Steve Campbell | 8 Jul 17:43 2014

I need to know what this error is telling me

new installation of perdition. I use the same file and content on my 
popmap as I do on a working production server.

I see in my maillogs the following error:

Fatal Error reading authentication information from client 
127.0.0.1:43557->127.0.0.1:143: Exiting child

It seems that perdition can't read my popmap file to get the redirection 
to the imap server.

Can someone explain what the message is really telling me, please?

Thanks

steve campbell
______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users

Steve Campbell | 3 Jul 21:42 2014

missing library on latest install

I'm trying to install perdition on a new Centos 6.5 server. I'm using 
the rpms from opensuse repo mentioned on the downloads page.

Upon startup, I getting the following message:

Starting perdition services (IMAP4): dlopen of 
"/usr/lib/libperditiondb_gdbm.so" failed

I'm not sure where this library comes from and there aren't any 
libperdition rpms that seem to provide this library.

Can anyone set me straight, please? Thanks

steve campbell
______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users

István Király | 1 Jul 20:29 2014
Picon

saslauthd and perdition

Hello List(s), ...

When using saslauthd for authentication with a remote imap server, in this case perdition IMAP4, there seems to be a compatibility issue.

After LOGIN, perdition is sending the CAPABILITY tag before the OK.
saslauthd expects an OK, but receives the CAPABILITY first and then closes the connection.

saslauthd[8454] :do_auth         : auth failure: [user=x <at> test.d250.hu] [service=imap] [realm=]
[mech=rimap] [reason=[ALERT] Unexpected response from remote authentication server]

I was able to alter the last lines of auth_rimap.c, and hack this out, but this should be implemented properly.

I assume, perdition behaves standard compliant within the IMAP4 protocol, however it could send the combined "a OK [CAPABILITY ... ]" as dovecot does. Is there a technical reason for the two separate messages? I was not able to manipulate this behavior with configuration arguments.

saslauthd on the other hand could read the CAPABILITY tag, skip it, and process the next tag to read an OK, and then close the connection, with the Unexpected response error eventually.

I'm not sure which is the more standard compliant approach, but if my assumption is correct, auth_rimap.c should be modified for increased compatibility.

Thank you, ...
Greetings,

--
Király István
+36 209 753 758

______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users
Vincent Fox | 12 Jun 20:43 2014
Picon

Perdition 2.1 status?

Hi,

I have been using Perdition 1.19rc5 for a while, have had sporadic 
complaints
about POP that I think could be Perdition.

I noticed 2.1 is out since February, is anyone using it, and can comment 
on stability?

I don't see any RPM for it for RHEL6/OEL6, they all seem to be the 
1.19rc5 I have now.
I previously built using the source RPM.  Anyone happen to have one?

Thanks!

______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users

Christophe H. | 1 May 19:13 2014

Little problem with libperditiondb_posix_regex

Hi list, 

While searching the web and perdition-users mailing list archive, I did not found the answer to this case. 

I encounter a little problem with libperditiondb_posix_regex . 

The context is simple : 
Perdition listening to IMAPS connections (from public network), with 3 backend IMAP servers on LAN. 

The configuration is quite simple too ;) : 
(this is running on Debian Wheezy , with Debian provided perdition package : version 1.19~rc5-1+b1) 

/etc/perdition/perdition.imap4s.conf
_____

log_facility local5
timeout 40
imap_capability "IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES
IDLE SORT QUOTA ACL ACL2=UNION STARTTLS"
ssl_mode ssl_listen
ssl_cert_file /etc/perdition/mtprx.stux.fr.crt
ssl_key_file /etc/perdition/mtprx.stux.fr.key

# M|map_library FILENAME:
# Library to open that provides functions to look up the server for a
# user.
# M /usr/lib/libperditiondb_gdbm.so.0
#map_library /usr/lib/libperditiondb_gdbm.so.0
map_library /usr/lib/libperditiondb_posix_regex.so.0
# map_library ""

# m|map_library_opt STRING:
# String option for the map_library.
# (default "")
#m ""
map_library_opt "/etc/perdition/transport.re"

bind_address 0.0.0.0,[2a01:xxx:xxx:xxx:xx:xx:feef:6101]
_____

/etc/perdition/transport.re
_____

(.*) <at> stuxnet.org: mta.stux.fr:143
(.*) <at> contacts.stux.fr: zimbra.stux.fr:143
(.*) <at> stux.fr.eu.org: $1 <at> publicmx.stux.fr:143
____

For the 2 first lines on transport.re, no problem : auth is forwarded without rewriting and works well. 
For the last, I try to extract the first part of e-mail address to forward only this to the "publicmx" host. 

Perdition has been restarted after update of "transport.re" (according to documentation : regex are
processed only one, while starting the daemon)

But when auth is made on the backend server, the whole e-mail address is used ... 
(It's useful to say that the dovecot IMAP service works well on this backend).
____

May  1 17:16:41 publicmx dovecot: auth-worker(19430): Error:
bsdauth(myuser <at> stux.fr.eu.org,172.18.10.61): getpwnam() failed: Operation not permitted
May  1 17:16:43 publicmx dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs):
user=<myuser <at> stux.fr.eu.org>, method=PLAIN, rip=172.18.10.61, lip=172.18.2.25, session=<AxT4Jlj4CwCsEgo9>
____

Did I made a mistake in configuration ? 
My regex seems to match, but is it compliant for this use case ?

Thanks for all your replies ;) . 

Regards,
Christophe.

______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users

Dominique Marant | 1 Apr 09:30 2014
Picon
Picon

timeout connect process imap

Hi,

I see that I still have old imap connection process that I have to kill 
it manually.
...
nobody   28199  0.0  0.2  57972  2712 ?        S    Mar20   0:00 
perdition.imap4: connect (bilas)
nobody   29060  0.0  0.2  57872  2732 ?        S    Mar12   0:00 
perdition.imaps: connect (hoogsvon)
nobody   29684  0.0  0.2  57872  2716 ?        S    Mar07   0:00 
perdition.imaps: connect (dojo)
nobody   30241  0.0  0.2  57872  2716 ?        S    Mar05   0:00 
perdition.imaps: connect (dojo)
nobody   30877  0.0  0.2  57872  2712 ?        S    Mar11   0:00 
perdition.imaps: connect (tason)
...

Is it possible to automatically kill all imap processes "connect" older 
than x days?

My perdition.imap4s.conf:
timeout 60
authenticate_timeout 60

Is it possible to add a  parameter connect_timeout?

(I am currently in version 1.19-rc4)

Regards,

Dominique
______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users

Christophe Carles | 14 Mar 11:26 2014
Picon

Fwd: Re: Failed to log client mail on Apple since 10.9.1


OK,

I used telnet to port 143 of cyrus.
The reply :
* OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS]
moncayo2.ibcg.biotoul.fr Cyrus IMAP4 v2.3.7-Invoca-RPM-2.3.7-12.el5_7.2
server ready

I have changed these settings in /etc/perdition/perdition.imap4s.conf :
imap_capability IMAP4 IMAP4REV1 LITERAL+ ID STARTTLS

And now it's OK with MAIL frome apple 10.9.2 and 10.9.1

Thank you for your help.

Regards,

Christophe

Le 13/03/2014 17:43, Marc Michele a écrit :
> Am 13.03.2014 17:21, schrieb Christophe Carles:
>> OK, where can I found more explication about it ? Especially for AUTH ?
> I use telnet to port 143 of cyrus to get imap capability string for my
> installation. To get more information i think you should read the rfcs
> for imap a good starting point is: http://tools.ietf.org/html/rfc3501
>
>>>> Which version of cyrus you use and on which distribution?
>> Cyrus 0.91 on Centos 5.10
> Serious, i think it should be at last 2.x
>
> Marc
>

--

-- 
Christophe Carles
CNRS - LMGM
Service Informatique
Bât. IBCG
118, route de Narbonne
31062 Toulouse Cedex9
sinfo <at> ibcg.biotoul.fr
Tél : 05.61.33.59.60
Fax : 05.61.33.58.86

______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users

Christophe Carles | 13 Mar 14:47 2014
Picon

Failed to log client mail on Apple since 10.9.1

Hello,
I use perdition to make a mail-proxy for outside mails customers.
This work very well with most of software mails customers.
I set up this in order to make acces for smartphone and over tablets.

Recently, users reported me difficulties connecting with the e-mail software of Apple "MAIL".

J have made some test and i don't understand what it could be ?

The Os server : Centos 6.5
The version of perdition is  perdition-1.19rc5-3.7.x86_64
Installation from repos : http://download.opensuse.org/repositories/home:/horms:/perdition/CentOS_CentOS-6/

The perdition configuration  :
/etc/sysconfig/perdition :
RUN_PERDITION=yes POP3=no POP3S=no IMAP4=no IMAP4S=yes /etc/perdition/perdition.imap4s.conf bind_address 193.48.191.9 # adresse d'écoute du service connection_logging # On logue toutes les communications imap_capability IMAP4 IMAP4REV1 LITERAL+ ID AUTH=PLAIN SASL-IR # On annonce la capacité imap aux clients protocol IMAP4S # protocole utilisé outgoing_port 993 ## Numero du port utilisé outgoing_server 0.0.0.0 # serveur de renvoie par défaut. On attribue un serveur par utilisateur. ssl_cert_file /etc/pki/tls/certs/ares.biotoul.fr.pem # chemin vers le certificat ssl_key_file /etc/pki/tls/private/ares.biotoul.fr.key # chemin vers la clé du certificat ssl_no_cert_verify # On ne vérifie pas la cryptographie inclus dans le certificat du backend ssl_no_cn_verify # On ne vérifie pas le nom inclus dans le CN du certificat du backend I use popmap for users in order to permit access :

/etc/perdition/popmap :
carles <at> biotoul.fr

Here are logs from client apple 10.9.2 (the last) with MAIL :

INITIATING CONNECTION Mar 13 11:39:11.381 host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x0 -- thread:0x61000047a240

CONNECTED Mar 13 11:39:11.442 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 -- thread:0x61000047a240

READ Mar 13 11:39:11.443 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 -- thread:0x61000047a240
* OK [CAPABILITY IMAP4 IMAP4REV1 LITERAL+ ID AUTH=PLAIN SASL-IR] perdition ready on tourmalet.ibcg.biotoul.fr 0002abbf

WROTE Mar 13 11:39:11.445 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 -- thread:0x60000067c700
1.54 ID ("name" "Mac OS X Mail" "version" "7.2 (1874)" "os" "Mac OS X" "os-version" "10.9.2 (13C64)" "vendor" "Apple Inc.")

READ Mar 13 11:39:14.447 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 -- thread:0x60800066f8c0
1.54 BAD Unrecognised command, mate

WROTE Mar 13 11:39:14.452 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 -- thread:0x60800066f8c0
2.54 AUTHENTICATE PLAIN  (*** 32 bytes hidden ***)

READ Mar 13 11:39:17.455 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 -- thread:0x60800066f8c0
2.54 BAD Mate, try AUTHENTICATE <mechanism>

WROTE Mar 13 11:39:17.459 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 -- thread:0x60800066f8c0
3.54 AUTHENTICATE PLAIN ************************

READ Mar 13 11:39:20.462 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 -- thread:0x60800066f8c0
3.54 BAD Mate, try AUTHENTICATE <mechanism>


And here are logs from server perdition :
 Starting perdition version=1.19-rc5 protocol=IMAP4S
Mar 13 11:47:08 tourmalet perdition.imaps[2622]: add_domain="", authenticate_in=off, authenticate_timeout=1800, bind_address="192.168.12.2", client_server_sp
ecification=off, config_file="/etc/perdition/perdition.imap4s.conf", connection_limit=0, connection_logging=on, connect_relog=300, debug=on, domain_delimiter
=" <at> ", explicit_domain="", group="nobody", imap_capability="IMAP4 IMAP4REV1 LITERAL+ ID AUTH=PLAIN SASL-IR", inetd_mode=off, listen_port="imaps", log_facility
="mail", log_passwd="never", login_disabled=off, lower_case="", managesieve_capability=""IMPLEMENTATION" "perdition"  "SIEVE" "comparator-i;octet comparator-
i;ascii-casemap fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables
body enotify environment mailbox date"  "SASL" "PLAIN"  "NOTIFY" "mailto"  "VERSION" "1.19-rc5"", map_library="/usr/lib64/libperditiondb_gdbm.so.0", map_libr
ary_opt="", no_bind_banner=off, no_daemon=off, no_lookup=off, tcp_keepalive=off, nodename="tourmalet.ibcg.biotoul.fr", ok_line="You are so in", outgoing_port
="993", outgoing_server="0.0.0.0", pid_file="/var/run/perdition.imaps/perdition.imaps.pid", pop_capability="UIDL.USER", protocol="IMAP4S", server_resp_line=o
ff, strip_domain="", timeout=1800, username="nobody", username_from_database=off, query_key="", quiet=off (mask=0x00000028 00000000)
Mar 13 11:47:08 tourmalet perdition.imaps[2622]: ssl_mode="", ssl_ca_file="", ssl_ca_path="/etc/perdition/perdition.ca/", ssl_ca_accept_self_signed="off", ss
l_cert_file="/etc/pki/tls/certs/tourmalet.ibcg.biotoul.fr.pem", ssl_cert_accept_expired="off", ssl_cert_not_yet_valid="off", ssl_cert_self_signed="off", ssl_
cert_verify_depth=9, ssl_key_file="/etc/pki/tls/private/tourmalet.ibcg.biotoul.fr.key", ssl_listen_ciphers="", ssl_outgoing_ciphers="", ssl_no_cert_verify="o
n", ssl_no_client_cert_verify="off", ssl_no_cn_verify="on" ssl_passphrase_fd=0, ssl_passphrase_file="", (ssl_mask=0x00000000)
Mar 13 11:47:08 tourmalet perdition.imaps[2625]: vanessa_socket_daemon_setid: uid=99 euid=99 gid=99 egid=99
Mar 13 11:47:24 tourmalet perdition.imaps[2627]: Connect:  192.168.8.10:49753->192.168.12.2:993
Mar 13 11:47:24 tourmalet perdition.imaps[2627]: SSL connection using AES128-SHA
Mar 13 11:47:24 tourmalet perdition.imaps[2627]: SELF:   "* OK [CAPABILITY IMAP4 IMAP4REV1 LITERAL+ ID AUTH=PLAIN SASL-IR] perdition ready on tourmalet.ibcg.
biotoul.fr 0002ab61\r\n"
Mar 13 11:47:24 tourmalet perdition.imaps[2627]: CLIENT: "1.20 ID (\"name\" \"Mac OS X Mail\" \"version\" \"7.2 (1874)\" \"os\" \"Mac OS X\" \"os-version\" \
"10.9.2 (13C64)\" \"vendor\" \"Apple Inc.\")\r\n"
Mar 13 11:47:27 tourmalet perdition.imaps[2627]: SELF:   "1.20 BAD Unrecognised command, mate\r\n"
Mar 13 11:47:27 tourmalet perdition.imaps[2627]: CLIENT: "2"
Mar 13 11:47:27 tourmalet perdition.imaps[2627]: CLIENT: ".20 AUTHENTICATE PLAIN YmlndWV0AGJpZ3VldABCYXkzMyFFczEw\r\n"
Mar 13 11:47:30 tourmalet perdition.imaps[2627]: SELF:   "2.20 BAD Mate, try AUTHENTICATE <mechanism>\r\n"
Mar 13 11:47:30 tourmalet perdition.imaps[2627]: CLIENT: "3"
Mar 13 11:47:30 tourmalet perdition.imaps[2627]: CLIENT: ".20 AUTHENTICATE PLAIN AGJpZ3VldABCYXkzMyFFczEw\r\n"
Mar 13 11:47:33 tourmalet perdition.imaps[2627]: SELF:   "3.20 BAD Mate, try AUTHENTICATE <mechanism>\r\n"
Mar 13 11:47:33 tourmalet perdition.imaps[2627]: CLIENT: ""
Mar 13 11:47:33 tourmalet perdition.imaps[2627]: token_read: token_fill_buffer
Mar 13 11:47:33 tourmalet perdition.imaps[2627]: read_line: token_read
Mar 13 11:47:33 tourmalet perdition.imaps[2627]: imap4_in_get_auth: read_imap4_line 1
Mar 13 11:47:33 tourmalet perdition.imaps[2627]: main: protocol->in_get_auth
Mar 13 11:47:33 tourmalet perdition.imaps[2627]: Fatal Error reading authentication information from client 192.168.8.10:49753->192.168.12.2:993: Exiting chi
ld
Mar 13 11:47:36 tourmalet perdition.imaps[2628]: Connect:  192.168.8.10:49754->192.168.12.2:993
Mar 13 11:47:36 tourmalet perdition.imaps[2628]: SSL connection using AES128-SHA
Mar 13 11:47:36 tourmalet perdition.imaps[2628]: SELF:   "* OK [CAPABILITY IMAP4 IMAP4REV1 LITERAL+ ID AUTH=PLAIN SASL-IR] perdition ready on tourmalet.ibcg.
biotoul.fr 0002ab61\r\n"
Mar 13 11:47:36 tourmalet perdition.imaps[2628]: CLIENT: "1.21 ID (\"name\" \"Mac OS X Mail\" \"version\" \"7.2 (1874)\" \"os\" \"Mac OS X\" \"os-version\" \
"10.9.2 (13C64)\" \"vendor\" \"Apple Inc.\")\r\n"
Mar 13 11:47:39 tourmalet perdition.imaps[2628]: SELF:   "1.21 BAD Unrecognised command, mate\r\n"
Mar 13 11:47:39 tourmalet perdition.imaps[2628]: CLIENT: "2"
Mar 13 11:47:39 tourmalet perdition.imaps[2628]: CLIENT: ".21 AUTHENTICATE PLAIN YmlndWV0AGJpZ3VldABCYXkzMyFFczEw\r\n"
Mar 13 11:47:42 tourmalet perdition.imaps[2628]: SELF:   "2.21 BAD Mate, try AUTHENTICATE <mechanism>\r\n"
Mar 13 11:47:45 tourmalet perdition.imaps[2628]: CLIENT: ""
Mar 13 11:47:45 tourmalet perdition.imaps[2628]: token_read: token_fill_buffer
Mar 13 11:47:45 tourmalet perdition.imaps[2628]: read_line: token_read
Mar 13 11:47:45 tourmalet perdition.imaps[2628]: imap4_in_get_auth: read_imap4_line 1
Mar 13 11:47:45 tourmalet perdition.imaps[2628]: main: protocol->in_get_auth
Mar 13 11:47:45 tourmalet perdition.imaps[2628]: Fatal Error reading authentication information from client 192.168.8.10:49754->192.168.12.2:993: Exiting chi
ld

I have made some tests with ssl_mode but no more access.

Is any one can have an idea ?

Thank you
-- Christophe Carles CNRS - LMGM Service Informatique Bât. IBCG 118, route de Narbonne 31062 Toulouse Cedex9 sinfo <at> ibcg.biotoul.fr Tél : 05.61.33.59.60 Fax : 05.61.33.58.86
______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users
Andreas Bauer | 11 Mar 14:43 2014
Picon

Does Perdition Support TLSv1.1 and TLSv1.2


Hi all,

I was searching the web and the mailing list, but couldn’t find an answer on this question:

Does Perdition support TLS Version 1.1. and 1.2 for imaps?

I tested perdition 1.19-rc5, which is included in Debian 7.4.

It also includes "OpenSSL 1.0.1e 11 Feb 2013“ which does support it.

When scanning with „sslscan localhost:993“, I don’t get any matching cipher, even if I’ve added them to the „ssl_listen_ciphers“ like this:

ssl_listen_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS“


Thanks for your help!

Cheers
Andreas
______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users
Julien Goodwin | 25 Feb 05:53 2014
Picon

IPv6 listen syntax

I've just upgraded my mail box to wheezy, and at the same time enabled
v6 on it, however I can't figure out what magic syntax is needed for
perdition to actual listen on v6.

The package in wheezy is 1.19~rc5-1+b1 which seems like it should have
v6 support, but it doesn't by default listen on v6, and with what seems
like the obvious setting:
bind_address 0.0.0.0,::

Fails to start.

Nowhere in the docs can I see any examples with v6 addresses, so I don't
know if it's perhaps expecting [::] style or something different.

Any pointers?

______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users
Alan McGinlay | 20 Feb 14:03 2014
Picon
Picon

How to have plain, plain + starttls on port 143 AND ssl/tls on port 993?

Hi,

We have long supported clients using whatever encryption scheme they 
choose. I am trying to get perdition running with the same level of 
support but am unable to have it successfully listen on both port 143 
and 993 with STARTTLS and ssl/tls encryption.

ssl_mode used to allow ssl_* and / or tls_* but now it's only one or 
the other not both.

Been messing around for ages, please help!

/A
______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users


Gmane