can't login in cyrus-imapd

[Francesc Guasch]

Hi. I'm not a newbie. I've been using cyrus-imapd since 1.5.19.
I successfully installed cyrus-imapd-16.19 rpm for rh6.2



Now I wanted to install it in a rh7.1 box but after solving many
problems now I'm facing one I can't manage.
I have:
cyrus-sasl-1.5.24-17
cyrus-imapd-2.0.9-3

Now I just can't login using cyradm localhost nor telnetting to
port 110. I've spent many hours searching mail archives and google
and I'm about to give up. Please someone give me a hint. I'm sure
I'm missing something obvious. Thank you for your time.

I see messages like this:

Sep 27 10:46:55 gaherma master[19344]: about to exec
/usr/cyrus/bin/imapd
Sep 27 10:46:55 gaherma service-/usr/cyrus/bin/imapd[19344]: executed
Sep 27 10:46:55 gaherma imapd[19344]: accepted connection
imap(pam_unix)[19421]: authentication failure; logname= uid=76 euid=76
tty= ruser= rhost=  user=root

##/etc/imapd.conf
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: cyrus root eva
allowanonymouslogin: no
#sasl_pwcheck_method: sasldb
sasl_pwcheck_method: pam
#I tried method: passwd, shadow, pam, sasld.#

My cyrus user:
uid=76(cyrus) gid=12(mail) grupos=12(mail),0(root),76(shadow)

The shadow and sasld files:
-rw-r-1 root mail 1905 sep 27 08:33 /etc/shadow
-rw-r--r--1 cyrusroot12288 sep 27 11:02 /etc/sasldb


#/etc/cyrus.conf
START {
  # do not delete these entries!
  mboxlist  cmd=ctl_mboxlist -r
  deliver   cmd=ctl_deliver -r
}
SERVICES {
  # add or remove based on preferences
  imap  cmd=/usr/cyrus/bin/imapd listen=imap prefork=0
  imaps cmd=/usr/cyrus/bin/imapd -s listen=imaps prefork=0
  pop3  cmd=/usr/cyrus/bin/pop3d listen=pop3 prefork=0
  pop3s cmd=/usr/cyrus/bin/pop3d -s listen=pop3s prefork=0
  sieve cmd=/usr/cyrus/bin/timsieved listen=sieve prefork=0
  lmtpunix  cmd=/usr/cyrus/bin/lmtpd
listen=/var/imap/socket/lmtp prefor
k=0
}
EVENTS {
  checkpointcmd=ctl_mboxlist -c period=30
}


#/etc/pam.d/imap##
#%PAM-1.0
auth   required /lib/security/pam_stack.so service=system-auth
accountrequired /lib/security/pam_stack.so service=system-auth

#/etc/pam.d/pop###
#%PAM-1.0
auth   required /lib/security/pam_stack.so service=system-auth
accountrequired /lib/security/pam_stack.so service=system-auth



-- 
 --Frankie

back to lmtpd problems

[Nick Ustinov]

I've discussed this problem some time ago, known as forking problem. Turned
out to be db3 locking problem or whatever. Anyway, here's something I
experience right now:

Let me begin with my system description.

It's Linux RedHat 7.0 with kernel 2.4.2-0.1.28smp running at dual p3/550
with 768 mb ram and several scsi hdds. There are 10 registered users in
the system, however only half are active. Currently I am running:

1) cyrus-imapd 2.0.16
2) pam_mysql
3) libdb-3.3
4) sendmail 8.12.0
5) kaspersky avp for linux
6) poprelay

Sendmail works in queue mode, -q1m

During that minute it is queuing e-mails everything is fine -- e-mails are
checked for viruses and if everything is fine, placed in queue. At peak
time, the system receives up to 300-400 e-mails per that minute. Once it
starts to deliver the e-mails locally, the problems begin. sendmail opens
huge number of connections to localhost, which look like that:

...
sendmail: ./f8RAK8Jw015602 localhost: client DATA sta
sendmail: ./f8RAJ81C015613 localhost: client DATA sta
sendmail: ./f8RAJ8WU015726 localhost: client DATA sta
sendmail: ./f8RAJ8Vm015734 localhost: client DATA sta
sendmail: ./f8RAK372016522 localhost: client DATA sta
sendmail: ./f8RAK6pN016557 localhost: client DATA sta
sendmail: ./f8RAK6fs016567 localhost: client DATA sta
...

and the system launches approx the same number of lmtpds. 

The e-mails are being delivered, but EXTREMELY slow. I don't know where the
problem is, however the system is unable to deliver more than 100-200
e-mails per minute. As you understand, while it is delivering 100-200
e-mails from queue, 300-400 new e-mails come. At next minute it opens even
more lmtpds and within 30-40 minutes it just dies with memory overflow
message.

I've tried everything, but don't know where the problem is. Here are my
config files:

cyrus.conf:
START {

  mboxlist  cmd=ctl_mboxlist -r

  deliver   cmd=ctl_deliver -r

}

 

SERVICES {

  imap  cmd=/usr/cyrus/bin/imapd listen=imap prefork=1

  pop3  cmd=/usr/cyrus/bin/pop3d listen=pop3 prefork=1

  sieve cmd=/usr/cyrus/bin/timsieved listen=sieve prefork=0

  lmtpunix  cmd=/usr/cyrus/bin/lmtpd listen=/var/imap/socket/lmtp
prefork=1 maxchild=50 
}

 

EVENTS {

  checkpointcmd=ctl_mboxlist -c period=30

  #delprune cmd=ctl_deliver -E 3 period=1440

}  

imapd.conf:
configdirectory: /var/imap

partition-default: /inbox1

partition-usr2: /inbox2

partition-usr3: /inbox3

partition-usr4: /inbox4

partition-usr5: /inbox5

admins: support

allowanonymouslogin: no

autocreatequota: 5000

quotawarn: 90

defaultacl: lrswipcda

sievedir: /var/imap/sieve

postmaster: support

reject8bit: no

sasl_pwcheck_method: pam


sendmail.mc:
include(`/usr/lib/sendmail-cf/m4/cf.m4')

VERSIONID(`linux setup for Red Hat Linux')dnl

OSTYPE(`linux')

define(`confDEF_USER_ID',``8:12'')dnl

undefine(`UUCP_RELAY')dnl

undefine(`BITNET_RELAY')dnl

define(`confTO_CONNECT', `1m')dnl

define(`confBIND_OPTS',`-DNSRCH -DEFNAMES')dnl

define(`confTRY_NULL_MX_LIST',true)dnl

define(`confDONT_PROBE_INTERFACES',true)dnl

define(`confTO_IDENT',`0')dnl

define(`confLOCAL_MAILER',`cyrus')dnl

define('ALIAS_FILE','/etc/aliases')dnl

define(`STATUS_FILE', `/var/log/sendmail.st')dnl

define('AVP_LOCAL_HACK')dnl

FEATURE(`smrsh',`/usr/sbin/smrsh')dnl

FEATURE(`mailertable',`hash -o /etc/mail/mailertable')dnl

FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable')dnl

FEATURE(redirect)dnl

FEATURE(always_add_domain)dnl

FEATURE(use_cw_file)dnl

FEATURE(`access_db')dnl

FEATURE(`blacklist_recipients')dnl

FEATURE(dnsbl, `blackholes.mail-abuse.org', `Rejected - see
http://www.mail-abuse.org/rbl/')dnl
FEATURE(dnsbl, `dialups.mail-abuse.org', `Dialup - see
http://www.mail-abuse.org/dul/')dnl  
FEATURE(dnsbl, `relays.mail-abuse.org', `Open spam relay - see
http://www.mail-abuse.org/rss/')dnl  
FEATURE(`delay_checks')dnl

Klocalip hash -aMATCH /etc/mail/localip

Kpopip hash  -aMATCH /etc/mail/popip

FEATURE(`accept_unresolvable_domains')dnl

MAILER(avpkeeper)dnl

MAILER(smtp)dnl

MAILER(local)dnl

 

MAILER_DEFINITIONS

Mcyrus, P=[IPC], F=lsDFMnqA5@/:|SmXz, E=\r\n,

S=EnvFromL, R=EnvToL/HdrToL, T=DNS/RFC822/X-Unix,

A=FILE /var/imap/socket/lmtp

 

LOCAL_RULE_0

Rbb + $+  @ $=w . $#cyrus $: + $1

 

LOCAL_RULESETS

# if there's a plus part, we want to directly deliver it

SLocal_localaddr

R$+ + $*$#cyrus $@ $: $1 + $2

 

SLocal_check_rcpt

# Put the address into cannonical form (even if it doesn't resolve to an
MX).   
R$* $: $Parse0 $3 $1

R$*  $*  $*   $: $1  $2 .  $3
Pretend it's canonical. 
R$*  $* . .  $*   $1  $2 .  $3
Remove extra dots.  
 

# Allow relaying if the connected host is a local IP address.

R$*

Re: back to lmtpd problems

[Francesc Guasch]

Nick Ustinov ha escrito:
 
 It's Linux RedHat 7.0 with kernel 2.4.2-0.1.28smp running at dual p3/550
 and the system launches approx the same number of lmtpds.
 
 The e-mails are being delivered, but EXTREMELY slow. I don't know where the
 problem is, however the system is unable to deliver more than 100-200
 e-mails per minute. As you understand, while it is delivering 100-200

Hi Nick. I've had no such scenario but let me guess something (that
could be completely wrong).

My bet is your problem is in disk speed. You have a limit of concurrent
delivering caused by your drive. When it reaches that limit it
gets worse. I'd try to set a max number of concurrent delivering
lmtpd processes in sendmail. I'd also buy faster scsi drives.

Another thing you could consider is replace sendmail and start using
postfix. I've seen reports of incredible number of mails delivered
and I've been using it in many servers happilly. It supports cyrus,
lmtpd and avp.

In the postfix mailing list I've seen people who have a lot of
users like you. Maybe you should check the postfix archives or
subscribe to the list. ( low noise ).

-- 
 --Frankie

RE: back to lmtpd problems

[Nick Ustinov]

Francesc,

Thanks for the idea, however the tests show that disk speed is quite enough
(and I guess there are no much faster drives I can get on the market right
now :). The problem could be in db3 locking or something like that, which is
linux specific. As for sendmail--postfix change -- I might want to try
that, however I am not experienced in postfix and the system is quite
critical, it's not that easy. Anyway, this looks like cyrus problem -- the
fact is that sendmail works FASTER than lmtpd causes the bottlenecks.

Nick.

-Original Message-
From: Francesc Guasch [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 27, 2001 13:20
Cc: '[EMAIL PROTECTED]'
Subject: Re: back to lmtpd problems


Nick Ustinov ha escrito:
 
 It's Linux RedHat 7.0 with kernel 2.4.2-0.1.28smp running at dual p3/550
 and the system launches approx the same number of lmtpds.
 
 The e-mails are being delivered, but EXTREMELY slow. I don't know where
the
 problem is, however the system is unable to deliver more than 100-200
 e-mails per minute. As you understand, while it is delivering 100-200

Hi Nick. I've had no such scenario but let me guess something (that
could be completely wrong).

My bet is your problem is in disk speed. You have a limit of concurrent
delivering caused by your drive. When it reaches that limit it
gets worse. I'd try to set a max number of concurrent delivering
lmtpd processes in sendmail. I'd also buy faster scsi drives.

Another thing you could consider is replace sendmail and start using
postfix. I've seen reports of incredible number of mails delivered
and I've been using it in many servers happilly. It supports cyrus,
lmtpd and avp.

In the postfix mailing list I've seen people who have a lot of
users like you. Maybe you should check the postfix archives or
subscribe to the list. ( low noise ).

-- 
 --Frankie

quota abstraction idea, comments ?

[Helmut Apfelholz]

Hi,

I was thinking about creating a deamon that would do
quota operations in the cyrus system. One could then
write the functions used by deamon for seting and
reading the quota. In such a configuration one could
store the information in:
- files as it happens now
- SQL database
and so on.

Such a setup would for example allow for storing quota
information in the central database for separate
servers.

Do you have any comments, maybe somebody is working on
something like this ?

Helmut Apfelholz



__
Do You Yahoo!?
Listen to your Yahoo! Mail messages from any phone.
http://phone.yahoo.com

Re: What's better or new in ver 2.1?

[Ken Murchison]

Horst Lederhaas wrote:
 
 Hello !
 I've heard much from the new Cyrus 2.1, but what's new or better in this
 
 version?
 Are there more features? Where can i read something about ver. 2.1?

Here's a brief list that I threw together into doc/change.html.  I'm
sure that Larry will expound on these terse descriptions before 2.1 is
released.


Changes to the Cyrus IMAP Server since 2.0.16

  altnamespace 
  unixhierarchysep 
  SSL/TLS session caching 
  support for IMAP CHILDREN  LISTEXT extensions 
  check recipient quota  ACL at time of RCPT TO: 
  support for LMTP STARTTLS  SIZE extensions 
  unified deliver.db (using cyrusdb interface) 
  fixed STORE FLAGS () bug 
  fixed SEARCH SUBJECT vs. SEARCH HEADER SUBJECT bug 
  users without an INBOX can have subscriptions 
  added cyrusdb_db3_nosync backend 
  do setgid and initgroups in master 
  configure now checks for DB3.3 
  SQUAT (Rob O'Callahan) 
  change SEARCH HEADER to SEARCH where possible (Rob O'Callahan) 
  improved directory hashing (Gary Mills ) 
  use of EGD for SSL/TLS (Amos Gouaux ) 
  separate certs/keys for services (Henning P. Schmiedehausen ) 
  ability to force ipurge to traverse personal folders (Carsten
Hoeger ) 
  fixed zero quota bugs in cyradm (Leena Heino ) 
  ignore trailing whitespace in imapd.conf 
  Received: header (with TLS and AUTH info) 
  added '-i' switch to sendmail command line for SIEVE reject,
redirect and vacation 
  reconstruct -m works again??? 

-- 
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26  Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp

Re: Eudora and ssl/tls and cyrus

[Amos Gouaux]

 On Thu, 27 Sep 2001 01:05:53 -0400,
 Nick Simicich [EMAIL PROTECTED] (ns) writes:

ns I did some searches in the archives.  If there is anything similar,
ns searching on Eudora and ssl or tls didn't find it.  Eudora will not
ns complete TLS negotiation with Cyrus.

Are you attempting to use the 'alternate port' configuration, or the
'starttls' configuration?  I ask because we were able to get the
'alternate port' configuration to work, but not the other.  Turns
out that Eudora actually tries to do 'startssl' instead of
'starttls'.  (No, 'startssl' doesn't exist.)

If this sounds like it might be your situation, either use the
'alternate port' or make a small change to the Cyrus code (I forget
exactly where) so that it will tolerate this non-standard
'startssl'.  I understand this has been reported to Eudora.

-- 
Amos

Microsoft Outlook Express Logon using Secure Password Authentication option.

[James Courtier-Dutton]

Can the above option be used with cyrus imap ?
If so, how ?

Cheers
James


--
Nothing in this world is exactly what it appears to be.

Cyrus with Exim: Sieve problems

[Frank Richter]

Hi,
I use cyrus-imap-2.0.16 with Exim 3.32 on Linux with LMTP delivery via
localhost. It works but when it comes to Sieve there's a problem.

When lmtpd detects in a user's sieve script a redirect (or vacation)
action it calls /usr/lib/sendmail -f from-address -- to-address and
pipes the messages to it (as I read lmtpd.c right). In my installation
this sendmail is exim actually.
When to-address is an external address it works as expected.

When to-address is a local address, the message is given from exim to
LMTP for this user and weird things happen: an empty line occures in the header part
- so the message is broken (no duplicate delivery suppression -dangerous-, as the
Message-Id is after the empty line!).

I detected that lmtpd gives the message to sendmail (exim in my case) with
CRLF on line ends. This causes the problem with exim - I added exim's
-dropcr flag and it works.

So, where is the problem - when is the extra line feed added? Does anyone
have an idea how to track this down? Should lmtpd pipe the message without
CRLF to the local sendmail command?

Thanks,
Frank
-- 
Email: [EMAIL PROTECTED]  http://www.tu-chemnitz.de/~fri/
Work:  Computing Services,  Chemnitz University of Technology,  Germany

Re: back to lmtpd problems (ot)

[Tarjei Huse]

 and I've been using it in many servers happilly. It supports cyrus,
 lmtpd and avp.
Note however that you should not use avpkeeper, but instead the programe avcheck
made by Ralf Hildebrandt. It offers better performance and higher security.
Also, I only had problems combining avpkeeper and postfix, but using avcheck
with kavdaemon works like a charm. 

Tarjei
 
 In the postfix mailing list I've seen people who have a lot of
 users like you. Maybe you should check the postfix archives or
 subscribe to the list. ( low noise ).
 
 --
  --Frankie

Re: AARRGGGHHHHHHH!!!! deliver - lmtp - cyrus still not working!

[Tarjei Huse]

Now that all is working well, would you mind making a brief sumary to what is
needed (deliverymethods, account ACL's etc. ) to make plussed users work? 

I'd like to add it to the faq.

Tarjei

Louis LeBlanc wrote:
 
 On 09/26/01 07:09 PM, Ken Murchison sat at the `puter and typed:
   all p
 
   this *should* be 'anyone', NOT 'all' as has been stated before.
 
 THHWWAACK!! (a good wack upside the head)
 
 You know, I just can't even tell you how *mortified* I am that I could
 make such a STUPID mistake!  I mean, I knew it would turn out to be
 some dumb little thing, but this gets it.
 
 I apologise profusely for taking your precious time to help me with
 such a DUNCE mistake, and I appreciate that you were willing to do so.
 
 Of course, your solution is correct.  All works as hoped.
 
 Thanks!
 
 Lou
 --
 Louis LeBlanc   [EMAIL PROTECTED]
 Fully Funded Hobbyist, KeySlapper Extrordinaire :)
 http://acadia.ne.mediaone.net ԿԬ
 
 genealogy, n.:
   An account of one's descent from an ancestor
   who did not particularly care to trace his own.
 -- Ambrose Bierce

RE: What is the best way to backup the email boxes in cyrus imap.

[James Courtier-Dutton]

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]]On Behalf Of Michael
 Salmon
 Sent: 26 September 2001 08:17
 To: [EMAIL PROTECTED]
 Subject: Re: What is the best way to backup the email boxes in cyrus
 imap.


 On Friday, September 21, 2001 07:40:50 PM +0100 James Courtier-Dutton
 [EMAIL PROTECTED] wrote:
 +--
 | Hello
 | What is the best way to backup email boxes in cyrus imap?

 I think that you are confusing cyrus with UW. The message files
 aren't ever
 changed and hence cannot be corrupted, the cyrus.* files change but as
 there aren't any tools to merge 2 copies they aren't worth
 backing up. That
 just leaves the mailbox file which only changes when you change
 acl's. Once
 again this would be a difficult file to recover but it is too
 important to
 ignore.

 /Michael
So if I only backup the message files and the acl's.
When I restore everything on a new machine, will the cyrus.* files create
themselves ?
The backup I want is just so that in a disaster situation, I can reload all
the email from backup onto a new machine.

Cheers
James

Re: back to lmtpd problems (ot)

[Tarjei Huse]

AFAIK it only works with the postfix filtering code, but I think you could write
sendmailrules for it (you can do anything w/sendmail ;)  .
Tarjei

Nick Ustinov wrote:
 
 Should I use avcheck instead of avpkeeper with sendmail as well, or that's
 just for postfix?
 
 -Original Message-
 From: Tarjei Huse [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, September 27, 2001 17:15
 To: Francesc Guasch
 Cc: '[EMAIL PROTECTED]'
 Subject: Re: back to lmtpd problems (ot)
 
  and I've been using it in many servers happilly. It supports cyrus,
  lmtpd and avp.
 Note however that you should not use avpkeeper, but instead the programe
 avcheck
 made by Ralf Hildebrandt. It offers better performance and higher security.
 Also, I only had problems combining avpkeeper and postfix, but using avcheck
 with kavdaemon works like a charm.
 
 Tarjei
 
  In the postfix mailing list I've seen people who have a lot of
  users like you. Maybe you should check the postfix archives or
  subscribe to the list. ( low noise ).
 
  --
   --Frankie

Re: Eudora and ssl/tls and cyrus

[Nick Simicich]

I apologize that this is a FAQ and will now scurry off to recompile.  Yep, 
that does it, it established a sslV3 connection immediately, authenticated 
without a problem.

Are there more Eudora related questions in this 2.1 FAQ?  Is it available 
anywhere? Ah, you said it was available in CVS, I'll try to figure out how 
to access it, I'm not a CVS maven by any stretch of the imagination, I 
think I used it from a cookbook once several years ago.

I will write a note to their tech support.

RFC2246 describes TLS. It looks like the Standards Track RFC that requires 
TLS for the STARTTLS command is RFC2595, specifically section 2.1, Cipher 
Suite Requirements. So it looks like they are in violation of 
2595.  Perhaps the FAQ should be updated to point to 2595, the requirement 
that TLS is a requirement for implementation of the STARTTLS command is 
very clear there.

At 08:16 AM 9/27/2001 -0400, Ken Murchison wrote:


Nick Simicich wrote:
 
  I did some searches in the archives.  If there is anything similar,
  searching on Eudora and ssl or tls didn't find it.  Eudora will not
  complete TLS negotiation with Cyrus.
 
  I am running Redhat Roswell (the current Redhat Beta, 7.1+) on an Intel 
 box.
 
  I am running cyrus-imapd-2.0.15-HIERSEP-r2, and (from the Redhat rpm)
  openssl-0.9.6b-7.
 
  I have generated a server key that works with Eudora 5.1 when I use it to
  communicate with smtp and Postfix.  It is not signed by a known CA but
  Eudora allows you to trust a particular certificate.  smtp goes through
  the postfix use of the SSL library.  However, when I use that same key to
  connect to imap on the alternate port, things just don't work.
 
  The message (from Eudora) is:
 
  SSL Negotiation failed: You have configured the personality/protocol to
  reject any exchange key lengths below 0. But the negotiated exchange key
  length is -1. Hence this established secure channel is
  unacceptable.  Connection will be dropped. Cause: (-6996)

 From doc/faq.html in CVS (to be inluded in the 2.1 release):

Q: Eudora 5.x can't connect using STARTTLS (SSL Neogotiation Failed).
What should I do?

   A: First, complain to QUALCOMM because their STARTTLS
implementation is broken. Eudora doesn't support TLSv1
   (per RFC2246) and Cyrus requires it. If you really need this
before it is fixed in Eudora, remove or comment
   out the following lines in tls.c:

   if (tlsonly) {
   off |= SSL_OP_NO_SSLv2;
   off |= SSL_OP_NO_SSLv3;
   }


FYI, I have complained to QUALCOMM with no response.  Perhaps if more
people complain, they will do something about it.  After all, the
command IS called STARTTLS and not STARTSSL.

--
We often hear of war described as if it were some kind of impersonal
affliction, such as the Black Plague or famine.The fact is that war is not
just something that happens, it is something that people make happen, and
they make it happen for reasons. As Clausewitz said, war is the continuation
of politics by other means. Exactly. War is neither a hurricane nor a flood.
It is, on the contrary, the cutting edge of ideology.
   -- Jeff Cooper
Nick Simicich - [EMAIL PROTECTED] - http://scifi.squawk.com/njs.html

mailbox migration

[Jesse Ahrens]

Hi,
I have to admit a fair amount of greenness in this so bear with me. I'm 
trying to migrate the mailboxes from a solaris 7 box running Cyrus IMAP 
1.5.19 to a FreeBSD 4.4 box running Cyrus 2.0.14. If anyone has a guide or 
a URL to do this I'd be extremely grateful for any knowledge anyone can 
lend. Thanks in advance.

Jesse Ahrens
Unix Systems Administrator
Meridian Advertising
4850 G St.
Omaha, NE 68117
402-733-6400 x266

Re: mailbox migration

[David Fuchs]

This morning, I just finished completing exactly what you are doing (except
we use FreeBSD on both systems) by migrating from 1.5.19 to 2.0.14. Here
is a quick guide (I wrote everything down...):

  Copy the 'mailboxes' file from the old Cyrus 1.5.19 to the new machine
somewhere.
  Run the command: su cyrus_user -c "/path/to/cyrus-2.0.14/bin/ctl_mboxlist
-u  /path/to/old/cyrus/mailboxes"
  
This command creates a mailboxes.db with the information from the
old mailboxes file.
I created a dot-patch (user/ instead of user.) a while ago for my
customers, which means I had to edit the 'mailboxes' file and replace all
dots with slashes before I could import it into Cyrus 2.0.14. You can safely
skip any modifications to the 'mailboxes' file.

  
  Tar up your mailstore on the old server. ie: tar -zcvf cyrus-mboxes.tar.gz
/path/to/cyrus-1.5.19_partitions
  Tar up your quotas if you have them. ie: tar -zcvf cyrus-quotas.tar.gz
/path/to/cyrus-1.5.19/quota
  
  ftp or scp the cyrus-mboxes.tar.gz and cyrus-quotas.tar.gz to the new
server.
  Untar the mailstore to the proper location, and ensure that your new
imapd.conf correctly reflects the old partition scheme.
  
The partition scheme must be identical, or you're going to find yourself
making changes to the mailboxes.db and quotas.

  
  Untar the quotas to the proper location ie: the imapd.conf's config_directory/quota
.
  
  Reconstruct your mailbox headers and quotas for to ensure integrity.
  
su cyrus_user -c "/path/to/cyrus-2.0.14/bin/reconstruct"
su cyrus_user -c "/path/to/cyrus-2.0.14/bin/quota -f"
  
  Start the 'master' process...
  Cross your fingers and test some mailboxes!

Hope that helps!

-David Fuchs


Jesse Ahrens wrote:
[EMAIL PROTECTED]">
Hi, 
I have to admit a fair amount of greenness in this so bear with me. I'm  trying
to migrate the mailboxes from a solaris 7 box running Cyrus IMAP  1.5.19
to a FreeBSD 4.4 box running Cyrus 2.0.14. If anyone has a guide or  a URL
to do this I'd be extremely grateful for any knowledge anyone can  lend.
Thanks in advance. 
  
Jesse Ahrens 
Unix Systems Administrator 
Meridian Advertising 
4850 G St. 
Omaha, NE 68117 
402-733-6400 x266 
  
  
  
  
  

SOS: Cyrus 2.0.16 with RedHat 7.1

[Eric L'Heureux]

Hi,

I need help! I'm trying to install Cyrus 2.0.16 on Red Hat 7.1.
I keep getting Invalid login errors when trying to connect from pop or
imap.

I've set-up Cyrus to use PAM for authentication but it seems to
try looking for a sasldb file. I DO NOT want to use sasldb, I have
already a huge passwd/shadow database and I'm not planning to convert it
to sasldb.

I've tried lots and lots of things like changing the permission of
the shadow file, changing some pam.d settings, recompiling cyrus with
unix authenication, etc... But I still CANNOT authenticate any users. I
can however use cyradm and create new mailboxes with the cyrus password
stored either in the shadow password file or in the sasldb.

I also tried to follow the instructions shown at
http://rmrpms.tripod.com/cyrus-imapd/
but it still does not work.

Thanks in advance for your help!

Eric

Re: SOS: Cyrus 2.0.16 with RedHat 7.1

[John Hayward]

Try renaming your /etc/sasldb.db to something else - that seemed to do
the trick for us.

johnh...
On Thu, 27 Sep 2001, Eric L'Heureux wrote:

 Date: Thu, 27 Sep 2001 15:45:15 -0400
 From: Eric L'Heureux [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Subject: SOS: Cyrus 2.0.16 with RedHat 7.1
 
 Hi,
 
 I need help! I'm trying to install Cyrus 2.0.16 on Red Hat 7.1.
 I keep getting Invalid login errors when trying to connect from pop or
 imap.
 
 I've set-up Cyrus to use PAM for authentication but it seems to
 try looking for a sasldb file. I DO NOT want to use sasldb, I have
 already a huge passwd/shadow database and I'm not planning to convert it
 to sasldb.
 
 I've tried lots and lots of things like changing the permission of
 the shadow file, changing some pam.d settings, recompiling cyrus with
 unix authenication, etc... But I still CANNOT authenticate any users. I
 can however use cyradm and create new mailboxes with the cyrus password
 stored either in the shadow password file or in the sasldb.
 
 I also tried to follow the instructions shown at
 http://rmrpms.tripod.com/cyrus-imapd/
 but it still does not work.
 
 Thanks in advance for your help!
 
 Eric
 
 

Re: SOS: Cyrus 2.0.16 with RedHat 7.1

[Eric L'Heureux]

Hi John,

I've tried to delete the /etc/sasld.db file and it still does not work!!

Anything else??

Thanks

Eric

John Hayward wrote:

 Try renaming your /etc/sasldb.db to something else - that seemed to do
 the trick for us.

 johnh...
 On Thu, 27 Sep 2001, Eric L'Heureux wrote:

  Date: Thu, 27 Sep 2001 15:45:15 -0400
  From: Eric L'Heureux [EMAIL PROTECTED]
  To: [EMAIL PROTECTED]
  Subject: SOS: Cyrus 2.0.16 with RedHat 7.1
 
  Hi,
 
  I need help! I'm trying to install Cyrus 2.0.16 on Red Hat 7.1.
  I keep getting Invalid login errors when trying to connect from pop or
  imap.
 
  I've set-up Cyrus to use PAM for authentication but it seems to
  try looking for a sasldb file. I DO NOT want to use sasldb, I have
  already a huge passwd/shadow database and I'm not planning to convert it
  to sasldb.
 
  I've tried lots and lots of things like changing the permission of
  the shadow file, changing some pam.d settings, recompiling cyrus with
  unix authenication, etc... But I still CANNOT authenticate any users. I
  can however use cyradm and create new mailboxes with the cyrus password
  stored either in the shadow password file or in the sasldb.
 
  I also tried to follow the instructions shown at
  http://rmrpms.tripod.com/cyrus-imapd/
  but it still does not work.
 
  Thanks in advance for your help!
 
  Eric
 
 

Re: Cyrus 2.0.16 with RedHat 7.1

[Jeremy Howard]

Eric L'Heureux wrote:
 I need help! I'm trying to install Cyrus 2.0.16 on Red Hat 7.1.
 I keep getting Invalid login errors when trying to connect from pop or
 imap.

 I've set-up Cyrus to use PAM for authentication but it seems to
 try looking for a sasldb file. I DO NOT want to use sasldb, I have
 already a huge passwd/shadow database and I'm not planning to convert it
 to sasldb.

What configure command did you use? What do your cyrus.conf and imapd.conf
files look like? What is in your imap log when you fail to authenticate?

netscape can't read imap folders created by gnus

[Chris Beggy]

Gnus is a great imap client! Really great!

In my case, netscape doesn't see new folders created
by gnus.  Gnus sees them, they are on the imap server, and gnus
can see new folders created by netscape.

Here's what I have:

  emacs20.4/gnus5.8.8
  netscape(messenger)4.73
  cyrus-imapd-2.0.14-namespace-r2

Has anybody else seen this?  Any solution?

Thanks.

Chris

Re: Microsoft Outlook Express Logon using Secure Password Authentication option.

[Jeremy Howard]

James Courtier-Dutton wrote:
 Can the above option be used with cyrus imap ?
 If so, how ?

I believe that it is proprietary. How ever you can enable SSL in OE, which
works with Cyrus fine.

Re: quota abstraction idea, comments ?

[Jeremy Howard]

Helmut Apfelholz wrote:
 I was thinking about creating a deamon that would do
 quota operations in the cyrus system. One could then
 write the functions used by deamon for seting and
 reading the quota. In such a configuration one could
 store the information in:
 - files as it happens now
 - SQL database
 and so on.

 Such a setup would for example allow for storing quota
 information in the central database for separate
 servers.

Sounds great. If you do this, have a look at unix_notify.c to see in general
how to get Cyrus to call out to a daemon during a delivery phase. Consider
implementing a quota check in a similar way--eg a compile time hook that can
be easily configured, with a specific hook included that does the Unix
socket daemon callout.

temporarily unavailable

[Anderson Ferreira]

I am running cyrus-imapd-1.6.19 along with postfix under Red Hat Linux 6.2.

Most of the time it works flawlessly, but occasionally a delivery dies with
a log entry like the following:   Sep 27 15:00:56 atenas deliver[977]:
checkdelivered: error opening delivered database:
/var/imap/deliverdb/deliver-a.db: Resource temporarily unavailable

This only occurs when a mail is being sent to multiple local users.  The
mail is actually successfully delivered.  A web search revealed that several
sites had experienced Resource temporarily unavailable errors associated
with a failure to fork, and were able to fix them by increasing the allowed
number of user processes.  But my error says nothing about a failure to
fork, and I have not set any limit on the number of user processes.

Can someone suggest what might be going on and how to fix it?


Anderson Ferreira
Analista de Suporte

APPI Informática LTDA.
Av. Atáufo de Paiva nº 135/1410
Leblon - Rio de janeiro
Tel - 55 21 2529-5600
Fax - 55 21 2511-0785

Re: temporarily unavailable

[Alain Turbide]

That happens when you have a db mismatch.  You might want to run ldd
deliver to find out what libdb libraries it's linked to as well as the
other programs..  Make sure they are all compiled agains the same library.
I had the problem before and had to recompile and make sure that cyrus imap
included the proper headers.

Alain Turbide

- Original Message -
From: Anderson Ferreira [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, September 27, 2001 6:07 PM
Subject: temporarily unavailable


 I am running cyrus-imapd-1.6.19 along with postfix under Red Hat Linux
6.2.

 Most of the time it works flawlessly, but occasionally a delivery dies
with
 a log entry like the following:   Sep 27 15:00:56 atenas deliver[977]:
 checkdelivered: error opening delivered database:
 /var/imap/deliverdb/deliver-a.db: Resource temporarily unavailable

 This only occurs when a mail is being sent to multiple local users.  The
 mail is actually successfully delivered.  A web search revealed that
several
 sites had experienced Resource temporarily unavailable errors associated
 with a failure to fork, and were able to fix them by increasing the
allowed
 number of user processes.  But my error says nothing about a failure to
 fork, and I have not set any limit on the number of user processes.

 Can someone suggest what might be going on and how to fix it?


 Anderson Ferreira
 Analista de Suporte

 APPI Informática LTDA.
 Av. Atáufo de Paiva nº 135/1410
 Leblon - Rio de janeiro
 Tel - 55 21 2529-5600
 Fax - 55 21 2511-0785

Re: mailbox migration

[William K. Hardeman]

I thought I'd follow up on this thread, as I just this weekend performed 
such a migration, myself, except I was migrating from Red Hat Linux 6.2 to 
Slackware Linux Current (pre-8.0), where both systems were 
cyrus-imap-2.0.15 systems and both systems had Berkeley db-3.2.9.

I not only tarred up my mailspool (/var/spool/imap), but also my sieve 
directory structure (/var/spool/sieve) and my imap databases directory 
(/var/imap) and copied them over to the new machine, where I untarred them 
into the same directory structure. Config files were exactly the same on 
both systems.

I ran ctl_mailbox -r and reconstruct -r after the migration, started 
master, and everything seems to have migrated perfectly. None of my users 
has had a complaint yet.

So, it would seem, from my experience, that migration from and to identical 
system types, with the same versions of both cyrus-imap and db-3.2.9 
presents no major obstacles. The only problem we encountered was with our 
sasldb passwords and our mailman passwords, which was likely to have been 
caused by different salt values (or whatever randomizer is used). However, 
we maintain a store of our users passwords in plain text, and I was able to 
use an expect script in conjunction with a shell script I wrote to 
automatically reset the users passwords to their expected values.

Hope this helps,
Will

--On Thursday, 27 September, 2001 12:16 -0700 David Fuchs 
[EMAIL PROTECTED] wrote:

 This morning, I just finished completing exactly what you are doing
 (except we use FreeBSD on both systems) by migrating from 1.5.19 to
 2.0.14.  Here is a quick guide (I wrote everything down...):* Copy
 the 'mailboxes' file from the old Cyrus 1.5.19 to the new machine
 somewhere.* Run the command: su cyrus_user -c
 /path/to/cyrus-2.0.14/bin/ctl_mboxlist -u 
 /path/to/old/cyrus/mailboxes  * This command creates a mailboxes.db
 with the information from the old mailboxes file.  * I created a
 dot-patch (user/ instead of user.) a while ago for my customers, which
 means I had to edit the 'mailboxes' file and replace all dots with
 slashes before I could import it into Cyrus 2.0.14.  You can safely skip
 any modifications to the 'mailboxes' file.
   * Tar up your mailstore on the old server.  ie: tar -zcvf
 cyrus-mboxes.tar.gz /path/to/cyrus-1.5.19_partitions* Tar up your
 quotas if you have them.  ie: tar -zcvf cyrus-quotas.tar.gz
 /path/to/cyrus-1.5.19/quota
   * ftp or scp the cyrus-mboxes.tar.gz and cyrus-quotas.tar.gz to the new
 server.* Untar the mailstore to the proper location, and ensure that
 your new imapd.conf correctly reflects the old partition scheme.  *
 The partition scheme must be identical, or you're going to find yourself
 making changes to the mailboxes.db and quotas.
   * Untar the quotas to the proper location ie: the imapd.conf's
 config_directory/quota .
   * Reconstruct your mailbox headers and quotas for to ensure integrity.
 * su cyrus_user -c /path/to/cyrus-2.0.14/bin/reconstruct
 * su cyrus_user -c /path/to/cyrus-2.0.14/bin/quota -f
   * Start the 'master' process...
   * Cross your fingers and test some mailboxes!
 Hope that helps!

 -David Fuchs


 Jesse Ahrens wrote:

 Hi,
 I have to admit a fair amount of greenness in this so bear with me. I'm
 trying to migrate the mailboxes from a solaris 7 box running Cyrus IMAP
 1.5.19 to a FreeBSD 4.4 box running Cyrus 2.0.14. If anyone has a guide
 or a URL to do this I'd be extremely grateful for any knowledge anyone
 can lend. Thanks in advance.

 Jesse Ahrens
 Unix Systems Administrator
 Meridian Advertising
 4850 G St.
 Omaha, NE 68117
 402-733-6400 x266







William K. Hardeman
[EMAIL PROTECTED]
http://www.wkh.org

Always listen to experts. They'll tell you what can't be done and why. Then
do it.
--Robert A. Heinlein

Re: Eudora and ssl/tls and cyrus

[Nick Simicich]

At 07:46 AM 9/27/2001 -0500, Amos Gouaux wrote:
  On Thu, 27 Sep 2001 01:05:53 -0400,
  Nick Simicich [EMAIL PROTECTED] (ns) writes:

ns I did some searches in the archives.  If there is anything similar,
ns searching on Eudora and ssl or tls didn't find it.  Eudora will not
ns complete TLS negotiation with Cyrus.

Are you attempting to use the 'alternate port' configuration, or the
'starttls' configuration?  I ask because we were able to get the
'alternate port' configuration to work, but not the other.  Turns
out that Eudora actually tries to do 'startssl' instead of
'starttls'.  (No, 'startssl' doesn't exist.)

I had actually posted a trace of one of the sessions, extracted from 
ethereal (before it started working).  As you can see, the verb being used 
in, in fact, STARTSSL.  So I am of the opinion that if eudora was 
mistakenly using a STARTSSL verb, that they are now using STARTTLS (and, 
after that, refusing to actually start a TLS session - when I made the code 
change to turn not reject negotiation of SSL v2 and V3, it began 
negotiating a SSL V3 session rather than failing to negotiate a TLS 
session).  But I had actually attempted both the alternate port 
configuration and the main-port-with-startssl configuration, and they both 
failed in the same way - it is that Eudora does ot support TLS.

I have not looked at the details of the negotiation since examining the 
differences between SSL V2 and SSL V3 closely when trying to determine why 
socksified connections to SSL V3 servers sometimes failed while SSL V2 
connections always worked (some early SSL V3 implementations could not 
fallback when the cached secret on the server was not known to the client 
because it was not, in fact, the same client even though it came from the 
same IP address, the bypass was, in many cases, to force V2). So I don't 
know what, if any, advantages there are from forcing TLS, or why someone 
would not want to go ahead and fall back to SSL V3 other than it adheres to 
standards.  The code change that was suggested to not force TLS but to 
accept the use of either TLS or SSL V2/V3 allowed things to work.

* OK parrot.squawk.com Cyrus IMAP4 v2.0.15-HIERSEP-r2 server ready
0 CAPABILITY
* CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID 
NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT 
THREAD=REFERENCES IDLE STARTTLS AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5
0 OK Completed
1 STARTTLS
1 OK Begin TLS negotiation now
Then some binary gets put in here...
1 NO Starttls failed
* BAD Invalid tag
* BAD Invalid tag
and a short binary burst here...



If this sounds like it might be your situation, either use the
'alternate port' or make a small change to the Cyrus code (I forget
exactly where) so that it will tolerate this non-standard
'startssl'.  I understand this has been reported to Eudora.

The client that I have had to force to use alternate ports is Lookout.  I 
have not bothered to investigate why in those cases.

--
We often hear of war described as if it were some kind of impersonal
affliction, such as the Black Plague or famine.The fact is that war is not
just something that happens, it is something that people make happen, and
they make it happen for reasons. As Clausewitz said, war is the continuation
of politics by other means. Exactly. War is neither a hurricane nor a flood.
It is, on the contrary, the cutting edge of ideology.
   -- Jeff Cooper
Nick Simicich - [EMAIL PROTECTED] - http://scifi.squawk.com/njs.html

Eudora and ssl/tls and cyrus

[Nick Simicich]

I just successfully got Eudora to negotiate TLS with Cyrus.  This applies 
to Eudora 5.1.

A log extract which shows that I was able to connect in TLS is below --- 
you will have to trust me that I did it from Eudora.  The way to accomplish 
this is to stop Eudora, and using an editor like emacs or notepad, edit the 
eudora.ini file.  In the [Settings] part of the file, find a entry labeled 
SSLReceiveVersion  If it is there, change the value specified to 0.  If 
it is not there, add a line reading

SSLReceiveVersion=0

Then start Eudora again.

This parameter defaults to 6, which allows SSL Version 3 only.  A setting 
of 0 allows any of the settings it will speak.  7 forces TLS 1.0, other 
settings force various other combinations.  But 0 makes Eudora permissive 
and allows it to speak what the other end wants to speak, thus allowing it 
to use TLS version 1.0.  Why Eudora decided to make this parameter default 
to 6, I have no idea. I believe that this will allow Eudora 5.1 to talk to 
an unmodified Cyrus.

The FAQ should probably be changed to mention this parameter -- and maybe 
when people contact Eudora it should be to ask that the parameter be changed.

Sep 27 22:37:40 parrot master[30495]: about to exec /usr/cyrus/bin/imapd
Sep 27 22:37:40 parrot service-imaps[30495]: executed
Sep 27 22:37:40 parrot imapd[30495]: accepted connection
Sep 27 22:37:44 parrot imapd[30495]: starttls: TLSv1 with cipher 
DES-CBC3-SHA (1
68/168 bits) no authentication
Sep 27 22:37:45 parrot imapd[30495]: login: 
glock.squawk.com[208.176.124.157] ni
ck CRAM-MD5+TLS User logged in
Sep 27 22:37:45 parrot imapd[30495]: seen_db: user nick opened 
/var/imap/user/n/
nick.seen
Sep 27 22:37:45 parrot imapd[30495]: open: user nick opened INBOX

--
We often hear of war described as if it were some kind of impersonal
affliction, such as the Black Plague or famine.The fact is that war is not
just something that happens, it is something that people make happen, and
they make it happen for reasons. As Clausewitz said, war is the continuation
of politics by other means. Exactly. War is neither a hurricane nor a flood.
It is, on the contrary, the cutting edge of ideology.
   -- Jeff Cooper
Nick Simicich - [EMAIL PROTECTED] - http://scifi.squawk.com/njs.html

Re: Eudora and ssl/tls and cyrus

[Nick Simicich]

At 07:37 PM 9/27/2001 -0400, Nick Simicich wrote:

I had actually posted a trace of one of the sessions, extracted from 
ethereal (before it started working).  As you can see, the verb being used 
in, in fact, STARTSSL.  So I am of the opinion
I meant to type STARTTLS above, not STARTSSL.  Just shoot me now.

The final solution was to change a parameter in the eudora.ini file to 
allow it to negotiate tls.

--
We often hear of war described as if it were some kind of impersonal
affliction, such as the Black Plague or famine.The fact is that war is not
just something that happens, it is something that people make happen, and
they make it happen for reasons. As Clausewitz said, war is the continuation
of politics by other means. Exactly. War is neither a hurricane nor a flood.
It is, on the contrary, the cutting edge of ideology.
   -- Jeff Cooper
Nick Simicich - [EMAIL PROTECTED] - http://scifi.squawk.com/njs.html