Re: Cyrus continues to stop working.. no fix available?

[Dustin Puryear]

At 11:13 PM 5/13/2002 -0400, Michael Bacon wrote:
>Sounds like what we're running into at the moment, which appears to be the 
>master processes ending up with an incorrect count of available workers. 
>The problem occurs when a worker process dies while in the "available" 
>state, and doesn't notify the master.  Jeremy Howard recently posted a 
>patch which addresses this problem, by decrementing the "available 
>workers" counter when receiving a SIGCLD, which strikes me as the right 
>way to go. However, his patch is for 2.1.3, and like you, we're using 
>2.0.16 (the bleeding edge is a bad place

This is extremely interesting. Michael, do you find this happens at 
seemingly random times though? We can go a week or two with no problems, 
and then bam, I get a 911. Of course, our volume is considerably lower than 
yours. Another issue, and one that may differentiate our problems from 
yours (but hopefully not as your at least have a work-around), is that I 
can sometimes restart Cyrus, and even after a restart, no new connections 
are serviced. (They connect, but get no service.) I've found that when this 
happens Cyrus will often appear to work for a VERY short while, and then 
revert back to the point where connections occur but no service (pop3d) 
responds.

Shouldn't a restart completely fix the problem? If so we may be fighting 
something different. A reboot also doesn't always clear up the problem. 
Again, Cyrus will come up, but then fail shortly thereafter.

What is really odd is that the problem just goes away after a few hours.

Regards, Dustin


---
Dustin Puryear <[EMAIL PROTECTED]>
UNIX and Network Consultant
http://members.telocity.com/~dpuryear
PGP Key available at http://www.us.pgp.net
In the beginning the Universe was created.
This has been widely regarded as a bad move. - Douglas Adams

Re: Cyrus continues to stop working.. no fix available?

[Dustin Puryear]

At 02:41 PM 5/13/2002 -0600, Scott M Likens wrote:
>--On Monday, May 13, 2002 3:08 PM -0500 Dustin Puryear <[EMAIL PROTECTED]> 
>wrote:
>
>>We continue to have problems with Cyrus. Another poster mentioned they
>>have the same problem, but also didn't get any responses. Would one of
>>the developers please investigate if this is a bug? What's going on? This
>>is a real show stopper for us, and apparently for others as well.
>I haven't noticed that really
>
>>
>>Okay, we have Cyrus installed on FreeBSD 4.4-RELEASE:
>>
>>cyrus-imapd-2.0.16_1 The cyrus mail server, supporting POP3 and IMAP4
>>protocols cyrus-imapd-2.0.16_2 The cyrus mail server, supporting POP3 and
>>IMAP4 protocols cyrus-sasl-1.5.24_7 RFC  SASL (Simple Authentication
>>and Security Layer) cyrus-sasl-1.5.24_8 RFC  SASL (Simple
>>Authentication and Security Layer) cyrus-sasl-1.5.27_2 RFC  SASL
>>(Simple Authentication and Security Layer)
>
>So you are running Cyrus IMAPD 2.0.16 with Cyrus SASLv1 1.5.24_7?
>
>That's a litttle odd why not 2.1.2 or 2.1.3-BETA?

Why installed cyrus-imapd via ports under FreeBSD. Perhaps they had a 
reason. I did just confirm the version:

mars# pwd
/usr/ports/security/cyrus-sasl
mars# cat distinfo
MD5 (cyrus-sasl-1.5.27.tar.gz) = 76ea426e2e2da3b8d2e3a43af5488f3b
MD5 (sasl-1.5.27-ldap-ssl-filter-mysql-patch3.tgz) = 
19e6783c1f4095e265648d26c4679544
MD5 (sasl_apop_patch.gz) = 6bf7a34b73d1c8d139d2269069d1ba4c
MD5 (cyrus-sasl-1.5.27-ipv6-20020106.diff.gz) = 
b2956a084954a46ba2d751f56a80a275

Should I definitely NOT be using cyrus-sasl 1.5.27 with cyrus-imapd 2.0.16?

>>after it hits some for the pop3d processes. Not sure if that is important
>>or just a fluke.
>>
>>What can we do to debug this further? What are some possible issues here
>>to consider? DNS? Corrupted database files? What?
>>
>>Regards, Dustin
>
>Well You know without further information like running gdb on the process, 
>or giving us some detail from /var/log/messages and such.

Well, that's why I said "What can we do to debug this further?" :) We are 
completely open to following some advice here. What steps should we take? 
Is there a troubleshooting FAQ or set of guidelines we can follow?

>We wont be able to help you, ie is cyrus attempting to run recover over 
>and over again and failing?

Umm.. what do you mean?

>As you wrote a very nice message, it lacked the common information 
>required to help.

What exactly do you want to know? I would more than happy to provide the 
information.

Regards, Dustin


---
Dustin Puryear <[EMAIL PROTECTED]>
UNIX and Network Consultant
http://members.telocity.com/~dpuryear
PGP Key available at http://www.us.pgp.net
In the beginning the Universe was created.
This has been widely regarded as a bad move. - Douglas Adams

Re: Cyrus continues to stop working.. no fix available?

[Dustin Puryear]

At 04:18 PM 5/13/2002 -0400, Lawrence Greenfield wrote:
>Does 'master' syslog any messages indicating that something has
>crashed?  Look for something like:
>
>May 13 15:33:18 mail1.andrew.cmu.edu master[11016]: [ID 970914 
>local6.error] process 10119 exited, signaled to death by 11
>
>and then try to figure out what process 10119 was doing at the time
>(if anything).
>
>Larry

No, master does not appear to ever die. I also did a scan of the mail log 
just in case I was wrong, but found nothing with 'death'.

Regards, Dustin


---
Dustin Puryear <[EMAIL PROTECTED]>
UNIX and Network Consultant
http://members.telocity.com/~dpuryear
PGP Key available at http://www.us.pgp.net
In the beginning the Universe was created.
This has been widely regarded as a bad move. - Douglas Adams

Re: Cyrus continues to stop working.. no fix available?

[Dustin Puryear]

At 04:24 PM 5/13/2002 -0400, Ken Murchison wrote:
>What does your cyrus.conf look like?  Do you have 'maxchild' set on any
>of your services (there was a bug a while back with maxchild)?

No, we do not have maxchild set. Also, FYI, this is a very low volume 
server. We have maybe 10-15 users logged in at once, if that many. We are 
really just using Cyrus right now in a test mode to see how well everything 
works. Should we be using maxchild?

mars# cat cyrus.conf
# standard standalone server implementation

START {
   # do not delete these entries!
   mboxlist  cmd="ctl_mboxlist -r"
   deliver   cmd="ctl_deliver -r"

   # this is only necessary if using idled for IMAP IDLE
#  idledcmd="idled"
}

# UNIX sockets start with a slash and are put into /var/imap/socket
SERVICES {
   # add or remove based on preferences
   imap  cmd="imapd" listen="imap" prefork=0
#  imapscmd="imapd -s" listen="imaps" prefork=0
   pop3  cmd="pop3d" listen="pop3" prefork=0
#  pop3scmd="pop3d -s" listen="pop3s" prefork=0
#  sievecmd="timsieved" listen="sieve" prefork=0

   # at least one LMTP is required for delivery
#  lmtp cmd="lmtpd" listen="lmtp" prefork=0
   lmtpunix  cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
}

EVENTS {
   # this is required
   checkpointcmd="ctl_mboxlist -c" period=30

   # this is only necessary if using duplicate delivery suppression
   delprune  cmd="ctl_deliver -E 3" period=1440
}

Regards, Dustin






>Dustin Puryear wrote:
> >
> > We continue to have problems with Cyrus. Another poster mentioned they have
> > the same problem, but also didn't get any responses. Would one of the
> > developers please investigate if this is a bug? What's going on? This is a
> > real show stopper for us, and apparently for others as well.
> >
> > Okay, we have Cyrus installed on FreeBSD 4.4-RELEASE:
> >
> > cyrus-imapd-2.0.16_1 The cyrus mail server, supporting POP3 and IMAP4 
> protocols
> > cyrus-imapd-2.0.16_2 The cyrus mail server, supporting POP3 and IMAP4 
> protocols
> > cyrus-sasl-1.5.24_7 RFC  SASL (Simple Authentication and Security 
> Layer)
> > cyrus-sasl-1.5.24_8 RFC  SASL (Simple Authentication and Security 
> Layer)
> > cyrus-sasl-1.5.27_2 RFC  SASL (Simple Authentication and Security 
> Layer)
> >
> > Every once in a while Cyrus stops responding to connections. Now, it does
> > ACCEPT the connection, but it doesn't seem to send. Okay, so lets say that
> > I stop Cyrus and it happens to work:
> >
> > working..
> > mercury# telnet mars 110
> > Trying 10.0.0.5...
> > Connected to mars.actioncore.com.
> > Escape character is '^]'.
> > +OK <[EMAIL PROTECTED]> Cyrus POP3 v2.0.16 
> server ready
> >
> > I get a new pop3d process:
> >
> > cyrus1537  0.0  0.8 18836 2128  p0  S 9:52PM   0:00.03 pop3d:
> > pop3d: mercury.actioncore.com[10.0.0.1]   (pop3d)
> >
> > And a TCP connection:
> >
> > mars# netstat -f inet -ln | grep 10.0.0.1
> > 
> tcp4   0  0  10.0.0.5.110   10.0.0.1.2060  ESTABLISHED
> >
> > If I wait a few seconds to several minutes, Cyrus stops working:
> >
> > mercury# telnet mars 110
> > Trying 10.0.0.5...
> > Connected to mars.actioncore.com.
> > Escape character is '^]'
> > ^C
> >
> > And the connection does exist (the connection was made from 10.0.0.1):
> >
> > mars# netstat -f inet -ln | grep 10.0.0.1
> > tcp4 0 0 10.0.0.5.110 10.0.0.1.2057 ESTABLISHED
> >
> > Something I did notice is that when I run lsof that lsof seems to stall
> > after it hits some for the pop3d processes. Not sure if that is important
> > or just a fluke.
> >
> > What can we do to debug this further? What are some possible issues here to
> > consider? DNS? Corrupted database files? What?
> >
> > Regards, Dustin
> >
> > ---
> > Dustin Puryear <[EMAIL PROTECTED]>
> > UNIX and Network Consultant
> > http://members.telocity.com/~dpuryear
> > PGP Key available at http://www.us.pgp.net
> > In the beginning the Universe was created.
> > This has been widely regarded as a bad move. - Douglas Adams
>
>--
>Kenneth Murchison Oceana Matrix Ltd.
>Software Engineer 21 Princeton Place
>716-662-8973 x26  Orchard Park, NY 14127
>--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp


---
Dustin Puryear <[EMAIL PROTECTED]>
UNIX and Network Consultant
http://members.telocity.com/~dpuryear
PGP Key available at http://www.us.pgp.net
In the beginning the Universe was created.
This has been widely regarded as a bad move. - Douglas Adams

Re: Cyrus continues to stop working.. no fix available?

[Michael Bacon]

Sounds like what we're running into at the moment, which appears to be the 
master processes ending up with an incorrect count of available workers. 
The problem occurs when a worker process dies while in the "available" 
state, and doesn't notify the master.  Jeremy Howard recently posted a 
patch which addresses this problem, by decrementing the "available workers" 
counter when receiving a SIGCLD, which strikes me as the right way to go. 
However, his patch is for 2.1.3, and like you, we're using 2.0.16 (the 
bleeding edge is a bad place to be with 9 postoffices and 40k users).  As 
soon as I find that mythical spare moment, I'm going to look at applying 
the patch to 2.0.16.  I think it could address what's been a nightmare for 
us.

To put it in a little more detail, what we see is one service, say, pop3d 
or lmtpd, suddenly stop working, even though there may be active processes 
that are working just fine for that service.  At first, you'll see the 
connection accepted, but not handled, as you display here.  However, those 
connections will never be cleared from the listen queue properly, so 
eventually the listen queue will fill up, and you'll get either refused 
connections or never accepted connections.

The problem is, as I said above, that the master has an incorrectly 
inflated number of available workers, and it's simply expecting them to 
handle the connections.  However, since none are, the connections never get 
handled.  We see this most on our older, more resource-strapped 
postoffices, frequently shortly, but not immediately after a spike in load 
causes a resource limitation.  As long as demand for new connections is 
decreasing or steady, you'll never notice the problem, because there are 
sufficient workers available to handle the processes.  However, if demand 
ever increases again, you'll eventually hit a shortage of available 
workers.  The master will think that there are sufficient available workers 
to handle demand, so won't bother to spawn any more.  The workers aren't 
there, so will never report to the master as unavailable, and the counter 
will never get decremented.

You can trick the master into becoming responsive without a restart by 
increasing the "prefork" number in the cyrus.conf file and sending a HUP 
signal to the master process.  It's not a very pretty solution, but it's a 
good one if it's the middle of the day, and you don't want to force 700 
active IMAP sessions to disconnect and reconnect.  If you're really brave, 
you can also attach to the master process with a debugger, reach down 
inside the Services structure and decrement the number by hand, and detach. 
Again, not for the faint of heart, but it does address the core problem 
pretty directly.

Granted, this doesn't address the original root cause, which is that 
something caused a worker process to quit while in the available state, and 
I suppose that's something to look into.  However, core dumps by workers 
are annoying, but not critical service outages.  One of your services not 
answering is a critical service outage.  For what it's worth, we were able 
to dramatically reduce the cirucmstances under which we hit these 
conditions by re-compiling with the mailboxes.db file as a flat file rather 
than a berkeley database, but we still run into them after resource 
crunches.

Hope some of this helps,
Michael Bacon
OIT Systems Administration
Duke University

--On Monday, May 13, 2002 3:08 PM -0500 Dustin Puryear <[EMAIL PROTECTED]> 
wrote:

> We continue to have problems with Cyrus. Another poster mentioned they
> have the same problem, but also didn't get any responses. Would one of
> the developers please investigate if this is a bug? What's going on? This
> is a real show stopper for us, and apparently for others as well.
>
> Okay, we have Cyrus installed on FreeBSD 4.4-RELEASE:
>
> cyrus-imapd-2.0.16_1 The cyrus mail server, supporting POP3 and IMAP4
> protocols cyrus-imapd-2.0.16_2 The cyrus mail server, supporting POP3 and
> IMAP4 protocols cyrus-sasl-1.5.24_7 RFC  SASL (Simple Authentication
> and Security Layer) cyrus-sasl-1.5.24_8 RFC  SASL (Simple
> Authentication and Security Layer) cyrus-sasl-1.5.27_2 RFC  SASL
> (Simple Authentication and Security Layer)
>
> Every once in a while Cyrus stops responding to connections. Now, it does
> ACCEPT the connection, but it doesn't seem to send. Okay, so lets say
> that I stop Cyrus and it happens to work:
>
> working..
> mercury# telnet mars 110
> Trying 10.0.0.5...
> Connected to mars.actioncore.com.
> Escape character is '^]'.
> +OK <[EMAIL PROTECTED]> Cyrus POP3 v2.0.16 server
> ready
>
> I get a new pop3d process:
>
> cyrus1537  0.0  0.8 18836 2128  p0  S 9:52PM   0:00.03 pop3d:
> pop3d: mercury.actioncore.com[10.0.0.1]   (pop3d)
>
> And a TCP connection:
>
> mars# netstat -f inet -ln | grep 10.0.0.1
> tcp4   0  0  10.0.0.5.110   10.0.0.1.2060
> ESTABLISHED
>
> If I wait a few seconds to several minutes, C

Re: addheader action ... or something like it?

[Marc G. Fournier]

On Mon, 13 May 2002, Ken Murchison wrote:

>
>
> "Marc G. Fournier" wrote:
> >
> > On Mon, 13 May 2002, Cyrus Daboo wrote:
> >
> > > Hi,
> > >
> > > --On Monday, May 13, 2002 1:57 PM -0400 Ken Murchison <[EMAIL PROTECTED]>
> > > wrote:
> > >
> > > | I know the code pretty well, and personally I wouldn't even attempt it.
> > > | Of course, I'm not a fan of the spam extension.
> > >
> > > Quick question: where does the X-Sieve header get added, and would it be
> > > possible to use that to add extra info?
> >
> > in savemsg() in lmtp.c ... and tried that ... unfortunately, that is
> > before the sieve filtering happens, so there is nothing to write yet ...
> >
> > from Ken's email, and what I've been able to follow, lmtp writes the email
> > to a file before parsing through sieve ...
> >
> > Ken, is there a reason why it doesn't just hold it in memory?
>
> I don't know for certain, you'd have to ask Larry.  You probably _could_
> hold it in memory, but then you are essentially blowing up
> singleinstancestore (or making it far more difficult), because each user
> could end up having their own unique copy of the message.

Okay, you've lost me here ... regardless of where along the chain the spam
filter is run, each user is going to potentially end up with their own
unique copy of the message ...

If I have 10 users that get delivered an email, and they all have the
default 'spamassassin settings', then singleinstancestore will attempt to
save storage space by using hardlinks between them ... if one of those
users decides that he feels his threshold is too high (we're looking at
implementing Spamassassin with a default high threshold, and those that
wish to, can lower it), and lowers it, then if that same mail now triggers
the filter, that one user will get his own unique message, while the other
9 will still make use of the singleinstancestore ...

The only time this would be guaranteed *not* to happen is if 'per user
preferences' are not available ...

Now, I'm curious as to how holding the "temporary message" in memory would
change this ... in fact, I would think it would simplify things, depending
on how its implemented ...

For instance, very quick thought(s) ... actually, this might work better
'on disk', but ...

1. when a message comes in destined for multiple recipients, process a
copy of that message through the appropriate filters for recipient one ...
before writing it to disk, take a 'checksum' of the message, then write to
disk.

2. for recipient two, you need to process the filters again, but this
time, before writing it to disk, compare its checksum against teh first
one ... if the same, use singleinstancestore, else write a new copy ...

3. repeat step 2 for subsequent recipients ...

you are effectively doing that right now ... each recipient of a message
gets checked for the existence of a sieve filter, and that gets processed
... if it bounces/rejects/forwards, the appropriate action is taken ...
else use singleinstancestore ... all that needs to be added is a check
*after* the sieve filtering (or last filter, however that gets setup) that
checks to make sure that the message for that recipient isn't a duplicate
of what was written for another recipient ...

Then it would be too easy to have lmtp do:

for i in list of recipients
  filter message through spam filter for recipient i
  filter message through sieve filter for recipient i
  if(chksum(i-1) == chksum(i))
create hard link
  else
write unique message

all you need to do is "save" the checksum of the resultant message after
the filters, so memory consumption should be negligible, and as soon as
that message is finished, it would be released anyway ...

Re: Cyrus continues to stop working.. no fix available?

[Scott M Likens]

--On Monday, May 13, 2002 3:08 PM -0500 Dustin Puryear <[EMAIL PROTECTED]> 
wrote:

> We continue to have problems with Cyrus. Another poster mentioned they
> have the same problem, but also didn't get any responses. Would one of
> the developers please investigate if this is a bug? What's going on? This
> is a real show stopper for us, and apparently for others as well.
I haven't noticed that really

>
> Okay, we have Cyrus installed on FreeBSD 4.4-RELEASE:
>
> cyrus-imapd-2.0.16_1 The cyrus mail server, supporting POP3 and IMAP4
> protocols cyrus-imapd-2.0.16_2 The cyrus mail server, supporting POP3 and
> IMAP4 protocols cyrus-sasl-1.5.24_7 RFC  SASL (Simple Authentication
> and Security Layer) cyrus-sasl-1.5.24_8 RFC  SASL (Simple
> Authentication and Security Layer) cyrus-sasl-1.5.27_2 RFC  SASL
> (Simple Authentication and Security Layer)

So you are running Cyrus IMAPD 2.0.16 with Cyrus SASLv1 1.5.24_7?

That's a litttle odd why not 2.1.2 or 2.1.3-BETA?

> Every once in a while Cyrus stops responding to connections. Now, it does
> ACCEPT the connection, but it doesn't seem to send. Okay, so lets say
> that I stop Cyrus and it happens to work:

> working..
> mercury# telnet mars 110
> Trying 10.0.0.5...
> Connected to mars.actioncore.com.
> Escape character is '^]'.
> +OK <[EMAIL PROTECTED]> Cyrus POP3 v2.0.16 server
> ready
>
> I get a new pop3d process:
>
> cyrus1537  0.0  0.8 18836 2128  p0  S 9:52PM   0:00.03 pop3d:
> pop3d: mercury.actioncore.com[10.0.0.1]   (pop3d)
>
> And a TCP connection:
>
> mars# netstat -f inet -ln | grep 10.0.0.1
> tcp4   0  0  10.0.0.5.110   10.0.0.1.2060
> ESTABLISHED
>
> If I wait a few seconds to several minutes, Cyrus stops working:
>
> mercury# telnet mars 110
> Trying 10.0.0.5...
> Connected to mars.actioncore.com.
> Escape character is '^]'
> ^C
>
> And the connection does exist (the connection was made from 10.0.0.1):
>
> mars# netstat -f inet -ln | grep 10.0.0.1
> tcp4 0 0 10.0.0.5.110 10.0.0.1.2057 ESTABLISHED
>
> Something I did notice is that when I run lsof that lsof seems to stall
> after it hits some for the pop3d processes. Not sure if that is important
> or just a fluke.
>
> What can we do to debug this further? What are some possible issues here
> to consider? DNS? Corrupted database files? What?
>
> Regards, Dustin

Well You know without further information like running gdb on the process, 
or giving us some detail from /var/log/messages and such.

We wont be able to help you, ie is cyrus attempting to run recover over and 
over again and failing?

As you wrote a very nice message, it lacked the common information required 
to help.

Re: How to disable vacancy-msgs only once (WAS:Re: sieve does not workproperly)

[Ken Murchison]

Luc de Louw wrote:
> 
> I was seeking the part of the source-code that takes care, that a
> vancancy-message is only sent once
> to a recipient, but I did not found it.
> 
> I need to disable that temporary for test reason.
> 
> Any hints are appreciated

Hard-code autorespond() in lmtpd.c to always return SIEVE_OK.


>  > For regular operation that behaviour is okay ( I dont like it, better
>  > write a email each time, or have it as an option)
>  >
>  > My problem with that is: I'm writing a web-app which allows users to
>  > maintain
>  > such stuff like vacancies and spam-protection.
>  >
>  > During the development of such software I must write lots of testmails
>  > to see what happens.
>  >
>  > Does anybody have an idea howto handle that behaviour? Is there I patch
>  > or a config parameter?
>  >
>  > TIA for your hints,
>  >
>  > rgds
>  >
>  > Luc
>  >
>  > Scott Lamb wrote:
>  >
>  >> Luc de Louw wrote:
>  >>
>  >>> Hi!
>  >>>
>  >>> I've go a problem with sieve.
>  >>>
>  >>> After installing a vacancy script, it is working ONCE and never
>  >>> again
>  >>
>  >>
>  >>
>  >> I suspect it's working correctly. How are you testing it? If you are
>  >> sending a couple messages to it from the same email address and only
>  >> getting one reply, that's correct. It should only respond once to a
>  >> given address until :days (in your case, 9) days go by without an
>  >> email from that user. See
>  >>
> 
>.
> 
>  >>
>  >>
>  >> --
>  >> Scott Lamb
>  >
>  >

-- 
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26  Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp

Re: Cyrus continues to stop working.. no fix available?

[Ken Murchison]

What does your cyrus.conf look like?  Do you have 'maxchild' set on any
of your services (there was a bug a while back with maxchild)?


Dustin Puryear wrote:
> 
> We continue to have problems with Cyrus. Another poster mentioned they have
> the same problem, but also didn't get any responses. Would one of the
> developers please investigate if this is a bug? What's going on? This is a
> real show stopper for us, and apparently for others as well.
> 
> Okay, we have Cyrus installed on FreeBSD 4.4-RELEASE:
> 
> cyrus-imapd-2.0.16_1 The cyrus mail server, supporting POP3 and IMAP4 protocols
> cyrus-imapd-2.0.16_2 The cyrus mail server, supporting POP3 and IMAP4 protocols
> cyrus-sasl-1.5.24_7 RFC  SASL (Simple Authentication and Security Layer)
> cyrus-sasl-1.5.24_8 RFC  SASL (Simple Authentication and Security Layer)
> cyrus-sasl-1.5.27_2 RFC  SASL (Simple Authentication and Security Layer)
> 
> Every once in a while Cyrus stops responding to connections. Now, it does
> ACCEPT the connection, but it doesn't seem to send. Okay, so lets say that
> I stop Cyrus and it happens to work:
> 
> working..
> mercury# telnet mars 110
> Trying 10.0.0.5...
> Connected to mars.actioncore.com.
> Escape character is '^]'.
> +OK <[EMAIL PROTECTED]> Cyrus POP3 v2.0.16 server ready
> 
> I get a new pop3d process:
> 
> cyrus1537  0.0  0.8 18836 2128  p0  S 9:52PM   0:00.03 pop3d:
> pop3d: mercury.actioncore.com[10.0.0.1]   (pop3d)
> 
> And a TCP connection:
> 
> mars# netstat -f inet -ln | grep 10.0.0.1
> tcp4   0  0  10.0.0.5.110   10.0.0.1.2060  ESTABLISHED
> 
> If I wait a few seconds to several minutes, Cyrus stops working:
> 
> mercury# telnet mars 110
> Trying 10.0.0.5...
> Connected to mars.actioncore.com.
> Escape character is '^]'
> ^C
> 
> And the connection does exist (the connection was made from 10.0.0.1):
> 
> mars# netstat -f inet -ln | grep 10.0.0.1
> tcp4 0 0 10.0.0.5.110 10.0.0.1.2057 ESTABLISHED
> 
> Something I did notice is that when I run lsof that lsof seems to stall
> after it hits some for the pop3d processes. Not sure if that is important
> or just a fluke.
> 
> What can we do to debug this further? What are some possible issues here to
> consider? DNS? Corrupted database files? What?
> 
> Regards, Dustin
> 
> ---
> Dustin Puryear <[EMAIL PROTECTED]>
> UNIX and Network Consultant
> http://members.telocity.com/~dpuryear
> PGP Key available at http://www.us.pgp.net
> In the beginning the Universe was created.
> This has been widely regarded as a bad move. - Douglas Adams

-- 
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26  Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp

How to disable vacancy-msgs only once (WAS:Re: sieve does not workproperly)

[Luc de Louw]

I was seeking the part of the source-code that takes care, that a
vancancy-message is only sent once
to a recipient, but I did not found it.

I need to disable that temporary for test reason.

Any hints are appreciated

rgds

Luc


 > For regular operation that behaviour is okay ( I dont like it, better
 > write a email each time, or have it as an option)
 >
 > My problem with that is: I'm writing a web-app which allows users to
 > maintain
 > such stuff like vacancies and spam-protection.
 >
 > During the development of such software I must write lots of testmails
 > to see what happens.
 >
 > Does anybody have an idea howto handle that behaviour? Is there I patch
 > or a config parameter?
 >
 > TIA for your hints,
 >
 > rgds
 >
 > Luc
 >
 > Scott Lamb wrote:
 >
 >> Luc de Louw wrote:
 >>
 >>> Hi!
 >>>
 >>> I've go a problem with sieve.
 >>>
 >>> After installing a vacancy script, it is working ONCE and never
 >>> again
 >>
 >>
 >>
 >> I suspect it's working correctly. How are you testing it? If you are
 >> sending a couple messages to it from the same email address and only
 >> getting one reply, that's correct. It should only respond once to a
 >> given address until :days (in your case, 9) days go by without an
 >> email from that user. See
 >> 
.
 

 >>
 >>
 >> --
 >> Scott Lamb
 >
 >

Filing outgoing message to different imap folder

[Mac Table]

Hello All,

I am using Postfix 1.1.7 + Procmail + Cyrus imapd
2.1.4.  I would like to put various outgoing mail to
various imap folder for filing purpose.

For example, outgoing message_a will be put in
user.XXX.Sent_a folder, and outgoing message_b will be
put into user.XXX.Sent_b folder.

Although I can set the message rule in mail client (my
users are using outlook express) to put the message
into different folder, but I would like to see if
there is another way I can do it on server side.

Please advise me some idea ho to work.  Many Thanks!!!

Regards,
Gary 

__
Do You Yahoo!?
LAUNCH - Your Yahoo! Music Experience
http://launch.yahoo.com

Re: Cyrus continues to stop working.. no fix available?

[Lawrence Greenfield]

Does 'master' syslog any messages indicating that something has
crashed?  Look for something like:

May 13 15:33:18 mail1.andrew.cmu.edu master[11016]: [ID 970914 local6.error] process 
10119 exited, signaled to death by 11

and then try to figure out what process 10119 was doing at the time
(if anything).

Larry

Cyrus continues to stop working.. no fix available?

[Dustin Puryear]

We continue to have problems with Cyrus. Another poster mentioned they have 
the same problem, but also didn't get any responses. Would one of the 
developers please investigate if this is a bug? What's going on? This is a 
real show stopper for us, and apparently for others as well.

Okay, we have Cyrus installed on FreeBSD 4.4-RELEASE:

cyrus-imapd-2.0.16_1 The cyrus mail server, supporting POP3 and IMAP4 protocols
cyrus-imapd-2.0.16_2 The cyrus mail server, supporting POP3 and IMAP4 protocols
cyrus-sasl-1.5.24_7 RFC  SASL (Simple Authentication and Security Layer)
cyrus-sasl-1.5.24_8 RFC  SASL (Simple Authentication and Security Layer)
cyrus-sasl-1.5.27_2 RFC  SASL (Simple Authentication and Security Layer)

Every once in a while Cyrus stops responding to connections. Now, it does 
ACCEPT the connection, but it doesn't seem to send. Okay, so lets say that 
I stop Cyrus and it happens to work:

working..
mercury# telnet mars 110
Trying 10.0.0.5...
Connected to mars.actioncore.com.
Escape character is '^]'.
+OK <[EMAIL PROTECTED]> Cyrus POP3 v2.0.16 server ready

I get a new pop3d process:

cyrus1537  0.0  0.8 18836 2128  p0  S 9:52PM   0:00.03 pop3d: 
pop3d: mercury.actioncore.com[10.0.0.1]   (pop3d)

And a TCP connection:

mars# netstat -f inet -ln | grep 10.0.0.1
tcp4   0  0  10.0.0.5.110   10.0.0.1.2060  ESTABLISHED

If I wait a few seconds to several minutes, Cyrus stops working:

mercury# telnet mars 110
Trying 10.0.0.5...
Connected to mars.actioncore.com.
Escape character is '^]'
^C

And the connection does exist (the connection was made from 10.0.0.1):

mars# netstat -f inet -ln | grep 10.0.0.1
tcp4 0 0 10.0.0.5.110 10.0.0.1.2057 ESTABLISHED

Something I did notice is that when I run lsof that lsof seems to stall 
after it hits some for the pop3d processes. Not sure if that is important 
or just a fluke.

What can we do to debug this further? What are some possible issues here to 
consider? DNS? Corrupted database files? What?

Regards, Dustin

---
Dustin Puryear <[EMAIL PROTECTED]>
UNIX and Network Consultant
http://members.telocity.com/~dpuryear
PGP Key available at http://www.us.pgp.net
In the beginning the Universe was created.
This has been widely regarded as a bad move. - Douglas Adams

Re: addheader action ... or something like it?

[Ken Murchison]

"Marc G. Fournier" wrote:
> 
> On Mon, 13 May 2002, Cyrus Daboo wrote:
> 
> > Hi,
> >
> > --On Monday, May 13, 2002 1:57 PM -0400 Ken Murchison <[EMAIL PROTECTED]>
> > wrote:
> >
> > | I know the code pretty well, and personally I wouldn't even attempt it.
> > | Of course, I'm not a fan of the spam extension.
> >
> > Quick question: where does the X-Sieve header get added, and would it be
> > possible to use that to add extra info?
> 
> in savemsg() in lmtp.c ... and tried that ... unfortunately, that is
> before the sieve filtering happens, so there is nothing to write yet ...
> 
> from Ken's email, and what I've been able to follow, lmtp writes the email
> to a file before parsing through sieve ...
> 
> Ken, is there a reason why it doesn't just hold it in memory?

I don't know for certain, you'd have to ask Larry.  You probably _could_
hold it in memory, but then you are essentially blowing up
singleinstancestore (or making it far more difficult), because each user
could end up having their own unique copy of the message.

If you're just trying to store info from an external spam filter, which
would be unique to each user/message, this sounds like something for
Cyrus' IMAP ANNOTATE extension.

http://search.ietf.org/internet-drafts/draft-ietf-imapext-annotate-04.txt

However, this currently isn't implemented and AFAIK isn't scheduled to
be done anytime soon.  FYI, I _have_ started a little bit of work on
ANNOTATEMORE (read-only).

Ken
-- 
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26  Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp

Re: Pb with backup

[Scott M Likens]

well unfortunatly you have to make sure the permissions on the user 
directory is still cyrus:mail

If you dont do it with EVERYTHING as that, reconstruct will 'IGNORE' the 
message and continue on.

do a chown -R cyrus:mail /var/spool/imap/user/*

then reconstruct.  Should find all the folders and messages

(personal experience talking here)

--On Monday, May 13, 2002 11:43 AM +0200 Jean-Marc Delpech 
<[EMAIL PROTECTED]> wrote:

> Hi,
>
> I make a tar of /var/spool/imap/user every week from my imap server to a
> snap server (this sort of backup never delete old files on the snap server
> but only add). So when I want to restore an user, first I create the same
> user and after I restore from the snap server all his old files and
> directory. Second I make a "reconstruct". Third I make a "recontruct -f -r
> user.xx_y"
>
> After I connect Eudora ( or Outlook, or anythings else) to this user
> without any pb but I see all the directory and no files in it ! Do you no
> know what must I do to see all the mails in the folders ?
>
> Many thks for yr answers.
>
> Rgds/Jean-Marc
>
> cyrus imapd 2.0.11
> - cyrus sasl 1.5.24
> - db 3.1.17
>
>
>

Re: addheader action ... or something like it?

[Marc G. Fournier]

On Mon, 13 May 2002, Cyrus Daboo wrote:

> Hi,
>
> --On Monday, May 13, 2002 1:57 PM -0400 Ken Murchison <[EMAIL PROTECTED]>
> wrote:
>
> | I know the code pretty well, and personally I wouldn't even attempt it.
> | Of course, I'm not a fan of the spam extension.
>
> Quick question: where does the X-Sieve header get added, and would it be
> possible to use that to add extra info?

in savemsg() in lmtp.c ... and tried that ... unfortunately, that is
before the sieve filtering happens, so there is nothing to write yet ...

from Ken's email, and what I've been able to follow, lmtp writes the email
to a file before parsing through sieve ...

Ken, is there a reason why it doesn't just hold it in memory?  The MTA
won't delete it from the spool until lmtp reports it as being delivered,
so it isn't from fear of losing the email ... or is it?

[RFC][PATCH] external debugger hooks for Cyrus imapd

[Henrique de Moraes Holschuh]

I really didn't like much the current way to attach a debugger to cyrus,
so I cooked up something that might be of interest to you guys.

Basically, one should set "debug_command" in imapd.conf to a format string.
There are three parameters: the first is the name of the executable (sans
path). The second is the pid (integer) and the third is the service ID.

I use (paths for the Debian package, which are different from stock Cyrus):
debug_command: /usr/sbin/ddd /usr/lib/cyrus/bin/%s %d

To enable, give a "-D" option to the cyrus service.

This is clearly a bit too rough still;  I didn't even attempt to write the
hook for the service-threads.c variation.  Also, maybe it would be better to
use environment variables instead of a config directive to specify the
debugging command?

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh


Index: imap/fud.c
===
RCS file: /home/cvs/debian/cyrus21-imapd/imap/fud.c,v
retrieving revision 1.1.1.4
diff -u -r1.1.1.4 fud.c
--- imap/fud.c  22 Feb 2002 17:25:26 -  1.1.1.4
+++ imap/fud.c  13 May 2002 17:35:32 -
@@ -164,9 +164,11 @@
 
 setproctitle_init(argc, argv, envp);
 
-while ((opt = getopt(argc, argv, "C:")) != EOF) {
+while ((opt = getopt(argc, argv, "C:D")) != EOF) {
switch (opt) {
case 'C': /* alt config file - handled by service::main() */
+   break;
+   case 'D': /* external debugger - handled by service::main() */
break;
default:
break;
Index: imap/imapd.c
===
RCS file: /home/cvs/debian/cyrus21-imapd/imap/imapd.c,v
retrieving revision 1.11
diff -u -r1.11 imapd.c
--- imap/imapd.c29 Apr 2002 12:17:51 -  1.11
+++ imap/imapd.c13 May 2002 17:36:09 -
@@ -533,9 +533,11 @@
 snmp_connect(); /* ignore return code */
 snmp_set_str(SERVER_NAME_VERSION,CYRUS_VERSION);
 
-while ((opt = getopt(argc, argv, "C:sp:")) != EOF) {
+while ((opt = getopt(argc, argv, "C:Dsp:")) != EOF) {
switch (opt) {
case 'C': /* alt config file - handled by service::main() */
+   break;
+   case 'D': /* external debugger - handled by service::main() */
break;
case 's': /* imaps (do starttls right away) */
imaps = 1;
Index: imap/lmtpd.c
===
RCS file: /home/cvs/debian/cyrus21-imapd/imap/lmtpd.c,v
retrieving revision 1.10
diff -u -r1.10 lmtpd.c
--- imap/lmtpd.c16 Apr 2002 20:12:42 -  1.10
+++ imap/lmtpd.c13 May 2002 17:39:40 -
@@ -313,9 +313,11 @@
 prot_setflushonread(deliver_in, deliver_out);
 prot_settimeout(deliver_in, 360);
 
-while ((opt = getopt(argc, argv, "C:a")) != EOF) {
+while ((opt = getopt(argc, argv, "C:Da")) != EOF) {
switch(opt) {
case 'C': /* alt config file - handled by service::main() */
+   break;
+   case 'D': /* ext. debugger - handled by service::main() */
break;
 
case 'a':
Index: imap/lmtpproxyd.c
===
RCS file: /home/cvs/debian/cyrus21-imapd/imap/lmtpproxyd.c,v
retrieving revision 1.9
diff -u -r1.9 lmtpproxyd.c
--- imap/lmtpproxyd.c   30 Apr 2002 19:14:39 -  1.9
+++ imap/lmtpproxyd.c   13 May 2002 17:40:08 -
@@ -279,9 +279,11 @@
 prot_setflushonread(deliver_in, deliver_out);
 prot_settimeout(deliver_in, 300);
 
-while ((opt = getopt(argc, argv, "C:q")) != EOF) {
+while ((opt = getopt(argc, argv, "C:Dq")) != EOF) {
switch(opt) {
case 'C': /* alt config file - handled by service::main() */
+   break;
+   case 'D': /* ext debugger - handled by service::main() */
break;
 
case 'q':
Index: imap/mupdate.c
===
RCS file: /home/cvs/debian/cyrus21-imapd/imap/mupdate.c,v
retrieving revision 1.1.1.10
diff -u -r1.1.1.10 mupdate.c
--- imap/mupdate.c  11 Apr 2002 16:05:00 -  1.1.1.10
+++ imap/mupdate.c  13 May 2002 17:40:47 -
@@ -352,9 +352,11 @@
 }
 
 /* see if we're the master or a slave */
-while ((opt = getopt(argc, argv, "C:m")) != EOF) {
+while ((opt = getopt(argc, argv, "C:Dm")) != EOF) {
switch (opt) {
case 'C':
+   break;
+   case 'D': /* ext debugger */
break;
case 'm':
masterp = 1;
Index: imap/pop3d.c
===
RCS file: /home/cvs/debian/cyrus21-imapd/imap/pop3d.c,v
retrieving revision 1.1.1.7
diff -u -r1.1.1.7 pop3d.c
--- imap/pop3d.c10 Apr 2002 18:02:42 -  1.1.1.7
+++ imap/pop3d.c13 Ma

Re: addheader action ... or something like it?

[Cyrus Daboo]

Hi,

--On Monday, May 13, 2002 1:57 PM -0400 Ken Murchison <[EMAIL PROTECTED]> 
wrote:

| I know the code pretty well, and personally I wouldn't even attempt it.
| Of course, I'm not a fan of the spam extension.

Quick question: where does the X-Sieve header get added, and would it be 
possible to use that to add extra info?

-- 
Cyrus Daboo

Re: addheader action ... or something like it?

[Marc G. Fournier]

On Mon, 13 May 2002, Ken Murchison wrote:

>
>
> "Marc G. Fournier" wrote:
> >
> > I'm playing with the spam extension, and for POP3 users, I want to add, at
> > its simplist, a 'X-Spam-Check: True' header to the email if its spam ...
> > I've done some quick reads of the various drafts, and there appears to be
> > no way of doing this within Sieve ... has anyone worked on something like
> > this?
> >
> > I've thought to modify the code, to extend the spam extension, so that it
> > adds a simple:
> >
> > X-Spam-Score:   / 
> >
> > so that if spam is enabled, then it auto-adds this header, but I can't
> > find where in the code to actually add this ... The X-Sieve header is
> > added in lmtpd.c, but before the scoring happens, so that doesn't help ...
> > fillin_header() in sieve/script.c looks good, and is after the spam checks
> > are run/scored, but am not 100% certain of how I should call add_header()
> > for the above ...
> >
> > Can anyone provide some insight on this?
>
> It will be pretty difficult.  The current design of lmtpd/sieve was
> never meant to do this.  The message is already spooled (in the staging
> area of the first recipient) by the time the sieve filter is run.  You'd
> have to have a callback which adds the headers to a NEW spool file and
> then have lmtpd copy over the test of the existing message to this NEW
> file when done (unless you can find some slick way of inserting data
> into the head of a file).  You'd be adding a second message copy, which
> I recently spent time correcting (messages used to be spooled to /tmp
> and then copied to the stage).
>
> I know the code pretty well, and personally I wouldn't even attempt it.
> Of course, I'm not a fan of the spam extension.

Okay ... by 'staging area', I take it you mean /var/spool/mail/stage.?

So, a simplistic view of things is ... ?

MTA -> lmtpd -> /var/spool/mail/stage. -> sieve -> hard link to user
-> or bounce
-> or forward
-> or etc ...

Now, ignoring the 'spam extension' to Sieve thing ... and this may be what
Bob is already doing ... but how would you get a 'filter' in front of
sieve, so that it knows the user who its being worked on?

Basically, having spamassassin *in* sieve meant that it ran with that
users preferences for rules, threshold, white lists, etc ... if its moved
out of sieve, then it has to go between lmtpd and sieve, before being
written to stage.?  This is why its useless before lmtpd, since it doesn't
know about 'per user rules/whitelists/thresholds' ...

You don't want to break singleinstancestore, if you can at all help it, so
it would have to somehow check if the message to be delivered to UserA
*after* running through the spam filter is still the same as being
delivered to UserB, else write a whole new file for UserB ...

Bob, is this what you are working on?  Or am I far out in left field in my
understanding of this?

Re: addheader action ... or something like it?

[Bob Finch]

> "Marc" == Marc G Fournier <[EMAIL PROTECTED]> writes:

Marc> I've thought to modify the code, to extend the spam
Marc> extension, so that it adds a simple:

Marc> X-Spam-Score:   / 

Marc> so that if spam is enabled, then it auto-adds this header,

I thought about doing something like this, but decided that actions
that modify messages as a side effect would be a bad thing.

Marc> fillin_header() in sieve/script.c looks good, and is after
Marc> the spam checks are run/scored, but am not 100% certain of
Marc> how I should call add_header() for the above ...

fillin_header() is used to build notify responses -- it doesn't do
anything to the incoming message.

I think the right place to do this is either in an lmtp proxy or
inside lmtpd before it calls sieve.  I'm playing with code in lmtpd
that allows the administrator to specify a zero or more filter modules
that are called in sequence where sieve is called now.  Sieve would
become just another filter module.  This would allow the system
administrator to set up filtering policies that would be difficult or
impractical to do within sieve alone.

-- Bob

Re: addheader action ... or something like it?

[Ken Murchison]

"Marc G. Fournier" wrote:
> 
> I'm playing with the spam extension, and for POP3 users, I want to add, at
> its simplist, a 'X-Spam-Check: True' header to the email if its spam ...
> I've done some quick reads of the various drafts, and there appears to be
> no way of doing this within Sieve ... has anyone worked on something like
> this?
> 
> I've thought to modify the code, to extend the spam extension, so that it
> adds a simple:
> 
> X-Spam-Score:   / 
> 
> so that if spam is enabled, then it auto-adds this header, but I can't
> find where in the code to actually add this ... The X-Sieve header is
> added in lmtpd.c, but before the scoring happens, so that doesn't help ...
> fillin_header() in sieve/script.c looks good, and is after the spam checks
> are run/scored, but am not 100% certain of how I should call add_header()
> for the above ...
> 
> Can anyone provide some insight on this?

It will be pretty difficult.  The current design of lmtpd/sieve was
never meant to do this.  The message is already spooled (in the staging
area of the first recipient) by the time the sieve filter is run.  You'd
have to have a callback which adds the headers to a NEW spool file and
then have lmtpd copy over the test of the existing message to this NEW
file when done (unless you can find some slick way of inserting data
into the head of a file).  You'd be adding a second message copy, which
I recently spent time correcting (messages used to be spooled to /tmp
and then copied to the stage).

I know the code pretty well, and personally I wouldn't even attempt it. 
Of course, I'm not a fan of the spam extension.

Ken
-- 
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26  Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp

Re: addheader action ... or something like it?

[Marc G. Fournier]

On Mon, 13 May 2002, Bob Finch wrote:

> fillin_header() is used to build notify responses -- it doesn't do
> anything to the incoming message.

Ya, I *just* clued into that :(  I looked at the code, but not where it
was called from ...

> I think the right place to do this is either in an lmtp proxy or inside
> lmtpd before it calls sieve.  I'm playing with code in lmtpd that allows
> the administrator to specify a zero or more filter modules that are
> called in sequence where sieve is called now.  Sieve would become just
> another filter module.  This would allow the system administrator to set
> up filtering policies that would be difficult or impractical to do
> within sieve alone.

So, are you looking at moving the spam extensions to outside of sieve
itself too?

RE: cyradm problem?... cyrus-imapd-2.1.4

[jeff bert]

>
> jeff bert wrote:
>
>
> > So, is this a bug in my system or a "feature" of 2.1.4? Any
> ideas? Or have
> > they actually implemented the man page's warning that Tcl short style
> > options may be done away with?
>
> I fell for that too (first tried with -u and didn't work), but the
> current manpage doesn't mention short style options at all, so I think
> they're gone.
> BTW, I'm preparing new rpms for cyrus-sasl, since the current one
> doesn't install the manpages (or rather cyrus-sasl's make install
> doesn't, is that normal?) and doesn't include the sasldb
> conversion utility.
>
> Bye
> --
> Luca Olivetti
>
>

Luca,

I've compiled your cyrus-sasl-2.1.2-2.src.rpm and installed it.

I didn't test "imtest" before I upgraded it but did afterwards and can't
authenticate.

if I type:

# cyradm --user cyrus -s my.host.com

it works but if I type:

# imtest -m login -u cyrus -a cyrus -r my.host.com my.host.com

It telnets into the imap server ok but won't authenticate (screen results):

# imtest -m login -u cyrus -a cyrus -r my.host.com my.host.com
C: C01 CAPABILITY
S: * OK my.host.com Cyrus IMAP4 v2.1.4 server ready
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=CRAM-MD5 X-NETSCAPE
S: C01 OK Completed
Password:
C: L01 LOGIN cyrus {6}
+ go ahead
C: 
L01 NO Login failed: authentication failure
Authentication failed. generic failure
Security strength factor: 0

# more /etc/pam.d/imap
#%PAM-1.0
auth   required /lib/security/pam_stack.so service=system-auth
accountrequired /lib/security/pam_stack.so service=system-auth
#
#
# tail /var/log/saslauthd.log
May 13 10:22:56 jabba saslauthd[2787]: START: saslauthd 2.1.2
May 13 10:22:56 jabba saslauthd[2792]: master PID is: 2792
May 13 10:22:56 jabba saslauthd[2792]: daemon started, listening on
/var/lib/sasl2/mux
May 13 10:23:01 jabba saslauthd[2793]: DEBUG: auth_pam: pam_authenticate
failed: Authentication failure
May 13 10:23:01 jabba saslauthd[2793]: AUTHFAIL: user=cyrus service=imap
realm= [PAM auth error]
#

Do you get the same or similar results?

What does your /etc/pam.d/imap file look like?

Thanks,

Jeff

addheader action ... or something like it?

[Marc G. Fournier]

I'm playing with the spam extension, and for POP3 users, I want to add, at
its simplist, a 'X-Spam-Check: True' header to the email if its spam ...
I've done some quick reads of the various drafts, and there appears to be
no way of doing this within Sieve ... has anyone worked on something like
this?

I've thought to modify the code, to extend the spam extension, so that it
adds a simple:

X-Spam-Score:   / 

so that if spam is enabled, then it auto-adds this header, but I can't
find where in the code to actually add this ... The X-Sieve header is
added in lmtpd.c, but before the scoring happens, so that doesn't help ...
fillin_header() in sieve/script.c looks good, and is after the spam checks
are run/scored, but am not 100% certain of how I should call add_header()
for the above ...

Can anyone provide some insight on this?

Thanks

Re: POP3S killed my cyrus-imap server

[Ken Murchison]

Jim Worke wrote:
> 
> I'm able to login to my imap server using IMAP.  But when I choose POP3 SSL
> connection in Kmail, the imap server is killed.  However POP3,IMAP,IMAPS is
> ok.  Here's the log:
> 
> May 13 20:01:22 thunderbolt ctl_mboxlist[4905]: running mboxlist recovery
> May 13 20:01:22 thunderbolt ctl_mboxlist[4905]: done running mboxlist recovery
> May 13 20:01:22 thunderbolt master[4903]: ready for work
> May 13 20:01:22 thunderbolt ctl_mboxlist[4907]: checkpointing mboxlist
> May 13 20:01:23 thunderbolt pidof: 4903
> May 13 20:01:23 thunderbolt cyrus:  succeeded
> May 13 20:01:56 thunderbolt pop3d[4913]: pop3s: required OpenSSL options not
> present
> May 13 20:01:56 thunderbolt master[4903]: process 4913 exited, signaled to
> death by 11
> 
> How do I add the OpenSSL options?

Look at the 'tls_' option in the imapd.conf(5) manpage.

> How do I check whether the compilation of
> cyrus-imap has OpenSSL included (I used RPM.  I believe OpenSSL is included,
> since the SRPM shows that openSSL is really included)?

Use the 'version' command in cyradm and it will show you how it was
compiled.

Ken
-- 
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26  Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp

Re: How to get user-level transfer logs for imapd / pop3d ?

[Alexandre Suter]

Henrique de Moraes Holschuh wrote:

>On Sat, 11 May 2002, Alexandre Suter wrote:
>
>>Is there a way to get the a user-level transfer log with cyrus ? The 
>>purpose is to see how much bandwidth each user consums.
>>
>
>Search the archives of this list, someone posted a patch to control per-user
>bandwidth using an external daemon less than a month ago...
>

Thanks for the hint. I already searched the list archives but this 
message wasn't easy to find...
In case anybody else is interested, the message subject is "[PATCH] 
2.1.3 reliability patches", and the message is dated "Mon, 6 May 2002".

Did somebody write such a daemon to use with the 'rated.diff' patch ? I 
suppose it would not be complicated to write my own, but it would 
certainly be more constructive to contribute to existing code...

And did somebody experience this patch with cyrus-imapd 2.1.4 ?


Best regards,

AS

POP3S killed my cyrus-imap server

[Jim Worke]

I'm able to login to my imap server using IMAP.  But when I choose POP3 SSL 
connection in Kmail, the imap server is killed.  However POP3,IMAP,IMAPS is 
ok.  Here's the log:

May 13 20:01:22 thunderbolt ctl_mboxlist[4905]: running mboxlist recovery
May 13 20:01:22 thunderbolt ctl_mboxlist[4905]: done running mboxlist recovery
May 13 20:01:22 thunderbolt master[4903]: ready for work
May 13 20:01:22 thunderbolt ctl_mboxlist[4907]: checkpointing mboxlist
May 13 20:01:23 thunderbolt pidof: 4903
May 13 20:01:23 thunderbolt cyrus:  succeeded
May 13 20:01:56 thunderbolt pop3d[4913]: pop3s: required OpenSSL options not 
present
May 13 20:01:56 thunderbolt master[4903]: process 4913 exited, signaled to 
death by 11

How do I add the OpenSSL options?  How do I check whether the compilation of 
cyrus-imap has OpenSSL included (I used RPM.  I believe OpenSSL is included, 
since the SRPM shows that openSSL is really included)?

I'm afraid that if anyone changed their setting to SSL, then the server is 
dead.

pop3 able to login, but log is authentication failure

[Jim Worke]

I can login into cyrus-imap's pop3 server.  However, I saw the log shows as 
below:

May 13 20:03:49 thunderbolt pop(pam_unix)[4918]: authentication failure; 
logname= uid=76 euid=76 tty= ruser= rhost=  user=testuser
May 13 20:03:49 thunderbolt pop3d[4918]: login: 
thunderbolt.chaos.com[192.168.1.1] testuser plaintext

Can anyone explain why is this so?  I'm using PAM to authenticate to LDAP.

Re: Sieve weirdness

[Tuuli K Tuominen]

On Mon, 13 May 2002, Jaska Kivelä wrote:
> On Mon, May 13, 2002 at 11:47:49AM +0300, Tuuli K Tuominen wrote:
>
> > require ["fileinto"];
> >
> > if allof (address :contains ["from"] "[EMAIL PROTECTED]") {
> >  fileinto "INBOX.fooba";
> > }
> >
> > if allof (address :contains ["from"] "[EMAIL PROTECTED]") {
> >  fileinto "INBOX.jeps";
>
> Try an 'elsif' here.

Hm. Of course. Should've created a test script with Websieve myself
instead of copying the problematic syntax from the user and trying that
out blindly. :)

The misunderstanding was that the user thought he had to have "Continue
checking other rules..." enabled if he wanted to match against more than
one address in the script.

Thanks,
-- 
Tuuli Tuominen

Re: cyradm: cannot authenticate to server with as cyrus

[Jim Worke]

Great!!! It works!! Thank you so much :D

btw, is there any other auth method besides plain?

On Monday 13 May 2002 8:39 pm, Alexandre Suter wrote:
> I've had similar problems with Cyrus 2.1.4 and PAM authentification.
>
> Here is how it works now:
>
> in imapd.conf:
> sasl_pwcheck_method: pwcheck
> (that requires the pwcheck daemon running)
>
> and to use cyradm:
> $ cyradm --user cyrus --auth plain localhost
>
> maybe you should try this...
>
> did you try to login using pop ?
>
> here is an example:
>
> mail:/ # telnet localhost pop3
> Connected to localhost.
> Escape character is '^]'.
> +OK mailserver Cyrus POP3 v2.1.4 server ready
> <1669253611.1021282381@mailserver>
> user cyrus
> +OK Name is a valid mailbox
> pass mypassword
> -ERR [SYS/PERM] Unable to open maildrop
> quit
> +OK
> Connection closed by foreign host.
> mail:/ #
>
> This helped me to locate the errors source. Here there is an error
> because the user cyrus doesn't have an Imap mailbox, but there is no
> user/authentification error.
>
>
> Best regards,
>
> Alexandre Suter
>
> Scott M Likens wrote:
> > How about /var/log/messages or /var/log/syslog.  Either one of those
> > files
> >
> > I'm looking for what syslogd is logging, because Cyrus should be
> > giving error messages and we need to find out what those are.
> >
> > Saslauthd is required for PAM authentication, LDAP, etc etc.  Unless
> > you use the DB plaintext file /etc/sasldb2 you are required to run the
> > 'pw check daemon' which in SASLv2 is saslauthd.
> >
> > I'm assuming you are using LDAP still, so you would do saslauthd -a pam
> >
> > Althought you can try 2.1.3-BETA's LDAP support built in.  Might work
> > better.
> >
> >
> >
> > --On Monday, May 13, 2002 8:30 AM +0800 Jim Worke <[EMAIL PROTECTED]>
> >
> > wrote:
> >> So sorry.  I'm new to cyrus imap.
> >>
> >> My log is empty (I'm looking at /var/imap/log directory and
> >> /var/log/imapd.log  file.  In Redhat, I can't find /var/adm directory).
> >> And I don't know how to  increase the debug level.  That's why I don't
> >> know what's happenning..
> >>
> >> I didn't have saslauthd running.  I followed the Cyrus-IMAP HowTo and
> >> there's  no mention about this?
> >>
> >> On Monday 13 May 2002 7:50 am, Scott M Likens wrote:
> >>> Can you please give us more detail.
> >>>
> >>> Like how about what error messages in /var/adm/messages
> >>>
> >>> Why did it fail to authenticate, no saslauthd running, unable to
> >>> access a
> >>> directory...
> >>> what?
> >>>
> >>> --On Monday, May 13, 2002 7:35 AM +0800 Jim Worke <[EMAIL PROTECTED]>
> >>>
> >>> wrote:
> >>> > I've set up  my RedHat 7.3 box with LDAP, authenticating users
> >>>
> >>> through
> >>>
> >>> > PAM.   I've created the cyrus user in /etc/passwd (as with my
> >>>
> >>> postfix,
> >>>
> >>> > root etc  users).
> >>> >
> >>> > I've changed cyrus's password (but not sasldbpasswd, because I don't
> >>> > use /etc/sasldb.  I authenticate through PAM).
> >>> >
> >>> > Here's my /etc/imapd.conf:
> >>> > configdirectory: /var/imap
> >>> > partition-default: /var/spool/imap
> >>> > admins: cyrus
> >>> > allowanonymouslogin: no
> >>> >
> >>> ># To use the PAM for authentication (but not /etc/passwd or shadow),
> >>> > change # the following line to specify "pam" instead of "sasldb".
> >>> > sasl_pwcheck_method: pam
> >>> >
> >>> > When I run (as user cyrus) "cyradm localhost", it gives me an error:
> >>> > cyradm: cannot authenticate to server with  as cyrus
> >>> >
> >>> > Did I miss something?

Re: Sieve weirdness

[Jaska Kivelä]

On Mon, May 13, 2002 at 11:47:49AM +0300, Tuuli K Tuominen wrote:

> require ["fileinto"];
> 
> if allof (address :contains ["from"] "[EMAIL PROTECTED]") {
>  fileinto "INBOX.fooba";
> }
> 
> if allof (address :contains ["from"] "[EMAIL PROTECTED]") {
>  fileinto "INBOX.jeps";

Try an 'elsif' here.


-jk

Pb with backup

[Jean-Marc Delpech]

Hi,

I make a tar of /var/spool/imap/user every week from my imap server to a
snap server (this sort of backup never delete old files on the snap server
but only add). So when I want to restore an user, first I create the same
user and after I restore from the snap server all his old files and
directory. Second I make a "reconstruct". Third I make a "recontruct -f -r
user.xx_y"

After I connect Eudora ( or Outlook, or anythings else) to this user without
any pb but I see all the directory and no files in it ! Do you no know what
must I do to see all the mails in the folders ?

Many thks for yr answers.

Rgds/Jean-Marc

cyrus imapd 2.0.11
- cyrus sasl 1.5.24
- db 3.1.17

Re: cyradm: cannot authenticate to server with as cyrus

[Alexandre Suter]

I've had similar problems with Cyrus 2.1.4 and PAM authentification.

Here is how it works now:

in imapd.conf:
sasl_pwcheck_method: pwcheck
(that requires the pwcheck daemon running)

and to use cyradm:
$ cyradm --user cyrus --auth plain localhost

maybe you should try this...

did you try to login using pop ?

here is an example:

mail:/ # telnet localhost pop3
Connected to localhost.
Escape character is '^]'.
+OK mailserver Cyrus POP3 v2.1.4 server ready 
<1669253611.1021282381@mailserver>
user cyrus
+OK Name is a valid mailbox
pass mypassword
-ERR [SYS/PERM] Unable to open maildrop
quit
+OK
Connection closed by foreign host.
mail:/ #

This helped me to locate the errors source. Here there is an error 
because the user cyrus doesn't have an Imap mailbox, but there is no 
user/authentification error.


Best regards,

Alexandre Suter


Scott M Likens wrote:

> How about /var/log/messages or /var/log/syslog.  Either one of those 
> files
>
> I'm looking for what syslogd is logging, because Cyrus should be 
> giving error messages and we need to find out what those are.
>
> Saslauthd is required for PAM authentication, LDAP, etc etc.  Unless 
> you use the DB plaintext file /etc/sasldb2 you are required to run the 
> 'pw check daemon' which in SASLv2 is saslauthd.
>
> I'm assuming you are using LDAP still, so you would do saslauthd -a pam
>
> Althought you can try 2.1.3-BETA's LDAP support built in.  Might work 
> better.
>
>
>
> --On Monday, May 13, 2002 8:30 AM +0800 Jim Worke <[EMAIL PROTECTED]> 
> wrote:
>
>> So sorry.  I'm new to cyrus imap.
>>
>> My log is empty (I'm looking at /var/imap/log directory and
>> /var/log/imapd.log  file.  In Redhat, I can't find /var/adm directory).
>> And I don't know how to  increase the debug level.  That's why I don't
>> know what's happenning..
>>
>> I didn't have saslauthd running.  I followed the Cyrus-IMAP HowTo and
>> there's  no mention about this?
>>
>> On Monday 13 May 2002 7:50 am, Scott M Likens wrote:
>>
>>> Can you please give us more detail.
>>>
>>> Like how about what error messages in /var/adm/messages
>>>
>>> Why did it fail to authenticate, no saslauthd running, unable to 
>>> access a
>>> directory...
>>> what?
>>>
>>> --On Monday, May 13, 2002 7:35 AM +0800 Jim Worke <[EMAIL PROTECTED]>
>>> wrote:
>>> > I've set up  my RedHat 7.3 box with LDAP, authenticating users 
>>> through
>>> > PAM.   I've created the cyrus user in /etc/passwd (as with my 
>>> postfix,
>>> > root etc  users).
>>> >
>>> > I've changed cyrus's password (but not sasldbpasswd, because I don't
>>> > use /etc/sasldb.  I authenticate through PAM).
>>> >
>>> > Here's my /etc/imapd.conf:
>>> > configdirectory: /var/imap
>>> > partition-default: /var/spool/imap
>>> > admins: cyrus
>>> > allowanonymouslogin: no
>>> >
>>> ># To use the PAM for authentication (but not /etc/passwd or shadow),
>>> > change # the following line to specify "pam" instead of "sasldb".
>>> > sasl_pwcheck_method: pam
>>> >
>>> > When I run (as user cyrus) "cyradm localhost", it gives me an error:
>>> > cyradm: cannot authenticate to server with  as cyrus
>>> >
>>> > Did I miss something?
>>
>>
>>
>
>
>
>

Sieve weirdness

[Tuuli K Tuominen]

Hi,
I've enabled sieve and installed Websieve (version 0.61h) on our two
servers running Cyrus Imap 1.6.25. An user complained of getting messages
delivered both to his Inbox and a folder when he was trying to file
messages directly to a folder by a sieve script. I made this script and
tested it:

require ["fileinto"];

if allof (address :contains ["from"] "[EMAIL PROTECTED]") {
 fileinto "INBOX.fooba";
}

if allof (address :contains ["from"] "[EMAIL PROTECTED]") {
 fileinto "INBOX.jeps";
}

else {
 keep;
}


and noticed that if I send e-mail to this test account from address
"[EMAIL PROTECTED]", the message goes both into my test
account's Inbox and into INBOX.fooba. Doesn't make sense to me. Except maybe
if duplicate delivery  suppression is broken somehow? I do see occasional
"dupelim" messages in the logs, as always.

Any ideas?

-- 
Tuuli Tuominen
University of Helsinki  IT Department