Date: Mon, 3 Dec 2007 09:27:29 -0500 From: "David Robillard" <david.robillard@gmail.com> To: "Firas Kraiem" <fkraiem@free.fr> Subject: Re: Issues configuring cyrus-imapd Message-ID: <226ae0c60712030627xaa4cb43vb3f56384a1e74d72@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
> Greetings > > I'm trying to configure cyrus-imapd on a FreeBSD (6.2) mail server. The > only guide Google pointed me to is this one, who seems a bit outdated : > > http://www.soe.ucsc.edu/~venkat/tutorial1.html > > So I tried to follow it, making all the changes I could figure out. > First, I installed mail/cyrus-imapd23 instead of mail/cyrus-imapd2. The > first issue came when I su'd to the cyrus user and ran mkimap, where I > got a permissions problem : > > chown: ./socket/lmtp: Operation not permitted > > No big deal, I thought, and just chown'ed /var/imap/socket/ltmp to cyrus > as root. Everything else went fine, or at least seemed to, until I > created the password for cyrus using saslpasswd2. No error message, but > this apppears in my auth.log : > > saslpasswd2: sql_select option missing > saslpasswd2: auxpropfunc error no mechanism available > > And then, when I try to login using the command described in the guide, > I get : > > Please enter your password: > C: L01 LOGIN cyrus {1} > S: L01 NO Login only available under a layer > Authentication failed. generic failure > Security strength factor: 0 > > And the same thing than before in my auth.log : > > imap[53980]: sql_select option missing > imap[53980]: auxpropfunc error no mechanism available > > Any help to solve this would be greatly appreciated. > > Firas Hello Firas, Yes, unfortunately, the documentation on how to setup cyrus-imap is a bit scarce. That's one of the reasons I would advise you to dump cyrus-imap in favor of Dovecot. Unless of course you have to use cyrus-imap for whatever reason. We've switched from cyrus-imap to dovecot for our small site (~3000+ email accounts) and it's working like a charm. Just thought I'd let you know about an alternative. Now, going back to your cyrus-imap problem. It looks like you don't have any authentication mechanism in place. Have you install cyrus-sasl and cyrus-sasl-saslauthd ? If you haven't then you probably should. That's the way we had it working anyway. Here's my *very* brief notes on the topic: 1-- Install the cyrus-* ports. 2-- Configure sendmail to use SASLAUTH. These are the lines related to cyrus in my /etc/mail/`hostname`.mc file dnl # The AUTH mechanisms. See 24.9.5 as AuthMechanisms. dnl # For information on SASL, see 3.4.48 and these URL: dnl # http://www.iana.org/assignments/sasl-mechanisms dnl # http://www.sendmail.org/~ca/email/mel/SASL_info.html dnl # TRUST_AUTH_MECH(`PLAIN LOGIN CRAM-MD5 DIGEST-MD5')dnl define(`confAUTH_MECHANISMS',`PLAIN LOGIN CRAM-MD5 DIGEST-MD5')dnl dnl # confLOCAL_MAILER dnl # Define what is the local MAILER. dnl define(`confLOCAL_MAILER', `cyrusv2')dnl dnl # MAILER dnl # Setup various mailers. dnl MAILER(`cyrusv2')dnl MAILER(`local')dnl MAILER(`smtp')dnl 3 -- Make sure imap without SSL is running from /usr/local/etc/cyrus.conf. For some weird reason, I can't run cyradm over TLS. If you disable imap without SSL, you won't be able to login via cyradm. That was one problem I had and was not able to fix this. So I used pf to block all comms to the imap port unless it's coming from the localhost or the admin machines in our LAN. 4 -- Add the cyrus administrator's user & password. sudo saslpasswd2 cyrus 5 -- Create users. Here you must make sure your /usr/local/etc/imapd.conf has unixhierarchysep set to no (or comment-out). Otherwise you'll run into trouble if you use usernames such as david.robillard (i.e. the dot seperator). sudo su - cyrus cyradm localhost cyradm> cm user.username cyradm> exit # return to user cyrus. 6 -- As the cyrus user, set a password for user username saslpasswd2 username 7 -- Test the setup using IMAP over SSL. imtest -v -a username -u username -s localhost NOTE -- Deleting a Mailbox or Removing a User NOTE: Administrators do not have delete rights on mailboxes by default. So you must give yourself the right to do so before trying to delete the mailbox. sudo su - cyrus cyradmin localhost localhost> sam user.johndoe cyrus all localhost> dm user.johndoe There, that's about what I can tell you about this. Now you have a few changes to do in syslog.conf(5). Here's how I've configured mine (those are the LAST lines in the file) !saslauthd *.* /var/log/saslauthd.log !ctl_cyrusdb *.* /var/log/cyrus.log !cyr_expire *.* /var/log/cyrus.log !master *.* /var/log/cyrus.log !imaps *.* /var/log/cyrus.log !lmtpunix *.* /var/log/cyrus.log !tls_prune *.* /var/log/cyrus.log Then tell newsyslog.conf(5) about these files. /var/log/saslauthd.log 640 5 1024 * J /var/log/cyrus.log 640 5 1024 * J Of course, you must change rc.conf(5) too: cyrus_imapd_enable="YES" # Enable imapd(8). cyrus_imapd_flags="-d" # Flags to imapd program. saslauthd_enable="YES" # Enable saslauthd(8) (or NO). If you need more detailed info, I can send you my cyrus.conf(5) and imap.conf(5) files. As you can see, it's quite a lot more complicated then with Dovecot :) HTH, David -- David Robillard UNIX systems administrator & Oracle DBA CISSP, RHCE & Sun Certified Security Administrator Montreal: +1 514 966 0122
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?226ae0c60712030627xaa4cb43vb3f56384a1e74d72>