Ãâ·ÑÌṩ¡¶2003ÖÐСÆóÒµÁ¢ÌåÓªÏú½â¾ö·½°¸¡·

[ÕÅÖ¾´ï]

  2003中小企业立体营销解决方案（一）
-
 【网站建设维护推广全包--598元】

  1个国际顶级域名（.com任你挑选)
  10页超酷网页精心制作（例如:公司介绍、产品介绍等）
  50M虚拟主机高速稳定，智能备份永不丢失。
  一年五次免费精心维护（及时变更：文字、图片、链接）
  免费在线推广，全球商务信息发布。
  免费DNS修改，免费上传，5天之内制作完成。
  免费赠送2个10M企业邮箱。

  中国最低价格，超值不容错过！
-
 【全球商务信息发布全包--380元】
 【全球搜索引擎排名登录--300元】

  在全球近千个商务网站上做信息发布，迅速打开市场。
  在全球近百个搜索引擎上排名靠前，让你的客户轻松找到你。 
  无数企业验证成功的不二法门，先人一步，抢占先机。

  2003最佳营销利器，总能带来意外惊喜！
 
 21世纪中华信网垂询电话：010-82012830
 http://www.21cn-china.com 

如果这封邮件打扰您了，烦请随手删掉，并请见谅。若您不希望再次收到我们的邮件，请点击这里。

how to proxy for a user [was Re: Geographically Redundant mail stores]

[Luca Olivetti]

Ken Murchison wrote:

When you authenticate, you need to use a SASL mech which supports
proxying.  Look at doc/mechanisms.html in the SASL distro for a complete
list.  In your case, you should be able to use at least PLAIN (you can
use others if using OpenLDAP 2.2's auxprop plugin).  Here's how you'd
authenticate as 'cyrus' and login as 'test' using imtest and cyradm:
I'm using saslauthd (readme.html says that PLAIN uses saslauthd), 
mechanisms.html says that PLAIN can proxy, I have in my imapd.conf

sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
but

imtest -a cyrus -u test -m plain localhost
tells me that plain is not available:

$ imtest -a cyrus -u luca -m plain localhost
S: * OK saturn.wetron.local Cyrus IMAP4 v2.1.12-Mandrake-RPM-2.1.12-1mdk 
server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS 
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT 
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS LISTEXT 
LIST-SUBSCRIBED ANNOTATEMORE X-NETSCAPE
S: C01 OK Completed
C: A01 AUTHENTICATE PLAIN
S: A01 NO no mechanism available
Authentication failed. generic failure
Security strength factor: 0

While I see this message in the logs:

PLAIN [SASL(-4): no mechanism available: security flags do not match 
required]

The plain pluging *is* installed (in fact I couldn't login to sieve 
without it):

$ telnet localhost sieve
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
"IMPLEMENTATION" "Cyrus timsieved v2.1.12-Mandrake-RPM-2.1.12-1mdk"
"SASL" "PLAIN"
"SIEVE" "fileinto reject envelope vacation imapflags notify subaddress 
relational regex"
"STARTTLS"
OK



Note that if I omit the "-m plain" it will logs me in as user cyrus (so 
no proxy):

$ imtest -a cyrus -u luca localhost
S: * OK saturn.wetron.local Cyrus IMAP4 v2.1.12-Mandrake-RPM-2.1.12-1mdk 
server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS 
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT 
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS LISTEXT 
LIST-SUBSCRIBED ANNOTATEMORE X-NETSCAPE
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN cyrus {7}
S: + go ahead
C: 
S: L01 OK User logged in
Authenticated.
Security strength factor: 0

cyradm --user cyrus --authz test --auth plain localhost
Will log me in as user cyrus (no proxy) (I gave the same password for 
user cyrus to both prompts):

$ cyradm --user cyrus --authz luca --auth plain localhost
Password:
IMAP Password:
localhost.localdomain> lm INBOX
localhost.localdomain> lm user.luca
user.luca (\HasChildren)
localhost.localdomain>


Bye
--
Luca Olivetti
Wetron Automatización S.A. http://www.wetron.es/
Tel. +34 93 5883004  Fax +34 93 5883007

Re: how to proxy for a user [was Re: Geographically Redundant mailstores]

[Marco Colombo]

On Wed, 19 Mar 2003, Luca Olivetti wrote:

> Ken Murchison wrote:
> 
> > When you authenticate, you need to use a SASL mech which supports
> > proxying.  Look at doc/mechanisms.html in the SASL distro for a complete
> > list.  In your case, you should be able to use at least PLAIN (you can
> > use others if using OpenLDAP 2.2's auxprop plugin).  Here's how you'd
> > authenticate as 'cyrus' and login as 'test' using imtest and cyradm:
> 
> I'm using saslauthd (readme.html says that PLAIN uses saslauthd), 
> mechanisms.html says that PLAIN can proxy, I have in my imapd.conf
> 
> sasl_pwcheck_method: saslauthd
> sasl_mech_list: PLAIN
> 
> 
> but
> 
> > 
> > imtest -a cyrus -u test -m plain localhost
> 
> tells me that plain is not available:
> 
> $ imtest -a cyrus -u luca -m plain localhost
> S: * OK saturn.wetron.local Cyrus IMAP4 v2.1.12-Mandrake-RPM-2.1.12-1mdk 
> server ready
> C: C01 CAPABILITY
> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS 
> NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT 
> THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS LISTEXT 
> LIST-SUBSCRIBED ANNOTATEMORE X-NETSCAPE
> S: C01 OK Completed
> C: A01 AUTHENTICATE PLAIN
> S: A01 NO no mechanism available
> Authentication failed. generic failure
> Security strength factor: 0
> 

There's no AUTH=xxx entry, so there are *no* available mechs at this
point. AFAIK, unsafe mechs (the ones that send passwords in cleartext
over the net) are disabled by default. There're enabled if the client
requests a TLS connection via STARTTLS.

Here's the output of similar commands here (this is a test installation
so don't be surprised by the number of available mechs B-)):

$ imtest -m plain -a cyrus -u marco devel
S: * OK devel.ESI Cyrus IMAP4 v2.1.12 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS 
ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT 
THREAD=REFERENCES IDLE STARTTLS AUTH=SRP AUTH=OTP AUTH=NTLM AUTH=DIGEST-MD5 
AUTH=CRAM-MD5 AUTH=GSSAPI X-NETSCAPE
S: C01 OK Completed
C: A01 AUTHENTICATE PLAIN
S: A01 NO no mechanism available
Authentication failed. generic failure
Security strength factor: 0
C: Q01 LOGOUT
Connection closed.

But, with SSL/TLS:

$ imtest -s -m plain -a cyrus -u marco devel
verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher DES-CBC3-SHA (168/168 bits)
S: * OK devel.ESI Cyrus IMAP4 v2.1.12 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS 
ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT 
THREAD=REFERENCES IDLE STARTTLS AUTH=SRP AUTH=PLAIN AUTH=LOGIN AUTH=OTP AUTH=NTLM 
AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=GSSAPI X-NETSCAPE
S: C01 OK Completed
C: A01 AUTHENTICATE PLAIN
S: + 
Please enter your password: 
C: bWFyY28AY3lydXMAY3lydXM=
S: A01 OK Success (tls protection)
Authenticated.
Security strength factor: 168
. logout
* BYE LOGOUT received
. OK Completed
Connection closed.


The password I typed was the one of 'cyrus' (which is listed in admins:
in this test installation), but the user who logged in was 'marco':

Mar 19 10:27:05 devel imapd[31837]: starttls: TLSv1 with cipher DES-CBC3-SHA (168/168 
bits new) no authentication
Mar 19 10:27:08 devel imapd[31837]: login: devel.ESI[127.0.0.1] marco PLAIN+TLS User 
logged in


> Note that if I omit the "-m plain" it will logs me in as user cyrus (so 
> no proxy):
> 
> $ imtest -a cyrus -u luca localhost
> S: * OK saturn.wetron.local Cyrus IMAP4 v2.1.12-Mandrake-RPM-2.1.12-1mdk 
> server ready
> C: C01 CAPABILITY
> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS 
> NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT 
> THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS LISTEXT 
> LIST-SUBSCRIBED ANNOTATEMORE X-NETSCAPE
> S: C01 OK Completed
> Please enter your password:
> C: L01 LOGIN cyrus {7}
> S: + go ahead
> C: 
> S: L01 OK User logged in
> Authenticated.
> Security strength factor: 0

That was the LOGIN command, not AUTHENTICATE. I think it bypasses
SASL checks in some ways.

> > cyradm --user cyrus --authz test --auth plain localhost
> 
> Will log me in as user cyrus (no proxy) (I gave the same password for 
> user cyrus to both prompts):
> 
> $ cyradm --user cyrus --authz luca --auth plain localhost
> Password:
> IMAP Password:
> localhost.localdomain> lm INBOX
> localhost.localdomain> lm user.luca
> user.luca (\HasChildren)
> localhost.localdomain>

$ cyradm --authz marco --user cyrus localhost
Password: 
devel.ESI> lm
INBOX (\HasChildren)  INBOX.test2 (\HasNoChildren)  
INBOX.test (\HasNoChildren)   
devel.ESI> quit

Again, the password I typed was the one of 'cyrus', yet:

Mar 19 10:36:07 devel imapd[31845]: login: devel.ESI[127.0.0.1] marco SRP User logged 
in

I wasn't able to test PLAIN, because I don't know how to tell cyradm
to use TLS.

Re: how to proxy for a user [was Re: Geographically Redundant mailstores]

[Luca Olivetti]

Marco Colombo wrote:

There's no AUTH=xxx entry, so there are *no* available mechs at this
point. AFAIK, unsafe mechs (the ones that send passwords in cleartext
over the net) are disabled by default. There're enabled if the client
requests a TLS connection via STARTTLS.
Thanks, you're right, if I use -s or -t it works.
What's strange that now I RTFM and put an "allowplaintext: yes" (also 
tried "allowplaintext: true") in imapd.conf (not a security problem 
since it accepts plaintext connections only from localhost) and still it 
doesn't advertise AUTH=PLAIN:

$ telnet localhost imap
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
* OK saturn.wetron.local Cyrus IMAP4 v2.1.12-Mandrake-RPM-2.1.12-1mdk 
server ready
1 capability
* CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS 
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT 
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS LISTEXT 
LIST-SUBSCRIBED ANNOTATEMORE X-NETSCAPE
1 OK Completed
2 logout
* BYE LOGOUT received
2 OK Completed
Connection closed by foreign host.

Of course I restarted master after editing imapd.conf
I also tried adding "sasl_miminum_layer: 0" but that changed nothing 
(and it should be the default).

[]
$ cyradm --authz marco --user cyrus localhost
Password: 
devel.ESI> lm
INBOX (\HasChildren)  INBOX.test2 (\HasNoChildren)  
INBOX.test (\HasNoChildren)   
devel.ESI> quit

Again, the password I typed was the one of 'cyrus', yet:

Mar 19 10:36:07 devel imapd[31845]: login: devel.ESI[127.0.0.1] marco SRP User logged in

I wasn't able to test PLAIN, because I don't know how to tell cyradm
to use TLS.
It seems there isn't a documented way.

Bye

--
Luca Olivetti
Wetron Automatización S.A. http://www.wetron.es/
Tel. +34 93 5883004  Fax +34 93 5883007

New installation question

[Jason Crummack]

Hi all,

I've recently installed cyrus imap 2.1.12 on to one of our servers, I
believe that i've done all the necessary configuration tasks yet when I
try and run /usr/cyrus/bin/master the following errors are seen in
syslog 

Mar 19 12:13:01 maya master[26543]: setrlimit: Unable to set file
descriptors limit to -1: Operation not permitted
Mar 19 12:13:01 maya master[26543]: retrying with 1024 (current max)
Mar 19 12:13:01 maya master[26543]: process started
Mar 19 12:13:01 maya master[26544]: about to exec
/usr/cyrus/bin/ctl_cyrusdb
Mar 19 12:13:01 maya ctl_cyrusdb[26544]: recovering cyrus databases
Mar 19 12:13:01 maya ctl_cyrusdb[26544]: DBERROR db4: Invalid log file:
log.01: No such file or directory
Mar 19 12:13:01 maya ctl_cyrusdb[26544]: DBERROR db4: PANIC: No such
file or directory
Mar 19 12:13:01 maya ctl_cyrusdb[26544]: DBERROR: critical database
situation
Mar 19 12:13:01 maya master[26543]: process 26544 exited, status 75 
Mar 19 12:13:01 maya master[26543]: ready for work
Mar 19 12:13:01 maya master[26545]: about to exec
/usr/cyrus/bin/ctl_cyrusdb
Mar 19 12:13:01 maya ctl_cyrusdb[26545]: checkpointing cyrus databases
Mar 19 12:13:01 maya ctl_cyrusdb[26545]: DBERROR db4: fatal region error
detected; run recovery
Mar 19 12:13:01 maya ctl_cyrusdb[26545]: DBERROR: dbenv->open
'/var/imap/db' failed: DB_RUNRECOVERY: Fatal error, run database recov
ery
Mar 19 12:13:01 maya ctl_cyrusdb[26545]: DBERROR: init /var/imap/db:
cyrusdb error
Mar 19 12:13:01 maya ctl_cyrusdb[26545]: done checkpointing cyrus
databases
Mar 19 12:13:01 maya master[26543]: process 26545 exited, status 1

Can anyone sched any light on what I'm doing wrong?

installed packages (running on linux slackware 2.4.20)

tcl8.2.3
db-4.1.25
sendmail-8.12.8
cyrus-sasl-2.1.12
cyrus-imap-2.1.12

Thanks

Jason Crummack
Easysoft Limited

Cyrus' performance

[Mike Lohmann]

Hi,

I would like to know the performance of a cyrus imap/pop3 server.

I've got 2 users writing about 2 mails/day, whereby one mail has approx. 
100KB.

What will be, in your opinion, the estimated memory- and cpu usage per user, 
when 100 of them send their mails at the same time?

(Is there a document which tells me what cyrus 'costs'?)

Thanks.

Mike

Re: Cyrus' performance

[Henrique de Moraes Holschuh]

On Wed, 19 Mar 2003, Mike Lohmann wrote:
> I've got 2 users writing about 2 mails/day, whereby one mail has approx. 
> 100KB.

Looks like a spike-driven problem.

> What will be, in your opinion, the estimated memory- and cpu usage per user, 
> when 100 of them send their mails at the same time?

Test it. It is very dependent on your platform of choice, and the way you
set it up.

I'd start testing with 512MB RAM, and a dual PIII system for that load, but
that's a crude guess. BTW, proper IO is important, so go for SCSI3-160
disks.

> (Is there a document which tells me what cyrus 'costs'?)

No, that would be pointless. If one is to check wether a system will work
for him, he is to do it right and *test* it.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Re: Cyrus' performance

[Mike Lohmann]

Am Mittwoch, 19. März 2003 14:17 schrieben Sie:
> On Wed, 19 Mar 2003, Mike Lohmann wrote:
> > I've got 2 users writing about 2 mails/day, whereby one mail has
> > approx. 100KB.
>
> Looks like a spike-driven problem.
>
> > What will be, in your opinion, the estimated memory- and cpu usage per
> > user, when 100 of them send their mails at the same time?
>
> Test it. It is very dependent on your platform of choice, and the way you
> set it up.
>
> I'd start testing with 512MB RAM, and a dual PIII system for that load, but
> that's a crude guess. BTW, proper IO is important, so go for SCSI3-160
> disks.
>
> > (Is there a document which tells me what cyrus 'costs'?)
>
> No, that would be pointless. If one is to check wether a system will work
> for him, he is to do it right and *test* it.
;) Yes. That's true...

Thanks for your comments. That will help.

Mike

Re: Cyrus' performance

[lst_hoe]

Zitat von Mike Lohmann <[EMAIL PROTECTED]>:
> Hi,
> 
> I would like to know the performance of a cyrus imap/pop3 server.
> 
> I've got 2 users writing about 2 mails/day, whereby one mail has approx.
> 
> 100KB.
> 
> What will be, in your opinion, the estimated memory- and cpu usage per user,
> 
> when 100 of them send their mails at the same time?
> 
> (Is there a document which tells me what cyrus 'costs'?)
> 
> Thanks.
> 
> Mike
> 

If you use IMAP with a lot of users online at the same time (inside LAN) be 
sure to get a lot of RAM (> 1GB) and tune your OS for many open files.
Be sure to chose a fast I/O system (SCSI / FC) and a filesystem capable of many 
small files (XFS or something similar).
Split of the MTA to an other machine if the user send most of time to "extern" 
addresses.

Regards

Andreas

Re: how to proxy for a user [was Re: Geographically Redundant mailstores]

[Ken Murchison]

Luca Olivetti wrote:
> 
> Marco Colombo wrote:
> 
> > There's no AUTH=xxx entry, so there are *no* available mechs at this
> > point. AFAIK, unsafe mechs (the ones that send passwords in cleartext
> > over the net) are disabled by default. There're enabled if the client
> > requests a TLS connection via STARTTLS.
> 
> Thanks, you're right, if I use -s or -t it works.

Sorry, I forgot to mention this.

> What's strange that now I RTFM and put an "allowplaintext: yes" (also
> tried "allowplaintext: true") in imapd.conf (not a security problem
> since it accepts plaintext connections only from localhost) and still it
> doesn't advertise AUTH=PLAIN:

This option only effects protocol-specific plaintext login commands
(IMAP LOGIN, POP3 USER/PASS), not SASL.  You'll notice that if you set
"allowplaintext: no", you see the LOGINDISABLED capability in IMAP, and
USER will not be a POP3 capability.

> $ telnet localhost imap
> Trying 127.0.0.1...
> Connected to localhost.localdomain (127.0.0.1).
> Escape character is '^]'.
> * OK saturn.wetron.local Cyrus IMAP4 v2.1.12-Mandrake-RPM-2.1.12-1mdk
> server ready
> 1 capability
> * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
> NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
> THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS LISTEXT
> LIST-SUBSCRIBED ANNOTATEMORE X-NETSCAPE
> 1 OK Completed
> 2 logout
> * BYE LOGOUT received
> 2 OK Completed
> Connection closed by foreign host.
> 
> Of course I restarted master after editing imapd.conf
> I also tried adding "sasl_miminum_layer: 0" but that changed nothing
> (and it should be the default).
> 
> []
> > $ cyradm --authz marco --user cyrus localhost
> > Password:
> > devel.ESI> lm
> > INBOX (\HasChildren)  INBOX.test2 (\HasNoChildren)
> > INBOX.test (\HasNoChildren)
> > devel.ESI> quit
> >
> > Again, the password I typed was the one of 'cyrus', yet:
> >
> > Mar 19 10:36:07 devel imapd[31845]: login: devel.ESI[127.0.0.1] marco SRP User 
> > logged in
> >
> > I wasn't able to test PLAIN, because I don't know how to tell cyradm
> > to use TLS.
> 
> It seems there isn't a documented way.


This is correct.

-- 
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26  Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp

Re: how to proxy for a user [was Re: Geographically Redundant mailstores]

[Ken Murchison]

Marco Colombo wrote:
> 
> On Wed, 19 Mar 2003, Luca Olivetti wrote:
> 
> > Note that if I omit the "-m plain" it will logs me in as user cyrus (so
> > no proxy):
> >
> > $ imtest -a cyrus -u luca localhost
> > S: * OK saturn.wetron.local Cyrus IMAP4 v2.1.12-Mandrake-RPM-2.1.12-1mdk
> > server ready
> > C: C01 CAPABILITY
> > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
> > NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
> > THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS LISTEXT
> > LIST-SUBSCRIBED ANNOTATEMORE X-NETSCAPE
> > S: C01 OK Completed
> > Please enter your password:
> > C: L01 LOGIN cyrus {7}
> > S: + go ahead
> > C: 
> > S: L01 OK User logged in
> > Authenticated.
> > Security strength factor: 0
> 
> That was the LOGIN command, not AUTHENTICATE. I think it bypasses
> SASL checks in some ways.

It still uses SASL (Cyrus uses SASL for ALL authentication), but
protocol-specific login commands are treated different from SASL mechs.

-- 
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26  Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp

Re: how to proxy for a user [was Re: Geographically Redundant mailstores]

[Igor Brezac]

On Wed, 19 Mar 2003, Luca Olivetti wrote:

> Ken Murchison wrote:
>
> > When you authenticate, you need to use a SASL mech which supports
> > proxying.  Look at doc/mechanisms.html in the SASL distro for a complete
> > list.  In your case, you should be able to use at least PLAIN (you can
> > use others if using OpenLDAP 2.2's auxprop plugin).  Here's how you'd
> > authenticate as 'cyrus' and login as 'test' using imtest and cyradm:
>
> I'm using saslauthd (readme.html says that PLAIN uses saslauthd),
> mechanisms.html says that PLAIN can proxy, I have in my imapd.conf
>
> sasl_pwcheck_method: saslauthd
> sasl_mech_list: PLAIN
>
>
> but
>
> >
> > imtest -a cyrus -u test -m plain localhost
>
> tells me that plain is not available:
>
> $ imtest -a cyrus -u luca -m plain localhost
> S: * OK saturn.wetron.local Cyrus IMAP4 v2.1.12-Mandrake-RPM-2.1.12-1mdk
> server ready
> C: C01 CAPABILITY
> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
> NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
> THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS LISTEXT
> LIST-SUBSCRIBED ANNOTATEMORE X-NETSCAPE
> S: C01 OK Completed
> C: A01 AUTHENTICATE PLAIN
> S: A01 NO no mechanism available
> Authentication failed. generic failure
> Security strength factor: 0
>
> While I see this message in the logs:
>
> PLAIN [SASL(-4): no mechanism available: security flags do not match
> required]
>

You need to setup SSL in order to see plaintext mechs advertised.

-Igor


> The plain pluging *is* installed (in fact I couldn't login to sieve
> without it):
>
> $ telnet localhost sieve
> Trying 127.0.0.1...
> Connected to localhost.localdomain (127.0.0.1).
> Escape character is '^]'.
> "IMPLEMENTATION" "Cyrus timsieved v2.1.12-Mandrake-RPM-2.1.12-1mdk"
> "SASL" "PLAIN"
> "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress
> relational regex"
> "STARTTLS"
> OK
>
>
>
> Note that if I omit the "-m plain" it will logs me in as user cyrus (so
> no proxy):
>
> $ imtest -a cyrus -u luca localhost
> S: * OK saturn.wetron.local Cyrus IMAP4 v2.1.12-Mandrake-RPM-2.1.12-1mdk
> server ready
> C: C01 CAPABILITY
> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
> NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
> THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS LISTEXT
> LIST-SUBSCRIBED ANNOTATEMORE X-NETSCAPE
> S: C01 OK Completed
> Please enter your password:
> C: L01 LOGIN cyrus {7}
> S: + go ahead
> C: 
> S: L01 OK User logged in
> Authenticated.
> Security strength factor: 0
>
> >
> > cyradm --user cyrus --authz test --auth plain localhost
>
> Will log me in as user cyrus (no proxy) (I gave the same password for
> user cyrus to both prompts):
>
> $ cyradm --user cyrus --authz luca --auth plain localhost
> Password:
> IMAP Password:
> localhost.localdomain> lm INBOX
> localhost.localdomain> lm user.luca
> user.luca (\HasChildren)
> localhost.localdomain>
>
>
>
> Bye
>

-- 
Igor

RE :

[Bruhin Gregor]

You can do it this way:

Supposed your local domain is yozdom.net

In the virtusers file add this at the end ...
@yozdom.net error:nouser No such mailbox

If you define a catch-all for all the local domains you should not have this
problem.

Gregor Bruhin
[EMAIL PROTECTED]
VIA NET.WORKS (Suisse) SA
E-mail: [EMAIL PROTECTED] , http://www.vianetworks.ch

P.S. Please send mails with subject, and this question is a sendmail
question, please use appropriate m-l. 

-Message d'origine-
De : Leonid [mailto:[EMAIL PROTECTED] 
Envoyé : Montag, 17. März 2003 10:27
À : [EMAIL PROTECTED]
Objet : 

sendmail
cyrus 2.0.15

Could i do?
if mailbox (user) doesn't  not exist, my FreeBSD box will not recieve
messages
for it when remote host will try to connect to my machine (rcpt to:).

Cyrus Install Blues on SuSe Linux

[Neil Williams]

HiI'm trying to set up a Cyrus mail server 
on SuSe Linux (7.2) and am about to go crazy :-(
 
I've tried unsuccessfully downloading and the 
tar.gz files from the Cyrus website. However, I have successfully 
installed from SuSe RPM packages:
cyrus-imapd 2.0.16-361 cyrus-sasl 1.5.24-59 

perl-Cyrus-IMAP 2.0.16-361 
perl-Cyrus-SIEVE-acap 2.0.16-361 
perl-Cyrus-SIEVE-managesieve 2.0.16-361 

 
I am able to run the tests in the docs using 
telnet and imtest. I have added folders with cyradm and users with 
saslpasswd. However, I can't authenticate with PLAIN (using imtest) and 
can't connect to the IMAP server from Netscape or Outlook Express.
 
My imapd.log is attached for 
reference.
 
I've scoured the manuals and know that the problem 
is probably with sasl. I've tried many different configurations, reinstalls and 
compilations but to no avail :-(
 
Any help from the wise and battle scarred would be 
greatly appreciated.
 
Thanks in advance
 
Neil Williams
 
 


imapd.log
Description: Binary data

Moving to a different arch

[Marco Colombo]

I'm planning to move one of our server from a Linux/SPARC box to an
Intel (well, AMD) based one. I'm also upgrading from 2.0.16 to 2.1.12.

I've copied both my configdirectory and partition-default to the new box.

When I start the daemon I get (I had to remove the db/__db.* files):

Mar 19 16:40:43 devel ctl_cyrusdb[4987]: recovering cyrus databases
Mar 19 16:40:43 devel ctl_cyrusdb[4987]: DBERROR db3: Ignoring log file: 
/home/from-backup/var/cyrus-imapd/db/log.06: magic number 88090400, not 40988
Mar 19 16:40:43 devel ctl_cyrusdb[4987]: DBERROR db3: Invalid log file: 
log.06: Invalid argument
Mar 19 16:40:43 devel ctl_cyrusdb[4987]: DBERROR db3: PANIC: Invalid argument
Mar 19 16:40:43 devel ctl_cyrusdb[4987]: DBERROR: critical database situation
Mar 19 16:40:43 devel master[4985]: process 4987 exited, status 75 

I have the strong feeling B-) that this is an endianess problem of
Berkeley db3 (see the magic). I guess I need to dump the database into
some text format on the sparc box and restore it on the intel one.
Now the questions:

1) is there a way to dump the db using cyrus utilities?
2) if I have to use db3 utils, can someone provide me with hints?
   (e.g., db_dump works on a file, which files should I dump? is it
   just the mailboxes.db file? - if so, I think ctl_mboxlist is
   all I need)
3) am I expected to run into other endianess problems? (cyrus.*
   files come into my mind).

I *think* I remember of being able to move across different archs
in the past (1.6.x), when the mailbox file was just a text file.
But maybe I'm wrong.

TIA,
.TM.
-- 
  /  /   /
 /  /   /   Marco Colombo
___/  ___  /   /  Technical Manager
   /  /   /  ESI s.r.l.
 _/ _/  _/ [EMAIL PROTECTED]

autocreatefolders config option.

[Edward Rudd]

How exactly does the autocreatefolders config option work.  I am using
Simon Matters RPM.. with the creatonpost patch enabled.
hrere is the pertanant part of my imapd.conf

createonpost: no
autocreatefolders: SUB: SPAM | SUB: Drafts | SUB: Sent

I have tried with creatonpost set to yes  as well. 
I can not get this working at all.
I have a user in my auth mech and I login as that use and they have NO
mail folders at all (not even an inbox). and there is no directory in
the spool dir..
Tried this with creatonpost on and off.
then I created the user via the cyrus admin account.
and tried loggin in as my test account.. still the subfolders were not
created.. 
Tried this with creatonpost on and off as well.

So, how is this supposed to be configured?? and under what circumstances
to the folders get autocreated?

-- 
Edward Rudd <[EMAIL PROTECTED]>

Cyrus::IMAP, referrals, murder, mailbox moves, etc.

[Michael Bacon]

We're working towards getting a Murder deployed at the moment, starting 
with using it to move mailboxes between servers.  I've got a few questions 
here about locking, and about how cyradm deals with the murder when 
administrating mailboxes.

First off, how does the mailbox appear to the user on the old server while 
it is in the process of moving from one server to the next?  Can they see 
it in read-only mode, or does it disappear entirely, or is there a chance 
for data corruption if they make changes to it while the mailbox is in 
transit?  Should all of the ACLs be cleared on the old server before the 
move starts, then restored when the move is finished, or is that taken care 
of?  Also, what happens if delivery to the mailbox is attempted via lmtp 
during the move?  Is it rejected with a "Mailbox does not exist?" or does 
it fall into some kind of pit?

Secondly, is there a way to get cyradm (or alternately, Cyrus::IMAP::Admin) 
to return the backend server where a mailbox is located?  Or is there some 
query you could send to the MUPDATE server to find that information?  In 
other words, is there some way we can automate mailbox administration so 
that the administrator doesn't have to go hunting around trying to figure 
out which server a mailbox is on in order to change ACLs on it?

Thanks,
Michael

Re: Moving to a different arch

[Ken Murchison]

Marco Colombo wrote:
> 
> I'm planning to move one of our server from a Linux/SPARC box to an
> Intel (well, AMD) based one. I'm also upgrading from 2.0.16 to 2.1.12.
> 
> I've copied both my configdirectory and partition-default to the new box.
> 
> When I start the daemon I get (I had to remove the db/__db.* files):
> 
> Mar 19 16:40:43 devel ctl_cyrusdb[4987]: recovering cyrus databases
> Mar 19 16:40:43 devel ctl_cyrusdb[4987]: DBERROR db3: Ignoring log file: 
> /home/from-backup/var/cyrus-imapd/db/log.06: magic number 88090400, not 40988
> Mar 19 16:40:43 devel ctl_cyrusdb[4987]: DBERROR db3: Invalid log file: 
> log.06: Invalid argument
> Mar 19 16:40:43 devel ctl_cyrusdb[4987]: DBERROR db3: PANIC: Invalid argument
> Mar 19 16:40:43 devel ctl_cyrusdb[4987]: DBERROR: critical database situation
> Mar 19 16:40:43 devel master[4985]: process 4987 exited, status 75
> 
> I have the strong feeling B-) that this is an endianess problem of
> Berkeley db3 (see the magic). I guess I need to dump the database into
> some text format on the sparc box and restore it on the intel one.
> Now the questions:
> 
> 1) is there a way to dump the db using cyrus utilities?
> 2) if I have to use db3 utils, can someone provide me with hints?
>(e.g., db_dump works on a file, which files should I dump? is it
>just the mailboxes.db file? - if so, I think ctl_mboxlist is
>all I need)

That is correct.  Just dump mailboxes.db with ctl_mboxlist and reload it
with the same on your new box.  While you're at it, you might want to
use the skiplist backend for mailboxes.db on your new box
(reconfig/recompile using --with-mboxlist-db=skiplist first)

I'd also remove any other BDB databases (deliver.db, tls_sessions.db)
and the contents of the db/ dir.


> 3) am I expected to run into other endianess problems? (cyrus.*
>files come into my mind).

You _shouldn't_

-- 
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26  Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp

Re: High Load Avg and Context Switches

[Jeremy Sanders]

> was consistently below 5. The processor is mostly idle. I thought
the

Find out which processes are in D or R state.  Are them all pop3d ? 
What
processes are contending for the CPU during the CS spikes?
What database backends are you using in Cyrus?  What berkeley DB
version?

The db is db3-3.3.11-6 for everything but the mailboxes db which I
changed to skiplist. It's not all pop3, but it is mostly pop3 in the D
state. There are some lmtpd, cleanup(postfix), and every once in a while
kjournald is in DW. When the load really spikes like 30 pop3d processes
are in state D waiting for disk IO I presume. I don't know if the pop3d
processes are waiting for authenticaiton or for mailbox access though.
We are using saslauthd(currently w/ 30 threads) which points to pam
which is using ldap on another box to auth users. I know saslauthd
natively supports ldap we just haven't been able to get that to function
yet.

Thanks,


Jeremy

Re: Cyrus::IMAP, referrals, murder, mailbox moves, etc.

[Michael Bacon]

--On Wednesday, March 19, 2003 15:57:14 -0500 Ken Murchison 
<[EMAIL PROTECTED]> wrote:

You should wait for a reply from Rob for definitive answers, but I'll
get you started.
...

> Should all of the ACLs be cleared on the old server before the
> move starts, then restored when the move is finished, or is that taken 
care
You shouldn't have to change ACLs.  The location of the mailbox has no
effect on the ACL
I was actually thinking more along the lines of temporarily setting all 
ACLs on the mailbox to "none" in order to make sure the user didn't corrupt 
the mailbox with APPENDs or some such thing.  But if it's getting somehow 
locked for the move, I guess that isn't necessary.

> Secondly, is there a way to get cyradm (or alternately, 
Cyrus::IMAP::Admin)
> to return the backend server where a mailbox is located?  Or is there 
some
Yup.

info 

It uses the IMAP ANNOTATEMORE extension for this.  If you use 'info'
without any args, it will show you any server annotations (motd,
comment).  You can use 'setinfo' to set either one of these.
That's certainly helpful -- info is in fact what I'm looking for.  I 
presume that's the same as the undocumented $client->getinfo() call in 
Cyrus::IMAP::Admin?

Anyway, I think I see where I'm running afoul of cyradm.  The code for 
doing the referrals in Cyrus/IMAP/Admin.pm is something like this:

##
   my $cyradm = Cyrus::IMAP::Admin->new($refserver, $port)
 or die "cyradm: cannot connect to $refserver\n";
   $cyradm->addcallback({-trigger => 'EOF',
 -callback => \&_cb_ref_eof,
 -rock => \$cyradm});
   $cyradm->authenticate()
 or die "cyradm: cannot authenticate to $refserver\n";
##
The problem is that for a lot of the things we do around here, we use some 
of the undocumented arguments to authenticate(), because SASL has the nasty 
habit of trying to do KERBEROS_IV before it does GSSAPI, which is almost 
always not what we want it to do, although we have KERBEROS_IV support on 
for older clients.  Also, it tries to guess the UserID and AuthID, and 
usually guesses it wrong for our purposes.  However, when this calls 
authenticate() from within the setaclmailbox() call, or whatever, it's 
using all of the defaults.  I wonder if it would be useful to store all of 
the arguments passed into authenticate() in instance variables of the 
$client object for later retrieval, perhaps with a getauthinfo() call, or 
some such thing.  Would we be the only ones who would find that useful, or 
would that benefit others as well?  (If so, I may get started on it... 
Perhaps this should move over to cyrus-devel at some point...)

Thanks much,
Michael

Re: Cyrus::IMAP, referrals, murder, mailbox moves, etc.

[Ken Murchison]

Michael Bacon wrote:
> 
> --On Wednesday, March 19, 2003 15:57:14 -0500 Ken Murchison
> <[EMAIL PROTECTED]> wrote:
> 
> > > Secondly, is there a way to get cyradm (or alternately,
> Cyrus::IMAP::Admin)
> > > to return the backend server where a mailbox is located?  Or is there
> some
> >
> > Yup.
> >
> > info 
> >
> > It uses the IMAP ANNOTATEMORE extension for this.  If you use 'info'
> > without any args, it will show you any server annotations (motd,
> > comment).  You can use 'setinfo' to set either one of these.
> 
> That's certainly helpful -- info is in fact what I'm looking for.  I
> presume that's the same as the undocumented $client->getinfo() call in
> Cyrus::IMAP::Admin?

Yes,  IIRC.

> would that benefit others as well?  (If so, I may get started on it...
> Perhaps this should move over to cyrus-devel at some point...)

Not a bad idea.

-- 
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26  Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp

Re: High Load Avg and Context Switches

[Henrique de Moraes Holschuh]

On Wed, 19 Mar 2003, Jeremy Sanders wrote:
> changed to skiplist. It's not all pop3, but it is mostly pop3 in the D
> state. There are some lmtpd, cleanup(postfix), and every once in a while
> kjournald is in DW. When the load really spikes like 30 pop3d processes

Looks like LDAP is hosing your system down, if cleanup is in D state. Are
you using any sort of LDAP maps in postfix?

> are in state D waiting for disk IO I presume. I don't know if the pop3d
> processes are waiting for authenticaiton or for mailbox access though.

Strace them, and see if they hang talking to saslauthd, then...

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Re: High Load Avg and Context Switches

[Jeremy Sanders]

We remounted the imap and postfix partitions as ext2 and it is smoking.
Now we just have to figure out how to tweak ext3 to work better. I think
a bigger journal size might help, it is flushing to disk too often and
the pop3d processes are piling up waiting on it to flush...

Jeremy

>>> Henrique de Moraes Holschuh <[EMAIL PROTECTED]> 03/19/03 03:35PM >>>
On Wed, 19 Mar 2003, Jeremy Sanders wrote:
> changed to skiplist. It's not all pop3, but it is mostly pop3 in the
D
> state. There are some lmtpd, cleanup(postfix), and every once in a
while
> kjournald is in DW. When the load really spikes like 30 pop3d
processes

Looks like LDAP is hosing your system down, if cleanup is in D state.
Are
you using any sort of LDAP maps in postfix?

> are in state D waiting for disk IO I presume. I don't know if the
pop3d
> processes are waiting for authenticaiton or for mailbox access
though.

Strace them, and see if they hang talking to saslauthd, then...

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Re: High Load Avg and Context Switches

[Henrique de Moraes Holschuh]

On Wed, 19 Mar 2003, Jeremy Sanders wrote:
> We remounted the imap and postfix partitions as ext2 and it is smoking.

Switch to XFS.  That will fix your performance troubles, probably...
And mount the spools "noatime".

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Re: High Load Avg and Context Switches

[Luc Brouard]

On Wed, Mar 19, 2003 at 04:34:32PM -0600, Jeremy Sanders wrote:
> We remounted the imap and postfix partitions as ext2 and it is smoking.
> Now we just have to figure out how to tweak ext3 to work better. I think
> a bigger journal size might help, it is flushing to disk too often and
> the pop3d processes are piling up waiting on it to flush...

Check Ralf Hildebrandt pages on ext3 for postfix.
Many tips there to tune your conf.

Luc
> 
> Jeremy
> 
> >>> Henrique de Moraes Holschuh <[EMAIL PROTECTED]> 03/19/03 03:35PM >>>
> On Wed, 19 Mar 2003, Jeremy Sanders wrote:
> > changed to skiplist. It's not all pop3, but it is mostly pop3 in the
> D
> > state. There are some lmtpd, cleanup(postfix), and every once in a
> while
> > kjournald is in DW. When the load really spikes like 30 pop3d
> processes
> 
> Looks like LDAP is hosing your system down, if cleanup is in D state.
> Are
> you using any sort of LDAP maps in postfix?
> 
> > are in state D waiting for disk IO I presume. I don't know if the
> pop3d
> > processes are waiting for authenticaiton or for mailbox access
> though.
> 
> Strace them, and see if they hang talking to saslauthd, then...
> 
> -- 
>   "One disk to rule them all, One disk to find them. One disk to bring
>   them all and in the darkness grind them. In the Land of Redmond
>   where the shadows lie." -- The Silicon Valley Tarot
>   Henrique Holschuh

sendmail+cyrus: checking users during receiving mail for unexisted users

[Leonid]

DID anybody try?


add strings sendmail.cf.

MAILER(cyrus)dnldivert(0)
HACK(cyrususers)dnl

hack:

VERSIONID(`$Id$')
LOCAL_CONFIG
F{cyrususers}-o |/usr/local/bin/sasldblistusers user: %[^ ]
divert(-1)
# Add rule to the end of ruleset 98 ( local hack for ruleset 0 )  
divert(0)
LOCAL_RULE_0
# Deliver mails through cyrus mailer for imap users.
R$={cyrususers} < @ $=w . >$#cyrus $: $1
R$={cyrususers} $#cyrus $: $1

Re: autocreatefolders config option.

[Simon Matter]

Edward Rudd schrieb:
> 
> How exactly does the autocreatefolders config option work.  I am using
> Simon Matters RPM.. with the creatonpost patch enabled.
> hrere is the pertanant part of my imapd.conf
> 
> createonpost: no
> autocreatefolders: SUB: SPAM | SUB: Drafts | SUB: Sent
> 
> I have tried with creatonpost set to yes  as well.
> I can not get this working at all.
> I have a user in my auth mech and I login as that use and they have NO
> mail folders at all (not even an inbox). and there is no directory in
> the spool dir..
> Tried this with creatonpost on and off.
> then I created the user via the cyrus admin account.
> and tried loggin in as my test account.. still the subfolders were not
> created..
> Tried this with creatonpost on and off as well.
> 
> So, how is this supposed to be configured?? and under what circumstances
> to the folders get autocreated?

Did you read the docs in
/usr/share/doc/cyrus-imapd-2.1.12/README.createonpost?
IIRC, you have to set 'autocreatequota' to a non zero value to make the
createonpost feature work.

HTH
Simon

> 
> --
> Edward Rudd <[EMAIL PROTECTED]>