Re: Cyrus on Red Hat Enterprise Linux
On Tue, 2003-06-10 at 20:35, Simon Brady wrote: Hello world, We're planning to retire our Solaris mail server at the end of the year and move Cyrus to Linux. I'd intended to move to RH7.3, which we use widely and understand quite well, but Red Hat's support policies have killed that idea. Is anyone currently running Cyrus on Red Hat Enterprise, either out of the box or self-installed? If so, have you encountered any issues beyond those to be expected on 7.x? Having built from source on Solaris I was looking forward to using Simon Matter's RPMs, but I don't know how they'll interact with the RH Network all your server are belong to us madness. RHAS 2.1 (and ES, the difference being, AFAICT, support) are basically just 7.2/7.3 systems (more the former, I think). So, if it works with 7.2, it should work with RHAS. 3rd party RPMs should be just fine; I have a few customers using up2date and they don't have any problems with the RPMs I've installed. My current strategy for my customers is to maintain them all at 7.3 until towards the end of the year, at which time I'm guessing RHAS 2.2 will be out, to which I will them move my customers. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * * Tired of spam and viruses in your e-mail? Get the * * Naked Ape Mail Defender! http://nakedape.cc/r/maildefender * signature.asc Description: This is a digitally signed message part
Re: Cyrus on Red Hat Enterprise Linux
Simon Brady schrieb: Hello world, We're planning to retire our Solaris mail server at the end of the year and move Cyrus to Linux. I'd intended to move to RH7.3, which we use widely and understand quite well, but Red Hat's support policies have killed that idea. Is anyone currently running Cyrus on Red Hat Enterprise, either out of the box or self-installed? If so, have you encountered any issues beyond those to be expected on 7.x? Having built from source on Solaris I was looking forward to using Simon Matter's RPMs, but I don't know how they'll interact with the RH Network all your server are belong to us madness. Hi, My Cyrus-imapd RPMs work (means you have to rebuild from source rpm) on RedHat 2.1AS+ES and I have not heard of any problems with RH Network. Please note that only the newest version cyrus-imapd-2.1.13-4.src.rpm builds correctly on RedHat ES. Regards, Simon [OT: Yes, I'm aware that there other other Linuces beyond RH, but we're committed to HP hardware which is only certified for RH and SuSE (one of my colleagues has been told by an HP engineer that they support Debian but I've yet to see anything official). We have zero SuSE experience in-house, so RH kind of have us by the danglies...] Thanks for any feedback, Simon -- Simon Brady mailto:[EMAIL PROTECTED] ITS Technical Services University of Otago, Dunedin, New Zealand
lmtpd duplicate_check duplicate_mark ?
What do these Cyrus LMTPD log messages mean? Thanks in advance. -- +-+ Bernd Nies mailto:[EMAIL PROTECTED] System Engineering Dipl. El.-Ing. HTL AdNovum Informatik AG http://www.adnovum.ch phone: +41 (1) 272 6111 Roentgenstrasse 22, CH-8005 Zuerich fax: +41 (1) 272 6312 +-+ AdNovum Software Inc. San Mateo, CA 94404phone: +1 (650) 525 9322 1400 Fashion Island Boulevard, Suite 309 fax: +1 (650) 525 9324 +-+
Compiling Cyrus-Imap/Kerberos problems
Hi all, when I run ./configure it stops with the following error: checking for krb.h... no configure: warning: No Kerberos V4 found configure: error: Kerberos not found for authorization module I searched google I couldn´t find any help. I have berkeley-db and sasl installed without errors. I tried with several options (--disable-krb, --without-krb, --includedir=path_to_krb4_headers) with no luck. What can I do? Thanks and Regards, Chris
how much space does hard-linking save? (a script for your boss!)
I was wondering how much space Cyrus' hard-linking tricks saved us.. as an
academic department (with about 800 users) a lot of e-mail goes out to
student lists, for example. So.. while waiting for an fsck after a major
power cut I wrote this natty little perl script:
#!/usr/bin/perl -w
use strict; $|=1; printnet G gross G avgLinks\n;
my @x; our($n1, $n2, $n3, $n4, $y, $gig) = (0, 0, 0, 0, 1, 1024**3);
sub splat { printf %8.3f%8.3f%8.3f\r, $n1/$gig, $n2/$gig, $n3/$n4 }
open(M, 'find /var/spool/cyrus/mail/user -type f -name *.|')
or die fork: $!;
while (M) {
chomp;
@x = stat;
$n1 += $x[7], $n2 += $x[3] * $x[7], $n3 += $x[3], $n4++;
$y = 100, splat unless $y--
}
splat, close M, print \n\n
I was quite surprised at the results:
net G gross G avgLinks
15.666 130.019 47.589
..so, having thought an 80G volume for the mailstore wasn't overly
generous, now I can up everyone's quota for the next academic year :)
Thanks! (and remember to configure your MTA to batch it all together..)
Re: Compiling Cyrus-Imap/Kerberos problems
Hi, On Wed, 11 Jun 2003, Christian Schlaefcke wrote: Hi all, checking for krb.h... no configure: warning: No Kerberos V4 found installed without errors. I tried with several options (--disable-krb, --without-krb, --includedir=path_to_krb4_headers) with no luck. What can I do? Try --with-auth=unix
Re: Webmail application that doesn't abuse the IMAP server?
I'm not sure how the httpd processes are being tied up, but tied up imapds that are otherwise idle don't cost you anything except some swap and a process table entry. They're basicly free. Unless the imap connection has a mailbox open. That ties up a potentially very large memory resource (depending on the size of the mailbox) on the server. I have to say I don't know for certain whether that's true for the cyrus imapd, but for other imapds I've used, that has been the case. Someone know for sure? Ted Fines --On Wednesday, June 11, 2003 2:03 AM -0400 Rob Siemborski [EMAIL PROTECTED] wrote: On Tue, 10 Jun 2003, Gary Mills wrote: We do use that, and it probably does improve performance. It does have a problem with idle browser connections that accumulate with time. This also ties up a lot of `imapd' and `httpd' processes. It probably needs a client timeout someplace. I haven't had time to investigate further. I'm not sure how the httpd processes are being tied up, but tied up imapds that are otherwise idle don't cost you anything except some swap and a process table entry. They're basicly free. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: lmtpd duplicate_check duplicate_mark ?
Bernd Nies wrote: What do these Cyrus LMTPD log messages mean? It means you're logging DEBUG messages that you don't need to see. Both of these messages have to do with duplicate supression. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Webmail application that doesn't abuse the IMAP server?
On Wed, 11 Jun 2003, Ted Fines wrote: Unless the imap connection has a mailbox open. That ties up a potentially very large memory resource (depending on the size of the mailbox) on the server. I have to say I don't know for certain whether that's true for the cyrus imapd, but for other imapds I've used, that has been the case. Someone know for sure? As long as you have a fairly sane mmap implementation (most modern unixes do), this isn't the case for cyrus (well, I suppose it depends on your definition of large memory resource). That said, the type of connections held open by an IMAP proxy between webmail sessions aren't holding a mailbox open. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
special imap server
did someone know if there exist a IMAp server who would be able to use a POP3 server for the INBOX folder and his normal folders for all others ! note : i need something like this for a migration purpose ! thanks
Re: special imap server
Brasseur Valéry wrote: did someone know if there exist a IMAp server who would be able to use a POP3 server for the INBOX folder and his normal folders for all others ! note : i need something like this for a migration purpose ! The basic problem is that you cannot implement the IMAP protocol using the functionality provided by a POP server. Conceivably, you could have a proxy that did what you wanted and provided a very restricted subset of IMAP commands, but you would likely find clients would not work with it. You should just bite the bullet and convert them at once, offline. -- John A. Tamplin Unix System Administrator Emory University, School of Public Health +1 404/727-9931
Re: how much space does hard-linking save? (a script for your boss!)
On Wed, 11 Jun 2003, Matt Bernstein wrote:
I was wondering how much space Cyrus' hard-linking tricks saved us.. as an
academic department (with about 800 users) a lot of e-mail goes out to
student lists, for example. So.. while waiting for an fsck after a major
power cut I wrote this natty little perl script:
#!/usr/bin/perl -w
use strict; $|=1; printnet G gross G avgLinks\n;
my @x; our($n1, $n2, $n3, $n4, $y, $gig) = (0, 0, 0, 0, 1, 1024**3);
sub splat { printf %8.3f%8.3f%8.3f\r, $n1/$gig, $n2/$gig, $n3/$n4 }
open(M, 'find /var/spool/cyrus/mail/user -type f -name *.|')
or die fork: $!;
while (M) {
chomp;
@x = stat;
$n1 += $x[7], $n2 += $x[3] * $x[7], $n3 += $x[3], $n4++;
$y = 100, splat unless $y--
}
splat, close M, print \n\n
I was quite surprised at the results:
net G gross G avgLinks
15.666 130.019 47.589
..so, having thought an 80G volume for the mailstore wasn't overly
generous, now I can up everyone's quota for the next academic year :)
Thanks! (and remember to configure your MTA to batch it all together..)
There are a number of programs for creating hard-links between identical
files, for example:
http://www.stearns.org/freedups/
Anyone tried something like this for creating hard-linked files?
I will soon import a lot of messages into Cyrus through imap, these new
messages might well contain a lot of duplicates between users. Something
like freedups could possibly save a lot of diskplace, so I am interested
if anyone have tried this.
-psi
Restricting IMAP (143) port just for Squirrelmail?
I would like to restrict Cyrus to only allow users to use IMAPS, not plain IMAP. However, I was told that would break Squirrelmail, unless I opened access to IMAP (port 143) for the node that Squirrelmail was running on. But I'm running XINETD on Redhat, and I've read Cyrus doesn't use that. I would need another TCP wrapper program (and not sure if even if I installed it, whether it's compatible with Xinetd). Is that true, or is there an easier way to do it? Another thought I had was to simply have IMAP running on a non-standard port number, and have configure Squirrelmail use that port (is that possible?). Thanks. - Mark
Number of copies of messages?
Hello all. I've been tasked with looking at changing our mail services and one of the options is Cyrus. One question that will greatly impact the decision is this: How many copies of a message are saved in the message store? I know Cyrus has a db backend, so we're wondering if one message is sent to all users on the server, is only one copy of that message saved in the store or is there an individual copy of each message for each user saved? Many thanks, Bob Jones OIIT Board of Regents, USG
Re: Restricting IMAP (143) port just for Squirrelmail?
On Wed, 11 Jun 2003, Mark London wrote: I would like to restrict Cyrus to only allow users to use IMAPS, not plain IMAP. However, I was told that would break Squirrelmail, unless I opened access to IMAP (port 143) for the node that Squirrelmail was running on. But I'm running XINETD on Redhat, and I've read Cyrus doesn't use that. I would need another TCP wrapper program (and not sure if even if I installed it, whether it's compatible with Xinetd). Is that true, or is there an easier way to do it? Another thought I had was to simply have IMAP running on a non-standard port number, and have configure Squirrelmail use that port (is that possible?). Thanks. - Mark Well you can always just disallow plaintext logins (allowplaintext: f). This won't stop really dumb clients from sending the password in the clear anyway, but its a step in the right direction. This will also allow STARTTLS clients to still operatate. Also, Squirrelmail does support TLS connections (but not IMAPs), from a brief read of their source (atleast in the 1.4 series). Worst case, a firewall running on your IMAP server to only allow connections on 143 from your squirrelmail host can be your friend. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: Restricting IMAP (143) port just for Squirrelmail?
Mark, Why not use iptables to block all port 143 access except the node that Squirrelmail is running on? Mark London wrote: I would like to restrict Cyrus to only allow users to use IMAPS, not plain IMAP. However, I was told that would break Squirrelmail, unless I opened access to IMAP (port 143) for the node that Squirrelmail was running on. But I'm running XINETD on Redhat, and I've read Cyrus doesn't use that. I would need another TCP wrapper program (and not sure if even if I installed it, whether it's compatible with Xinetd). Is that true, or is there an easier way to do it? Another thought I had was to simply have IMAP running on a non-standard port number, and have configure Squirrelmail use that port (is that possible?). Thanks. - Mark
Re: Restricting IMAP (143) port just for Squirrelmail?
11 2003 19:16, Mark London : I would like to restrict Cyrus to only allow users to use IMAPS, not plain IMAP. However, I was told that would break Squirrelmail, unless I opened access to IMAP (port 143) for the node that Squirrelmail was running on. But I'm running XINETD on Redhat, and I've read Cyrus doesn't use that. I would need another TCP wrapper program (and not sure if even if I installed it, whether it's compatible with Xinetd). Is that true, or is there an easier way to do it? Another thought I had was to simply have IMAP running on a non-standard port number, and have configure Squirrelmail use that port (is that possible?). Thanks. - Mark I think it'll be easier to use Horde. It can be connected to IMAPS without problem and You can chose wether are you goung to verify certs. I couldn't find how to manage Squirellmail to use IMAPS port. Best regards. Sergios
Re: Restricting IMAP (143) port just for Squirrelmail?
Rob Siemborski wrote: On Wed, 11 Jun 2003, Mark London wrote: I would like to restrict Cyrus to only allow users to use IMAPS, not plain IMAP. However, I was told that would break Squirrelmail, unless I opened access to IMAP (port 143) for the node that Squirrelmail was running on. But I'm running XINETD on Redhat, and I've read Cyrus doesn't use that. I would need another TCP wrapper program (and not sure if even if I installed it, whether it's compatible with Xinetd). Is that true, or is there an easier way to do it? Another thought I had was to simply have IMAP running on a non-standard port number, and have configure Squirrelmail use that port (is that possible?). Yes. You can have Cyrus imapd listen on whatever ports you want. You could also restrict it to listen on a particular interface. Well you can always just disallow plaintext logins (allowplaintext: f). This won't stop really dumb clients from sending the password in the clear anyway, but its a step in the right direction. This will also allow STARTTLS clients to still operatate. Also, Squirrelmail does support TLS connections (but not IMAPs), from a brief read of their source (atleast in the 1.4 series). Worst case, a firewall running on your IMAP server to only allow connections on 143 from your squirrelmail host can be your friend. Cyrus also supports tcpwrappers, which make be of some help. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Restricting IMAP (143) port just for Squirrelmail?
On Wed, 11 Jun 2003, Mark London wrote: I would like to restrict Cyrus to only allow users to use IMAPS, not plain IMAP. However, I was told that would break Squirrelmail, unless I opened access to IMAP (port 143) for the node that Squirrelmail was running on. But I'm running XINETD on Redhat, and I've read Cyrus doesn't use that. Hmm, where did you read this? ./configure --with-libwrap I would need another TCP wrapper program (and not sure if even if I installed it, whether it's compatible with Xinetd). Is that true, or is there an easier way to do it? Another thought I had was to simply have IMAP running on a non-standard port number, and have configure Squirrelmail use that port (is that possible?). Thanks. - Mark -- Igor
Re: Restricting IMAP (143) port just for Squirrelmail?
On 11 Jun 2003, Mark London writes: I would like to restrict Cyrus to only allow users to use IMAPS, not plain IMAP. However, I was told that would break Squirrelmail, unless I opened access to IMAP (port 143) for the node that Squirrelmail was running on. Iptables would probably be the most common way to achieve this sort of restriction. But I'm running XINETD on Redhat, and I've read Cyrus doesn't use that. I would need another TCP wrapper program ... Not really, as others have said already. Either configure cyrus to use tcp-wrappers, or use iptables to restrict the data flow instead of a wrapper. ..., or is there an easier way to do it? You could set up Cyrus to only allow IMAPS access, and then use stunnel on the squirrelmail machine to do the SSL/TLS tunneling for it. That way, no 'special' permissions would be needed on the cyrus server at all, from the cyrus perspective squirrelmail would use IMAPS just like other IMAPS clients. How this would impact performance (many SSL tunnels being created, when squirrelmail gets busy) is something you'd need to think about. Overall, which way (iptables, compiling cyrus to use a wrapper, or stunnel) is 'easier' depends on what software you are comfortable with... Which way is more secure against whatever threats you believe exist is probably a useful question to ask yourself, too (or else why bother with IMAPS at all!). If the Squirrelmail to Cyrus traffic can be sniffed by 'the bad guys', then IMO you need something to protect the accountname/password information and the email itself from such snooping, so stunnel on the Squirrelmail box (and 100% IMAPS only on the Cyrus server) might be appropriate. Jonathan -- Jonathan Marsden| Internet: [EMAIL PROTECTED] | Making electronic 1252 Judson Street | Phone: +1 (909) 795-3877 | communications work Redlands, CA 92374 | Fax: +1 (909) 795-0327 | reliably for Christian USA | http://www.xc.org/jonathan| missions worldwide
Re: Restricting IMAP (143) port just for Squirrelmail?
Another option is to use stunnel (stunnel.org) on both side of the connection. Thanks Rich Houston 11 Èþíü 2003 19:16, Mark London íàïèñàë: I would like to restrict Cyrus to only allow users to use IMAPS, not plain IMAP. However, I was told that would break Squirrelmail, unless I opened access to IMAP (port 143) for the node that Squirrelmail was running on. But I'm running XINETD on Redhat, and I've read Cyrus doesn't use that. I would need another TCP wrapper program (and not sure if even if I installed it, whether it's compatible with Xinetd). Is that true, or is there an easier way to do it? Another thought I had was to simply have IMAP running on a non-standard port number, and have configure Squirrelmail use that port (is that possible?). Thanks. - Mark I think it'll be easier to use Horde. It can be connected to IMAPS without problem and You can chose wether are you goung to verify certs. I couldn't find how to manage Squirellmail to use IMAPS port. Best regards. Sergios
Re: Restricting IMAP (143) port just for Squirrelmail?
At 13:32 -0400 Rob Siemborski wrote: Also, Squirrelmail does support TLS connections (but not IMAPs), from a brief read of their source (atleast in the 1.4 series). True, but it requires PHP 4.3 which isn't in a supported Red Hat Linux release (you can find it in rawhide though :).
