Re: sendmail hooks for pre-checking of over-quota imap users?
Didi Rieder wrote: --On Monday, May 17, 2004 11:17:25 PM +0200 Andrzej Filip [EMAIL PROTECTED] wrote: I have read the sources (sendmail-8.13.0.Beta2/sendmail/map.c) and it seems that current implementation of socket map in *sendmail* does not pass explanation strings to sendmail.cf [no fault at cyrus side] All current version of my cyrus sendmail integration should be capable to handle TEMP replies from smmapd of cyrus. AFAIR some early version did not do it. ...does that mean, that I should get an over quota reply? I could manage to configure sendmail in order to do that. I just get User unknown when a user is over quota. You should get some 4?? error (temporary problem) in sendmail's reply to the RCPT TO: [EMAIL PROTECTED] So far nobody reported cyrus sending incorrect replies. My primary suspicion is that old releases of my sendmail cyrus integration do not handle temporary lookup problems. If you face the problem yourself: 1) Make sure that you use latest version of my cyrus sendmail integration hints [some *old* releases do not handle temp problems] 2) Post results produced by the commands below of over quota user(s): echo '/map cyrus [EMAIL PROTECTED]' | sendmail -bt sendmail -d60.1 -bv [EMAIL PROTECTED]' # the last one produce *a lot* of output sendmail -d21.12 -d60.1 -bv [EMAIL PROTECTED]' BTW As of sendmail-8.13.0.Beta2 I can see no way to make sendmail.cf see nay difference between temporary problems e.g. it sees TEMP Over Quota and nothing is listening on smmapd socket in the same rubber bag. -- Andrzej [en:Andrew] Adam Filip [EMAIL PROTECTED] [EMAIL PROTECTED] http://anfi.homeunix.net/ http://slashdot.org/~anfi --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sendmail hooks for pre-checking of over-quota imap users?
Andrzej Filip wrote: Ken Murchison wrote: [...] FYI, smmapd does the correct thing for over quota (at least the CVS version does): [EMAIL PROTECTED] temp]# ./socketmapClient.pl unix:/var/imap/socket/smmap cyrus test test = TEMP Over quota I have seen 2.2.3 code which appears to do the right thing. FYI I have asked on news:comp.mail.sendmail how to make temp explanation string available in sendmail.cf (so e.g. sendmail.cf can send 5?? replies in over quota situations - some postmaster *want* 5?? for over quota). Set lmtp_over_quota_perm_failure in imapd.conf and smmapd will return a PERM failure instead of TEMP for over quota. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Typo in 2.2.4?
Looks like a typo, right? Simon --- cyrus-imapd-2.2.4/imap/lmtpd.c.orig Thu Mar 11 15:59:12 2004 +++ cyrus-imapd-2.2.4/imap/lmtpd.c Wed May 19 16:40:44 2004 @@ -97,7 +97,7 @@ /* forward declarations */ static int deliver(message_data_t *msgdata, char *authuser, struct auth_state *authstate); -static int verify_user(const char *user, const char *domain, const char *mailhox, +static int verify_user(const char *user, const char *domain, const char *mailbox, long quotacheck, struct auth_state *authstate); static char *generate_notify(message_data_t *m); --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Typo in 2.2.4?
Indeed. Atleast the type is right. Comitted/credited. -Rob On Wed, 19 May 2004, Simon Matter wrote: Looks like a typo, right? Simon --- cyrus-imapd-2.2.4/imap/lmtpd.c.orig Thu Mar 11 15:59:12 2004 +++ cyrus-imapd-2.2.4/imap/lmtpd.c Wed May 19 16:40:44 2004 @@ -97,7 +97,7 @@ /* forward declarations */ static int deliver(message_data_t *msgdata, char *authuser, struct auth_state *authstate); -static int verify_user(const char *user, const char *domain, const char *mailhox, +static int verify_user(const char *user, const char *domain, const char *mailbox, long quotacheck, struct auth_state *authstate); static char *generate_notify(message_data_t *m); --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: realm problem
On Wed, 19 May 2004, Jukka Salmi wrote: Hi, I'm running Cyrus IMAP 2.2.3 and Cyrus SASL 2.1.18 on a NetBSD system. An excerpt from my imapd.conf: sasl_pwcheck_method: auxprop sasl_auxprop_plugin: sasldb sasl_mech_list: gssapi digest-md5 plain sasl_keytab: /etc/krb5.keytabs/cyrus Authentication works fine as long as I use the default realm. I added an entry to my sasldb using a different realm (saslpasswd2 -u realm -c user), but then imtest fails to authenticate: $ hostname bart.stasoft.ch $ id -un jukka $ sasldblistusers2 [EMAIL PROTECTED]: cmusaslsecretOTP [EMAIL PROTECTED]: userPassword $ imtest -m digest-md5 -r stasoft.ch bart does: imtest -m digest-md5 -u [EMAIL PROTECTED] -a [EMAIL PROTECTED] bart work any better for you? -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: realm problem
Rob Siemborski -- info-cyrus (2004-05-19 10:58:33 -0400): does: imtest -m digest-md5 -u [EMAIL PROTECTED] -a [EMAIL PROTECTED] bart work any better for you? Unfortunately not, but now the following is logged: May 19 17:11:31 bart imap[16685]: cross-realm login [EMAIL PROTECTED] denied Regards, Jukka -- bashian roulette: $ ((RANDOM%6)) || rm -rf ~ --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: realm problem
On Wed, 19 May 2004, Jukka Salmi wrote: Rob Siemborski -- info-cyrus (2004-05-19 10:58:33 -0400): does: imtest -m digest-md5 -u [EMAIL PROTECTED] -a [EMAIL PROTECTED] bart work any better for you? Unfortunately not, but now the following is logged: May 19 17:11:31 bart imap[16685]: cross-realm login [EMAIL PROTECTED] denied Are you running with virtual domains? Have you neabled stasoft.ch as a loginrealm? -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski | Andrew Systems Group * Research Systems Programmer PGP:0x5CE32FCC | Cyert Hall 207 * [EMAIL PROTECTED] * 412.268.7456 -BEGIN GEEK CODE BLOCK Version: 3.12 GCS/IT/CM/PA d- s+: a-- C$ ULS$ P+++$ L+++ E W+ N(-) o? K- w-- O- M-- V-- PS+ PE+ Y+ PGP+ t+@ 5+++ X- R@ tv-- b+ DI+++ D++ G e++ h+ r- y? --END GEEK CODE BLOCK- --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: realm problem
Rob Siemborski -- info-cyrus (2004-05-19 11:29:51 -0400): Are you running with virtual domains? Have you neabled stasoft.ch as a loginrealm? That's it, I didn't set the loginrealms option. Works fine now. Thanks for the hint! Cheers, Jukka -- bashian roulette: $ ((RANDOM%6)) || rm -rf ~ --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sendmail hooks for pre-checking of over-quota imap users?
On Monday 17 May 2004 23:05, Andrzej Filip wrote: 1) Could you post definition of cyrus map you use ? grep Kcyrus /etc/mail/sendmail.cf Kcyrus socket -aOK -TTMPF local:/var/imap/socket/smmapd 2) Cpuld you post exact link of solution you have used ? [there are a few versions] I use Luser Relay solution -- Regards, Sergey --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sendmail hooks for pre-checking of over-quota imap users?
--On Wednesday, May 19, 2004 09:45:23 AM +0200 Andrzej Filip
[EMAIL PROTECTED] wrote:
You should get some 4?? error (temporary problem) in sendmail's reply to
the RCPT TO: [EMAIL PROTECTED]
unfortunately I don't
If you face the problem yourself:
1) Make sure that you use latest version of my cyrus sendmail
integration hints [some *old* releases do not handle temp problems]
I downloaded the stuff again today and reinstalled it according to your
instructions on the website. I'm using sendmail 8.12.11 with the smmap
patch.
2) Post results produced by the commands below of over quota user(s):
echo '/map cyrus [EMAIL PROTECTED]' | sendmail -bt
Over quota user:
[EMAIL PROTECTED] cf]# echo '/map cyrus koarl' | /usr/lib/sendmail -bt
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter ruleset address
map_lookup: cyrus (koarl) no match (69)
[EMAIL PROTECTED] tmp]# ./socketmapClient.pl unix:/var/imap/socket/smmapd
cyrus koarl
koarl = PERM Over quota
Normal user:
[EMAIL PROTECTED] cf]# echo '/map cyrus muecketb' | /usr/lib/sendmail -bt
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter ruleset address
map_lookup: cyrus (muecketb) returns muecketbOK (0)
[EMAIL PROTECTED] tmp]# ./socketmapClient.pl unix:/var/imap/socket/smmapd
cyrus muecketb
muecketb = OK muecketb
sendmail -d60.1 -bv [EMAIL PROTECTED]'
Over quota user:
[EMAIL PROTECTED] cf]# /usr/lib/sendmail -d60.1 -bv [EMAIL PROTECTED]
map_lookup(dequote, root) = NOT FOUND (0)
map_lookup(dequote, koarl) = NOT FOUND (0)
map_lookup(user, koarl) = NOT FOUND (67)
map_lookup(cyrus, koarl) = NOT FOUND (69)
[EMAIL PROTECTED] User unknown
Normal user:
[EMAIL PROTECTED] cf]# /usr/lib/sendmail -d60.1 -bv [EMAIL PROTECTED]
map_lookup(dequote, root) = NOT FOUND (0)
map_lookup(dequote, muecketb) = NOT FOUND (0)
map_lookup(user, muecketb) = NOT FOUND (67)
map_lookup(cyrus, muecketb) = muecketbOK (0)
[EMAIL PROTECTED] deliverable: mailer cyrusv2, host dummy, user
muecketb
# the last one produce *a lot* of output
sendmail -d21.12 -d60.1 -bv [EMAIL PROTECTED]'
I attached the output, because it's so long.
I attached also my sendmail.mc maybe it helps too.
Thanks
Didi
--
-
Didi Rieder
[EMAIL PROTECTED]
PGPKey ID: 3431D0B0
-[EMAIL PROTECTED] tmp]# /usr/lib/sendmail -d21.12 -d60.1 -bv [EMAIL PROTECTED]
rewrite: ruleset canonify input: root
-trying rule: $@
- rule fails
-trying rule: $*
-rule matches: $: $1 @
rewritten as: root @
-trying rule: $* $* $* @
- rule fails
-trying rule: @ $* @
- rule fails
-trying rule: $* [ IPv6 : $+ ] @
- rule fails
-trying rule: $* : : $* @
- rule fails
-trying rule: : include : $* @
- rule fails
-trying rule: $* : $* [ $* ]
- rule fails
-trying rule: $* : $* @
- rule fails
-trying rule: $* @
-rule matches: $: $1
rewritten as: root
-trying rule: $* ;
- rule fails
-trying rule: $* $+ : ; $*
- rule fails
-trying rule: $* $* ;
- rule fails
-trying rule: $@
- rule fails
-trying rule: $*
-rule matches: $: $1
rewritten as: root
-trying rule: $+ $*
- rule fails
-trying rule: $* $+
- rule fails
-trying rule:
- rule fails
-trying rule: $+
-rule matches: $: $1
rewritten as: root
-trying rule: @ $+ , $+
- rule fails
-trying rule: @ [ $* ] : $+
- rule fails
-trying rule: @ $+ : $+
- rule fails
-trying rule: $+ : $* ; @ $+
- rule fails
-trying rule: $+ : $* ;
- rule fails
-trying rule: $+ @ $+
- rule fails
-trying rule: $+ $+ @ $+
- rule fails
-trying rule: $+ @ $+
- rule fails
-trying rule: $* % $*
- rule fails
-trying rule: $* @ $* @ $*
- rule fails
-trying rule: $* @ $*
- rule fails
-trying rule: $*
-rule matches: $@ $ Canonify2 $1
rewrite: ruleset Canonify2 input: root
-trying rule: $* @ localhost $*
- rule fails
-trying rule: $* @ localhost . tu-graz . ac . at $*
- rule fails
-trying rule: $* @ [ $+ ] $*
- rule fails
-trying rule: $* @ @ $=w $*
- rule fails
-trying rule: $* @ @ $+ $*
- rule fails
-trying rule: $* @ $* $=P $*
- rule fails
-trying rule: $* @ $* $~P $*
- rule fails
-trying rule: $* $| $* @ $* $={Canonify} $*
- rule fails
-trying rule: $* c $* $| $* @ $* $*
- rule fails
-trying rule: $* $| $* @ $+ . $*
- rule fails
-trying rule: $* $| $* @ $+ . $+ $*
- rule fails
-trying rule: $* $| $*
- rule fails
-trying rule: $* @ $=w $*
- rule fails
-trying rule: $* @ $=M $*
- rule fails
-trying rule: $* @ $* . . $*
- rule fails
rewrite: ruleset Canonify2returns: root
rewritten as: root
rewrite: ruleset canonify returns: root
rewrite: ruleset parse input: root
-trying rule: $*
-rule
Re: sendmail hooks for pre-checking of over-quota imap users?
Didi Rieder wrote: --On Wednesday, May 19, 2004 09:45:23 AM +0200 Andrzej Filip [EMAIL PROTECTED] wrote: You should get some 4?? error (temporary problem) in sendmail's reply to the RCPT TO: [EMAIL PROTECTED] unfortunately I don't If you face the problem yourself: 1) Make sure that you use latest version of my cyrus sendmail integration hints [some *old* releases do not handle temp problems] I downloaded the stuff again today and reinstalled it according to your instructions on the website. I'm using sendmail 8.12.11 with the smmap patch. 2) Post results produced by the commands below of over quota user(s): echo '/map cyrus [EMAIL PROTECTED]' | sendmail -bt Over quota user: [EMAIL PROTECTED] cf]# echo '/map cyrus koarl' | /usr/lib/sendmail -bt ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter ruleset address map_lookup: cyrus (koarl) no match (69) [EMAIL PROTECTED] tmp]# ./socketmapClient.pl unix:/var/imap/socket/smmapd cyrus koarl koarl = PERM Over quota Check your imapd.conf. My guess is that you have lmtp_over_quota_perm_failure enabled. If not, then you have an old/broken version of smmapd. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyradm timeout?
On Wed, 19 May 2004, Andrew J Caird wrote: I'm installing Cyrus v2.2.3 on Solaris 9 and I've been through the weirdness with imclient.a (see http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrussearchterm=imclientmsg=28484) and now I can connect to Cyrus IMAP servers (is there a better solution to this?). However, in my only test so far: connecting to a Cyrus v2.1.15 server, cyradm appears to timeout after about 5 seconds. Is this normal? I couldn't find any configuration options in either the cyradm client (Cyrus/IMAP/Shell.pm) or in the server configuration. It doesn't matter if I type commands or not, it appears to be about a 5 second timeout and the server logs it as a normal disconnect. Andrew, You might consider grabbing the 2.2.4 code (released yesterday), as it seems to have fixed the imclient problem along with some other issues. We are testing Cyrus v2.2.4 on Solaris 9, and noticed a problem with cyradm related to the getaddrinfo that comes with the SMCperl pkg. After removing the perl package, and recompiling perl from source our problems with cyradm went away. We're able to use cyradm to connect to both a 2.2.4 and 2.0.12 server. Thank you. -- Andrew Caird Bret --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
cyradm timeout?
I'm installing Cyrus v2.2.3 on Solaris 9 and I've been through the weirdness with imclient.a (see http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrussearchterm=imclientmsg=28484) and now I can connect to Cyrus IMAP servers (is there a better solution to this?). However, in my only test so far: connecting to a Cyrus v2.1.15 server, cyradm appears to timeout after about 5 seconds. Is this normal? I couldn't find any configuration options in either the cyradm client (Cyrus/IMAP/Shell.pm) or in the server configuration. It doesn't matter if I type commands or not, it appears to be about a 5 second timeout and the server logs it as a normal disconnect. Thank you. -- Andrew Caird --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sendmail hooks for pre-checking of over-quota imap users?
--On Wednesday, May 19, 2004 03:14:38 PM -0400 Ken Murchison [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] tmp]# ./socketmapClient.pl unix:/var/imap/socket/smmapd cyrus koarl koarl = PERM Over quota Check your imapd.conf. My guess is that you have lmtp_over_quota_perm_failure enabled. If not, then you have an old/broken version of smmapd. You are right, if I disable it then I get: [EMAIL PROTECTED] init.d]# /tmp/socketmapClient.pl unix:/var/imap/socket/smmapd cyrus koarl koarl = TEMP Over quota BTW, this is cyurs-2.2.4 Now sendmail says: [EMAIL PROTECTED] init.d]# /usr/lib/sendmail -d60.1 -bv [EMAIL PROTECTED] map_lookup(dequote, root) = NOT FOUND (0) map_lookup(dequote, koarl) = NOT FOUND (0) map_lookup(user, koarl) = NOT FOUND (67) map_lookup(cyrus, koarl) = NOT FOUND (75) map_lookup(cyrus, koarl) tempfail: errno=0 [EMAIL PROTECTED] deliverable: mailer local, user koarl [EMAIL PROTECTED] init.d]# telnet localhost smtp Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 zidd-198.tu-graz.ac.at ESMTP server ready at Wed, 19 May 2004 21:27:32 +0200 (CEST) helo localhost 250 zidd-198.tu-graz.ac.at Hello localhost [127.0.0.1], pleased to meet you mail from: 250 2.1.0 ... Sender ok rcpt to: [EMAIL PROTECTED] 250 2.1.5 [EMAIL PROTECTED]... Recipient ok (will queue) But there is no local user koarl. I'd like that sendmail does not queue for users that are over quota. Sendmail also queues if cyrus (smmapd) is not running, I'd like it to TEMPFAIL and reject messages. Didi -- - Didi Rieder [EMAIL PROTECTED] PGPKey ID: 3431D0B0 - pgpLl23HQNhJY.pgp Description: PGP signature
pop3 cram-md5+tls
Hi, I've setup Cyrus IMAPD 2.1.15 to run with TLS. When I logged into to the IMAPS account I see CRAM-MD5+TLS being activated. May 19 15:48:57 mail imapd[3760]: login: [203.14.138.21] nzhang CRAM-MD5+TLS User logged in but for POP3S I get May 19 12:33:48 mail pop3d[2941]: login: d154-20-6-167.bchsia.telus.net[154.20.6.167] eho CRAM-MD5 User logged in May I ask how can I force TLS for POP3S login? My client is Thunderbird 0.6. configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus allowanonymouslogin: no deleteright: cyrus sieveusehomedir: no sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: auxprop sasl_mech_list: cram-md5 lmtp_admins: cyruslmtp lmtp_downcase_rcpt: yes tls_ca_file: /etc/ssl/cyrus-imapd/cacert.pem tls_cert_file: /etc/ssl/cyrus-imapd/cert.pem tls_key_file: /etc/ssl/cyrus-imapd/key.pem Regards, Norman --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus 2.1.16
I have read the list and seen that 2.1.16 is expected to be the final release of the 2.1.x series. But is there a patch planned to fix the problem where the flag status isn't syncronised between the cyrus process's? Or at least include a warning in the documentation about it. I have just migrated our mail server over to the newer version and it is quite an aggravation. If not is there anything I can do? are there backports for Debian for a newer version that doesn't have this problem from the say the 2.2.x series? -- Daniel signature.asc Description: OpenPGP digital signature
