Josh Whitver wrote:
As I understand it, this should allow us to send mail to Conference+shared
mailbox name@domain and have the message delivered to the shared mailbox.
This isn't what's happening, however. Initially, there was no mail-capable
user named Conference, so I created one, but now all
Josh Whitver wrote:
Thanks for the help thus far, but now when I start the mail service, I get this
in /var/log/mail.log:
May 9 11:37:59 testldap postfix/master[12863]: daemon started -- version 2.1.5
May 9 11:38:40 testldap postfix/smtpd[12887]: fatal: open database
shared_folders.db: No such
Vernon A. Fort wrote:
so I could see what part of the header was invalid. There was/is a line:
Message-ID:
with nothing after the line. I removed the line and re-sent the message
successfully. Why would single line called Message-ID: cause lmtpd
message header errors?
Because it's invalid
Jim Miller wrote:
I'm still having trouble will Outlook and connecting with IMAPS to
cyrus-imap 2.2.10.
when I set 'tls_reqire_cert: true'. However I don't have the problem when I
set tls_imap_reqire_cert: true'
That's because this second setting is ignored. For settings to apply to
specific
Marco Colombo wrote:
So it seems its usage is deprecated. If you are to code a patch, you
may look into the alternative name(s). Those are standard v3 extensions.
As I understand it, comforming applications should look there in order
to find email addresses (of type rfc822Name). Of course, since
Igor Brezac wrote:
--auth-auth specifies an authorization (not authentication) mechanism.
The unix module is mostly useful for group.
OK, yeah, authorization vs. authentication, right. Since SASL cannot
provide authorization details, Cyrus IMAP has to get them from somewhere
else, so that's
Marco Colombo wrote:
What field is that, exaclty? v3 extension?
I'm not sure... it's in the OpenSSL headers files as
NID_pkcs9_emailAddress.
Anyway, the goal of authentication is to identify users not email
addresses. The whole idea of using certs is broken, unless you use
the cert itself. No CA
Igor Brezac wrote:
Your bigger issue is to find a client that supports SASL/EXTERNAL. I
do not believe c-client library (this is what drives IMP/Horde via
PHP) supports SASL/EXTERNAL, so this is what you need to start hacking.
OK, I've successfully connected using imtest and SASL/EXTERNAL and
I've just reworked my Cyrus IMAP installation, and I'm beginning to get
the impression that --with-auth (which defaults to unix) is only for
group memberships, and really has no other effect. It certainly doesn't
seem to affect SASL in any way, which is what actually handles
authentication.
Craig White wrote:
My goal was to be my own CA - generate per user certificates and have
revocation rights. I haven't had many issues with creating certs for
various applications such as ldap/apache etc. I was looking for some
granular control for individual users.
I do this manually using OpenSSL
I'm working on a webmail system using client certificates for
authentication.
I have Cyrus IMAP working fine with Cyrus SASL and AUTH=EXTERNAL after
negotiating TLS... the IMAP daemon authenticate the user properly.
However, it chooses the CN from the client cert as the authentication
Wil Cooley wrote:
Lately I've been trying to migrate my self-signed certs to certs
generated with TinyCA from a self-signed root cert; that way once I
import my root CA I can bypass all of the prompts.
Yes, that is a much better plan. I do that for my clients who have
private webmail/intranet
Andrew Morgan wrote:
You may want to look into Dell's AX100 SAN (a rebranded version of the
EMC Clariion AX100). These use SATA drives with a FC front end. They
are relatively inexpensive for the amount of storage you can get, if
your I/O needs match. You can also go a little more upscale
Edward Rudd wrote:
This is really a Cyrus-SASL topic. as Cyrus IMAP doesn't really care how
the user gets authenticated, only that the SASL layer authenticates the
users. So client certificate authentication would have to be added as a
SASL authentication module.
It's never been clear to me where
Igor Brezac wrote:
SASL/EXTERNAL is what you want although I have to not tried it.
OpenLDAP works great. In theory, the CN part of the client
certitificate subject needs to be a valid mailbox. You can test this
with imtest -t client_cert_file -m EXTERNAL I assume that you have
SSL/TLS
[EMAIL PROTECTED] wrote:
cyrus/imapd[15511]: starttls: TLSv1 with cipher AES256-SHA (256/256 bits
new) no
authentication
cyrus/imapd[15511]: login: localhost[127.0.0.1] pascal plaintext+TLS
The no authentication at the end of the first line is due to client
certicats
are not allowed with
I'm trying to come up with a configuration of Horde/IMP and Cyrus 2.2.x
that will be easy to use and easy to manage :-) (I've got a number of
these systems to set up).
So far, I have been successful using client certificates to identify
users to Apache 2.0.x, and using a custom Horde auth
Rich West wrote:
We did manage to get the cyrus-imap server up and running in a Fedora
Core 2 environment authenticating against PAM (which in turn talks to
our LDAP servers), but we could not get users in to the system.
Essentially, with our test environment, the mail client (in this case,
Etienne Goyer wrote:
On a similar note, RedHat have apparently bought Sistina, and GPLed GFS.
This is great news for HA under Linux, IMHO. I will be testing it soon.
Well, on their site is it listed as open source, but it is not on
sources.redhat.com (where LVM2 and device-mapper landed when
Norman Zhang wrote:
I think you can get it here, http://sources.redhat.com/cluster/gfs/
Yes, thanks. When I looked at the sources page I was looking for GFS
directly, not a cluster subproject. This page appears to have
everything needed to use GFS.
---
Cyrus Home Page:
Colin Bruce wrote:
I haven't tried it yet but it may be that DRBD (http://www.drbd.org)
might be able to do what you want. We used it with a UW Imap server and I
don't see why it shouldn't work with Cyrus. It is probably possible to
split the users between two cyrus servers and have each group
[EMAIL PROTECTED] wrote:
Are you sure Outlook can use GSSAPI??
I tried the following :
Windows 2000 Prof., Member of W2K-ADS, logged in with user@realm
Mailclient OE 6 (latest security packs), Secure Password Authentication enabled
Outlook and Outlook Express are not the same thing, in fact they
Ken Murchison wrote:
I finally got around to dealing with this. I just committed a patch
which does the following:
- use Followup-To (if exists) instead Newsgroups when constructing Reply-To
- strip any post addresses from Reply-To when feeding the article
upstream (via NNTP or SMTP)
These
Erik Myllymaki wrote:
Can any Exim-Cyrus users help me out here?
There's a few posts around that detail this using cyrus_deliver, but my
cyrus_transport in exim.conf is LMTP...
Direct subfolder delivery with LMTP is a little tricky, you basically
have two choices:
- Set up cyrus.conf to start
Ken Murchison wrote:
It shouldn't be. I never change the Newsgroups header, so once the
article hits NNTP, it will propagate as usual.
Well that's just dandy!
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info:
Ken Murchison wrote:
[EMAIL PROTECTED] wrote:
On Tue, 17 Feb 2004, Ken Murchison wrote:
I've actually been looking for more info on this type of thing, and here
is what I found:
http://www.unicom.com/pw/reply-to-harmful.html
http://cr.yp.to/proto/replyto.html
I can strip the address before
Ken Murchison wrote:
If you're talking about posting via NNTP, the article will still end up
having the To: header added by nntpd (if configured to do so).
Unfortunately no, I'm considering an environment where the users don't
have NNTP clients at all. Their only access to the shared folders
I'm looking to set up shared folders to use as discussion boards, as
well as possibly to use the new NNTP functionality to mirror some
newsgroups into shared folders.
However, that pretty much dictates using an MUA that supports direct
posting of messages into those folders, rather than
Wil Cooley wrote:
Not that everyone in your organization will have a Linux desktop, but
Evolution 1.4 has this capability.
I had heard that Evolution supported this type of posting, so I'll take
a look. See my other reply to Ken though about how this might now work
out, as the posted message
Ken Murchison wrote:
Are you worrying about how user's reading newsgroups via IMAP shared
folders will post to these groups? If so, you can allow this fairly
easily by using the newspostuser option and the lmtp2nntp software. Take
a look at doc/install-netnews.html for details on how to set
Nils Vogels wrote:
Kevin, may I ask how you managed to get multiple groups using one
fetchnews command ?
I've been trying comma delimited group names (fetchnews -n -w
nl.test,nl.someother news.myisp.nl) but for some reason no articles
are fetched then. If I use space delimitations, only the
Ken Murchison wrote:
Yes, it uses IHAVE. I can take a look at adding support for POST (the
commands are almost identical). Does your provider also require you to
authenticate?
Ken, I'd like to try out this support too, I've been hanging around
waiting for it to more stable (and get features
Ken Murchison wrote:
Would you want to feed to all of the servers, or just one? Currently,
fetchnews and nntpd are only setup to have one upstream peer.
Yes, I would want to feed messages back to all the servers.
Actually fetchnews can work with any server you want, but it doesn't
keep track
Ken Murchison wrote:
There is no overlap between the groups from the different servers, and
grouping them is easy with wildcard matching:
cups.*
microsoft.*
infragistics.*
everything else
OK, so you need the newspeer option to be a *list* of peers? But you
*don't* need fetchnews to track
Rob Siemborski wrote:
Our webmail (squirrelmail) is doing kerberos authentication. We gutted
the authentication part of squirrelmail and instead launch a persistant
imtest process, which squirrelmail connects to instead (this was
relatively easy to do, actually -- most of the changes that were
I just recently set up SquirrelMail connected to an existing Cyrus
2.1.15 installation. So far so good, things are working well.
However, I'd like to move towards a single sign-on model, and this
should be possible given that the clients are running Windows/IE and
authentication against a
mark london wrote:
I am running cyrus/squirrelmail/sendmail. I have a vacation plugin for
squirrelmail and set up vacation autoresponding. However, if vacation
responds to a spam message that has a bogus email address, the bounced
message that says that the vacation message can't be
Pat Lashley wrote:
I've been thinking about finding the cycles to whip out a utility
that would take a local_part on the command line; and return success
or failure to indicate whether it is deliverable. It would work by
starting an LMTP session and issuing a RCPT; then RSET and QUIT after
Pat Lashley wrote:
I've been thinking about finding the cycles to whip out a utility
that would take a local_part on the command line; and return success
or failure to indicate whether it is deliverable. It would work by
starting an LMTP session and issuing a RCPT; then RSET and QUIT after
Scott Balmos wrote:
Does anyone know of any other MTAs that can pass SMTP AUTH info along to
Cyrus, other than Sendmail? I'm thinking in the base case here, of a single
server, for an intranet. We've already, unfortunately, ruled out Postfix
earlier last week, I think I remember reading.
Exim,
Scott Balmos wrote:
My question is, where is Sendmail getting, or even sending to the deliver
program, the information that says to match against username msmith, johndoe,
or whatnot? I know of the -a switch for deliver, but pretty much all the
other MTAs (including Postfix) say that there can
Ken Murchison wrote:
Does cyradm display the password prompt? I did a fresh RedHat 8.0 +
updates (Perl 5.8.0) install on a laptop so I could do some development
while on the road, and the prompt for the password doesn't display. It
took me a while before I realized that cyradm wasn't hung, its
Kerstin Espey wrote:
As long as you don't use the option caseful_local_part in the exim router,
exim will send all mails to the lowercase mailbox.
Regards,
Kerstin
Exim 4.x does not act this way, but Exim 3.x did. If you don't make specific
provisions to supply Cyrus a lowercase local part
Rob Siemborski wrote:
The distribution is available at:
ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.1.11.tar.gz
or
http://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.1.11.tar.gz
And those links should, of course, be:
ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.1.12.tar.gz
or
Henrique de Moraes Holschuh wrote:
On Tue, 21 Jan 2003, Thomas Hannan wrote:
Anyways, with the AMaViS virus filtering, could you clarify a bit? Does your
Get amavisd-new, tell your MTA to deliver to amavisd-new through SMTP, then
deliver it back to the MTA through SMTP, and let it deliver to
Lawrence Greenfield wrote:
--On Friday, January 03, 2003 12:48 PM -0700 Kevin P. Fleming
wrote:
This is all working fine, except that I had to add my dummy
authentication user (which I create solely for Exim to authenticate
itself to lmtpd with) to the admins entry in /etc/imapd.conf. I had
Rob Siemborski wrote:
On Fri, 3 Jan 2003, Kevin P. Fleming wrote:
This is all working fine, except that I had to add my dummy authentication user
(which I create solely for Exim to authenticate itself to lmtpd with) to the
admins entry in /etc/imapd.conf. I had to do this because lmptd
Gregory Chagnon wrote:
Thanks...so how would I go about setting up an IMAP account for user
testuser that would have the same folders as a Microsoft Exchange
server? I'm trying to get this thing looking as similar to the Exchange
server as possible so I'd like to have a visible Inbox, Sent
48 matches
Mail list logo