7 Replies Latest reply: Sep 27, 2005 5:40 PM by Paul Applegate1
Ron Hoeflinger Level 1 Level 1 (45 points)
Or do you only do spam filters? Would someone please get back to me if he has SUCCESSFULLY gotten Postfix/Cyrus/SASL to actually work?
  • 1. RE: Any of you geniuses know anything about SASL?
    Ron Hoeflinger Level 1 Level 1 (45 points)
    PS: The CMU site that is referenced by everyone as THE source for Cyrus IMAPD and SASL appears to no longer be supported (the ftp server is out-to-lunch).

    And this is the kind of open-source "product" that Apple builds its so-called commercial server on? This is no way to compete with the big boys, Apple.
  • 2. RE: Any of you geniuses know anything about SASL?
    pterobyte Level 6 Level 6 (10,910 points)
    Ron,

    I don't think you will get any answers by offending people here. The people answering here are not Apple employees, but just try their best to help out.

    So rather than offending people, state what your problem is and then maybe somebody will be able to help you.

    Alex
  • 3. RE: Any of you geniuses know anything about SASL?
    davidh Level 4 Level 4 (1,890 points)
    Ditto what Pterobyte said.

    In the meantime, perhaps have a look at:
    http://www.opensource.apple.com/darwinsource/10.4.2/passwordserversasl-59.2/cyrussasl/

    Of course, you'll need to sign up for a (free) ADC membership, and if you're running something other than 10.4.2, look for the matching version.
  • 4. RE: Any of you geniuses know anything about SASL?
    Ron Hoeflinger Level 1 Level 1 (45 points)
    Apparently, you are wrong. This is the first time I ever got a response on here, so being a bit "offensive" really works. Ever heard of the squeaky wheel?

    You say I should state my problem.... Well, look back to yesterday's posts and you will see a very detailed statement of my problem entitled "Cyrus/SASL" and you will also note that it has yet to receive a response.

    I know this is a user discussion and not supported (God forbid!!!) by Apple. My point is that Apple has produced a poor quality product (as attested to by all the problems related here) and trying to make it work by "word-of-mouth" support is very unreliable. I cringe at the thought of hosting paying websites on a machine that is not supported except by "volunteer" tinkerers.

    I used to work in the mainframe world and believe me, this sort of unprofessionalism was unknown because it never would have been tolerated.

    Thanks for all the help.
  • 5. RE: Any of you geniuses know anything about SASL?
    Ron Hoeflinger Level 1 Level 1 (45 points)
    PS: I wanted to know whether ANYONE has successfully implemented Cyrus/SASL on OS X. I'm beginning to doubt it. That opinion is supported by the lack of responses to any of my posts, even the non-offensive ones.

    I'm frustrated by an environment where there is very little good doc (even from the technical publishing houses) and someone with a serious problem has nothing to hope for but the "try this, it worked for me" sort of answer.

    I appreciate that you are all willing to help each other, but do you get the feeling we've been cast off in a rowboat in the middle of the ocean to fend for ourselves?
  • 6. RE: Any of you geniuses know anything about SASL?
    nicola moretti Level 2 Level 2 (215 points)
    (Answering here instead of your previous post for convenience.)

    Sorry, I'm not sure I'm understanding what you're trying to do. I'm surely not a Unix (nor OSX, for that matter) genius, of course;-)
    Please note: I haven't read your config yet: I'd like to know what's your goal first...
    No offense intended, but your "very detailed" explanation just says that you have many virtual domains (I know for sure that it can be done and many docs exist on the subject, even in this forum, so there should be no big problems here) and that you need SASL working, but you don't say what exactly you want to do with SASL... or why the existing tools can't get you where you want to go.

    From your previous post:

    The only problem I'm having is getting Apple Mail to create a POP/IMAP account and connect to my server in order to retrieve mail from my mailbox.


    Weird... Assuming that
    - the user exists in Workgroup Manager (is the server Standalone, or is it an Open Directory Master?)
    - mail for the user is enabled and he can receive mail (WGM again; seems so, as you say that mail is present on the server)
    - the IMAP server is enabled and running (Server Admin)
    - permissions for the mail tree are ok
    - /etc/imapd.conf (and /etc/cyrus.conf) is ok
    there is no reason for not being able to access the inbox from Mail, except a misconfiguration in Mail itself... (well, may actually be for a ton of other reasons!! From firewall to DNS to... whatever, but my very first assumption for a test system is always, and of course, that everything else works, and that security is relaxed first, and then raised).

    Also, I need to have SASL working to control mail client logins. I did the build and install for SASL, but I'm not sure if it's even working.


    Can you please explain what "control mail client logins" means?
    SASL is present in OSX server (and it's also used by the mail servers, btw), although some tools are admittedly missing (saslpasswd, sasldblistusers...). I think (my guess) that this is because Apple wants you to use Workgroup Manager/Server Admin, or because (same concept, after all) using both saslpasswd and WGM/AS would result in a total mess... Their choice anyway.
    My understanding is that SASL as a password server is _a part_ of (and integrated in) OSX server password system, and fiddling with SASL alone (say "directly") would very probably break the whole Open Directory system/setup. Of course, I may be wrong...
    If you need SASL to guarantee (say) CRAM-MD5 authentication to your clients, you already can do it with Server Admin. Or maybe you need it in order to create users in different domains? Or...?

    Anyway... If you have built and installed (and used) SASL, all your problems may come straight from there.

    Also, you probably should leave master.cf alone, at least until you have a "surely working" mail server (since postfix works, it seems that master.cf is ok, but I would start with a clean one).

    To summarize: please tell what, in your opinion, is missing in the "standard" tools, what you exactly want to achieve, and why you had/wanted to (re)install SASL. Postfix/Cyrus/SASL is already implemented in OSX Server (from 10.3 up), so please explain why/where it does not meet your expectations.

    regards
    nicola
  • 7. RE: Any of you geniuses know anything about SASL?
    Paul Applegate1 Level 1 Level 1 (105 points)
    I have SASL working, here are parts of my main.cf

    smtpdtls_keyfile = /etc/certificates/www.paulapplegate.com.key
    myhostname = europa
    mailbox_transport = cyrus
    #mailbox_transport = dspam
    default_privs = cyrusimap
    smtpsasl_authenable = yes
    smtpsasl_passwordmaps = hash:/etc/postfix/saslpass
    smtpsasl_securityoptions =

    localrecipientmaps =
    luser_relay = postmaster
    enableserveroptions = yes
    mydestination = $myhostname,localhost.$mydomain,localhost,paulapplegate.com
    relayhost = 63.xxx.xxx.xxx
    smtpdtls_commonname = www.paulapplegate.com
    smtpdsasl_authenable = yes
    smtpduse_pwserver = yes
    smtpdrecipientrestrictions = permitsasl_authenticated,permit_mynetworks,reject_unauthdestination,permit
    smtpdpw_server_securityoptions = login,cram-md5,plain
    smtpdusetls = yes
    smtpdtls_certfile = /etc/certificates/www.paulapplegate.com.crt
    messagesizelimit = 31457280
    mydomain = paulapplegate.com
    content_filter = smtp-amavis:[127.0.0.1]:10024

    Not hard, just use what I have and make a saslpass file.
    Paul