Woohoo! It works! Thanks Mike!!!
Yes I sure did. That was causing me the problem. When I fixed it then
SMTP-AUTH went broken until I remembered to turn off the postfix
setting of:

#smtpd_sasl_local_domain = $mydomain

Now I can authenticate on both sides with just username (no @ or domain
required!)

The only remaining issue that I can see is that a couple of my IMAP
subfolders for the "test" user are slow or cause disconnects to the IMAP
server. INBOX is always fine. SENT seems fine. It is Drafts and Trash
that seem to time out occasionally. I have looked at the ACLs but see
no problems.

I am off to do some searching through the mailing lists for more info or
a doc on troubleshooting subfolders. Once again Mike, I *REALLY*
appreciate your help with this! You saved the day! :-)

-trichard


---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

--snip!--
bits)
SASL-IR
that
mail
"post"
Hi trichard,

I got my "-a" and "-u" parameters mixed up. It must have been late when
I wrote that one!

If you use
imtest -u test -a ***@mydomain.com -m plain -t '' localhost

I bet it will let you select your inbox.

Is your machine's name post.mydomain.com? Did you create the test user
like this?:
saslpasswd2 -c -u mydomain.com test

If so, create the user without using the "-u" option, or create it with
"-u post.mydomain.com". This should let you put a username of "test" in
Outlook Depress (or whatever MUA you are using), as well as using "test"
for both the "-u" and "-a" arguments for imtest.

Mike.

---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Hi Mike,
This results in an "Authentication Failure" with no prompt for a
password. If I put -m plain in front of localhost it does prompt me for
password, but still fails:

[***@post etc]# imtest -u ***@domain.com -a ***@domain.com -t '' -m
plain localhost
S: * OK post.domain.com Cyrus IMAP4 v2.2.3 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
STARTTLS AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR
S: C01 OK Completed
C: S01 STARTTLS
S: S01 OK Begin TLS negotiation now
verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher DES-CBC3-SHA (168/168 bits)
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
AUTH=GSSAPI AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR
S: C01 OK Completed
Please enter your password:
C: A01 AUTHENTICATE PLAIN
dGVzdEBzYXBlcmVvbi5jb20AdGVzdEBzYXBlcmVvbi5jb20AdGVzdDEyMw==
S: A01 NO authentication failure
Authentication failed. generic failure
Security strength factor: 168
Didn't get authenticated so was never prompted for this unfortunately.
Yep it sure did! :-)
Same as above with this one. Without the "-m plain" in front of
localhost it fails outright. If I use "-m plain" before localhost I get
prompted for my password, but it still fails:

[***@post etc]# imtest -u ***@domain.com -a test -t '' -m plain localhost
S: * OK post.domain.com Cyrus IMAP4 v2.2.3 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
STARTTLS AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR
S: C01 OK Completed
C: S01 STARTTLS
S: S01 OK Begin TLS negotiation now
verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher DES-CBC3-SHA (168/168 bits)
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
AUTH=GSSAPI AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR
S: C01 OK Completed
Please enter your password:
C: A01 AUTHENTICATE PLAIN dGVzdEBzYXBlcmVvbi5jb20AdGVzdAB0ZXN0MTIz
S: A01 NO user not found
Authentication failed. generic failure
Security strength factor: 168
OK, here are the results after adding that entry to imapd.conf. Note
that I had to insert the "-m plain" here as well or it would fail
outright. The last one worked, but I got the same "Invalid mailbox" error:

IMAPD.CONF
-----------
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: cyrus root
allowanonymouslogin: no
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: sasldb
tls_cert_file: /var/imap/server.pem
tls_key_file: /var/imap/server.pem
tls_session_timeout: 0
loginrealms: post.domain.com domain.com

==================================

[***@post etc]# imtest -u ***@domain.com -a test -t '' -m plain
localhost S: * OK post.domain.com Cyrus IMAP4 v2.2.3 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
STARTTLS AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR
S: C01 OK Completed
C: S01 STARTTLS
S: S01 OK Begin TLS negotiation now
verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher DES-CBC3-SHA (168/168 bits)
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
AUTH=GSSAPI AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR
S: C01 OK Completed
Please enter your password:
C: A01 AUTHENTICATE PLAIN dGVzdEBzYXBlcmVvbi5jb20AdGVzdAB0ZXN0MTIz
S: A01 NO user not found
Authentication failed. generic failure
Security strength factor: 168

==================================

[***@post etc]# imtest -u ***@domain.com -a ***@domain.com -t '' -m
plain localhost
S: * OK post.domain.com Cyrus IMAP4 v2.2.3 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
STARTTLS AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR
S: C01 OK Completed
C: S01 STARTTLS
S: S01 OK Begin TLS negotiation now
verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher DES-CBC3-SHA (168/168 bits)
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
AUTH=GSSAPI AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR
S: C01 OK Completed
Please enter your password:
C: A01 AUTHENTICATE PLAIN
dGVzdEBzYXBlcmVvbi5jb20AdGVzdEBzYXBlcmVvbi5jb20AdGVzdDEyMw==
S: A01 OK Success (tls protection)
Authenticated.
Security strength factor: 168
A01 select inbox
A01 NO Invalid mailbox name

==================================

So the last one here worked...sort of. I am getting the same error that
I am in the email client (i.e. Invalid mailbox name). It's odd because:

[***@post etc]# ls -latr /var/spool/imap/user/test
total 20
-rw------- 1 cyrus mail 76 Feb 17 09:16 cyrus.index
-rw------- 1 cyrus mail 4 Feb 17 09:16 cyrus.cache
drwx------ 3 cyrus mail 4096 Feb 17 09:16 ..
-rw------- 1 cyrus mail 159 Feb 17 09:16 cyrus.header
drwx------ 2 cyrus mail 4096 Feb 17 10:15 .

[***@post etc]# sasldblistusers2
***@domain.com: userPassword
***@post.domain.com: userPassword

NOTE: This does bring up an interesting question though:

I created the cyrus user as follows:

saslpasswd2 -c -u post.mydomain.com cyrus

A sasldblistusers2 shows:

***@mydomain.com: userPassword
***@post.mydomain.com: userPassword

NOTE: The user "test" in this case would be indicative of a normal mail
user. Cyrus of course is for administration purposes.

Does this look right? I am concerned that including the hostname "post"
in the realm for the cyrus user and NOT including it in the realm for
the test user will cause problems when creating mailboxes, etc. Should
the administrator for cyrus (i.e. user cyrus) by in the same realm as
the users or hostname.realm?

Thanks again for all the help...I am supposed to complete this project
today and am doing everything I can to figure this out in between your
posts.

Thanks!!!

-trichard


---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

password.
bits)
SASL-IR
Hi again, trichard,

<Preliminary note:> first try below with things as-is. Then try adding
the following line to /etc/imapd.conf:
loginrealms: post.mydomain.com mydomain.com

restarting the cyrus master process after changing /etc/imapd.conf.
</Preliminary Note:>

First, try:
imtest -u ***@mydomain.com -a ***@mydomain.com -t '' localhost

and try the imap command
A01 select inbox

If I understand your setup correctly, this should fail.

Then try
imtest -u ***@mydomain.com -a test -t '' localhost

and then try the imap command above. I suspect that this should succeed
(not sure whether it would be before or after modifying
/etc/imapd.conf!).

Mike.
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

(just a few guesses, really):

Perhaps your IMAP prefix in the client isn't set correctly? Most figure
it out correctly by themselves, but if you've manually set it it could
be incorrect.

Also - are you using virtual domains? I don't use them myself, but from
list traffic it looks like mailboxes in virtual domains must be named
differently.

Try using imtest to thrash things out, and only once that works try a
normal mail client.

Craig Ringer

---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

[***@post root]# imtest -u test -a test -t '' localhost
S: * OK post.domain.com Cyrus IMAP4 v2.2.3 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
STARTTLS AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR
S: C01 OK Completed
C: S01 STARTTLS
S: S01 OK Begin TLS negotiation now
verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher DES-CBC3-SHA (168/168 bits)
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
AUTH=GSSAPI AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR
S: C01 OK Completed
Authentication failed. generic failure
Security strength factor: 168
[***@post root]# imtest -u test -a test -t '' -m plain localhost
S: * OK post.domain.com Cyrus IMAP4 v2.2.3 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
STARTTLS AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR
S: C01 OK Completed
C: S01 STARTTLS
S: S01 OK Begin TLS negotiation now
verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher DES-CBC3-SHA (168/168 bits)
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
AUTH=GSSAPI AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR
S: C01 OK Completed
Please enter your password:
C: A01 AUTHENTICATE PLAIN dGVzdAB0ZXN0AHRlc3QxMjM=
S: A01 NO user not found
Authentication failed. generic failure
Security strength factor: 168
/ETC/IMAPD.CONF
-----------------
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: cyrus root
allowanonymouslogin: no
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: sasldb
tls_cert_file: /var/imap/server.pem
tls_key_file: /var/imap/server.pem
tls_session_timeout: 0

============================

[***@post root]# imtest -u test -a test -t '' localhost
S: * OK post.domain.com Cyrus IMAP4 v2.2.3 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
STARTTLS AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR
S: C01 OK Completed
C: S01 STARTTLS
S: S01 OK Begin TLS negotiation now
verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher DES-CBC3-SHA (168/168 bits)
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
AUTH=GSSAPI AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR
S: C01 OK Completed
Authentication failed. generic failure
Security strength factor: 168

============================

[***@post root]# imtest -u test -a test -t '' -m plain localhost
S: * OK post.domain.com Cyrus IMAP4 v2.2.3 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
STARTTLS AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR
S: C01 OK Completed
C: S01 STARTTLS
S: S01 OK Begin TLS negotiation now
verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher DES-CBC3-SHA (168/168 bits)
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
AUTH=GSSAPI AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR
S: C01 OK Completed
Please enter your password:
C: A01 AUTHENTICATE PLAIN dGVzdAB0ZXN0AHRlc3QxMjM=
S: A01 NO user not found
Authentication failed. generic failure
Security strength factor: 168

============================

Appears to be a user not found error? Thanks VERY much for your help
Mike. I really appreciate your assistance. :)

-trichard


---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

been
to
when
Invalid
Hi trichard,

try this:
imtest -u test -a test -t '' localhost
(after the -t those are 2 single-quotes.)

At the end of a lot of diagnostics, it should ask for your password.
type it in and hit <ENTER>. If it says "Authenticated", you are
connected and in; if, on the other hand, it says "No Authentication
failed", you are not. If you did not authenticate, hit CTRL-D and add
"-m plain" to the command above bofore "localhost" and try again.

If you do authenticate, (there is no prompt, the imapd just waits)
type:
A01 select inbox

This should return characteristics about the inbox.

If you are not able to authenticate, put the following line in your
/etc/imapd.conf after sasl_pwcheck_method:
sasl_auxprop_plugin: sasldb

and try again.

Let me know what it says.

Mike.
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

when
Invalid
Hi t,

What is unixhierarchysep set to in /etc/imapd.conf? I assume that you
are not using virutal domains. What version of cyrus-imapd are you
using?

Mike.
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

I feel like I am getting pretty close to having this work. I've been
stuck for awhile on this one issue and I cannot find documentation to
troubleshoot mailboxes and mail client access properly.

I can authenticate to the server using a mail client now. However, when
trying to read the inbox it fails with the following message:

"The current command did not succeed. The mail server responded: Invalid
mailbox name."

I feel I am missing something minor because the mailbox was created:

[***@post test]# pwd
/var/spool/imap/user/test
[***@post test]# ls -latr
total 20
-rw------- 1 cyrus mail 76 Feb 17 09:16 cyrus.index
-rw------- 1 cyrus mail 4 Feb 17 09:16 cyrus.cache
drwx------ 3 cyrus mail 4096 Feb 17 09:16 ..
-rw------- 1 cyrus mail 159 Feb 17 09:16 cyrus.header
drwx------ 2 cyrus mail 4096 Feb 17 10:15 .

[***@post test]# cyradm -u cyrus -s post
Password:
post.mydomain.com> lm
user.test (\HasNoChildren)

post.mydomain.com> sasldblistusers2
***@mydomain.com: userPassword
***@post.mydomain.com: userPassword

What am I doing wrong? Maybe some setting in the client perhaps?

Thanks,
-t



---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html