Re: Getting message "SASL Could not open /etc/sasl2/sasldb2" when trying to create a mailbox

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


This happened to me too, on gentoo. Seems there’s a regression when cyrus-imapd/cyrus-sasl is linked against db-4. For me it was simple, I just masked db-4 and linked them against db-5 or db-6 and it works just fine. But in your case of a binary distro, you prolly need to post a bug report on your distro bugzilla. I didn’t investigate further. Sorry. I just thought I would save you some time… it’s not in perms and/or config files. 

On 27 Nov 2022, at 09:29, dale@xxxxxxxxxxxxxxxxx wrote:

We have a server which, among other things, runs an email service for our company. This server runs RHEL 7.9, Cyrus and Sendmail.

Now we are replacing the hardware of this server and I am configuring the new server with RHEL 9 and the correspondingly new versions of cyrus-imapd (3.4.1-7.el9), cyrus-sasl (2.1.27-20.el9) and sendmail (8.16.1-10-el9).  I am not copying over configuration files but editing the new files to replicate the function of the production server.

I have encountered difficulties with getting the Cyrus IMAP service working.  There are a number of messages in /var/log/maillog which hint that Cyrus cannot access the SASL password database (/etc/sdsl2/sasldb2) but I am very confused about this sequence of symptoms and cannot pose a coherent question to you.

A simpler problem, which may turn out to be primary, is that I cannot create an IMAP mailbox for any user.  My steps are:

1) "cyradm -u cyrus localhost"
2) Enter password for cyrus account  (previously created with saslpasswd2 and verified with sasldblistusers2)
3) "cm user/dale"
4) Output on terminal "createmailbox: System I/O error"
5) Output in /var/log/maillog
Nov 24 14:24:05 localhost cyrus/imap[2989]: SASL transitioning user cyrus
Nov 24 14:24:05 localhost cyrus/imap[2989]: SASL SASL error opening password file. Do you have write permissions?#012Have you performed the migration from db2 using cyrusbdb2current?
Nov 24 14:24:05 localhost cyrus/imap[2989]: SASL Could not open /etc/sasl2/sasldb2
Nov 24 14:24:05 localhost cyrus/imap[2989]: SASL setpass failed for cyrus
Nov 24 14:24:05 localhost cyrus/imap[2989]: login: localhost [::1] cyrus LOGIN User logged in SESSIONID=<cyrus-1669328623-2989-1-18343421046283723159>
Nov 24 14:25:38 localhost cyrus/imap[2989]: IOERROR: creating directory /home/imap/d: Permission denied
Nov 24 14:25:38 localhost cyrus/imap[2989]: IOERROR: mkdir failed: fname=</home/imap/d/user/dale/cyrus.index> syserror=<Permission denied> func=<mailbox_create>

There seems to be two problems here, a failure to access the SASL database and a failure to create the mailbox caused by "Permission denied".  In other tests I changed the permission on /home/imap to allow anyone to write but still I get "Permission denied".  I have also changed the permission on /etc/sasl2/sasldb2 to allow anyone to read. In either test the failure persists.

I have done a lot of searching the Red Hat Knowledge as well as general Google searchs.  I have found some sites where people are asking about these particular log entries, but I have not seen one with a useful response.  Generally there is simply no reply.

Below I have "sasl_pwcheck_method: saslauthd".  I have also tried "auxprop" but authentication continued to fail.

Your help would be appreciated.

Both the Cyrus and SASL daemons are running.

The status of /home/imap is
[root@localhost etc]# ls -ld /home/imap
drwx------. 2 cyrus mail 6 Nov 24 00:42 /home/imap
[root@localhost etc]# ls -l /home/imap
total 0

The status of /etc/sasl2
[root@localhost etc]# ls -ld /etc/sasl2/
drwxr-xr-x. 2 root root 42 Nov 22 00:40 /etc/sasl2/
[root@localhost etc]# ls -l /etc/sasl2/
total 20
-rw-------. 1 root root 16384 Nov 19 00:02 sasldb2
-rw-r--r--. 1 root root    25 Aug 10  2021 Sendmail.conf

Contents of /etc/imapd.conf
admins: cyrus
unixhierarchysep: on
configdirectory: /var/lib/imap
proc_path: /run/cyrus/proc
mboxname_lockpath: /run/cyrus/lock
duplicate_db_path: /run/cyrus/db/deliver.db
ptscache_db_path:  /run/cyrus/db/ptscache.db
statuscache_db_path: /run/cyrus/db/statuscache.db
tls_sessions_db_path: /run/cyrus/db/tls_sessions.db
defaultpartition: default
partition-default: /home/imap
sievedir: /var/lib/imap/sieve
lmtpsocket: /run/cyrus/socket/lmtp
idlesocket: /run/cyrus/socket/idle
notifysocket: /run/cyrus/socket/notify
syslog_prefix: cyrus
httpmodules: caldav carddav domainkey freebusy ischedule rss webdav
hashimapspool: true
virtdomains: userid
popminpoll: 1
conversations: 1
conversations_db: twoskip
specialusealways: 1
allowplaintext: yes
sasl_pwcheck_method: saslauthd
sasl_auto_transition: yes
tls_server_cert: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_server_key: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_client_ca_file: /etc/ssl/certs/ca-bundle.crt
tls_client_ca_dir: /etc/ssl/certs
tls_sessiontimeout: 1440

Contents of /etc/cyrus.conf
# standard standalone server implementation, with preforked processes

  # do not delete this entry!
  recover       cmd="ctl_cyrusdb -r"

# UNIX sockets start with a slash and are put into /run/cyrus/socket
  # add or remove based on preferences
  imap          cmd="imapd" listen="imap" prefork=5
  imaps         cmd="imapd -s" listen="imaps" prefork=1
#  pop3          cmd="pop3d" listen="pop3" prefork=3
#  pop3s         cmd="pop3d -s" listen="pop3s" prefork=1
  sieve         cmd="timsieved" listen="sieve" prefork=0

  # these are only necessary if receiving/exporting usenet via NNTP
#  nntp          cmd="nntpd" listen="nntp" prefork=3
#  nntps         cmd="nntpd -s" listen="nntps" prefork=1

  # these are only necessary if using HTTP for CalDAV, CardDAV, or RSS
#  http          cmd="httpd" listen="http" prefork=3
#  https         cmd="httpd -s" listen="https" prefork=1

  # at least one LMTP is required for delivery
#  lmtp          cmd="lmtpd" listen="lmtp" prefork=0
  lmtpunix      cmd="lmtpd" listen="/run/cyrus/socket/lmtp" prefork=1

  # this is requied if using socketmap
#  smmap         cmd="smmapd" listen="/run/cyrus/socket/smmap" prefork=1

  # this is only necessary if using notifications
#  notify        cmd="notifyd" listen="/run/cyrus/socket/notify" proto="udp" prefork=1

  # this is required
  checkpoint    cmd="ctl_cyrusdb -c" period=30

  # this is only necessary if using duplicate delivery suppression,
  # Sieve or NNTP
  delprune      cmd="cyr_expire -E 3" at=0400

  # Expire data older than 28 days.
  deleteprune   cmd="cyr_expire -E 4 -D 28" at=0430
  expungeprune  cmd="cyr_expire -E 4 -X 28" at=0445

  # this is only necessary if caching TLS sessions
  tlsprune      cmd="tls_prune" at=0400

  # this is only necessary if using idled for IMAP IDLE
  idled         cmd="idled"

[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux