Re: Updating /seen from concurrent sessions
Andrew McNamara wrote: I realise this is an old known problem, but I've spent some time searching list archives, and other sources looking for an answer. Any help anyone can provide will be gratefully received. Try using skiplist for the seen.db It doesn't really solve the problem but it masks it well enough. Bye -- Luca Olivetti Wetron Automatización S.A. http://www.wetron.es/ Tel. +34 93 5883004 Fax +34 93 5883007
Migrating from Exchange to Cyrus!?
Hello folks! Is it possible to migrate from Exchange 5.5 to Cyrus? We have a mailserver running with multiple domains about 500 mailboxes and want to use Cyrus on FreeBSD now. How i can do that, any howto or something? Thanks in Advance -- webnetix softMedia - Oliver Kaufmann Development / System Administration Oberfeldstr. 16 A - 6811 Goefis T. +43-676-9554958 F. +43-5522-70154-18 W. http://www.webnetix.cc/
Cyrus IMAPd v2.1.10
Hi there, ./configure --prefix=/opt/cyrus \ --with-cyrus-prefix=/opt/cyrus \ --with-openssl \ --enable-murder \ --enable-cmulocal \ --enable-netscapehack \ --with-libwrap \ --with-notify=unix \ --enable-fulldirhash \ --with-statedir=/opt/cyrus/var \ --with-tcl \ --with-sasl=/opt/cyrus # make install [---SNIP---] /usr/bin/install -c -s -m 755 remotepurge /opt/cyrus/bin make[1]: Leaving directory `/opt/cyrus.old/src/cyrus-imapd-2.1.10/netnews' ### Making install in /opt/cyrus.old/src/cyrus-imapd-2.1.10/depot make[1]: Entering directory `/opt/cyrus.old/src/cyrus-imapd-2.1.10/depot' ./../install-sh -d etc /usr/bin/install -c -m 644 ./depot.conf /usr/bin/install: too few arguments Try `/usr/bin/install --help' for more information. make[1]: *** [install] Error 1 make[1]: Leaving directory `/opt/cyrus.old/src/cyrus-imapd-2.1.10/depot' make: *** [install] Error 1 ciao, Marc
Re: Cyrus IMAPd v2.1.10
Don't compile with --enable-cmulocal, that enables CMU-specific options, such as the depot config file. -Rob On Thu, 14 Nov 2002, Marc-Christian Petersen wrote: Hi there, ./configure --prefix=/opt/cyrus \ --with-cyrus-prefix=/opt/cyrus \ --with-openssl \ --enable-murder \ --enable-cmulocal \ --enable-netscapehack \ --with-libwrap \ --with-notify=unix \ --enable-fulldirhash \ --with-statedir=/opt/cyrus/var \ --with-tcl \ --with-sasl=/opt/cyrus # make install [---SNIP---] /usr/bin/install -c -s -m 755 remotepurge /opt/cyrus/bin make[1]: Leaving directory `/opt/cyrus.old/src/cyrus-imapd-2.1.10/netnews' ### Making install in /opt/cyrus.old/src/cyrus-imapd-2.1.10/depot make[1]: Entering directory `/opt/cyrus.old/src/cyrus-imapd-2.1.10/depot' ./../install-sh -d etc /usr/bin/install -c -m 644 ./depot.conf /usr/bin/install: too few arguments Try `/usr/bin/install --help' for more information. make[1]: *** [install] Error 1 make[1]: Leaving directory `/opt/cyrus.old/src/cyrus-imapd-2.1.10/depot' make: *** [install] Error 1 ciao, Marc -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Cyradm - all gone wrong
FYI - this is the first time I've used Cyrus_imapd, though I've used courier extensively. After all sorts of problems - I'm seemingly fine - except the admin utility cyradm - it doesn't seem to function. I see it's calling 'perl -MCyrus::IMAP::Shell -e shell' - running this against a prompt confirms the modules installed in the INC path. When trying to connect to the server - this is the output from the logs. Without a mechanism to add user/pass details - I'm stuck. Has anyone experienced this before ? Nov 14 13:44:44 mini-me imapd[16737]: accepted connection Nov 14 13:44:44 mini-me imapd[16737]: mystore: starting txn 2147483678 Nov 14 13:44:44 mini-me imapd[16737]: mystore: committing txn 2147483678 Nov 14 13:44:44 mini-me imapd[16737]: starttls: TLSv1 with cipher DES-CBC3-SHA (168/168 bits new) no authentication Nov 14 13:44:44 mini-me imapd[16737]: badlogin: adamantite.auth.**.**.***[***.***.***.***] PLAIN [SASL(-1): generic failure: Password verification failed]
Re: Migrating from Exchange to Cyrus!?
[EMAIL PROTECTED] wrote: Hello folks! Is it possible to migrate from Exchange 5.5 to Cyrus? Yes. That said, it's not necessarily entirely painless We have a mailserver running with multiple domains about 500 mailboxes and want to use Cyrus on FreeBSD now. How i can do that, any howto or something? You probably want to get the UW-IMAP server or utils package. In that, you'll find a program called mailutil, which you can use to transfer mail from Exchange mailboxes to Cyrus. Set Exchange up for IMAP support, and then mailutil can simply connect to your Exchange server and suck out the mail, then inject it into Cyrus. If I were you, I'd set up both systems in parallel, and migrate things domain by domain. With this sort of thing, the most difficult part is often migrating the extras - stuff like address books and mailing lists. Are your users using Excahnge calendaring ar anything like that? If so, I'd be interested to hear how you're replacing it. HTH, Mike.
Re: Cyrus IMAPd 2.1.10 Released
On Thu, 14 Nov 2002, Scott Russell wrote: One of the documentation changes appears to remove a bunch of key instructions from the /doc/text/install-configure file. Everything after step 8. appears to be gone in the 2.1.10 release. I don't think this was intentional since it looks like there are some key steps needed (including running mkimap). Should I open up a bug for this? I'll look into what's going on, but the HTML version is correct. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: Cyrus IMAPd 2.1.10 Released
On Wed, Nov 13, 2002 at 03:57:57PM -0500, Rob Siemborski wrote: I'm pleased to announce the release of Cyrus IMAPd 2.1.10. This is mostly a bug-fix and cleanup release, with the notable new feature of Berkeley DB 4.1 support. One of the documentation changes appears to remove a bunch of key instructions from the /doc/text/install-configure file. Everything after step 8. appears to be gone in the 2.1.10 release. I don't think this was intentional since it looks like there are some key steps needed (including running mkimap). Should I open up a bug for this? -- Scott Russell ([EMAIL PROTECTED]) Linux Technology Center, System Admin, RHCE. Dial 877-735-8200 then ask for 919-543-9289 (TTY)
lmtpd gets stuck when started under load
Hi, while testing our server setup we've found a (to me) strange behavior of lmtpd. Here's the setup: name : Cyrus IMAPD version: v2.1.9-Invoca-RPM-2.1.9-10 2002/08/30 18:40:23 vendor : Project Cyrus support-url: http://asg.web.cmu.edu/cyrus os : Linux os-version : 2.4.18-4SGI_XFS_1.1bigmem environment: Cyrus SASL 2.1.5 Sleepycat Software: Berkeley DB 3.3.11: (July 12, 2001) OpenSSL 0.9.6b [engine] 9 Jul 2001 CMU Sieve 2.2 TCP Wrappers mmap = shared lock = fcntl nonblock = fcntl auth = unix idle = poll dirhash = full mboxlist.db = skiplist subs.db = flat seen.db = skiplist duplicate.db = db3-nosync tls.db = db3-nosync [rootlvr1 raddb]# rpm -q cyrus-sasl cyrus-sasl-2.1.7-2 (This is the RedHat 8.0 RPM that I installed under RedHat 7.3) First off, I'm a bit surprised that 'version' only shows the version of SASL that IMAPD was compiled against, not the current version ... that's just cosmetic, I guess. Anyway, we are also running sendmail 8.12.6 with the cyrusv2 mailer. All seems to be fine if we launch cyrus-imapd first and sendmail second. However, if we stop cyrus-imapd for whatever reason without stopping sendmail first, we end up in a situation where the lmtpd gets stuck upon a restart of cyrus-imapd. To be precise, it doesn't accept connections from sendmail and if we strace it all we see is: accept(4, That's it. The workaround then is to stop both sendmail and cyrus-imapd and to wait for several minutes. After that, if we start the processes in the right order, everything is fine again. Is this behavior to be expected or is it a bug? Thanks, Sebastian Hagedorn -- Sebastian Hagedorn M.A. - RZKR-R1 (Flachbau), Zi. 18, Robert-Koch-Str. 10 Zentrum für angewandte Informatik - Universitätsweiter Service RRZK Universität zu Köln / Cologne University - Tel. +49-221-478-5587 msg09188/pgp0.pgp Description: PGP signature
Re: Cyrus IMAPd 2.1.10 Released
On Thu, 14 Nov 2002, Rob Siemborski wrote: I'll look into what's going on, but the HTML version is correct. htmlstrip (our html-to-plaintext converter) apparently didn't support quot, which a recent update to install-configure added, we missed it because failure to build the text directory wasn't breaking the build. I've fixed both of these issues. You can pull an updated source for htmlstrip.c from cvs now, but since the documentation is still complete in its authoritative format (HTML), I don't think this justifies an immediate rerelease. As it is, we'll probably be doing a release in early-to-mid december anyway to address some other small issues as well. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: lmtpd gets stuck when started under load
On Thu, 14 Nov 2002, Sebastian Hagedorn wrote: First off, I'm a bit surprised that 'version' only shows the version of SASL that IMAPD was compiled against, not the current version ... that's just cosmetic, I guess. Cyrus 2.2 does this (since it requires atleast SASL 2.1.7, and the sasl_version symbol, which will reveal the running version, isn't available to 2.1.4). We didn't want to break comptability of Cyrus 2.1 with earlier SASL versions for no good reason. Anyway, we are also running sendmail 8.12.6 with the cyrusv2 mailer. All seems to be fine if we launch cyrus-imapd first and sendmail second. However, if we stop cyrus-imapd for whatever reason without stopping sendmail first, we end up in a situation where the lmtpd gets stuck upon a restart of cyrus-imapd. To be precise, it doesn't accept connections from sendmail and if we strace it all we see is: accept(4, That's it. The workaround then is to stop both sendmail and cyrus-imapd and to wait for several minutes. After that, if we start the processes in the right order, everything is fine again. Is this behavior to be expected or is it a bug? I'd call it a bug offhand, but there are possibly other things going on. Do all the previous lmtpds die off before you restart cyrus? Can you make a connection to the new lmtpd socket manualy (if it's a unix socket, you may want to try sock, from ftp://atrey.karlin.mff.cuni.cz/pub/local/mj/linux/sock-*.tar.gz). -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: Cyrus IMAPd 2.1.10 Released
On Thu, Nov 14, 2002 at 10:37:50AM -0500, Rob Siemborski wrote: On Thu, 14 Nov 2002, Rob Siemborski wrote: I'll look into what's going on, but the HTML version is correct. I've fixed both of these issues. You can pull an updated source for htmlstrip.c from cvs now, but since the documentation is still complete in its authoritative format (HTML), I don't think this justifies an immediate rerelease. No, I would tend to agree. I'm just a text fan and happen to notice it while diffing the releases. Sooo... any reason why the docs aren't sgml and then built for text, html, ps, etc? Think of this as less of a request and more of 'would CMU be interested' type question. :) -- Scott Russell ([EMAIL PROTECTED]) Linux Technology Center, System Admin, RHCE. Dial 877-735-8200 then ask for 919-543-9289 (TTY)
8bit encoding
Hi, I'm a cyrus-imapd newbie, and I had a hard time installing into my rh-7.3, but now I'm having 5 users using it without problems, and I'm waiting for 2 new 36gb cheetah's to make it available to the rest of the company. After upgrading to 2.1.10 I have no more issues regarding delivery to shared subfolders ex: dd+my.sub.foldermyserver. But I'm still having problems with 8 bit encoding. I'd like to know if there is something I can do in order to solve this problem. I can't force everyone to send 7bit e-mail to us? -- Thanks in Advance, Alessandro Oliveira Nuno Ferreira Cargas Internacionais Ltda. Phone: +55-11-3241-2000 Fax : +55-11-3242-9891 --- It's trivial to make fun of Microsoft products, but it takes a real man to make them work, and a god to make them do anything useful.
Re: what is better ?
Simon Matter wrote: Andrei Loukinykh schrieb: Since Websieve wasn't updated since 2001, cat it still work with the last Cyrus ( 2.1.9 ), or it is better to get something newer (smartsieve...) ? Has anyone had an experience? Squirrelmail with the avelsieve plugin is really cool. This is what I'm using because I have squirrelmail installed. If there is no Squirrel, Smartsieve looks good too. Simon I am not sure about Alexandros availability :), but he could probably build an independed avelsieve web-application. Although the deployment of avelsieve as separate web-application is easier, integration with other webmail applications will certainly be more attractive and functional. Any preference ? Nikos Voutsinas
Re: lmtpd gets stuck when started under load
Try duplicate.db = skiplist Solved all of my lmtpd hanging problems. I see you are using RPMs so I guess you would have to compile from source to make the change. Sebastian Hagedorn wrote: Hi, while testing our server setup we've found a (to me) strange behavior of lmtpd. Here's the setup: name : Cyrus IMAPD version: v2.1.9-Invoca-RPM-2.1.9-10 2002/08/30 18:40:23 vendor : Project Cyrus support-url: http://asg.web.cmu.edu/cyrus os : Linux os-version : 2.4.18-4SGI_XFS_1.1bigmem environment: Cyrus SASL 2.1.5 Sleepycat Software: Berkeley DB 3.3.11: (July 12, 2001) OpenSSL 0.9.6b [engine] 9 Jul 2001 CMU Sieve 2.2 TCP Wrappers mmap = shared lock = fcntl nonblock = fcntl auth = unix idle = poll dirhash = full mboxlist.db = skiplist subs.db = flat seen.db = skiplist duplicate.db = db3-nosync tls.db = db3-nosync [rootlvr1 raddb]# rpm -q cyrus-sasl cyrus-sasl-2.1.7-2 (This is the RedHat 8.0 RPM that I installed under RedHat 7.3) First off, I'm a bit surprised that 'version' only shows the version of SASL that IMAPD was compiled against, not the current version ... that's just cosmetic, I guess. Anyway, we are also running sendmail 8.12.6 with the cyrusv2 mailer. All seems to be fine if we launch cyrus-imapd first and sendmail second. However, if we stop cyrus-imapd for whatever reason without stopping sendmail first, we end up in a situation where the lmtpd gets stuck upon a restart of cyrus-imapd. To be precise, it doesn't accept connections from sendmail and if we strace it all we see is: accept(4, That's it. The workaround then is to stop both sendmail and cyrus-imapd and to wait for several minutes. After that, if we start the processes in the right order, everything is fine again. Is this behavior to be expected or is it a bug? Thanks, Sebastian Hagedorn -- Sebastian Hagedorn M.A. - RZKR-R1 (Flachbau), Zi. 18, Robert-Koch-Str. 10 Zentrum für angewandte Informatik - Universitätsweiter Service RRZK Universität zu Köln / Cologne University - Tel. +49-221-478-55 87
Re: what is better ?
--On Thursday, November 14, 2002 18:09:40 +0200 Voutsinas Nikos [EMAIL PROTECTED] wrote: I am not sure about Alexandros availability :), but he could probably build an independed avelsieve web-application. Although the deployment of avelsieve as separate web-application is easier, integration with other webmail applications will certainly be more attractive and functional. Any preference ? We are using IMP and would be very interested in a nice Sieve interface. -- Sebastian Hagedorn M.A. - RZKR-R1 (Flachbau), Zi. 18, Robert-Koch-Str. 10 Zentrum für angewandte Informatik - Universitätsweiter Service RRZK Universität zu Köln / Cologne University - Tel. +49-221-478-5587 msg09195/pgp0.pgp Description: PGP signature
how and why to use SQUAT?
Hi Folks, I've seen a few messages about SQUAT on the list, and I'm wondering if I should use it. I've read through the source code (which is the only documentation I could find...) and it seems like it's intended to speed up searches in the messages. Does this work? How do I set up the indexes? Do I need to add any squatter references in my cyrus.conf? -- Scott Douglass [EMAIL PROTECTED]
Re: autocreatequota - does it really work?
On 14 Nov 2002, Scott Douglass wrote: I've been wondering for a while if the /etc/imapd.conf option: autocreatequota is actually implemented (I'm running 2.1.9 right now). It isn't working on any of my servers. No quota is set for new user.names. Anyone have any experience with this? It would be handy if it did work. autocreatequota only affects users who log in and create their own INBOX. Is this how your mailboxes are being created? -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: how and why to use SQUAT?
Scott Douglass wrote: Hi Folks, I've seen a few messages about SQUAT on the list, and I'm wondering if I should use it. I've read through the source code (which is the only documentation I could find...) and it seems like it's intended to speed up searches in the messages. Does this work? Yes. How do I set up the indexes? Do I need to add any squatter references in my cyrus.conf? Yes. Add squatter EVENT(s) for the mailboxes that you'd like to index, assuming that the mailbox grows (so that new messages get added to the index). If the mailbox is static, just run squatter on it by hand. I would only bother doing this for large mailboxes, since that is where you will see the greatest performance gain. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: autocreatequota - does it really work?
On 14 Nov 2002, Rob Siemborski writes:
On 14 Nov 2002, Scott Douglass wrote:
I've been wondering for a while if the /etc/imapd.conf option:
autocreatequota is actually implemented (I'm running 2.1.9 right
now). It isn't working on any of my servers. No quota is set for
new user.names.
Anyone have any experience with this? It would be handy if it did
work.
autocreatequota only affects users who log in and create their own
INBOX. Is this how your mailboxes are being created?
I started using autocreatequota recently. The 'automatic' mailbox
creation *does* work, just not the way I initially and perhaps naively
expected it to work. I'm less sure about the automatic setting of a
quota, which I agree would be handy.
The name of the option is potentially confusing, in that the desired
mailbox is not 100% *automatically* created. Rather, it is only
created when the new user logs in and issues a CREATE INBOX command.
I initially thought the INBOX would be created at login.
I think the man page for imapd.conf changed fairly recently to make
this clearer (thankyou!). Since some IMAP clients do not seem to
issue that CREATE INBOX command upon disovering the lack of an INBOX,
mailbox creation is not quite as 'automatic' as it sounds for most
users.
What we did here was to make a very small edit to our webmail client
of choice (Squirrelmail) to check for the existence of the INBOX and
issue a CREATE INBOX command at login time if the INBOX does not
already exist. So the first time a new user uses webmail, their INBOX
is now automatically created for them.
This approach will not directly help users who use a commercial IMAP
client which doesn't send the CREATE INBOX, unless by policy helpdesk
staff use webmail to verify the new account (this check will now have
the side-effect of creating the INBOX).
Below is the diff against Squirrelmail 1.2.8 sources, in case it would
be useful to anyone else.
Like Scott, I do not see a quota being set on the newly (auto-)created
INBOX here, either in 2.1.9 or in 2.2 from CVS a month or so back, but
we have not tracked that down yet -- it might just be some
configuration mistake we have made? At least we can add a new user to
the LDAP directory, and have them be able to use webmail, with no use
of cyradm required.
Jonathan
--- squirrelmail.orig/functions/imap_general.php Tue Sep 17 08:10:03 2002
+++ squirrelmail/functions/imap_general.php Tue Oct 22 17:13:05 2002
@@ -231,6 +231,10 @@
exit;
}
}
+/* Create INBOX if it doesn't exist -- autocreates a new user.
[EMAIL PROTECTED] */
+if (!sqimap_mailbox_exists($imap_stream, 'INBOX')) {
+ sqimap_mailbox_create($imap_stream, 'INBOX', '');
+}
return $imap_stream;
}
--
Jonathan Marsden| Internet: [EMAIL PROTECTED] | Making electronic
1252 Judson Street | Phone: +1 (909) 795-3877 | communications work
Redlands, CA 92374 | Fax: +1 (909) 795-0327 | reliably for Christian
USA | http://www.xc.org/jonathan| missions worldwide
cyrus with procmail.. not again :)
Hi Everyone, I am trying to set up a new mail server with spam filtering using procmail. My MTA is Postfix 1.1.11, configured with mailbox_command = /usr/bin/procmail USER=$USER EXTENSION=$EXTENSION which seems to get the mail over to procmail, which then uses procmail filters to filter out the spam. My cyrus version right now is v2.1.9. Then I use deliver to deliver the message to the correct mailbox depending on if it is spam or a good message The problem I seem to be having is that for some reason my mailbox which is set up as (cyradm output) lam user.bill bill lrswipcda By default, but this does not work, when I try the deliver by hand, the message just disappears. If I change the permissions to add anyone capabilities (someone other than the mailbox user) then I can use the deliver command by hand, and it will successfully deliver the message to the correct mailbox. lam user.bill bill lrswipcda anyone lrswipcda lam user.bill.SPAM bill lrswipcda anyone lrswipcda So, I have a few questions for the experts out there: What are the repercussions of adding this permission set to the mailboxes? Is this the best way to get the mail into procmail so it can filter? Or is there some other way to do this better? Is there a way to debug the deliver app? I am having trouble tracing things along the way and this would help a lot. Thanks for any help! bill
Re: Updating /seen from concurrent sessions
Date: Thu, 14 Nov 2002 09:38:27 +0100 From: Luca Olivetti [EMAIL PROTECTED] Andrew McNamara wrote: I realise this is an old known problem, but I've spent some time searching list archives, and other sources looking for an answer. Any help anyone can provide will be gratefully received. Try using skiplist for the seen.db It doesn't really solve the problem but it masks it well enough. From my understanding, changing to skiplist really shouldn't change the visible behavior at all. But I've been wrong before. It would be possible to flush the seen state more often; it's just a question of how often and when should other imapds look for it. I've never actually seen this problem happen whenever I've fooled around with OE so I've never looked at the code to figure out what to do. Larry
Re: Cyrus IMAPd 2.1.10 Released
Date: Thu, 14 Nov 2002 10:56:07 -0500 From: Scott Russell [EMAIL PROTECTED] [...] Sooo... any reason why the docs aren't sgml and then built for text, html, ps, etc? Think of this as less of a request and more of 'would CMU be interested' type question. :) No objections, but it's one of those things of is it worth creating more dependencies versus the current very simple htmlstrip and html files. At one point I converted some of the files to XHTML and that process will probably continue slowly. If someone has a good idea of how to make the documentation easier to deal with, we're all for it. Larry
Re: autocreatequota - does it really work?
Date: Thu, 14 Nov 2002 11:16:41 -0800 (PST) From: Jonathan Marsden [EMAIL PROTECTED] [...] The name of the option is potentially confusing, in that the desired mailbox is not 100% *automatically* created. Rather, it is only created when the new user logs in and issues a CREATE INBOX command. I initially thought the INBOX would be created at login. Right, it turns out because of the way CMU phased in Cyrus phased out our legacy e-mail system (AMS) this was the desired behavior. Users ran a program, convertmail, that created their inbox and uploaded their mail---and until they ran that, we didn't want INBOXs to be created. This probably isn't the desired behavior at almost any other site. Larry
Re: Sieve isn't sieving for me - things to check
The link from /usr/lib/sasl2 to /usr/local/lib/sasl2 did indeed work.
Now sieveshell works and I can upload a sieve script. But it still
isn't sieving.
PROMPT# sieveshell --user=sstest --authname=sstest localhost
connecting to localhost
Please enter your password:
put /root/sievescript testscript
activate testscript
list
testscript - active script
sievescript
quit
/usr/sieve/s/sstest# ls -l
total 16
lrwxrwxrwx 1 cyrus mail 17 Nov 14 10:57 default - testscript.script
-rw--- 1 cyrus mail 8453 Nov 14 10:44 sievescript.script
-rw--- 1 cyrus mail 208 Nov 14 11:16 testscript.script
The contents of /root/sievescript are:
require fileinto;
if header :contains From [EMAIL PROTECTED] {
fileinto INBOX.WOOF;
}
elsif header :contains Subject WOOFWOOF {
fileinto INBOX.WOOF;
}
else {
fileinto INBOX;
}
I sent a message from me with the subject WOOFWOOF (both rules
should fire) and the message isn't being sieved into WOOF. I see
Return-Path: [EMAIL PROTECTED]
Received: from imap.silicondefense.com ([unix socket])
by imap.silicondefense.com (Cyrus v2.1.9) with LMTP;
Thu, 14 Nov 2002 10:57:51 -0800
X-Sieve: CMU Sieve 2.2
Return-Path: [EMAIL PROTECTED]
in the headers. I'm still stumped.
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
David C. Tuttle [EMAIL PROTECTED]
Product Engineer/System Administrator (707) 445-4355 x21
Silicon Defense 513 2nd St, Eureka, CA 95501
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
On Wed, 13 Nov 2002, Nick Fisher wrote:
1) Check the location of the sasl2 libs
The default location is /usr/lib/sasl2 but apparently sometimes you need
to link that dir to /usr/lib/local/sasl2.
Re: Cyrus IMAPd 2.1.10 Released
On Thu, Nov 14, 2002 at 02:35:02PM -0500, Lawrence Greenfield wrote: Date: Thu, 14 Nov 2002 10:56:07 -0500 From: Scott Russell [EMAIL PROTECTED] [...] Sooo... any reason why the docs aren't sgml and then built for text, html, ps, etc? Think of this as less of a request and more of 'would CMU be interested' type question. :) No objections, but it's one of those things of is it worth creating more dependencies versus the current very simple htmlstrip and html files. At one point I converted some of the files to XHTML and that process will probably continue slowly. If someone has a good idea of how to make the documentation easier to deal with, we're all for it. I'm not sure it would be easier. It's question of maintaining sgml docbook sources vs xhtml/html sources. The theoretical advantage is that the sgml/docbook tools are plentiful and easily exported to other formats. It might also be a good motivation for me to get learning docbook/sgml :) -- Scott Russell ([EMAIL PROTECTED]) Linux Technology Center, System Admin, RHCE. Dial 877-735-8200 then ask for 919-543-9289 (TTY)
Re: Sieve isn't sieving for me - things to check
I'm still learning at this myself but I found that you had to supply a
full path to the mail box rather than a relative one.
Rather than
'INBOX/Woof'
I have to specify
'user/myusername/Woof'
Note that I'm using the '/' as a delimiter rather than the '.'. That's an
option somewhere in the setup.
Basicly the INBOX is specifyed by the full folder path, I found mine by
playing around in cyradm and listing mailboxs.
Hope that helps ;)
Nick
-Original Message-
From: David C. Tuttle [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Thu, 14 Nov 2002 11:27:57 -0800 (PST)
Subject: Re: Sieve isn't sieving for me - things to check
The link from /usr/lib/sasl2 to /usr/local/lib/sasl2 did indeed work.
Now sieveshell works and I can upload a sieve script. But it still
isn't sieving.
PROMPT# sieveshell --user=sstest --authname=sstest localhost
connecting to localhost
Please enter your password:
put /root/sievescript testscript
activate testscript
list
testscript - active script
sievescript
quit
/usr/sieve/s/sstest# ls -l
total 16
lrwxrwxrwx 1 cyrus mail 17 Nov 14 10:57 default -
testscript.script
-rw--- 1 cyrus mail 8453 Nov 14 10:44 sievescript.script
-rw--- 1 cyrus mail 208 Nov 14 11:16 testscript.script
The contents of /root/sievescript are:
require fileinto;
if header :contains From [EMAIL PROTECTED] {
fileinto INBOX.WOOF;
}
elsif header :contains Subject WOOFWOOF {
fileinto INBOX.WOOF;
}
else {
fileinto INBOX;
}
I sent a message from me with the subject WOOFWOOF (both rules
should fire) and the message isn't being sieved into WOOF. I see
Return-Path: [EMAIL PROTECTED]
Received: from imap.silicondefense.com ([unix socket])
by imap.silicondefense.com (Cyrus v2.1.9) with LMTP;
Thu, 14 Nov 2002 10:57:51 -0800
X-Sieve: CMU Sieve 2.2
Return-Path: [EMAIL PROTECTED]
in the headers. I'm still stumped.
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
David C. Tuttle [EMAIL PROTECTED]
Product Engineer/System Administrator (707) 445-4355 x21
Silicon Defense 513 2nd St, Eureka, CA 95501
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
On Wed, 13 Nov 2002, Nick Fisher wrote:
1) Check the location of the sasl2 libs
The default location is /usr/lib/sasl2 but apparently sometimes you
need
to link that dir to /usr/lib/local/sasl2.
Re: cyrus with procmail.. not again :)
Bill Wester said: Is this the best way to get the mail into procmail so it can filter? Or is there some other way to do this better? Ditch procmail and use sieve (that comes with cyrus). It was built to integrate with Cyrus, so setting it up is a snap. It operates on a port, so is easier for users to administer on a sealed server (unlike procmail) and if you have squirrelmail and its avelsieve plugin, making filters on the fly from a browser is a snap. Its syntax is also more intuitive than procmail and can do more easier. Best ... mail-filtering ... software ... EVER. -- Brian
Re: Cyrus IMAPd 2.1.10 Released
Lawrence Greenfield [EMAIL PROTECTED] writes: If someone has a good idea of how to make the documentation easier to deal with, we're all for it. What's wrong with plain text? Erik.
Re: Sieve isn't sieving for me - things to check
This is just a follow-up for the archives. When I create the IMAP folders by hand from an IMAP client, sieve works. I had expected that Cyrus would create the folder if it didn't already exist - apparently, it doesn't. I'll try Nick's suggestion about the filepaths, too. Thanks to Nick and Paul for the useful help. Over and out. -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- David C. Tuttle [EMAIL PROTECTED] Product Engineer/System Administrator (707) 445-4355 x21 Silicon Defense 513 2nd St, Eureka, CA 95501 -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- On Thu, 14 Nov 2002, Nick Fisher wrote: I'm still learning at this myself but I found that you had to supply a full path to the mail box rather than a relative one. Rather than 'INBOX/Woof' I have to specify 'user/myusername/Woof' Note that I'm using the '/' as a delimiter rather than the '.'. That's an option somewhere in the setup. Basicly the INBOX is specifyed by the full folder path, I found mine by playing around in cyradm and listing mailboxs.
ln -s ../plugin_common file does exists
hello, i compile on my redhat 8.0 cyrus-sasl-2.1.9 ./configure and make looks like good but make install end withe the folloeing message See any operating system documentation about shared libraries for more information, such as the ld(1) and ld.so(8) manual pages. -- make[2]: Verlassen des Verzeichnisses Verzeichnis »/usr/local/src/cyrus-sasl-2.1.9/plugins« make[1]: Verlassen des Verzeichnisses Verzeichnis »/usr/local/src/cyrus-sasl-2.1.9/plugins« Making install in lib make[1]: Wechsel in das Verzeichnis Verzeichnis »/usr/local/src/cyrus-sasl-2.1.9/lib« ln -s ../plugins/plugin_common.lo plugin_common.lo ln: »plugin_common.lo«: Datei existiert make[1]: *** [plugin_common.lo] Fehler 1 make[1]: Verlassen des Verzeichnisses Verzeichnis »/usr/local/src/cyrus-sasl-2.1.9/lib« make: *** [install-recursive] Fehler 1 File plugin_common.lo exists Please could you say what does this message meen? thank's a lot Best reagards Achim
Postfix+Cyrus+MySQL please help its been 3 days
Hi all,
i was running qmail+Courier-IMAP+mysql+checkpassword+SMTP-auth on RedHat
7.3 before i decided to switch to Postfix+Cyrus+MySQL on RedHat 8.0,so i
setup a test system to see if i could make it. The test system is running
RedHat 8.0, Postfix 1.1.11-5, MySQL-3.23.52-3, Cyrus-2.1.9
* I rebuilt postfix from src.rpm to have SMTP-auth
* installed mysql rpm
* installed Cyrus from tar sources
* cyrus-sasl is installed by default
* installed pam_mysql to auth users from mysql database
and followed Luc's HOWTO.
The problem is;
Nobody can login IMAP
Cyrus user cannot login using Cryadm
even if the pam_mysql query returns TRUE (mysql logs)
Please help, its been 3 days, and im completely lost.
Here is /etc/pam.d/imap
---
authsufficient pam_mysql.so user=mail passwd=secret
host=localhost db=mail table=accountuser usercolumn=username
passwdcolumn=password crypt=0
authrequired pam_mysql.so user=mail passwd=secret
host=localhost db=mail table=accountuser usercolumn=username
passwdcolumn=password crypt=0
---
Here is /etc/cyrus.conf
-
# standard standalone server implementation
START {
# do not delete these entries!
mboxlist cmd=ctl_mboxlist -r
deliver cmd=ctl_deliver -r
# this is only necessary if using idled for IMAP IDLE
# idledcmd=idled
}
# UNIX sockets start with a slash and are put into /var/imap/socket
SERVICES {
# add or remove based on preferences
imap cmd=imapd listen=imap prefork=0
imaps cmd=imapd -s listen=imaps prefork=0
# pop3 cmd=pop3d listen=pop3 prefork=0
# pop3s cmd=pop3d -s listen=pop3s prefork=0
# sieve cmd=timsieved listen=sieve prefork=0
# at least one LMTP is required for delivery
# lmtp cmd=lmtpd listen=lmtp prefork=0
lmtpunix cmd=lmtpd listen=/var/imap/socket/lmtp prefork=0
}
EVENTS {
# this is required
checkpointcmd=ctl_mboxlist -c period=30
# this is only necessary if using duplicate delivery suppression
delprune cmd=ctl_deliver -E 3 period=1440
}
--
Here is /etc/imapd.conf
---
postmaster: postmaster
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: cyrus
allowanonymouslogin: no
allowplaintext: yes
sasl_mech_list: PLAIN
servername: myhostname.mydomain.local
autocreatequota: 1
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
sasl_pwcheck_method: saslauthd
sendmail: /usr/sbin/sendmail
unixhierarchysep: yes
---
Here is the result of imtest
-
#imtest -a cyrus -v localhost
S: * OK myhostname.mydomain.local Cyrus IMAP4 v2.1.9 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE U
IDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
THREAD=ORDEREDSUBJ
ECT THREAD=REFERENCES IDLE
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN cyrus {6}
S: + go ahead
C: omitted
S: L01 NO Login failed: authentication failure
Authentication failed. generic failure
Security strength factor: 0
-
MySQL Log after runing imtest
021114 23:44:09 38 Connect myhostname@localhost on myhostname
38 Init DB mail
38 Query select username from accountuser where
usern
ame='cyrus' and password='secret'
38 Quit
(the user 'cyrus' exists in the 'accountuser' table and his password is
'secret' in plaintext, that is this query returns 'true')
-
System Log
Nov 14 23:44:09 myhostname saslauthd[2503]: AUTHFAIL: user=cyrus
service=imap realm
= [PAM acct error]
Nov 14 23:44:09 myhostname imapd[2728]: badlogin: myhostname[127.0.0.1]
plaintext cyru
s SASL(-13): authentication failure: checkpass failed
If anyone have any idea why i can't login please help, THANKS for reading.
Suley
Re: Postfix+Cyrus+MySQL please help its been 3 days
On Fri, Nov 15, 2002 at 01:24:19AM +0200, [EMAIL PROTECTED] wrote: Hi all, i was running qmail+Courier-IMAP+mysql+checkpassword+SMTP-auth on RedHat 7.3 before i decided to switch to Postfix+Cyrus+MySQL on RedHat 8.0,so i setup a test system to see if i could make it. The test system is running RedHat 8.0, Postfix 1.1.11-5, MySQL-3.23.52-3, Cyrus-2.1.9 We have this setup going now on Red Hat 7.3. The one difference is that we use the cyrus sasl mysql auth plugin instead of going through pam. Is that an opiton to you or do you really want to go through pam for some other reason? -- Scott Russell ([EMAIL PROTECTED]) Linux Technology Center, System Admin, RHCE. Dial 877-735-8200 then ask for 919-543-9289 (TTY)
Re: Postfix+Cyrus+MySQL please help its been 3 days
Yes that's an option, i just followed Luc's HOWTO and used pam. But now how do i make changes to omit pam_mysql configuration #saslauthd -v saslauthd 2.1.7 authentication mechanisms: getpwent kerberos5 pam rimap shadow and i think web-cyradm has nothing to do with pam_mysql On Fri, Nov 15, 2002 at 01:24:19AM +0200, [EMAIL PROTECTED] wrote: Hi all, i was running qmail+Courier-IMAP+mysql+checkpassword+SMTP-auth on RedHat 7.3 before i decided to switch to Postfix+Cyrus+MySQL on RedHat 8.0,so i setup a test system to see if i could make it. The test system is running RedHat 8.0, Postfix 1.1.11-5, MySQL-3.23.52-3, Cyrus-2.1.9 We have this setup going now on Red Hat 7.3. The one difference is that we use the cyrus sasl mysql auth plugin instead of going through pam. Is that an opiton to you or do you really want to go through pam for some other reason? -- Scott Russell ([EMAIL PROTECTED]) Linux Technology Center, System Admin, RHCE. Dial 877-735-8200 then ask for 919-543-9289 (TTY)
Re: ln -s ../plugin_common file does exists
On Fri, 15 Nov 2002, Achim Altmann wrote: File plugin_common.lo exists Please could you say what does this message meen? Its a known bug, I've only seen it on systems where you build more than once (and its fixed in cvs). You can fix it by changing the makefile to rm -f plugin_common.o (or plugin_common.lo) before they are symlinked, like: plugin_common.lo: plugin_common.o + rm -f plugin_common.lo ln -s $(top_builddir)/plugins/plugin_common.lo plugin_common.lo plugin_common.o: + rm -f plugin_common.o ln -s $(top_builddir)/plugins/plugin_common.o plugin_common.o -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: Postfix+Cyrus+MySQL please help its been 3 days
You know, you might just want to have sasl authenticate directly against
mysql. It'll take a layer or two off of your authentication path, ie..
imapd - sasl - saslauthd - pam - mysql, instead of simply imapd -
sasl - mysql.
Also, for a while I was following pam_mysql and it seemed a number of
people (including the primary developer) ditched it in order to work on
nss_mysql instead. It had something to do with being able to achieve some
sort of efficiency when interfaced with nss that you couldn't with pam.
You might want to look at these two options. It will likely produce a more
efficient setup for you. Otherwise, is there a reason you wanna go through
pam? I setup mysql + postfix + cyrus imap/sasl on my own server without
too much trouble. And my system users authenticate against nss_mysql. I
can't imagine if I'd tried to get pam_mysql working.
-peace
On Fri, 15 Nov 2002 [EMAIL PROTECTED] wrote:
Hi all,
i was running qmail+Courier-IMAP+mysql+checkpassword+SMTP-auth on RedHat
7.3 before i decided to switch to Postfix+Cyrus+MySQL on RedHat 8.0,so i
setup a test system to see if i could make it. The test system is running
RedHat 8.0, Postfix 1.1.11-5, MySQL-3.23.52-3, Cyrus-2.1.9
* I rebuilt postfix from src.rpm to have SMTP-auth
* installed mysql rpm
* installed Cyrus from tar sources
* cyrus-sasl is installed by default
* installed pam_mysql to auth users from mysql database
and followed Luc's HOWTO.
The problem is;
Nobody can login IMAP
Cyrus user cannot login using Cryadm
even if the pam_mysql query returns TRUE (mysql logs)
Please help, its been 3 days, and im completely lost.
Here is /etc/pam.d/imap
---
authsufficient pam_mysql.so user=mail passwd=secret
host=localhost db=mail table=accountuser usercolumn=username
passwdcolumn=password crypt=0
authrequired pam_mysql.so user=mail passwd=secret
host=localhost db=mail table=accountuser usercolumn=username
passwdcolumn=password crypt=0
---
Here is /etc/cyrus.conf
-
# standard standalone server implementation
START {
# do not delete these entries!
mboxlist cmd=ctl_mboxlist -r
deliver cmd=ctl_deliver -r
# this is only necessary if using idled for IMAP IDLE
# idledcmd=idled
}
# UNIX sockets start with a slash and are put into /var/imap/socket
SERVICES {
# add or remove based on preferences
imap cmd=imapd listen=imap prefork=0
imaps cmd=imapd -s listen=imaps prefork=0
# pop3 cmd=pop3d listen=pop3 prefork=0
# pop3s cmd=pop3d -s listen=pop3s prefork=0
# sieve cmd=timsieved listen=sieve prefork=0
# at least one LMTP is required for delivery
# lmtp cmd=lmtpd listen=lmtp prefork=0
lmtpunix cmd=lmtpd listen=/var/imap/socket/lmtp prefork=0
}
EVENTS {
# this is required
checkpointcmd=ctl_mboxlist -c period=30
# this is only necessary if using duplicate delivery suppression
delprune cmd=ctl_deliver -E 3 period=1440
}
--
Here is /etc/imapd.conf
---
postmaster: postmaster
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: cyrus
allowanonymouslogin: no
allowplaintext: yes
sasl_mech_list: PLAIN
servername: myhostname.mydomain.local
autocreatequota: 1
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
sasl_pwcheck_method: saslauthd
sendmail: /usr/sbin/sendmail
unixhierarchysep: yes
---
Here is the result of imtest
-
#imtest -a cyrus -v localhost
S: * OK myhostname.mydomain.local Cyrus IMAP4 v2.1.9 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE U
IDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
THREAD=ORDEREDSUBJ
ECT THREAD=REFERENCES IDLE
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN cyrus {6}
S: + go ahead
C: omitted
S: L01 NO Login failed: authentication failure
Authentication failed. generic failure
Security strength factor: 0
-
MySQL Log after runing imtest
021114 23:44:09 38 Connect myhostname@localhost on myhostname
38 Init DB mail
38 Query select username from accountuser where
usern
ame='cyrus' and password='secret'
38 Quit
(the user 'cyrus' exists in the 'accountuser' table and his password is
'secret' in plaintext, that is this query returns 'true')
-
System Log
Nov 14 23:44:09 myhostname saslauthd[2503]: AUTHFAIL: user=cyrus
service=imap
Re: Postfix+Cyrus+MySQL please help its been 3 days
On Fri, Nov 15, 2002 at 03:02:54AM +0200, [EMAIL PROTECTED] wrote: Yes that's an option, i just followed Luc's HOWTO and used pam. But now how do i make changes to omit pam_mysql configuration #saslauthd -v saslauthd 2.1.7 authentication mechanisms: getpwent kerberos5 pam rimap shadow and i think web-cyradm has nothing to do with pam_mysql I know nothing about web-cyradm but there is documentation for getting the sasl mysql auth plugin working. When you build sasl use: ./configure --with-saslauthd=/usr/lib/sasl2 --enable-cram \ --enable-digest --enable-plain --disable-anon --disable-gssapi \ --disable-krb4 --disable-otp --with-openssl --with-mysql The key bit here is the --with-mysql option. In some versions of sasl you may need to change the include to read #include mysql/mysql.h so check the plugsin/mysql.c file and change it as needed. After building and installing sasl I use the following in my imapd.conf file: # sasl settngs sasl_pwcheck_method: auxprop sasl_auxprop_plugin: mysql sasl_mech_list: PLAIN CRAM-MD5 DIGEST-MD5 sasl_mysql_user: mailadm sasl_mysql_passwd: password sasl_mysql_hostnames: localhost sasl_mysql_database: mail sasl_mysql_statement: select decode(passwd,'salt') from account where acct='%u' and status='1' sasl_mysql_verbose: true You should consult the doc/options.html file for more details about the mysql setup. That shold help you explain how to use the proper sasl_mysql_statement in your imapd.conf file. The one above is only an example that works with my specific mysql tables and most likely won't work for you. -- Scott Russell ([EMAIL PROTECTED]) Linux Technology Center, System Admin, RHCE. Dial 877-735-8200 then ask for 919-543-9289 (TTY)
Re: Updating /seen from concurrent sessions
Try using skiplist for the seen.db It doesn't really solve the problem but it masks it well enough. From my understanding, changing to skiplist really shouldn't change the visible behavior at all. But I've been wrong before. I'll try to test it here and let you know. My reading of the code suggests it shouldn't change the specific problem I'm seeing. What's the general feeling on the skiplist implementation used in conjunction with Sun and NetApp's NFS (we're locked in to using this combination for various reasons)? Would you be more or less likely to trust it over db3? Another question - it looks to me like I have to recompile to switch database types - is this true? The code looks like it would be flexible enough to allow a run-time config option to chose the method with very little modification? It would be possible to flush the seen state more often; it's just a question of how often and when should other imapds look for it. If the imapd already can cope with asynchronous events, I would flush the state after a second or two of inactivity from the client. Failing that, I would probably flush the state before replying to the client (yes, this would hurt performance, although probably not much, particularly if we skip the fsync()). But this just fixes the OE problem - Cyrus would still have a problem (as far as I can see): all the other copies accessing that mailbox will still have their old seen files open (maybe using skiplist fixes this). The flat-file seen implementation needs to check to see if the file has been renamed under it (and do what?). To be honest, the flat file seen implementation is way more complicated than I would have thought was worthwhile. My preference would be to not hold the file open, and simply re-write the whole file each time we updated it, renaming the replacement into place (to make the operation atomic - this is also the only synchronous operation). My experience has been that unix is quite happy doing naive things like this while the file remains small (say less than 10k). I implemented a Postfix map that works this way - for lookups, it simply does a linear read/search of the file. For update, it writes a new file, and moves it into place. Generally this performed much better than more complex schemes such as the Sleepycat DB's - particularly when you consider memory footprint (this was on a machine with about 100k users, handling 10's of messages per second). I've never actually seen this problem happen whenever I've fooled around with OE so I've never looked at the code to figure out what to do. I get the impression it's a specific OE usage pattern that triggers it. I've had it described to me as send a mail, click the send/check button, which sounds common enough to me. -- Andrew McNamara, Senior Developer, Object Craft http://www.object-craft.com.au/
Re: Cyrus IMAPd 2.1.10 Released
On 14 Nov 2002, Erik Enge wrote: What's wrong with plain text? It's really hard to keep formatted in any way that looks reasoanble. For example, say you have a bulleted list (or an ordered list, both of which we have throughout our documentation) You probably want it to look something like: * This is my first bullet * This is my second bullet. It is considerably longer than the first and third. In fact, it wraps a line. * This is my third bullet If anything happens to the first line of the second bullet, you have to rewrap a number of lines, and very few plaintext formatters can do this automatically (straight word-wrapping is less of an issue). There's also the fact that markup languages let you embed hyperlinks, etc. I feel that moving back to only plaintext is a step backwards. I don't know much about SGML myself, so I'm not sure I'd want to be stuck maintaining that, but it sounds interesting enough (and it would be nice to have general tools for keeping the documentation formatted, instead of worrying when htmlstrip would next break). -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Shared folders and virtual domains ?
Hi, I am running 2_2 cvs branch with virtual domain support turned on and everything seemd to work fine. I now wanted to move my old installation to the new one and cannot get delivery to shared folders working. If I create a shared folder with cyradm like: $cm sharedfolder I cannot do $sam sharedfolder userdomain lrswipcda and get setaclmailbox: userdomain: lrswipcda: Invalid identifier If I create a shared folder with cyradm like: $cm sharedfolderdomain I can do $sam sharedfolderdomain userdomain lrswipcda and the user can subscribe to the folder and sees it on the same level than his inbox as expected. If I now setup sendmail to send via the cyrusv2 mailer with an address like +sharedfolderdomain I get the following errors in the logs which I do not understand ! What is wrong here ? Nov 15 02:55:33 mail lmtpunix[8259]: [ID 921384 local6.debug] accepted connection Nov 15 02:55:33 mail lmtpunix[8259]: [ID 685068 local6.debug] lmtp connection preauth'd as postman Nov 15 02:55:33 mail lmtpunix[8259]: [ID 152585 local6.error] couldn't create stage directory: : No such file or directory Nov 15 02:55:33 mail lmtpunix[8259]: [ID 519036 local6.error] IOERROR: creating message file 8259-1037325333: No such file or directory Nov 15 02:55:33 mail sendmail[8262]: [ID 801593 mail.info] gAF1rq13008256: to=+sharedfolderdomain, delay=00:01:41, xdelay=00:00:00, mailer=cyrusv2, pri=210378, relay=localhost, dsn=4.2.0, stat=Deferred: 451 4.3.2 cannot create temporary file: No such file or directory ---Christian---
Re: Updating /seen from concurrent sessions
--On Friday, November 15, 2002 12:52 PM +1100 Andrew McNamara [EMAIL PROTECTED] wrote: What's the general feeling on the skiplist implementation used in conjunction with Sun and NetApp's NFS (we're locked in to using this combination for various reasons)? Would you be more or less likely to trust it over db3? In general none of Cyrus will necessarily work over NFS. If you're only accessing the NFS store from a single client, things have a much better chance of working---but I really don't know what semantics Sun's NFS client and NetApp's NFS filer guarantee with regards to mmap() and write(). If it doesn't support mmap() showing changes by write() immediately (Cyrus tests for this in the configure script but the configure script is probably not doodling on an NFS partition) you need to use map_nommap, which is very slow. Berkeley db makes no guarantees of working over NFS. skiplist should work over NFS with a single client and map_nommap. Another question - it looks to me like I have to recompile to switch database types - is this true? The code looks like it would be flexible enough to allow a run-time config option to chose the method with very little modification? It probably could be made a run-time option. Since you need to convert all of the different files, making it an easy run-time switch has never been a priority. It would be possible to flush the seen state more often; it's just a question of how often and when should other imapds look for it. If the imapd already can cope with asynchronous events, I would flush the state after a second or two of inactivity from the client. Failing that, I would probably flush the state before replying to the client (yes, this would hurt performance, although probably not much, particularly if we skip the fsync()). You can't skip the fsync() because the fsync()s are what guarantees that the files will be in a consistent form if the system crashes. (The fsync()s are needed for ordering guarantees of operation. This is true for Berkeley db, skiplist, flat files, whatever.) But this just fixes the OE problem - Cyrus would still have a problem (as far as I can see): all the other copies accessing that mailbox will still have their old seen files open (maybe using skiplist fixes this). The flat-file seen implementation needs to check to see if the file has been renamed under it (and do what?). The flat file database layer (cyrusdb_flat) already knows how to do this at the appropriate time. The caching is being implemented in the seen layer (seen_db.c) not the flat file implementation. To be honest, the flat file seen implementation is way more complicated than I would have thought was worthwhile. My preference would be to not hold the file open, and simply re-write the whole file each time we updated it, renaming the replacement into place (to make the operation atomic - this is also the only synchronous operation). My experience has been that unix is quite happy doing naive things like this while the file remains small (say less than 10k). Whenever there is a change, the flat file does rewrite the entire file. The database layer holds the file open because the database layer assumes that other operations (reads on other keys, things like that). Updates are very frequent, which is why the skiplist implementation can perform better. However, updates can be an order of magnitude more frequent if we're going to write for every flag change. Cyrus is written with the expectation that you will have thousands of simultaneous clients working on tens or hundreds of thousands of mailboxes. I implemented a Postfix map that works this way - for lookups, it simply does a linear read/search of the file. For update, it writes a new file, and moves it into place. Generally this performed much better than more complex schemes such as the Sleepycat DB's - particularly when you consider memory footprint (this was on a machine with about 100k users, handling 10's of messages per second). It doesn't scale when there are frequent updates. That's why we have the database abstraction, so we can choose the file format that does the job most effectively. cyrusdb_flat does exactly this, and it works ok when you don't need frequent updates. Seen state has frequent updates. Larry
Re: Cyrus IMAPd 2.1.10 Released
I feel that moving back to only plaintext is a step backwards. I don't know much about SGML myself, so I'm not sure I'd want to be stuck maintaining that, but it sounds interesting enough (and it would be nice to have general tools for keeping the documentation formatted, instead of worrying when htmlstrip would next break). You could do worse than look at the Python documentation. The production doco is current LaTeX with a bunch of custom macros. HTML, PDF, etc are generated off the master LaTex markup. There is a background project to use SGML (I think), but it's not there yet. Our company (not me personally) looked at doco tools a while back and came to the conclusion that LaTeX was still the best choice out of a bad lot - SGML was the next closest, although the tools were still rather imature. -- Andrew McNamara, Senior Developer, Object Craft http://www.object-craft.com.au/
Re: Updating /seen from concurrent sessions
In general none of Cyrus will necessarily work over NFS. If you're only accessing the NFS store from a single client, things have a much better chance of working--- By single client, do you mean a single NFS client hitting the NFS server? If so, this is guaranteed in our configuration. but I really don't know what semantics Sun's NFS client and NetApp's NFS filer guarantee with regards to mmap() and write(). If it doesn't support mmap() showing changes by write() immediately (Cyrus tests for this in the configure script but the configure script is probably not doodling on an NFS partition) you need to use map_nommap, which is very slow. Actually, the build directory was NFS mounted, but the server was another Solaris machine. I just extracted the mmap tests from configure, and ran them on the test platform, and they passed (for what that's worth). Berkeley db makes no guarantees of working over NFS. It's hard to find any hard information amongst the traditional NFS hysteria. I suspect Sleepycat's warning is there simply because the quality of NFS implementations is often poor, and it involves so many other variables they can't control. While there are real unsolveable problems with NFS, they tend to only kick in when there's packet loss or duplicate on the wire, and we've done everything humanly possible to minimise this in our environment. skiplist should work over NFS with a single client and map_nommap. So, do you mean a single process or a single server (potentially with multiple processes hitting the file). Another question - it looks to me like I have to recompile to switch database types - is this true? The code looks like it would be flexible enough to allow a run-time config option to chose the method with very little modification? It probably could be made a run-time option. Since you need to convert all of the different files, making it an easy run-time switch has never been a priority. It would make life a lot easier in our environment - the build platforms are slow, and a recompile will take me an afternoon. I have very little data stored on the test Cyrus platform, and can afford to nuke it and start again. Having a run-time switch would let me rapidly compare options. If the imapd already can cope with asynchronous events, I would flush the state after a second or two of inactivity from the client. Failing that, I would probably flush the state before replying to the client (yes, this would hurt performance, although probably not much, particularly if we skip the fsync()). You can't skip the fsync() because the fsync()s are what guarantees that the files will be in a consistent form if the system crashes. (The fsync()s are needed for ordering guarantees of operation. This is true for Berkeley db, skiplist, flat files, whatever.) Indeed, however if you are talking about increasing the frequency of writes to the file, and if you retain a few old versions, you will almost certainly get away with it (so, worst case on restart, you try progressively older files). This wouldn't be an answer for critical data, but it may be acceptable for the \Seen state. Shrug. BTW, Linux up until very recently synced way too much data on an fsync() (it behaved more like a sync()). Yet, even after the new improved fsync(), it still doesn't guarantee the file won't be lost (since it doesn't sync the directory entry for the file, only the file data and metadata, whereas the BSDs and Solaris do). This is a massive pain in the arse for MTA authors. But this just fixes the OE problem - Cyrus would still have a problem (as far as I can see): all the other copies accessing that mailbox will still have their old seen files open (maybe using skiplist fixes this). The flat-file seen implementation needs to check to see if the file has been renamed under it (and do what?). The flat file database layer (cyrusdb_flat) already knows how to do this at the appropriate time. The caching is being implemented in the seen layer (seen_db.c) not the flat file implementation. Okay - I'll need to look closer at the code. I'm clearly missing some detail. To be honest, the flat file seen implementation is way more complicated than I would have thought was worthwhile. My preference would be to not hold the file open, and simply re-write the whole file each time we updated it, renaming the replacement into place (to make the operation atomic - this is also the only synchronous operation). My experience has been that unix is quite happy doing naive things like this while the file remains small (say less than 10k). Whenever there is a change, the flat file does rewrite the entire file. The database layer holds the file open because the database layer assumes that other operations (reads on other keys, things like that). Updates are very frequent, which is why the skiplist implementation can perform better. I think my point is that the cost of open() is roughly equivalent to the cost of
question about ctl_cyrusdb
When I restart cyrus server. I found that a process called ctl_cyrusdb was running for a long time . From the log, it seemed that it was recovering the datebase. But it is used nearly ten minutes to recover. Was it normal? Liu Jinhui [EMAIL PROTECTED] 2002-11-15
Re: Updating /seen from concurrent sessions
--On Friday, November 15, 2002 2:40 PM +1100 Andrew McNamara [EMAIL PROTECTED] wrote: In general none of Cyrus will necessarily work over NFS. If you're only accessing the NFS store from a single client, things have a much better chance of working--- By single client, do you mean a single NFS client hitting the NFS server? If so, this is guaranteed in our configuration. Yes. [...] It's hard to find any hard information amongst the traditional NFS hysteria. I suspect Sleepycat's warning is there simply because the quality of NFS implementations is often poor, and it involves so many other variables they can't control. A lot of problems also result when people try to run the application on more than one computer hitting the same NFS server. But things that drive us application writers mad is the idea that rename() can return failure but have actually happened; and if you're trying to write a reliable application, you don't want to rely on the fact that the chance of this is minimized, since you know it's going to happen and you're going to be sorry. skiplist should work over NFS with a single client and map_nommap. So, do you mean a single process or a single server (potentially with multiple processes hitting the file). I would hope it would work with a single server with multiple processes. But I really haven't thought about all the possibilities with NFS. (The return error and succeed problem is just one that springs to mind, and I've never audited the code thinking about that.) Indeed, however if you are talking about increasing the frequency of writes to the file, and if you retain a few old versions, you will almost certainly get away with it (so, worst case on restart, you try progressively older files). This wouldn't be an answer for critical data, but it may be acceptable for the \Seen state. Shrug. Great, now I need to do bookkeeping to do this. Plus on most Unix filesystems, rename() is a more expensive operation than 1 fsync() and probably even 2 fsync()s. And how am I suppose to programmatically determine whether or not a given version is valid? BTW, Linux up until very recently synced way too much data on an fsync() (it behaved more like a sync()). Yet, even after the new improved fsync(), it still doesn't guarantee the file won't be lost (since it doesn't sync the directory entry for the file, only the file data and metadata, whereas the BSDs and Solaris do). This is a massive pain in the arse for MTA authors. Linux ext2 has this metadata problem. ext3 and reiserfs are both suppose to force metadata to disk when fsync() is called, similiar to how softupdates on BSD, Veritas, or most other modern filesystems. I'm willing to bet that I've wasted more time than you have worrying about the semantics of fsync() on various Unix filesystems. I think my point is that the cost of open() is roughly equivalent to the cost of stat() under Solaris - so rather than keep a file open, and stat it periodically to see if it's changed under you, you can close and reopen the file (resulting in simpler code, but similar performance). You need to do the stat() regardless if you want the latest data. By keeping the file open, you potentially amortize the cost of an open(), another fstat (find out the file descriptor of your open'd fd) and an mmap(). All of these have various different costs depending on your platform and your Unix. Keeping the file open costs almost nothing (the cost of the disk space when and if there is write contention). [...] Actually, it scaled better than initially expected - this map type was used specifically for tables that changed very frequently (the pop-before-smtp pre-auth mechanism being a case in point). The only synchronous operation was the rename(). The lookup read()'s would have been pulling the data from the buffer cache, and sequential searches beat more complex schemes every time when the dataset is small (less than 100kB was the figure we found when comparing to things like libdb). The saving in resident set size was critical too - the machine had 4G of RAM, and no more could be fitted. You have one database and weren't fsync()ing the data. Cyrus has thousands of active databases and cares about the reliability of the data. Larry
Re: Updating /seen from concurrent sessions
A lot of problems also result when people try to run the application on more than one computer hitting the same NFS server. But things that drive us application writers mad is the idea that rename() can return failure but have actually happened; and if you're trying to write a reliable application, you don't want to rely on the fact that the chance of this is minimized, since you know it's going to happen and you're going to be sorry. That's certainly the NFS flaw that comes to mind. I happen to agree with you that it's not enough to simply minimise the chances of something untoward happening. I would hope it would work with a single server with multiple processes. But I really haven't thought about all the possibilities with NFS. (The return error and succeed problem is just one that springs to mind, and I've never audited the code thinking about that.) Okay. Your comments are valued. Great, now I need to do bookkeeping to do this. Plus on most Unix filesystems, rename() is a more expensive operation than 1 fsync() and probably even 2 fsync()s. And how am I suppose to programmatically determine whether or not a given version is valid? Mmm. It was a half-baked idea that came from the observation that the flat-file \Seen code was doing renames() anyway. Linux ext2 has this metadata problem. ext3 and reiserfs are both suppose to force metadata to disk when fsync() is called, similiar to how softupdates on BSD, Veritas, or most other modern filesystems. I'm willing to bet that I've wasted more time than you have worrying about the semantics of fsync() on various Unix filesystems. Quite possibly. I've certainly wasted enough time on them over the years. It's hard to prove what a given O/S is doing is correct, even when you have inside knowledge. You need to do the stat() regardless if you want the latest data. By keeping the file open, you potentially amortize the cost of an open(), another fstat (find out the file descriptor of your open'd fd) and an mmap(). All of these have various different costs depending on your platform and your Unix. Mmap is the killer - it often involves a lot of expensive setup within the kernel. I'd tend to think that if you were using mmap() for read access to the file, it probably should be modified in place, rather than renamed. The flat-file \Seen implementation both mmap()'s and renames() and this looks to me like the source of it's pain. But then you need some sort of cheap synchronization scheme. BTW, have you looked at Andrew Tridgell's Trivial Database? It uses mmaped files and spin-locks to achieve good write performance, although I don't think resilience in the face of crashes was a high priority. However the architecture-dependent spin lock code may be handy if you ever decide to follow this route. You have one database and weren't fsync()ing the data. Cyrus has thousands of active databases and cares about the reliability of the data. As it should. -- Andrew McNamara, Senior Developer, Object Craft http://www.object-craft.com.au/
Re: Updating /seen from concurrent sessions
BTW, have you looked at Andrew Tridgell's Trivial Database? It uses mmaped files and spin-locks to achieve good write performance, although I don't think resilience in the face of crashes was a high priority. However the architecture-dependent spin lock code may be handy if you ever decide to follow this route. I intended to include this URL: http://sourceforge.net/projects/tdb/ -- Andrew McNamara, Senior Developer, Object Craft http://www.object-craft.com.au/
Re: question about ctl_cyrusdb
On Fri, 15 Nov 2002, Liu Jinhui wrote: When I restart cyrus server. I found that a process called ctl_cyrusdb was running for a long time . From the log, it seemed that it was recovering the datebase. But it is used nearly ten minutes to recover. Was it normal? Depending on the size of your databases, the database type, and the time since the last checkpoint, yes, this can be normal (and it can go for much longer as well). The best way to reduce this is to decrease the checkpoint interval (the time between when ctl_cyrusdb -c runs). I think the default from the documentation is something like 30 minutes. Busy sites should consider values as short as even 5 minutes. When this has hit us at CMU, it's most frequently been with duplicate.db, and every now and then we just decide to nuke the db rather than wait for it to finish (since the worst that happens is you get a duplicate delivery to someone's mailbox). -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: Re: question about ctl_cyrusdb
Yes, I just finished a test to send fifty thousand mails to user's mailbox. Most of the mails is duplicate delivery. And I also got lots of DB lockers warning during the delivering. And I found there were some backup of DB in the datebase directory. Need I delete them by hand or the system will do a rotate? On Fri, 15 Nov 2002, Liu Jinhui wrote: When I restart cyrus server. I found that a process called ctl_cyrusdb was running for a long time . From the log, it seemed that it was recovering the datebase. But it is used nearly ten minutes to recover. Was it normal? Depending on the size of your databases, the database type, and the time since the last checkpoint, yes, this can be normal (and it can go for much longer as well). The best way to reduce this is to decrease the checkpoint interval (the time between when ctl_cyrusdb -c runs). I think the default from the documentation is something like 30 minutes. Busy sites should consider values as short as even 5 minutes. When this has hit us at CMU, it's most frequently been with duplicate.db, and every now and then we just decide to nuke the db rather than wait for it to finish (since the worst that happens is you get a duplicate delivery to someone's mailbox). -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper = = = = = = = = = = = = = = = = = = = = Ö Àñ£¡ Liu Jinhui [EMAIL PROTECTED] 2002-11-15
Re: Postfix+Cyrus+MySQL please help its been 3 days
Hello, maybe if is possible you have to create the /etc/sasldb file and put in /etc/sasldb saslpasswd secret passwd secret and then you have to take saslpasswd2 cyrus and give him the secret I have /etc/sasldb2 file. I created the cyrus user by # saslpasswd -c cyrus Could you login in web-cyradm ? have you change the line in config.inc.php from cyradm $DOMAIN_AS_PREFIX=1; you need this for unixhierarchysep: yes use you web-cyradm-0.5.2 ? when you logged in in cyradm could you create an user? normal he write this in the DB and wehn you could not connect to imap he tell this with devision by zero error in your quota-section i use web-cryadm and set $DOMAIN_AS_PREFIX=1; i can create a user using web-cryadm but the user can't authenticate either Here is the mysql output: mysql select * from accountuser; ++---+---+---+ | username| password | prefix| domain_name | ++---+---+---+ | cyrus| secret| | | | suleyman.mydomain.local | nFz9wcXuy1Dno | mydomain.local | mydomain.local | ++---+---+---+ 3 rows in set (0.00 sec) I had for few days the same problem but that was a missing entry in mysql-db I hope this was a little help best wishes Achim Thanks for your answers Suley
Re: [Web-cyradm] Postfix+Cyrus+MySQL please help its been 3 days
Hi Suley [..] Here is /etc/pam.d/imap --- authsufficient pam_mysql.so user=mail passwd=secret host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=0 authrequired pam_mysql.so user=mail passwd=secret host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=0 I guess, you have CRYPT=1 in config.inc.php and crypt=0 in pam.d If so, please change pam.d/imap to crypt=1 and encrypt the password in the mysql-db with ENCRYPT(secret) Should help :-) rgds Luc Yes Luc thats right i have CRYPT=1 in config.inc.php But thats another problem because imtest has nothing to do with config.inc.php in pam.d/imap i have CRYPT=0 and i have password 'secret' in clear text for the user cyrus in accountusers table. Suley
