<div dir="ltr">Hi mates!!<br><br><br>Well some days and hours now testing cyrus... lol; well the problem is that I have decided to try auth throgh pam_mysql with saslauthd... it works for postfix smtp auth and for pop3. When you do a testsaslauthd or try to login via IMAP it does't work... it sais :<br>
<br>In auth.log :<br>Sep 15 02:27:45 correopiloto imap[1741]: sql_select option missing<br>Sep 15 02:27:45 correopiloto imap[1741]: auxpropfunc error no mechanism available<br>Sep 15 02:27:45 correopiloto saslauthd[1216]: do_auth : auth failure: [user=<a href="mailto:egoitz@ramattack.net">egoitz@ramattack.net</a>] [service=imap] [realm=<a href="http://ramattack.net">ramattack.net</a>] [mech=pam] [reason=PAM auth error]<br>
<br>In messages :<br><br>Sep 15 02:27:45 correopiloto imap[1741]: sql_select option missing<br>Sep 15 02:27:45 correopiloto imap[1741]: auxpropfunc error no mechanism available<br>Sep 15 02:27:45 correopiloto imap[1741]: badlogin: localhost [<a href="http://127.0.0.1">127.0.0.1</a>] plaintext <a href="mailto:egoitz@ramattack.net">egoitz@ramattack.net</a> SASL(-13): authentication failure: checkpass failed<br>
<br>It's like it hadn't been compiled for using saslauthd... but... cyrus pop3 works fine (and you know imap and pop share config file...) and Postfix smtpd auth too!! <br><br>If in the file I set pwcheck to auxprop and uncomment the end sasl_sql lines it works nice!! but if I try to use saslauthd doesn't work and can't loging too through cyradm... Any help is apreciated please....<br>
<br><br>The config file is :<br><br># $FreeBSD: ports/mail/cyrus-imapd23/files/imapd.conf,v 1.13 2004/11/22 08:15:15 ume Exp $<br>#<br># Sample configurations file for Cyrus IMAPd<br># Most lines in this file are commented; in this case the default is used. <br>
# The commented lines (usually) contain the default value<br><br># The pathname of the IMAP configuration directory<br>#<br>#configdirectory: /var/imap<br>configdirectory: /expert/correo/imap<br><br># The partition name used by default for new mailboxes<br>
#<br>#defaultpartition: default<br><br># The directory for the different partitions<br>#<br>#partition-default: /var/spool/imap<br>partition-default: /expert/correo/spool/imap<br><br># Use the UNIX separator character '/' for delimiting levels of<br>
# mailbox hierarchy. The default is to use the netnews separator<br># character '.'.<br>#unixhierarchysep: no<br>unixhierarchysep: yes<br><br># Use the alternate IMAP namespace, where personal folders reside at<br>
# the same level in the hierarchy as INBOX.<br>#<br>#altnamespace: no<br>altnamespace: yes<br><br># If using the alternate IMAP namespace, the prefix for the other<br># users namespace. The hierarchy delimiter will be automatically<br>
# appended.<br>#<br>#userprefix: Other Users<br><br># If using the alternate IMAP namespace, the prefix for the shared<br># namespace. The hierarchy delimiter will be automatically appended.<br>#<br>#sharedprefix: Shared Folders<br>
<br># The umask value used by various Cyrus IMAP programs<br>#<br>#umask: 077<br><br># This is the hostname visible in the greeting messages of the POP,<br># IMAP and LMTP daemons. If it is unset, then the result returned from<br>
# gethostname(2) is used.<br>#<br>#servername: <result returned by gethostname(2)><br><br># Whether to allow anonymous logins<br>#<br>#allowanonymouslogin: no<br><br># Allow the use of cleartext passwords on the wire.<br>
#<br>allowplaintext: yes<br><br># The percent of quota utilization over which the server generates<br># warnings.<br>#<br>quotawarn: 90<br><br># The length of the IMAP server's inactivity autologout timer, in minutes.<br>
# The minimum value is 30, the default.<br>#<br>#timeout: 30<br><br># The interval (in seconds) for polling the mailbox for changes while<br># running the IDLE command. This option is used when idled can not be<br># contacted or when polling is used exclusively. The minimum value is<br>
# 1. A value of 0 will disable polling (and disable IDLE if polling<br># is the only method available).<br>#<br>#imapidlepoll: 60<br><br># If enabled, the server responds to an ID command with a parameter<br># list containing: version, vendor, support-url, os, os-version,<br>
# command, arguments, environment. Otherwise the server returns NIL.<br>#<br>#imapidresponse: yes<br><br># Set the length of the POP server's inactivity autologout timer, in<br># minutes. The minimum value is 10, the default.<br>
#<br>#poptimeout: 10<br><br># Set the minimum amount of time the server forces users to wait between <br># successive POP logins, in minutes. The default is 0.<br>#<br>#popminpoll: 0<br><br># The number of days advertised as being the minimum a message may be<br>
# left on the POP server before it is deleted (via the CAPA command,<br># defined in the POP3 Extension Mechanism, which some clients may<br># support). "NEVER", the default, may be specified with a negative<br>
# number. The Cyrus POP3 server never deletes mail, no matter what<br># the value of this parameter is. However, if a site implements a<br># less liberal policy, it needs to change this parameter accordingly.<br>#<br>#popexpiretime: 0<br>
<br># The list of userids with administrative rights. Separate each userid<br># with a space. We recommend that administrator userids be separate from <br># standard userids. Sites using Kerberos authentication may use separate<br>
# "admin" instances.<br>#<br>#admins: <none><br>admins: cyrus<br><br># A list of users and groups that are allowed to proxy for other<br># users, seperated by spaces. Any user listed in this will be allowed<br>
# to login for any other user: use with caution.<br>#<br>#proxyservers: <none><br><br># The Access Control List (ACL) placed on a newly-created (non-user)<br># mailbox that does not have a parent mailbox.<br>#<br>#defaultacl: anyone lrs<br>
<br># The pathname of the news spool directory. Only used if the partition-news<br># configuration option is set.<br>#<br>#newsspool: <no default><br><br># Prefix to be prepended to newsgroup names to make the corresponding IMAP<br>
# mailbox names.<br>#<br>#newsprefix: <none><br><br># If nonzero, normal users may create their own IMAP accounts by creating<br># the mailbox INBOX. The user's quota is set to the value if it is positive,<br># otherwise the user has unlimited quota.<br>
#<br>#autocreatequota: 0<br><br># Include notations in the protocol telemetry logs indicating the number<br># of seconds since the last command or response.<br>#<br>#logtimestamps: no<br><br># Number of seconds to pause after a successful plaintext login. For systems<br>
# that support strong authentication, this permits users to perceive a cost<br># of using plaintext passwords.<br>#<br>#plaintextloginpause: 0<br><br># The pathname of srvtab file containing the server's private key.<br>
# This option is passed to the SASL library and overrides its default<br># setting.<br>#<br>#srvtab: /etc/srvtab<br><br># The list of remote realms whose users may log in using cross-realm<br># authentications. Seperate each realm name by a space. This option is<br>
# only used when the server is compiled with Kerberos authentication.<br>#<br>#loginrealms: <none><br><br># If enabled, any authentication identity which has a rights on a user's<br># INBOX may log in as that user. This option is only used when the server<br>
# is compiled with Kerberos authentication.<br>#<br>#loginuseacl: no<br><br># If enabled, lmtpd attempts to only write one copy of a message per<br># partition and create hard links, resulting in a potentially large<br># disk savings.<br>
#<br>#singleinstancestore: yes<br><br># If enabled, lmtpd will suppress delivery of a message to a mailbox<br># if a message with the same message-id (or resent-message-id) is<br># recorded as having already been delivered to the mailbox. Records<br>
# the mailbox and message-id/resent-message-id of all successful<br># deliveries.<br>#<br>#duplicatesuppression: yes<br><br># If enabled, lmtpd rejects messages with 8-bit characters in the<br># headers. Otherwise, 8-bit characters are changed to `X'. (A proper<br>
# soultion to non-ASCII characters in headers is offered by RFC 2047<br># and its predecessors.)<br>#<br>#reject8bit: no<br><br># Maximum incoming LMTP message size. If set, lmtpd will reject<br># messages larger than maxmessagesize bytes. The default is to allow<br>
# messages of any size.<br>#<br>#maxmessagesize: <unlimited><br>maxmessagesize: 20971520<br>lmtp_over_quota_perm_failure: yes<br><br># Userid used to deliver messages to shared folders. For example, if<br># set to "bb", email sent to "bb+shared.blah" would be delivered to<br>
# the "shared.blah" folder. By default, an email address of<br># "+shared.blah" would be used.<br>#postuser: <none><br><br># If enabled at compile time, this specifies a URL to reply when<br># Netscape asks the server where the mail administration HTTP server<br>
# is. The default is a site at CMU with a hopefully informative<br># message; administrators should set this to a local resource with<br># some information of greater use.<br>#<br>#netscapeurl: <a href="http://andrew2.andrew.cmu.edu/cyrus/imapd/netscapeadmin.html">http://andrew2.andrew.cmu.edu/cyrus/imapd/netscapeadmin.html</a><br>
<br># Notifyd(8) method to use for "MAIL" notifications. If not set,<br># "MAIL" notifications are disabled.<br>#<br>#mailnotifier: <no default><br><br># Notifyd(8) method to use for "SIEVE" notifications. If not set,<br>
# "SIEVE" notifications are disabled.<br>#<br># This method is only used when no method is specified in the script.<br>#<br>#sievenotifier: <no default><br><br># If enabled, lmtpd will look for Sieve scripts in user's home<br>
# directories: ~user/.sieve.<br>#<br>sieveusehomedir: false<br><br># If sieveusehomedir is false, this directory is searched for Sieve scripts.<br># The active Sieve script is s called "default", placed in the users sieve<br>
# sieve directory (ie. /var/imap/sieve/u/user).<br>#<br>#sievedir: /var/imap/sieve<br>sievedir: /expert/correo/imap/sieve<br><br># The pathname of the sendmail executable. Sieve uses sendmail for<br># sending rejections, redirects and vaca- tion responses.<br>
#<br>#sendmail: /usr/sbin/sendmail<br><br># Username that is used as the 'From' address in rejection MDNs<br># produced by sieve.<br>#<br>#postmaster: postmaster<br><br># If enabled, the partitions will also be hashed, in addition to the hashing<br>
# done on configuration directories. This is recommended if one partition has<br># a very bushy mailbox tree.<br>#<br>#hashimapspool: false<br>hashimapspool: true<br><br># Maximum size (in kilobytes) any sieve script can be, enforced at<br>
# submission by timsieved(8).<br>#<br>#sieve_maxscriptsize: 32<br><br># Maximum number of sieve scripts any user may have, enforced at<br># submission by timsieved(8).<br>#<br>#sieve_maxscripts: 5<br><br># The cyrusdb backend to use for mailbox annotations.<br>
# Allowed values: berkeley, skiplist<br>#<br>#annotation_db: skiplist<br><br># The cyrusdb backend to use for the duplicate delivery suppression<br># and sieve.<br># Allowed values: berkeley, berkeley-nosync, skiplist<br>
#<br>#duplicate_db: berkeley-nosync<br><br># The cyrusdb backend to use for the mailbox list.<br># Allowed values: flat, berkeley, skiplist<br>#<br>#mboxlist_db: skiplist<br><br># The cyrusdb backend to use for the pts cache.<br>
# Allowed values: berkeley, skiplist<br>#<br>#ptscache_db: berkeley<br><br># The cyrusdb backend to use for the seen state.<br># Allowed values: flat, berkeley, skiplist<br>#<br>#seenstate_db: skiplist<br><br># The cyrusdb backend to use for the subscriptions list.<br>
# Allowed values: flat, berkeley, skiplist<br>#<br>#subscription_db: flat<br><br># The cyrusdb backend to use for the TLS cache.<br># Allowed values: berkeley, berkeley-nosync, skiplist<br>#<br>#tlscache_db: berkeley-nosync<br>
<br># Maximum SSF (security strength factor) that the server will allow a<br># client to negotiate.<br>#<br>#sasl_maximum_layer: 256<br><br># The minimum SSF that the server will allow a client to negotiate. A<br># value of 1 requires integrity protection; any higher value requires<br>
# some amount of encryption.<br>#<br>#sasl_minimum_layer: 0<br><br># The mechanism used by the server to verify plaintext passwords. Possible<br># values include "auxprop" or "saslauthd"<br>#<br>sasl_pwcheck_method: saslauthd<br>
# If enabled, the SASL library will automatically create authentication<br># secrets when given a plaintext password. See the SASL documentation.<br>#<br>#sasl_auto_transition: no<br><br># Whitespace separated list of mechanisms to allow (e.g. 'plain otp').<br>
# Used to restrict the mechanisms to a subset of the installed<br># plugins. The default is all available.<br>#<br>#sasl_mech_list: cram-md5 digest-md5<br>sasl_mech_list: plain<br><br># Location of the opiekeys file<br>#<br>
#sasl_opiekeys: /etc/opiekeys<br><br># File containing the global certificate used for ALL services (imap,<br># pop3, lmtp).<br>#<br>#tls_cert_file: <none><br><br># File containing the private key belonging to the global server<br>
# certificate.<br>#<br>#tls_key_file: <none><br><br># File containing the certificate used for imap ONLY. If not<br># specified, the global certificate is used. A value of "disabled"<br># will disable SSL/TLS for imap.<br>
#<br>#imap_tls_cert_file: <none><br><br># File containing the private key belonging to the imap-specific<br># server certificate. If not specified, the global private key is<br># used. A value of "disabled" will disable SSL/TLS for imap.<br>
#<br>#imap_tls_key_file: <none><br><br># File containing the certificate used for pop3 ONLY. If not<br># specified, the global certificate is used. A value of "disabled"<br># will disable SSL/TLS for pop3.<br>
#<br>#pop3_tls_cert_file: <none><br><br># File containing the private key belonging to the pop3-specific<br># server certificate. If not specified, the global private key is<br># used. A value of "disabled" will disable SSL/TLS for pop3.<br>
#<br>#pop3_tls_key_file: <none><br><br># File containing the certificate used for lmtp ONLY. If not<br># specified, the global certificate is used. A value of "disabled"<br># will disable TLS for lmtp.<br>
#<br>#lmtp_tls_cert_file: <none><br><br># File containing the private key belonging to the lmtp-specific<br># server certificate. If not specified, the global private key is<br># used. A value of "disabled" will disable TLS for lmtp.<br>
#<br>#lmtp_tls_key_file: <none><br><br># File containing the certificate used for sieve ONLY. If not<br># specified, the global certificate is used. A value of "disabled"<br># will disable TLS for sieve.<br>
#<br>#sieve_tls_cert_file: <none><br><br># File containing the private key belonging to the sieve-specific<br># server certificate. If not specified, the global private key is<br># used. A value of "disabled" will disable TLS for sieve.<br>
#<br>#sieve_tls_key_file: <none><br><br># File containing one or more Certificate Authority (CA) certificates.<br>#<br>#tls_ca_file: <none><br><br># Path to directory with certificates of CAs.<br>#<br>#tls_ca_path: <none><br>
<br># The length of time (in minutes) that a TLS session will be cached<br># for later reuse. The maximum value is 1440 (24 hours), the default.<br># A value of 0 will disable session caching.<br>#<br>#tls_session_timeout: 1440<br>
<br># The right that a user needs to delete a mailbox.<br>#<br>#deleteright: c<br><br># Unix domain socket that lmtpd listens on, used by deliver(8).<br>#<br>#lmtpsocket: /var/imap/socket/lmtp<br>lmtpsocket: /expert/correo/imap/socket/lmtp<br>
<br># Unix domain socket that idled listens on.<br>#<br>#idlesocket: /var/imap/socket/idle<br>idlesocket: /expert/correo/imap/socket/idle<br><br># Unix domain socket that the new mail notification daemon listens on.<br>#<br>
#notifysocket: /var/imap/socket/notify<br>notifysocket: /expert/correo/imap/socket/notify<br><br>serverinfo: no<br><br><br><br>virtdomains: on<br>defaultdomain: <a href="http://correopiloto.ramattack.net">correopiloto.ramattack.net</a><br>
<br># sasl_auxprop_plugin: sql<br># sasl_sql_engine: mysql<br># sasl_sql_user: imapuser<br># sasl_sql_passwd: niu69lqh<br># sasl_sql_hostnames: <a href="http://127.0.0.1">127.0.0.1</a><br># sasl_sql_database: mail<br># sasl_sql_select: select clave from usuarios where email = '%u@%r' and activo=1<br>
#sasl_sql_verbose: true<br><br>lmtp_downcase_rcpt: on<br><br>#<br># EOF<br><br><br><br><br><br><br><br>I'm running FreeBSD and all is installed though FreeBSD ports... <br clear="all"><br>Thank you very much people :)<br>
</div>