729 Views 7 Replies Latest reply: Sep 27, 2005 5:40 PM by Paul Applegate1
PS: The CMU site that is referenced by everyone as THE source for Cyrus IMAPD and SASL appears to no longer be supported (the ftp server is out-to-lunch).
And this is the kind of open-source "product" that Apple builds its so-called commercial server on? This is no way to compete with the big boys, Apple.
Ditto what Pterobyte said.
In the meantime, perhaps have a look at:
Of course, you'll need to sign up for a (free) ADC membership, and if you're running something other than 10.4.2, look for the matching version.
Apparently, you are wrong. This is the first time I ever got a response on here, so being a bit "offensive" really works. Ever heard of the squeaky wheel?
You say I should state my problem.... Well, look back to yesterday's posts and you will see a very detailed statement of my problem entitled "Cyrus/SASL" and you will also note that it has yet to receive a response.
I know this is a user discussion and not supported (God forbid!!!) by Apple. My point is that Apple has produced a poor quality product (as attested to by all the problems related here) and trying to make it work by "word-of-mouth" support is very unreliable. I cringe at the thought of hosting paying websites on a machine that is not supported except by "volunteer" tinkerers.
I used to work in the mainframe world and believe me, this sort of unprofessionalism was unknown because it never would have been tolerated.
Thanks for all the help.
PS: I wanted to know whether ANYONE has successfully implemented Cyrus/SASL on OS X. I'm beginning to doubt it. That opinion is supported by the lack of responses to any of my posts, even the non-offensive ones.
I'm frustrated by an environment where there is very little good doc (even from the technical publishing houses) and someone with a serious problem has nothing to hope for but the "try this, it worked for me" sort of answer.
I appreciate that you are all willing to help each other, but do you get the feeling we've been cast off in a rowboat in the middle of the ocean to fend for ourselves?
(Answering here instead of your previous post for convenience.)
Sorry, I'm not sure I'm understanding what you're trying to do. I'm surely not a Unix (nor OSX, for that matter) genius, of course;-)
Please note: I haven't read your config yet: I'd like to know what's your goal first...
No offense intended, but your "very detailed" explanation just says that you have many virtual domains (I know for sure that it can be done and many docs exist on the subject, even in this forum, so there should be no big problems here) and that you need SASL working, but you don't say what exactly you want to do with SASL... or why the existing tools can't get you where you want to go.
From your previous post:
The only problem I'm having is getting Apple Mail to create a POP/IMAP account and connect to my server in order to retrieve mail from my mailbox.
Weird... Assuming that
- the user exists in Workgroup Manager (is the server Standalone, or is it an Open Directory Master?)
- mail for the user is enabled and he can receive mail (WGM again; seems so, as you say that mail is present on the server)
- the IMAP server is enabled and running (Server Admin)
- permissions for the mail tree are ok
- /etc/imapd.conf (and /etc/cyrus.conf) is ok
there is no reason for not being able to access the inbox from Mail, except a misconfiguration in Mail itself... (well, may actually be for a ton of other reasons!! From firewall to DNS to... whatever, but my very first assumption for a test system is always, and of course, that everything else works, and that security is relaxed first, and then raised).
Also, I need to have SASL working to control mail client logins. I did the build and install for SASL, but I'm not sure if it's even working.
Can you please explain what "control mail client logins" means?
SASL is present in OSX server (and it's also used by the mail servers, btw), although some tools are admittedly missing (saslpasswd, sasldblistusers...). I think (my guess) that this is because Apple wants you to use Workgroup Manager/Server Admin, or because (same concept, after all) using both saslpasswd and WGM/AS would result in a total mess... Their choice anyway.
My understanding is that SASL as a password server is _a part_ of (and integrated in) OSX server password system, and fiddling with SASL alone (say "directly") would very probably break the whole Open Directory system/setup. Of course, I may be wrong...
If you need SASL to guarantee (say) CRAM-MD5 authentication to your clients, you already can do it with Server Admin. Or maybe you need it in order to create users in different domains? Or...?
Anyway... If you have built and installed (and used) SASL, all your problems may come straight from there.
Also, you probably should leave master.cf alone, at least until you have a "surely working" mail server (since postfix works, it seems that master.cf is ok, but I would start with a clean one).
To summarize: please tell what, in your opinion, is missing in the "standard" tools, what you exactly want to achieve, and why you had/wanted to (re)install SASL. Postfix/Cyrus/SASL is already implemented in OSX Server (from 10.3 up), so please explain why/where it does not meet your expectations.
I have SASL working, here are parts of my main.cf
smtpdtls_keyfile = /etc/certificates/www.paulapplegate.com.key
myhostname = europa
mailbox_transport = cyrus
#mailbox_transport = dspam
default_privs = cyrusimap
smtpsasl_authenable = yes
smtpsasl_passwordmaps = hash:/etc/postfix/saslpass
luser_relay = postmaster
enableserveroptions = yes
mydestination = $myhostname,localhost.$mydomain,localhost,paulapplegate.com
relayhost = 63.xxx.xxx.xxx
smtpdtls_commonname = www.paulapplegate.com
smtpdsasl_authenable = yes
smtpduse_pwserver = yes
smtpdrecipientrestrictions = permitsasl_authenticated,permit_mynetworks,reject_unauthdestination,permit
smtpdpw_server_securityoptions = login,cram-md5,plain
smtpdusetls = yes
smtpdtls_certfile = /etc/certificates/www.paulapplegate.com.crt
messagesizelimit = 31457280
mydomain = paulapplegate.com
content_filter = smtp-amavis:[127.0.0.1]:10024
Not hard, just use what I have and make a saslpass file.