From owner-freebsd-questions@FreeBSD.ORG Mon Dec 3 14:27:31 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 396BB16A468 for ; Mon, 3 Dec 2007 14:27:31 +0000 (UTC) (envelope-from david.robillard@gmail.com) Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.187]) by mx1.freebsd.org (Postfix) with ESMTP id A23CC13C469 for ; Mon, 3 Dec 2007 14:27:29 +0000 (UTC) (envelope-from david.robillard@gmail.com) Received: by rv-out-0910.google.com with SMTP id l15so2822220rvb for ; Mon, 03 Dec 2007 06:27:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; bh=YWe1UcenbVPvGSRmDtKNHU4YZK39I6J+GGJk0Gr/L2o=; b=xYTPefC/WbcyxzyCdg4n/yQ71fdmN+BErHuh2EMRI5KZuAtLNIPh7XwhEi8Ch41fAtvIL37BJoyRK+C75Gt23erObEyzPZRh7BqGm8SFfNxDtpcX7nIUxtywVsf9ycE+Pfv6TnjyxxzqzlYKWtbITEscE3tQ8R/3o4TIGrz4wHc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=oVrU4m03LQOC88zxchUGeEOumhVpojhcSlacOIh2xcK4ZQQoBkVEMEjONz4yjJz2f2EusnnoFdVATyBMcMH1p/7axDBLLmbkM3sBOyK5/63jogH8GIPXE5+Lir99/sMVkb41ENWiCNIhs1YkSULGH0Z+LXENkGqhexW2vw4l4U0= Received: by 10.141.15.19 with SMTP id s19mr5643272rvi.1196692049341; Mon, 03 Dec 2007 06:27:29 -0800 (PST) Received: by 10.141.186.16 with HTTP; Mon, 3 Dec 2007 06:27:29 -0800 (PST) Message-ID: <226ae0c60712030627xaa4cb43vb3f56384a1e74d72@mail.gmail.com> Date: Mon, 3 Dec 2007 09:27:29 -0500 From: "David Robillard" To: "Firas Kraiem" MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Mailman-Approved-At: Mon, 03 Dec 2007 16:18:36 +0000 Cc: Subject: Re: Issues configuring cyrus-imapd X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Dec 2007 14:27:31 -0000 > Greetings > > I'm trying to configure cyrus-imapd on a FreeBSD (6.2) mail server. The > only guide Google pointed me to is this one, who seems a bit outdated : > > http://www.soe.ucsc.edu/~venkat/tutorial1.html > > So I tried to follow it, making all the changes I could figure out. > First, I installed mail/cyrus-imapd23 instead of mail/cyrus-imapd2. The > first issue came when I su'd to the cyrus user and ran mkimap, where I > got a permissions problem : > > chown: ./socket/lmtp: Operation not permitted > > No big deal, I thought, and just chown'ed /var/imap/socket/ltmp to cyrus > as root. Everything else went fine, or at least seemed to, until I > created the password for cyrus using saslpasswd2. No error message, but > this apppears in my auth.log : > > saslpasswd2: sql_select option missing > saslpasswd2: auxpropfunc error no mechanism available > > And then, when I try to login using the command described in the guide, > I get : > > Please enter your password: > C: L01 LOGIN cyrus {1} > S: L01 NO Login only available under a layer > Authentication failed. generic failure > Security strength factor: 0 > > And the same thing than before in my auth.log : > > imap[53980]: sql_select option missing > imap[53980]: auxpropfunc error no mechanism available > > Any help to solve this would be greatly appreciated. > > Firas Hello Firas, Yes, unfortunately, the documentation on how to setup cyrus-imap is a bit scarce. That's one of the reasons I would advise you to dump cyrus-imap in favor of Dovecot. Unless of course you have to use cyrus-imap for whatever reason. We've switched from cyrus-imap to dovecot for our small site (~3000+ email accounts) and it's working like a charm. Just thought I'd let you know about an alternative. Now, going back to your cyrus-imap problem. It looks like you don't have any authentication mechanism in place. Have you install cyrus-sasl and cyrus-sasl-saslauthd ? If you haven't then you probably should. That's the way we had it working anyway. Here's my *very* brief notes on the topic: 1-- Install the cyrus-* ports. 2-- Configure sendmail to use SASLAUTH. These are the lines related to cyrus in my /etc/mail/`hostname`.mc file dnl # The AUTH mechanisms. See 24.9.5 as AuthMechanisms. dnl # For information on SASL, see 3.4.48 and these URL: dnl # http://www.iana.org/assignments/sasl-mechanisms dnl # http://www.sendmail.org/~ca/email/mel/SASL_info.html dnl # TRUST_AUTH_MECH(`PLAIN LOGIN CRAM-MD5 DIGEST-MD5')dnl define(`confAUTH_MECHANISMS',`PLAIN LOGIN CRAM-MD5 DIGEST-MD5')dnl dnl # confLOCAL_MAILER dnl # Define what is the local MAILER. dnl define(`confLOCAL_MAILER', `cyrusv2')dnl dnl # MAILER dnl # Setup various mailers. dnl MAILER(`cyrusv2')dnl MAILER(`local')dnl MAILER(`smtp')dnl 3 -- Make sure imap without SSL is running from /usr/local/etc/cyrus.conf. For some weird reason, I can't run cyradm over TLS. If you disable imap without SSL, you won't be able to login via cyradm. That was one problem I had and was not able to fix this. So I used pf to block all comms to the imap port unless it's coming from the localhost or the admin machines in our LAN. 4 -- Add the cyrus administrator's user & password. sudo saslpasswd2 cyrus 5 -- Create users. Here you must make sure your /usr/local/etc/imapd.conf has unixhierarchysep set to no (or comment-out). Otherwise you'll run into trouble if you use usernames such as david.robillard (i.e. the dot seperator). sudo su - cyrus cyradm localhost cyradm> cm user.username cyradm> exit # return to user cyrus. 6 -- As the cyrus user, set a password for user username saslpasswd2 username 7 -- Test the setup using IMAP over SSL. imtest -v -a username -u username -s localhost NOTE -- Deleting a Mailbox or Removing a User NOTE: Administrators do not have delete rights on mailboxes by default. So you must give yourself the right to do so before trying to delete the mailbox. sudo su - cyrus cyradmin localhost localhost> sam user.johndoe cyrus all localhost> dm user.johndoe There, that's about what I can tell you about this. Now you have a few changes to do in syslog.conf(5). Here's how I've configured mine (those are the LAST lines in the file) !saslauthd *.* /var/log/saslauthd.log !ctl_cyrusdb *.* /var/log/cyrus.log !cyr_expire *.* /var/log/cyrus.log !master *.* /var/log/cyrus.log !imaps *.* /var/log/cyrus.log !lmtpunix *.* /var/log/cyrus.log !tls_prune *.* /var/log/cyrus.log Then tell newsyslog.conf(5) about these files. /var/log/saslauthd.log 640 5 1024 * J /var/log/cyrus.log 640 5 1024 * J Of course, you must change rc.conf(5) too: cyrus_imapd_enable="YES" # Enable imapd(8). cyrus_imapd_flags="-d" # Flags to imapd program. saslauthd_enable="YES" # Enable saslauthd(8) (or NO). If you need more detailed info, I can send you my cyrus.conf(5) and imap.conf(5) files. As you can see, it's quite a lot more complicated then with Dovecot :) HTH, David -- David Robillard UNIX systems administrator & Oracle DBA CISSP, RHCE & Sun Certified Security Administrator Montreal: +1 514 966 0122