sieveshell uses global sieve folder when auth'ing as cyrus

Kenneth Marshall ktm at rice.edu
Fri Dec 10 10:08:51 EST 2010


On Fri, Dec 10, 2010 at 09:00:31AM -0600, Dan White wrote:
> On 10/12/10?09:38?+0100, Stefan Jurisch wrote:
> >Hello,
> >
> >I've got a weird problem with the timsieved of above mentioned version of cyrus.
> >This cyrus is part of a so called Open-Xchange Appliance Edition (OXAE).
> >First, everything was ok, but suddenly that problem appeared and I don't
> >know, how to fix it:
> >
> >Whenever I use sieveshell to upload a script for a user without knowing
> >his creds, I do as follows:
> >
> >	sieveshell --user user at domain.net --authname cyrus localhost
> >
> >The normal behaviour, which I know, is that I upload the script to the
> >user's sieve directory. But in my installation, the script is stored
> >into a global folder, and also a 'list' command shows up the contents of
> >that one. Deleting the global folder is useless, because it is created
> >again on next sieveshell login.
> >
> >This problem occured without anything changed in the config, or let me
> >say: without any known change in the config. Additionally, the
> >Open-Xchange support told me that this feature should not exist in the
> >used cyrus version.
> >
> >Could anyone tell me, how to toggle (in this case: disable) this feature?
> 
> It sounds like you are authenticating or proxying as an admin, which would
> explain what you're seeing.
> 
> I'd imagine that you are authenticating via a mechanism that does not
> support proxy authentication. Try explicitly specifying PLAIN or
> DIGEST-MD5. I don't see a way to specify the client mechanism via
> sieveshell, so you may have to configure a list of proxyable mechanisms for
> timsieved to offer.
> 
> Given a cyrus.conf entry of:
> 
>      sieve           cmd="timsieved" ...
> 
> Try this in imapd.conf:
> 
> sieve_sasl_mech_list: digest-md5 external gssapi plain srp
> 
> See:
> 
> http://www.cyrusimap.org/docs/cyrus-sasl/2.1.23/mechanisms.php
> 
> for a list of mechanisms which support proxy auth, and then verify which
> plugins you have installed on your client and server systems with
> pluginviewer/saslpluginviewer.
> 
> -- 
> Dan White

We had this problem and it was caused by being in the sieve_admins
list in the imapd.conf file on the same server as your actual
mailbox. Removing your account from the sieve_admins list and
putting it on the sieve_proxyservers list fixed the problem and
allowed it to work as we (and you) expected.

Cheers,
Ken


More information about the Info-cyrus mailing list