NOT ABLE TO ADMINISTER MAIL BOXES WITH CYRUS-2.2.10

Igor Brezac igor at ipass.net
Mon Dec 13 10:27:17 EST 2004 


On Mon, 13 Dec 2004, Eric Estabrooks wrote:

> Could this be related to other changes?  Recently we went from 2.2.2 to 2.2.9 
> and our cyrus admin stopped authenticating for us it turned out the ip lookup 
> was taking precedence over name lookup but only for the default domain.  By 
> this I mean that if our default domain was say 123.com but the box 
> resolved to 234.com then someone logging in with user at 123.com would be 
> looked up as user at 234.com in the authentication layer.

Well this is an unfortunate bug and the only workaround is to change your 
reverse lookup to host.defaultdomain.

There is a fix for this, but unfortunately the fix may create 
authentication performance penalty in certain configurations (mostly with 
unix groups I think, it has been awhile since I looked at that code).

-Igor


> For use it didn't matter to much as we don't use ip based auth'ing but 
> require the user at domain notation so I just set the virtualdomains option to 
> userid (in /etc/imapd.conf) so it wouldn't do ip lookup at all.
>
> Eric
>
> ALD wrote:
>
>> My version of cyradm is same as supplied with the cyrus-2.2.10 source
>> I agree that cyradm does not get compiled as supplies and you need to patch 
>> line no 46 of Makefile.pl as under to get it compiled
>> 
>> my $SASL_LIB = $ENV{SASL_LIB} || "-lsasl2 -ldb";
>> 
>> I have patched the Makefile.PL and have recompiled cyradm and cyrus
>> As far as permissions on various directories are concerned , my 
>> cyrus-2.0.16 was working perfect till last week and I have just upgraded to 
>> 2.2.10  exactly following the steps in documentation
>> If some of the permissions were wrong then the programs in /usr/cyrus/bin/ 
>> when run as cyrus user will also give some error but all programs are 
>> working fine
>> 
>> In my opinion there could be either of  two problems :
>> 
>> 1. php and cyradm mailbox adsministation commands are reading the 
>> mailbox.db not as skiplist database but as bdb file
>> 2. Cyrus support for virtual domains is creating problem for php and cyradm
>> 
>> Except for cyradm and php mailbox administation commands everything is fine
>> I am using imp as webmail interface which is wotking fine
>> 
>> I am not getting any clue from any of log even all debuggers are ser on
>> 
>> Regards ,
>> 
>> AJIT DIXIT
>> 
>> 
>> 
>> 
>> Peter P. Benac wrote:
>> 
>>> There is several references in the archives that state the version of 
>>> cyradm
>>> must be the same as Cyrus IMAP; however since your PHP progams fails I 
>>> have
>>> to wonder if you have setup all the directories with the correct
>>> permissions.
>>> 
>>> You should check to make sure permissions on all the IMAP directories are 
>>> as
>>> discribed in the documenation.
>>> 
>>> Regards,
>>> Pete
>>> ----
>>> Peter P. Benac, CCNA
>>> Celtic Spirit Network Solutions
>>> Providing Network and Systems Project Management and Installation and Web
>>> Hosting.
>>> Phone: 919-618-2557
>>> Web: http://www.emacolet.com
>>> Need quick reliable Systems or Network Management advice visit
>>> http://www.nmsusers.org
>>> 
>>> To have principles...
>>>             First have courage.. With principles comes integrity!!!
>>> 
>>> 
>>> 
>>> -----Original Message-----
>>> From: owner-info-cyrus at lists.andrew.cmu.edu
>>> [mailto:owner-info-cyrus at lists.andrew.cmu.edu] On Behalf Of ALD
>>> Sent: Saturday, December 11, 2004 13:21
>>> To: Per olof Ljungmark; info-cyrus at lists.andrew.cmu.edu
>>> Subject: Re: NOT ABLE TO ADMINISTER MAIL BOXES WITH CYRUS-2.2.10
>>> 
>>> 
>>> I do not have permanent solution but I have solved the problem as under :
>>> 
>>> I have downloaded Autocreate INBOX patch for Cyrus From
>>> http://email.uoa.gr/projects/cyrus/autocreate/
>>> Go to your cyrus installation root directory in my case
>>> /usr/local/src/cyrus/
>>> Apply patch to cyrus source with file   with
>>> cyrus-imapd-2.2.10-autocreate-0.1.diff  as under
>>> 
>>> patch -p0 < cyrus-imapd-2.2.10-autocreate-0.1.diff
>>> 
>>> The cyrus source of cyrus-imapd-2.2.10 will get patched stop master  and 
>>> saslauthd
>>> in my case /etc/init.d/cyrus stop
>>> 
>>> recompile cyrus
>>> 
>>> #cd cyrus-imapd-2.2.10
>>> #./configure \
>>> --with-sasl=/usr/local/lib \
>>> --with-perl \
>>> --with-auth=unix \
>>> --with-dbdir=/usr/local/bdb \
>>> --with-bdb-libdir=/usr/local/bdb/lib \
>>> --with-bdb-incdir=/usr/local/bdb/include \
>>> --with-openssl=/usr/local/ssl \
>>> --without-ucdsnmp \
>>> --with-cyrus-user=cyrus \
>>> --with-cyrus-group=mail \
>>> 
>>> #make
>>> #make depend
>>> #make install
>>> 
>>> Add following entries to /etc/imapd.conf
>>> 
>>> autocreateinboxfolders: sent-mail | Drafts | Templates | Trash
>>> autosubscribeinboxfolders: sent-mail | Drafts | Templates | Trash
>>> Also check for proper value of   autocreatequota:  in /etc/imapd.conf
>>> autocreatequota: 10000
>>> 
>>> restart master and saslauthd
>>> 
>>> /etc/init.d/cyrus start
>>> 
>>> now you can create user and whenever the user logs in with proper password 
>>> ,
>>> the mailbox is automatically created with default quota and the folders
>>> mentioned in imapd.conf
>>> 
>>> This has made me possible that at lease the work is not hampered
>>> 
>>> As far as the problen of  Permission Denied is considered it appears to be
>>> some problem in cyrus  .
>>> I am sure that there is no permission problem on my server as evertthing 
>>> was
>>> working fine on cyrus 2.0.16 and I do not see in any of documentation /
>>> mailing list that in cyrus-2.2.10 any permissions are changed
>>> 
>>> There is some problem how cyrus is working with virtual domain but in none
>>> of the server logs the problem is trapped
>>> I  hope some expert will definately look into this problem and help us
>>> Regards
>>> 
>>> AJIT
>>> 
>>> /
>>> 
>>> 
>>> Per olof Ljungmark wrote:
>>> 
>>> Hi,
>>> If you discover a solution to this problem I would be most grateful if you
>>> could let me know. I have fought this for a week now and did not yet
>>> understand what is going on...
>>> Thanks,
>>> Per olof
>>> ALD wrote:
>>> No I know about ACL but it is not problem related to ACL I again repeat 
>>> what is happening
>>> The server is running OK on around 1500 users I am able to log in to 
>>> cyradm through administrsative account If I try to create mail box I am 
>>> getting permission denied error If I try to issue any command on mailbox 
>>> then I am getting mailbox not found
>>> error even though mailbox is available
>>> Aldo all  programs when run as cyrus user from /usr/cyrus/bin/ are working
>>> OK
>>> It means I can reconstruct mailbox from shell prompt  in /usr/cyrus/bin/ 
>>> it
>>> ids working OK but If I try same in cyradm then I am getting permission
>>> denied error
>>> Please Give me some clue as I need to add some users and my work is stuck 
>>> up
>>> 
>>> 
>>> Regards ,
>>> AJIT
>>> Peter P. Benac wrote:
>>> 
>>> Set the ACL for whatever user you are using with cyradm on the mailbox you 
>>> want to modify or delete to the same ACL as the mail box owner.
>>> listacl mailbox setacl mailbox cyrususer acl
>>> FYI a search of the archives would have answered this for you  :)
>>> Regards, Pete ---- Peter P. Benac, CCNA Celtic Spirit Network Solutions 
>>> Providing Network and Systems Project Management and Installation and Web 
>>> Hosting. Phone: 919-618-2557 Web: http://www.emacolet.com Need quick 
>>> reliable Systems or Network Management advice visit 
>>> http://www.nmsusers.org
>>> To have principles...            First have courage.. With principles 
>>> comes integrity!!!
>>> 
>>> 
>>> 
>>> -----Original Message----- From: owner-info-cyrus at lists.andrew.cmu.edu 
>>> [mailto:owner-info-cyrus at lists.andrew.cmu.edu] On Behalf Of ALD Sent: 
>>> Friday, December 10, 2004 08:25 To: info-cyrus at lists.andrew.cmu.edu 
>>> Subject: NOT ABLE TO ADMINISTER MAIL BOXES WITH CYRUS-2.2.10
>>> 
>>> I was succesfully running cyrus-2.0.16 with sasl-2.1.10 and everything was
>>> working fine
>>> I have upgraded to cyrus-impad-2.2.10 and except cyrus administration part
>>> everything is fine If I administer cyrus though cyradm then I am able to 
>>> log in but I am
>>> getting Permission denied error I am not able to do anything with 
>>> mailboxes
>>> I have php based mail administration tool for cyrus but php is also 
>>> geeting
>>> error of unknown mailbox from cyrus
>>> 
>>> 
>>> 
>>> 
>>> --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: 
>>> http://cyruswiki.andrew.cmu.edu List Archives/Info: 
>>> http://asg.web.cmu.edu/cyrus/mailing-list.html
>>> 
>>> ---
>>> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>>> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>> 
>>> 
>> 
>> ---
>> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
>
>

-- 
Igor
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list