
Ph  918.366.0248 (direct)   main: (918)366-8000
Fax 918.366.6610email: dwh...@olp.net
http://www.btcbroadband.com

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

`cyradm` login `lm` behavior with Virtual Domains

[Reg Proctor]

Hi,

I just want to confirm that logging into cyradm as I am experiencing it
is normal and that lm is behaving as it should be. It seems a little
unusual to me.


First cyradm logging in,  here is what I am seeing:

To log into cyradm I have to set my defaultdomain to localhost and then
I can login like this:

cyradm -u cyrus localhost
pwd: xx

However, using MySQL and setting the tracing so I can see the SQL
statements I actually see this:

SELECT AES_DECRYPT(`password`, 'x') AS password 
FROM `accounts` 
WHERE `user`='cyrus' AND `realm`='www.domain.com' AND `virtual` != 0;

where `www.domain.com` is the fully qualified domain name (FQDN) of the
server. This means in the database if the user is stored as [user:
cyrus, realm: localhost], the login will fail. Instead the use has to be
stored as [user: cyrus, realm: www.domain.com ], and once that change is
made I can login.

While this is trivial once you know it I couldn't find where is
mentioned that that would be the behavior in the docs. Also, and perhaps
more importantly, it makes the database non-portable to other servers
which may cause problems with a high availability setup through multiple
servers where someone is replicating a database periodically.

Second, `lm` wildcard behavior:

With `lm`, once I am logged in this is the behavior I am seeing with
wildcards:

Works:
lm
lm *
lm *@fulldomain

Doesn't work:
lm *@*
lm *@partialdomain*

It seems to me that if my domain was abc.com and I wanted to list all
users I should be able to do so with lm *@abc* or lm *@ab* etc. however
anything but the full domain will not work. Neither I guess would
something like fred@* if you wanted to find all the fred's (not that I
can see any reason to do that).

I'm just wondering if this is by design or perhaps could be improved or
maybe my distr. has a bug?

Thanks,
Reg



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

cyradm +reconstruct all mailboxes (2.3.xx)

[Josef Karliak]

  Hello,
  after copying mails to the new server and reconstructing emails  
with a command sudo -u cyrus /usr/lib/cyrus/bin/reconstruct -r -f  
user.username seems to be all fine. But after some fights with  
plugin for check quota in the Squirrelmail I tried a command for  
listing quota in the cyradm. Command mentioned above didn't  
reconstructed usage. Reconstruction of the usage works fine only in  
the cyradm. But it doesn't accept wildcard * to reconstruct all  
mailboxes. So there is a question - how to reconstruct all ? Any ideas ?

  Thanks and best regards
  J.K.

--
Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a  
DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu,  
zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji.
My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP)  
policy and check. If you've problem with sending emails to me, start  
using email origin methods mentioned above. Thank you.



This message was sent using IMP, the Internet Messaging Program.



bin2No4uqVG9o.bin
Description: Veřejný PGP	klíč

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

Re: cyradm +reconstruct all mailboxes (2.3.xx)

[Simon Matter]

Hello,
after copying mails to the new server and reconstructing emails
 with a command sudo -u cyrus /usr/lib/cyrus/bin/reconstruct -r -f
 user.username seems to be all fine. But after some fights with
 plugin for check quota in the Squirrelmail I tried a command for
 listing quota in the cyradm. Command mentioned above didn't
 reconstructed usage. Reconstruction of the usage works fine only in
 the cyradm. But it doesn't accept wildcard * to reconstruct all
 mailboxes. So there is a question - how to reconstruct all ? Any ideas ?

Did you try simply reconstruct -r -f without mailbox name?

Simon


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

Re: cyradm +reconstruct all mailboxes (2.3.xx)

[Josef Karliak]

  Hi,
  reconstructing not in the cyradm reconstructs mails and folders,  
not the quota that I need to reconstruct :-/

localhost reconstruct *
reconstruct: Mailbox does not exist
localhost reconstruct user.*
reconstruct: Mailbox does not exist
localhost reconstruct
usage: reconstruct [-r] mailbox
localhost reconstruct -r -f
usage: reconstruct [-r] mailbox
localhost reconstruct -r
usage: reconstruct [-r] mailbox

  Thanks
  J.K.

Cituji Simon Matter simon.mat...@invoca.ch:


   Hello,
   after copying mails to the new server and reconstructing emails
with a command sudo -u cyrus /usr/lib/cyrus/bin/reconstruct -r -f
user.username seems to be all fine. But after some fights with
plugin for check quota in the Squirrelmail I tried a command for
listing quota in the cyradm. Command mentioned above didn't
reconstructed usage. Reconstruction of the usage works fine only in
the cyradm. But it doesn't accept wildcard * to reconstruct all
mailboxes. So there is a question - how to reconstruct all ? Any ideas ?


Did you try simply reconstruct -r -f without mailbox name?

Simon






--
Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a  
DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu,  
zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji.
My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP)  
policy and check. If you've problem with sending emails to me, start  
using email origin methods mentioned above. Thank you.



This message was sent using IMP, the Internet Messaging Program.



binzSEv217SuS.bin
Description: Veřejný PGP	klíč

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

Re: cyradm +reconstruct all mailboxes (2.3.xx)

[Jo Rhett]

I believe the wildcard is a % not a *.  Try using % or since you are dealing 
with user accounts, user.% or user/% whichever way your options are set.

On Jul 21, 2011, at 1:17 AM, Josef Karliak wrote:
  reconstructing not in the cyradm reconstructs mails and folders, not the 
 quota that I need to reconstruct :-/
 localhost reconstruct *
 reconstruct: Mailbox does not exist
 localhost reconstruct user.*
 reconstruct: Mailbox does not exist
 localhost reconstruct
 usage: reconstruct [-r] mailbox
 localhost reconstruct -r -f
 usage: reconstruct [-r] mailbox
 localhost reconstruct -r
 usage: reconstruct [-r] mailbox
 
  Thanks
  J.K.
 
 Cituji Simon Matter simon.mat...@invoca.ch:
 
   Hello,
   after copying mails to the new server and reconstructing emails
 with a command sudo -u cyrus /usr/lib/cyrus/bin/reconstruct -r -f
 user.username seems to be all fine. But after some fights with
 plugin for check quota in the Squirrelmail I tried a command for
 listing quota in the cyradm. Command mentioned above didn't
 reconstructed usage. Reconstruction of the usage works fine only in
 the cyradm. But it doesn't accept wildcard * to reconstruct all
 mailboxes. So there is a question - how to reconstruct all ? Any ideas ?
 
 Did you try simply reconstruct -r -f without mailbox name?
 
 Simon
 
 
 
 
 
 -- 
 Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a 
 DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu, zacnete 
 pouzivat metody overeni puvody emailu zminene vyse. Dekuji.
 My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy 
 and check. If you've problem with sending emails to me, start using email 
 origin methods mentioned above. Thank you.
 
 
 This message was sent using IMP, the Internet Messaging Program.
 
 Mail Attachment
 Cyrus Home Page: http://www.cyrusimap.org/
 List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

-- 
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source and other 
randomness


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

Re: cyradm login loops

[Robert Spellman]

Occasionally, I see something mentioned about tracing a particular cyrus 
process to determine what's going on (or wrong, as the case may be).  
How is this done?  I'm not getting very far at resolving my particular 
problem, so I'd like to know what the proxyd process thinks it's doing 
each time it spawns a new connection to itself.


Rob

On 7/1/11 9:10 AM, Robert Spellman wrote:
We have recently upgraded to cyrus 2.4.6.  Our environment includes a 
server running as a murder server, four back end mailstores, and two 
front end servers.  If we mistakenly create a user mailbox on one of 
the front end servers using cyradm, and then try to manage it (dm, 
sam, info, lm), cpu load on the front end server increases until the 
box is unusable.  Syslogs show the user cyrus (our admin user) logging 
in over and over, each time creating a new proxyd process, which 
explains the high cpu load.


Managing mailboxes on the back end servers from the front end servers 
works fine.


Here's my imapd.conf for one of my front end servers:


configdirectory: /var/lib/imap
partition-default: /home/imap
defaultpartition: default
sievedir: /var/lib/imap/sieve
admins: cyrus backend
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN GSSAPI

altnamespace: true
hashimapspool: true
allowallsubscribe: true
allowusermoves: true
autocreateinboxfolders: Trash|Sent|Junk
autosubscribeinboxfolders: Trash|Sent|Junk
autosubscribesharedfolders: shared.announce
lmtp_downcase_rcpt: true

tls_cert_file: /etc/pki/tls/certs/mail.bates.edu-cert.pem
tls_key_file: /etc/pki/tls/certs/mail.bates.edu-key.pem
tls_ca_file: /etc/pki/tls/certs/bates.edu-cert.pem

proxy_authname: backend
proxyservers: backend

mupdate_server: murder.bates.edu
mupdate_username: backend




Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
attachment: rspell.vcf
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

Re: cyradm login loops

[Dan White]

See:

http://stuff.mit.edu/afs/sipb/project/linerva/project/packages/cyrus/cyrus21-imapd-2.1.18/debian/README.Debian.debug

On 05/07/11 13:38 -0400, Robert Spellman wrote:
Occasionally, I see something mentioned about tracing a particular 
cyrus process to determine what's going on (or wrong, as the case may 
be).  How is this done?  I'm not getting very far at resolving my 
particular problem, so I'd like to know what the proxyd process 
thinks it's doing each time it spawns a new connection to itself.

Rob

On 7/1/11 9:10 AM, Robert Spellman wrote:
We have recently upgraded to cyrus 2.4.6.  Our environment includes 
a server running as a murder server, four back end mailstores, and 
two front end servers.  If we mistakenly create a user mailbox on 
one of the front end servers using cyradm, and then try to manage 
it (dm, sam, info, lm), cpu load on the front end server increases 
until the box is unusable.  Syslogs show the user cyrus (our admin 
user) logging in over and over, each time creating a new proxyd 
process, which explains the high cpu load.

Managing mailboxes on the back end servers from the front end 
servers works fine.

Here's my imapd.conf for one of my front end servers:

configdirectory: /var/lib/imap
partition-default: /home/imap
defaultpartition: default
sievedir: /var/lib/imap/sieve
admins: cyrus backend
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN GSSAPI

altnamespace: true
hashimapspool: true
allowallsubscribe: true
allowusermoves: true
autocreateinboxfolders: Trash|Sent|Junk
autosubscribeinboxfolders: Trash|Sent|Junk
autosubscribesharedfolders: shared.announce
lmtp_downcase_rcpt: true

tls_cert_file: /etc/pki/tls/certs/mail.bates.edu-cert.pem
tls_key_file: /etc/pki/tls/certs/mail.bates.edu-key.pem
tls_ca_file: /etc/pki/tls/certs/bates.edu-cert.pem

proxy_authname: backend
proxyservers: backend

mupdate_server: murder.bates.edu
mupdate_username: backend



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

begin:vcard
fn:Robert Spellman
n:Spellman;Robert
org:Bates College;Information and Library Services
adr;dom:;;110 Russell Street;Lewiston;Maine;04240
email;internet:rsp...@bates.edu
title:Assistant Directory, Network Services
tel;work:207-786-6422
note;quoted-printable:01000111011000100101001001100101011001000101001101100=
   011=0D=0A=
   
url:http://www.bates.edu/
version:2.1
end:vcard



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/


-- 
Dan White

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

cyradm login loops

[Robert Spellman]

We have recently upgraded to cyrus 2.4.6.  Our environment includes a 
server running as a murder server, four back end mailstores, and two 
front end servers.  If we mistakenly create a user mailbox on one of the 
front end servers using cyradm, and then try to manage it (dm, sam, 
info, lm), cpu load on the front end server increases until the box is 
unusable.  Syslogs show the user cyrus (our admin user) logging in over 
and over, each time creating a new proxyd process, which explains the 
high cpu load.


Managing mailboxes on the back end servers from the front end servers 
works fine.


Here's my imapd.conf for one of my front end servers:


configdirectory: /var/lib/imap
partition-default: /home/imap
defaultpartition: default
sievedir: /var/lib/imap/sieve
admins: cyrus backend
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN GSSAPI

altnamespace: true
hashimapspool: true
allowallsubscribe: true
allowusermoves: true
autocreateinboxfolders: Trash|Sent|Junk
autosubscribeinboxfolders: Trash|Sent|Junk
autosubscribesharedfolders: shared.announce
lmtp_downcase_rcpt: true

tls_cert_file: /etc/pki/tls/certs/mail.bates.edu-cert.pem
tls_key_file: /etc/pki/tls/certs/mail.bates.edu-key.pem
tls_ca_file: /etc/pki/tls/certs/bates.edu-cert.pem

proxy_authname: backend
proxyservers: backend

mupdate_server: murder.bates.edu
mupdate_username: backend


attachment: rspell.vcf
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

Re: cyradm login loops

[Dan White]

On 01/07/11 09:10 -0400, Robert Spellman wrote:
We have recently upgraded to cyrus 2.4.6.  Our environment includes a 
server running as a murder server, four back end mailstores, and two 
front end servers.  If we mistakenly create a user mailbox on one of 
the front end servers using cyradm, and then try to manage it (dm, 
sam, info, lm), cpu load on the front end server increases until the 
box is unusable.  Syslogs show the user cyrus (our admin user) 
logging in over and over, each time creating a new proxyd process, 
which explains the high cpu load.

Managing mailboxes on the back end servers from the front end servers 
works fine.

Here's my imapd.conf for one of my front end servers:

configdirectory: /var/lib/imap
partition-default: /home/imap
defaultpartition: default
sievedir: /var/lib/imap/sieve
admins: cyrus backend
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN GSSAPI

altnamespace: true
hashimapspool: true
allowallsubscribe: true
allowusermoves: true
autocreateinboxfolders: Trash|Sent|Junk
autosubscribeinboxfolders: Trash|Sent|Junk
autosubscribesharedfolders: shared.announce
lmtp_downcase_rcpt: true

tls_cert_file: /etc/pki/tls/certs/mail.bates.edu-cert.pem
tls_key_file: /etc/pki/tls/certs/mail.bates.edu-key.pem
tls_ca_file: /etc/pki/tls/certs/bates.edu-cert.pem

proxy_authname: backend
proxyservers: backend

mupdate_server: murder.bates.edu
mupdate_username: backend

Could it be due to a referral loop, where the frontend believes the mailbox
exists on the backend, but the backend doesn't know about it?

What does the mailbox look like in the output of cyr_dbtool on the frontend
and the backend?, and does it 'fix' the problem if you delete it manually
on the frontend with cyr_dbtool?

Here's a usage example:

cyrus@mail:/var/spool/imap$ file /var/lib/imap/mailboxes.db 
/var/lib/imap/mailboxes.db: Cyrus skiplist DB

cyrus@mail:/var/spool/imap$ cyr_dbtool /var/lib/imap/mailboxes.db skiplist show 
user.test1234
user.test1234   (uniqueid 6ebe0fe04dad935f) 0 default test1234 lrswipkxtecda   
user.test1234.trash (uniqueid 638c3a464dad9368) 0 default test1234 
lrswipkxtecda   

cyrus@mail:/var/spool/imap$ cyr_dbtool /var/lib/imap/mailboxes.db skiplist get 
'user.test1234.trash'
(uniqueid 638c3a464dad9368) 0 default test1234  lrswipkxtecda   
cyrus@mail:/var/spool/imap$ cyr_dbtool /var/lib/imap/mailboxes.db skiplist 
delete 'user.test1234.trash'
cyrus@mail:/var/spool/imap$ cyr_dbtool /var/lib/imap/mailboxes.db skiplist get 
'user.test1234.trash'

-- 
Dan White

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

Re: cyradm login loops

[Robert Spellman]

It appears that the front end does know that it has the mailbox:

[cyrus@postoffice09 ~]$ cyr_dbtool `pwd`/mailboxes.db skiplist show 
user.frodo
user.frodo1 postoffice09.bates.edu!default frodolrswipkxtecda 



The backend knows nothing about the user frodo:

[cyrus@mailstore07 ~]$ cyr_dbtool /var/lib/imap/mailboxes.db skiplist 
show user.frodo

[cyrus@mailstore07 ~]$


Murder does know:

[cyrus@murder ~]$ cyr_dbtool /var/lib/imap/mailboxes.db skiplist show 
user.frodo
user.frodo1 postoffice09.bates.edu!default frodolrswipkxtecda 



Deleting the mailbox using cyr_dbtool works, which does resolve the problem.

Rob

On 7/1/11 9:49 AM, Dan White wrote:


Could it be due to a referral loop, where the frontend believes the 
mailbox

exists on the backend, but the backend doesn't know about it?

What does the mailbox look like in the output of cyr_dbtool on the 
frontend

and the backend?, and does it 'fix' the problem if you delete it manually
on the frontend with cyr_dbtool?

Here's a usage example:

cyrus@mail:/var/spool/imap$ file /var/lib/imap/mailboxes.db 
/var/lib/imap/mailboxes.db: Cyrus skiplist DB


cyrus@mail:/var/spool/imap$ cyr_dbtool /var/lib/imap/mailboxes.db 
skiplist show user.test1234
user.test1234   (uniqueid 6ebe0fe04dad935f) 0 default test1234 
lrswipkxtecda   user.test1234.trash (uniqueid 638c3a464dad9368) 0 
default test1234 lrswipkxtecda
cyrus@mail:/var/spool/imap$ cyr_dbtool /var/lib/imap/mailboxes.db 
skiplist get 'user.test1234.trash'
(uniqueid 638c3a464dad9368) 0 default test1234  lrswipkxtecda   
cyrus@mail:/var/spool/imap$ cyr_dbtool /var/lib/imap/mailboxes.db 
skiplist delete 'user.test1234.trash'
cyrus@mail:/var/spool/imap$ cyr_dbtool /var/lib/imap/mailboxes.db 
skiplist get 'user.test1234.trash'


attachment: rspell.vcf
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

cyradm referall 2.4.1 version

[Lucas Zinato Carraro]

I have 3 Frontends in DMZ,  4 Backends in Intranet
and a Administrative Station in other network.

The administrative station, and clients stations  can not connect
direct to backend  servers.

In imapd.conf i enable the parameter:

proxyd_disable_mailbox_referrals: 1


With 2.3.16  dont have problem to issue commands direct in frontends
using cyradm.

cyradm --user cyrus  frontend2316

info user/mailbox   - OK
lam user/mailbox   - OK
sam user/mailbox  - OK
cm  user/mailbox   - OK

With 2.4.X :

cyradm --user cyrus  frontend241

info user/mailbox   - OK
lam user/mailbox   - OK
sam user/mailbox  - timeout error
cm  user/mailbox   - timeout error

Without firewall ( frontend  -  firewall - backend )   :

info user/mailbox   - OK
lam user/mailbox   - OK
sam user/mailbox  - Ask for backend  password
cm  user/mailbox   - Ask for backend  password

I keep same config between cyrus 2.4.1 and cyrus 2.3.16.

Its possible to disable referall to cyradm ?


Regards
Zinato

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

Re: cyradm referall 2.4.1 version

[Bron Gondwana]

I'm not sure what the story is with this one.  Ken might have a better
idea since they use murder and cyradm at CMU (I just use telnet
directly or Perl modules that talk pure IMAP, and we don't use
murder at FastMail).  I've CC'd him.

Would be great if you can create bugs in bugzilla too, just so we can
track them.

And thanks for all your testing and feedback.  You've found more
bugs than anyone else so far (not counting FastMail users of course -
they got to test all this stuff long before the public release!)

Bron.

On Tue, Oct 19, 2010 at 07:54:13AM -0200, Lucas Zinato Carraro wrote:
 I have 3 Frontends in DMZ,  4 Backends in Intranet
 and a Administrative Station in other network.
 
 The administrative station, and clients stations  can not connect
 direct to backend  servers.
 
 In imapd.conf i enable the parameter:
 
 proxyd_disable_mailbox_referrals: 1
 
 
 With 2.3.16  dont have problem to issue commands direct in frontends
 using cyradm.
 
 cyradm --user cyrus  frontend2316
 
 info user/mailbox   - OK
 lam user/mailbox   - OK
 sam user/mailbox  - OK
 cm  user/mailbox   - OK
 
 With 2.4.X :
 
 cyradm --user cyrus  frontend241
 
 info user/mailbox   - OK
 lam user/mailbox   - OK
 sam user/mailbox  - timeout error
 cm  user/mailbox   - timeout error
 
 Without firewall ( frontend  -  firewall - backend )   :
 
 info user/mailbox   - OK
 lam user/mailbox   - OK
 sam user/mailbox  - Ask for backend  password
 cm  user/mailbox   - Ask for backend  password
 
 I keep same config between cyrus 2.4.1 and cyrus 2.3.16.
 
 Its possible to disable referall to cyradm ?
 
 
 Regards
 Zinato
 
 Cyrus Home Page: http://www.cyrusimap.org/
 List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

Re: cyradm referall 2.4.1 version

[Wesley Craig]

On 19 Oct 2010, at 05:54, Lucas Zinato Carraro wrote:
 I have 3 Frontends in DMZ,  4 Backends in Intranet
 and a Administrative Station in other network.
 
 The administrative station, and clients stations  can not connect
 direct to backend  servers.
 
 In imapd.conf i enable the parameter:
 
 proxyd_disable_mailbox_referrals: 1
 
 With 2.3.16  dont have problem to issue commands direct in frontends
 using cyradm.
 
 cyradm --user cyrus  frontend2316
 
 info user/mailbox   - OK
 lam user/mailbox   - OK
 sam user/mailbox  - OK
 cm  user/mailbox   - OK
 
 With 2.4.X :
 
 cyradm --user cyrus  frontend241
 
 info user/mailbox   - OK
 lam user/mailbox   - OK
 sam user/mailbox  - timeout error
 cm  user/mailbox   - timeout error
 
 Without firewall ( frontend  -  firewall - backend )   :
 
 info user/mailbox   - OK
 lam user/mailbox   - OK
 sam user/mailbox  - Ask for backend  password
 cm  user/mailbox   - Ask for backend  password
 
 I keep same config between cyrus 2.4.1 and cyrus 2.3.16.
 
 Its possible to disable referall to cyradm ?

In 2.3.16, the getquotaroot command was referred if an administrator issued the 
command, even if mailbox referrals were disabled.  As of 2.4.0, getquotaroot is 
proxied if the mailbox is remote, regardless of who issues the command or 
whether mailbox referrals are enabled.  This is more correct, IMO.  Here's the 
commit:


http://git.cyrusimap.org/cyrus-imapd/commit/?id=9177afa1f1ab80da5334b2318e2c8f62362c361f

http://git.cyrusimap.org/cyrus-imapd/commit/?id=06979236d2319ad586208c554a53aed7c50dc5e5

In 2.3.16, your admin station was most like connecting directly to the 
appropriate backend.  I expect the behavior you're seeing in 2.4.x is related 
to your network configuration.  I suggest tracing the imapd on the 2.4.x 
frontend to see what it's doing wrong.  Perhaps it's attempting to connect from 
the wrong interface?

:wes

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

Re: cyradm and allowing only encrypted passwords with 2.3.16?

[Wesley Craig]

On 04 Oct 2010, at 01:09, Patrick Goetz wrote:
 I was having problems making Cyrus 2.2.x work with only encrypted
 passwords.  Setting
 
   allowplaintext: no
 
 in imapd.conf prevents plain text logins, but then cyradm stops working:
 
   ibis:~etc$ cyradm localhost
   Login disabled.
   cyradm: cannot authenticate to server as pgoetz
 
 
 I thought this was fixed in 2.3.x, but apparently not.  I'm having
 exactly the same problem.  If I set allowplaintext: no, then cyradm
 stops working as described above.

TLS isn't available to Cyrus::IMAP pre 2.3.2.  I expect it's a bug.  Perhaps 
it's similar to the problems in the C code, e.g., comparing available  offered 
authN mechanisms, calling starttls, re-retriving available mechanisms, etc.

:wes

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

cyradm and allowing only encrypted passwords with 2.3.16?

[Patrick Goetz]

I was having problems making Cyrus 2.2.x work with only encrypted
passwords.  Setting

allowplaintext: no

in imapd.conf prevents plain text logins, but then cyradm stops working:

ibis:~etc$ cyradm localhost
Login disabled.
cyradm: cannot authenticate to server as pgoetz


I thought this was fixed in 2.3.x, but apparently not.  I'm having
exactly the same problem.  If I set allowplaintext: no, then cyradm
stops working as described above.

Any thoughts on this?


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

Re: cyradm and allowing only encrypted passwords with 2.3.16?

[Patrick Goetz]

On 10/04/2010 08:41 AM, Wesley Craig wrote:

 TLS isn't available to Cyrus::IMAP pre 2.3.2.  I expect it's a bug.


Sorry,I didn't specifically say that I'm using the latest release, 2.3.16.


I find cyradm to be very convenient to use for smaller sites, but is 
this essentially a dead tool and I need to be rolling my own 
administrative tools?




Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

Re: cyradm and allowing only encrypted passwords with 2.3.16?

[Dan White]

On 04/10/10 09:26 -0500, Patrick Goetz wrote:
On 10/04/2010 08:41 AM, Wesley Craig wrote:

 TLS isn't available to Cyrus::IMAP pre 2.3.2.  I expect it's a bug.


Sorry,I didn't specifically say that I'm using the latest release, 2.3.16.


I find cyradm to be very convenient to use for smaller sites, but is
this essentially a dead tool and I need to be rolling my own
administrative tools?

You can connect via a non plaintext mechanism, like digest-md5.

-- 
Dan White

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

Re: cyradm and allowing only encrypted passwords with 2.3.16?

[Wesley Craig]

On 04 Oct 2010, at 10:26, Patrick Goetz wrote:
 Sorry,I didn't specifically say that I'm using the latest release, 2.3.16.

I understood that, tho I did notice you pasted the 2.2.x error, not the 2.3.x 
error.

 I find cyradm to be very convenient to use for smaller sites, but is 
 this essentially a dead tool and I need to be rolling my own 
 administrative tools?

Not at all.  Most very large sites do roll their own tools, I find, but only 
because they are integrating with a lot of non-cyrus automation.  Even in sites 
with heavy automation, cyradm is still used for troubleshooting and the like.

Why would you suppose it's a dead tool?  Because it has a bug?

:wes

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

Re: cyradm and allowing only encrypted passwords with 2.3.16?

[Patrick Goetz]

On 10/04/2010 11:07 AM, Dan White wrote:

 You can connect via a non plaintext mechanism, like digest-md5.


This seems like a straightforward case of RTFM, but how does one 
determine the auth mechanism?  I'm using saslauthd, pam, and have a 
self-signed certificate (which I know works):

-
ibis:~~$ cyradm --auth digest-md5 --tlskey 
/etc/ssl/private/ssl-cert-mail.internetbs.com.key localhost
[ unable to get certificate from 
'/etc/ssl/private/ssl-cert-mail.internetbs.com.key' ]
[ TLS engine: cannot load cert/key data, might be a cert/key mismatch]
[ TLS engine failed ]
^C
ibis:~~$


ibis:~ssl$ sudo ls -l /etc/ssl/private
total 8
-rw-r- 1 root ssl-cert 887 2009-09-13 14:02 
ssl-cert-mail.internetbs.com.key
-rw-r- 1 root ssl-cert 887 2010-04-11 14:00 ssl-cert-snakeoil.key
ibis:~ssl$ groups cyrus
cyrus : mail sasl ssl-cert



Maybe the problem is I'm still not 100% clear on how SASL works.

I have saslauthd running with
MECHANISMS=pam
OPTIONS=-c -m /var/run/saslauthd

However, there's no sasl pam.d config file -- presumably SASL somehow uses
/etc/pam.d/imap
/etc/pam.d/lmtp

???  I don't have lmtp running in a chroot jail, which is how I can get 
away with this. smtp does run in a chroot jail, but has it's own 
saslauthd with
   OPTIONS=-c -m /var/spool/postfix/var/run/saslauthd

I don't remember anyone mentioning this possibility (running multiple 
saslauthd daemons) in any howto; most people seem to jump through 
inordinate hoops to get all other programs to use the sasl socket in the 
smtp chroot jail, which seems to unnecessarily complicate things.


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

Re: cyradm and allowing only encrypted passwords with 2.3.16?

[Patrick Goetz]

On 10/04/2010 11:41 AM, Wesley Craig wrote:
 I understood that, tho I did notice you pasted the 2.2.x error, not the 2.3.x 
 error.


Nope, this is precisely the error I'm getting on my 2.3.16 install:
ibis:~~$ dpkg -l | grep cyrus-common
ii  cyrus-common-2.32.3.16-1 
   Cyrus mail system - common files
ibis:~~$ cyradm localhost
Login disabled.
cyradm: cannot authenticate to server as pgoetz
ibis:~~$


 Why would you suppose it's a dead tool?  Because it has a bug?


I'm just asking because it's not working for me when I disable plain 
text authentication.  :)

See my previous message for efforts to use cyradm
[--auth mechanism] [--tlskey keyfile] flags to get around this.




Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

Re: cyradm and allowing only encrypted passwords with 2.3.16?

[Andrew Morgan]

On Mon, 4 Oct 2010, Patrick Goetz wrote:

 On 10/04/2010 08:41 AM, Wesley Craig wrote:

 TLS isn't available to Cyrus::IMAP pre 2.3.2.  I expect it's a bug.


 Sorry,I didn't specifically say that I'm using the latest release, 2.3.16.


 I find cyradm to be very convenient to use for smaller sites, but is
 this essentially a dead tool and I need to be rolling my own
 administrative tools?

We have some of our own scripts we use, of course, but cyradm works fine 
for me with TLS:

cyrus-be4:~# cyradm --user cyrus --tlskey '' localhost
verify error:num=19:self signed certificate in certificate chain
Password:
localhost


This is Cyrus 2.3.16.

Andy



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

Re: cyradm and allowing only encrypted passwords with 2.3.16?

[Patrick Goetz]

On 10/04/2010 12:29 PM, Andrew Morgan wrote:

 cyrus-be4:~# cyradm --user cyrus --tlskey '' localhost


That did it!  The trick is to use --tlskey with an empty field as 
demonstrated above. Who knew?

--
ibis:~~$ cyradm --user pgoetz --tlskey '' localhost
verify error:num=18:self signed certificate
Password:
localhost
--


Thanks for your help with this.  The next question is how anyone would 
have figured this out without help from this list..



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

Re: cyradm and allowing only encrypted passwords with 2.3.16?

[Andrew Morgan]

On Mon, 4 Oct 2010, Patrick Goetz wrote:

 On 10/04/2010 12:29 PM, Andrew Morgan wrote:

 cyrus-be4:~# cyradm --user cyrus --tlskey '' localhost


 That did it!  The trick is to use --tlskey with an empty field as
 demonstrated above. Who knew?

 --
 ibis:~~$ cyradm --user pgoetz --tlskey '' localhost
 verify error:num=18:self signed certificate
 Password:
 localhost
 --


 Thanks for your help with this.  The next question is how anyone would
 have figured this out without help from this list..

I took it from the help for imtest:

   -t file  : Enable TLS. file has the TLS public and private keys
  (specify  to not use TLS for authentication)

Not exactly obvious!  :)

Andy

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

Re: cyradm and allowing only encrypted passwords with 2.3.16?

[Dan White]

On 04/10/10 11:51 -0500, Patrick Goetz wrote:
On 10/04/2010 11:07 AM, Dan White wrote:

 You can connect via a non plaintext mechanism, like digest-md5.


This seems like a straightforward case of RTFM, but how does one
determine the auth mechanism?  I'm using saslauthd, pam, and have a
self-signed certificate (which I know works):

saslauthd does not support shared secret mechanisms (you'd need to use an
auxprop plugin to do so).

with cyradm, you'd choose the mechanism with the '--auth' option. See:

http://www.cyrusimap.org/docs/cyrus-sasl/2.1.23/sysadmin.php

for details.

-- 
Dan White

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

Re: cyradm and allowing only encrypted passwords with 2.3.16?

[Wesley Craig]

On 04 Oct 2010, at 13:37, Patrick Goetz wrote:
 On 10/04/2010 12:29 PM, Andrew Morgan wrote:
 cyrus-be4:~# cyradm --user cyrus --tlskey '' localhost
 
 That did it!  The trick is to use --tlskey with an empty field as 
 demonstrated above. Who knew?

That's a bug, please report it.  It ought to notice that there are no auth 
mechs in common, implicitly try TLS, and look again for common auth mechs.  
That it doesn't is a flaw, not an undocumented feature.

:wes

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

cyradm lm wildcard and the @ sign

[Berend de Boer]

Hi people,

I'm looking for a way to list all mailboxes for a given domain,
i.e. in cyradm:

  lm *...@example.com*

This does not return anything.

  lm *example.com*

does though. It appears the @ sign screws up the wildcard matching.

But what I really really need is the ability to list the mailboxes of
a given user, i.e.:

  lm user.j...@example.com*

but this does not work. Is there any workaround or fix?

My environment is Ubuntu 9.10 (Karmic) with Cyrus 2.2.

-- 
All pointers appreciated,

Berend de Boer

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: cyradm lm wildcard and the @ sign

[Reinaldo de Carvalho]

On Wed, May 12, 2010 at 3:34 PM, Berend de Boer ber...@pobox.com wrote:
 Hi people,

 I'm looking for a way to list all mailboxes for a given domain,
 i.e. in cyradm:

  lm *...@example.com*

 This does not return anything.

  lm *example.com*

 does though. It appears the @ sign screws up the wildcard matching.

 But what I really really need is the ability to list the mailboxes of
 a given user, i.e.:

  lm user.j...@example.com*

 but this does not work. Is there any workaround or fix?


Maybe the authenticated user isn't global admin.

-- 
Reinaldo de Carvalho
http://korreio.sf.net
http://python-cyrus.sf.net

Don't try to adapt the software to the way you work, but rather
yourself to the way the software works (myself)

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: cyradm lm wildcard and the @ sign

[Berend de Boer]

 Reinaldo == Reinaldo de Carvalho reinal...@gmail.com writes:

 I'm looking for a way to list all mailboxes for a given domain,
 i.e. in cyradm:
 
  lm *...@example.com*
 
 This does not return anything.
 
  lm *example.com*
 
 does though. It appears the @ sign screws up the wildcard
 matching.

 Maybe the authenticated user isn't global admin.

Clearly I can get the mailboxes to list if I don't use the @ sign so
doesn't that indicate I am indeed the global admin?

The user I'm logged in at can change the acl on all mailboxes for
example, so that indicates to me it is a global admin as wel.

-- 
Cheers,

Berend de Boer

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: cyradm lm wildcard and the @ sign

[Reinaldo de Carvalho]

On Wed, May 12, 2010 at 4:04 PM, Berend de Boer ber...@pobox.com wrote:

 Clearly I can get the mailboxes to list if I don't use the @ sign so
 doesn't that indicate I am indeed the global admin?

 The user I'm logged in at can change the acl on all mailboxes for
 example, so that indicates to me it is a global admin as wel.


I agree. Try:

# all mailboxes
$ nc server 143
* OK maindeua Cyrus IMAP4 [...] server ready
. LOGIN admin password
. OK User logged in
. LIST * *...@example.com

# user top folders
$ nc server 143
* OK maindeua Cyrus IMAP4 [...] server ready
. LOGIN admin password
. OK User logged in
. LIST * user/%...@example.com





-- 
Reinaldo de Carvalho
http://korreio.sf.net
http://python-cyrus.sf.net

Don't try to adapt the software to the way you work, but rather
yourself to the way the software works (myself)

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html