# cyrus+mysql: sieve fails[SOLVED]

## 2bbionic

Hello,

this is a (unanswered) crossposting from german forum: https://forums.gentoo.org/viewtopic-t-453319-highlight-.html

after a crash  (thanks, reiserfs...), i had to re-emerge cyrus. No, sieve is not working anymore I use squirrelmail with the avelsieve-plugin. The plugin says, that there ist no timsieved-process what is so far correct, because it will be startedd, if there is connection to port 2000...if i understand the following line in cyrus conf correct:

```

 sieve         cmd="timsieved" listen="sieve" prefork=0

```

The only messages are the following in everything/current:

```

Apr 13 16:43:00 [sieve] sql_select option missing

Apr 13 16:43:00 [sieve] auxpropfunc error no mechanism available_

Apr 13 16:43:00 [sieve] auxpropfunc error invalid parameter supplied_

```

 /etc/pam.d/sieve is linked to imap with this contents

```

auth sufficient pam_mysql.so user=mail passwd=xyz host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=1 logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host logpidcolumn=pid logtimecolumn=time

account required pam_mysql.so user=mail passwd=xyz host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=1 logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host logpidcolumn=pid logtimecolumn=time

```

Normal traffic - sending, receiving emails - is working without any trouble...but sieve will not work

Here ist the imap.conf

```

configdirectory:        /var/imap

partition-default:      /var/spool/imap

sievedir:               /var/imap/sieve

admins:                 cyrus

hashimapspool:          yes

allowanonymouslogin:    no

allowplaintext:         yes

pwcheck_method: saslauthd

sasl_mech_list: PLAIN

sasl_pwcheck_method: saslauthd

servername: sirius

autocreatequota: 100000

reject8bit: no

quotawarn: 90

timeout: 30

poptimeout: 10

dracinterval: 0

drachost: localhost

sendmail: /usr/sbin/sendmail

sieve_maxscriptsize: 32

sieve_maxscripts: 5

```

timsieved and siev are in /usr/lib/cyrus, sivtest returns the following:

```

sivtest -p 2000 -u tsp0001 -a tsp0001 -m pam -v

WARNING: no hostname supplied, assuming localhost

S: "IMPLEMENTATION" "Cyrus timsieved v2.2.12-Gentoo"

S: "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex"

S: OK

Authentication failed. no mechanism available

Security strength factor: 0

```

And in logfile:

```

[sieve] auxpropfunc error no mechanism available_

Apr 13 16:55:58 [sieve] auxpropfunc error invalid parameter supplied_

Apr 13 16:55:58 [sivtest] No worthy mechs found

```

uname -a:

```

Linux sirius 2.6.15-gentoo-r1 #1 SMP Wed Apr 12 20:54:33 CEST 2006 i686 Pentium III (Katmai) GNU/Linux
```

I don't know, where to search, i would be happy about every hints!

Thanks in advance,

2bbionicLast edited by 2bbionic on Thu Apr 20, 2006 3:39 pm; edited 1 time in total

----------

## 2bbionic

Nobody an idea?

----------

## Bad Penguin

 *2bbionic wrote:*   

> Nobody an idea?

 

It looks like authentication is failing.  You might try turning on logging in the pam configs to debug it.  As a last resort you can turn on logging in mysql (not binary logging, plain logging) and watch the sql statements during authentication attempts...

----------

## 2bbionic

I tried already to start saslauthd with -d -v. But - there are no events logged when i tried to connect via sieve.

----------

## Bad Penguin

 *2bbionic wrote:*   

> I tried already to start saslauthd with -d -v. But - there are no events logged when i tried to connect via sieve.

 

Are you certain all of the relevant packages are compiled with the correct use flags?  Try an emerge -pv on each, make sure they didn't get recompiled with the mysql flag turned off, for example.

As far as the debugging, you were getting error messages when you attempted to connect directly to timsieved (whatever it is call now).  You might need to turn on debugging messages for each service until (not just saslauthd) until you find out where the chain is broken...

That is about all of the guessing I can do  :Wink: 

----------

## 2bbionic

Well, this is what i've done so far:

This 

```
 sivtest -p 2000 -u tsp0001 -a tsp0001 -m pam -vv
```

returns:

```

WARNING: no hostname supplied, assuming localhost

S: "IMPLEMENTATION" "Cyrus timsieved v2.2.12-Gentoo"

S: "SASL" "PLAIN"

S: "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex"

S: OK

Authentication failed. no mechanism available

Security strength factor: 0

```

without -m pam:

```
WARNING: no hostname supplied, assuming localhost

S: "IMPLEMENTATION" "Cyrus timsieved v2.2.12-Gentoo"

S: "SASL" "PLAIN"

S: "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex"

S: OK

Please enter your password:

C: AUTHENTICATE "PLAIN" {36+}

dHNwPDAwxxxxxc3AwMDDxAHByZXRlRlcg==

S: OK

Authenticated.

Security strength factor: 0

logout

OK "Logout Complete"

Connection closed.

```

It seems - for me- that sieve is not using PAM for authentification. 

I can login via sieveshell and upload and activate any scripts.

Here are my USE-flags in make.conf: 

```
-snmp -motif -gtk -gnome -qt -kde -X -arts apache2 ldap mysql pam ssl xml xml2 gif jpeg png nls imap cli session
```

and this is what emerge -pc cyrus-imapd returns:

```
Calculating dependencies ...done!

[ebuild   R   ] net-mail/cyrus-imapd-2.2.12  -afs -drac -idled -kerberos +pam -snmp +ssl +tcpd 0 kB

```

Hmm, I'm missing the mysql-Flag...but pam seems to be activated, and pam should be relevant for authentification for sieve.

I'm very confused about pam, saslauthd and sieve....

EDIT:

I just found dev-libs/cyrus-sasl -mysql in my /etc/portage/package.use. I don't know why this is there, but i will recompile sasl without this statement...  :Twisted Evil: 

I just recompiled cyrus-sasl without "-mysql" with no effect:

```
Apr 20 16:59:17 [sieve] sql_select option missing

Apr 20 16:59:17 [sieve] auxpropfunc error no mechanism available_

Apr 20 16:59:17 [sieve] auxpropfunc error invalid parameter supplied_

```

----------

## Bad Penguin

 *2bbionic wrote:*   

> 
> 
> ```
> Apr 20 16:59:17 [sieve] sql_select option missing
> 
> ...

 

Is your /etc/pam.d/sieve an exact copy of /etc/pam.d/imap?  It appears you don't have the sql query defined anywhere for pam_mysql to lookup the passwords for the sieve service.

----------

## 2bbionic

Yes, i tried a symlink to imap and a copy. Both don't work; imap, smtp and pop3 (symlinks, too) are working perfect.

I made another test with sieveshell - more confusing:

sieveshell --user=tsp0001 --authname=tsp0001 localhost:

And this is the log:

```
[sieve] sql_select option missing

Apr 20 17:14:40 [sieve] auxpropfunc error no mechanism available_

Apr 20 17:14:41 [sieve] auxpropfunc error invalid parameter supplied_

Apr 20 17:14:43 [saslauthd] insert into log (msg, user, host, pid, time) values('AUTH SUCCESSFUL', 'tsp0001', '', '20469', NOW())

Apr 20 17:14:43 [sieve] login: localhost[127.0.0.1] tsp0001 PLAIN User logged in

```

To remember: sieveshell and timsieve are working if invoked without -m pam.

The only, the important missing thing is avelsieve, which is not working, because it can not reach the local timsieved. I tried to auth with plain, sasl, login and pam to 127.0.0.1 and 192.168.100.xxx without success...

----------

## Bad Penguin

 *Bad Penguin wrote:*   

>  *2bbionic wrote:*   
> 
> ```
> Apr 20 16:59:17 [sieve] sql_select option missing
> 
> ...

 

Er, never mind, I just re-read your first post!

You might want to look through /var/log/emerge.log and see which packages were upgraded when you reinstalled.  If I recall correctly, pam_mysql has gone through some changes recently and the syntax might be a little different now in the pam config for it, you might double check you have it set up correctly.  If you did upgrade any of the packages you might try remerging (is that a word) each package that is involved to make sure the dependencies are ok.  Basically do a revdep-rebuild, but I never suggest using that command to anyone because it is not dependable and can do very strange things to your box.

----------

## 2bbionic

Mea culpa...

I did a revedp-rebuild without any errors, restarted the server and now it seems to work ( i can login...)

I definetly changed nothing in configuration and rebooted many times; but now it's working again...

Thanks, Bad Penguin for your help, whatever you did to get my sieve running again!  :Laughing: 

----------

## Bad Penguin

 *2bbionic wrote:*   

> Mea culpa...
> 
> I did a revedp-rebuild without any errors, restarted the server and now it seems to work ( i can login...)
> 
> I definetly changed nothing in configuration and rebooted many times; but now it's working again...
> ...

 

Heh heh, no problem.  I have spent many an hour pulling my hair out over cyrus-imap and pam problems  :Wink: 

----------

