Re: Best way to auth cyrus 3.x to an AD domain setup

2019-02-25 Thread Dan White
On 02/25/19 11:45 +0100, Lars Schimmer wrote: Ok, after sasldb2 file is not good anymore, I want to ask user passwords from our AD Domain setup. I had a short search and I did find several methosd to let cyrus3 ask for users/pwasswords from a AD server, but all are kinda old. E.g. using krb5

Re: upgrade to cyrus_imap or saslauth or both gon horribly wrong

2019-01-08 Thread Dan White
On 01/08/19 20:12 +0100, James B Byrne wrote: FreeBSD-11.2p7 cyrus-imapd30-3.0.8_2 cyrus-sasl-saslauthd-2.1.27 cyrus-sasl-2.1.27 This morning we upgraded our cyrus_imap server using the FreeBSD pkg package manager. Following this we are unable to authenticate with imap. The error we receive

Re: suddenly 'User unknown'?

2018-11-29 Thread Dan White
as best I can, but no go. I say again this has all worked for years, albeit with an always empty imapd.log There must be some missing cyrus syslog configuration. On 29/11/2018 14:39, Dan White wrote: On 11/29/18 00:46 +, Charles Bradshaw wrote: Nov 27 15:18:36 dell2600-1 sendmail[4801

Re: suddenly 'User unknown'?

2018-11-29 Thread Dan White
packages, like Debian, modifiy the syslog facility, so you may need to consult your system documentation if that doesn't give appropriate output. On 28/11/2018 16:12, Dan White wrote: On 11/28/18 15:21 +, Charles Bradshaw via Info-cyrus wrote: My tests while logged in to the server as brad: Nov 27

Re: suddenly 'User unknown'?

2018-11-28 Thread Dan White
/usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: auxprop # sasl_auxprop_plugin:sql # allowplaintext: no unixhierarchysep: yes virtdomains: userid # -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To

Re: Missing Email & Folders

2018-11-06 Thread Dan White
On 11/06/18 14:06 -0600, Robert Covell wrote: Hello All, Have a few weird situations that I have been unable to find solutions to. Server: CentOS release 6.x cyrus-imapd-2.4.17-6.el5.src.rpm (Simon Matter) Client: Outlook 2013 Our client is using Cyrus to store related emails for their

Re: Cyrus IMAP 'CAPABILITIES' and 'AUTH=PLAIN'

2018-11-01 Thread Dan White
On 11/01/18 21:25 +, Marty Lee wrote: Forgive me asking this question, we’ve just had a server disk that’s starting to die in a remote location, and I’m frantically trying to clone some IMAP users onto another server - along with a number of other things. Despite imapd.conf having

Re: Frontend couldn't authenticate to backend server: authentication failure

2018-06-01 Thread Dan White
cassandra_mechs: PLAIN sasl_saslauthd_path: /global/cyrus/var/state/saslauthd/mux imap1_mechs: PLAIN sasl_mech_list: plain sasl_auto_transition: no sasl_pwcheck_method: saslauthd partition-default: /global/cyrus/mail -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http

Re: Virtual domain admin login behaviour

2018-04-30 Thread Dan White
fully able to log in. However, the ". list *.*" command now produces a list of every folder in the example.ca subdomain, not just the specified user's mailbox. Anyone know what's going on here? The LOGIN mech does not support proxy authentication: https://www.sendmail.org/~ca/email/cyrus2/mecha

Re: Problem after upgrading debian wheezy to jessie

2018-04-28 Thread Dan White
On 04/28/18 20:43 +0200, Dr. Harry Knitter wrote: after upgrading debian wheezy to jessie a socket has gone: /var/run/cyrus/socket/lmtp How to get out of this problem? The lmtp unix domain socket is started by master via its /etc/cyrus.conf config file, commonly in an entry called 'lmtpunix',

Re: please HELP

2018-01-23 Thread Dan White
e mailboxes with something like this:     imap_setacl ($mbox, "user/".$argv[1]."/*", $wrongname."todelete", "");     imap_setacl ($mbox, "user/".$argv[1]."/*", $argv[1], "lrswipkxtea"); But it seems imap_setacl can't use wildcards.

Re: please HELP

2018-01-22 Thread Dan White
On 01/22/18 19:02 -0300, Heiler Bemerguy via Info-cyrus wrote: Em 22/01/2018 18:46, Dan White escreveu: On 01/22/18 17:44 -0300, Heiler Bemerguy via Info-cyrus wrote: imap_renamemailbox($mbox, "$mailbox", "$mailbox"."TODELETE") Was this performed as an admin?

Re: please HELP

2018-01-22 Thread Dan White
hing about this system was that it had lots of goals."     --Jim Morris on Andrew user.iury^pinto 78e57a515a664ca1 The '^' implies you have unixhierarchysep turned off, based on this: https://www.cyrusimap.org/imap/concepts/features/namespaces.html?highlight=internal See the /doc/inte

Re: SASL 2.1.27 rc6

2017-12-20 Thread Dan White
/419 I'd really like to make a final release by Christmas as promised, but I also don't want to make a release that folks will have to patch immediately. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus

Re: Bad logins bogging down server

2017-09-19 Thread Dan White
On 09/19/17 11:28 -0400, Michael Sofka wrote: On 09/19/2017 10:12 AM, Dan White wrote: The botnet is still hammering away, checking those old accounts.  But the bottleneck appears to have been saslauthd threads.  Doubling the thread count from 5 to 10 has resolved the problem for now

Re: Using user_deny.db

2017-09-19 Thread Dan White
my reading of the documentation (2.4.17/18) is that user_deny.db is a flat file by default, so I will need to set userdeny_db to something like skiplist, or berkeley, etc. Any suggestions on a good choice assuming the list could grow to a few thousand? Any documentation on the sql option? --

Re: Bad logins bogging down server

2017-09-19 Thread Dan White
/Using_iptables_to_rate-limit_incoming_connections -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Sieve impersonate

2017-07-28 Thread Dan White
On 07/28/17 11:27 +0200, Gabriele Bulfon wrote: Hi, is there any valid way to impersonate using authorization on timsieved? I tried with: AUTHENTICATE "PLAIN" "x" creating the auth string with a perl script as: encode_base64($authid."\x00".$username."\x00".$password."") being :

Re: Cyrus IMAP 2.5.10 BerkeleyDB use?

2017-02-16 Thread Dan White
On 02/16/17 16:10 -0600, Kenneth Marshall wrote: We are running version cyrus-imapd-2.5.10, and even though no databases in imapd.conf default to berkeleydb, something is still using it. Here are our database definitions from our imapd.conf: duplicate_db_path: /dev/shm/cyrus-imapd/duplicate_db

Re: Can't authorize as different user in cyradm and sieveshell

2016-11-21 Thread Dan White via Info-cyrus
and results in the error I'm seeing. By any chance do you have any auxprop plugin defined? -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: command line deletion of files

2016-09-29 Thread Dan White via Info-cyrus
Or is there a more "proper" way using cyrus? I've found mutt to be useful for this type of maintenance, which can sort messages by size, and can delete ranges. If you don't have access to user passwords, set up a 'proxyservers' authz identity to access their mailboxes. -- Dan White Cyrus

Re: imclient_authenticate wrong prompt order.

2016-09-26 Thread Dan White via Info-cyrus
on? Have a look at doc/programming.html#callbacks_interactions within the cyrus sasl source. Can you provide an example which includes callbacks that is not working as expected? -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/

Re: Migrating mailbox data from Cyrus to MicroSoft Office 365 using their import tool.

2016-06-23 Thread Dan White via Info-cyrus
On 06/23/16 16:49 +0200, Eric Luyten via Info-cyrus wrote: On Wed, June 22, 2016 6:02 pm, Dan White wrote: To enable SASL LOGIN support, add 'LOGIN' to your sasl_mech_list. Don't confuse login with pre-sasl user/pass authentication. If Office 365 isn't performing TLS, you'll need to configure

Re: Migrating mailbox data from Cyrus to MicroSoft Office 365 using their import tool.

2016-06-22 Thread Dan White via Info-cyrus
-sasl user/pass authentication. If Office 365 isn't performing TLS, you'll need to configure sasl_minimum_layer and allowplaintext appropriately. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https

Re: Migrating IMAP from Cyrus v2.2.13 to Cyrus v2.4.17

2016-04-06 Thread Dan White via Info-cyrus
On 04/06/2016 01:32 PM, Dan White wrote: On 04/06/16 13:20 -0500, Jack Snodgrass via Info-cyrus wrote: Is there a documented process for taking a system from: Cyrus v2.2.13 to Cyrus v2.4.17 Check the upgrade instructions here: https://cyrusimap.org/docs/cyrus-imapd/2.5.3/install-upgrade.php

Re: Migrating IMAP from Cyrus v2.2.13 to Cyrus v2.4.17

2016-04-06 Thread Dan White via Info-cyrus
on the older version (on the new system), such as a legacy berkeleydb version. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Is there a way to send custom warning to all IMAP users?

2016-03-28 Thread Dan White via Info-cyrus
is also a solution, but given over 600 unique users have logged in today, I'd rather not dump that load on the service desk. You can set a system wide motd, but it's unlikely all clients will honor it. See the cyradm manpage. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List

Re: mail to multiple recipient doesn't work

2015-11-12 Thread Dan White via Info-cyrus
On 11/12/15 21:22 +0100, Daniel Schröter wrote: Hello, On 11/11/2015 10:13 PM, Dan White wrote: What does syslog say? Nothing special. Mail to cyrus.test and cyrus.test2. But only cyrus.test2 appears in the logs: I'm reordering, to make this easier to follow: Nov 12 21:09:45 fetchmail

Re: mail to multiple recipient doesn't work

2015-11-12 Thread Dan White via Info-cyrus
On 11/12/15 22:04 +0100, Daniel Schröter wrote: On 11/12/2015 09:47 PM, Dan White wrote: Are you using fetchmail to deliver these messages? Yes, and that's the problem. Thanks very much. My provider doesn't set the "Envelope-to" correct for more then one recipient :-( T

Re: mail to multiple recipient doesn't work

2015-11-11 Thread Dan White via Info-cyrus
= noanonymous,noplaintext smtp_sasl_tls_security_options = noanonymous smtp_use_tls = yes smtpd_banner = The SMTP-Server What does syslog say? What type of filesystem do you have? What does your cyrus.conf config look like? -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info

Re: difference between checkpass failed and Password verification failed

2015-11-06 Thread Dan White via Info-cyrus
by the plain and passdss sasl mechanisms. See: http://www.cyrussasl.org/docs/cyrus-sasl/2.1.25/sysadmin.php -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman

Re: cyrus mailbox authentication changing from NIS to LDAP

2015-09-18 Thread Dan White
with regards to cyrus services. As a test, you could created a dummy service pam configuration, such as /etc/pam.d/willthiswork, with your ldap/sssd configuration, then then run testsaslauthd with '-s willthiswork ...'. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archi

Re: Disappearing Mailbox Content

2015-09-09 Thread Dan White
other mailboxes they are not affected. Reconstructing it corrects >> the issue, luckily our backups do not propagate deletes. >> >> Problem is that we can’t find any record of the mailbox being deleted. The >> content just disappears. We have been running Cyrus for years and have >&

Re: not all folders are shown in the subscription list

2015-09-09 Thread Dan White
he client. That output would be invaluable to the developers when opening a ticket (with whichever project is to blame). If you believe this is a bug in Cyrus, you can file it here: http://cyrusimap.org/mediawiki/index.php/Report_A_Bug -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List

Re: Store data encrypted in maildir

2015-08-25 Thread Dan White
). SELinux/AppArmor should have some way to prevent trivial access. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: imapd.conf: sasl_sql_update and sasl_sql_insert understanding

2015-08-18 Thread Dan White
sql entry when sql_select is called. That would require 'sasl_auxprop_plugin: sql' to be configured. Or you could process your syslog (local6/mail/auth). -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe

Re: shared mailbox read/unread status

2015-08-17 Thread Dan White
annotation on the mailbox. It's lightly documented in the changes file. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Number of imap process increasing over time

2015-08-14 Thread Dan White
15427 (imapd) score 1 or sacrifice child Aug 14 06:26:01 postoffice kernel: Killed process 15427 (imapd) total-vm:179648kB, anon-rss:7756kB, file-rss:672kB How many processes spawn is configurable within /etc/cyrus.conf. How do you have your imap entries configured? -- Dan White Cyrus Home

Re: Number of imap process increasing over time

2015-08-14 Thread Dan White
On 08/14/15 08:11 -0700, Shaheen Bakhtiar wrote: On Aug 14, 2015, at 8:03 AM, Dan White dwh...@olp.net wrote: On 08/14/15 07:46 -0700, Shaheen Bakhtiar wrote: Ever since the rebuild we are experience an ever growing number of imapd processes, when we first boot the server we have ~200 using

Re: Shared folder permissions

2015-07-30 Thread Dan White
to get it sorted. https://www.ietf.org/rfc/rfc4314.txt You want 't' and not 'x'. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Shared folder permissions

2015-07-30 Thread Dan White
. On 07/30/15 19:09 +0100, John wrote: I set the ACL to lrswiptek and it then shows as lrswipktecd. Have I missed a database migration step at some point in the past? The current server is running 2.4.12 (and I have a project to move it all to 2.5.x soon). John On 30/07/15 16:37, Dan White wrote

Re: Cyrus murder auth issue

2015-07-28 Thread Dan White
/cyrus-imapd/2.5.4/install-murder.php For further assistance, provide redacted copies of your /etc/imapd.conf, /etc/cyrus.conf, and saslauthd.conf (if existing) files for both the frontent and backend servers. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http

Re: Cyrus murder auth issue

2015-07-28 Thread Dan White
for sasl related problems. Does imap authentication (imtest) succeed? -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: lmtp authentication ignored with tls enabled

2015-07-20 Thread Dan White
maxchild=20 lmtpunix cmd=lmtpd listen=/var/run/cyrus/socket/lmtp prefork=0 maxchild=20 -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: lmtp authentication ignored with tls enabled

2015-07-20 Thread Dan White
On 07/20/15 19:15 +0200, Marcus Schopen wrote: Hi Dan, Am Montag, den 20.07.2015, 08:33 -0500 schrieb Dan White: It appears you may be performing sasl EXTERNAL authentication. Your auth-facility syslog should confirm that. How do I do that? libsasl logs to the auth facility. Check your syslog

Re: lmtp socket error

2015-07-02 Thread Dan White
? If the email is junk, there may be configuration options within postfix to disallow such emails. Attach a debugger to trouble shoot lmtpd. See the cyrus.conf and lmtpd manpages, and: http://members.sange.fi/~atehwa/vc/packaging/cyrus-imapd/debian/README.Debian.debug -- Dan White Cyrus Home Page

Re: sivtest fails to authenticate but imtiest succeeds

2015-06-29 Thread Dan White
. Be aware that specifying '-m login' (for imtest only) will fall back to using pre-sasl 'login' authentication, or at least it used to. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https

Re: autocreateinboxfolders

2015-06-18 Thread Dan White
/lib/imap/server.pem #tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt # uncomment this if you're operating in a DSCP environment (RFC-4594) # qosmarking: af13 -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http

Re: Murder frontend problem

2015-06-05 Thread Dan White
notifysocket: /var/run/cyrus/socket/notify syslog_prefix: cyrus -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Murder frontend problem

2015-06-05 Thread Dan White
wise. Referencing syslog on the backend is the best way to flesh this out. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyrus-imapd with lmtpd + postfix slow delivery with group email ids

2015-05-14 Thread Dan White
cmd=lmtpd -a listen=lmtp prefork=0 in main.cf of smtp server :-- lmtp_destination_concurrency_limit = 100 lmtp_destination_recipient_limit = 0 How many lmtp processes do you see spawned in this scenario? -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http

Re: too much logging

2015-04-30 Thread Dan White
database or a invalid database format. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: too much logging

2015-04-29 Thread Dan White
On 04/29/15 17:21 +0200, hw wrote: Am 29.04.2015 um 16:14 schrieb Dan White: On 04/29/15 16:07 +0200, hw wrote: Hi, is there a way to reduce the log output from cyrus? A lot, if not most, entries say 'imaps[20670]: fetching user_deny.db entry for ...', which seems to be a rather useless

Re: too much logging

2015-04-29 Thread Dan White
On 04/29/15 18:35 +0200, hw wrote: Am 29.04.2015 um 18:15 schrieb Dan White: Does this mean that before 2.5.1, the database is being opened and closed all the time, yielding a log message? Correct. But that was an error produced if the user_deny.db file didn't exist, and ended up flooding

Re: too much logging

2015-04-29 Thread Dan White
load. What might be going wrong here? -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: group acl with winbind

2015-04-07 Thread Dan White
On 04/07/15 17:50 +0200, Luca Olivetti wrote: El 07/04/15 a les 17:31, Dan White ha escrit: localhost sam m_sist group:m_sist lrw setaclmailbox: group:m_sist: lrw: Invalid identifier localhost Could this be a permissions problem? Can the cyrus user successfully execute the getent command

Re: group acl with winbind

2015-04-07 Thread Dan White
://cyrusimap.org/docs/cyrus-imapd/2.4.17/overview.php#aclauth If your group information is exposed over an LDAP backend, consider using pts. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https

Re: MANAGESIEVE commands

2015-03-31 Thread Dan White
NO Did not specify legal script data length I don't know what the correct syntax is and, even worse, I don't know where to look it up? See RFC 5804. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe

Re: IMAP archive?

2015-03-05 Thread Dan White
impact in mailbox, indexes and whole server performances? In other words, does performances degrade only for Archive folder selection, or for all mailbox too? -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus

Re: Communicating kerberos password expiration

2015-02-17 Thread Dan White
unfamiliar with the EXPIRED response code or what Cyrus' plans are for supporting it. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Communicating kerberos password expiration

2015-02-17 Thread Dan White
On 02/17/15 12:31 -0600, Jason L Tibbitts III wrote: DW == Dan White dwh...@olp.net writes: DW There is an annotation (/comment) which you can set per mailbox, DW which should result in an alert being displayed: Checking that again, I'm not sure that's the case. There's a misformatting

Re: Intergation with MDM solutions

2015-01-21 Thread Dan White
. imapext). You would not configure any entries for imapint which would allow access to all internal connections by default. I'm not aware of a way to restrict devices (I'm assuming, based on a client string?). There may be 3rd party imap proxies that can assist with that. -- Dan White Cyrus Home

Re: IMAP over SSL (only) handshake hangs

2015-01-13 Thread Dan White
 +0100, Niels Dettenbach wrote: Ive done a strace -f -p on the master process which brought out: See /usr/share/doc/cyrus-imapd-2.x/README.Debian.debug.gz for help in debugging a particular service. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http

Re: saslauthd and multiple dc levels

2014-12-30 Thread Dan White
? Try: ldd `which ldapsearch` And verify that the linked sasl library is the same as for slapd, or if not, uses a good libsasl installation. Also, you may want to try ldapsearch from another system with a known good sasl installation. -- Dan White Cyrus Home Page: http://www.cyrusimap.org

Re: saslauthd and multiple dc levels

2014-12-23 Thread Dan White
-config(5). -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: saslauthd and multiple dc levels

2014-12-23 Thread Dan White
On 12/23/14 16:07 +0100, Willy Offermans wrote: Hello Dan, On Tue, Dec 23, 2014 at 08:50:07AM -0600, Dan White wrote: On 12/23/14 15:22 +0100, Gabriele Bulfon wrote: How can I let saslauthd support both configurations? Is the server OpenLDAP? If so, using olcAuthzRegexp would be a far more

Re: sasl_mech_list in imapd.conf ?

2014-12-16 Thread Dan White
/2.1.25/components.php If using the Ubuntu sasl packages, use saslpluginview to list available plugins. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info

Re: sasl_mech_list in imapd.conf ?

2014-12-16 Thread Dan White
On 12/16/14 08:23 -0600, Dan White wrote: If using the Ubuntu sasl packages, use saslpluginview to list available plugins. Make that 'saslpluginviewer'. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus

Re: saslauthd question

2014-12-11 Thread Dan White
in the call to sasl_server_new (See the manpage). Cyrus imapd hard codes the service names, and they are not configurable. Grep through the cyrus imap source for that function call to determine which pam file to configure for each service. -- Dan White Cyrus Home Page: http://www.cyrusimap.org

Re: annotation_definitions and other options in imapd.conf

2014-12-03 Thread Dan White
all groups in the system). If that happens every time a user attempts to open a mailbox, your system will fall over. The other auth_mechs, such as ldap, can make that process efficient. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu

Re: segfault cyrus imapd 2.17 when upgrading to glibc 2.16

2014-11-03 Thread Dan White
against the same version of glibc as cyrus imap, as well as any libraries your auxprop plugin uses i.e. libldap or sql). -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu

Re: Some cyrus-sasl questions

2014-09-30 Thread Dan White
: # exclude shared secret mechanisms mech_list: plain login external gssapi See: http://www.cyrussasl.org/docs/cyrus-sasl/2.1.25/options.php -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https

Re: Complete mailbox delete?

2014-08-10 Thread Dan White
it shouldn't be taking up much space. Depending on configuration, you may have some lingering files underneath your configdirectory hierarchy as well. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe

Re: postfix-amavis-cyrus on multidomain ldap

2014-08-04 Thread Dan White
quota. A better approach is to use Postfix policy script which can query mailbox state before accepting the message, such as by communicating with the smmap socket. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus

Re: NO Login failed: generic failure

2014-03-26 Thread Dan White
Is there any way of getting more debug information out of the backend without modifying the code itself? Add 'sasl_log_level: 7' to imapd.conf, and verify your syslog daemon is logging 'auth.*'. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu

Re: NO Login failed: generic failure

2014-03-26 Thread Dan White
On 03/26/14 11:45 -0700, Marc Fournier wrote: On Mar 26, 2014, at 11:25 , Dan White dwh...@olp.net wrote: What does your imapd.conf config look like? In particular the sasl_*, virtdomain, defaultdomain, allowplaintext, and loginrealms options. configdirectory: /var/spool/imap partition

Re: NO Login failed: generic failure

2014-03-26 Thread Dan White
On 03/26/14 11:45 -0700, Marc Fournier wrote: On Mar 26, 2014, at 11:25 , Dan White dwh...@olp.net wrote: What does your imapd.conf config look like? In particular the sasl_*, virtdomain, defaultdomain, allowplaintext, and loginrealms options. configdirectory: /var/spool/imap partition-default

Re: Ubuntu Server 13.10 | Postfix 2.10.2 | Cyrus 2.4.16

2014-03-07 Thread Dan White
steps: saslpasswd2 -u domain.tld info testsaslauthd -u info -r domain.tld -p Pa77w0rd 0: OK Success. testsaslauthd -u i...@domain.tld -p Pa77w0rd 0: NO authentication failed With saslauthd, you may wish to experiment with the '-r' option (/etc/default/saslauthd OPTIONS). -- Dan White Cyrus Home

Re: Ubuntu Server 13.10 | Postfix 2.10.2 | Cyrus 2.4.16

2014-03-07 Thread Dan White
On 03/07/14 22:02 +0100, Andrey ‪ wrote: Hi this was very helpful: sasl_auxprop_plugin: sasldb But is works only in combination with: sasl_pwcheck_method: saslauth 'sasl_pwcheck_method: auxprop' is really what you want here. saslauthd and testsaslauthd are no longer needed. -- Dan White

Re: Ubuntu Server 13.10 | Postfix 2.10.2 | Cyrus 2.4.16

2014-03-07 Thread Dan White
On 03/07/14 16:33 -0600, Dan White wrote: On 03/07/14 22:02 +0100, Andrey ‪ wrote: Hi this was very helpful: sasl_auxprop_plugin: sasldb But is works only in combination with: sasl_pwcheck_method: saslauth 'sasl_pwcheck_method: auxprop' is really what you want here. saslauthd and testsaslauthd

Re: disable login for users without mailbox

2014-02-25 Thread Dan White
and imap users. Separated sasldb databases would be great. Set 'sasl_sasldb_path: path1' in /etc/imapd.conf, and 'sasldb_path: path2' in your sendmail sasl config. Use -f when creating or updating users with saslpasswd2. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info

Re: cyradm cannot connect to cyrus imap server

2014-02-21 Thread Dan White
will always fail on that attempt. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyradm cannot connect to cyrus imap server

2014-02-21 Thread Dan White
unless TLS client authentication was successful during the starttls step. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyradm cannot connect to cyrus imap server

2014-02-21 Thread Dan White
ways. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyradm cannot connect to cyrus imap server

2014-02-20 Thread Dan White
imap[3440]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied In imapd.conf, set: sasl_mech_list: PLAIN LOGIN EXTERNAL to remove some extraneous error messages. Try specifying a mechanism (--auth=PLAIN) in your cyradm command. -- Dan White Cyrus Home

Re: Still getting SQUAT errors after adding squatter to events

2014-02-12 Thread Dan White
in the logs. Does it matter that the cyrus user isn't cyrus ? I'm new to cyrus and was handed this server already in use so pardon my ignorance. Thanks, Josh -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe

Re: imapd + sasl + ldapdb problems

2014-02-05 Thread Dan White
: test user sn: user uid: tuser mail: tu...@example.com userPassword: password authorizedService: mail authorizedService: svn -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https

Re: imapd + sasl + ldapdb problems

2014-02-05 Thread Dan White
You may need a different or better authz-regexp rule here, or you may need to adjust your authzto/authzfrom rules. See: http://www.openldap.org/doc/admin24/sasl.html#SASL Proxy Authorization -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu

Re: Protecting message files acess even from root

2014-01-31 Thread Dan White
to prevent local access (from a physical administrator), or remote access via root login? How does cyrus differ from other email stores that you've dealt with (security wise)? -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info

Re: Postfix with Cyrus Imap

2014-01-26 Thread Dan White
the standard mux location. See: http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.info-cyrusmsg=54942 for options. For trouble shooting, I run saslauthd in debug mode to verify imapd is able to communicate with the saslauthd mux. -- Dan White Cyrus Home Page: http://www.cyrusimap.org

Re: Postfix with Cyrus Imap

2014-01-25 Thread Dan White
need to apply this patch if your OS's package has not included them: http://code.uoa.gr/p/cyrus/autocreate/ -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman

Re: Postfix with Cyrus Imap

2014-01-24 Thread Dan White
the same password, email as postfix uses it? Is it possible that when I add new account on my DB, it will create the mailbox automatically? What does your postfix config look like? Does it use sasl to authenticate your users? -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List

Re: Postfix + Cyrus Sasl problem

2013-12-18 Thread Dan White
the postfix chroot. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: allowplaintext: no and aggregates

2013-12-06 Thread Dan White
allow clients to connect directly to one), you will likely see authentication failures from clients attempting digest-md5 auth, unless those users exist within your auxprop database. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu

Re: Disable client authentication with certificates

2013-12-03 Thread Dan White
tls_sieve_require_cert: false What log entries do you see during TLS authentication? Verify that this is a server side problem with imtest. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https

Re: Disable client authentication with certificates

2013-12-03 Thread Dan White
On 12/03/13 19:52 +0200, Stefan Gofferje wrote: On 12/03/2013 04:39 PM, Dan White wrote: What log entries do you see during TLS authentication? Dec 3 19:13:10 home imap[17224]: SSL_accept() succeeded - done Dec 3 19:13:10 home imap[17224]: starttls: TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA

Re: Cyrus 2.4.x logging issue

2013-07-10 Thread Dan White
(for cyrus-imap) instead of local6. And Debian configures a verbose level by default. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Imapd and diffie hellman encryption

2013-06-27 Thread Dan White
setting tls_cipher_list. See imapd.conf(5) and ciphers(1). -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Trouble with sieve

2013-06-05 Thread Dan White
. There isn't much there about Sieve besides logins. I ran sivtest and all seems good there. I'm not sure what to look for. Any ideas? Help is appreciated. Did you activate the uploaded script? Was the script successfully compiled to bytecode? -- Dan White Cyrus Home Page: http://www.cyrusimap.org

Re: MD5 Passwords in MySql?

2013-03-29 Thread Dan White
believe it's based on a previously circulated patch that you google for. Using such a configuration will require you to use the PLAIN or LOGIN mechanisms (or pre-sasl login/pass IMAP authentication). -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http

  1   2   3   4   5   >