Jean-Christophe Delaye
2018-06-01 16:03:51 UTC
Dear all,
I'm trying to complete setup Cyrus Murder : 1 frontend with mupdate and
1 backend (initial config).
Machines are running Solaris 11.3 (for ZFS, HA clustering and zone
capabilities), SASL 2.1.27(rc8) and Cyrus 3.0.7.
Services seems running fine on both master/frontend (hostname cassandra)
and backend (hostname imap1).
I can create mailboxes on backend and location is maintained on the
mupdate server.
Backend#
***@imap1:# ./ctl_mboxlist -C /global/cyrus1/etc/imapd.conf -d
user.delaye 0 default delaye lrswipkxtecdan
user.delaye.INBOX.JCD 0 default delaye lrswipkxtecdan
user.delaye.Trash 0 default delaye lrswipkxtecdan
user.standard 0 default standard lrswipkxtecdan delaye
lrswipkxtecdan titi lrswipkxtecdan
user.standart 0 default standart lrswipkxtecdan
Master#
[***@cassandra sbin]# ./ctl_mboxlist -C /global/cyrus/etc/imapd.conf -d
user.delaye 1 imap1.eurecom.fr!default delaye lrswipkxtecdan
user.delaye.INBOX.JCD 1 imap1.eurecom.fr!default delaye
lrswipkxtecdan
user.delaye.Trash 1 imap1.eurecom.fr!default delaye
lrswipkxtecdan
user.standard 1 imap1.eurecom.fr!default standard lrswipkxtecdan
delaye lrswipkxtecdan titi lrswipkxtecdan
user.standart 1 imap1.eurecom.fr!default standart lrswipkxtecdan
From client, connection to backend is ok
# telnet imap1 imap
Trying 192.168.106.208...
Connected to imap1.eurecom.fr.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE
MUPDATE=mupdate://cassandra.eurecom.fr/ STARTTLS AUTH=PLAIN SASL-IR]
imap1.eurecom.fr Cyrus IMAP 3.0.7 server ready
001 login standard XXXXXXX
001 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA
MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN
MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SEARCH=FUZZY SORT
SORT=MODSEQ SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT
THREAD=REFERENCES THREAD=REFS ANNOTATEMORE ANNOTATE-EXPERIMENT-1
METADATA LIST-EXTENDED LIST-STATUS LIST-MYRIGHTS LIST-METADATA WITHIN
QRESYNC SCAN XLIST XMOVE MOVE SPECIAL-USE CREATE-SPECIAL-USE DIGEST=SHA1
X-REPLICATION URLAUTH URLAUTH=BINARY
MUPDATE=mupdate://cassandra.eurecom.fr/ LOGINDISABLED COMPRESS=DEFLATE
X-QUOTA=STORAGE X-QUOTA=MESSAGE X-QUOTA=X-ANNOTATION-STORAGE
X-QUOTA=X-NUM-FOLDERS IDLE] User logged in
SESSIONID=<cyrus1-11584-1527864026-1-553541307793954667>
A001 SELECT INBOX
* 0 EXISTS
* 0 RECENT
* FLAGS (\Answered \Flagged \Draft \Deleted \Seen)
* OK [PERMANENTFLAGS (\Answered \Flagged \Draft \Deleted \Seen \*)] Ok
* OK [UIDVALIDITY 1527674348] Ok
* OK [UIDNEXT 1] Ok
* OK [HIGHESTMODSEQ 3] Ok
* OK [URLMECH INTERNAL] Ok
* OK [ANNOTATIONS 65536] Ok
A001 OK [READ-WRITE] Completed
The problem seems to be the proxy connections through frontend to the
server with a backend role.
The frontend is forwarding the imap requests to the backend using
proxy_authname username
saslauthd[18753] :auth success: [user=mailproxy] [service=imap] [realm=]
[mech=shadow]
From client(s), connection to frontend is the issue
001 login standard xxxxxxx
001 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA
MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN
MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SEARCH=FUZZY SORT
SORT=MODSEQ SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT
THREAD=REFERENCES THREAD=REFS ANNOTATEMORE ANNOTATE-EXPERIMENT-1
METADATA LIST-EXTENDED LIST-STATUS LIST-MYRIGHTS LIST-METADATA WITHIN
QRESYNC SCAN XLIST XMOVE MOVE SPECIAL-USE CREATE-SPECIAL-USE DIGEST=SHA1
X-REPLICATION URLAUTH URLAUTH=BINARY
MUPDATE=mupdate://cassandra.eurecom.fr/ LOGINDISABLED COMPRESS=DEFLATE
X-QUOTA=STORAGE X-QUOTA=MESSAGE X-QUOTA=X-ANNOTATION-STORAGE
X-QUOTA=X-NUM-FOLDERS IDLE] User logged in
SESSIONID=<cyrus-17553-1527863251-1-12888262518610106734>
Once I get connected and authenticated, I launch the command
“select inbox”, but I receive the message
A001 SELECT INBOX
A001 NO Server(s) unavailable to complete operation
In the log files there is an error from both frontend and backend
From frontend:
cassandra cyrus/imap[19868]:
couldn't authenticate to backend server: authentication failure
From backend:
imap1 cyrus1/master
about to exec /opt/cyrus-imapd_3.0.7-cyrus1/libexec/imapd
imap1 cyrus1/imap[11632]: SASL could not find auxprop plugin, was
searching for '[all]'
badlogin: cassandra.eurecom.fr [192.168.106.61] PLAIN [SASL(-4): no
mechanism available: Password verification failed]
It seems to me that the imap process on the backend is unable to use the
correct sasl authentication library. (I've compiled imapd with standard
dynamic sasl).
Any help would be appreciated. I have spent several days working in
this problem without getting any progress at all.
Here are my configuration files (cyr_info conf)
On the backend:
admins: cyrus1 cyrus postman
allowallsubscribe: yes
allowplaintext: yes
allowusermoves: yes
auditlog: yes
configdirectory: /global/cyrus1/var/mail
defaultpartition: default
duplicate_db_path: /var/run/cyrus1/deliver.db
hashimapspool: yes
debug: yes
httpmodules: caldav carddav
idlesocket: /var/run/cyrus1/idle
mboxname_lockpath: /var/run/cyrus1_lock
mupdate_authname: postman
mupdate_password: xxxxxxx
mupdate_server: cassandra.eurecom.fr
mupdate_username: postman
popminpoll: 1
proc_path: /var/run/cyrus1_proc
proxy_authname: mailproxy
proxy_password: yyyyyyyy
proxyservers: mailproxy cyrus1 cyrus
ptscache_db_path: /var/run/cyrus1/ptscache.db
servername: imap1.eurecom.fr
sievedir: /global/cyrus1/var/sieve
statuscache_db_path: /var/run/cyrus1/statuscache.db
syslog_prefix: cyrus1
tls_sessions_db_path: /var/run/cyrus1/tls_sessions.db
sasl_saslauthd_path: /global/cyrus1/var/state/saslauthd/mux
sasl_mech_list: plain
sasl_auto_transition: no
sasl_pwcheck_method: saslauthd
partition-default: /global/cyrus1/mail
lmtp_admins: mailproxy cyrus1 cyrus
on the frontend/mupdate master:
admins: cyrus cyrus1 postman
allowallsubscribe: yes
allowplaintext: yes
allowusermoves: yes
auditlog: yes
configdirectory: /global/cyrus/var/mail
defaultpartition: default
duplicate_db_path: /var/run/cyrus/deliver.db
force_sasl_client_mech: PLAIN
hashimapspool: yes
debug: yes
httpmodules: caldav carddav
idlesocket: /var/run/cyrus/idle
mboxname_lockpath: /var/run/cyrus_lock
mupdate_authname: postman
mupdate_password: xxxxxxx
mupdate_server: cassandra.eurecom.fr
mupdate_username: postman
popminpoll: 1
proc_path: /var/run/cyrus_proc
proxy_authname: mailproxy
proxy_password: yyyyyyyyy
ptscache_db_path: /var/run/cyrus/ptscache.db
servername: cassandra.eurecom.fr
sievedir: /global/cyrus/var/sieve
statuscache_db_path: /var/run/cyrus/statuscache.db
syslog_prefix: cyrus
cassandra_mechs: PLAIN
sasl_saslauthd_path: /global/cyrus/var/state/saslauthd/mux
imap1_mechs: PLAIN
sasl_mech_list: plain
sasl_auto_transition: no
sasl_pwcheck_method: saslauthd
partition-default: /global/cyrus/mail
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman
I'm trying to complete setup Cyrus Murder : 1 frontend with mupdate and
1 backend (initial config).
Machines are running Solaris 11.3 (for ZFS, HA clustering and zone
capabilities), SASL 2.1.27(rc8) and Cyrus 3.0.7.
Services seems running fine on both master/frontend (hostname cassandra)
and backend (hostname imap1).
I can create mailboxes on backend and location is maintained on the
mupdate server.
Backend#
***@imap1:# ./ctl_mboxlist -C /global/cyrus1/etc/imapd.conf -d
user.delaye 0 default delaye lrswipkxtecdan
user.delaye.INBOX.JCD 0 default delaye lrswipkxtecdan
user.delaye.Trash 0 default delaye lrswipkxtecdan
user.standard 0 default standard lrswipkxtecdan delaye
lrswipkxtecdan titi lrswipkxtecdan
user.standart 0 default standart lrswipkxtecdan
Master#
[***@cassandra sbin]# ./ctl_mboxlist -C /global/cyrus/etc/imapd.conf -d
user.delaye 1 imap1.eurecom.fr!default delaye lrswipkxtecdan
user.delaye.INBOX.JCD 1 imap1.eurecom.fr!default delaye
lrswipkxtecdan
user.delaye.Trash 1 imap1.eurecom.fr!default delaye
lrswipkxtecdan
user.standard 1 imap1.eurecom.fr!default standard lrswipkxtecdan
delaye lrswipkxtecdan titi lrswipkxtecdan
user.standart 1 imap1.eurecom.fr!default standart lrswipkxtecdan
From client, connection to backend is ok
# telnet imap1 imap
Trying 192.168.106.208...
Connected to imap1.eurecom.fr.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE
MUPDATE=mupdate://cassandra.eurecom.fr/ STARTTLS AUTH=PLAIN SASL-IR]
imap1.eurecom.fr Cyrus IMAP 3.0.7 server ready
001 login standard XXXXXXX
001 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA
MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN
MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SEARCH=FUZZY SORT
SORT=MODSEQ SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT
THREAD=REFERENCES THREAD=REFS ANNOTATEMORE ANNOTATE-EXPERIMENT-1
METADATA LIST-EXTENDED LIST-STATUS LIST-MYRIGHTS LIST-METADATA WITHIN
QRESYNC SCAN XLIST XMOVE MOVE SPECIAL-USE CREATE-SPECIAL-USE DIGEST=SHA1
X-REPLICATION URLAUTH URLAUTH=BINARY
MUPDATE=mupdate://cassandra.eurecom.fr/ LOGINDISABLED COMPRESS=DEFLATE
X-QUOTA=STORAGE X-QUOTA=MESSAGE X-QUOTA=X-ANNOTATION-STORAGE
X-QUOTA=X-NUM-FOLDERS IDLE] User logged in
SESSIONID=<cyrus1-11584-1527864026-1-553541307793954667>
A001 SELECT INBOX
* 0 EXISTS
* 0 RECENT
* FLAGS (\Answered \Flagged \Draft \Deleted \Seen)
* OK [PERMANENTFLAGS (\Answered \Flagged \Draft \Deleted \Seen \*)] Ok
* OK [UIDVALIDITY 1527674348] Ok
* OK [UIDNEXT 1] Ok
* OK [HIGHESTMODSEQ 3] Ok
* OK [URLMECH INTERNAL] Ok
* OK [ANNOTATIONS 65536] Ok
A001 OK [READ-WRITE] Completed
The problem seems to be the proxy connections through frontend to the
server with a backend role.
The frontend is forwarding the imap requests to the backend using
proxy_authname username
saslauthd[18753] :auth success: [user=mailproxy] [service=imap] [realm=]
[mech=shadow]
From client(s), connection to frontend is the issue
001 login standard xxxxxxx
001 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA
MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN
MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SEARCH=FUZZY SORT
SORT=MODSEQ SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT
THREAD=REFERENCES THREAD=REFS ANNOTATEMORE ANNOTATE-EXPERIMENT-1
METADATA LIST-EXTENDED LIST-STATUS LIST-MYRIGHTS LIST-METADATA WITHIN
QRESYNC SCAN XLIST XMOVE MOVE SPECIAL-USE CREATE-SPECIAL-USE DIGEST=SHA1
X-REPLICATION URLAUTH URLAUTH=BINARY
MUPDATE=mupdate://cassandra.eurecom.fr/ LOGINDISABLED COMPRESS=DEFLATE
X-QUOTA=STORAGE X-QUOTA=MESSAGE X-QUOTA=X-ANNOTATION-STORAGE
X-QUOTA=X-NUM-FOLDERS IDLE] User logged in
SESSIONID=<cyrus-17553-1527863251-1-12888262518610106734>
Once I get connected and authenticated, I launch the command
“select inbox”, but I receive the message
A001 SELECT INBOX
A001 NO Server(s) unavailable to complete operation
In the log files there is an error from both frontend and backend
From frontend:
cassandra cyrus/imap[19868]:
couldn't authenticate to backend server: authentication failure
From backend:
imap1 cyrus1/master
about to exec /opt/cyrus-imapd_3.0.7-cyrus1/libexec/imapd
imap1 cyrus1/imap[11632]: SASL could not find auxprop plugin, was
searching for '[all]'
badlogin: cassandra.eurecom.fr [192.168.106.61] PLAIN [SASL(-4): no
mechanism available: Password verification failed]
It seems to me that the imap process on the backend is unable to use the
correct sasl authentication library. (I've compiled imapd with standard
dynamic sasl).
Any help would be appreciated. I have spent several days working in
this problem without getting any progress at all.
Here are my configuration files (cyr_info conf)
On the backend:
admins: cyrus1 cyrus postman
allowallsubscribe: yes
allowplaintext: yes
allowusermoves: yes
auditlog: yes
configdirectory: /global/cyrus1/var/mail
defaultpartition: default
duplicate_db_path: /var/run/cyrus1/deliver.db
hashimapspool: yes
debug: yes
httpmodules: caldav carddav
idlesocket: /var/run/cyrus1/idle
mboxname_lockpath: /var/run/cyrus1_lock
mupdate_authname: postman
mupdate_password: xxxxxxx
mupdate_server: cassandra.eurecom.fr
mupdate_username: postman
popminpoll: 1
proc_path: /var/run/cyrus1_proc
proxy_authname: mailproxy
proxy_password: yyyyyyyy
proxyservers: mailproxy cyrus1 cyrus
ptscache_db_path: /var/run/cyrus1/ptscache.db
servername: imap1.eurecom.fr
sievedir: /global/cyrus1/var/sieve
statuscache_db_path: /var/run/cyrus1/statuscache.db
syslog_prefix: cyrus1
tls_sessions_db_path: /var/run/cyrus1/tls_sessions.db
sasl_saslauthd_path: /global/cyrus1/var/state/saslauthd/mux
sasl_mech_list: plain
sasl_auto_transition: no
sasl_pwcheck_method: saslauthd
partition-default: /global/cyrus1/mail
lmtp_admins: mailproxy cyrus1 cyrus
on the frontend/mupdate master:
admins: cyrus cyrus1 postman
allowallsubscribe: yes
allowplaintext: yes
allowusermoves: yes
auditlog: yes
configdirectory: /global/cyrus/var/mail
defaultpartition: default
duplicate_db_path: /var/run/cyrus/deliver.db
force_sasl_client_mech: PLAIN
hashimapspool: yes
debug: yes
httpmodules: caldav carddav
idlesocket: /var/run/cyrus/idle
mboxname_lockpath: /var/run/cyrus_lock
mupdate_authname: postman
mupdate_password: xxxxxxx
mupdate_server: cassandra.eurecom.fr
mupdate_username: postman
popminpoll: 1
proc_path: /var/run/cyrus_proc
proxy_authname: mailproxy
proxy_password: yyyyyyyyy
ptscache_db_path: /var/run/cyrus/ptscache.db
servername: cassandra.eurecom.fr
sievedir: /global/cyrus/var/sieve
statuscache_db_path: /var/run/cyrus/statuscache.db
syslog_prefix: cyrus
cassandra_mechs: PLAIN
sasl_saslauthd_path: /global/cyrus/var/state/saslauthd/mux
imap1_mechs: PLAIN
sasl_mech_list: plain
sasl_auto_transition: no
sasl_pwcheck_method: saslauthd
partition-default: /global/cyrus/mail
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman