Re: rfc822.h ?
rfc822.h comes uw-imap distribution which you can download from: http://www.washington.edu/imap You will probably need to build c-client library from uw-imap to be able to enable imap support in php. You will need imap support in php to be able to use php-cyradm. __ Seva listacc wrote: > Hello, > > I wanted to install php with imap support to user php-cyradm. php fails > to configure, since it can´t find the rfc822.h - wich is true, since I > do not have such file on my system at all. > I post this here, because the name "php-cyradm" somehow implies the use > with cyrus-imapd (2.0.14 here), so I wonder wether I have done something > wrong and this file should be in the source tree or wether this a > classical case of trademark violation ;)
Re: chroot cyrus
Without knowing the reasons for why your are trying to chroot cyrus, it is difficult to comment. I am not quite sure if chrooting is relevant or is necessary at all for cyrus-imap! >From a security point of view cyrus is well designed to stay in private ip space and serve the users. What you may want to do is to allow interaction to cyrus via web interface, using for example imp from www.horde.org or similar other applications. __ Seva Steve Wright wrote: > This is probably not a very good question, but i'm new to cyrus. > > I want to setup cyrus running in a chroot enviroment, am I correct in > thinking all I need to do is move the binarys, librarys & config files > inside a directory structure then "chroot /[dir.structure] master &" ? > Or like postfix is there an option to run its child process(s) chroot ? > > Thanks > Steve Wright
Re: chroot cyrus
I have not tried chrooting either DNS or Apache. I assume that chroot for DNS is probably easier than Apache serving multiple sites. With Apache you can clearly demark each site's files and hence chrooting may make sense, but with cyrus (imap/pop3) it is little difficult to separate each user's files. Mailboxes and configuration files are lumped together in various dir and to separate them to chroot a user to an area of their own, is probably not possible, because cyrus has no notion of setting up of dir structures based on user ids. I have not used squirrelmail, but used imp and is fairly amenable to adaptation. __ Seva Steve Wright wrote: > Cyrus will be installed (eventully) on our isp mail server. > The current setup is such that apache & bind run chroot, therefor if > compromised the attacker will only be allowed access to their separate > directory structures. > (eg bind compromised, /chroot/dns/ appears to be root, only > subdirectorys thereof are at risk) > Upon installation I wish the same to be true of Cyrus. > The facilitys I require from Cyrus are pop3, imap & imap via ssl. > Web based mail will be installed when the new system is operational, to > deviate slightly has anyone had experience of SquirrelMail > (www.squirrelmail.org), it appears to have a cleaner interface than imp > & I will need to evalutate both products. > I hope you may be able to provide me with help. > > Steve Wright > Systems Administrator > > Seva Adari wrote: > > >Without knowing the reasons for why your are trying to chroot > >cyrus, it is difficult to comment. I am not quite sure if chrooting > >is relevant or is necessary at all for cyrus-imap! > > > >>From a security point of view cyrus is well designed to stay in > >private ip space and serve the users. What you may want to do > >is to allow interaction to cyrus via web interface, using for example > >imp from www.horde.org or similar other applications. > >__ > >Seva > > > >Steve Wright wrote: > > > >>This is probably not a very good question, but i'm new to cyrus. > >> > >>I want to setup cyrus running in a chroot enviroment, am I correct in > >>thinking all I need to do is move the binarys, librarys & config files > >>inside a directory structure then "chroot /[dir.structure] master &" ? > >>Or like postfix is there an option to run its child process(s) chroot ? > >> > >>Thanks > >>Steve Wright > >> > > > > > >
CVS is missing "master.h"
Could somebody from development team check in the "master.h" file (under dir master) please! Thanks
Re: [Fwd: problems with cyradm and imtest]
The perl module doesn't pick up the ssl libraries properly (I am assuming
that you have ssl installed and is visible to the compilation process). I
had
made following changes to the Makefile.PL to make the ssl visible. Use
the following patch to make cyradm perl module pick ssl:
--- perl/imap/Makefile.PL.orig Tue Jun 13 16:32:21 2000
+++ perl/imap/Makefile.PL Mon Nov 6 17:17:09 2000
@@ -55,8 +55,8 @@
'macro' => {'IMCLIENT_LIBS' => ''}, # hack
'clean' => {'FILES' => 'libcyrperl.a cyradm'},
'OBJECT'=> 'IMAP.o ../../lib/libcyrus.a',
-'LIBS' => ["$SASL_LIB -lssl -lcrypto"],
+'LIBS' => ["$SASL_LIB -L/usr/local/sasl/lib -lsasl
-L/usr/local/ssl/lib -lssl -lcrypto"],
'DEFINE' => '-DPERL_POLLUTE', # e.g., '-DHAVE_SOMETHING'
-'INC' => "-I../../lib $SASL_INC",
+'INC' => "-I../../lib $SASL_INC -I/usr/local/sasl/include
-I/usr/local/ssl/include",
'EXE_FILES' => [cyradm],
);
I have just hard coded the path for ssl and sasl. Although the file has
provisions for sasl, inclusion of ssl made it drop sasl. Easiest thing to
do is to include sasl as well.
Note that the sasl & ssl dir path's reflect my setup, you may want to
modify it to suit your setup.
You have to provide more details on your imtest. Try the following and
see if you can login:
telnet imap
. login
If the above logs you in then you are there half the way.
__
Seva
Brian Estes wrote:
> when I attempt to run cyradm I get the following error...
>
> Can't load
> '/usr/lib/perl5/site_perl/5.6.0/i386-linux/auto/Cyrus/IMAP/IMAP.so' for
> module Cyrus::IMAP: undefined symbol: SSL_write at
> /usr/lib/perl5/5.6.0/i386-linux/DynaLoader.pm line 200.
> at /usr/lib/perl5/site_perl/5.6.0/i386-linux/Cyrus/IMAP/Admin.pm line
> 43
> Compilation failed in require at
> /usr/lib/perl5/site_perl/5.6.0/i386-linux/Cyrus/IMAP/Admin.pm line 43.
> BEGIN failed--compilation aborted at
> /usr/lib/perl5/site_perl/5.6.0/i386-linux/Cyrus/IMAP/Admin.pm line 43.
> Compilation failed in require at
> /usr/lib/perl5/site_perl/5.6.0/i386-linux/Cyrus/IMAP/Shell.pm line 58.
> BEGIN failed--compilation aborted at
> /usr/lib/perl5/site_perl/5.6.0/i386-linux/Cyrus/IMAP/Shell.pm line 58.
> Compilation failed in require.
> BEGIN failed--compilation aborted.
>
> in addition I get the following response from imtest...
>
> C: C01 CAPABILITY
>
> does anyone have a suggestion?
>
> OS->redhat7
> cyrus-imap->2.0.6
>
> <><
> thanks
> Brian
Re: autocreatequota
> I have set 'autocreatequota: 10' (is this bytes or megabytes?) Bytes
Re: autocreatequota
Seva Adari wrote: > > I have set 'autocreatequota: 10' (is this bytes or megabytes?) > > Bytes Opps, sorry! It is Kilobytes not bytes.
Re: 2.0.7 on Redhat-7
Yes compilation goes fine on redhat-7 with gcc. Check and make sure
that there are no "configure" errors first and are you doing a
"make depend" before issuing a make?
__
Seva
Darren Nickerson wrote:
> (had some more time to spend on this one - replying to myself)
>
> Okay, if I export BISON_SIMPLE=/usr/lib and run configure a few times, it seems
> to pickup /usr/lib/bison.simple.
>
> The next problem was with the location of com_err.h . . . in RedHat at least
> it's within a subdir /usr/include/et/com_err.h.
>
> I took care of that with:
>
> perl -p -i -e 's/com_err\.h/et\/com_err\.h/g' */*.c
>
> A more general solution might be useful in future releases ;-)
>
> Alas, I've reached a compile error which has me confounded:
>
> gcc -L/usr/local/lib -Wl,-rpath,/usr/local/lib -g -O2 -o lmtpd \
> ../master/service.o lmtpd.o lmtpengine.o lmtpstats.o \
> libimap.a ../sieve/libsieve.a ../acap/libacap.a ../lib/libcyrus.a -lsasl
> -ldl -lssl -lcrypto -lfl -ldb -lwrap -lnsl -lcom_err
> ../sieve/libsieve.a(sieve.o): In function `sieve_parse':
> /usr/local/src/CYRUS/cyrus-imapd-2.0.7/sieve/sieve.y:408: undefined reference
> to `yyparse'
> ../sieve/libsieve.a(sieve.o): In function `verify_address':
> /usr/local/src/CYRUS/cyrus-imapd-2.0.7/sieve/sieve.y:597: undefined reference
> to `addrparse'
> ../sieve/libsieve.a(sieve-lex.o): In function `yylex':
> /usr/local/src/CYRUS/cyrus-imapd-2.0.7/sieve/sieve-lex.l:62: undefined
> reference to `yylval'
> /usr/local/src/CYRUS/cyrus-imapd-2.0.7/sieve/sieve-lex.l:110: undefined
> reference to `yylval'
> collect2: ld returned 1 exit status
> make[1]: *** [lmtpd] Error 1
> make[1]: Leaving directory `/usr/local/src/CYRUS/cyrus-imapd-2.0.7/imap'
> make: *** [all] Error 1
>
> HELP?
>
> RedHat uses a fairly bleeding-edge compiler:
>
> [root@mail2 cyrus-imapd-2.0.7]# gcc -v
> Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/2.96/specs
> gcc version 2.96 2731 (Red Hat Linux 7.0)
>
> So I thought of trying the egcs compiler (kgcc). If I export CC=kgcc, I see:
>
> [root@mail2 cyrus-imapd-2.0.7]# ./configure
> loading cache ./config.cache
> checking host system type... i686-pc-linux-gnu
> checking for makedepend... makedepend
> checking for gcc... /usr/bin/kgcc
> checking whether the C compiler (/usr/bin/kgcc ) works... yes
> checking whether the C compiler (/usr/bin/kgcc ) is a cross-compiler... no
> checking whether we are using GNU C... yes
> checking whether /usr/bin/kgcc accepts -g... yes
> checking for ranlib... ranlib
> checking whether make sets ${MAKE}... yes
> checking for a BSD compatible install... /usr/bin/install -c
> checking how to run the C preprocessor... /usr/bin/kgcc -E
> checking for AIX... no
> checking for POSIXized ISC... no
> checking for mawk... mawk
> checking for working const... yes
> checking for long file names... yes
> checking for runpath switch... -Wl,-rpath,
> checking for unistd.h... yes
> checking for sys/select.h... yes
> checking for sys/param.h... yes
> checking for memmove... yes
> checking for strcasecmp... yes
> checking for ftruncate... yes
> checking for strerror... yes
> checking for dirent.h that defines DIR... yes
> checking for opendir in -ldir... no
> checking whether struct tm is in sys/time.h or time.h... time.h
> checking for tm_zone in struct tm... yes
> checking for vprintf... yes
> checking for db_create in -ldb-3... no
> checking for db_create in -ldb... no
> configure: error: this version requires Berkeley DB 3.x.
> (Get it from http://www.sleepycat.com/.)
> [root@mail2 cyrus-imapd-2.0.7]#
>
> Not sure how the compiler affects the DB3 stuff, bit it clearly does.
>
> Has anyone compiled cyrus imapd on RedHat-7?
>
> -D
Segmentation fault
Hi,
The memory over run I am going to describe may or may not be an imap
issue. The debugging points to imap in an indirect manner and hence this
posting.
The culprit chain:
imapd -> sasl -> pam -> pam_ldap -> libldap & liblber
Using Netscape mail client when I try to read mail of imap server
by supplying the userid and password the following happens:
In imapd, in function sasl_checkpass(), the call to _sasl_checkpass()
loads pam_ldap.so which in turn loads libldap & liblber. On coming
out of _sasl_checkpass() into sasl_checkpass() I get successful
verification of the password. Look at the following code snippet from
sasl (lib/server.c lines 1243-1250):
result = _sasl_checkpass(conn, mech, conn->service, user, pass,
errstr);
if (result == SASL_OK) {
result = _sasl_strdup(user, &(conn->oparams.authid), NULL);
if (result != SASL_OK) return result;
_sasl_transition(conn, pass, passlen);
}
_sasl_strdup uses imap's own memory allocation functions from
lib/xmalloc.c. What is interesting is if I enable ldap option via
pam.d/imap
file then instead of accessing xmalloc functions of imapd, _sasl_strdup
gets into ber_memalloc and I get segmentation fault, debugger shows line
190 of memory.c file of openldap distribution. This is consistent across
both redhat 6.2 & 7.0. However if I input wrong password, _sasl_strdup
doesn't get accessed and hence imapd does not break, but my Netscape
client freezes on me.
However imapd works thru' the above code if I disable ldap option
in pam.d/imap and access the shadow password system
Interestingly the following chain works fine for the same user id and
password:
wu-ftpd -> pam -> pam_ldap -> libldap & liblber
My guess is some where some pointers are over run. It has been very
difficult to get a handle on this in the debugger. Every thing looks to
work
fine until I get to "_sasl_strdup" and from there it is straight into
"ber_malloc" of openldap and segmentation fault with no meaningful
stack trace.
Or does this behavior has anything to do with the fact that ldap 2.0
also
uses sasl and there may have been name mangling issues!
This is behavior is present in 2.0.7 and the code in cvs.
Has anybody successfully implemented the latest imapd on redhat with
pam_ldap and openldap 2.x.x?
Any pointers or help is appreciated.
Thanks
__
Seva
Re: Segmentation fault
Update:
I have downgraded my version of ldap to 1.2.11 and everything is working
fine. I guess it is SASL link references to imap and ldap and their own
memory management seems to be the reason for the problem.
How do I resolve such that SASL goes with either imapd or ldap memroy
functions but not both?
Thanks
__
Seva
Seva Adari wrote:
> Hi,
> The memory over run I am going to describe may or may not be an imap
> issue. The debugging points to imap in an indirect manner and hence this
>
> posting.
>
> The culprit chain:
> imapd -> sasl -> pam -> pam_ldap -> libldap & liblber
>
> Using Netscape mail client when I try to read mail of imap server
> by supplying the userid and password the following happens:
>
> In imapd, in function sasl_checkpass(), the call to _sasl_checkpass()
> loads pam_ldap.so which in turn loads libldap & liblber. On coming
> out of _sasl_checkpass() into sasl_checkpass() I get successful
> verification of the password. Look at the following code snippet from
> sasl (lib/server.c lines 1243-1250):
>
> result = _sasl_checkpass(conn, mech, conn->service, user, pass,
> errstr);
>
> if (result == SASL_OK) {
> result = _sasl_strdup(user, &(conn->oparams.authid), NULL);
> if (result != SASL_OK) return result;
>
> _sasl_transition(conn, pass, passlen);
> }
>
> _sasl_strdup uses imap's own memory allocation functions from
> lib/xmalloc.c. What is interesting is if I enable ldap option via
> pam.d/imap
> file then instead of accessing xmalloc functions of imapd, _sasl_strdup
> gets into ber_memalloc and I get segmentation fault, debugger shows line
>
> 190 of memory.c file of openldap distribution. This is consistent across
>
> both redhat 6.2 & 7.0. However if I input wrong password, _sasl_strdup
> doesn't get accessed and hence imapd does not break, but my Netscape
> client freezes on me.
>
> However imapd works thru' the above code if I disable ldap option
> in pam.d/imap and access the shadow password system
>
> Interestingly the following chain works fine for the same user id and
> password:
> wu-ftpd -> pam -> pam_ldap -> libldap & liblber
>
> My guess is some where some pointers are over run. It has been very
> difficult to get a handle on this in the debugger. Every thing looks to
> work
> fine until I get to "_sasl_strdup" and from there it is straight into
> "ber_malloc" of openldap and segmentation fault with no meaningful
> stack trace.
>
> Or does this behavior has anything to do with the fact that ldap 2.0
> also
> uses sasl and there may have been name mangling issues!
>
> This is behavior is present in 2.0.7 and the code in cvs.
>
> Has anybody successfully implemented the latest imapd on redhat with
> pam_ldap and openldap 2.x.x?
>
> Any pointers or help is appreciated.
>
> Thanks
> __
> Seva
Re: 2.0.7 on Redhat-7
Forwading to the list Steven Lembark wrote: > > Yes compilation goes fine on redhat-7 with gcc. Check and make sure > > that there are no "configure" errors first and are you doing a > > "make depend" before issuing a make? > > would it make sense to modify the Makefile to something like: > > all: depend build > > depend: > blah blah blah > > build: > > blah blah blah > > so as to avoid this issue in the future? if we know that all of > the depend files are in ".depend" (or whatever) then we can also > use: > > .PHONEY all depend > > all: $(DEPEND_FILES) > build commands > > $(DEPEND_FILES) : Makefile > make -C $(dirname $@) depend > > i.e., the depends must be newer than the Makefile (or some > other artifact of ./configure) or we make depend, make all > depends on the depends. > > 'course this all depends on having GNU make. > > -- > Steven Lembark 2930 W. Palmer St. > Chicago, IL 60647 > [EMAIL PROTECTED] 800-762-1582
Re: can't delete mailbox..?
The command I would use to give cyrus admin permission to delete the user is: setaclmailboxc note that the permission flag to delete is "c" and not "d" __ Seva Ajay wrote: > Hey guys, > > I've been playing with cyradm some and I seem to be having trouble > deleting users, cyrus 2.0.7, has anyone else encountered this problem? > > moya.talarian.com> sam user.ray atallam d > moya.talarian.com> dm user.ray > deletemailbox: Permission denied > > As you can see I did set the acl. I even tried removing all the user's > other ACLs first, am I missing something? Should I add myself to the cyrus > group and restart the master process? Which doesn't quite sound right, > because I'm able to create mailboxes fine. Any help/info greatly > appreciated! > > ttyl.. > > -Ajay > > (and renamemailbox gives me a 'renamemailbox: Operation is not supported on > mailbox' error. Even if I 'sam user.ray atallam a' too.) > > -- > Milpitas, ca[EMAIL PROTECTED] HempVille, Planet Talarian >http://os2man.cjb.net/pictures/ > All programmers are optimists -- Frederick P. Brooks, Jr.
Re: !HELP! :o)
Change to the dir where "Cyrus/IMAP" is there under your imap installation and try "cyradm" command and see if it sees the required files. On my system I would do: cd /usr/local/imap/lib/perl5/site_perl/5.005/i386-linux /usr/local/imap/bin/cyradm __ Seva Oliver Pitzeier wrote: > Hi! > > First my specifications. I run RedHat with a Alpha-Machine and this is > really nice. :o) > But i'm having problems (good hardware is still not enough). > I tryed to install the Cyrus IMAP 2.0.7 Server and what happend made me > CRY! Believe it or not > After downloading and building (configure, make, etc.) I try to "make > install". Afterwards >cyradm< gave me the error that it "Can't locate > Cyrus/IMAP/Shell.pm". > I a newbie in this and I HAVE to install the IMAP Server > > Please help me - I would be very thankfull. > > Looking forward. > > Bye, >Oliver
Re: Automatic mailbox creation
I have not done anything like what you are suggesting, but
from what I know about sendmail, it ought to be possible to
create automatic mailboxes. Requires some coding though!
I am little curious to find out why would you want to be
doing such a thing though! It can get you into resource
related troubles (not to mention security nightmares), given
that every mailbox requires that you set aside some space.
I would look at the part where sendmail provides a hook for
mapping the mail ids via "virtusertable". Under sendmail there
is a file called "map.c" where they have the functions for
mapping the in coming mail id to internal id. Along lines of
exiting functions you could create a new one or override an
exiting function and check for existence of current mail id
in the system and if none found create a mailbox and then get
back into sendmail process flow.
__
Seva
Stephen Fischer wrote:
> I'm interested in having the deliver program automatically create mailboxes
> when it receives a mail item addressed to an address of the correct format but
> which does not already exist. I found some mail in the archive from people
> asking a similar question but no answers. Is this capability there? If not,
> has anyone implemented something similar?
>
> Software: cyrus imapd 1.6.24, cyrus-sasl-1.5.20/24, sendmail.8.10.1, solaris 8
>
> Format (for reference): [a-z][0-9]{7}
>
> Basically, what we would like to have happen is that the deliver program
> checks the format of the address. If it is invalid, then the message is
> rejected. If it is valid, then it is delivered, creating the mailbox if it
> does not already exist. The first half is easy enough to do with a wrapper
> program that then calls deliver, but the second half seems to be best handled
> by deliver itself.
>
> Thanks for your help/thoughts,
> Stephen
Re: Automatic mailbox creation
Stephen Fischer wrote:
> I would prefer not to have sendmail do it, because it's a larger drain on the
> resources and because it's not really sendmail's job to handle these things
> (as I understand it). The reason for this is because at times the process
> that informs us about new users takes some time, so the users may be
> distributing the mail address before we are told about it. As a result, we
> could be bouncing important mail, which is not politically popular.
I agree that it is not sendmail's job. If you are just dealing with one
domain name, it makes sense to not to use sendmail. However if
you have the scenario where you have to support say xyz.com and
xyz.net (which is the case by and large for most companies these
days), which requires name mapping, I don't know where else but
sendmail, you could do what you are trying to do!
>
> The resource and security issues don't need to be a problem because someone
> could just mailbomb the valid mail addresses. And, hey, I'm not administering
> the system, so if they want to do it that way, that's their decision.
Mail bomb just affects the targeted account in a quota enabled system.
Where as the system you described, could potentially bog down entire
mail system, affecting everybody.
>
> The main problem with what you suggest is that you have the overhead of
> checking the existence of every mailbox before delivering the item, which is
> substantial, and why it would be optimal if deliver simply had a flag that
> created any non-existing mailboxes.
>
> Stephen
There is always a lookup overhead, it may be low towards the delivery end
and may make sense to implement it there, provided you have no name mapping
requirements.
__
Seva
>
> quoth Seva Adari:
> | I have not done anything like what you are suggesting, but
> | from what I know about sendmail, it ought to be possible to
> | create automatic mailboxes. Requires some coding though!
> |
> | I am little curious to find out why would you want to be
> | doing such a thing though! It can get you into resource
> | related troubles (not to mention security nightmares), given
> | that every mailbox requires that you set aside some space.
> |
> | I would look at the part where sendmail provides a hook for
> | mapping the mail ids via "virtusertable". Under sendmail there
> | is a file called "map.c" where they have the functions for
> | mapping the in coming mail id to internal id. Along lines of
> | exiting functions you could create a new one or override an
> | exiting function and check for existence of current mail id
> | in the system and if none found create a mailbox and then get
> | back into sendmail process flow.
> |
> | __
> | Seva
> |
> | Stephen Fischer wrote:
> |
> | > I'm interested in having the deliver program automatically create mailboxes
> | > when it receives a mail item addressed to an address of the correct format but
> | > which does not already exist. I found some mail in the archive from people
> | > asking a similar question but no answers. Is this capability there? If not,
> | > has anyone implemented something similar?
> | >
> | > Software: cyrus imapd 1.6.24, cyrus-sasl-1.5.20/24, sendmail.8.10.1, solaris 8
> | >
> | > Format (for reference): [a-z][0-9]{7}
> | >
> | > Basically, what we would like to have happen is that the deliver program
> | > checks the format of the address. If it is invalid, then the message is
> | > rejected. If it is valid, then it is delivered, creating the mailbox if it
> | > does not already exist. The first half is easy enough to do with a wrapper
> | > program that then calls deliver, but the second half seems to be best handled
> | > by deliver itself.
> | >
> | > Thanks for your help/thoughts,
> | > Stephen
> |
Re: Segmentation fault
Hi Julio, I am glad that you are pursuing to resolve this issue, thanks. `-Bsymbolic' When creating a shared library, bind references to global symbols to the definition within the shared library, if any. Normally, it is possible for a program linked against a shared library to override the definition within the shared library. This option is only meaningful on ELF platforms which support shared libraries. Taking a clue from the above quote from 'info ld' (on a RedHat 6.2 system), I have built SASL library with '-Wl,-Bsymbolic' flag for 'ld' and rebuilt imap & ldap with no luck. __ Seva Julio Sánchez Fernández wrote: > Seva Adari wrote: > > > I guess it is SASL link references to imap and ldap and their own > > memory management seems to be the reason for the problem. > > I have been fighting this on my own without finding a solution. If I > tell you I am on the OpenLDAP Project my fight will look rather pathetic, > but I really could not see where the %#%&! problem was. > > Until I read your messages. I think your diagnose of the problem is > right on the mark. Thanks a lot. > > > How do I resolve such that SASL goes with either imapd or ldap memroy > > functions but not both? > > The problem seems to be that there is a call in libraries/libldap/cyrus.c > to sasl_set_alloc that changes all allocation routine pointers to > OpenLDAP routines. This is done in ldap_int_sasl_init. Usually, this > is no problem. However, it seems that either cyrus-sasl or pam_ldap > is unloading the LDAP libraries and, so, those allocator pointers > become dangling. Or some such. > > Now, I don't know what should be done. I seem to remember that > OpenLDAP changes the allocators because on some platforms not all > memory is created equal: there are different memory pools and you > cannot return memory to the wrong pool, nor can you move pointers > around carelessly. I think NT was one of those cases. > > So maybe, ldap_int_sasl_init should remember the old values (but > how? - there is no sasl_get_alloc!) and restore them at some > appropriate place such as ldap_int_sasl_close (but the init > routine is designed to be called multiple times, so it seems > some housekeeping may be necessary). > > Or maybe it should avoid calling sasl_set_alloc in this case, but how > can libldap know when should it do it? Maybe since this problem > only appears currently on a handful of Unix systems where memory is > uniformly allocated, we could remove that call or make it conditionally > compilable. I did a quick check and removing the sasl_set_alloc call > seems to fix it and I did not see any adverse effects yet. > > I don't know of this is a Cyrus SASL, Cyrus IMAPD or OpenLDAP issue. > But we should do something about it somewhere :-) > > Kurt, should we take this to openldap-devel? > > Julio
Re: using ldap for authentication
unplug wrote: > Hi all, > > Does cyrus use the uid & userpassword of ldap as default for > authentication?? How about if I change the userpassword to password?? > Cyrus will still work or not?? > > unplug Cyrus could care less, it is the module that interfaces ldap (such as pam_ldap, via pam authentication system) that you should worry about. If you change the ldap attribute to "password", pam_ldap and nss_ldap won't work as the attribute "userPassword" is hard coded into the software for good reason. If you write your own interface to ldap, then you could use any attribute name. Why do you want to change perfectly working attribute name? __ Seva
Re: Sleepycat
James Presley wrote: > Does the latest version of Cyrus-Imap HAVE to have sleepy cat? I > wanted to use mySQL for the database. Is there a switch to turn off > berkley during install? James I don't think configuration proceeds with out it detecting db3 from sleepy cat. Even Mysql is now using sleepy cat for its backend support. __ Seva
Re: scripting cyradm
Sacha Labourey wrote: > Hello, > > when you script cyradm, how do you answer the "Please enter your password" > prompt from the script? using the "<" redirection does not work. Any idea? > > I am using 2.0.6, saslpasswd, linux RH7.0 and TCL 8.x > > thank you. Cheers, > > Sacha Did you look at "expect"? Expect is pretty neat for handling interactive processes when you know what prompt to expect. __ Seva
Re: Groups in LDAP
Visit the following URL: http://www.openldap.org/faq/data/cache/52.html This may give you some information to get started. Your requirements drive the schema and the acls. __ Seva Martin Stockhammer wrote: > Hello, > > I use cyrus imap 1.6.24 with OpenLDAP for authentication. > Authentication is made via PAM and the pam_ldap-module. > Now I want to store the groups in LDAP too. What do I have to > do for this? > I have read that nss_ldap is used for this, but I don't know > how to configure it. > > Thanks > > Martin Stockhammer > > -- > > Martin Stockhammer > Visual Analysis GmbH > http://www.visualanalysis.com > email: [EMAIL PROTECTED]
Re: Cyrus/SASL/PAM/LDAP - what am I missing?
Prior version of imapd(/sasl) had problems working
openldap 2.x.x. You may want to down grade the
openldap client module that you link with imapd
to 1.x.x and see if your problems get resolved.
__
Seva
Joshua Penix wrote:
>
> I'm having trouble getting Cyrus-IMAP to authenticate against an OpenLDAP
> server using PAM modules. I seem to be able to get Cyrus/SASL to work with
> PAM when it's authenticating against /etc/passwd, but as soon as I point it
> at LDAP it refuses to work.
>
> Of course, it's hard to know where to post for help when you have so many
> pieces working together. Since I think I limited it down to the PAM -> LDAP
> connection, I sent a large "help me!" message to the padl.com mailing list
> for nss_ldap/pam_ldap modules. But I believe a number of people on this
> list have my intended configuration up and running, so I'm going to re-post
> my "help me!" message below in hope that someone from this list can shed
> some light on my troubles. If you don't know what I'm talking about, then
> just delete me and move along :^)
>
> --Josh
>
> [Below is full description of problem, along with logs]
> ---
>
> I'm working on getting a new installation of the Cyrus IMAP server (2.0.9)
> authenticating against an OpenLDAP (2.0.7) server. As expected, SASL
> (1.5.24), PAM (0.74) and the nss_ldap/pam_ldap modules sit inbetween these
> two.
>
> I believe I've chased the problem down to something between PAM and LDAP
> Cyrus works just fine through SASL and PAM when PAM is pointed to my
> /etc/passwd file. But as soon as I tell PAM to reference LDAP, it starts
> choking...
>
> I understand the need for plain/cleartext passwords throughout the system,
> and believe I have everything compiled and set up to talk that way as
> evidenced by the working Cyrus->SASL->PAM->/etc/passwd route.
>
> But as soon as I change my /etc/pam.d/imap file to look like the following:
>
> -
> #%PAM-1.0
> auth sufficient /lib/security/pam_ldap.so
> auth required /lib/security/pam_unix_auth.so try_first_pass
> accountsufficient /lib/security/pam_ldap.so
> accountrequired /lib/security/pam_unix_acct.so
> -
>
> My Cyrus 'imtest -m login -u jpenix -a jpenix localhost' session goes like
> this:
>
> -
> C: C01 CAPABILITY
> S: * OK celery.projectdesign.com Cyrus IMAP4 v2.0.9 server ready
> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
> NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT
> THREAD=REFERENCES IDLE AUTH=DIGEST-MD5 AUTH=CRAM-MD5 X-NETSCAPE
> S: C01 OK Completed
> Password:
> C: L01 LOGIN jpenix {8}
> + go ahead
> C:
> failure: prot layer failure
> -
>
> The /var/log/ldap.log from the above session:
>
> -
> Feb 26 02:04:29 celery slapd[29687]: daemon: conn=22 fd=18 connection from
> IP=127.0.0.1:33082 (IP=0.0.0.0:389) accepted.
> Feb 26 02:04:29 celery slapd[29687]: conn=22 op=0 BIND dn="" method=128
> Feb 26 02:04:29 celery slapd[29687]: conn=22 op=0 RESULT tag=97 err=0 text=
> Feb 26 02:04:29 celery slapd[29687]: conn=22 op=1 SRCH
> base="dc=projectdesign,dc=com" scope=2 filter="(uid=jpenix)"
> Feb 26 02:04:29 celery slapd[29687]: conn=22 op=1 SEARCH RESULT tag=101
> err=0 text=
> Feb 26 02:04:29 celery slapd[29687]: conn=22 op=2 BIND dn="CN=JOSHUA
> PENIX,DC=PROJECTDESIGN,DC=COM" method=128
> Feb 26 02:04:29 celery slapd[29687]: conn=22 op=2 RESULT tag=97 err=0 text=
> Feb 26 02:04:29 celery slapd[29687]: conn=22 op=3 BIND dn="" method=128
> Feb 26 02:04:29 celery slapd[29687]: conn=22 op=3 RESULT tag=97 err=0 text=
> Feb 26 02:04:29 celery slapd[29687]: conn=22 op=4 UNBIND
> Feb 26 02:04:29 celery slapd[29687]: conn=-1 fd=18 closed
> -
>
> And *no* mention of it in /var/log/messages where I'd expect to see PAM
> messages, and *no* mention of it in /var/log/imapd.log where I'd expect to
> see Cyrus complaining.
>
> Interestingly, the above only happens when I type the password CORRECTLY.
> Here's an 'imtest -m login -u jpenix -a jpenix localhost' where I purposely
> type the password incorrectly:
>
> -
> C: C01 CAPABILITY
> S: * OK celery.projectdesign.com Cyrus IMAP4 v2.0.9 server ready
> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
> NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT
> THREAD=REFERENCES IDLE AUTH=DIGEST-MD5 AUTH=CRAM-MD5 X-NETSCAPE
> S: C01 OK Completed
> Password:
> C: L01 LOGIN jpenix {4}
> + go ahead
> C:
> L01 NO Login failed: authentication failure
> Authentication failed. generic failure
> Security strength factor: 0
> -
>
> And here's the /var/log/ldap.log from the session with incorrect password:
>
> -
> Feb 26 02:07:47 celery slapd[29687]: daemon: conn=23 fd=18 connection from
> IP=127.0.0.1:33084 (IP=0.0.0.0:389) accepted.
> Feb 26 02:07:47 celery slapd[29687]: conn=23 op=0 BIND dn="" method=128
> Feb 26 02:07:47 celery slapd[29687]: conn=23 op=0 RESULT tag=97
Re: Cyrus/SASL/PAM/LDAP - what am I missing?
The following may be relevant to your problems!
Subject: Re: SIGSEGV in combination with pam_ldap->OpenLDAP v2.0.x
Date: Sat, 24 Feb 2001 10:25:59 -0800
From: "Kurt D. Zeilenga" <[EMAIL PROTECTED]>
To: Carsten Hoeger <[EMAIL PROTECTED]>
CC: [EMAIL PROTECTED]
If you intend to use Cyrus SASL with PAM with OpenLDAP,
build OpenLDAP --without-cyrus-sasl to avoid library
reentry issues.
=
Joshua Penix wrote:
>
> I'm having trouble getting Cyrus-IMAP to authenticate against an OpenLDAP
> server using PAM modules. I seem to be able to get Cyrus/SASL to work with
> PAM when it's authenticating against /etc/passwd, but as soon as I point it
> at LDAP it refuses to work.
>
> Of course, it's hard to know where to post for help when you have so many
> pieces working together. Since I think I limited it down to the PAM -> LDAP
> connection, I sent a large "help me!" message to the padl.com mailing list
> for nss_ldap/pam_ldap modules. But I believe a number of people on this
> list have my intended configuration up and running, so I'm going to re-post
> my "help me!" message below in hope that someone from this list can shed
> some light on my troubles. If you don't know what I'm talking about, then
> just delete me and move along :^)
>
> --Josh
>
> [Below is full description of problem, along with logs]
> ---
>
> I'm working on getting a new installation of the Cyrus IMAP server (2.0.9)
> authenticating against an OpenLDAP (2.0.7) server. As expected, SASL
> (1.5.24), PAM (0.74) and the nss_ldap/pam_ldap modules sit inbetween these
> two.
>
> I believe I've chased the problem down to something between PAM and LDAP
> Cyrus works just fine through SASL and PAM when PAM is pointed to my
> /etc/passwd file. But as soon as I tell PAM to reference LDAP, it starts
> choking...
>
> I understand the need for plain/cleartext passwords throughout the system,
> and believe I have everything compiled and set up to talk that way as
> evidenced by the working Cyrus->SASL->PAM->/etc/passwd route.
>
> But as soon as I change my /etc/pam.d/imap file to look like the following:
>
> -
> #%PAM-1.0
> auth sufficient /lib/security/pam_ldap.so
> auth required /lib/security/pam_unix_auth.so try_first_pass
> accountsufficient /lib/security/pam_ldap.so
> accountrequired /lib/security/pam_unix_acct.so
> -
>
> My Cyrus 'imtest -m login -u jpenix -a jpenix localhost' session goes like
> this:
>
> -
> C: C01 CAPABILITY
> S: * OK celery.projectdesign.com Cyrus IMAP4 v2.0.9 server ready
> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
> NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT
> THREAD=REFERENCES IDLE AUTH=DIGEST-MD5 AUTH=CRAM-MD5 X-NETSCAPE
> S: C01 OK Completed
> Password:
> C: L01 LOGIN jpenix {8}
> + go ahead
> C:
> failure: prot layer failure
> -
>
> The /var/log/ldap.log from the above session:
>
> -
> Feb 26 02:04:29 celery slapd[29687]: daemon: conn=22 fd=18 connection from
> IP=127.0.0.1:33082 (IP=0.0.0.0:389) accepted.
> Feb 26 02:04:29 celery slapd[29687]: conn=22 op=0 BIND dn="" method=128
> Feb 26 02:04:29 celery slapd[29687]: conn=22 op=0 RESULT tag=97 err=0 text=
> Feb 26 02:04:29 celery slapd[29687]: conn=22 op=1 SRCH
> base="dc=projectdesign,dc=com" scope=2 filter="(uid=jpenix)"
> Feb 26 02:04:29 celery slapd[29687]: conn=22 op=1 SEARCH RESULT tag=101
> err=0 text=
> Feb 26 02:04:29 celery slapd[29687]: conn=22 op=2 BIND dn="CN=JOSHUA
> PENIX,DC=PROJECTDESIGN,DC=COM" method=128
> Feb 26 02:04:29 celery slapd[29687]: conn=22 op=2 RESULT tag=97 err=0 text=
> Feb 26 02:04:29 celery slapd[29687]: conn=22 op=3 BIND dn="" method=128
> Feb 26 02:04:29 celery slapd[29687]: conn=22 op=3 RESULT tag=97 err=0 text=
> Feb 26 02:04:29 celery slapd[29687]: conn=22 op=4 UNBIND
> Feb 26 02:04:29 celery slapd[29687]: conn=-1 fd=18 closed
> -
>
> And *no* mention of it in /var/log/messages where I'd expect to see PAM
> messages, and *no* mention of it in /var/log/imapd.log where I'd expect to
> see Cyrus complaining.
>
> Interestingly, the above only happens when I type the password CORRECTLY.
> Here's an 'imtest -m login -u jpenix -a jpenix localhost' where I purposely
> type the password incorrectly:
>
> -
> C: C01 CAPABILITY
> S: * OK celery.projectdesign.com Cyrus IMAP4 v2.0.9 server ready
> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
> NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT
> THREAD=REFERENCES IDLE AUTH=DIGEST-MD5 AUTH=CRAM-MD5 X-NETSCAPE
> S: C01 OK Completed
> Password:
> C: L01 LOGIN jpenix {4}
> + go ahead
> C:
> L01 NO Login failed: authentication failure
> Authentication failed. generic failure
> Security strength factor: 0
> -
>
> And here's the /var/log
Re: Partitions in 2.0.11
I was looking at this found that "cyradm" has this problem, where as if you direct login into the imapd server (via telnet) and try creating mailboxes, it works fine. "cyradm" is dropping the partition information when using the createmailbox or cm command. __ Seva > David Fuchs wrote: > > I've been having trouble configuring partitions in 2.0.11. My > /etc/imapd.conf looks like this: > > configdirectory: /usr/imap > defaultpartition: default > partition-default: /usr/imap/user/p0 > partition-p0: /usr/imap/user/p0 > partition-p1: /usr/imap/user/p1 > partition-p2: /usr/imap/user/p2 > partition-p3: /usr/imap/user/p3 > partition-p4: /usr/imap/user/p4 > partition-p5: /usr/imap/user/p5 > partition-p6: /usr/imap/user/p6 > partition-p7: /usr/imap/user/p7 > partition-p8: /usr/imap/user/p8 > partition-p9: /usr/imap/user/p9 > admins: cyrus df > sasl_pwcheck_method: pwcheck > hashimapspool: true > > The problem is that when I create a mailbox, it's always created on > the default partition (p0) no matter which partition I specify: > > cyradm> cm user.testbox p5 << Creates an entry in /usr/imap/user/p0 > rather than /usr/imap/user/p5. > > Can anyone tell me what's wrong? Am I defining the partitions > incorrectly? > > Thanks in advance! > > -David Fuchs > (Running FreeBSD 4.2 / Cyrus 2.0.11 / SASL 1.5.24) > > /* The sender intends this message for a specific recipient and, as it > may contain information that is privileged or confidential, any use, > dissemination, forwarding, or copying by anyone without permission > from the sender is prohibited. Personal e-mail may contain views that > are not necessarily those of the company. */
Re: Partitions in 2.0.11
I am glad to know the new syntax. In fact when I tried your command, cyradm came back giving me the correct command: usage: createmailbox [--partition partition] mailbox [partition] However your command seems to have worked. I wonder what possible partition combinations are allowed in the above syntax; in other words why partition parameter is repeated! Before I was using the syntax provided in the man page of cyradm: createmailbox mailbox [partition] The createmailbox (or cm) command creates a new mail box named mailbox. The optional partition argument specifies the partition name on which to create the mailbox. Hopefully man page gets updated soon with the new syntax. Thanks __ Seva David Fuchs wrote: > > Yeah, it does work if you specify the partition using both forms. > > ie: cm --partition p0 user.test --partition p0 > > -Dave > > - Original Message - > From: Seva Adari <[EMAIL PROTECTED]> > To: David Fuchs <[EMAIL PROTECTED]> > Cc: Cyrus Info Mailing List <[EMAIL PROTECTED]> > Sent: Friday, March 02, 2001 4:13 PM > Subject: Re: Partitions in 2.0.11 > > > I was looking at this found that "cyradm" has this problem, > > where as if you direct login into the imapd server (via telnet) > > and try creating mailboxes, it works fine. > > > > "cyradm" is dropping the partition information when using the > > createmailbox or cm command. > > __ > > Seva > > > > > David Fuchs wrote: > > > > > > I've been having trouble configuring partitions in 2.0.11. My > > > /etc/imapd.conf looks like this: > > > > > > configdirectory: /usr/imap > > > defaultpartition: default > > > partition-default: /usr/imap/user/p0 > > > partition-p0: /usr/imap/user/p0 > > > partition-p1: /usr/imap/user/p1 > > > partition-p2: /usr/imap/user/p2 > > > partition-p3: /usr/imap/user/p3 > > > partition-p4: /usr/imap/user/p4 > > > partition-p5: /usr/imap/user/p5 > > > partition-p6: /usr/imap/user/p6 > > > partition-p7: /usr/imap/user/p7 > > > partition-p8: /usr/imap/user/p8 > > > partition-p9: /usr/imap/user/p9 > > > admins: cyrus df > > > sasl_pwcheck_method: pwcheck > > > hashimapspool: true > > > > > > The problem is that when I create a mailbox, it's always created on > > > the default partition (p0) no matter which partition I specify: > > > > > > cyradm> cm user.testbox p5 << Creates an entry in /usr/imap/user/p0 > > > rather than /usr/imap/user/p5. > > > > > > Can anyone tell me what's wrong? Am I defining the partitions > > > incorrectly? > > > > > > Thanks in advance! > > > > > > -David Fuchs > > > (Running FreeBSD 4.2 / Cyrus 2.0.11 / SASL 1.5.24) > > > > > > /* The sender intends this message for a specific recipient and, as > it > > > may contain information that is privileged or confidential, any use, > > > dissemination, forwarding, or copying by anyone without permission > > > from the sender is prohibited. Personal e-mail may contain views > that > > > are not necessarily those of the company. */ > >
Re: Compilation problems on Redhat 6.2
Try the following in conjunction with "configure": LIBS="-lpopt" ./configure --prefix=. __ Seva Phil Ellett wrote: > > Please can someone help me with this as I am cannot spend any more time on > trying to > get a Postfix/CyrusIMAP system running .. > > After spending weeks battling with DB3/SASL/CyrusIMAP on a test machine and > finally having success and methodically build the software on our production > machine > only to come across the error below ... > > Both production and testbed machine are running Redhat 6.2 > > gcc -c -I. -I.. -I. -I/usr/local/include -I/usr/include -DHAVE_CONFIG_H -O > \ > cyrusMasterMIB.c > gcc -L/usr/local/lib -Wl,-rpath,/usr/local/lib /usr/lib/libpopt.a -g -O2 -o > mas > ter master.o masterconf.o > cyrusMasterMIB.o -lucdagent -lucdmibs -lsnmp -ldl -lfl > -ldb -lcom_err > /usr/bin/../lib/librpm.so.0: undefined reference to `poptParseArgvString' > collect2: ld returned 1 exit status > make[1]: *** [master] Error 1 > make[1]: Leaving directory `/sysdev/webmail/cyrus-imapd-2.0.12/master' > make: *** [all] Error 1 > > The reference it is complaining about is defined in part of the popt package > and > exists in /usr/include/popt.h and /usr/lib/libpopt.a > > Using a configure command of > > env CPPFLAGS="-I/usr/include" \ > LDFLAGS="/usr/lib/libpopt.a" ./configure --without-openssl > > Doesn't seem to help ... > > What on earth is the problem ... > > I have searched through the archive and someone has suggested that this > problem > did not exist with RedHat 6.2 prior to CyrusIMAP 2.0.8, unfortunately > however > I need the specific ip binding feature which I understand only exist in > 2.0.10 > onwards. > > I am very, very patient but cannot believe the complexity and number of > dependant > packages required to compile and configure CyrusIMAP. > > Please help . > > Regards, > > Phil, > > Technimode Ltd, > Sheffield.
Re: Problems with master
Signal 11 death could come from any number of problems. Check if there are any mis-matches with the shared libraries, specially db3 files. Make sure that the running program is not picking up the old libraries lingering around. On Linux you could use "ldd" on the the programs linked with shared libraries to see what is actually being picked up by them. __ Seva Damian Gerow wrote: > > I know this has been flogged to death in the past, but I can't seem to figure > this out. > > I've just compiled and installed cyrus-2.0.12, and when I try to run master > (yes, /etc/cyrus.conf and /etc/imapd.conf exist), I get all of the regular > init stuff, but then all of the processes it starts get "signaled to death > by 11" (taken from /var/log/imapd.log). Does anyone know why?
Re: signalled to death by 11?
This probably should be a FAQ item by now! One of the most common reasons for signal 11 (on Redhat systems) with cyrus is mismatch with the shared libraries. Often times it is the Berkeley db versions that come with the Redhat distribution coming in the way. You may want to do an "ldd imapd", to check the libraries that the compiled version of your programs are picking, if they are not the same as the one that you built them with, then most likely, that is your problem. If the shared libraries look ok then you would have to deal with the logs and see if they have anything to offer and if they don't reveal anything, then you will probably have to deal with core itself by going into "gdb" and looking at the trace and see where it bombed! __ Seva Andreas Rogge wrote: > > --On Thursday, March 22, 2001 23:26:38 -0700 Cory Waddingham > <[EMAIL PROTECTED]> wrote: > > > I recently installed Cyrus 2.0.12 on a RedHat 6.2 system. When I start up > > the server and attempt to connect, I get the following error in my log: > > process exited, signaled to death by 11 > > The signals are described in man 7 signals. Signal 11 (aka SIGSEGV) means a > segmentation fault (i.e. the program tried to write to ram it didn't own) > this generally means a programming error or hardware failure or something > like this (maybe OS-error?). > > -- > Andreas Rogge <[EMAIL PROTECTED]> > Available on IRCnet:#linux.de as Dyson
Re: install problem
If you are using a Linux system, see if you have disallowed connectivity to your "imapd" on your imap server. May not be specifically for "imapd" but for all services. Check the entries in /etc/hosts.allow and /etc/hosts.deny. __ Seva unplug wrote: > > Hi all, > > I have successfully installed and configured the cyrus 2.0.12. > However, > when I try to telnet the imap server, it displays below. > > [root@mail cyrus-imapd-2.0.12]# telnet localhost imap > Trying 10.0.1.14... > Connected to localhost.localdomain. > Escape character is '^]'. > Connection closed by foreign host. > > I make sure imap and pop is added to the /etc/services with the > correct port. I donno what's wrong and anyone can help?? > > Rgds, > unplug
Re: install problem
The latest version of imapd gets built with tcpwrapper library and hence you don't need to list it in /etc/inetd.conf. You would have to provide more details about your configuration and compilation options used, etc. If you are using "PAM" check if you have a config file setup for imap service in /etc/pam.d. __ Seva unplug wrote: > > Yeah, I am using redhat linux6.1. > I have check that the files /etc/hosts.allow & /etc/hosts.deny are > empty. > Below is the config in /etc/services > imap143/tcp > pop3110/tcp > > /etc/inet.conf > imapstream tcp nowait cyrus/usr/cyrus/bin/imapd imapd > pop3stream tcp nowait cyrus /usr/cyrus/bin/pop3dpop3d > > display of netstat > tcp0 0 *:pop3 *:* > LISTEN > tcp0 0 *:imap *:* > LISTEN > > [cyrus@mail cyrus]$ imtest -m login localhost > C: C01 CAPABILITY > failure: prot layer failure > > As you can see, the services of imap & pop3 are running but I donno why > it > can't be connected. > > Any idea?? > > Rgds, > unplug > > Seva Adari wrote: > > > > If you are using a Linux system, see if you have disallowed > > connectivity to your "imapd" on your imap server. May not be > > specifically for "imapd" but for all services. Check the > > entries in /etc/hosts.allow and /etc/hosts.deny. > > __ > > Seva > > > > unplug wrote: > > > > > > Hi all, > > > > > > I have successfully installed and configured the cyrus 2.0.12. > > > However, > > > when I try to telnet the imap server, it displays below. > > > > > > [root@mail cyrus-imapd-2.0.12]# telnet localhost imap > > > Trying 10.0.1.14... > > > Connected to localhost.localdomain. > > > Escape character is '^]'. > > > Connection closed by foreign host. > > > > > > I make sure imap and pop is added to the /etc/services with the > > > correct port. I donno what's wrong and anyone can help?? > > > > > > Rgds, > > > unplug
Re: retrieveing mail quota from LDAP
Are you referring to having access to "quota used" on an on going basis or quota to be set at the time of mail box creation! If you are using PHP or PERL to create a mailbox then, that script ought to be able to interface with a LDAP box and get the quota information. Search thru the list and you may find a perl script posted by some one some time ago for querying the "quota used". I would think twice before I would have "quota used" put into LDAP. May be that is not what your query is about! __ Seva Atif Ghaffar wrote: > > Hi. > Is it possible to retrieve quota information from LDAP? > We have all user information about with uid, password, maildrop etc in > LDAP, and we have a web frontend to manage that information. > It would be cool if that information is retrieved from LDAP its > centralized, can be shared with multiple imap stores, modifying it is > easy and the support people dont have to learn another interface. > > Anyone has any patches for 2.0.12 for that? > > thanks in advance. > > -- > Atif Ghaffar > Internet Development Manager > 4unet AG/SA/Ltd. > -. > +41 21 351 53 60 ¦ voice > +41 78 787 51 45 ¦ mobile > +41 86 0796598972¦ fax > http://www.4unet.net ¦ www > http://atif.developer.ch ¦ homepage > [EMAIL PROTECTED] ¦ email
Re: Trying hard to get imap working.
Did you set up pam configuration file for imap? It goes under dir /etc/pam.d on RedHat systems. You have indicated you want to use pam & ldap combination but you compilation option "--with-auth=unix" MAY ( I am not quite sure) use unix's native "/etc/passwd" and "/etc/group" files for authentication. I am not sure if that is what you want! __ Seva Tarjei Huse wrote: > > Hi > > My problem lies in that I cannot manage to authenticate to cyrus-imap via > pam. > > My apolegies if some questions are offtoppic, pls redirect med to the right > list. > > I've been hitting my head againt the keyboard now for the last week trying > to get cyrus use pam-ldap. I realy need help (anyone know a good shrink? ) I > am starting to belive that cyrus was made to make my life hell. Anyhow, I > hole that if some ppl read this mail and points out the most obvious > misstakes, I'll help me a lot. > > Tank you for any input that solves the problem. > > PS: The machine is a P733, running rh 6.2 kernel 2.4.3 v/reiser fs and > db3.2. installed with preifx=/usr. > > Now. As much as answers, some good advice on where to look would bee good. > ;) > > I've got some ideas I need input on, so that I know where to start looking: > 1. I have not installed pam-devel is this nessecery to get sasl->pam > working?(sasl from source) > 2. I compiled cyrus with --with-auth=unix. I tried to user --with-auth-pam > but it didn't work althoug I've seen it mentioned on the list. Why? (imapd > didn't compile, it complaind about not fining authpam.o or something) > 3. It seems that ldap does not get my userid when I try to athuenticate (se > log), could this be the problem, if so, where do I fix it? > 4. Is it possible to have more arguments of some kind in the service.conf > file in lib/sasl? Richt now the file says > pwcheck_method:PAM. What more is needed? > 5. Imtest segfaults. Is this the imapd server segfaulting? > > My problem lies in that I cannot manage to authenticate to cyrus. I've tried > most things. Heres a transcript of to imtest sessions I've had: > > [tarjei@mailserver log]$ imtest -m login -p imap localhost > C: C01 CAPABILITY > S: * OK mailserver Cyrus IMAP4 v2.0.12 server ready > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID > NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT > THREAD=REFERENCES IDLE > S: C01 OK Completed > Segmentation fault > > [I have no name!@mailserver log]$ imtest -m plain -p imap localhost > C: C01 CAPABILITY > S: * OK mailserver Cyrus IMAP4 v2.0.12 server ready > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID > NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT > THREAD=REFERENCES IDLE > S: C01 OK Completed > C: A01 AUTHENTICATE PLAIN > S: A01 NO no mechanism available > Authentication failed. generic failure > Security strength factor: 0 > . logout > * BYE LOGOUT received > . OK Completed > Connection closed. > [I have no name!@mailserver log]$ > > <-- heres a snip from my ldap log --> > Apr 9 13:15:08 mailserver slapd[14213]: conn=1107 op=1 SEARCH RESULT > tag=101 err=0 text= > Apr 9 13:15:08 mailserver slapd[14210]: daemon: conn=1108 fd=34 connection > from IP=127.0.0.1:3291 (IP=0.0.0.0:389) accepted. > Apr 9 13:15:08 mailserver slapd[14212]: conn=1108 op=0 BIND > dn="CN=MANAGER,O=NU,C=NO" method=128 > Apr 9 13:15:08 mailserver slapd[14212]: conn=1108 op=0 RESULT tag=97 err=0 > text= > Apr 9 13:15:08 mailserver slapd[14616]: conn=1108 op=1 SRCH > base="o=nu,c=no" scope=2 filter="(&(objectClass=posixAccount)(uidNumber > =0))" > <<- It clearly shows that something goes to the server, but not the > username! (anyone know why? ) > > <<-- imapd.conf in /etc --_>> > configdirectory: /var/imap > partition-default: /var/spool/imap > admins: cyrus tarjei > allowanonymouslogin: no > allowplaintext: yes > # To use the PAM for authentication (but not /etc/passwd or shadow), change > # the following line to specify "pam" instead of "sasldb". > sasl_pwcheck_method: pam > > <-- cyrus.conf in /usr/lib/sasl: --> > pwcheck_method:PAM > > Is it possible to have more arguments of some kind in the service.conf file > in lib/sasl? > > Also here's what I compiled cyrus-imap with: > ./configure \ > --prefix=/usr \ > --with-openssl=/usr/include/openssl \ > --with-cyrus-prefix=/usr/cyrus \ > --with-sasl \ > --with-openssl=/usr/include/openssl \ > --disable-krb4 \ > --disable-gssapi \ > --with-cyrus-user=cyrus \ > --with-auth=unix \ > --with-perl=/usr \ > --with-cyrus-group=mail > > and cyrus-sasl: > CC="gcc" \ > ./configure \ > --prefix=/usr \ > --enable-shared \ > --enable-login \ > --without-krb \ > --without-gssapi \ > --disable-anon \ > --enable-static \ > --mandir=/usr/share/man \ > --infodir=/usr/share/info \ > --with-pwcheck_method=PAM \ > --with-pam=/lib/security \ > --enable-plain \
Re: Cyrus, MySQL, Sendmail configuration problems
What do you have your "sasl_pwcheck_method" in imapd.conf is set to? If it is PAM, then you have to have appropriate libraries listed in your pam file. On a RedHat system it is /etc/pam.d/imap. __ Seva Patrick Baron wrote: > > I'm wondering if there are some of you who are successfully using MySQL to > authenticate Cyrus mailbox passwords For the past fortnight I've been trying > unsuccessfully to get a Cyrus-imapd, -sasl, MySQL installation up and > running and running out of ideas fast to get it going. > > Getting down to the gist of the matter: > > I've loaded up all the required Perl packages, plus pwcheck_mysql-0.1, > authcheck.pl etc... installed Vladimer Ivaschenko cyrus-imapd-sql*rpm & > cyrus-sasl*rpm's (www.hazard.maks.net) > > Issues... > > * I initially had problems logging into the cyrus daemon as Userid cyrus > until I created Userid curus (with shadow password enabled) before I > installed cyrus. Imapadmin.cgi.pl rejected the "admin' login until I changed > the setup order. I also couldn't login as cyradm in Userid cyrus mode > either. > > * In order to create, delete, & alter mailboxes plus passwords I had to > create an Userid for "admin". > > With Cyrus now up & running in Userid cyrus.. > > * I can login via "admin" (using imapadmin.cgi.pl), and can create, alter, & > delete cyrus mailboxes. Login & Passwords are automatically created in MySQL > imap database. > * However I'm unable to access the mailboxes unless the mailbox has a Userid > eg admin - which defeats the purpose of running Cyrus. My log file indicates > an authentication issue with mailboxes (except for "admin") ie. no Userid. > > * Also pwcheck doesn't automatically loadup. I've had to create an entry in > rc.local. Even then it bombs out fairly easily. > > * I have aslo tried building pwcheck_myslq into the source file (into > cyrus-sasl*.tar.gz and installed together with cyrus-imapd*.tar.gz) without > any success. > > Is there: > > * An issue with pwcheck - that preventing mailboxes without Userid's being > authenticated ? > * ..Anyway to get the system running without having to creater Userid's for > everybody. > * Anything I may have overlooked when setting up & configuring the packages > ? > > Appreciate any help... > > Patrick
Re: Cyrus, MySQL, Sendmail configuration problems
I have not used the Mysql authentication! But if you turn the logs on for mysql, you could see what is going on at that end. Mysql itself has a permissioning system of its own, see if that is interfering in any way. Another place to look at is the imapd log itself; see if anything meaningful is there. __ Seva Patrick Baron wrote: > > pwcheck. Apparently the pwcheck module supplied with Cyrus-imapd - sasl has > support > for MySQL authentication > > Patrick > > - Original Message - > From: "Seva Adari" <[EMAIL PROTECTED]> > To: "Patrick Baron" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Monday, April 23, 2001 7:20 PM > Subject: Re: Cyrus, MySQL, Sendmail configuration problems > > > What do you have your "sasl_pwcheck_method" in imapd.conf is set > > to? If it is PAM, then you have to have appropriate libraries > > listed in your pam file. On a RedHat system it is /etc/pam.d/imap. > > __ > > Seva > > > > Patrick Baron wrote: > > > > > > I'm wondering if there are some of you who are successfully using MySQL > to > > > authenticate Cyrus mailbox passwords For the past fortnight I've been > trying > > > unsuccessfully to get a Cyrus-imapd, -sasl, MySQL installation up and > > > running and running out of ideas fast to get it going. > > > > > > Getting down to the gist of the matter: > > > > > > I've loaded up all the required Perl packages, plus pwcheck_mysql-0.1, > > > authcheck.pl etc... installed Vladimer Ivaschenko cyrus-imapd-sql*rpm & > > > cyrus-sasl*rpm's (www.hazard.maks.net) > > > > > > Issues... > > > > > > * I initially had problems logging into the cyrus daemon as Userid cyrus > > > until I created Userid curus (with shadow password enabled) before I > > > installed cyrus. Imapadmin.cgi.pl rejected the "admin' login until I > changed > > > the setup order. I also couldn't login as cyradm in Userid cyrus mode > > > either. > > > > > > * In order to create, delete, & alter mailboxes plus passwords I had to > > > create an Userid for "admin". > > > > > > With Cyrus now up & running in Userid cyrus.. > > > > > > * I can login via "admin" (using imapadmin.cgi.pl), and can create, > alter, & > > > delete cyrus mailboxes. Login & Passwords are automatically created in > MySQL > > > imap database. > > > * However I'm unable to access the mailboxes unless the mailbox has a > Userid > > > eg admin - which defeats the purpose of running Cyrus. My log file > indicates > > > an authentication issue with mailboxes (except for "admin") ie. no > Userid. > > > > > > * Also pwcheck doesn't automatically loadup. I've had to create an entry > in > > > rc.local. Even then it bombs out fairly easily. > > > > > > * I have aslo tried building pwcheck_myslq into the source file (into > > > cyrus-sasl*.tar.gz and installed together with cyrus-imapd*.tar.gz) > without > > > any success. > > > > > > Is there: > > > > > > * An issue with pwcheck - that preventing mailboxes without Userid's > being > > > authenticated ? > > > * ..Anyway to get the system running without having to creater Userid's > for > > > everybody. > > > * Anything I may have overlooked when setting up & configuring the > packages > > > ? > > > > > > Appreciate any help... > > > > > > Patrick > > > >
Re: synchronous ext2 filesystem
If you are 100% sure that your system never breaks down accidentally (say for example due to power loss, cable cut, etc) then it is 100% safe to use asynchronous mode and as you have pointed out there will be performance benefits. However, the probability of things going wrong at the wrong time is usually high and hence on a reasonably loaded mail server, it is not a good idea to not to sync the bit on the Linux systems with ext2fs. Depending on your requirements, you may want to consider looking at alternatives such as getting a better scsi controller or faster scsi disks or even an alternate file system, instead of doing away with sync bit. __ Seva "John C. Amodeo" wrote: > > Greetings, > > I know this has come up before, but is the Cyrus policy for reliability > still to have the synchronous bit set on a Linux ext2 file system? How > damaging could it be if you elect not to use this method (for > performance issues?) > > >>chattr +S . user quota user/* quota/* > >>chattr +S /var/spool/imap > >>chattr +S /var/spool/mqueue > > Thanks, > > -John > __ > John C. Amodeo, Associate Director > Information Technology and Computer Operations > Faculty of Arts & Sciences, Rutgers University > 732.932.9455-voice 732.932.0013-fax
Re: signalled to death by 11?
Could you elaborate the reason for this observation. Why would an over heated system be discriminating imap server process and not the master process or for that matter any other process on the system? __ Seva "Kevin J. Menard, Jr." wrote: > > Hey Seva, > > This could also be due to an overheating system. > > -- > Kevin > > Friday, March 23, 2001, 11:48:29 AM, you wrote: > > SA> This probably should be a FAQ item by now! One of the most > SA> common reasons for signal 11 (on Redhat systems) with cyrus > SA> is mismatch with the shared libraries. Often times it is the > SA> Berkeley db versions that come with the Redhat distribution > SA> coming in the way. > > SA> You may want to do an "ldd imapd", to check the libraries that > SA> the compiled version of your programs are picking, if they > SA> are not the same as the one that you built them with, then most > SA> likely, that is your problem. If the shared libraries look ok > SA> then you would have to deal with the logs and see if they have > SA> anything to offer and if they don't reveal anything, then you > SA> will probably have to deal with core itself by going into "gdb" > SA> and looking at the trace and see where it bombed! > > SA> __ > SA> Seva > > SA> Andreas Rogge wrote: > >> > >> --On Thursday, March 22, 2001 23:26:38 -0700 Cory Waddingham > >> <[EMAIL PROTECTED]> wrote: > >> > >> > I recently installed Cyrus 2.0.12 on a RedHat 6.2 system. When I start up > >> > the server and attempt to connect, I get the following error in my log: > >> > process exited, signaled to death by 11 > >> > >> The signals are described in man 7 signals. Signal 11 (aka SIGSEGV) means a > >> segmentation fault (i.e. the program tried to write to ram it didn't own) > >> this generally means a programming error or hardware failure or something > >> like this (maybe OS-error?). > >> > >> -- > >> Andreas Rogge <[EMAIL PROTECTED]> > >> Available on IRCnet:#linux.de as Dyson
Re: signalled to death by 11?
"master" process is the daemon here and it spawns an "imapd" process
to service an imap request. It is the "imapd" process that is of
interest to you.
I believe that by default cyrus compilation includes "-g" flag to
enable us to carry out debugging or to read the core dumps, if not
you should be able to pass that to "configure" via "CPPFLAGS" option.
__
Seva
"Reynald I. Ngo" wrote:
>
> Hi,
>
> Do you think its with the libraries that's being called by the daemons? How do
>i link gdb to my Cyrus IMAP during compile time? Do i edit the Makefile? TYI! {=)
>
> >> SA> You may want to do an "ldd imapd", to check the libraries that
> >> SA> the compiled version of your programs are picking, if they
> >> SA> are not the same as the one that you built them with, then most
> >> SA> likely, that is your problem. If the shared libraries look ok
> >> SA> then you would have to deal with the logs and see if they have
> >> SA> anything to offer and if they don't reveal anything, then you
> >> SA> will probably have to deal with core itself by going into "gdb"
> >> SA> and looking at the trace and see where it bombed!
>
> Get 250 color business cards for FREE!
> http://businesscards.lycos.com/vp/fastpath/
