Ezsra,
You may need to examine your mailboxes.db to see what the system is
actually doing. Have you made any changes to 'altnamespace:'?
For more information on the various namespaces, consult this document:
https://www.cyrusimap.org/3.0/imap/concepts/features/namespaces.html
To take a look at mailboxes.db, use the ctl_mboxlist(8) command, such as
(paths as on my server):
$ sudo -u cyrus /usr/lib/cyrus/bin/ctl_mboxlist -d
You'll see that in the mailboxes.db, the mailbox is still stored with
the dot delimiter, and a carrot "^" is used to represent any literal dot
characters present in a mailbox name. For example,
"user.nic.my^mailbox" in the DB represents "user/nic/my.mailbox" as seen
via protocol.
It sounds to me like you upgraded without taking the upgrade steps in
the necessary order, so your installation may be broken at this point.
If you're still in the testing phase, you may well find it easier to
simply start over; wipe the data on the new server and re-sync it
(however you did that). Otherwise you might be able to correct with a
reconstruct(8) command (read the docs, and mentions of reconstruct in
the upgrade docs, too).
By the way, the version you're using, 3.07, is fairly old, even for
the 3.0 branch. You may want to look for more recent packages, now,
before making a bunch more work for yourself. The most recent
version in 3.0 is 3.0.14, or jump to 3.2.4.
Cheers,
-nic
On 10/16/20 10:39 AM, Ezsra McDonald wrote:
Nic,
I am confused about unixhierarchysep.
I set it to off. LMTP could not find my testuser inbox when I created
the account user.testuser.
I set it to on. It still could not find the inbox which I expected.
I left it set to on and created a new user, user/testuser. Now LMTP
seems happy. I don't mind this setup however we would have to update
our inhouse tools to handle this.
Any idea why when unixhierarchysep is off I can't use the
user.testuser syntax?
Progress at least but I prefer not to make the developers modify all
the code for inhouse tools.
-Ez
On Fri, Oct 16, 2020 at 10:09 AM Nic Bernstein <[email protected]
<mailto:[email protected]>> wrote:
Ezsra,
Have you read and followed all of the steps outlined in the
Upgrade documentation for 3.0? You can find them here:
https://www.cyrusimap.org/3.0/imap/download/upgrade.html
[Note: use that link, since the current stable version is 3.2, and
simply navigating the website will lead you to the newer version,
not the 3.0 which you're using.]
If you haven't done these steps, as described, you may need to
start over. Pay special attention to steps 5 & 6, and follow the
links within for additional information on settings which have
changed, like 'unixhierarchysep:' and 'altnamespace:'.
Cheers,
-nic
On 10/16/20 9:56 AM, Ezsra McDonald wrote:
Hi Nic!
Here is some of the information you mentioned.
We use the RPM packages from the yum repositories.
Old Server:
OS: Oracle Linux 6.10
Postfix: postfix-2.6.6-8
Cyrus: cyrus-imapd-2.3.16-15
New Server:
OS: Centos 8.2.2004
Postfix: postfix-3.3.1-12
Cyrus: cyrus-imapd-3.0.7-16
Permissions on the inbox:
I did not have the "anyone p" ACL. I added that. I also add the
"a" to the testuser ACL. Neither of these helped. I also gave
Cyrus the "All" ACLs on the inbox. This made no difference.
localhost> lam user.testuser
cyrus lrswipkxtecda
testuser lrswipkxtecda
anyone p
We do not use the autocreate feature. We create the accounts
using an inhouse tool.
On Thu, Oct 15, 2020 at 7:07 PM Nic Bernstein
<[email protected] <mailto:[email protected]>> wrote:
Ezsra,
You haven't told us which versions of Cyrus you both were
using, on the old server, and are now using, on the new
server. A lot of things have changed between v2.X and 3.X,
including many "default" settings. Also, whose builds of
Cyrus are you using? Did you build your own, or did they
come from repositories, or what? Again, this matters both
for the old and new versions.
Lastly, what are the permissions on the mailbox involved? As
the admin user, use the "lam user/<username>" command in
'cyradm' to check this. The user's 'inbox',
'user/<username>' should have permissions like this:
localhost> lam user/testuser
anyone p
testuser lrswipcda
That "anyone p" is necessary for Posting permissions,
allowing program delivery to the mailbox.
And out of curiosity, does the mailbox actually exist? By
default, newer Cyrus IMAPd do not autocreate mailboxes, or at
least doesn't do so in the same way it used to. You mention
EL6 and CentOS. Older Redhat-ish Cyrus packages included
their own autocreate, which I believe was enabled by
default. Now, in 3.X, there's a new mechanism, and by
default it's not enabled. Your configurations do not show any
autocreate settings.
Check the man page for imapd.conf(5) for details on this. In
particular, search for this:
autocreate_post: 0
If enabled, when lmtpd(8) receives an incoming mail for
an INBOX that does not exist, then the INBOX is
automatically created by lmtpd(8) and delivery of the
message continues.
Also look into the 'autocreate_inbox_folders' setting, which
may hold a list of folders, such as Drafts, Sent, Trash, etc.
to create along with Inbox.
Cheers,
-nic
On 10/15/20 2:11 PM, Ezsra McDonald wrote:
Well, I did not make any discoveries. I was trying not to
make everyone look at my configs but that seems to be my
next step.
FILE: /etc/saslauthd.conf
------------------------------------------------------
ldap_servers: ldap://ldap.example.com <http://ldap.xample.com>
ldap_search_base: ou=people,dc=example,dc=com
ldap_filter: uid=%U
FILE: /etc/cyrus.conf
------------------------------------------------------
START {
# do not delete this entry!
recover cmd="ctl_cyrusdb -r"
}
SERVICES {
# add or remove based on preferences
imap cmd="imapd" listen="imap" prefork=5
imaps cmd="imapd -s" listen="imaps" prefork=1
# these are only necessary if receiving/exporting usenet
via NNTP
# these are only necessary if using HTTP for CalDAV,
CardDAV, or RSS
# at least one LMTP is required for delivery
lmtpunix cmd="lmtpd"
listen="/var/lib/imap/socket/lmtp" prefork=1
# this is only necessary if using notifications
}
EVENTS {
# this is required
checkpoint cmd="ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery
suppression,
# Sieve or NNTP
delprune cmd="cyr_expire -E 3" at=0400
# Expire data older than 28 days.
deleteprune cmd="cyr_expire -E 4 -D 28" at=0430
expungeprune cmd="cyr_expire -E 4 -X 28" at=0445
# this is only necessary if caching TLS sessions
tlsprune cmd="tls_prune" at=0400
}
DAEMON {
# this is only necessary if using idled for IMAP IDLE
}
FILE: /etc/cyrus.conf
------------------------------------------------------
admins: cyrus
configdirectory: /var/lib/imap
proc_path: /var/lib/imap/proc
mboxname_lockpath: /var/lib/imap/lock
duplicate_db_path: /var/lib/imap/db/deliver.db
ptscache_db_path: /var/lib/imap/db/ptscache.db
statuscache_db_path: /var/lib/imap/db/statuscache.db
tls_sessions_db_path: /var/lib/imap/db/tls_sessions.db
defaultpartition: default
partition-default: /var/spool/imap
sievedir: /var/lib/imap/sieve
lmtpsocket: /var/lib/imap/socket/lmtp
idlesocket: /var/lib/imap/socket/idle
notifysocket: /var/lib/imap/socket/notify
syslog_prefix: cyrus
hashimapspool: true
virtdomains: off
popminpoll: 1
conversations: 1
conversations_db: twoskip
specialusealways: 1
allowplaintext: 0
sasl_pwcheck_method: saslauthd
sasl_auto_transition: no
tls_server_cert: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_server_key: /etc/pki/cyrus-imapd/cyrus-imapd.key
tls_client_ca_dir: /etc/ssl/certs
tls_session_timeout: 1440
tls_ciphers:
TLSv1+HIGH:!aNULL:!eNULL:!LOW:!MD5:!EXPORT:!DES:!3DES:!RC4:@STRENGTH
tls_prefer_server_ciphers: 1
tls_versions: tls1_2
allowanonymouslogin: no
serverinfo: off
*Test login results:*
Test SaslAuthd*
*
------------------------------------------------------
~$ testsaslauthd -u testuser -p 'NOT_FOR_DISPLAY'
0: OK "Success."
Test imap
------------------------------------------------------
~$ imtest -m login -u testuser -a testuser -t "" localhost
S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS
LOGINDISABLED AUTH=GSS-SPNEGO AUTH=GSSAPI SASL-IR] server ready
C: S01 STARTTLS
S: S01 OK Begin TLS negotiation now
verify error:num=18:self signed certificate
TLS connection established: TLSv1.3 with cipher
TLS_AES_256_GCM_SHA384 (256/256 bits)
C: C01 CAPABILITY
S: * CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL
RIGHTS=kxten QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS
NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY
CATENATE CONDSTORE ESEARCH SEARCH=FUZZY SORT SORT=MODSEQ
SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT
THREAD=REFERENCES THREAD=REFS ANNOTATEMORE
ANNOTATE-EXPERIMENT-1 METADATA LIST-EXTENDED LIST-STATUS
LIST-MYRIGHTS LIST-METADATA WITHIN QRESYNC SCAN XLIST XMOVE
MOVE SPECIAL-USE CREATE-SPECIAL-USE DIGEST=SHA1
X-REPLICATION URLAUTH URLAUTH=BINARY AUTH=GSS-SPNEGO
AUTH=GSSAPI AUTH=PLAIN AUTH=LOGIN SASL-IR XCONVERSATIONS
COMPRESS=DEFLATE X-QUOTA=STORAGE X-QUOTA=MESSAGE
X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS IDLE
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN testuser {9}
S: + go ahead
C: <omitted>
S: L01 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL
RIGHTS=kxten QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS
NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY
CATENATE CONDSTORE ESEARCH SEARCH=FUZZY SORT SORT=MODSEQ
SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT
THREAD=REFERENCES THREAD=REFS ANNOTATEMORE
ANNOTATE-EXPERIMENT-1 METADATA LIST-EXTENDED LIST-STATUS
LIST-MYRIGHTS LIST-METADATA WITHIN QRESYNC SCAN XLIST XMOVE
MOVE SPECIAL-USE CREATE-SPECIAL-USE DIGEST=SHA1
X-REPLICATION URLAUTH URLAUTH=BINARY LOGINDISABLED
AUTH=GSS-SPNEGO AUTH=GSSAPI AUTH=PLAIN AUTH=LOGIN
XCONVERSATIONS COMPRESS=DEFLATE X-QUOTA=STORAGE
X-QUOTA=MESSAGE X-QUOTA=X-ANNOTATION-STORAGE
X-QUOTA=X-NUM-FOLDERS IDLE] User logged in
SESSIONID=<cyrus-422568-1602786511-1-7349358803894201420>
Authenticated.
Security strength factor: 256
^CC: Q01 LOGOUT
Connection closed.
Test LMTP
------------------------------------------------------
~$ sudo -u postfix swaks --to [email protected]
<mailto:[email protected]> --socket
/var/lib/imap/socket/lmtp --protocol LMTP
[sudo] password for XXXXXXXX:
=== Trying /var/lib/imap/socket/lmtp...
=== Connected to /var/lib/imap/socket/lmtp.
<- 220 XXXXXXXXXXXXXXXXXXXXXXXXXX server ready
-> LHLO XXXXXXXXXXXXXXXXXXXXXXXXXX
<- 250-XXXXXXXXXXXXXXXXXXXXXXXXXX
<- 250-8BITMIME
<- 250-ENHANCEDSTATUSCODES
<- 250-PIPELINING
<- 250-SIZE
<- 250-AUTH EXTERNAL
<- 250-IGNOREQUOTA
<- 250 Ok
SESSIONID=<cyrus-422719-1602786735-1-4293443568200236992>
-> MAIL FROM:<postfix@XXXXXXXXXXXXXXXXXXXXXXXXXX>
<- 250 2.1.0 ok
-> RCPT TO:<[email protected] <mailto:[email protected]>>
<** 550-Mailbox unknown. Either there is no mailbox
associated with this
<** 550-name or you do not have authorization to see it.
<** 550 5.1.1 User unknown
-> QUIT
<- 221 2.0.0 bye
=== Connection closed with remote host.
*Notes*:
I did notice a difference in the LMTP response from our
current production system. The current production system
includes the following in the response:
<- 250-STARTTLS
I do not see that on the new system (Response shown above)
with the same configuration. Curious why or if that has
anything to do with it. I am using a self-signed cert on the
new system for testing purposes. Is that why? Do I need to
tell LMTP to accept the cert somehow?
Thanks
-Ez
On Thu, Oct 15, 2020 at 9:32 AM Ezsra McDonald
<[email protected] <mailto:[email protected]>>
wrote:
Sebastian,
Thank you for the response.
I have never heard of this tool but it looks
interesting. I will give it a try.
Will let you all know if I find anything.
-Ez
On Thu, Oct 15, 2020 at 9:28 AM Sebastian Hagedorn
<[email protected] <mailto:[email protected]>>
wrote:
Am 15.10.20 um 15:49 schrieb Ezsra McDonald:
> I wonder if there is a way to test LMTP manually
to verify LMTP can see
> the imap accounts? I have not done much with LMTP
because it always
> worked for us in the past.
My favorite tool for mail delivery testing is swaks.
You can test LMTP
this way:
swaks --to YOUR-TEST-USER --socket
/var/lib/imap/socket/lmtp --protocol LMTP
--
.:.Sebastian Hagedorn - Weyertal 121 (Gebäude
133), Zimmer 2.02.:.
.:.Regionales Rechenzentrum (RRZK).:.
.:.Universität zu Köln / Cologne University - ✆
+49-221-470-89578.:.
--
Nic [email protected] <mailto:[email protected]>
https://www.nicbernstein.com
https://www.linkedin.com/in/nic-b-26577a178/
*Cyrus <https://cyrus.topicbox.com/latest>* / Info / see
discussions <https://cyrus.topicbox.com/groups/info> +
participants <https://cyrus.topicbox.com/groups/info/members> +
delivery options
<https://cyrus.topicbox.com/groups/info/subscription> Permalink
<https://cyrus.topicbox.com/groups/info/T11ac789bb1e97f39-M5168df4341fd5ff249bd1f81>
--
Nic [email protected] <mailto:[email protected]>
https://www.nicbernstein.com
https://www.linkedin.com/in/nic-b-26577a178/
--
Nic Bernstein [email protected]
https://www.nicbernstein.com
https://www.linkedin.com/in/nic-b-26577a178/
------------------------------------------
Cyrus: Info
Permalink:
https://cyrus.topicbox.com/groups/info/T11ac789bb1e97f39-M9a6ff2d8d3d6e5029c714f29
Delivery options: https://cyrus.topicbox.com/groups/info/subscription
