On 01/08/19 20:12 +0100, James B Byrne wrote:
FreeBSD-11.2p7
cyrus-imapd30-3.0.8_2
cyrus-sasl-saslauthd-2.1.27
cyrus-sasl-2.1.27
This morning we upgraded our cyrus_imap server using the FreeBSD pkg package
manager. Following this we are unable to authenticate with imap. The error we
receive
as best I can, but no go. I say
again this has all worked for years, albeit with an always empty imapd.log
There must be some missing cyrus syslog configuration.
On 29/11/2018 14:39, Dan White wrote:
On 11/29/18 00:46 +, Charles Bradshaw wrote:
Nov 27 15:18:36 dell2600-1 sendmail[4801
packages, like Debian, modifiy the syslog facility, so you may need
to consult your system documentation if that doesn't give appropriate output.
On 28/11/2018 16:12, Dan White wrote:
On 11/28/18 15:21 +, Charles Bradshaw via Info-cyrus wrote:
My tests while logged in to the server as brad:
Nov 27
/usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: auxprop
#
sasl_auxprop_plugin:sql
#
allowplaintext: no
unixhierarchysep: yes
virtdomains: userid
#
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To
On 11/06/18 14:06 -0600, Robert Covell wrote:
Hello All,
Have a few weird situations that I have been unable to find solutions to.
Server:
CentOS release 6.x
cyrus-imapd-2.4.17-6.el5.src.rpm (Simon Matter)
Client:
Outlook 2013
Our client is using Cyrus to store related emails for their
On 11/01/18 21:25 +, Marty Lee wrote:
Forgive me asking this question, we’ve just had a server disk that’s starting
to die in a remote location, and I’m frantically trying to clone some IMAP
users onto another server - along with a number of other things.
Despite imapd.conf having
cassandra_mechs: PLAIN
sasl_saslauthd_path: /global/cyrus/var/state/saslauthd/mux
imap1_mechs: PLAIN
sasl_mech_list: plain
sasl_auto_transition: no
sasl_pwcheck_method: saslauthd
partition-default: /global/cyrus/mail
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http
fully able to log in.
However, the ". list *.*" command now produces a list of every folder
in the example.ca subdomain, not just the specified user's mailbox.
Anyone know what's going on here?
The LOGIN mech does not support proxy authentication:
https://www.sendmail.org/~ca/email/cyrus2/mecha
On 04/28/18 20:43 +0200, Dr. Harry Knitter wrote:
after upgrading debian wheezy to jessie a socket has gone:
/var/run/cyrus/socket/lmtp
How to get out of this problem?
The lmtp unix domain socket is started by master via its /etc/cyrus.conf
config file, commonly in an entry called 'lmtpunix',
e mailboxes with something like this:
imap_setacl ($mbox, "user/".$argv[1]."/*",
$wrongname."todelete", "");
imap_setacl ($mbox, "user/".$argv[1]."/*", $argv[1],
"lrswipkxtea");
But it seems imap_setacl can't use wildcards.
On 01/22/18 19:02 -0300, Heiler Bemerguy via Info-cyrus wrote:
Em 22/01/2018 18:46, Dan White escreveu:
On 01/22/18 17:44 -0300, Heiler Bemerguy via Info-cyrus wrote:
imap_renamemailbox($mbox, "$mailbox", "$mailbox"."TODELETE")
Was this performed as an admin?
hing about this system was that it had lots of goals."
--Jim Morris on Andrew
user.iury^pinto 78e57a515a664ca1
The '^' implies you have unixhierarchysep turned off, based on this:
https://www.cyrusimap.org/imap/concepts/features/namespaces.html?highlight=internal
See the /doc/inte
/419
I'd really like to make a final release by Christmas as promised, but
I also don't want to make a release that folks will have to patch
immediately.
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus
On 09/19/17 11:28 -0400, Michael Sofka wrote:
On 09/19/2017 10:12 AM, Dan White wrote:
The botnet is still hammering away, checking those old accounts.
But the bottleneck appears to have been saslauthd threads.
Doubling the thread count from 5 to 10 has resolved the problem
for now
my reading of the documentation (2.4.17/18) is that
user_deny.db is a flat file by default, so I will need to set
userdeny_db to something like skiplist, or berkeley, etc. Any
suggestions on a good choice assuming the list could grow to a few
thousand? Any documentation on the sql option?
--
/Using_iptables_to_rate-limit_incoming_connections
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
On 07/28/17 11:27 +0200, Gabriele Bulfon wrote:
Hi, is there any valid way to impersonate using authorization on timsieved?
I tried with:
AUTHENTICATE "PLAIN" "x"
creating the auth string with a perl script as:
encode_base64($authid."\x00".$username."\x00".$password."")
being :
On 02/16/17 16:10 -0600, Kenneth Marshall wrote:
We are running version cyrus-imapd-2.5.10, and even though no databases
in imapd.conf default to berkeleydb, something is still using it. Here
are our database definitions from our imapd.conf:
duplicate_db_path: /dev/shm/cyrus-imapd/duplicate_db
and results
in the error I'm seeing.
By any chance do you have any auxprop plugin defined?
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Or is there a more "proper" way using cyrus?
I've found mutt to be useful for this type of maintenance, which can sort
messages by size, and can delete ranges. If you don't have access to user
passwords, set up a 'proxyservers' authz identity to access their
mailboxes.
--
Dan White
Cyrus
on?
Have a look at doc/programming.html#callbacks_interactions within the cyrus
sasl source. Can you provide an example which includes callbacks that is
not working as expected?
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/
On 06/23/16 16:49 +0200, Eric Luyten via Info-cyrus wrote:
On Wed, June 22, 2016 6:02 pm, Dan White wrote:
To enable SASL LOGIN support, add 'LOGIN' to your sasl_mech_list. Don't
confuse login with pre-sasl user/pass authentication.
If Office 365 isn't performing TLS, you'll need to configure
-sasl user/pass authentication.
If Office 365 isn't performing TLS, you'll need to configure
sasl_minimum_layer and allowplaintext appropriately.
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https
On 04/06/2016 01:32 PM, Dan White wrote:
On 04/06/16 13:20 -0500, Jack Snodgrass via Info-cyrus wrote:
Is there a documented process for taking a system from: Cyrus
v2.2.13 to Cyrus v2.4.17
Check the upgrade instructions here:
https://cyrusimap.org/docs/cyrus-imapd/2.5.3/install-upgrade.php
on the older version (on the new system), such as a legacy berkeleydb
version.
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
is also a solution, but given over 600
unique users have logged in today, I'd rather not dump that load on
the service desk.
You can set a system wide motd, but it's unlikely all clients will honor
it.
See the cyradm manpage.
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List
On 11/12/15 21:22 +0100, Daniel Schröter wrote:
Hello,
On 11/11/2015 10:13 PM, Dan White wrote:
What does syslog say?
Nothing special. Mail to cyrus.test and cyrus.test2. But only
cyrus.test2 appears in the logs:
I'm reordering, to make this easier to follow:
Nov 12 21:09:45 fetchmail
On 11/12/15 22:04 +0100, Daniel Schröter wrote:
On 11/12/2015 09:47 PM, Dan White wrote:
Are you using fetchmail to deliver these messages?
Yes, and that's the problem. Thanks very much.
My provider doesn't set the "Envelope-to" correct for more then one
recipient :-(
T
= noanonymous,noplaintext
smtp_sasl_tls_security_options = noanonymous
smtp_use_tls = yes
smtpd_banner = The SMTP-Server
What does syslog say? What type of filesystem do you have? What does your
cyrus.conf config look like?
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info
by the plain and passdss sasl mechanisms.
See:
http://www.cyrussasl.org/docs/cyrus-sasl/2.1.25/sysadmin.php
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman
with regards to cyrus
services.
As a test, you could created a dummy service pam configuration, such as
/etc/pam.d/willthiswork, with your ldap/sssd configuration, then then run
testsaslauthd with '-s willthiswork ...'.
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archi
other mailboxes they are not affected. Reconstructing it corrects
>> the issue, luckily our backups do not propagate deletes.
>>
>> Problem is that we can’t find any record of the mailbox being deleted. The
>> content just disappears. We have been running Cyrus for years and have
>&
he client. That output would be
invaluable to the developers when opening a ticket (with whichever project
is to blame).
If you believe this is a bug in Cyrus, you can file it here:
http://cyrusimap.org/mediawiki/index.php/Report_A_Bug
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List
). SELinux/AppArmor should have some way to prevent trivial access.
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
sql entry
when sql_select is called. That would require 'sasl_auxprop_plugin: sql' to
be configured.
Or you could process your syslog (local6/mail/auth).
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe
annotation on the mailbox.
It's lightly documented in the changes file.
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
15427 (imapd)
score 1 or sacrifice child
Aug 14 06:26:01 postoffice kernel: Killed process 15427 (imapd)
total-vm:179648kB, anon-rss:7756kB, file-rss:672kB
How many processes spawn is configurable within /etc/cyrus.conf. How do you
have your imap entries configured?
--
Dan White
Cyrus Home
On 08/14/15 08:11 -0700, Shaheen Bakhtiar wrote:
On Aug 14, 2015, at 8:03 AM, Dan White dwh...@olp.net wrote:
On 08/14/15 07:46 -0700, Shaheen Bakhtiar wrote:
Ever since the rebuild we are experience an ever growing number of imapd
processes, when we first boot the server we have ~200 using
to get it sorted.
https://www.ietf.org/rfc/rfc4314.txt
You want 't' and not 'x'.
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
.
On 07/30/15 19:09 +0100, John wrote:
I set the ACL to lrswiptek and it then shows as lrswipktecd. Have I
missed a database migration step at some point in the past? The current
server is running 2.4.12 (and I have a project to move it all to 2.5.x
soon).
John
On 30/07/15 16:37, Dan White wrote
/cyrus-imapd/2.5.4/install-murder.php
For further assistance, provide redacted copies of your /etc/imapd.conf,
/etc/cyrus.conf, and saslauthd.conf (if existing) files for both the
frontent and backend servers.
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http
for sasl related problems. Does
imap authentication (imtest) succeed?
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
maxchild=20
lmtpunix cmd=lmtpd listen=/var/run/cyrus/socket/lmtp prefork=0
maxchild=20
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
On 07/20/15 19:15 +0200, Marcus Schopen wrote:
Hi Dan,
Am Montag, den 20.07.2015, 08:33 -0500 schrieb Dan White:
It appears you may be performing sasl EXTERNAL authentication. Your
auth-facility syslog should confirm that.
How do I do that?
libsasl logs to the auth facility. Check your syslog
?
If the email is junk, there may be configuration options within postfix to
disallow such emails.
Attach a debugger to trouble shoot lmtpd. See the cyrus.conf and lmtpd
manpages, and:
http://members.sange.fi/~atehwa/vc/packaging/cyrus-imapd/debian/README.Debian.debug
--
Dan White
Cyrus Home Page
. Be aware
that specifying '-m login' (for imtest only) will fall back to using
pre-sasl 'login' authentication, or at least it used to.
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https
/lib/imap/server.pem
#tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
# uncomment this if you're operating in a DSCP environment (RFC-4594)
# qosmarking: af13
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http
wise.
Referencing syslog on the backend is the best way to flesh this out.
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
cmd=lmtpd -a listen=lmtp prefork=0
in main.cf of smtp server :--
lmtp_destination_concurrency_limit = 100
lmtp_destination_recipient_limit = 0
How many lmtp processes do you see spawned in this scenario?
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http
database or a invalid database format.
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
On 04/29/15 17:21 +0200, hw wrote:
Am 29.04.2015 um 16:14 schrieb Dan White:
On 04/29/15 16:07 +0200, hw wrote:
Hi,
is there a way to reduce the log output from cyrus? A lot, if not most,
entries say 'imaps[20670]: fetching user_deny.db entry for ...', which
seems to be a rather useless
On 04/29/15 18:35 +0200, hw wrote:
Am 29.04.2015 um 18:15 schrieb Dan White:
Does this mean that before 2.5.1, the database is being opened and
closed all the time, yielding a log message?
Correct. But that was an error produced if the user_deny.db file didn't
exist, and ended up flooding
On 04/07/15 17:50 +0200, Luca Olivetti wrote:
El 07/04/15 a les 17:31, Dan White ha escrit:
localhost sam m_sist group:m_sist lrw
setaclmailbox: group:m_sist: lrw: Invalid identifier
localhost
Could this be a permissions problem? Can the cyrus user successfully
execute the getent command
://cyrusimap.org/docs/cyrus-imapd/2.4.17/overview.php#aclauth
If your group information is exposed over an LDAP backend, consider using
pts.
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https
NO Did not specify legal script data length
I don't know what the correct syntax is and, even worse, I don't know where
to look it up?
See RFC 5804.
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe
impact in mailbox, indexes and whole server performances? In other
words, does performances degrade only for Archive folder selection, or
for all mailbox too?
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus
unfamiliar with the EXPIRED response code or what Cyrus' plans are for
supporting it.
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
On 02/17/15 12:31 -0600, Jason L Tibbitts III wrote:
DW == Dan White dwh...@olp.net writes:
DW There is an annotation (/comment) which you can set per mailbox,
DW which should result in an alert being displayed:
Checking that again, I'm not sure that's the case. There's a
misformatting
. imapext). You would not configure any
entries for imapint which would allow access to all internal connections by
default.
I'm not aware of a way to restrict devices (I'm assuming, based on a client
string?). There may be 3rd party imap proxies that can assist with that.
--
Dan White
Cyrus Home
+0100, Niels Dettenbach wrote:
Ive done a
strace -f -p on the master process which brought out:
See /usr/share/doc/cyrus-imapd-2.x/README.Debian.debug.gz for help in
debugging a particular service.
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http
? Try:
ldd `which ldapsearch`
And verify that the linked sasl library is the same as for slapd, or if
not, uses a good libsasl installation. Also, you may want to try ldapsearch
from another system with a known good sasl installation.
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org
-config(5).
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
On 12/23/14 16:07 +0100, Willy Offermans wrote:
Hello Dan,
On Tue, Dec 23, 2014 at 08:50:07AM -0600, Dan White wrote:
On 12/23/14 15:22 +0100, Gabriele Bulfon wrote:
How can I let saslauthd support both configurations?
Is the server OpenLDAP? If so, using olcAuthzRegexp would be a far more
/2.1.25/components.php
If using the Ubuntu sasl packages, use saslpluginview to list available
plugins.
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info
On 12/16/14 08:23 -0600, Dan White wrote:
If using the Ubuntu sasl packages, use saslpluginview to list available
plugins.
Make that 'saslpluginviewer'.
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus
in the call to sasl_server_new (See the manpage). Cyrus
imapd hard codes the service names, and they are not configurable. Grep
through the cyrus imap source for that function call to determine which pam
file to configure for each service.
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org
all groups in the system). If that happens every time a user
attempts to open a mailbox, your system will fall over. The other
auth_mechs, such as ldap, can make that process efficient.
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu
against the same version of glibc as
cyrus imap, as well as any libraries your auxprop plugin uses i.e. libldap
or sql).
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu
:
# exclude shared secret mechanisms
mech_list: plain login external gssapi
See:
http://www.cyrussasl.org/docs/cyrus-sasl/2.1.25/options.php
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https
it shouldn't be taking up much space. Depending on
configuration, you may have some lingering files underneath your
configdirectory hierarchy as well.
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe
quota.
A better approach is to use Postfix policy script which can query mailbox
state before accepting the message, such as by communicating with the smmap
socket.
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus
Is there any way of getting more debug information out of the backend without
modifying the code itself?
Add 'sasl_log_level: 7' to imapd.conf, and verify your syslog daemon is
logging 'auth.*'.
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu
On 03/26/14 11:45 -0700, Marc Fournier wrote:
On Mar 26, 2014, at 11:25 , Dan White dwh...@olp.net wrote:
What does your imapd.conf config look like? In particular the sasl_*,
virtdomain, defaultdomain, allowplaintext, and loginrealms options.
configdirectory: /var/spool/imap
partition
On 03/26/14 11:45 -0700, Marc Fournier wrote:
On Mar 26, 2014, at 11:25 , Dan White dwh...@olp.net wrote:
What does your imapd.conf config look like? In particular the sasl_*,
virtdomain, defaultdomain, allowplaintext, and loginrealms options.
configdirectory: /var/spool/imap
partition-default
steps:
saslpasswd2 -u domain.tld info
testsaslauthd -u info -r domain.tld -p Pa77w0rd
0: OK Success.
testsaslauthd -u i...@domain.tld -p Pa77w0rd
0: NO authentication failed
With saslauthd, you may wish to experiment with the '-r' option
(/etc/default/saslauthd OPTIONS).
--
Dan White
Cyrus Home
On 03/07/14 22:02 +0100, Andrey wrote:
Hi
this was very helpful:
sasl_auxprop_plugin: sasldb
But is works only in combination with:
sasl_pwcheck_method: saslauth
'sasl_pwcheck_method: auxprop' is really what you want here. saslauthd and
testsaslauthd are no longer needed.
--
Dan White
On 03/07/14 16:33 -0600, Dan White wrote:
On 03/07/14 22:02 +0100, Andrey wrote:
Hi
this was very helpful:
sasl_auxprop_plugin: sasldb
But is works only in combination with:
sasl_pwcheck_method: saslauth
'sasl_pwcheck_method: auxprop' is really what you want here. saslauthd and
testsaslauthd
and imap users. Separated sasldb
databases would be great.
Set 'sasl_sasldb_path: path1' in /etc/imapd.conf, and 'sasldb_path:
path2' in your sendmail sasl config. Use -f when creating or updating users
with saslpasswd2.
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info
will always fail on that attempt.
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
unless TLS client
authentication was successful during the starttls step.
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
ways.
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
imap[3440]: OTP unavailable because can't
read/write key database /etc/opiekeys: Permission denied
In imapd.conf, set:
sasl_mech_list: PLAIN LOGIN EXTERNAL
to remove some extraneous error messages. Try specifying a mechanism
(--auth=PLAIN) in your cyradm command.
--
Dan White
Cyrus Home
in the logs.
Does it matter that the cyrus user isn't cyrus ?
I'm new to cyrus and was handed this server already in use so pardon my
ignorance.
Thanks,
Josh
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe
: test user
sn: user
uid: tuser
mail: tu...@example.com
userPassword: password
authorizedService: mail
authorizedService: svn
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https
You may need a different or better authz-regexp rule here, or you may need
to adjust your authzto/authzfrom rules. See:
http://www.openldap.org/doc/admin24/sasl.html#SASL Proxy Authorization
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu
to prevent local access (from a physical administrator),
or remote access via root login?
How does cyrus differ from other email stores that you've dealt with
(security wise)?
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info
the standard mux location. See:
http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.info-cyrusmsg=54942
for options.
For trouble shooting, I run saslauthd in debug mode to verify imapd is able
to communicate with the saslauthd mux.
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org
need to apply this patch if your OS's package has not
included them:
http://code.uoa.gr/p/cyrus/autocreate/
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman
the same
password, email as postfix uses it? Is it possible that when I add
new account on my DB, it will create the mailbox automatically?
What does your postfix config look like? Does it use sasl to authenticate
your users?
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List
the postfix chroot.
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
allow clients to connect
directly to one), you will likely see authentication failures from clients
attempting digest-md5 auth, unless those users exist within your auxprop
database.
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu
tls_sieve_require_cert: false
What log entries do you see during TLS authentication? Verify that this is
a server side problem with imtest.
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https
On 12/03/13 19:52 +0200, Stefan Gofferje wrote:
On 12/03/2013 04:39 PM, Dan White wrote:
What log entries do you see during TLS authentication?
Dec 3 19:13:10 home imap[17224]: SSL_accept() succeeded - done
Dec 3 19:13:10 home imap[17224]: starttls: TLSv1 with cipher
DHE-RSA-CAMELLIA256-SHA
(for cyrus-imap) instead of
local6. And Debian configures a verbose level by default.
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
setting tls_cipher_list. See imapd.conf(5) and ciphers(1).
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
. There isn't much
there about Sieve besides logins.
I ran sivtest and all seems good there. I'm not sure what to look for.
Any ideas? Help is appreciated.
Did you activate the uploaded script? Was the script successfully compiled
to bytecode?
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org
believe it's based on a previously circulated patch that
you google for.
Using such a configuration will require you to use the PLAIN or LOGIN
mechanisms (or pre-sasl login/pass IMAP authentication).
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http
]: do_auth : auth failure:
[user=testcapital.domain] [service=imap] [realm=] [mech=pam]
[reason=PAM auth error]
What is the best solution to work around this?
Do you get the same result with imtest?
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http
(search
for 'canon').
The best source of documentation is the cyrus-sasl mailing list archives.
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
On 102/2/26 下午 10:30, Dan White wrote:
On 02/26/13 13:26 +0800, Lingfeng Xiong wrote:
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: ldapdb
sasl_ldapdb_uri: ldap://MY-LDAP-SERVER
sasl_ldapdb_id: CYRUS-PROXY-USER-NAME
sasl_ldapdb_pw: CYRUS-PROXY-USER-PASSWORD
sasl_ldapdb_mech: DIGEST-MD5
1 - 100 of 402 matches
Mail list logo