Re: SSL/TLS question
Wil Cooley wrote: [Sorry this is a repost from a month ago; I didn't get an answer then, but maybe my timing is better now.] For my web server, I use a certificate from Comodo which is very inexpensive by comparison with Thawte/Verisign certs, but it requires installation of an intermediary key for most browsers to be happy with it. It's not difficult with Apache and mod_ssl; I'm wondering if it will work with Cyrus, perhaps using the 'tls_ca_file'? The docs are a little sparse (and Comodo doesn't provide explicit instructions like it does for mod_ssl) and my understanding of SSL/TLS is a bit limited. I expect that'd do it; you'll still need to install the CA certificate in browsers, though. I have a similar setup, but with a CA cert generated in-house. My imapd.conf contains: tls_ca_file: /var/imap/ssl/ca.pem tls_cert_file: /var/imap/ssl/mail.postnewspapers.com.au_cert.pem tls_key_file: /var/imap/ssl/mail.postnewspapers.com.au_key.pem - the filenames are somewhat self explanatory (though your key and cert may be combined into one file). I then install the ca cert into clients who need access. To be specific, I generate a client SSL certificate for them that also contains an embedded version of our CA cert. That way they import the CA cert when they install the client cert; I then just get them to authorize the CA cert for identifying remote hosts. Craig Ringer
Re: Adding Users
Norman Zhang wrote: Oh okay. I disable port 143 (imap) in favor of 993 (imaps). Does cyradm only connects to 143? Cyradm wants to use port 143/tcp - AFAIK it doesn't support IMAPs. Try running an IMAPd for standard IMAP that only talks to the loopback interface. For more information on how, please check the archives or "man cyrus.conf". Craig Ringer
SSL/TLS question
[Sorry this is a repost from a month ago; I didn't get an answer then, but maybe my timing is better now.] For my web server, I use a certificate from Comodo which is very inexpensive by comparison with Thawte/Verisign certs, but it requires installation of an intermediary key for most browsers to be happy with it. It's not difficult with Apache and mod_ssl; I'm wondering if it will work with Cyrus, perhaps using the 'tls_ca_file'? The docs are a little sparse (and Comodo doesn't provide explicit instructions like it does for mod_ssl) and my understanding of SSL/TLS is a bit limited. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * * Naked Ape Consulting http://nakedape.cc * * Contract Sys Admin http://nakedape.cc/r/csa * signature.asc Description: This is a digitally signed message part
Re: Adding Users
I would also make sure that master is running - telnet localhost 143 should give you a banner similar to: * OK host.domain.com Cyrus IMAP4 v2.1.15 server ready Oh okay. I disable port 143 (imap) in favor of 993 (imaps). Does cyradm only connects to 143? I'm not sure, but I'd give it a try. I can verify that cyradm needs to connect to imap through 143/UDP. After I allowed master to listen to port 143, everything works as expected. Regards, Norman
Re: Adding Users
I'm not sure, but I'd give it a try. Norman Zhang wrote: I would also make sure that master is running - telnet localhost 143 should give you a banner similar to: * OK host.domain.com Cyrus IMAP4 v2.1.15 server ready Oh okay. I disable port 143 (imap) in favor of 993 (imaps). Does cyradm only connects to 143? Regards, Norman I'm pretty sure you need to specify a user that you are going to be connecting with. You also need to make sure that the user you are using is in the passwd backend that you are using: cyradm -u localhost Jason At 11:14 AM 1/12/2004 -0800, you wrote: I'm using cyrus-imapd-2.1.15-6mdk. When I try to add a user by connecting to mail server through cyradm, I get the following error. [EMAIL PROTECTED] etc]$ cyradm localhost cyradm: cannot connect to server [EMAIL PROTECTED] etc]$ more /etc/hosts 10.0.0.1mail.rd.arkonnetworks.com mail 207.34.136.7mail.rd.arkonnetworks.com mail 127.0.0.1 mail.rd.arkonnetworks.com mail localhost May I ask how ask what am I doing wrong?
Re: Adding Users
I would also make sure that master is running - telnet localhost 143 should give you a banner similar to: * OK host.domain.com Cyrus IMAP4 v2.1.15 server ready Oh okay. I disable port 143 (imap) in favor of 993 (imaps). Does cyradm only connects to 143? Regards, Norman I'm pretty sure you need to specify a user that you are going to be connecting with. You also need to make sure that the user you are using is in the passwd backend that you are using: cyradm -u localhost Jason At 11:14 AM 1/12/2004 -0800, you wrote: I'm using cyrus-imapd-2.1.15-6mdk. When I try to add a user by connecting to mail server through cyradm, I get the following error. [EMAIL PROTECTED] etc]$ cyradm localhost cyradm: cannot connect to server [EMAIL PROTECTED] etc]$ more /etc/hosts 10.0.0.1mail.rd.arkonnetworks.com mail 207.34.136.7mail.rd.arkonnetworks.com mail 127.0.0.1 mail.rd.arkonnetworks.com mail localhost May I ask how ask what am I doing wrong?
Re: Adding Users
I already did a su cyrus before typing cyradm localhost. I tried the command you recommended, but still get the same error message. Is there somewhere I can check the log for this? Does cyradm use any particular port? Regards, Norman Jason Williams wrote: I'm pretty sure you need to specify a user that you are going to be connecting with. You also need to make sure that the user you are using is in the passwd backend that you are using: cyradm -u localhost Jason At 11:14 AM 1/12/2004 -0800, you wrote: I'm using cyrus-imapd-2.1.15-6mdk. When I try to add a user by connecting to mail server through cyradm, I get the following error. [EMAIL PROTECTED] etc]$ cyradm localhost cyradm: cannot connect to server [EMAIL PROTECTED] etc]$ more /etc/hosts 10.0.0.1mail.rd.arkonnetworks.com mail 207.34.136.7mail.rd.arkonnetworks.com mail 127.0.0.1 mail.rd.arkonnetworks.com mail localhost May I ask how ask what am I doing wrong?
Re: Adding Users
I would also make sure that master is running - telnet localhost 143 should give you a banner similar to: * OK host.domain.com Cyrus IMAP4 v2.1.15 server ready Jason Williams wrote: I'm pretty sure you need to specify a user that you are going to be connecting with. You also need to make sure that the user you are using is in the passwd backend that you are using: cyradm -u localhost Jason At 11:14 AM 1/12/2004 -0800, you wrote: Hi, I'm using cyrus-imapd-2.1.15-6mdk. When I try to add a user by connecting to mail server through cyradm, I get the following error. [EMAIL PROTECTED] etc]$ cyradm localhost cyradm: cannot connect to server [EMAIL PROTECTED] etc]$ more /etc/hosts 10.0.0.1mail.rd.arkonnetworks.com mail 207.34.136.7mail.rd.arkonnetworks.com mail 127.0.0.1 mail.rd.arkonnetworks.com mail localhost May I ask how ask what am I doing wrong? Regards, Norman
Re: Adding Users
I'm pretty sure you need to specify a user that you are going to be connecting with. You also need to make sure that the user you are using is in the passwd backend that you are using: cyradm -u localhost Jason At 11:14 AM 1/12/2004 -0800, you wrote: Hi, I'm using cyrus-imapd-2.1.15-6mdk. When I try to add a user by connecting to mail server through cyradm, I get the following error. [EMAIL PROTECTED] etc]$ cyradm localhost cyradm: cannot connect to server [EMAIL PROTECTED] etc]$ more /etc/hosts 10.0.0.1mail.rd.arkonnetworks.com mail 207.34.136.7mail.rd.arkonnetworks.com mail 127.0.0.1 mail.rd.arkonnetworks.com mail localhost May I ask how ask what am I doing wrong? Regards, Norman
Adding Users
Hi, I'm using cyrus-imapd-2.1.15-6mdk. When I try to add a user by connecting to mail server through cyradm, I get the following error. [EMAIL PROTECTED] etc]$ cyradm localhost cyradm: cannot connect to server [EMAIL PROTECTED] etc]$ more /etc/hosts 10.0.0.1mail.rd.arkonnetworks.com mail 207.34.136.7mail.rd.arkonnetworks.com mail 127.0.0.1 mail.rd.arkonnetworks.com mail localhost May I ask how ask what am I doing wrong? Regards, Norman
Re: Lmtp refusing connection all of a sudden
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ramprasad A Padmanabhan wrote: | I have a cyrus 2.1.12 server running on redhat 7.2 with around 1500 users | Now all of a sudden lmtp is refusing connections even though cyrus is | running and the sock /var/imap/socket/lmtp is created | | Now How do I debug this error , Can I enable some loging somewhere | I cant see anything in my messages file | | The users are able to login to the server using imap /POP but no new | mails are delivered . Can someone please help me out. | If you are running sendmail, I've just gotten a work around created for this problem, but don't know why the problem is occuring. Check hoststat and see if your localhost entry is reporting an error, like Connection Deferred, etc. What I've had to do is kill all the sendmail instances trying to deliver to localhost, restart sendmail, restart cyrus, purgestat (clear sendmails database of delivery success/failure). At that point, delivery will start up again. I've also set the hoststatus timeout to be 5 minutes instead of the default 30minutes, in sendmail.mc/cf but it doesn't seem to help. The only other thing that is in the mix is I'm running MailScanner to process e-mails for spam and virii, but sendmail and cyrus are all local, so I don't know why cyrus and sendmail think the ltmp socket isn't available. There are instances of the lmtpd running, but only because I told it to prefork. ~ Upping the number of connections it will accept also hasn't made a difference. - -- James A. Pattie [EMAIL PROTECTED] Linux SysAdmin / Systems Programmer -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFAAuEatUXjwPIRLVERAgXxAJ99tmCts/iOe1iuJ4pMiOzL2bR6eQCdEe/A ygxN6aqFeamQFddIMiFLJYc= =rPly -END PGP SIGNATURE- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support.
Re: BDB or skiplist?
Andreas wrote: I see that the cyrus-imap-2.2 branch already uses skiplist as the default format. Does this recomendation also apply to the 2.1 branch or was this due to some code change between 2.1 and 2.2? Here are some notes which might help you in deciding which database backend to use and why. Recommendations are offered for both 2.1 and 2.2 releases.. http://acs-wiki.andrew.cmu.edu/twiki/bin/view/Cyrus/WhatDatabaseBackend
Re: roadmap of 2.2 branch
Dmitry Alyabyev wrote: hi any prediction about date of first release inside 2.2 branch ? is the roadmap available ? Unless something bad happens, 2.2.3 should be released this week. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: BDB or skiplist?
On Mon, 12 Jan 2004, Andreas wrote: > I see that the cyrus-imap-2.2 branch already uses skiplist as > the default format. Does this recomendation also apply to the > 2.1 branch or was this due to some code change between 2.1 and > 2.2? > Yes. Keep in mind that skiplist is recommended for mboxlist and seen dbs only (and annotation in 2.2). -- Igor
Re: BDB or skiplist?
On Mon, Jan 12, 2004 at 02:05:22PM -0200, Andreas wrote: > I see that the cyrus-imap-2.2 branch already uses skiplist as > the default format. Does this recomendation also apply to the > 2.1 branch or was this due to some code change between 2.1 and > 2.2? I think the recommendation applies equally to 2.1 - the reason the default wasn't change was not to break the "principle of least surprise" :-) Cheers, Patrick
BDB or skiplist?
I see that the cyrus-imap-2.2 branch already uses skiplist as the default format. Does this recomendation also apply to the 2.1 branch or was this due to some code change between 2.1 and 2.2?
roadmap of 2.2 branch
hi any prediction about date of first release inside 2.2 branch ? is the roadmap available ? -- Dimitry
Re: Lmtp refusing connection all of a sudden
On Mon, Jan 12, 2004 at 08:41:22PM +0530, Ramprasad A Padmanabhan wrote: > I have a cyrus 2.1.12 server running on redhat 7.2 with around 1500 > users > Now all of a sudden lmtp is refusing connections even though cyrus is > running and the sock /var/imap/socket/lmtp is created Check the directory permissions. The delivery agent should be able to reach the socket, otherwise it won't work.
Re: Lmtp refusing connection all of a sudden
> I have a cyrus 2.1.12 server running on redhat 7.2 with around 1500 > users > Now all of a sudden lmtp is refusing connections even though cyrus is > running and the sock /var/imap/socket/lmtp is created Is lmtpd running, it has been known to die sometimes. ps -auxwww|grep lmtpd > > Now How do I debug this error , Can I enable some loging somewhere > I cant see anything in my messages file > > The users are able to login to the server using imap /POP but no new > mails are delivered . Can someone please help me out. > > > > Thanks > Ram > > > > > NETCORE SOLUTIONS *** Ph: +91 22 5662 8000 Fax: +91 22 5662 8134 > > MailServ and FlexiMail: Messaging Solutions: http://netcore.co.in > > Pragatee: Integrated Server-Software Suite: http://www.pragatee.com > > Emergic Freedom: Server-centric Computing: http://www.emergic.com > > BlogStreet: Blog Profiles and RSS Ecosystem: http://blogstreet.com > > Deeshaa: Rural Development: http://www.deeshaa.com > > Rajesh Jain's Weblog on Technology: http://www.emergic.org > > > Tjenesten mail.adventuras.no ble levert av Adventuras Web Agency http://www.adventuras.no/
Lmtp refusing connection all of a sudden
I have a cyrus 2.1.12 server running on redhat 7.2 with around 1500 users Now all of a sudden lmtp is refusing connections even though cyrus is running and the sock /var/imap/socket/lmtp is created Now How do I debug this error , Can I enable some loging somewhere I cant see anything in my messages file The users are able to login to the server using imap /POP but no new mails are delivered . Can someone please help me out. Thanks Ram NETCORE SOLUTIONS *** Ph: +91 22 5662 8000 Fax: +91 22 5662 8134 MailServ and FlexiMail: Messaging Solutions: http://netcore.co.in Pragatee: Integrated Server-Software Suite: http://www.pragatee.com Emergic Freedom: Server-centric Computing: http://www.emergic.com BlogStreet: Blog Profiles and RSS Ecosystem: http://blogstreet.com Deeshaa: Rural Development: http://www.deeshaa.com Rajesh Jain's Weblog on Technology: http://www.emergic.org
confused about BDB directory layout in imapd
There are these files/directories in cyrus-imapd: /var/lib/imap/deliver.db /var/lib/imap/mailboxes.db /var/lib/imap/tls_sessions.db /var/lib/imap/db/* The /var/lib/imap/db/ directory, however, seems to hold no database: -rw---1 cyrusmail 8192 2004-01-08 18:02 __db.001 -rw---1 cyrusmail 270336 2004-01-08 18:02 __db.002 -rw---1 cyrusmail98304 2004-01-08 18:02 __db.003 -rw---1 cyrusmail 18563072 2004-01-08 18:02 __db.004 -rw---1 cyrusmail32768 2004-01-08 18:02 __db.005 -rw---1 cyrusmail 1637827 2004-01-12 09:48 log.03 Now, some practical questions: - if I run db_recover in /var/lib/imap/db, which database will be recovered? - if I run db_recover in /var/lib/imap (which holds deliver, mailboxes and tls_sessions), again, which database will be recovered? - why can't I run db_checkpoint? Where should I? Or should I stick with the ctl_cyrusdb tool?
Re: SQUAT failed to open index file
On Thu, 2004-01-08 at 19:37, Ken Murchison wrote: > > Jan 8 16:07:52 vwclub imap[16435]: SQUAT failed to open index file > > Jan 8 16:07:52 vwclub imap[16435]: SQUAT failed > > It means that a client did a SEARCH on the mailbox and a SQUAT index > file (created by squatter which accelerates SEARCH) wasn't found, so the > SEARCH proceeded by scanning the messages themselves. > > If you want to get rid of the message, either stop logging at th debug > level, or create a squat index for mailboxes that get frequently searched. it would be nice to include the folder name in the log message from SQUAT so that we could make a list of folders to index every night. there is after all a significant overhead, so I don't want to run it for users who don't use the functionality. Indexing mailbox user.tenghil... Indexed 37607 messages (158309271 bytes) into 108559338 index bytes in 157 seconds (that's 68% of the original's storage space) -- Kjetil T.
Re: Is Reiserfs better than ext3
On Fri, 2004-01-09 at 16:46, mb wrote: > At 17:54 +0530 Ramprasad A Padmanabhan wrote: > > >I am having around 2000 users on my cyrus server ( redhat 9.0 ) > >someone told be I should reformat my partition in Reiserfs rather that > >ext3 and I will get a great perlformance improvement > > ..until you get a hardware failure and your entire mail store is toast. from bitter experience I can only say: too true. ReiserFS handles power outages and other unplanned resets well, but if your SCSI bus acts up for some reason, you'd better have good backups. -- Kjetil T.
