clients that notify upon new mail in folders other than INBOX ?
It seems that one can convince most imap clients to periodically check for new mail in one's inbox. For people who need to monitor not just their inbox, but also a few other (shared) folders, it would be neat if they were notified when new messages arrive in these other folders as well. Any idea which clients support this kind of functionality or how I can implement this ? Thanks, Piet -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Piet RUYSSINCKe-mail: [EMAIL PROTECTED] Unix Systeem Administratie tel: +32 9 264 4733 Directie Informatie- en Communicatietechnologie (ICT) fax: +32 9 264 4994 Universiteit Gent (RUG) Krijgslaan 281, gebouw S9 - 9000 Gent, Belgie -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Please avoid sending me Word or PowerPoint attachments See http://www.fsf.org/philosophy/no-word-attachments.html
Re: clients that notify upon new mail in folders other than INBOX?
Piet Ruyssinck escribió:: It seems that one can convince most imap clients to periodically check for new mail in one's inbox. For people who need to monitor not just their inbox, but also a few other (shared) folders, it would be neat if they were notified when new messages arrive in these other folders as well. Any idea which clients support this kind of functionality or how I can implement this ? Mozilla does this (so Netscape 7 should do the same) don't remember if it's there in 1.01 or surfaced in a later version (I'm currently using 1.2.1). Just right click on the folder you want to monitor, select properties and mark check this folder for new mail. There's also a preference to check all folders for new mail, but there's no GUI interface for it. Just put this line in your user.js user_pref(mail.check_all_imap_folders_for_new, true); Bye -- Luca Olivetti Wetron Automatización S.A. http://www.wetron.es/ Tel. +34 93 5883004 Fax +34 93 5883007
Re: clients that notify upon new mail in folders other than INBOX ?
Piet Ruyssinck schrieb: It seems that one can convince most imap clients to periodically check for new mail in one's inbox. For people who need to monitor not just their inbox, but also a few other (shared) folders, it would be neat if they were notified when new messages arrive in these other folders as well. Any idea which clients support this kind of functionality or how I can implement this ? Mozilla does it if you set this in user.js: // Check for new mail in ALL imap folders user_pref(mail.check_all_imap_folders_for_new, true); AFAIK, Outlook and OE can do it too. Don't know about kmail, evolution... Simon Thanks, Piet -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Piet RUYSSINCKe-mail: [EMAIL PROTECTED] Unix Systeem Administratie tel: +32 9 264 4733 Directie Informatie- en Communicatietechnologie (ICT) fax: +32 9 264 4994 Universiteit Gent (RUG) Krijgslaan 281, gebouw S9 - 9000 Gent, Belgie -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Please avoid sending me Word or PowerPoint attachments See http://www.fsf.org/philosophy/no-word-attachments.html
Re: Cyrus IMAPd 2.1.12 Released
Ilya wrote: you need to change the db.h to #include /usr/local/include/db3/db.h in cyrusdb_db3.c Thank you very much--worked perfectly. Thanks, Chris Scott
Re: imapd's hang when maxchild count is reached
--On Saturday, February 01, 2003 16:34:51 -0500 Lawrence Greenfield [EMAIL PROTECTED] wrote: Probably grabbing the strace and a gdb backtrace of a hung imapd process would help figure out what they're waiting for. Might as well do master, too. OK, I just recreated the situation. The imapd's all hang in a select()-call: [root@lvr1 cyrus]# strace -p 19411 select(1, [0], NULL, NULL, {1729, 93} unfinished ... [root@lvr1 cyrus]# strace -p 19417 select(1, [0], NULL, NULL, {1716, 43} unfinished ... gdb backtraces look like this: 0x402e3bee in __select () from /lib/i686/libc.so.6 (gdb) bt #0 0x402e3bee in __select () from /lib/i686/libc.so.6 #1 0x0811a994 in __DTOR_END__ () #2 0x0808410c in getword () #3 0x0804f37e in cmdloop () #4 0x0804efb2 in service_main () #5 0x0804d6a1 in main () #6 0x40218687 in __libc_start_main (main=0x804cd60 main, argc=1, ubp_av=0xbffecdf4, init=0x804b9e4 _init, fini=0x8098120 _fini, rtld_fini=0x4000dcd4 _dl_fini, stack_end=0xbffecdec) at ../sysdeps/generic/libc-start.c:129 They seem to be the same for all of the processes ... This is still cyrus-imapd 2.1.11. master still responds to POP requests, so I don't think there's anything wrong with it. Does this help in any way? -- Sebastian Hagedorn M.A. - RZKR-R1 (Gebäude 52), Zi. 18, Robert-Koch-Str. 10 Zentrum für angewandte Informatik - Universitätsweiter Service RRZK Universität zu Köln / Cologne University - Tel. +49-221-478-5587 msg10887/pgp0.pgp Description: PGP signature
Re: Anyone using Linux LVM with cyrus?
Ben, We have been using LVM for a while (since 0.7 I believe) and have not had any troubles with it. We have 130,000 users and use reiserfs. Ben Poliakoff wrote: Hi all, We're preparing to roll out a new cyrus mail system which will handle the bulk of our 1700 users' email. The server platform will be redhat linux 7.3 or 8.0. We'd like to use the Linux LVM (at the very least for the mail store itself) so that we can back up the system off of read only snapshots (courtesy of LVM). Has anyone out there used LVM with cyrus imap in an environment as large or larger than 1700 users? If so we'd love to hear about any lessons learned (i.e. Don't do it!) or gotchas... Ben
imaps TLS problem
Hello I installed postfix-2.0.3 + cyrus-sasl-2.1.11 + cyrus-imapd-2.1.11 everything works fine! I use cyrus with service imaps. the problem is with outlook clients, Netscape works fine with it. When a Outlook client is accessing to imaps service, cyrus closes connection and here is hte error: Feb 5 15:37:50 venus master[364]: [ID 392559 local6.debug] about to exec /usr/local/cyrus/bin/imapd Feb 5 15:37:50 venus imaps[364]: [ID 518349 local6.debug] executed Feb 5 15:37:50 venus imapd[364]: [ID 921384 local6.debug] accepted connection Feb 5 15:37:50 venus imapd[364]: [ID 798856 local6.notice] imaps TLS negotiation failed: xiexie.something.it[192.84.x.y] Feb 5 15:37:50 venus imapd[364]: [ID 637875 local6.error] Fatal error: tls_start_servertls() failed Feb 5 15:37:50 venus master[330]: [ID 310780 local6.debug] process 364 exited, status 75 I have no clue about this I have no details on this error. anyone could give me a hint? I cannot force user to use Netscape Messenger instead of Outlook. thank you Rick
ACLs and such
Hi, can I set quotas and ACLs for a user named 'test' like the following ... cm user.test cm user.test.archives otherpartition sq user.test 100 sq user.test.archives 1000 sam user.test.archives test lrswipca ... and nevertheless allow user 'test' to delete mails and folders residing under user.test.archives by default? The point is that the user must not be able to delete his 'archives' folder, but he must be able to freely operate on anything that resides within that folder. The purpose of this is to force users to automatically and transparently move old mail to another partition that physically resides on cheap IDE disks, but to have all mail that's accessed more frequently stored on fast SCSI disks. This would allow to run the server without relevant storage limitations while keeping up excellent performance at relatively low costs. Another approach would be an option to specify by regular expressions that folders with certain names (like 'archive.*') are always created on certain partitions. A more sophisticated implementation of that would additionally allow to specify certain levels of how deeply folders are nested in the hierarchy to decide on what partition the folder is physically stored. Just like that in /etc/imapd.conf: defaultpartition: default partition-default: /var/spool/cyrus/mail partition-newpart: /data-1/newpart foldername-newpart: *archive.* partition-nesting: /data-2/nesting nestlevel-nesting: 5 Thereby, user.test would reside on /var/spool/cyrus/mail, user.test.archive would go to /data-1/newpart, and anything nested deeper than five folders is put to /data-2/nesting. Maybe even a combination of nameing and nesting would be nice, though I currently can't see its practical use. Hm, this could be especially interesting in environments that handle larger numbers of users: partition-usera: /data/usera foldername-usera: user.a* partition-userb: /data/userb foldername-userb: user.b* # ... and so on Further extend this to use some other storage method than direct file-system access, like networked access to another server ... At least, allow to store mails redundantly on a number of partitions for backup purposes or for keeping a cluster of servers in sync :) GH
Re: imaps TLS problem
On Wed, 5 Feb 2003, RJ45 wrote: the problem is with outlook clients, Netscape works fine with it. When a Outlook client is accessing to imaps service, cyrus closes connection and here is hte error: Feb 5 15:37:50 venus imapd[364]: [ID 798856 local6.notice] imaps TLS negotiation failed: xiexie.something.it[192.84.x.y] Feb 5 15:37:50 venus imapd[364]: [ID 637875 local6.error] Fatal error: tls_start_servertls() failed I had the same problem when Cyrus didn't like the tls_ca_file I gave it. Don't know why, but this is the only way it would surface: SSL connections worked fine from the start, but connecting to 143 and using STARTTLS would fail every time. My suggestion is to either remove the line if you're not using client-side certs, or put *only* the CA's cert that signs the client certs in that file. Using RedHat 8.0's /usr/share/ssl/certs/ca-bundle.crt file caused the problem. -- Steve Huston - Unix Systems Administrator, Dept. of Astrophysical Sciences Princeton University | ICBM Address: 40.346525 -74.651285 126 Peyton Hall |On my ship, the Rocinante, wheeling through Princeton, NJ 08544 | the galaxies; headed for the heart of Cygnus, (609) 258-7375 | headlong into mystery. -Rush, 'Cygnus X-1'
Re: cyradm not working on a working cyrus /2.1.112.1.12
On Wed, 5 Feb 2003, Grosswiler Roger wrote: As on version 2.1.11 i get cyrus up und running without any problem - except cyradm. A call of cyradm brings out the mentionned error msg. if i copy shell.pm in the path, a new prompt line results, nothing happens at all. Does anybody know about this issue? Is there another possibility to administer the cyrus mailboxes? error msg: Shell.pm not found @INC (followed by the path list...) System: Redhat 8.0 Sasl: 2.1.11 Berkeley DB: db4 /db4 devel Perl is probably installed in /usr/lib/perl5, but 'make install' for Cyrus IMAPD put things in /usr/local/lib/perl5. My solution was to 'cp -R' the whole thing over the first time, and the next time I installed I just symlinked /usr/local/lib/perl5 to /usr/lib/perl5, so the files would start out in the right place. This worked fine. I also had to remove one of the SASL RPMs, I think using CRAM-MD5 libs or something, or else plaintext passwords would timeout every time (it was trying CRAM first, timing out, then using plaintext). Something else complained that it was required, but whatever it was I didn't need anyway : -- Steve Huston - Unix Systems Administrator, Dept. of Astrophysical Sciences Princeton University | ICBM Address: 40.346525 -74.651285 126 Peyton Hall |On my ship, the Rocinante, wheeling through Princeton, NJ 08544 | the galaxies; headed for the heart of Cygnus, (609) 258-7375 | headlong into mystery. -Rush, 'Cygnus X-1'
Re: Huge Cyrus site (Was:Anyone using Linux LVM with cyrus?)
We don't use quotas yet. :-) Pål Olsen wrote: - Original Message - From: Patrick Boutilier [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, February 05, 2003 2:38 PM Subject: Re: Anyone using Linux LVM with cyrus? Ben, We have been using LVM for a while (since 0.7 I believe) and have not had any troubles with it. We have 130,000 users and use reiserfs. Patric, I've just recently deployed a Cyrus (4.1.11) installation with 4+ users (converted from IMail on W2k). During the convert process I had to use quota -f (as one of the recovery procedures), but it seems that it bails out after aprox 32000 users. And, DELTEs the rest of the quota-files... Do you have the same experience..? Chers, Pål
Re: looking for Cyrus mail format documentation
On Sat, Feb 01, 2003 at 11:31:13AM -0500, Rob Siemborski wrote: On Fri, 31 Jan 2003, Phil Howard wrote: | Of course replicating some things such as seen state will be quite | painful, and you may need to do some hacks to keep uids unique between | the machines. How does Cyrus manage uids? I hope these are not uids in /etc/passwd. No, they're the unique identifier numbers for each message. I believe the problem John was asking about is, what happens if you have, say, an APPEND happen to a mailbox on both servers while they are not in communication with eachother. When they resync, each has a new message with the same unique identifier, but different contents. This isn't a situation that can be recoverd from just be looking at the contents of the filesystem. Doing replicated IMAP stores (espeically geographicly distanct ones) is not an easy problem. All this sounds remarkably similar to the postgres-r database replication problem cf nice paper by Bettina Kemme http://www.cs.mcgill.ca/~kemme/papers/vldb00.html Here it would be client connects to imap server A and says APPEND. Server A then sends APPEND to server A and server B using a group communciation protocol (cf spread) which guarantees the ordering of the commands. Server A and server B then receive the APPEND and do it. If server B received an APPEND at nearly the same time, that APPEND would still appear in the same place in the input queue of both servers = the UID would come out the same. You still have the hard problem of conflict resolution after network partitioning :( Just 2 uninformed cents, Patrick
Re: Case sensitve user/mailbox names
On Tue, Feb 04, 2003 at 10:35:46AM -0700, Kevin P. Fleming wrote: Kerstin Espey wrote: As long as you don't use the option caseful_local_part in the exim router, exim will send all mails to the lowercase mailbox. Regards, Kerstin Exim 4.x does not act this way, but Exim 3.x did. If you don't make specific provisions to supply Cyrus a lowercase local part using Exim 4.x, the messages won't get delivered. I couldn't believe that and just tried it: Subject: testing case From: Patrick Welche [EMAIL PROTECTED] Date: Wed, February 5, 2003 4:38 pm To: [EMAIL PROTECTED] Priority: Normal upErCaSe? % exim -bV Exim version 4.12 #4 built 30-Jan-2003 16:41:01 Copyright (c) University of Cambridge 2002 So I think Kerstin is right... Cheers, Patrick
Re: imapd's hang when maxchild count is reached
Date: Wed, 05 Feb 2003 14:04:38 +0100 From: Sebastian Hagedorn [EMAIL PROTECTED] [...] 0x402e3bee in __select () from /lib/i686/libc.so.6 (gdb) bt #0 0x402e3bee in __select () from /lib/i686/libc.so.6 #1 0x0811a994 in __DTOR_END__ () #2 0x0808410c in getword () #3 0x0804f37e in cmdloop () #4 0x0804efb2 in service_main () #5 0x0804d6a1 in main () #6 0x40218687 in __libc_start_main (main=0x804cd60 main, argc=1, ubp_av=0xbffecdf4, init=0x804b9e4 _init, fini=0x8098120 _fini, rtld_fini=0x4000dcd4 _dl_fini, stack_end=0xbffecdec) at ../sysdeps/generic/libc-start.c:129 They seem to be the same for all of the processes ... This is a totally normal backtrace for waiting for more input from the client. Are you sure that your perl script is working correctly? Larry
Re: imapd's hang when maxchild count is reached
--On Wednesday, February 05, 2003 12:22:06 -0500 Lawrence Greenfield [EMAIL PROTECTED] wrote: They seem to be the same for all of the processes ... This is a totally normal backtrace for waiting for more input from the client. Are you sure that your perl script is working correctly? You are absolutely right, the script is to blame. Sorry. However, there is one thing that's bothering me: when the max number of children has been reached, attempts to connect lead to this: [root@lvr1 root]# telnet cyrus 143 Trying 134.95.19.46... Connected to cyrus. Escape character is '^]'. Wouldn't it be possible (and better) to refuse further connections instead of having to wait for them to time out? Maybe I haven't thought this through properly, but it seems to me as if that were cleaner. Thanks, Sebastian -- Sebastian Hagedorn M.A. - RZKR-R1 (Gebäude 52), Zi. 18, Robert-Koch-Str. 10 Zentrum für angewandte Informatik - Universitätsweiter Service RRZK Universität zu Köln / Cologne University - Tel. +49-221-478-5587 msg10897/pgp0.pgp Description: PGP signature
Re: imapd's hang when maxchild count is reached
Date: Wed, 05 Feb 2003 18:51:35 +0100 From: Sebastian Hagedorn [EMAIL PROTECTED] [...] Wouldn't it be possible (and better) to refuse further connections instead of having to wait for them to time out? Maybe I haven't thought this through properly, but it seems to me as if that were cleaner. Yes, that would be desirable. The easiest way of doing this would be to close the socket used to accept() new connections. However, it's open in all of the children, so closing it is infeasible. The next option would be to have master accept() and then immediately close() the connection. This raises interesting blocking concerns and is thus somewhat harder to implement. Thus the current solution seems acceptable. Larry
Re: looking for Cyrus mail format documentation
Patrick Welche wrote: All this sounds remarkably similar to the postgres-r database replication problem cf nice paper by Bettina Kemme http://www.cs.mcgill.ca/~kemme/papers/vldb00.html Here it would be client connects to imap server A and says APPEND. Server A then sends APPEND to server A and server B using a group communciation protocol (cf spread) which guarantees the ordering of the commands. Server A and server B then receive the APPEND and do it. If server B received an APPEND at nearly the same time, that APPEND would still appear in the same place in the input queue of both servers = the UID would come out the same. You still have the hard problem of conflict resolution after network partitioning :( The issue is not when the two servers can talk -- that is easily solved with techniques such as two phase commit. The problem is when server A and B are not able to communicate and you want both of them to be able to continue taking updates yet build a consistent view of the database once they can communicate. -- John A. Tamplin Unix System Administrator Emory University, School of Public Health +1 404/727-9931
Re: clients that notify upon new mail in folders other than INBOX?
On Wed, 5 Feb 2003, Piet Ruyssinck wrote: their inbox, but also a few other (shared) folders, it would be neat if they were notified when new messages arrive in these other folders as well. Any idea which clients support this kind of functionality or how I can implement this ? If your decision isn't only limited to GUI clients then Pine can do this as well with the help of (unofficial) patches.. http://www.math.washington.edu/~chappa/pine/info/incoming.html
Problems with Drafts and Sent (IMAP)
Hi, I am using Cyrus IMAP v1.5.19 (Debian Woody) as server and Mozilla v1.3a as client. Though I have configured the Drafts folder for drafts and Sent folder for sent items Mozilla can't use them. It works ok to drag'n'drop a mail to the folders, but they can't be accessed when I compose a mail. If I start on a new mail and select save, Mozilla opens a window telling me that: The current command did not succeed. The mail server responded: Mailbox does not exist. I press ok and a new window appears: The current command did not succeed. The mail server responded: Please select a mailbox first. If I create a new mail and press send, Mozilla opens the same windows as above. My user have full rights on the folders. PLEASE HELP ME! /jonas
Net::LMTP returning 354 instead of 250 ...
Morning ... We've been puzzling over this for awhile, and I'm not getting anywhere with it ... have a user that has a vacation setup ... if we send email to them, it goes through out lmtpproxy.pl server and gets passed to the real lmtp server no problem ... if we reply to the 'vacation' message, I get a return code of 354 on the $lmtp-dataend(); command, so the mail fails ... I've attached the email itself (based on what the lmtpproxy is trying to send through ... but can't see anything that stands out ... The server is using postfix for its MTA ... according to the logs, test1 received it as: Feb 5 14:45:42 campus postfix/smtpd[15139]: 5DDD01F851D8: client=garlic.acadiau.ca[131.162.138.193] Feb 5 14:45:42 campus postfix/cleanup[15071]: 5DDD01F851D8: message-id=[EMAIL PROTECTED] Feb 5 14:45:42 campus postfix/qmgr[15070]: 5DDD01F851D8: from=[EMAIL PROTECTED], size=35184, nrcpt=1 (queue active) Feb 5 14:45:42 campus postfix/lmtp[15077]: 5DDD01F851D8: to=[EMAIL PROTECTED], relay=/var/run/socket/lmtp[/var/run/socket/lmtp], delay=0, status=sent (250 2.1.5 Ok) Yes the copy I'm receiving is: Feb 5 14:45:43 campus postfix/smtpd[15145]: 1A2581F85201: client=garlic.acadiau.ca[131.162.138.193] Feb 5 14:45:43 campus postfix/cleanup[15071]: 1A2581F85201: message-id=[EMAIL PROTECTED] Feb 5 14:45:43 campus postfix/qmgr[15070]: 1A2581F85201: from=[EMAIL PROTECTED], size=3799, nrcpt=1 (queue active) Feb 5 14:45:43 campus postfix/lmtp[15074]: 1A2581F85201: to=[EMAIL PROTECTED], relay=/var/run/socket/lmtp[/var/run/socket/lmtp], delay=0, status=sent (250 2.1.5 Ok) Help? Marc G. Fournier [EMAIL PROTECTED] Senior Systems AdministratorAcadia University These are my opinions, which are not necessarily shared by my employer Return-Path: [EMAIL PROTECTED] Received: from garlic.acadiau.ca (garlic.acadiau.ca [131.162.138.193]) by campus.acadiau.ca (Postfix) with ESMTP id 1A55F1F82BF3 for [EMAIL PROTECTED]; Fri, 15 Nov 2002 15:10:36 -0400 (AST) Received: from atelier.acadiau.ca (atelier.acadiau.ca [131.162.138.223]) by garlic.acadiau.ca (8.12.6/8.12.5) with ESMTP id gAFJAZ1d042765 for [EMAIL PROTECTED]; Fri, 15 Nov 2002 15:10:35 -0400 (AST) (envelope-from [EMAIL PROTECTED]) Date: Fri, 15 Nov 2002 15:10:35 -0400 (AST) From: Marc G. Fournier [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: testing the mail system ... In-Reply-To: cmu-sieve-38549-1037387017-0@campus Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by amavisd-milter (http://amavis.org/) X-Spam-Status: No, hits=-4.1 required=5.0 tests=EMAIL_ATTRIBUTION,IN_REP_TO,SPAM_PHRASE_02_03 version=2.41 X-Spam-Level: On Fri, 15 Nov 2002 [EMAIL PROTECTED] wrote: Autogenerated Message: Hello... This is a automated response your email... E-mail is answered Sunday - Thursday in the evening hours. If your request is urgent please call the Helpdesk at 542-4357 or 1-888-609-3330 Thank you Helpdesk Marc G. Fournier [EMAIL PROTECTED] Senior Systems AdministratorAcadia University These are my opinions, which are not necessarily shared by my employer
Re: creating user-mailboxes without cyradm
On Mon, Jan 27, 2003 at 12:28:56PM -0500, Ken Murchison wrote: is there a way to create INBOXes for users by IMAP-commands Sure, read RFC 2060. You'd do tag CREATE user/username How is this dealt with in respect to security and reliability? Just write a script that logs in and automatically creates mailboxes from randomly generated (user-) names until the storage is full. That's sort of making DOS attacks utterly easy. GH
Re: creating user-mailboxes without cyradm
On Wed, 5 Feb 2003, Hans Wilmer wrote: How is this dealt with in respect to security and reliability? Only admins can do this for any username, there is a config option that allows authenticated users to do this for their own mailbox, but no others. Just write a script that logs in and automatically creates mailboxes from randomly generated (user-) names until the storage is full. That's sort of making DOS attacks utterly easy. If your admins are trying to DOS you, you've got bigger problems. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: creating user-mailboxes without cyradm
On Wed, 5 Feb 2003, Hans Wilmer wrote: On Mon, Jan 27, 2003 at 12:28:56PM -0500, Ken Murchison wrote: is there a way to create INBOXes for users by IMAP-commands Sure, read RFC 2060. You'd do tag CREATE user/username How is this dealt with in respect to security and reliability? Just write a script that logs in and automatically creates mailboxes from randomly generated (user-) names until the storage is full. That's sort of making DOS attacks utterly easy. If a cyrus admin wants to DOS attack his/her own server, they're allowed to. If a regular user attempts to create top-level mailboxes, they'll get a NO permission denied or equivalent. Dave -- Dave McMurtrie, Systems Programmer University of Pittsburgh Computing Services and Systems Development, Development Services -- UNIX and VMS Services 717P Cathedral of Learning (412)-624-6413
Re: creating user-mailboxes without cyradm
Hans Wilmer wrote: Sure, read RFC 2060. You'd do tag CREATE user/username How is this dealt with in respect to security and reliability? Just write a script that logs in and automatically creates mailboxes from randomly generated (user-) names until the storage is full. That's sort of making DOS attacks utterly easy. Obviously you have to be authenticated as a user with privileges to create the folders. This is no different than saying you should connect to an IMAP server and append millions of messages -- the answer is still proper authentication and access controls. -- John A. Tamplin Unix System Administrator Emory University, School of Public Health +1 404/727-9931
Re: imapd's hang when maxchild count is reached
I solved this problem a long time ago by passing an environment variable from the master process to the child process when the child process is spawned indicating that the server is full. I used CYRUS_MAXCHILD, and the child process already checks for the CYRUS_VERBOSE variable when it starts in order to properly set the debugging level. If that variable was set, then the child would output an error message indicating that the server was full and to try again later. It would then close the client connection and then exit. A couple things to note: 1) I prefer the client to be notified when the server is full and not simply get connection refused messages or have the email client just sit there, appearing to hang, while the server waits for a connection to become free. 2) My method worked, but it didn't take advantage of the process reuse feature. Basically, the master process only gets one chance to pass an environment variable off to the child process. So, once that variable is set in the child, the child will always believe that the max has been reached. That is why I had the child process go away, as it is basically useless after handling that one connection. 3) If there was a good way for the master to notify the child process on each connection pass (either when passing the connection to an already available child, or when passing the connectioin to a newly spawn child) what the current status of maxchild is, then it would be quite efficient to send the server full messages, close the connection and wait for the master process to hand it another. I don't know enough about how the master and child process communicate to know how to make this work. Scott --On Wednesday, February 05, 2003 12:57 PM -0500 Lawrence Greenfield [EMAIL PROTECTED] wrote: Date: Wed, 05 Feb 2003 18:51:35 +0100 From: Sebastian Hagedorn [EMAIL PROTECTED] [...] Wouldn't it be possible (and better) to refuse further connections instead of having to wait for them to time out? Maybe I haven't thought this through properly, but it seems to me as if that were cleaner. Yes, that would be desirable. The easiest way of doing this would be to close the socket used to accept() new connections. However, it's open in all of the children, so closing it is infeasible. The next option would be to have master accept() and then immediately close() the connection. This raises interesting blocking concerns and is thus somewhat harder to implement. Thus the current solution seems acceptable. Larry -- +---+ Scott W. Adkinshttp://www.cns.ohiou.edu/~sadkins/ UNIX Systems Engineer mailto:[EMAIL PROTECTED] ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 +---+ PGP Public Key available at http://www.cns.ohiou.edu/~sadkins/pgp/ msg10910/pgp0.pgp Description: PGP signature
Re: Anyone using Linux LVM with cyrus?
We are using LVM to give the ability to add disk space and expand our reiserfs when necessary. We are using LVM on top of hardware RAID 5 so as long as 2 disks don't fail at once we should be OK. Hans Wilmer wrote: On Wed, Feb 05, 2003 at 09:38:30AM -0400, Patrick Boutilier wrote: We have been using LVM for a while (since 0.7 I believe) and have not had any troubles with it. We have 130,000 users and use reiserfs. Are you using LVM to mirror the mail storage or to improve performance? Did you ever have to recover from broken-down harddisks or so? GH
Re: imapd's hang when maxchild count is reached
On Wed, 05 Feb 2003 15:21:26 -0500 Scott Adkins [EMAIL PROTECTED] wrote: I solved this problem a long time ago by passing an environment variable from the master process to the child process when the child process is spawned indicating that the server is full. I used CYRUS_MAXCHILD, and the child process already checks for the CYRUS_VERBOSE variable when it starts in order to properly set the debugging level. If that variable was set, then the child would output an error message indicating that the server was full and to try again later. It would then close the client connection and then exit. A couple things to note: 1) I prefer the client to be notified when the server is full and not simply get connection refused messages or have the email client just sit there, appearing to hang, while the server waits for a connection to become free. 2) My method worked, but it didn't take advantage of the process reuse feature. Basically, the master process only gets one chance to pass an environment variable off to the child process. So, once that variable is set in the child, the child will always believe that the max has been reached. That is why I had the child process go away, as it is basically useless after handling that one connection. 3) If there was a good way for the master to notify the child process on each connection pass (either when passing the connection to an already available child, or when passing the connectioin to a newly spawn child) what the current status of maxchild is, then it would be quite efficient to send the server full messages, close the connection and wait for the master process to hand it another. I don't know enough about how the master and child process communicate to know how to make this work. Scott Now that you're discussing the mechanisms to refuse new connections politely because of some condition, i would like to suggest another condition to check: system loadavg. Some programs (sendmail for example) know how to reject connections if loadavg is = some admin defined value. -- Jure Pecar
Re: imapd's hang when maxchild count is reached
-- Stephen L. Ulmer [EMAIL PROTECTED] is rumored to have mumbled on Mittwoch, 5. Februar 2003 16:57 Uhr -0500 regarding Re: imapd's hang when maxchild count is reached: Hmmm... what does Sendmail do? It's got lots of children, but still manages to refuse connections when it gets busy (RefuseLA)... I kinda like that behavior. Yes, but there are potential problems with it. I'm currently in discussion with Claus Assmann and the Red Hat support. 8.12.7 under Advanced Server has in several cases apparently lost signals in this situation. As a consequence sendmail permanently stopped accepting connections after delaying them ... -- Sebastian Hagedorn M.A. - RZKR-R1 (Flachbau), Zi. 18, Robert-Koch-Str. 10 Zentrum für angewandte Informatik - Universitätsweiter Service RRZK Universität zu Köln / Cologne University - Tel. +49-221-478-5587 msg10914/pgp0.pgp Description: PGP signature
Re: imapd's hang when maxchild count is reached
From: Stephen L. Ulmer [EMAIL PROTECTED] Date: Wed, 05 Feb 2003 16:57:15 -0500 [...] Hmmm... what does Sendmail do? It's got lots of children, but still manages to refuse connections when it gets busy (RefuseLA)... I kinda like that behavior. I definitely like it better than keeping more and more sockets open. Sendmail only accepts new connections in the parent process. When the LA goes over RefuseLA, it closes the socket. In order to reopen the socket, the parent always has root privs. (The cyrus master process changes to cyrus from root very early on.) So Sendmail's scheme doesn't work for us. I took a look at a random version of Postfix, and I'm pretty sure it does what we do now (build up the system listen queue). I also agree that it's more user friendly to quickly deny service. I contemplated having a special child to deny service (something like what Ohio has implemented) but it seems tricky. (Imagine the # of processes bouncing right next to the limit.) I definitely would like to avoid forking for every new connection once we're over the limit, since that will just strain the system after we're already heavily loaded. Larry
Re: imapd's hang when maxchild count is reached
Hmmm... what does Sendmail do? It's got lots of children, but still manages to refuse connections when it gets busy (RefuseLA)... I kinda like that behavior. I definitely like it better than keeping more and more sockets open. -- Stephen L. Ulmer [EMAIL PROTECTED] Senior Systems Programmer http://www.ulmer.org/ Northeast Regional Data Center VOX: (352) 392-2061 University of Florida FAX: (352) 392-9440 It may not prefork it's processes. The master process could accept the connection, fork, closes the socket (the child is now servicing it), and go back into a listen state. Therefore the master process can choose to reject connections without any coordination from the children. Children then have a service life of one connection and that's it. They could also use a technique where a master process can pass file (socket) descriptors down to a child via a unix domain socket using sendmsg() or recvmsg(). In this case the master accepts the connection, passes the descriptor to a child via sendmsg(), closes the socket (the child should now be servicing it), and goes back to listening. Either way, in the above, the master process is the only process that actually accepts the connections. I'm not sure how sendmail actually does it though, the above is purely speculation... Jeremy
Re: creating user-mailboxes without cyradm
On Wed, Feb 05, 2003 at 02:13:55PM -0500, Rob Siemborski wrote: How is this dealt with in respect to security and reliability? Only admins can do this for any username, there is a config option that allows authenticated users to do this for their own mailbox, but no others. Ah! THX, I've tried it now and found it working as it should :) full. That's sort of making DOS attacks utterly easy. If your admins are trying to DOS you, you've got bigger problems. Well, I'm always using the latest lart from cvs, in a prophylactic manner ;) GH
Re: imapd's hang when maxchild count is reached
On Wed, 5 Feb 2003, Jeremy Rumpf wrote: Hmmm... what does Sendmail do? It's got lots of children, but still manages to refuse connections when it gets busy (RefuseLA)... I kinda like that behavior. I definitely like it better than keeping more and more sockets open. -- Stephen L. Ulmer [EMAIL PROTECTED] Senior Systems Programmer http://www.ulmer.org/ Northeast Regional Data Center VOX: (352) 392-2061 University of Florida FAX: (352) 392-9440 It may not prefork it's processes. The master process could accept the connection, fork, closes the socket (the child is now servicing it), and go back into a listen state. Therefore the master process can choose to reject connections without any coordination from the children. Children then have a service life of one connection and that's it. They could also use a technique where a master process can pass file (socket) descriptors down to a child via a unix domain socket using sendmsg() or recvmsg(). In this case the master accepts the connection, passes the descriptor to a child via sendmsg(), closes the socket (the child should now be servicing it), and goes back to listening. This is not very portable. ;( Either way, in the above, the master process is the only process that actually accepts the connections. I'm not sure how sendmail actually does it though, the above is purely speculation... Jeremy -- Igor
Re: Anyone using Linux LVM with cyrus?
On Wed, Feb 05, 2003 at 04:36:03PM -0400, Patrick Boutilier wrote: We are using LVM to give the ability to add disk space and expand our reiserfs when necessary. Is it possible to add disc space with ext3fs and LVM, too? We are using LVM on top of hardware RAID 5 so as long as 2 disks don't fail at once we should be OK. Hm, sounds nice :) To be more specific, what I've in mind is a setup like that, for 60--100 users: + 18 or 36 GB SCSI: system itselfe and about 20--25 GB /var for incoming/outgoing mail (incl. virus scanning) and the more actively used part of the cyrus mail store, quota of about 100 MB/user or 10 GB shared by the user.* hierarchy on it + 120 GB IDE to keep another cyrus mail store partition (archive) Users should move older mail from the default partition to the archive. Some shared folders will probably reside on the IDE discs, too. The archives will provide a quota of 1 GB/user. Two identical 120 GB IDE discs should be used to keep and mirror the archive. The SCSI disc should be mirrored also (at least the /var partition), though I'm not sure yet whether it's better to use a second SCSI disc for that or if it's a good idea to divide the IDEs into partitions of 100 GB and 20 GB each, so that the SCSI disc can be mirrored to the 20 GB partitions on the IDEs. Daily backups will probably be done to another 120 GB IDE disc. I'll use ext3fs for all partitions --- reiserfs or even xfs may have advantages, but I like ext3 more, and the expected number of files that have to be handled should be still ok for ext3. Is this a reasonable setup, and can it reliably be done with LVM? Or is it better to use raidtools2 for it? Or would you suggest to use hardware IDE RAID instead, maybe by forgoing SCSI? Any suggestions are appreciated --- I don't know how flexible LVM can make things, so a totally different setup might be even better. GH
Re: ACLs and such
On Wed, 5 Feb 2003, Hans Wilmer wrote: cm user.test cm user.test.archives otherpartition sq user.test 100 sq user.test.archives 1000 sam user.test.archives test lrswipca ... and nevertheless allow user 'test' to delete mails and folders residing under user.test.archives by default? The point is that the user must not be able to delete his 'archives' folder, but he must be able to freely operate on anything that resides within that folder. So, Offhand, I think the rest of your mail is to special purpose for general use, but I'll address this part of it, since its been brought up before. Part of the design of cyrus includes the assumption that it's a bigger helpdesk headache when users blow away their own acls (and lose access) than it is if they are actually held bound to them. Therefore, within a user's mailbox hierarchy, you cannot remove full rights for that user. There are various arguments against this, and I think the final decision was that we look at an implicit rights patch, whereby admins could specify what rights their users had on their mailboxes implicitly (and I seem to remember Ken even made one), but I can't locate it right now. Ken? -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: Renaming user mailboxes
I just got 2.2 up and running and the only major thing left to do is to move users from user.user1 to [EMAIL PROTECTED] the rename function in cyradmin does not work (same error as original poster). Is there any way for me to get this done? move user dirs manually and try reconstruct? On Sat, Feb 01, 2003 at 04:17:53PM -0500, Rob Siemborski wrote: On Sat, 1 Feb 2003, Henrique de Moraes Holschuh wrote: Hmm... It works on subfolders, but not on the top-level (INBOX) ones here, either. Urk, I didn't know that. However, I am SURE I did this at work, with INBOX folders, to move them across partitions. Although I am not sure I changed their names as well as moving them across partitions... Renaming users is more complicated since it involves sieve scripts, seen state, etc. Also, any ACLs on other mailboxes suddenly are invalid if you change a username. 2.2 has some support for this. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Change hostname
Hi All I Setup cyrus successfully on a linux redhat server it worked all fine. I changed the machine hostname and i can not login to cyradm anymore, i can not even access my email, does any one know how to solve the problem. Many thanks in advance _ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
Re: ACLs and such
Rob Siemborski wrote: On Wed, 5 Feb 2003, Hans Wilmer wrote: cm user.test cm user.test.archives otherpartition sq user.test 100 sq user.test.archives 1000 sam user.test.archives test lrswipca ... and nevertheless allow user 'test' to delete mails and folders residing under user.test.archives by default? The point is that the user must not be able to delete his 'archives' folder, but he must be able to freely operate on anything that resides within that folder. So, Offhand, I think the rest of your mail is to special purpose for general use, but I'll address this part of it, since its been brought up before. Part of the design of cyrus includes the assumption that it's a bigger helpdesk headache when users blow away their own acls (and lose access) than it is if they are actually held bound to them. Therefore, within a user's mailbox hierarchy, you cannot remove full rights for that user. There are various arguments against this, and I think the final decision was that we look at an implicit rights patch, whereby admins could specify what rights their users had on their mailboxes implicitly (and I seem to remember Ken even made one), but I can't locate it right now. Ken? Its in the 2.2 branch. Its probably possible to backport it, but IIRC we discussed this and decided that 2.1 was in feature freeze. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Renaming user mailboxes
Ilya wrote: I just got 2.2 up and running and the only major thing left to do is to move users from user.user1 to [EMAIL PROTECTED] the rename function in cyradmin does not work (same error as original poster). Is there any way for me to get this done? Did you set 'allowusermoves: yes' in imapd.conf? move user dirs manually and try reconstruct? On Sat, Feb 01, 2003 at 04:17:53PM -0500, Rob Siemborski wrote: On Sat, 1 Feb 2003, Henrique de Moraes Holschuh wrote: Hmm... It works on subfolders, but not on the top-level (INBOX) ones here, either. Urk, I didn't know that. However, I am SURE I did this at work, with INBOX folders, to move them across partitions. Although I am not sure I changed their names as well as moving them across partitions... Renaming users is more complicated since it involves sieve scripts, seen state, etc. Also, any ACLs on other mailboxes suddenly are invalid if you change a username. 2.2 has some support for this. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: ACLs and such
On Wed, 5 Feb 2003, Ken Murchison wrote: Its in the 2.2 branch. Its probably possible to backport it, but IIRC we discussed this and decided that 2.1 was in feature freeze. Yeah, that makes sense. Need to go get my memory checked ;) -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: Renaming user mailboxes
yes of course that worked perfect. for some reason when I downloaded CVS version of 2.2 imapd.conf.5 was missing from there. I looked at CVS Web, but latest imapd.conf.5 there does not have any reference to virtualdomains or allowusermoves i noticed that last message for cyrus_imap_2_2 is that file was removed/merged. did smth go wrong? On Wed, Feb 05, 2003 at 08:52:43PM -0500, Ken Murchison wrote: Ilya wrote: I just got 2.2 up and running and the only major thing left to do is to move users from user.user1 to [EMAIL PROTECTED] the rename function in cyradmin does not work (same error as original poster). Is there any way for me to get this done? Did you set 'allowusermoves: yes' in imapd.conf? move user dirs manually and try reconstruct? On Sat, Feb 01, 2003 at 04:17:53PM -0500, Rob Siemborski wrote: On Sat, 1 Feb 2003, Henrique de Moraes Holschuh wrote: Hmm... It works on subfolders, but not on the top-level (INBOX) ones here, either. Urk, I didn't know that. However, I am SURE I did this at work, with INBOX folders, to move them across partitions. Although I am not sure I changed their names as well as moving them across partitions... Renaming users is more complicated since it involves sieve scripts, seen state, etc. Also, any ACLs on other mailboxes suddenly are invalid if you change a username. 2.2 has some support for this. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Renaming user mailboxes
imapd.conf.5 is generated at build time now, it ensures that the documentation stays up to date with the actual config options. On Wed, 5 Feb 2003, Ilya wrote: yes of course that worked perfect. for some reason when I downloaded CVS version of 2.2 imapd.conf.5 was missing from there. I looked at CVS Web, but latest imapd.conf.5 there does not have any reference to virtualdomains or allowusermoves i noticed that last message for cyrus_imap_2_2 is that file was removed/merged. did smth go wrong? On Wed, Feb 05, 2003 at 08:52:43PM -0500, Ken Murchison wrote: Ilya wrote: I just got 2.2 up and running and the only major thing left to do is to move users from user.user1 to [EMAIL PROTECTED] the rename function in cyradmin does not work (same error as original poster). Is there any way for me to get this done? Did you set 'allowusermoves: yes' in imapd.conf? move user dirs manually and try reconstruct? On Sat, Feb 01, 2003 at 04:17:53PM -0500, Rob Siemborski wrote: On Sat, 1 Feb 2003, Henrique de Moraes Holschuh wrote: Hmm... It works on subfolders, but not on the top-level (INBOX) ones here, either. Urk, I didn't know that. However, I am SURE I did this at work, with INBOX folders, to move them across partitions. Although I am not sure I changed their names as well as moving them across partitions... Renaming users is more complicated since it involves sieve scripts, seen state, etc. Also, any ACLs on other mailboxes suddenly are invalid if you change a username. 2.2 has some support for this. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: Change hostname
You might have to recreate your account in the sasldb2 user database as each email account is marked with the old hostname. Hence, the IMAP server thinks that you are not an authenticated user when you attempt to login. Also, you might have to change the hostname parameter in your IMAP config file depending on how you set up your server. Hope it helped Quoting test s [EMAIL PROTECTED]: Hi All I Setup cyrus successfully on a linux redhat server it worked all fine. I changed the machine hostname and i can not login to cyradm anymore, i can not even access my email, does any one know how to solve the problem. Many thanks in advance _ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
Re: looking for Cyrus mail format documentation
On Tue, Feb 04, 2003 at 10:49:21AM -0500, Rob Siemborski wrote: | Well, for one, this requires change to Cyrus, which Phil doesn't seem to | want to do. As long as the change is simple, I would not mind doing so. Making the UID so UID % NumberOfServers == ServerID holds true should be easy and simple. Making them catch up when they are in communication might not be. The replicator would have to have a means to step the UID. Maybe that's easy. I just don't know (yet). | Also, it still doesn't solve the problem of flag changes. And that certainly can be an issue. -- - | Phil Howard - KA9WGN | Dallas | http://linuxhomepage.com/ | | [EMAIL PROTECTED] | Texas, USA | http://ka9wgn.ham.org/| -
Re: looking for Cyrus mail format documentation
On Wed, Feb 05, 2003 at 11:41:12AM +0900, Mark Keasling wrote: | It sounds like you may need to design a distributed mailstore that will | satisfy both your requirements and those of IMAP and then implement a | server around that mailstore. That was my original plan to do on top of Maildir. But that plan had flaws not only in that Cyrus didn't support it (some other needs suggested Cyrus to be a better solution), but that Maildir is not really very good for an IMAP mailstore for performance reasons (also important). -- - | Phil Howard - KA9WGN | Dallas | http://linuxhomepage.com/ | | [EMAIL PROTECTED] | Texas, USA | http://ka9wgn.ham.org/| -
Re: looking for Cyrus mail format documentation
On Tue, Feb 04, 2003 at 09:35:34PM -0800, David Lang wrote: | you stated that you want to have the outside box act as a secondary MX for | the inside one, if you do this and accept the extra bandwidth used then | you could still do this and have the mail only delivered to the inside box | and then replicated out to the outside one. That would result in doubling the bandwidth on the inside server connection since it would be dealing with the mail first coming in to the MX, then being replicated back out to the other server. By delivering outside mail to the outside server first, the only bandwidth usage is replicating to the inside server (reverse the scenario for mail originating inside). | this doesn't solve the problem of changing flags, but does solve the | problem of getting the messages in correctly. | | for the flags the real question is do you HAVE to allow them to be updated | when the primary can't be reached? or can your users tolorate being able | to see their mail, but not have the flags change if you have a connection | problem? (or possibly allow some flags to be changed and queued up, seen | flags can be reconsiled by changing both sides to the the or of the two | when they reconnect, deletes can be queued and processed later, etc) If there was a way to track when the flags got changed. I feel it's OK to trust the clocks on the servers, and simply decide which flag state prevails based on which has the later timestamp. But I bet that metadata isn't in the current mailstore design. -- - | Phil Howard - KA9WGN | Dallas | http://linuxhomepage.com/ | | [EMAIL PROTECTED] | Texas, USA | http://ka9wgn.ham.org/| -