Re: Cyrus IMAP, Steltor Calendar and Outlook

[Paul Fleming]

We use Steltor, Cyrus IMAP, Keberos V & OpenLdap works great.. Not as
tightly integrated as exchange on the user side but we're a UNIX shop so
not a problem plus our solution lets users select there preferred mail
client -- something many of them like to do. We're also able to support
Macintosh clients natively for Calendar & Email.  You can't do the
outlook workflow stuff (custom apps ala lotus notes). We're also behind
on Cyrus installs and our users are looking forward to having Server
Side (Sieve) rules. We support between 2000 & 3000 email accounts and
about 1300-1500 Steltor accounts. We're an email intense institution.
Calendar use is split about half of our users are hardcore 8hours day /
5days a week users other half casual use. Some specs

Cyrus IMAP (current 1.5.19 going to 2.1.3)
Authenticate via Kerberos V
mail on 4 PII400 machines front-ended by a custom load-balancing IMAP
proxy -- see Cyrus Murder page for more info and a link to my solution.

Steltor (2 nodes in network config using same LDAP)
1100 users on E3000 w/ 512Mb 2x250Mhz CPUs
400 users on Netra  w/ 256Mb 1x170Mhz CPU 2nd location

OpenLDAP
Authenticate via Kerberos V
master PIII 1Ghz 512Mb RAM
slaves
2 x PIII 1ghz 512Mb Primary Public Address book servers -- double as
IMAP proxy frontend - perform 5-10 connections per second for IMAP and
3-5 connections per second for LDAP during business hours
PIII 1ghz 512Mb RAM -- 2nd location
PII 350 128Mb -- External LDAP server

Web Interfaces
IMP & Steltor Web Client on PII 350Mhz w/ 256Mb 



Anthony Brock wrote:
> 
> Does anyone use Cyrus IMAP with the Steltor Calendar server? Specifically,
> do you use the Steltor Outlook connector?
> 
> We're evaluating the possibility of using Cyrus IMAP with Steltor instead
> of using an Exchange Server. At this time, there is heavy pressure to
> implement an Exchange solution (which I would prefer to avoid). Experiences
> would be greatly appreciated (especially with regard to
> functionality/testimonials/etc).
> 
> Tony
> 
> **
> * Anthony Brock [EMAIL PROTECTED] *
> * Director of Network Services George Fox University *
> **

Re: Fw: Alternate Namespace

[Anthony Brock]

At 12:48 AM 04/10/2002 -0700, [EMAIL PROTECTED] wrote:
>On Wed, 2002-04-10 at 07:59, [EMAIL PROTECTED] wrote:
> >> Anthony Brock schrieb am Tue, Apr 09, 2002 at 11:19:28PM -0700:
> >> > Where would you find this patch?
> >>
> >> Mmmh, maybe my post was a littly fast - I was sure I saw it flying
> >around
> >> somewhere.  However, you may begin with
> >>
> >>   http://www.surf.org.uk/downloads/HIERSEP-r2.patch
> >>
>
>That should apply to 2.0.16 , but it might not be all there.
>
>Cyrus do encourage movement to cyrus 2.1.x which has all these
>features.

I would love to. Unfortunately, Sendmail does not support Cyrus SASL 2 ...

However, I have yet to receive a clear answer. How do you support group 
authentication? Cyrus creates two groups automatically, including "anyone", 
however, I have not figured out how to create/user other groups. Advise is 
greatly appreciated!

Tony


**
* Anthony Brock [EMAIL PROTECTED] *
* Director of Network Services George Fox University *
**

Cyrus IMAP, Steltor Calendar and Outlook

[Anthony Brock]

Does anyone use Cyrus IMAP with the Steltor Calendar server? Specifically, 
do you use the Steltor Outlook connector?

We're evaluating the possibility of using Cyrus IMAP with Steltor instead 
of using an Exchange Server. At this time, there is heavy pressure to 
implement an Exchange solution (which I would prefer to avoid). Experiences 
would be greatly appreciated (especially with regard to 
functionality/testimonials/etc).

Tony

**
* Anthony Brock [EMAIL PROTECTED] *
* Director of Network Services George Fox University *
**

Re: preventing connect from different ip's if cyrus.conf contains specific binds

[Lawrence Greenfield]

Don't use the same "name" for each of them.

ie:
   pop3-local  cmd="pop3d" listen="[127.0.0.1]:pop3" prefork=0
   pop3-remote  cmd="pop3d" listen="[192.168.0.3]:pop3" prefork=0

Larry

   Date: Thu, 11 Apr 2002 21:43:46 -0400
   From: Ilya <[EMAIL PROTECTED]>

   Is it by design that if I setup in cyrus.conf something like this:
   pop3  cmd="pop3d" listen="[127.0.0.1]:pop3" prefork=0
   pop3  cmd="pop3d" listen="[192.168.0.3]:pop3" prefork=0

   than after first connection to lets say 127.0.0.1, the spawned pop3d never
   closes, and handles all subsequent connections?

   and than no connections can be made to 192.168.0.3, until I manually kill
   127.0.0.1 pop3d

   and the other way around.
   trying to connect second time says that connection is established, but no server
   prompt appears, until as I mentioned the other interface pop3d is killed.
   same thing with imapd.

   using this works:
   pop3  cmd="pop3d" listen="pop3" prefork=0
   but isn't listen there to create flexibility on which interface to listen?


   or am I alone in seeing this problem? or is setting listen on several ips for
   one protocol not allowed?

   freebsd 4.5 imapd 2.1.3 sasl 2.1.2

preventing connect from different ip's if cyrus.conf contains specific binds

[Ilya]

Is it by design that if I setup in cyrus.conf something like this:
pop3  cmd="pop3d" listen="[127.0.0.1]:pop3" prefork=0
pop3  cmd="pop3d" listen="[192.168.0.3]:pop3" prefork=0

than after first connection to lets say 127.0.0.1, the spawned pop3d never
closes, and handles all subsequent connections?

and than no connections can be made to 192.168.0.3, until I manually kill
127.0.0.1 pop3d

and the other way around.
trying to connect second time says that connection is established, but no server
prompt appears, until as I mentioned the other interface pop3d is killed.
same thing with imapd.

using this works:
pop3  cmd="pop3d" listen="pop3" prefork=0
but isn't listen there to create flexibility on which interface to listen?


or am I alone in seeing this problem? or is setting listen on several ips for
one protocol not allowed?

freebsd 4.5 imapd 2.1.3 sasl 2.1.2

cyrus imap 2.0.16: deliver doesn't deliver to folders

[Frank Drolshagen]

Hi,

when i do

$ cat mail | /usr/cyrus/bin/deliver -e -m localhost fdg

as user fdg this command works just fine, that, is without any error 
and the mail shows up in the inbox of user fdg.


When I do

$ cat mail | /usr/cyrus/bin/deliver -e -m localhost fdg.folder

'folder' being a folder in the inbox of the user fdg, this command 
exits without an error too, but the mail doesn't show up in the 
specified folder.


No, it's not eliminated due to being a duplicate. The file 'mail' 
doesn't have a Message-Id header line and when I execute the first 
command two or more times, the mail shows up in the inbox two or more 
times.

And, there is no helpful entry in the log file.


Any hints and/or tips?




Bye
f.d.g.

Re: SASL Trace

[Ilya]

I am using gdb on freebsd to trace mysql patch. Its been very helpfull, but only
after turning on mysql logs I was able to find the problem. So if you can catch
the query sent to ldap, try that. 
I am ot familiar with ldap though.


On Thu, Apr 11, 2002 at 09:09:11PM +0200, Birger Toedtmann wrote:
> Tim Pushor schrieb am Thu, Apr 11, 2002 at 09:49:39AM -0600:
> > Is there any way to trace what SASL is doing?
> > 
> > I am trying to get simon's ldap auxprop patch working, and it isn't. All I
> > am seeing in syslog is
> > 
> > badlogin: localhost[127.0.0.1] plaintext timp SASL(-13): user not found:
> > checkpass failed
> > 
> > If I new what SASL was trying to do, I could probably figure out whats
> > wrong, but at this point, without any other evidence, I am just grasping at
> > straws..
> 
> If you run it on Linux, you may give an ltrace(1) on the application process
> (i.e. imapd) a try.  It's very suitable to see whether certain config options 
> and file paths match and traces the sasl library calls accordingly.
> 
> 
> Regards,
> 
> Birger
>  
> 

Re: Postfix/Cyrus reports "temporary failure"

[Dustin Puryear]

At 12:05 AM 4/11/2002 +0100, simon wrote:
>On Wed, 2002-04-10 at 21:59, Dustin Puryear wrote:
> > Any help on this one? We are quite stumped. At this point our only other
> > option is to drop Cyrus, which we'd rather not do.
> >
>
>
>What is the quota of the users ???

We are not using quotas.

Regards, Dustin


---
Dustin Puryear <[EMAIL PROTECTED]>
UNIX and Network Consultant
http://members.telocity.com/~dpuryear
PGP Key available at http://www.us.pgp.net
In the beginning the Universe was created.
This has been widely regarded as a bad move. - Douglas Adams

RE: PHP Interface/Web GUI

[OCNS Consulting]

Found it here ->
ftp://ftp.tu-graz.ac.at/mirror/cyrus-tools/php-cyradm-2.0.1.tar.bz2

RB

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of sandra
Sent: Thursday, April 11, 2002 5:47 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: PHP Interface/Web GUI


HI !

   I have read a message about php-cyradm .
   But I couldn't download the package , because the link
to the file is incorrect.
   Is there another site to get it from?
   Or is anybody on this list that could point to me where could I find
it?

Thanks - Sandra

-

There is a tool to manage cyrus via php:

 http://freshmeat.net/projects/php-cyradm/

 I've tried the 1.x version once and it looked quite good.

 Cheers, DafDaf


 Ah, yeah. And there was a thread about web-interfaces for IMAP servers
a
 couple of weeks ago. Just search the archives.

Re: PHP Interface/Web GUI

[sandra]

HI !

   I have read a message about php-cyradm .
   But I couldn't download the package , because the link
to the file is incorrect.
   Is there another site to get it from?
   Or is anybody on this list that could point to me where could I find
it?

Thanks - Sandra

-

There is a tool to manage cyrus via php:

 http://freshmeat.net/projects/php-cyradm/

 I've tried the 1.x version once and it looked quite good.

 Cheers, DafDaf


 Ah, yeah. And there was a thread about web-interfaces for IMAP servers
a
 couple of weeks ago. Just search the archives.

Re: SASL Trace

[Birger Toedtmann]

Tim Pushor schrieb am Thu, Apr 11, 2002 at 09:49:39AM -0600:
> Is there any way to trace what SASL is doing?
> 
> I am trying to get simon's ldap auxprop patch working, and it isn't. All I
> am seeing in syslog is
> 
> badlogin: localhost[127.0.0.1] plaintext timp SASL(-13): user not found:
> checkpass failed
> 
> If I new what SASL was trying to do, I could probably figure out whats
> wrong, but at this point, without any other evidence, I am just grasping at
> straws..

If you run it on Linux, you may give an ltrace(1) on the application process
(i.e. imapd) a try.  It's very suitable to see whether certain config options 
and file paths match and traces the sasl library calls accordingly.


Regards,

Birger
 

Re: Segfault / Bus error on Squatter...

[Lawrence Greenfield]

   Date: Thu, 11 Apr 2002 00:42:59 -0600
   From: Scott M Likens <[EMAIL PROTECTED]>

   I'm running Squatter trying to prune my indexes and see if it helps with 
   performance.  Let's face it, that's hard.  Cyrus runs SWELL on this Ultra 
   Sparc 5.

   But Squatter seems to have problems with HTML encoded mail.

Ken Murchison fixed a bug in squatter since 2.1.3; you might want to
try this patch.

http://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/cyrus/imap/squat_build.c.diff?r1=1.2&r2=1.3&f=u

Larry

Re: Segfault / Bus error on Squatter...

[Ken Murchison]

Scott M Likens wrote:
> 
> I'm running Squatter trying to prune my indexes and see if it helps with
> performance.  Let's face it, that's hard.  Cyrus runs SWELL on this Ultra
> Sparc 5.
> 
> But Squatter seems to have problems with HTML encoded mail.

I don't think its related specifically to HTML as much as these
particular messages expose the underlying heap corruption.  Either grab
the latest code from CVS or try this patch:

http://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/cyrus/imap/squat_build.c.diff?r1=1.2&r2=1.3&f=u

Let me know if this fixes the problem.

Ken
-- 
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26  Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp

SASL Trace

[Tim Pushor]

Is there any way to trace what SASL is doing?

I am trying to get simon's ldap auxprop patch working, and it isn't. All I
am seeing in syslog is

badlogin: localhost[127.0.0.1] plaintext timp SASL(-13): user not found:
checkpass failed

If I new what SASL was trying to do, I could probably figure out whats
wrong, but at this point, without any other evidence, I am just grasping at
straws..

Thanks,
Tim

Re: Cyrus 2.0.16 seen file locking patch

[Hein Roehrig]

On Thu, 2002-04-11 at 15:24, John Wade wrote:
> Just for reference,  what file system type are you using (ext2, ext3, etc.)

ext3 with the noatime,data=journal options

> Have you tried using gdb to backtrace what the processes are blocking
> on?

Yes, lmtpd was blocked in flock.

> Hope it works for you,  I have not looked at the lock_flock.c file on 2.1.3,
> but I doubt that it has changed.

Microscopic changes, diff attached for reference. Now waiting :-)

-Hein



--- lock_flock.c.oldTue Oct  2 23:08:13 2001
+++ lock_flock.cThu Apr 11 15:14:23 2002
@@ -48,6 +48,7 @@
 #include 
 #ifdef HAVE_UNISTD_H
 #include 
+#include  
 #endif
 
 #include "lock.h"
@@ -56,6 +57,8 @@
 
 extern int errno;
 
+#define MAXTIME 99
+
 /*
  * Block until we obtain an exclusive lock on the file descriptor 'fd',
  * opened for reading and writing on the file named 'filename'.  If
@@ -79,14 +82,27 @@
 int r;
 struct stat sbuffile, sbufspare;
 int newfd;
+int delay=0, i=0;
 
 if (!sbuf) sbuf = &sbufspare;
 
-for (;;) {
-   r = flock(fd, LOCK_EX);
+for(i=0,delay=0;;) { 
+   r = flock(fd, LOCK_EX|LOCK_NB);
if (r == -1) {
-   if (errno == EINTR) continue;
-   if (failaction) *failaction = "locking";
+   if (errno == EINTR) {
+ continue;
+}
+else if ((errno == EWOULDBLOCK) && (delay < MAXTIME)) {
+syslog(LOG_DEBUG, "lock: reopen-blocked sleeping for %d on interval 
+%d (%d, %s)" , delay, i, fd, filename);
+sleep(delay);
+i++;
+delay = i*i;
+continue;
+}  
+   if (failaction) {
+if (delay >= MAXTIME) *failaction = "locking_timeout";
+else *failaction = "locking";
+}
return -1;
}
 



signature.asc
Description: This is a digitally signed message part

Re: Cyrus 2.0.16 seen file locking patch

[John Wade]

Hi Hein,

Just for reference,  what file system type are you using (ext2, ext3, etc.)
?  Have you tried using gdb to backtrace what the processes are blocking
on?

Hope it works for you,  I have not looked at the lock_flock.c file on 2.1.3,
but I doubt that it has changed.

Let me know what happens,
John

Hein Roehrig wrote:

> Seems that I am also experiencing this or a similar locking problem, on
> Cyrus 2.1.3, though, with Debian, Linux kernel 2.4.18.
>
> I will try the workaround now, but still would very much welcome
> comments on the problem.
>
> -Hein
>
> On Mon, 2002-04-08 at 23:26, John Wade wrote:
> > Hi Cyrus 2.0.16 users,
> >
> > Just because I received a couple of questions about what this patch is
> > designed to resolve, I thought this info might also be of general use.
> > As I stated before, the patched lock_flock.c file can be downloaded from
> > http://servercc.oakton.edu/~jwade/cyrus/
> [...]
>
>   
>Name: signature.asc
>signature.asc   Type: application/pgp-signature
> Description: This is a digitally signed message part

Re: Cyrus 2.0.16 seen file locking patch

[Hein Roehrig]

Seems that I am also experiencing this or a similar locking problem, on
Cyrus 2.1.3, though, with Debian, Linux kernel 2.4.18.

I will try the workaround now, but still would very much welcome
comments on the problem.

-Hein


On Mon, 2002-04-08 at 23:26, John Wade wrote:
> Hi Cyrus 2.0.16 users,
> 
> Just because I received a couple of questions about what this patch is
> designed to resolve, I thought this info might also be of general use.
> As I stated before, the patched lock_flock.c file can be downloaded from
> http://servercc.oakton.edu/~jwade/cyrus/
[...]





signature.asc
Description: This is a digitally signed message part

RE: Storing user passwords, LDAP

[OCNS Consulting]

xavier:

When say -> "so you can't use anything but plain or login as method
of authentication", explain further. For instance: what password
checking mechanism is specified in file -> "/etc/imapd.conf"?

Are you using "pam_ldap" to BIND to LDAP?

RB

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of xavier renaut
Sent: Wednesday, April 10, 2002 5:49 PM
To: [EMAIL PROTECTED]
Subject: Re: Storing user passwords, LDAP


On Wed, Apr 10, 2002 at 10:40:48PM +0200, Bart Janssens wrote:
> Hello
>
> I want to have all user info in an ldap server, but I am not sure on how
to store the passwords. Currently, I am in doubt between simply using
userPassword: {CRYPT}... or userPassword: {SASL}uid and storing the
passwords in sasldb. Which would be safer? I understand that if I use
DIGEST-MD5, gaining access to the sasldb file would give full access to the
attacker, so it seems to me that it would be safer to simply use {CRYPT} and
then protect the password with the usual ACL.
>

As I understand it,
one have choice between

 - storing the passwd in sasldb
(and if you put them in ldap too, you have to manage duplicates)

 - or in ldap.

(btw, it seems that {SSHA} hashing is the best secure way to crypt
a password)


If it's stored in ldap, cyrus is doing authentication
by BINDING to ldap as the user, not retrieving the passwd.
So ldap is doing the authentication. so you can't use anything
but plain or login as method of authentication...
because cyrus would need the clear passwd to do digest-md5
or cram-md5...

to summarize : sasldb permits (cram|digest)-md5
   ldap gives the centralization

Hope this helps, (and i hope i'm not doing any mistakes hear)

bye

xavier