copying messages from old to new
Hi, I have one 'old' 2.1 Cyrus Imap server with accounts and emails, and onenew cyrus 2.1 server. I want to copy the accounts and messages on the old one to the new one. Can I just copy the messages to the new server or should I be aware of certain things like for instance Cyrus databases? Thank you, Arjen.
Sql based Spamassassin with sieve
I am using cyrus on my mailserver ( Linux redhat 7.2). The users dont have any system accounts. I am using a gateway spamassassin with Mailscanner. The problem is every user would like his own individual preferences stored. So I was looking if there was a way I could use sieve to fork spamassassin per user with the user name and the prefernces stored in Mysql database. I found that some people have done this, But there doesnt seem to be much documentation Thanks Ram NETCORE SOLUTIONS *** Ph: +91 22 5662 8000 Fax: +91 22 5662 8134 MailServ: Email, IM, Proxy, Firewall, Anti-Virus, LDAP Fleximail: Mail Storage, Management and Relaying http://netcore.co.in Emergic Freedom: Linux-based Thin Client-Thick Server Computing http://www.emergic.com BlogStreet: Blog Profiles, RSS Ecosystem, Blog Tops, Search http://www.blogstreet.com Rajesh Jain's Weblog on Technology: http://www.emergic.org
How to deliver mails in the stage directory after a crash ?
Hi all, I plan to move from WU Imap to Cyrus Imap, for better performance, for subfolders, and so on. Actually, I do some tests with Cyrus imap before using it for everybody in the company. Everything was fine during 2 days, but yesterday, a lot of emails have to be delivered, and all lmptd process (134 exactly) became frozen on DB errors : lmtpd[9300]: DBERROR db3: 134 lockers I know the global performance depends a lot of compilation options used in the configure script, so I do not really worry about this problem. My question is : after one hour, all lmtpd process were still frozen, so I killed them manually (what could I do else ?), and all mails stayed in the stage. directory. Is there a way to retry the deliver of all theses mails ? A crash can occur, a power supply loss can also occur, that's why I am really interested in the deliver recovery for email stored in the stage directory. Thanks for your help, Pierre
Sieve script and fileinto encoding
Hi, I have a question regarding the charset encoding of Sieve scripts which I have not been to find a definite answer to elsewhere. As I understand it, Cyrus expects Sieve scripts to be UTF-8 encoded. Is this also true of mailbox names in a fileinto action? Cyrus supplies mailbox names in modified UTF-7. Would it be correct, then, to say that mailbox names need to be converted from MUTF-7 to UTF-8 when writing a Sieve script? If so, then is it the case that lmtpd coverts the mailbox name in a fileinto action back from UTF-8 to MUTF-7 when parsing the script? Also, am I right in thinking that header string matching is always done UTF-8, and non-UTF-8 mail headers are converted to UTF-8 first? Thanks, Stephen
Re: How to deliver mails in the stage directory after a crash ?
On Tue, 9 Sep 2003, Pierre POMES wrote: My question is : after one hour, all lmtpd process were still frozen, so I killed them manually (what could I do else ?), and all mails stayed in the stage. directory. Is there a way to retry the deliver of all theses mails ? These mails should automaticly be retried by your MTA. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Unable to authenticate with LDAPs
Hi, Here I'm another time with my LDAP tests. In this moment my situation is the following one: I've installed this software: Solaris 8 Cyrus IMAP 2.1.13 Cyrus SASL 2.1.15 OpenLDAP 2.1.22 libraries OpenSSL 0.9.6 Saslauthd works fine with ldap authentication against my Lotus Domino eDirectory. My Cyrus IMAP server and my LDAP server aren't in the same machine. Now, in my next step, I can't to authenticate saslauthd with ldaps. I'm sure the CA certificate is correct and my LDAP server accepts SSL connections because I can consult the LDAP directory in another type of clients like Netscape 7 or Explorer 6. This is my /usr/local/etc/saslauthd.conf : #ldap_servers: ldap://myserver.upc.es/ ldap_servers: ldaps://myserver.upc.es/ ldap_bind_dn: cn=UsuariProves1,o=LCX ldap_bind_pw: contrasenya ldap_filter: ((cn=%u) (objectclass=person)) ldap_tls_cacert_file: /var/imap/certs/escert.cer -- I've tested too with the escert.pem file but the results is the same this is the response when I make the test: saslauthd -a ldap testsaslauthd -u usuariproves1 -p contrasenya 0: NO authentication failed and the results in the /var/log/auth.log file: Sep 9 13:40:58 delius saslauthd[1260]: [ID 390612 auth.warning] ldap_simple_bind() failed as cn=UsuariProves1,o=LCX (Can't contact LDAP server) Sep 9 13:40:58 delius saslauthd[1260]: [ID 462440 auth.warning] lak_bind() failed Sep 9 13:40:58 delius saslauthd[1260]: [ID 285309 auth.info] do_auth : auth failure: [user=usuariproves1] [service=imap] [realm=] [mech=ldap] [reason=Unknown] Sep 9 13:40:58 delius last message repeated 1 time Sep 9 13:40:58 delius saslauthd[1260]: [ID 286158 auth.warning] Unable to set LDAP_OPT_X_TLS_CACERTFILE (Unknown error). My Domino LDAP directory have the following parameters related with ports: TCP/IP port number: 389 TCP/IP port status: Enabled Authentication options: Name password: Yes Anonymous: No SSL port number: 636 SSL port status: Enabled Authentication options: Client certificate: No Name password: Yes Anonymous: No Can someone help me, please? Thanks in advance. - ANNA -
Re: Sql based Spamassassin with sieve
I am using a gateway spamassassin with Mailscanner. The problem is every user would like his own individual preferences stored. So I was looking if there was a way I could use sieve to fork spamassassin per user with the user name and the prefernces stored in Mysql database. I didn't do it with Sieve. I have Postfix using procmail as my LDA, which filters the incoming mail through spamd, then delivers into Cyrus using (Debian) cyrdeliver. Here is my /etc/procmailrc. I'm not good at procmail, so YMMV. DELIVERMAIL=/usr/sbin/cyrdeliver IMAP=$DELIVERMAIL -e -a $USER $USER SPAMC=/usr/bin/spamc -u $USER ## Trim out From: since Cyrus doesn't like it one bit :0hfw | /usr/bin/formail -I From ### ### Spam Assassin ### :0fw | $SPAMC ### ### Deliver it to the user inbox ### :0 w | $IMAP :0 w { EXITCODE=$? HOST }
Re: How to deliver mails in the stage directory after a crash ?
Hi, Thanks for the quick answer... Unfortunatly, my MTA did not retry any deliverey, but perharps it is due to a wrong design : 1) I am a using the default sendmail config file shipped with Redhat, without defining a cyrus mailer, since I want to continue to popultate other mailboxes than mine, in the standard unix mailbox format. 2) For my personnal tests with Cyrus, in my home, I defined a .procmailrc file, which keeps a local copy in /var/spool/mail, and deliver mail in my cyrus folder using cyrdeliver. I think this setup is not good and can explain why the recover has not been done : sendmail should deliver directly with cyrdeliver, without using procmail. May you confirm this ? It would be probably easier to use another mail server to do my own tests... Thanks for your help, Pierre On Tue, 9 Sep 2003, Pierre POMES wrote: My question is : after one hour, all lmtpd process were still frozen, so I killed them manually (what could I do else ?), and all mails stayed in the "stage." directory. Is there a way to retry the deliver of all theses mails ? These mails should automaticly be retried by your MTA. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Shared Folders
I have the following configuration : postfix 2.0.14 cyrus-imapd 2.2.1 CVS I try to configure a shared folder that can receive email with an alias defined. I define the alias : support: +shared The permission on shared folder are : user1 lrswip user2 lrswip cyrus lrswipcda lmtpuser lrswipcda now if i try to send a message I receive an error in the imapd log Sep 9 14:18:00 www lmtpunix[10701]: append_check() of 'shared' failed and in the mail log : Sep 9 14:02:44 www postfix/lmtp[10586]: 73E398FCA: to=[EMAIL PROTECTED], relay=/var/imap/socket/lmtp[/var/imap/socket/lmtp], delay=0, status=bounced (host /var/imap/socket/lmtp[/var/imap/socket/lmtp] said: 550-Mailbox unknown. Either there is no mailbox associated with this 550-name or you do not have authorization to see it. 550 5.1.1 User unknown (in reply to RCPT TO command)) Seem that there are some error during the lmtp deliver in the imapd service. Any idea Thanks vittorio -- Vittorio manfredini This message was sent using IMP, the Internet Messaging Program.
Re: Unable to authenticate with LDAPs
Take my advice with a grain of salt: my work with the motly collection of tools is ongoing.. (basicly Im with a volunteer run ISP, and been fighting political battles more then tech ones for 6 months) Anyway.. 'ldap' is neither a service or a mech... A 'service' is what you (would) define in the pam configuration files and is something like: login, ssh, imap, pop, ppp and what not. And a mech is how the password checking is done, something like: CRAM-MD6, DIGEST-MD5 etc. But even before the saslauthd gets that far it fails even to connect to you ldap server.. Check from the command line to see if the LDAP box can be contacted.. I use something like: ldapsearch -Y DIGEST-MD5 -U saslauthd -h clio.chebucto.net -s sub -b o=chebucto,c=ca -Z (uid=saslauthd) This tries to bind to my LDAP server as the saslauthd user and then does a search for that user object... This at least verifys that the server can be contacted and bound to as the saslauthd user.. Get the command line working before you move on to saslauthd.. On Tue, 2003-09-09 at 09:16, Ana Ribas/Upcnet wrote: Hi, lak_bind() failed Sep 9 13:40:58 delius saslauthd[1260]: [ID 285309 auth.info] do_auth : auth failure: [user=usuariproves1] [service=imap] [realm=] [mech=ldap] [reason=Unknown] Sep 9 13:40:58 delius last message repeated 1 time
Re: How to deliver mails in the stage directory after a crash ?
On Tue, 9 Sep 2003, Pierre POMES wrote: I think this setup is not good and can explain why the recover has not been done : sendmail should deliver directly with cyrdeliver, without using procmail. May you confirm this ? Sendmail should really be using LMTP, but yes, delivering directly to cyrdeliver would be better. The key is that temporary failures need to be correctly returned to sendmail. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: Shared Folders
Vittorio, It looks like you've only defined a subfolder on the domain. You need to establish the account plus the subfolder for delivery. Example: [EMAIL PROTECTED] This will tell the LMTP to deliver the message to the 'support' account under the the 'shared' subfolder. Make sure you have permissions for both the 'support' account and 'shared' folder set properly. You should also make sure your postfix main.cf file associates the '+' name space properly when delivering to subfolders. Respectfully, Gary Vittorio Manfredini wrote: I have the following configuration : postfix 2.0.14 cyrus-imapd 2.2.1 CVS I try to configure a shared folder that can receive email with an alias defined. I define the alias : support: +shared The permission on shared folder are : user1 lrswip user2 lrswip cyrus lrswipcda lmtpuser lrswipcda now if i try to send a message I receive an error in the imapd log Sep 9 14:18:00 www lmtpunix[10701]: append_check() of 'shared' failed and in the mail log : Sep 9 14:02:44 www postfix/lmtp[10586]: 73E398FCA: to=[EMAIL PROTECTED], relay=/var/imap/socket/lmtp[/var/imap/socket/lmtp], delay=0, status=bounced (host /var/imap/socket/lmtp[/var/imap/socket/lmtp] said: 550-Mailbox unknown. Either there is no mailbox associated with this 550-name or you do not have authorization to see it. 550 5.1.1 User unknown (in reply to RCPT TO command)) Seem that there are some error during the lmtp deliver in the imapd service. Any idea Thanks vittorio -- Vittorio manfredini This message was sent using IMP, the Internet Messaging Program.
test
test
make all exits with error 1
Hi! I'm having weird problems compiling cyrus-imap-2.1.15 on my debian machine. SASL works quiet fine, SMTP AUTH with Postfix, too. My configure-params were as follows: # ./configure --prefix=/usr --with-cyrus-user=cyrus --with-cyrus-group=mail --with-auth=unix --with-sasl=/usr/local/lib/sasl2 --libdir=/usr/lib But I get following negative lines in its output: checking for makedepend... /root/src/cyrus-imapd-2.1.15/tools/not-mkdep configure: warning: Makedepend is not installed on this system. You should compile and install the version from the makedepend subdirectory. checking for strerror in -lcposix... no checking for strlcat... no checking for strlcpy... no checking for opendir in -ldir... no checking for res_search... no checking for dns_lookup... no checking for bison... no checking for byacc... no checking for yywrap in -ll... no checking for main in -lfl... no checking for rxposix.h... no checking for setproctitle... no checking for setproctitle in -lutil... no checking for sys/pstat.h... no checking for sys/sysnews.h... no checking for PS_STRINGS... no checking for SCO... no checking for RSAPublicEncrypt in -lrsaref... no checking for BIO_accept in -lcrypto... no checking for SSL_CTX_new in -lssl... no checking for openssl... no checking for ZInitialize in -lzephyr... no checking for com_err.h... no configure: warning: com_err is required; included version will be used. checking for dlopen... no checking for dlopen in -ldl... yes checking for crypt... no checking for MD5Init... no checking for MD5Init in -lmd... no checking for request_init in -lwrap... no checking libwrap support... no checking for sprint_objid in -lsnmp... no checking UCD SNMP libraries... no Then, # make depend # make all [Snip] Unrecognized argument in LIBS ignored: '-Wl,-rpath,/usr/local/lib/sasl2/lib' Writing Makefile for Cyrus::IMAP [Snip] LD_RUN_PATH=/usr/local/lib cc -shared -L/usr/local/lib IMAP.o -o blib/arch/auto/Cyrus/IMAP/IMAP.so ../../lib/libcyrus.a -lsasl2 -lssl -lcrypto /usr/bin/ld: cannot find -lcrypto collect2: ld returned 1 exit status make[2]: *** [blib/arch/auto/Cyrus/IMAP/IMAP.so] Error 1 make[2]: Leaving directory `/root/src/cyrus-imapd-2.1.15/perl/imap' make[1]: *** [all] Error 1 make[1]: Leaving directory `/root/src/cyrus-imapd-2.1.15/perl' make: *** [all] Error 1 In the whole make-output, /usr/local/... is used, but I defined /usr/ as prefix! Most of the not found libaries exist on my machine, but make looks them up in the wrong directory! What shall I do??? BIG THANKS FOR ALL YOUR ANSWERS IN ADVANCE!!! Oliver Demetz
Authentication failed. generic failure
Gentlemen: When I run 'imtest' on my system, I get the following failure: --: snip -- S: A01 NO user not found Authentication failed. generic failure Security strength factor: 256 . logout manually typed-in because it stalled here. * BYE LOGOUT received . OK Completed Connection closed. saslpasswd appears to have the correct user/passwd combo. I don't know what to do next. My system is FreeBSD 5.1 with cyrus-imapd2 port installed(cyrus-imapd version 2.1.15). My configuration file is attached. Thanks in advance for any help you can give me. Mike Allen# # $FreeBSD: ports/mail/cyrus-imapd2/files/imapd.conf,v 1.8 2002/08/08 14:06:48 ume Exp $ # # Sample configurations file for Cyrus IMAPd # Most lines in this file are commented; in this case the default is used. # The commented lines (usually) contain the default value # The pathname of the IMAP configuration directory # configdirectory: /var/imap # The partition name used by default for new mailboxes # #defaultpartition: default # The directory for the different partitions # partition-default: /var/spool/imap # Use the UNIX separator character '/' for delimiting levels of # mailbox hierarchy. The default is to use the netnews separator # character '.'. #unixhierarchysep: no # Use the alternate IMAP namespace, where personal folders reside at # the same level in the hierarchy as INBOX. # #altnamespace: no # If using the alternate IMAP namespace, the prefix for the other # users namespace. The hierarchy delimiter will be automatically # appended. # #userprefix: Other Users # If using the alternate IMAP namespace, the prefix for the shared # namespace. The hierarchy delimiter will be automatically appended. # #sharedprefix: Shared Folders # The umask value used by various Cyrus IMAP programs # #umask: 077 # This is the hostname visible in the greeting messages of the POP, # IMAP and LMTP daemons. If it is unset, then the result returned from # gethostname(2) is used. # #servername: result returned by gethostname(2) # Whether to allow anonymous logins # #allowanonymouslogin: no # Allow the use of the SASL PLAIN mechanism. # allowplaintext: yes # The percent of quota utilization over which the server generates # warnings. # quotawarn: 90 # The length of the IMAP server's inactivity autologout timer, in minutes. # The minimum value is 30, the default. # #timeout: 30 # The interval (in seconds) for polling the mailbox for changes while # running the IDLE command. This option is used when idled can not be # contacted or when polling is used exclusively. The minimum value is # 1. A value of 0 will disable polling (and disable IDLE if polling # is the only method available). # imapidlepoll: 60 # If enabled, the server responds to an ID command with a parameter # list containing: version, vendor, support-url, os, os-version, # command, arguments, environment. Otherwise the server returns NIL. # imapidresponse: yes # Set the length of the POP server's inactivity autologout timer, in # minutes. The minimum value is 10, the default. # #poptimeout: 10 # Set the minimum amount of time the server forces users to wait between # successive POP logins, in minutes. The default is 0. # #popminpoll: 0 # The number of days advertised as being the minimum a message may be # left on the POP server before it is deleted (via the CAPA command, # defined in the POP3 Extension Mechanism, which some clients may # support). NEVER, the default, may be specified with a negative # number. The Cyrus POP3 server never deletes mail, no matter what # the value of this parameter is. However, if a site implements a # less liberal policy, it needs to change this parameter accordingly. # #popexpiretime: 0 # The list of userids with administrative rights. Separate each userid # with a space. We recommend that administrator userids be separate from # standard userids. Sites using Kerberos authentication may use separate # admin instances. # admins: cyrus, mallen # A list of users and groups that are allowed to proxy for other # users, seperated by spaces. Any user listed in this will be allowed # to login for any other user: use with caution. # #proxyservers: none # The Access Control List (ACL) placed on a newly-created (non-user) # mailbox that does not have a parent mailbox. # defaultacl: anyone lrs # The pathname of the news spool directory. Only used if the partition-news # configuration option is set. # #newsspool: no default # Prefix to be prepended to newsgroup names to make the corresponding IMAP # mailbox names. # #newsprefix: none # If nonzero, normal users may create their own IMAP accounts by creating # the mailbox INBOX. The user's quota is set to the value if it is positive, # otherwise the user has unlimited quota. # autocreatequota: 5 # Include notations in the protocol telemetry logs indicating the number # of seconds since the last command or response. # #logtimestamps: no # Number of seconds to pause after a
Re: make all exits with error 1
additional information on my problem: I tried to configure with 'without-openssl' option, but it didn't help. :-( Here's all configure/make output i can provide: # ./configure --prefix=/usr --with-cyrus-user=cyrus --with-cyrus-group=mail --with-auth=unix --with-sasl=/usr/local/lib/sasl2 --libdir=/usr/lib --without-openssl creating cache ./config.cache checking host system type... i686-pc-linux-gnu checking for makedepend... /root/src/cyrus-imapd-2.1.15/tools/not-mkdep configure: warning: Makedepend is not installed on this system. You should compile and install the version from the makedepend subdirectory. checking for gcc... gcc checking whether the C compiler (gcc ) works... yes checking whether the C compiler (gcc ) is a cross-compiler... no checking whether we are using GNU C... yes checking whether gcc accepts -g... yes checking for ranlib... ranlib checking whether make sets ${MAKE}... yes checking for a BSD compatible install... /usr/bin/install -c checking how to run the C preprocessor... gcc -E checking for AIX... no checking for strerror in -lcposix... no checking for mawk... mawk checking for working const... yes checking for long file names... yes checking for __attribute__... yes checking if compiler supports -fPIC... yes checking for runpath switch... -Wl,-rpath, checking for unistd.h... yes checking for sys/select.h... yes checking for sys/param.h... yes checking for stdarg.h... yes checking for memmove... yes checking for strcasecmp... yes checking for ftruncate... yes checking for strerror... yes checking for strlcat... no checking for strlcpy... no checking for dirent.h that defines DIR... yes checking for opendir in -ldir... no checking for connect... yes checking for res_search... no checking for res_search in -lresolv... yes checking for dn_expand... yes checking for dns_lookup... no checking for getaddrinfo... yes checking for gai_strerror... yes checking for getnameinfo... yes checking whether struct tm is in sys/time.h or time.h... time.h checking for tm_zone in struct tm... yes checking for vprintf... yes checking for db.h... yes checking for db_create in -ldb-4.1... no checking for db_create in -ldb4.1... no checking for db_create in -ldb41... no checking for db_create in -ldb-4.0... no checking for db_create in -ldb4.0... no checking for db_create in -ldb-4... no checking for db_create in -ldb40... no checking for db_create in -ldb4... no checking for db_create in -ldb-3.3... no checking for db_create in -ldb3.3... no checking for db_create in -ldb33... no checking for db_create in -ldb-3.2... no checking for db_create in -ldb3.2... no checking for db_create in -ldb32... no checking for db_create in -ldb-3.1... no checking for db_create in -ldb3.1... no checking for db_create in -ldb31... no checking for db_create in -ldb-3... yes checking duplicate db database backend... db3_nosync checking mboxlist database backend... db3 checking seen state database backend... flat checking subscription database backend... flat checking TLS cache database backend... db3_nosync checking for bison... no checking for byacc... no checking for flex... lex checking for yywrap in -ll... no checking for main in -lfl... no checking for library containing regcomp... none required checking for rxposix.h... no checking for strerror... (cached) yes checking for sys/resource.h... yes checking for setrlimit... yes checking for getrlimit... yes checking for daemon... yes checking for setsid... yes checking for shutdown... yes checking for setproctitle... no checking for setproctitle in -lutil... no checking for sys/pstat.h... no checking for sys/sysnews.h... no checking for PS_STRINGS... no checking for SCO... no checking for setproctitle usability... yes checking nonblocking method... fcntl checking timezone GMT offset method... tm checking for shared mmap... yes checking for fcntl... yes checking for fdatasync... yes checking for sigvec... yes checking for openssl... no checking for ZInitialize in -lzephyr... no checking for com_err.h... no configure: warning: com_err is required; included version will be used. checking for modern syslog... yes checking for getdtablesize... yes checking to use old sieve service name... no checking for dlopen... no checking for dlopen in -ldl... yes checking for crypt... no checking for crypt in -lcrypt... yes checking for sasl/sasl.h... yes checking for sasl/saslutil.h... yes checking for prop_get in -lsasl2... yes checking for sasl_checkapop in -lsasl2... yes checking for perl... perl checking for MD5Init... no checking for MD5Init in -lmd... no checking for request_init in -lwrap... no checking libwrap support... no checking for sprint_objid in -lsnmp... no checking UCD SNMP libraries... no updating cache ./config.cache creating ./config.status creating man/Makefile creating master/Makefile creating lib/Makefile creating acap/Makefile creating imap/Makefile creating imap/feedcyrus creating imtest/Makefile creating netnews/Makefile creating
Re: Authentication failed. generic failure
Have you created a mailbox for that user? You cant login unless the user has a inbox.. Initialy login with the user 'cyrus' (which should be in the admins: line in your imapd.conf).. This account will need a password, so do whatever it takes in your setup to create a 'real' cyrus account. On Tue, 2003-09-09 at 22:00, Mike Allen wrote: Gentlemen: When I run 'imtest' on my system, I get the following failure: --: snip -- S: A01 NO user not found Authentication failed. generic failure Security strength factor: 256 . logout manually typed-in because it stalled here. * BYE LOGOUT received . OK Completed Connection closed. saslpasswd appears to have the correct user/passwd combo. I don't know what to do next. My system is FreeBSD 5.1 with cyrus-imapd2 port installed(cyrus-imapd version 2.1.15). My configuration file is attached. Thanks in advance for any help you can give me. Mike Allen
Re: Authentication failed. generic failure
Mike Allen wrote: Gentlemen: When I run 'imtest' on my system, I get the following failure: --: snip -- S: A01 NO user not found Authentication failed. generic failure Security strength factor: 256 . logout manually typed-in because it stalled here. * BYE LOGOUT received . OK Completed Connection closed. saslpasswd appears to have the correct user/passwd combo. I don't know what to do next. My system is FreeBSD 5.1 with cyrus-imapd2 port installed(cyrus-imapd version 2.1.15). My configuration file is attached. Since you don't show which auth mechanism was used (plaintext or shared secret), its hard to help you. If its plaintext, make sure that saslauthd is running (since that is what you have configured for sasl_pwcheck_method) and configured correctly. If its shared secret, make sure that /usr/local/etc/sasldb2 exists, the 'cyrus' uid can read it an the sasldblistusers2 shows an entry for the user you are trying to log in as. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
database recovery...
We are running a Tru64 TruCluster system. We have 2 members in the cluster and run Cyrus IMAP 2.2.1b. We typically ran the system with Cyrus being CAA'd and only running on one member at a time. The stuff would relocate to the other cluster member if for some reason it could not run on the first one or we had to take it down for maintenance or whatever. Well, it appears that this new version uses a lot more memory than the 2.0.16 version did, with a lot of the processes settling on 27MB or 28MB of resident memory in use (not virtual memory, which the processes always indicate has more in use, but real memory in use). On Tru64, there is no way to determine exactly where that memory is going, unlike Solaris where you can run any of the proc tools, like pmap, to get a break down of what memory is shared, what is stored in the heap and what is consumed by the stack. Running lsof doesn't help, as they all show the same thing... interestingly enough, our mailboxes.db file is about 27MB in size, but I can find a lot of processes that are only a couple megabytes in size and that file is opened with them as well, so I think it is just a coincidence. Has anyone else noticed the larger memory footprint? So, with 3000+ cyrus process averaging about 20MB each, it consumed pretty much all our real RAM (we have 8GB on each cluster member). I would say about 6GB of memory was consumed in just Cyrus processes. We decided to run Cyrus on both cluster members at the same time. Since we are using a cluster file system which uses flock() to keep things working properly, it shouldn't be a problem. For those not familiar with Tru64's cluster file system, this is not NFS. It is basically a local file system as far as each member is concerned, but it is shared like NFS on all the members. Anyways, as Cyrus starts up on each member, it runs the ctl_cyrusdb -r command. The problem with that is that it runs it on each member at the same time (if I start them at the same time), so mailboxes.db has two of these processes hitting it at the same time. Worse, one member may finish faster than the other and start accepting connections before the other member has completed the recovery process. This doesn't appear to cause any side effects, but I would like to know if there would be any from this... especially if users are hitting the file while a recovery is in progress. Also, it takes a really *really* long time for the recovery process to run, which means even a simple restart is felt by all, as it takes several minutes for it to complete. In 2.0.16 with a flat file database, there was no wait at all for the restart to occur, and most people may not even notice it, since their email clients would silently reopen IMAP connections that were closed on them. Is there any way to shorten the duration of the recovery process? For instance, increasing the frequency of checkpoints considerably is one idea I have... would that help? Is there a point that I could do the recovery process on a schedule (like once a night) instead of running it at startup time to cut down on the overhead? Anyways, I am looking for some insight into this process... Thanks, Scott -- +---+ Scott W. Adkinshttp://www.cns.ohiou.edu/~sadkins/ UNIX Systems Engineer mailto:[EMAIL PROTECTED] ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 +---+ PGP Public Key available at http://www.cns.ohiou.edu/~sadkins/pgp/ pgp0.pgp Description: PGP signature
cvt_cyrusdb vs ctl_mboxlist
Okay, so we are using skiplist for our database now. If we wanted to do some simple searches on the database (we used to just grep for usernames on the flat file version of mailboxes.db), we have to first convert the database to a flat file. Really, the best way to do it is by running ctl_mboxlist and saving the output to a file. But before I discovered the command, I was trying to use cvt_cyrusdb to convert from skiplist to flat file, which basically took forever (in fact, I never got it to really finish, as I would Ctrl-C out of it before it was done). The problem with cvt_cyrusdb is that it seems to take a record from the skiplist database and writes it to a file to a new flat file database. If we call the new database flat.db, it would create a new file called flat.db.NEW with that one line added to the end of it, then move it to flat.db right after that. This process would be done for every record in the mailboxes.db file (ours is huge!). Wouldn't it be better to to enhance the conversion program to simply open the flat file database for append and just dump the contents of the old db right to it? It seems like the logic for writing to a flat file db is prohibitively expensive. Really, you want the conversion process from any database format to flat file format to dumb itself down to be what ctl_mboxlist does. The reason ctl_mboxlist works so well is that it just dumps the output to stdout and not to a file, so there are not .NEW files or renames or anything like that. Just a thought. Scott -- +---+ Scott W. Adkinshttp://www.cns.ohiou.edu/~sadkins/ UNIX Systems Engineer mailto:[EMAIL PROTECTED] ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 +---+ PGP Public Key available at http://www.cns.ohiou.edu/~sadkins/pgp/ pgp0.pgp Description: PGP signature