sieveshell uses global sieve folder when auth'ing as cyrus

[Dan White]

On 10/12/10 09:38 +0100, Stefan Jurisch wrote:
>Hello,
>
>I've got a weird problem with the timsieved of above mentioned version of cyrus.
>This cyrus is part of a so called Open-Xchange Appliance Edition (OXAE).
>First, everything was ok, but suddenly that problem appeared and I don't
>know, how to fix it:
>
>Whenever I use sieveshell to upload a script for a user without knowing
>his creds, I do as follows:
>
>	sieveshell --user user at domain.net --authname cyrus localhost
>
>The normal behaviour, which I know, is that I upload the script to the
>user's sieve directory. But in my installation, the script is stored
>into a global folder, and also a 'list' command shows up the contents of
>that one. Deleting the global folder is useless, because it is created
>again on next sieveshell login.
>
>This problem occured without anything changed in the config, or let me
>say: without any known change in the config. Additionally, the
>Open-Xchange support told me that this feature should not exist in the
>used cyrus version.
>
>Could anyone tell me, how to toggle (in this case: disable) this feature?

It sounds like you are authenticating or proxying as an admin, which would
explain what you're seeing.

I'd imagine that you are authenticating via a mechanism that does not
support proxy authentication. Try explicitly specifying PLAIN or
DIGEST-MD5. I don't see a way to specify the client mechanism via
sieveshell, so you may have to configure a list of proxyable mechanisms for
timsieved to offer.

Given a cyrus.conf entry of:

     sieve           cmd="timsieved" ...

Try this in imapd.conf:

sieve_sasl_mech_list: digest-md5 external gssapi plain srp

See:

http://www.cyrusimap.org/docs/cyrus-sasl/2.1.23/mechanisms.php

for a list of mechanisms which support proxy auth, and then verify which
plugins you have installed on your client and server systems with
pluginviewer/saslpluginviewer.

-- 
Dan White