RE: FATAL: lmtpd: unable to init duplicate delivery database
On Wed, 2003-11-19 at 14:24, [EMAIL PROTECTED] wrote: > Hello, > > i have the same problem. I think the reason is the db4 > database on redhat 9. I have the problem each day. > But still no solution found ! > I will try it with another db4 version. > > My english is not good unfortunately ;) > > If I have a solution - I you will inform. > Thanks please post your findings when you do. > > > > your messages: > Hello, > > I have a strange lmtpd problem where it does not accept > connections and > it produces the following log errors when cyrus starts: > > Nov 18 13:49:09 tux ctl_cyrusdb[19874]: checkpointing cyrus > databases > Nov 18 13:49:09 tux lmtpd[19879]: DBERROR db4: operation not > permitted > during recovery. > Nov 18 13:49:09 tux lmtpd[19879]: DBERROR: opening > /var/lib/imap/deliver.db: Invalid argument > Nov 18 13:49:09 tux lmtpd[19879]: DBERROR: opening > /var/lib/imap/deliver.db: cyrusdb error > Nov 18 13:49:09 tux lmtpd[19879]: FATAL: lmtpd: unable to init > duplicate > delivery database > Nov 18 13:49:09 tux ctl_cyrusdb[19874]: done checkpointing > cyrus > databases > > Iam using RedHat9 with Simon Matter's rpms cyrus-sasl-2.1.15-3 > and > cyrus-imapd-2.1.15-2 rebuilt with db4 according to Simon's > db4-spec > file(although the error was still there even with the RedHat's > db4-4.0.14-20.i386.rpm). > > Your help will be appreciated. -- Andrew Koros Developer, Systems Services UUNET KENYA LTD 2nd Floor Parkside Towers Mombasa Road, Nairobi Tel: +254 2 69088618 Fax: +254 2 69088001 Email: [EMAIL PROTECTED] http://www.uunet.co.ke NOTICE: "The contents of this e-mail and any accompanying documentation is confidential and any use thereof, in whatever form, by anyone other than the addressee for whom it is intended, is strictly prohibited."
Re: Unexpected database recovery
One with deadlock problems and thinking of using the flock patch should read the stuff in https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=1177 The POSIX alarm fix for the timeout/deadlocks stuff is working just fine here. Unfortunately Philipp Sacha didn't reply yet to give us a second testimony on wether it works or not... Philipp? Did it work? -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh
Re: lmtpd rejecting messages
On Nov 19, 2003, at 12:44 PM, Alex Cresswell wrote: So I posted earlier with Service unavailable messages coming back from lmtpd, this is the bounce message I'm seeing. Is there any way to override lmtpd so that it will accept these messages or fix to filter these characters out? ... while talking to localhost: >>> DATA <<< 554 5.6.0 Message contains NUL characters 554 5.0.0 Service unavailable I've done some homework on this as well... There doesn't seem to be a (to me at least) real good satisfactory solution. Searching around in various places people have suggested using your MTA's filtering capabilities against *all* incoming e-mail to filter out NULs. Since this kind of filtering is pretty expensive in terms of horsepower this is not an acceptable solution for me. Which so far has brought me back to square one, grinding my teeth and accepting the rejections.. Please let the list know if you come up with anything. --Jo
Re: lmtpd rejecting messages
--On Wednesday, November 19, 2003 2:44 PM -0600 Alex Cresswell <[EMAIL PROTECTED]> wrote: So I posted earlier with Service unavailable messages coming back from lmtpd, this is the bounce message I'm seeing. Is there any way to override lmtpd so that it will accept these messages or fix to filter these characters out? ... while talking to localhost: >>> DATA <<< 554 5.6.0 Message contains NUL characters 554 5.0.0 Service unavailable I know this doesn't directly answer your question... But you could ask your MTA (are you running sendmail?) to filter 8bit data; The null bytes might be a symptom of unencoded 8bit data in messages... Just a thought. -Craig
lmtpd rejecting messages
So I posted earlier with Service unavailable messages coming back from lmtpd, this is the bounce message I'm seeing. Is there any way to override lmtpd so that it will accept these messages or fix to filter these characters out? ... while talking to localhost: >>> DATA <<< 554 5.6.0 Message contains NUL characters 554 5.0.0 Service unavailable -Alex
Re: mbox to Cyrus migration document
On Tue, 18 Nov 2003, Rob Siemborski wrote: > On Tue, 18 Nov 2003, Andrew Morgan wrote: > > > Uhh, so where in the Wiki should I put it? Also, I was intending to just > > create a link to my site, rather than duplicating the content into the > > Wiki. Is that what you had in mind? > > The administration section is probabaly a good start. I'd rather you put > all the content in the wiki, that way everything is in one place and > other people can update it later freely. Okay, I've added a new topic under Administration, put in my text as an example, and attached the scripts I've used. Take a look and let me know if I got it right. :) Andy
Re: cannot get idled to run
Craig Constantine <[EMAIL PROTECTED]> writes: > --On Tuesday, November 18, 2003 8:34 PM -0800 Ted Cabeen > <[EMAIL PROTECTED]> wrote: > >> Try changing the owner of the idle socket to cyrus. That's how I have >> mine, and I reacll that I had trouble getting idled started because of >> permissions. > > nope. I changed it to: > > # ls -ald /var/imap/socket/idle > srwxrwxrwx1 cyruscyrus 0 Jun 17 22:24 > /var/imap/socket/idle > > SIGHUP'd the master. Nothing about idled appeared in the logs, I'm > still getting the 'error sending to idled' errors in syslog. Trying to > start by hand still gives: I don't think that idled gets restarted if master is HUP'd. If you can do it, what I'd do is stop cyrus, run idled totally alone. If it starts then kill it and start cyrus up normally. > # su - cyrus -c '/usr/cyrus/bin/idled -C /etc/imapd.conf' > bind: Address already in use > > How do I figure out what exactly it is trying to bind to? You could trace it. Do you see idled in the process table? fuser might also tell you what process has the socket open. -- Ted Cabeen Sr. Systems/Network Administrator Impulse Internet Services
Re: mbox to Cyrus migration document
On Wed, 19 Nov 2003, Andrew Morgan wrote: > Okay, I've added a new topic under Administration, put in my text as an > example, and attached the scripts I've used. Take a look and let me know > if I got it right. :) Seems correct to me. Thanks! -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: Please help with Cyrus vs MS Outlook over TSL/SSL
Ilya Basin wrote: On Wednesday 19 November 2003 20:03, Ken Murchison wrote: I'd like to disable plaintext auth at all. Keep in mind that there is a difference between allowing plaintext authentication and allowing plaintext authentication mechanisms. You can enable plaintext authentication mechanisms (SASL PLAIN, IMAP LOGIN, POP3 USER/PASS) without allowing plaintext authentication by forcing the client to use SSL/TLS. In fact, some older clients use nothing but plaintext authentication mechanisms. I've changed the conf as you suggested to auxprop and t start to work FINE. THANK YOU som much. I shame of myself. If you already have an auxprop plugin populated with the user secrets, then this is the way to go. Ilya Basin wrote: Hi, I've spent a week trying to configure cyrus-imapd-2.1.15 to work with MS Outlook 2000 over TLS/SSL. I see no way to fix it... maybe I've missed something? System: Slackware 9.1 openssl-09.7c cyrus-imapd-cyrus-sasl-2.1.15 cyrus-imapd-2.1.15 compiled with no errors. Mozilla Messanger, PINE - checked & work fine with it over port 993 MS Oultook -> (with the options [secure auth], work over SSL (port 993)) gives an error "CRAM-MD5 auth failed" IMAPD.log: imapd[25702]: starttls: TLSv1 with cipher RC4-MD5(128/128 bits new) no authentication imapd[25702]: badlogin: [213.152.132.32] NTLM [SASL(-13): user not found: no secret in database] What kind of authentication do you want to do? Are you only going to allow plaintext auth mechanisms (via saslauthd), or do you want to allow shared secret mechanisms (via an auxprop plugin like sasldb, LDAP, SQL)? The only way you will be able to use Outlook's SPA (NTLM) is to allow the user secrets to be stored in an auxprop backend, or to proxy the NTLM authentication to an NT/2K server. My suggestion is to simply not use Outlook's SPA, since the authentication is already protected by SSL. Unchecking the SPA box should solve your problem. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: cannot get idled to run
--On Tuesday, November 18, 2003 8:34 PM -0800 Ted Cabeen <[EMAIL PROTECTED]> wrote: Try changing the owner of the idle socket to cyrus. That's how I have mine, and I reacll that I had trouble getting idled started because of permissions. nope. I changed it to: # ls -ald /var/imap/socket/idle srwxrwxrwx1 cyruscyrus 0 Jun 17 22:24 /var/imap/socket/idle SIGHUP'd the master. Nothing about idled appeared in the logs, I'm still getting the 'error sending to idled' errors in syslog. Trying to start by hand still gives: # su - cyrus -c '/usr/cyrus/bin/idled -C /etc/imapd.conf' bind: Address already in use How do I figure out what exactly it is trying to bind to? -Craig
Re: Please help with Cyrus vs MS Outlook over TSL/SSL
On Wednesday 19 November 2003 20:03, Ken Murchison wrote: I'd like to disable plaintext auth at all. I've changed the conf as you suggested to auxprop and t start to work FINE. THANK YOU som much. I shame of myself. > Ilya Basin wrote: > > Hi, > > I've spent a week trying to configure cyrus-imapd-2.1.15 > > to work with MS Outlook 2000 over TLS/SSL. > > I see no way to fix it... maybe I've missed something? > > > > > > System: > > > > Slackware 9.1 > > openssl-09.7c > > cyrus-imapd-cyrus-sasl-2.1.15 > > cyrus-imapd-2.1.15 > > > > compiled with no errors. > > > > Mozilla Messanger, PINE - checked & work fine with it over port 993 > > MS Oultook -> (with the options [secure auth], work over SSL (port 993)) > > gives an error "CRAM-MD5 auth failed" > > IMAPD.log: > > > > imapd[25702]: starttls: TLSv1 with cipher RC4-MD5(128/128 bits new) no > > authentication > > imapd[25702]: badlogin: [213.152.132.32] NTLM [SASL(-13): user not found: > > no secret in database] > > What kind of authentication do you want to do? Are you only going to > allow plaintext auth mechanisms (via saslauthd), or do you want to allow > shared secret mechanisms (via an auxprop plugin like sasldb, LDAP, SQL)? > > The only way you will be able to use Outlook's SPA (NTLM) is to allow > the user secrets to be stored in an auxprop backend, or to proxy the > NTLM authentication to an NT/2K server. > > My suggestion is to simply not use Outlook's SPA, since the > authentication is already protected by SSL. Unchecking the SPA box > should solve your problem.
Re: Please help with Cyrus vs MS Outlook over TSL/SSL
Ilya Basin wrote: Hi, I've spent a week trying to configure cyrus-imapd-2.1.15 to work with MS Outlook 2000 over TLS/SSL. I see no way to fix it... maybe I've missed something? System: Slackware 9.1 openssl-09.7c cyrus-imapd-cyrus-sasl-2.1.15 cyrus-imapd-2.1.15 compiled with no errors. Mozilla Messanger, PINE - checked & work fine with it over port 993 MS Oultook -> (with the options [secure auth], work over SSL (port 993)) gives an error "CRAM-MD5 auth failed" IMAPD.log: imapd[25702]: starttls: TLSv1 with cipher RC4-MD5(128/128 bits new) no authentication imapd[25702]: badlogin: [213.152.132.32] NTLM [SASL(-13): user not found: no secret in database] What kind of authentication do you want to do? Are you only going to allow plaintext auth mechanisms (via saslauthd), or do you want to allow shared secret mechanisms (via an auxprop plugin like sasldb, LDAP, SQL)? The only way you will be able to use Outlook's SPA (NTLM) is to allow the user secrets to be stored in an auxprop backend, or to proxy the NTLM authentication to an NT/2K server. My suggestion is to simply not use Outlook's SPA, since the authentication is already protected by SSL. Unchecking the SPA box should solve your problem. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Please help with Cyrus vs MS Outlook over TSL/SSL
On Wednesday 19 November 2003 19:14, Ilya Basin wrote: I have some additional info. Sorry to provide you with so big bunch of info... ALL imtest passed with OK, like: [EMAIL PROTECTED]:~$ imtest -u ilya -p 993 -s localhost -m digest-md5 verify error:num=18:self signed certificate TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits) S: * OK torer Cyrus IMAP4 v2.1.15 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=SRP AUTH=NTLM AUTH=PLAIN AUTH=OTP AUTH=DIGEST-MD5 AUTH=CRAM-MD5 S: C01 OK Completed C: A01 AUTHENTICATE DIGEST-MD5 S: + bm9uY2U9InNRVythSmQxaExpa3hJRzY1elZjanloYjdEZ3Jqdmg5VFhhUk5EcEcweGs9IixyZWFsbT0idG9yZXIiLHFvcD0iYXV0aCIsbWF4YnVmPTQwOTYsY2hhcnNldD11dGYtOCxhbGdvcml0aG09bWQ1LXNlc3M= Please enter your password: C: dXNlcm5hbWU9ImlseWEiLHJlYWxtPSJ0b3JlciIsbm9uY2U9InNRVythSmQxaExpa3hJRzY1elZjanloYjdEZ3Jqdmg5VFhhUk5EcEcweGs9Iixjbm9uY2U9InNuT2NqNWc3MklHenRmdjhEY2dhOXBZL3l1U1ByNnZBRUhtd1VCVk5uYms9IixuYz0wMDAwMDAwMSxxb3A9YXV0aCxtYXhidWY9MTAyNCxkaWdlc3QtdXJpPSJpbWFwL2xvY2FsaG9zdCIscmVzcG9uc2U9ZWYzMGMyZjg0NTFmYzhlNGY4ZDNmZmFlODFlOTBiMWU= S: + cnNwYXV0aD0xNzcxNTM4MDlkOTdkNWFhYTNkYjNlM2VjOWMzMTZjMg== C: S: A01 OK Success (tls protection) Authenticated. Security strength factor: 256 [EMAIL PROTECTED]:~$ imtest -u ilya -p 993 -s localhost -m ntlm verify error:num=18:self signed certificate TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits) S: * OK torer Cyrus IMAP4 v2.1.15 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=SRP AUTH=NTLM AUTH=PLAIN AUTH=OTP AUTH=DIGEST-MD5 AUTH=CRAM-MD5 S: C01 OK Completed C: A01 AUTHENTICATE NTLM S: + C: TlRMTVNTUAABB4IgACA= S: + TlRMTVNTUAACCgAKADAFggIAbbWlQikzSmE6IE5UTE0gc2VydmVyIHN0VABPAFIARQBSAA== Please enter your password: C: TlRMTVNTUAADGAAYAEAYABgAWAoACgBwCAAIAHoAggCCBYIAAHEToITshuMXoNRGSZo1bdBAQShmOVTT3SkZ3vXxYZv/ qzD2aNXrN8FSAcpN8VASAVQATwBSAEUAUgBpAGwAeQBhAA== S: A01 OK Success (tls protection) Authenticated. Security strength factor: 256 [EMAIL PROTECTED]:~$ imtest -u ilya -p 993 -s localhost -m cram-md5 verify error:num=18:self signed certificate TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits) S: * OK torer Cyrus IMAP4 v2.1.15 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=SRP AUTH=NTLM AUTH=PLAIN AUTH=OTP AUTH=DIGEST-MD5 AUTH=CRAM-MD5 S: C01 OK Completed C: A01 AUTHENTICATE CRAM-MD5 S: + PDM3NjY0NTMxMjQuMTIyOTU0NDVAdG9yZXI+ Please enter your password: C: aWx5YSAyNTdkNzgyODA1ZDBkZWFmOTU5YjdhNWQxZGM1YTY4ZA== S: A01 OK Success (tls protection) Authenticated. Security strength factor: 256 [EMAIL PROTECTED]:~$ imtest -u ilya -p 993 -s localhost -m OTP verify error:num=18:self signed certificate TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits) S: * OK torer Cyrus IMAP4 v2.1.15 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=SRP AUTH=NTLM AUTH=PLAIN AUTH=OTP AUTH=DIGEST-MD5 AUTH=CRAM-MD5 S: C01 OK Completed C: A01 AUTHENTICATE OTP S: + Please enter your secret pass-phrase: C: aWx5YQBpbHlh S: + b3RwLW1kNSA0OTggdG81NTU5IGV4dA== C: aGV4OjZjZTI4MmFiZTk4ZDIyY2U= S: A01 OK Success (tls protection) Authenticated. Security strength factor: 256 [EMAIL PROTECTED]:~$ imtest -u ilya -p 993 -s localhost -m SRP verify error:num=18:self signed certificate TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits) S: * OK torer Cyrus IMAP4 v2.1.15 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=SRP AUTH=NTLM AUTH=PLAIN AUTH=OTP AUTH=DIGEST-MD5 AUTH=CRAM-MD5 S: C01 OK Completed C: A01 AUTHENTICATE SRP S: + Please enter your password: C: DAAEaWx5YQAEaWx5YQ== S: + AAABIQEArGvbQTJKmpvxZt5eE4lYL69ytmUZh+4H/ DGSlD21YFCjcynLtKCZ7YGT4HV3Z6E91SMSq0sDMQ3Nf0ip2gT9UOgIOWntt2ewz2CVF5oWOrNmGgX71fqq6CkYqZYvC5O4Vfl5k +yXXuqoDXQK2/T/dHNZ0EHVwz6nHSgeRGsUdzvKl7Q6I/ uAFna9IHpDbGSB8dK5B4cXRhpbnTLmiPh3SFRFI7UksNV9Xqd6J3XS7PoDLPvb9S +zeGFgJ5AE5Xrmr4dOcwPOUymczAQce8MI2CpWmPOo0MOCca41+Onb +7aUtcgD2J965DXeI21SX1R1m2XjcvzWjvIPpxEfnkr/cwABAhBJ7hWfe/7e2sJFsO +sRX3PAAltZGE9U0hBLTE= C: AAABDQEAKWbjLQMWWmYoKrbk0FWHDsuvDjALFkKs9c2DYrAt/ TEouoqRBH1R74Bsrf6elkhou3QhhHT7D8
OT: Re: Changelog, LDAP features
On Wed, 2003-11-19 at 17:48, Rob Siemborski wrote: > On Wed, 19 Nov 2003, Ken Murchison wrote: > > > > 2) Is there a list of planned featues and features which is being worked > > > on? > > > > Not really. The cyrus-devel list or the Cyrus Wiki would be the most > > obvious places for this type of thing to exist. > > Generally if someone suggests a feature that we want to implement > "sometime", we throw it in our bugzilla so we don't forget. > > However, currently I think we're heading into a mostly-maintenance period > (after 2.2 gets a "stable" release -- possibly by the end of the year, > certainly by the end of January). > > > > 3) Are there any plans to allow some further integration of LDAP? I am > > > thinking about: > > > > > > a) Fetching Sieve-scripts from LDAP (would guess not) > > > > No, but I don't see why it couldn't exist. I don't know if you'd want > > integration with timsieved or not (probably not). > > There's no plans for this. There's no real strong reasons against it, > except for performance -- currently we mmap the bytecode directly > from disk, as opposed to having to download it for each delivery > (even from a local replica, this is a lose). > > > > b) Fetching Quota settings from LDAP (same) > > > > This would be fairly trivial once the quota stuff gets changed to use > > the cyrusdb interface. Then all that would need to be done would be to > > write a cyrusdb_ldap backend. In fact the cyrusdb_ldap backend could be > > written any time. Sorry, it is a little bit off topic but I decided to ask since you have mentioned about near future plans. Do you plan to include a document as to how to implement Cyrus 2.2 virtual domains feature into postfix ? This has been written in the todo list. Murat
Please help with Cyrus vs MS Outlook over TSL/SSL
Hi,
I've spent a week trying to configure cyrus-imapd-2.1.15
to work with MS Outlook 2000 over TLS/SSL.
I see no way to fix it... maybe I've missed something?
System:
Slackware 9.1
openssl-09.7c
cyrus-imapd-cyrus-sasl-2.1.15
cyrus-imapd-2.1.15
compiled with no errors.
Mozilla Messanger, PINE - checked & work fine with it over port 993
MS Oultook -> (with the options [secure auth], work over SSL (port 993)) gives
an error "CRAM-MD5 auth failed"
IMAPD.log:
imapd[25702]: starttls: TLSv1 with cipher RC4-MD5(128/128 bits new) no
authentication
imapd[25702]: badlogin: [213.152.132.32] NTLM [SASL(-13): user not found: no
secret in database]
###
my imapd.conf:
###
configdirectory:/usr/local/var/imap
partition-default: /usr/local/var/spool/imap
sieveusehomedir:false
admins: cyrus, ilya
allowanonymouslogin: no
allowplaintext: no
sendmail: /usr/sbin/sendmail
sasl_pwcheck_method: saslauthd
#sasl_mech_list:
srvtab: /etc/ssl
tls_ca_path: /etc/ssl
tls_ca_file:/etc/ssl/server.pem
tls_cert_file: /etc/ssl/server.pem
tls_key_file: /etc/ssl/server.pem
my cyrus.conf:
###
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd="ctl_cyrusdb -r"
# this is only necessary if using idled for IMAP IDLE
# idledcmd="idled"
}
# UNIX sockets start with a slash and are put into /var/imap/socket
SERVICES {
# add or remove based on preferences
imapcmd="imapd" listen="imap" prefork=0
imaps cmd="imapd -s" listen="imaps" prefork=0
pop3cmd="pop3d" listen="pop3" prefork=0
pop3s cmd="pop3d -s" listen="pop3s" prefork=0
# sievecmd="timsieved" listen="sieve" prefork=0
# at least one LMTP is required for delivery
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
# this is only necessary if using notifications
# notify cmd="notifyd" listen="/var/imap/socket/notify" proto="udp"
prefork=1
}
EVENTS {
# this is required
checkpointcmd="ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery suppression
delprune cmd="ctl_deliver -E 3" at=0400
# this is only necessary if caching TLS sessions
tlsprune cmd="tls_prune" at=0400
}
my imtest -u ilya -s output:
###
[EMAIL PROTECTED]:~$ imtest -u ilya -s localhost
verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
S: * OK torer Cyrus IMAP4 v2.1.15 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE
UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=SRP AUTH=NTLM AUTH=PLAIN
AUTH=OTP AUTH=DIGEST-MD5 AUTH=CRAM-MD5
S: C01 OK Completed
C: A01 AUTHENTICATE SRP
S: +
Please enter your password:
C: DAAEaWx5YQAEaWx5YQ==
S: + AAABIQEArGvbQTJKmpvxZt5eE4lYL69ytmUZh+4H/
DGSlD21YFCjcynLtKCZ7YGT4HV3Z6E91SMSq0sDMQ3Nf0ip2gT9UOgIOWntt2ewz2CVF5oWOrNmGgX71fqq6CkYqZYvC5O4Vfl5k
+yXXuqoDXQK2/T/dHNZ0EHVwz6nHSgeRGsUdzvKl7Q6I/
uAFna9IHpDbGSB8dK5B4cXRhpbnTLmiPh3SFRFI7UksNV9Xqd6J3XS7PoDLPvb9S
+zeGFgJ5AE5Xrmr4dOcwPOUymczAQce8MI2CpWmPOo0MOCca41+Onb
+7aUtcgD2J965DXeI21SX1R1m2XjcvzWjvIPpxEfnkr/cwABAhBJ7hWfe/7e2sJFsO
+sRX3PAAltZGE9U0hBLTE=
C: AAABDQEAq7MXJsdRD843HkUEX8cH/
wwTuk4WqoZl97ZQ4PBjHVsz6WO81idFeHBO0r4AzdRTfJmPo32HtgleOLphf1usROjnKH3amiih0Kc7p8b8IBH6ZuWJ7HjcaIir0WiSJV3MnYKC5tcrYfra6rhlhnNO7zOcpQfNrywq8qHG7AMdOaSZYR8n60uhD3fPEdcTqaF2bgbvPDAtcfXW8AiDsElbY401Ck9Xl8r1UVsx8T9Sv3QQrbaN9CxPX8T006
+HQfRHJy8S46wnTSwn7y6bYbuwBhrXwGYPNqU4ancS7mY9cTUMb/fPdROWUwGkEbKt/
c0vWiNu8aUqZ+2b0ijGt7q0mwAJbWRhPVNIQS0x
S: + AAABAgEAHfp4TXZTfSM+z0QC3NW4my/vcJOCoK0c/IJ5rjOSvP7XcBfbRFvIaKmR
+K8qjK8feFciImSB4w
+AuvtYArEuCXsTLAo31mFCWEfjQb8CkYQhqaWht3OIHpMHq2rcsS5hTWvszDQvx6eMhxoGSosJ82JSoXgDvQtP0WuhpvRdz8n88T4Y
+O3TEFmEz8hktFKK5nvEvsyisOWrADzrjJUfvx/F5tl1AFLpMFB2lWgQ+/2zCbGq9ID+bpS
+pfGoiY7WfntuLgVDiWbUZruTZyCAz2rKOICCASsVNtYVgAL0+WFeRfh/
sNQDtN1t6pJYKtXzn7zlgI67LaecWAVEGzSmsw==
C: FRQMsbnVGJCD5pP5opXUXUnLXefjnA==
S: + FRQKUgxKKRnoElg5H5Zj3wk1duK3jg==
C:
S: A01 OK Success (tls protection)
Authenticated.
Security strength factor: 256
Re: Changelog, LDAP features
On Wed, 19 Nov 2003, Henrique de Moraes Holschuh wrote: > Nah, I think what is in question is the maximum quota, not the current quota > state... i.e. that which is set by sq in cyradm. I have a script (modified > from someone else) that fetches the quotas from LDAP and apply any changes > using the perl interface, but that's suboptimal at best. I imagine a lot of > people have similar kludges in their setups. That is, of course, different. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: Changelog, LDAP features
On Wed, 19 Nov 2003, Rob Siemborski wrote: > On Wed, 19 Nov 2003, Ken Murchison wrote: > > > b) Fetching Quota settings from LDAP (same) > > > > This would be fairly trivial once the quota stuff gets changed to use > > the cyrusdb interface. Then all that would need to be done would be to > > write a cyrusdb_ldap backend. In fact the cyrusdb_ldap backend could be > > written any time. > > Quotas get updated surprisingly frequently (every delivery, APPEND, COPY, Nah, I think what is in question is the maximum quota, not the current quota state... i.e. that which is set by sq in cyradm. I have a script (modified from someone else) that fetches the quotas from LDAP and apply any changes using the perl interface, but that's suboptimal at best. I imagine a lot of people have similar kludges in their setups. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh
Re: Unexpected database recovery
On Wed, 19 Nov 2003, Richard Gilbert wrote: > Yesterday I applied John Wade's lock_flock patch to the version of Cyrus > impad we were already running, i.e. 2.1.14 and rebuilt and reinstalled. > cyrus-imapd was restarted at 5 am this morning to minimise inconvenience > to users. I was surprised to find that the system was unavailable until > about 08:39 because of database recovery. > > Nov 19 05:00:11 impala master[9697]: [...] process started > Nov 19 05:00:11 impala ctl_cyrusdb[9698]: [...] recovering cyrus databases > Nov 19 05:05:10 impala ctl_mboxlist[10854]: [...] skiplist: recovered > /var/imap/mailboxes.db (61786 records, 4909724 bytes) in 9 seconds > Nov 19 08:38:54 impala ctl_cyrusdb[9698]: [...] done recovering cyrus databases > Nov 19 08:38:54 impala master[9697]: [...] ready for work > Nov 19 08:38:54 impala ctl_cyrusdb[22419]: [...] checkpointing cyrus databases > > My question is: was this database recovery caused by the system realising > that the software had changed, or was it a complete coincidence? We > restart the system three times a week at 5am and this has not happenned > before, as far as I know. The lock_flock patch has serious performance implications (namely, if you don't get a lock on the first try, you have to wait an entire second to try again), and given that this happened just after you changed the locking mechanism, it seems suspicious. However, I can't think what would be causing the recovery process to lose at getting the locks it needs, so (nothing else should be running at that time) FWIW, database recovery is necessary every time you restart cyrus to ensure that the databases are in a consistant state before data is served. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: Changelog, LDAP features
On Wed, 19 Nov 2003, Ken Murchison wrote: > > 2) Is there a list of planned featues and features which is being worked > > on? > > Not really. The cyrus-devel list or the Cyrus Wiki would be the most > obvious places for this type of thing to exist. Generally if someone suggests a feature that we want to implement "sometime", we throw it in our bugzilla so we don't forget. However, currently I think we're heading into a mostly-maintenance period (after 2.2 gets a "stable" release -- possibly by the end of the year, certainly by the end of January). > > 3) Are there any plans to allow some further integration of LDAP? I am > > thinking about: > > > > a) Fetching Sieve-scripts from LDAP (would guess not) > > No, but I don't see why it couldn't exist. I don't know if you'd want > integration with timsieved or not (probably not). There's no plans for this. There's no real strong reasons against it, except for performance -- currently we mmap the bytecode directly from disk, as opposed to having to download it for each delivery (even from a local replica, this is a lose). > > b) Fetching Quota settings from LDAP (same) > > This would be fairly trivial once the quota stuff gets changed to use > the cyrusdb interface. Then all that would need to be done would be to > write a cyrusdb_ldap backend. In fact the cyrusdb_ldap backend could be > written any time. Again, no plans, and no reasons against except for performance. Quotas get updated surprisingly frequently (every delivery, APPEND, COPY, and EXPUNGE), so having them in LDAP may not be desirable from a performance standpoint (LDAP directories don't tend to be designed around near-continuous updates). -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Unexpected database recovery
Yesterday I applied John Wade's lock_flock patch to the version of Cyrus impad we were already running, i.e. 2.1.14 and rebuilt and reinstalled. cyrus-imapd was restarted at 5 am this morning to minimise inconvenience to users. I was surprised to find that the system was unavailable until about 08:39 because of database recovery. Nov 19 05:00:11 impala master[9697]: [...] process started Nov 19 05:00:11 impala ctl_cyrusdb[9698]: [...] recovering cyrus databases Nov 19 05:05:10 impala ctl_mboxlist[10854]: [...] skiplist: recovered /var/imap/mailboxes.db (61786 records, 4909724 bytes) in 9 seconds Nov 19 08:38:54 impala ctl_cyrusdb[9698]: [...] done recovering cyrus databases Nov 19 08:38:54 impala master[9697]: [...] ready for work Nov 19 08:38:54 impala ctl_cyrusdb[22419]: [...] checkpointing cyrus databases My question is: was this database recovery caused by the system realising that the software had changed, or was it a complete coincidence? We restart the system three times a week at 5am and this has not happenned before, as far as I know. It's a bit early to say, but the number of lockers in the "DBERROR db3: N lockers" is staying very low today -- rarely anything other than 2. I'm touching wood and crossing my fingers even as I type! Richard -- Richard Gilbert Corporate Information and Computing Services University of Sheffield, Sheffield, S10 2TN, UK Phone: +44 114 222 3028 Fax: +44 114 222 3040
Re: Changelog, LDAP features
Thomas Luzat wrote: Hello! 1) Is there any 'readable' changelog (better than the CVS entries) for Cyrus IMAP available? Are you looking for a log listing changes between releases (doc/changes.html) or changes between source file versions (CVS logs)? 2) Is there a list of planned featues and features which is being worked on? Not really. The cyrus-devel list or the Cyrus Wiki would be the most obvious places for this type of thing to exist. 3) Are there any plans to allow some further integration of LDAP? I am thinking about: a) Fetching Sieve-scripts from LDAP (would guess not) No, but I don't see why it couldn't exist. I don't know if you'd want integration with timsieved or not (probably not). b) Fetching Quota settings from LDAP (same) This would be fairly trivial once the quota stuff gets changed to use the cyrusdb interface. Then all that would need to be done would be to write a cyrusdb_ldap backend. In fact the cyrusdb_ldap backend could be written any time. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: imaps with multiple hostnames
Craig Ringer wrote: Hi folks I'm running into a bit of an issue setting up Cyrus for TLS security, and was hoping someone could help me out. The host must be accessible using two different hostnames - one for external IMAPs via our gateway, and one for internal IMAPs with the host's name on our internal network. This is causing problems with SSL certs, and I was hoping there was a way to create a single certificate with multiple allowed hostnames. The only option I see otherwise is to host a modified version of our externally-visible DNS on our internal DNS server and provide a different value for 'mail.postnewspapers.com.au' (or whatever) that points to the internal host. I'm currently using a fake domain (.localnet) for internal DNS and using the real domain for externally visible public services only. The gateway will just be forwarding IMAPs traffic to the internal mail server using firewall rules. Ideally, I'd like to be able to set up a cert to allow both (say) 'mail.localnet' and 'mail.postnewspapers.com.au' as hostnames. If this is possible, are there any issues with doing so such as some mail clients not recognising the two hostnames? Any other suggestions? Ideally, your client would use the Server Name Indication extension in RFC 3546. I don't know if any client use this, and even if they do, I haven't checked to see if OpenSSL supports it yet. Otherwise, you could run two separate imapds listening on different IP addresses and using different config files (so you can specify different certs. Your cyrus.conf could look something like this: imaps cmd="imapd -s" listen="mail.postnewspapers.com.au" imapsint cmd="imapd -s -C /etc/imapd.conf.int" listen="mail.localnet" The internal and external DNS names should obviously resolve to different IP addresses. The contents of imapd.conf and imapd.conf.int would be the same except for the tls_* options. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: permission denied / var/imap
It looks like cyrus is complaining about writing to /var ...
...te(1, "creating /var/imap\r...\n", 23creating /var/imap
) = 23
", 0755) = -1 EACCES (Permission denied)
") = -1 ENOENT (No such file or directory)
at (eval 1) line 91.hange to /var/imap\r at"..., 51couldn't change to
/var/imap
/var/spool/imap seems to be fine, but when it tries to make /var/imap it
fails.
double check that /var/imap exists, and if it still fails, try and
remove /var/imap, allow cryus permissions to create the directory for
the duration of mkimap, and then change the permissions of /var back.
HTH.
B
frank joseph wrote:
Hello. I posted yesterday under the subject of "mkimap failure", but did
not receive
any responses. This is my first time posting to any group and if I have done
something
wrong, I apologize. Please let me know what it is so that I don't repeat it.
Below is a
more concise description of my problem. I would appreciate it if anyone
would be
kind enough to respond.
packages installed:
db-4.1.25
openssl-0.9.7c
cyrus-sasl-2.1.15
cyrus-imapd-2.1.15
Everything compiles fine. When I su to cyrus and run "tools/mkimap",
I can see the return is incorrect:
[EMAIL PROTECTED]:/usr/local/src/cyrus-imapd-2.1.15/tools$ ./mkimap
. will configure directory /var/imap
. saw partition /var/spool/imap
done
...ating /var/imap
at (eval 1) line 91.ar/imap
This is a fresh install of Slackware-9.1. No permissions other than what
is required in the manual have been changed. Running Strace on mkimap
shows the following:
snip---
reading configure file...open("/etc/imapd.conf", O_RDONLY|O_LARGEFILE) = 4
ioctl(4, SNDCTL_TMR_TIMEBASE, 0xb600) = -1 ENOTTY (Inappropriate ioctl
for device)
_llseek(4, 0, [0], SEEK_CUR)= 0
fstat64(4, {st_mode=S_IFREG|0644, st_size=155, ...}) = 0
fcntl64(4, F_SETFD, FD_CLOEXEC) = 0
brk(0) = 0x814d000
brk(0x814e000) = 0x814e000
write(1, "reading configure file...\n", 26reading configure file...
) = 26
brk(0) = 0x814e000
brk(0x814f000) = 0x814f000
read(4, "configdirectory: /var/imap\r\npart"..., 4096) = 155
.rite(1, "i will configure directory /var/"..., 39i will configure directory
/var/imap
) = 39
.rite(1, "i saw partition /var/spool/imap\r"..., 34i saw partition
/var/spool/imap
) = 34
read(4, "", 4096) = 0
write(1, "done\n", 5done
) = 5
close(4)= 0
...te(1, "creating /var/imap\r...\n", 23creating /var/imap
) = 23
", 0755) = -1 EACCES (Permission denied)
") = -1 ENOENT (No such file or directory)
at (eval 1) line 91.hange to /var/imap\r at"..., 51couldn't change to
/var/imap
) = 51
close(3)= 0
exit_group(2) = ?
If cyrus owns /var/imap with privileges of 750, and mkimap is being
run by cyrus, how could write permissions be denied?
Thanks Again
-Frank
--
Robert Scussel
1024D/BAF70959/0036 B19E 86CE 181D 0912 5FCC 92D8 1EA1 BAF7 0959
Re: permission denied / var/imap
Frank,
From the strace output, it looks like mkimap is trying to create the
directory /var/imap, and is failing because the user cyrus can't make
directories in /var.
You could add cyrus to whatever group owns /var for the duration of the
mkimap process, then remove it, or dissect the mkimap script and have it
skip that step.
Hope this helps.
--
andrew
On Wed, 19 Nov 2003, frank joseph wrote:
> Hello. I posted yesterday under the subject of "mkimap failure", but did
> not receive any responses. This is my first time posting to any group
> and if I have done something wrong, I apologize. Please let me know what
> it is so that I don't repeat it. Below is a more concise description of
> my problem. I would appreciate it if anyone would be kind enough to
> respond.
>
> packages installed:
>
> db-4.1.25
> openssl-0.9.7c
> cyrus-sasl-2.1.15
> cyrus-imapd-2.1.15
>
> Everything compiles fine. When I su to cyrus and run "tools/mkimap",
> I can see the return is incorrect:
>
> [EMAIL PROTECTED]:/usr/local/src/cyrus-imapd-2.1.15/tools$ ./mkimap
>
> . will configure directory /var/imap
> . saw partition /var/spool/imap
> done
> ...ating /var/imap
> at (eval 1) line 91.ar/imap
>
> This is a fresh install of Slackware-9.1. No permissions other than what
> is required in the manual have been changed. Running Strace on mkimap
> shows the following:
>
> snip---
> reading configure file...open("/etc/imapd.conf", O_RDONLY|O_LARGEFILE) = 4
> ioctl(4, SNDCTL_TMR_TIMEBASE, 0xb600) = -1 ENOTTY (Inappropriate ioctl
> for device)
> _llseek(4, 0, [0], SEEK_CUR)= 0
> fstat64(4, {st_mode=S_IFREG|0644, st_size=155, ...}) = 0
> fcntl64(4, F_SETFD, FD_CLOEXEC) = 0
> brk(0) = 0x814d000
> brk(0x814e000) = 0x814e000
> write(1, "reading configure file...\n", 26reading configure file...
> ) = 26
> brk(0) = 0x814e000
> brk(0x814f000) = 0x814f000
> read(4, "configdirectory: /var/imap\r\npart"..., 4096) = 155
> .rite(1, "i will configure directory /var/"..., 39i will configure directory
> /var/imap
> ) = 39
> .rite(1, "i saw partition /var/spool/imap\r"..., 34i saw partition
> /var/spool/imap
> ) = 34
> read(4, "", 4096) = 0
> write(1, "done\n", 5done
> ) = 5
> close(4)= 0
> ...te(1, "creating /var/imap\r...\n", 23creating /var/imap
> ) = 23
> ", 0755) = -1 EACCES (Permission denied)
> ") = -1 ENOENT (No such file or directory)
> at (eval 1) line 91.hange to /var/imap\r at"..., 51couldn't change to
> /var/imap
> ) = 51
> close(3)= 0
> exit_group(2) = ?
>
> If cyrus owns /var/imap with privileges of 750, and mkimap is being
> run by cyrus, how could write permissions be denied?
>
> Thanks Again
>
> -Frank
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
Re: permission denied / var/imap
Hello. I posted yesterday under the subject of "mkimap failure", but did not receive any responses. This is my first time posting to any group and if I have done something wrong, I apologize. Please let me know what it is so that I don't repeat it. Below is a more concise description of my problem. I would appreciate it if anyone would be kind enough to respond. A quick suggestion - mkimap is a perl script, so you should be able to watch what it's doing at every step and see what's going on that way. The strace output looks really strange - things look overlapped or mangled, but then I've never tried to trace a shell running a script and I'm far from an expert with strace. It also looks a lot like mkimap expects to create /var/imap, so perhaps you should remove /var/imap and /var/spoool/imap to let it do it's thing? $d = $conf; print "creating $d...\n"; mkdir $d, 0755; chdir $d or die "couldn't change to $d"; Craig Ringer
Re: imaps with multiple hostnames
The host must be accessible using two different hostnames - one for external IMAPs via our gateway, and one for internal IMAPs with the host's name on our internal network. This is causing problems with SSL certs, and I was hoping there was a way to create a single certificate with multiple allowed hostnames. Inevitably, after I posted I found some more information. It hasn't really helped, unfortunately. I've now created a cert with "Alternative Names" defined - the cert contains: Certificate: ... Data: ... X509v3 extensions: ... X509v3 Subject Alternative Name: DNS:mail.localnet, DNS:localhost, \ DNS:access.postnewspapers.com.au Unfortunately, the mail clients I tested with - Mozilla 1.4 and Eudora 5.2 - don't seem to see the alternative names, though they still accept the name listed in the CN as expected. The OpenSSL config file used contained: [ usr_cert ] ... [EMAIL PROTECTED] [ subjectaltname ] DNS.1=mail.localnet DNS.2=localhost DNS.3=access.postnewspapers.com.au and this seems to have created the cert as expected - things just won't use the entries defined in subjectAltName. The (private to the company) root CA cert is installed and trusted by the clients already, so that won't be the problem. I haven't been able to find any info on google etc, hence my post here. I'll be quite happy to write up something about how to deal with this if I ever find out... Craig Ringer
Re: cyrus authentication question
Jeff wrote: hi all, I have finally managed to get my cyrus/postfix/mysql working thanks to this list Luc de Louw's howto document. I have a couple of questions about authentication though. Currently, our mail server is host to about 6 domains. If an email is sent to [EMAIL PROTECTED], it will be delivered to jeff. The same happens if I send to [EMAIL PROTECTED] and so on. I would like to setup cyrus to be able to differentiate between these domains, so I could have [EMAIL PROTECTED], and [EMAIL PROTECTED] being different people. The catch is: I would like domain1 to be a default domain, so that jeff does not have to log in with jeff.domain1 as his username. Can this be done? Cyrus v2.2 has support for virtual domains. You can setup domain1 as the default domain, so that [EMAIL PROTECTED] simply logs in as jeff. For the other domains, users can have to log in as [EMAIL PROTECTED], etc. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: cvt_cyrusdb and DB versions
Andreas wrote: It's me again :) $ /usr/lib/cyrus/cvt_cyrusdb Usage: /usr/lib/cyrus/cvt_cyrusdb [-C altconfig] Usable Backends: db3, db3-nosync, flat, skiplist However, cvt_cyrusdb (and the whole cyrus package) is linked against DB4.1. So, what is "db3" doing there? Or was DB3 sucked in statically? The "db3" has no correlation to the bdb version that you are using. When most of the cyrusdb stuff was written, db3 was the current version, hence the name. In Cyrus v2.2, the backends have been renamed to bdb* to avoid this confusion. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
cyrus authentication question
hi all, I have finally managed to get my cyrus/postfix/mysql working thanks to this list Luc de Louw's howto document. I have a couple of questions about authentication though. Currently, our mail server is host to about 6 domains. If an email is sent to [EMAIL PROTECTED], it will be delivered to jeff. The same happens if I send to [EMAIL PROTECTED] and so on. I would like to setup cyrus to be able to differentiate between these domains, so I could have [EMAIL PROTECTED], and [EMAIL PROTECTED] being different people. The catch is: I would like domain1 to be a default domain, so that jeff does not have to log in with jeff.domain1 as his username. Can this be done? thanks, Jeff
permission denied / var/imap
Hello. I posted yesterday under the subject of "mkimap failure", but did
not receive
any responses. This is my first time posting to any group and if I have done
something
wrong, I apologize. Please let me know what it is so that I don't repeat it.
Below is a
more concise description of my problem. I would appreciate it if anyone
would be
kind enough to respond.
packages installed:
db-4.1.25
openssl-0.9.7c
cyrus-sasl-2.1.15
cyrus-imapd-2.1.15
Everything compiles fine. When I su to cyrus and run "tools/mkimap",
I can see the return is incorrect:
[EMAIL PROTECTED]:/usr/local/src/cyrus-imapd-2.1.15/tools$ ./mkimap
. will configure directory /var/imap
. saw partition /var/spool/imap
done
...ating /var/imap
at (eval 1) line 91.ar/imap
This is a fresh install of Slackware-9.1. No permissions other than what
is required in the manual have been changed. Running Strace on mkimap
shows the following:
snip---
reading configure file...open("/etc/imapd.conf", O_RDONLY|O_LARGEFILE) = 4
ioctl(4, SNDCTL_TMR_TIMEBASE, 0xb600) = -1 ENOTTY (Inappropriate ioctl
for device)
_llseek(4, 0, [0], SEEK_CUR)= 0
fstat64(4, {st_mode=S_IFREG|0644, st_size=155, ...}) = 0
fcntl64(4, F_SETFD, FD_CLOEXEC) = 0
brk(0) = 0x814d000
brk(0x814e000) = 0x814e000
write(1, "reading configure file...\n", 26reading configure file...
) = 26
brk(0) = 0x814e000
brk(0x814f000) = 0x814f000
read(4, "configdirectory: /var/imap\r\npart"..., 4096) = 155
.rite(1, "i will configure directory /var/"..., 39i will configure directory
/var/imap
) = 39
.rite(1, "i saw partition /var/spool/imap\r"..., 34i saw partition
/var/spool/imap
) = 34
read(4, "", 4096) = 0
write(1, "done\n", 5done
) = 5
close(4)= 0
...te(1, "creating /var/imap\r...\n", 23creating /var/imap
) = 23
", 0755) = -1 EACCES (Permission denied)
") = -1 ENOENT (No such file or directory)
at (eval 1) line 91.hange to /var/imap\r at"..., 51couldn't change to
/var/imap
) = 51
close(3)= 0
exit_group(2) = ?
If cyrus owns /var/imap with privileges of 750, and mkimap is being
run by cyrus, how could write permissions be denied?
Thanks Again
-Frank
cvt_cyrusdb and DB versions
It's me again :) $ /usr/lib/cyrus/cvt_cyrusdb Usage: /usr/lib/cyrus/cvt_cyrusdb [-C altconfig] Usable Backends: db3, db3-nosync, flat, skiplist However, cvt_cyrusdb (and the whole cyrus package) is linked against DB4.1. So, what is "db3" doing there? Or was DB3 sucked in statically?
Re: Changelog, LDAP features
Simon Matter <[EMAIL PROTECTED]> wrote: The University of Athens is doing some cool work here http://email.uoa.gr/projects/cyrusmaster/ I'll take a look at it! What is the license of your package, can it be downloaded somewhere? Yes it will be next week. Had enough time to test it, it works in production for approx 15000 users since 6 months now - the daemon logs activity via syslog. It is not a "click here to install"-Package though, you will have to read readme-Files and edit some configurations with a text editor... See it as a glue between cyrus and OpenLDAP. Pascal
Re: Changelog, LDAP features
> Thomas Luzat <[EMAIL PROTECTED]> wrote: > >> a) Fetching Sieve-scripts from LDAP (would guess not) >> b) Fetching Quota settings from LDAP (same) >> >> It's probably best to write some LDAP->Cyrus gateway for that, right? > > > For the university of Constance I wrote a little Daemon program which > synchronizes OpenLDAP with Cyrus databases (and mailboxes) - because they > did not want to compile the postfix and cyrus things themselves (lack of > support). > > > If there are other solutions, let me know. The University of Athens is doing some cool work here http://email.uoa.gr/projects/cyrusmaster/ > I packaged the whole system to a package named "priscilla" - What is the license of your package, can it be downloaded somewhere? Simon > > Pascal >
Re: Changelog, LDAP features
Thomas Luzat <[EMAIL PROTECTED]> wrote: a) Fetching Sieve-scripts from LDAP (would guess not) b) Fetching Quota settings from LDAP (same) It's probably best to write some LDAP->Cyrus gateway for that, right? For the university of Constance I wrote a little Daemon program which synchronizes OpenLDAP with Cyrus databases (and mailboxes) - because they did not want to compile the postfix and cyrus things themselves (lack of support). It uses the rather simple openldap-replication-mechanism to accomplish this. For the staff there, the postfix/cyrus server is completely in the LDAP tree including passwords, quotas, forwards and autoreplies (via a special autoreply program, also written by myself because most of them lying around send out too many autoreplies (to lists, errors, ...) and could not take the autoreply message via LDAP. Here we use the standard autoreply-LDAP-attributes.). Mailboxes get created automatically when an LDAP entry comes in and it gets deactivated when it is removed. So the user support personnel can just create an LDAP entry to make a valid postfix-alias and cyrus mailbox available immediately. Works like a charm but it is not very elegant (I must admit it). I did not find any other solutions than to write it on my own. If there are other solutions, let me know. I packaged the whole system to a package named "priscilla" - Pascal
