Re: how to pipe mail to external program?
Tuna Sundae wrote: On Thu, 24 Feb 2005 19:45:33 -0700, Craig White <[EMAIL PROTECTED]> wrote: On Thu, 2005-02-24 at 21:03 -0500, Tuna Sundae wrote: Hi, when I used to use sendmail, I used "aliasname: |/path/to/app" in /etc/aliases to pipe mail to a program. Now, I used postfix with cyrus' "deliver" as the delivery mechanism. How do I have cyrus pipe certain aliases to applications?: you asked the question the other day - I think that you use the /usr/sbin/sendmail binary supplied by your postfix installation, much the same as you would if you were using sendmail but I think in a way, that begs your question...wouldn't you use postfix aliasmaps much like you used aliases in sendmail? Are you sure that this is a cyrus question? That's the thing... I can't get postfix to check the alias map before giving the mail to cyrus' deliver. So I was hoping there was a cyrus way to do this. Is anyone using postfix/cyrus and having it first look at /etc/aliases before delivering to 'deliver'? I ran into a similar problem recently. It was explained to me that if you explicity define the transport for lmtp in "transports" you then disable piping to commands in Postifx (and a few other issues). What you need to do is comment out that definition in "transports" (presuming this is the case here) and define: mailbox_transport = lmtp:unix:/var/imap/socket/lmtp (modify as appropriate for your system) And then the pipe-to-commands should work. There are more specifics about why this is so - but that's what solved this for me. Forrest --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: how to pipe mail to external program?
On Thu, 2005-02-24 at 22:29, Tuna Sundae wrote: > On Thu, 24 Feb 2005 19:45:33 -0700, Craig White <[EMAIL PROTECTED]> wrote: > > That's the thing... I can't get postfix to check the alias map before > giving the mail to cyrus' deliver. So I was hoping there was a cyrus > way to do this. > > Is anyone using postfix/cyrus and having it first look at /etc/aliases > before delivering to 'deliver'? First, this is definitely a postfix question belonging on the postfix mailing list. Second, you most likely don't have /etc/aliases in your postfix alias_maps configuration. a default install of postfix uses /etc/postfix/aliases, but /etc/aliases can be added by editing main.cf (read the postfix documentation on postfix.org, or post to the postfix-users mailing list for more assistance) Third, unless you have a REAL need to use 'deliver' you should be using LMTP to inject mail into cyrus, as it provides better performance. > --- > Cyrus Home Page: http://asg.web.cmu.edu/cyrus > Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -- Edward Rudd <[EMAIL PROTECTED]> Website http://www.outoforder.cc/ --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: how to pipe mail to external program?
On Thu, 24 Feb 2005 19:45:33 -0700, Craig White <[EMAIL PROTECTED]> wrote: > On Thu, 2005-02-24 at 21:03 -0500, Tuna Sundae wrote: > > Hi, when I used to use sendmail, I used "aliasname: |/path/to/app" in > > /etc/aliases to pipe mail to a program. Now, I used postfix with > > cyrus' "deliver" as the delivery mechanism. How do I have cyrus pipe > > certain aliases to applications?: > > > > you asked the question the other day - I think that you use > the /usr/sbin/sendmail binary supplied by your postfix installation, > much the same as you would if you were using sendmail but I think in a > way, that begs your question...wouldn't you use postfix aliasmaps much > like you used aliases in sendmail? Are you sure that this is a cyrus > question? That's the thing... I can't get postfix to check the alias map before giving the mail to cyrus' deliver. So I was hoping there was a cyrus way to do this. Is anyone using postfix/cyrus and having it first look at /etc/aliases before delivering to 'deliver'? --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Compacting mailboxes...
On Thu, 2005-02-24 at 19:30 -0500, David G Mcmurtrie wrote: > On Thu, 24 Feb 2005, Forrest Aldrich wrote: > > > In any case, an issue was brought up whereby if a user doesn't "Compact" > > their mailbox (done via most common MUA's like Thunderbird) the deleted > > messages can linger - for however long. > > > > I've personally seen this before. > > The IMAP protocol specifies this (check out RFC 3501). IMAP utilizes a > two stage delete model. First a client must set the "Deleted" flag for a > message, then the client must send an expunge command to the server. > Until the expunge command is sent, the messages still exist but they're > marked for deletion. This isn't cyrus specific, it's how IMAP works. > > The behavior you're observing is that when you tell your client to delete > a message it's setting the Deleted flag. When you tell your client to > compact the folder, it's sending an expunge command. > > > I'm concerned about disk space consumption of these messages in-limbo. > > Is there some mechanism that can force a "compact" of the mailbox to > > remove these deleted messages - or is there another method to manage > > this scenario? > > I don't know of a server-side way to do what you want. That doesn't mean > it can't be done, though. I think what you really need to do is educate > your users. Clients vary greatly in how they work by default and how they > allow you to configure them. You should look for a client configuration > option that will always send an expunge whenever a message is deleted. indeed - expunge is a client function and as noted, standard IMAP behavior by design. Most programs have various options for handling deleted messages and Thunderbird (as op mentioned) clearly has many - including 'clean up "expunge" on exit.' Probably very important for op of a mail server to thoroughly inspect/test how each mail client would interact with server so he can field these questions or better yet, have a small web page to point people to in order to direct them to optimizing their mail clients interaction with the server. There are some programs (horde/imp) comes to mind which do 'maintenance procedures' that are as of a client but appear almost server like which can do this as well but is pretty much out of bounds for this discussion. Craig --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: how to pipe mail to external program?
On Thu, 2005-02-24 at 21:03 -0500, Tuna Sundae wrote: > Hi, when I used to use sendmail, I used "aliasname: |/path/to/app" in > /etc/aliases to pipe mail to a program. Now, I used postfix with > cyrus' "deliver" as the delivery mechanism. How do I have cyrus pipe > certain aliases to applications?: > you asked the question the other day - I think that you use the /usr/sbin/sendmail binary supplied by your postfix installation, much the same as you would if you were using sendmail but I think in a way, that begs your question...wouldn't you use postfix aliasmaps much like you used aliases in sendmail? Are you sure that this is a cyrus question? Craig --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
how to pipe mail to external program?
Hi, when I used to use sendmail, I used "aliasname: |/path/to/app" in /etc/aliases to pipe mail to a program. Now, I used postfix with cyrus' "deliver" as the delivery mechanism. How do I have cyrus pipe certain aliases to applications?: Thanks! --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: lmpt/quota behaviour
Per olof Ljungmark wrote: Hi all, I'm running a test setup and today I tried setting the quota for a mailbox below the current size of it to see what happened. No surprise, lmpt started responding "452 4.2.2 Over quota" as it should. Then I increased the quota again so that there were plenty of room, waited for the 452 response to go away but it did not. After an hour I restarted the lmtp process and the account accepted mail again. Q: How long should it normally take for lmtp to see the changes? The change TO "Over quota" was registered instantly but the not the opposite apparently. Can this time be adjusted? I believe lmtpd should be checking the quota for each RCTP TO that it receives, but I'd have to check. It *should* see the change immediately. I know the test scheme was perhaps not a real world one but should not an account be able to accept mail more or less immideately after the quota is fixed? 2.2.10 with patches from UOA. Thanks, --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Compacting mailboxes...
On Thu, 24 Feb 2005, Forrest Aldrich wrote: > In any case, an issue was brought up whereby if a user doesn't "Compact" > their mailbox (done via most common MUA's like Thunderbird) the deleted > messages can linger - for however long. > > I've personally seen this before. The IMAP protocol specifies this (check out RFC 3501). IMAP utilizes a two stage delete model. First a client must set the "Deleted" flag for a message, then the client must send an expunge command to the server. Until the expunge command is sent, the messages still exist but they're marked for deletion. This isn't cyrus specific, it's how IMAP works. The behavior you're observing is that when you tell your client to delete a message it's setting the Deleted flag. When you tell your client to compact the folder, it's sending an expunge command. > I'm concerned about disk space consumption of these messages in-limbo. > Is there some mechanism that can force a "compact" of the mailbox to > remove these deleted messages - or is there another method to manage > this scenario? I don't know of a server-side way to do what you want. That doesn't mean it can't be done, though. I think what you really need to do is educate your users. Clients vary greatly in how they work by default and how they allow you to configure them. You should look for a client configuration option that will always send an expunge whenever a message is deleted. Thanks, Dave PGP/GPG Key: http://www.pitt.edu/~dgm/gpgkey.asc.txt --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
lmpt/quota behaviour
Hi all, I'm running a test setup and today I tried setting the quota for a mailbox below the current size of it to see what happened. No surprise, lmpt started responding "452 4.2.2 Over quota" as it should. Then I increased the quota again so that there were plenty of room, waited for the 452 response to go away but it did not. After an hour I restarted the lmtp process and the account accepted mail again. Q: How long should it normally take for lmtp to see the changes? The change TO "Over quota" was registered instantly but the not the opposite apparently. Can this time be adjusted? I know the test scheme was perhaps not a real world one but should not an account be able to accept mail more or less immideately after the quota is fixed? 2.2.10 with patches from UOA. Thanks, --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Compacting mailboxes...
We recently deployed Cyrus IMAPD on an internal corporate server. We plan on using it for a larger installation (once I get comfortable with all the technical quirks ;-)) In any case, an issue was brought up whereby if a user doesn't "Compact" their mailbox (done via most common MUA's like Thunderbird) the deleted messages can linger - for however long. I've personally seen this before. I'm concerned about disk space consumption of these messages in-limbo. Is there some mechanism that can force a "compact" of the mailbox to remove these deleted messages - or is there another method to manage this scenario? Thanks! --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Problems with sieveshell under Solaris 9
I I have perl 5.8.5. I don't know about 5.8.3 and when I looked around I couldn't find it on Sunfreeware any more, but under 5.8.5 it states: Important Note - Solaris 9 comes with a slightly earlier version of perl in /usr/bin. You may wish to use this version rather than the version on sunfreeware.com. If you do install this perl and want to use it rather than the Sun one, you will need to have /usr/local/bin in your PATH before /usr/bin. Which might mean that the version you have might not be right. This is just a guess, but I hope it helps. B Thomas Robers wrote: Robert Scussel wrote: This might be a shot in the dark, but having recently battled through some quirks on Solaris 9, make sure that your perl binary is one that was compiled on the Solaris box with gcc ( unless of course you actually have the sun compiler and compiled cyrus with it ). The one from sunfreeware works. I was having all sorts of issues trying to install perl modules with the solaris CC compiled perl. Hope this helps, B Hi Robert, the perl binary is the one from sunfreeware. It's version 5.8.3. So it should work? I use gcc version 3.2.2 also from sunfreeware. But I don't know if that perl version is compiled with gcc 3.2.2. I also tried the perl that comes with Solaris 9 but that didn't work. I got an error message: > make[2]: cc: Command not found > make[2]: *** [IMAP.o] Error 127 The compiling stops in the directory ./perl/imap. It seems that the Sun compiler is assumed from the perl binary shipped with Solaris. I think I try it with self compiled version of perl. Thanks Thomas --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -- Robert Scussel 1024D/BAF70959/0036 B19E 86CE 181D 0912 5FCC 92D8 1EA1 BAF7 0959 --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Basic FAQs and HOWTOs
On Thu, 2005-02-24 at 13:52 -0800, Wil Cooley wrote: > Also Sprach Craig White <[EMAIL PROTECTED]> on Wed, Feb 23, 2005 at > 10:43:28PM PST: > > > When you say 'you have to go to get a cert from an established CA' - > > does that mean for purposes of being my own CA, tinyCA is of little use > > to me? > > No, that was an explaination of how half the process works. > > > My goal was to be my own CA - generate per user certificates and have > > revocation rights. I haven't had many issues with creating certs for > > various applications such as ldap/apache etc. I was looking for some > > granular control for individual users. > > Yes, that's exactly what it's for. then I guess I will have to wait for a similar divining moment of inspiration and lucidity as you experienced and thus some (certainly not all) will become known. ;-) thanks again for the fish Craig --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Basic FAQs and HOWTOs
Also Sprach Craig White <[EMAIL PROTECTED]> on Wed, Feb 23, 2005 at 10:43:28PM PST: > When you say 'you have to go to get a cert from an established CA' - > does that mean for purposes of being my own CA, tinyCA is of little use > to me? No, that was an explaination of how half the process works. > My goal was to be my own CA - generate per user certificates and have > revocation rights. I haven't had many issues with creating certs for > various applications such as ldap/apache etc. I was looking for some > granular control for individual users. Yes, that's exactly what it's for. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * pgpGOghkVYWIH.pgp Description: PGP signature
Re: group quota
No it is not, you define it in Cyrus with 'setquota' in 'cyradm'. Here's some output from cyradm: hostname> lq @domain.com STORAGE 1222377/2097152 (58.2874774932861%) You will need a 2.2.x version for virual domain support though.. On 24-2-2005 19:29, Lincoln Zuljewic Silva wrote: but this is a configuration of MTA ? On Thu, 24 Feb 2005 19:08:33 +0100, L. v. Alphen <[EMAIL PROTECTED]> wrote: On 24-2-2005 18:48, Lincoln Zuljewic Silva wrote: can i setup groups of users inside cyrus and add specifc quota to that group or i have to setup quota user by user ? What we do here is define a quota root on '@domain.com' this in effect gives you a shared quota for all users within a virtual domain. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus on Linksys NSLU2
Ian G Batten wrote: I've compiled 2.2.12 on a Linksys NSLU2. It appears to work --- I can rsync a mailbox on from a Sun and access it correctly. I've also got Sendmail 8.13.3 built and awaiting a config file, so I can start delivering mail to the slug soonest. I have real work for this, honest, and it's not just geekery: we want low-maintenance mail servers in our branch offices. Kudos for getting Cyrus compiled, I never would have even considered building it on my slug! Given the limited amount of memory on the slug, I don't think you're going to get very good performance with a reasonable number of concurrent connections, but I could be wrong. I did the compilation actually on the slug, as building a cross-compilation environment faithful enough to handle a full-scale configure, especially given my preferred development environment being Solaris 10 on Sparc, seemed too much like hard work. I had to hack a few bits and pieces to get it to build, notably xversion.sh (as perl isn't present, awk appears to be somewhat broken, printf is missing and echo doesn't have \n properly). Obviously I haven't got perl, so I skipped the cyradm build. xversion.sh reads as follows: #!/bin/sh echo "/* Generated automatically by xversion.sh */" > xversion.h echo "#define CYRUS_CVSDATE \"unknown\"" >> xversion.h It loses versioning information, obviously. I'll write a better solution in C when I have a chance. Also, a `make clean' is a bit of a catastrophe, as some things are supplied in the source kit that are scrubbed by a clean and require perl to rebuild (imapopts, notably). I used ipkg to install a whole stack of stuff: diffutils, the compilers, ssl, sasl, db and so on. The slug I'm compiling and testing on has the following packages installed: cpio crosstool-native-arch-bin crosstool-native-arch-inc crosstool-native-arch-lib crosstool-native-bin crosstool-native-inc crosstool-native-lib cyrus-sasl diffutils findutils ipkg less libc6-unslung libdb libgcc libipkg m4 make ncurses nfs-utils nslu2-linksys-libs ntpclient openssh openssl portmap rsync slingbox strace unslung-standard-rootfs wget zlib Not all are required for the build, but I'm not about to start randomly removing packages and seeing if it'll still build! The compilation was done with: # CC=/opt/armeb/bin/armv5b-softfloat-linux-gcc export CC # CFLAGS=-O export CFLAGS # ./configure --build=armv5b-softfloat-linux \ --with-bdb-libdir=/opt/lib --with-bdb-incdir=/opt/include \ --without-perl --with-cyrus-user=mail --with-cyrus-group=mail \ --prefix=/opt/cyrus --with-cyrus-prefix=/opt/cyrus # make I used mail:mail as the uid because it's there, and adding users into /etc/passed is painful on a slug. /opt/cyrus isn't big enough (unless you're using non-standard partitioning) so I made it a symlink into /share/hdd/data/cyrus. ian --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: group quota
but this is a configuration of MTA ? On Thu, 24 Feb 2005 19:08:33 +0100, L. v. Alphen <[EMAIL PROTECTED]> wrote: > On 24-2-2005 18:48, Lincoln Zuljewic Silva wrote: > > can i setup groups of users inside cyrus and add specifc quota to that > > group or i have to setup quota user by user ? > > What we do here is define a quota root on '@domain.com' this in effect > gives you a shared quota for all users within a virtual domain. > > --- > Cyrus Home Page: http://asg.web.cmu.edu/cyrus > Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Lincoln Zuljewic Silva --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: group quota
On 24-2-2005 18:48, Lincoln Zuljewic Silva wrote: can i setup groups of users inside cyrus and add specifc quota to that group or i have to setup quota user by user ? What we do here is define a quota root on '@domain.com' this in effect gives you a shared quota for all users within a virtual domain. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus on Linksys NSLU2
I've compiled 2.2.12 on a Linksys NSLU2. It appears to work --- I can rsync a mailbox on from a Sun and access it correctly. I've also got Sendmail 8.13.3 built and awaiting a config file, so I can start delivering mail to the slug soonest. I have real work for this, honest, and it's not just geekery: we want low-maintenance mail servers in our branch offices. I did the compilation actually on the slug, as building a cross-compilation environment faithful enough to handle a full-scale configure, especially given my preferred development environment being Solaris 10 on Sparc, seemed too much like hard work. I had to hack a few bits and pieces to get it to build, notably xversion.sh (as perl isn't present, awk appears to be somewhat broken, printf is missing and echo doesn't have \n properly). Obviously I haven't got perl, so I skipped the cyradm build. xversion.sh reads as follows: #!/bin/sh echo "/* Generated automatically by xversion.sh */" > xversion.h echo "#define CYRUS_CVSDATE \"unknown\"" >> xversion.h It loses versioning information, obviously. I'll write a better solution in C when I have a chance. Also, a `make clean' is a bit of a catastrophe, as some things are supplied in the source kit that are scrubbed by a clean and require perl to rebuild (imapopts, notably). I used ipkg to install a whole stack of stuff: diffutils, the compilers, ssl, sasl, db and so on. The slug I'm compiling and testing on has the following packages installed: cpio crosstool-native-arch-bin crosstool-native-arch-inc crosstool-native-arch-lib crosstool-native-bin crosstool-native-inc crosstool-native-lib cyrus-sasl diffutils findutils ipkg less libc6-unslung libdb libgcc libipkg m4 make ncurses nfs-utils nslu2-linksys-libs ntpclient openssh openssl portmap rsync slingbox strace unslung-standard-rootfs wget zlib Not all are required for the build, but I'm not about to start randomly removing packages and seeing if it'll still build! The compilation was done with: # CC=/opt/armeb/bin/armv5b-softfloat-linux-gcc export CC # CFLAGS=-O export CFLAGS # ./configure --build=armv5b-softfloat-linux \ --with-bdb-libdir=/opt/lib --with-bdb-incdir=/opt/include \ --without-perl --with-cyrus-user=mail --with-cyrus-group=mail \ --prefix=/opt/cyrus --with-cyrus-prefix=/opt/cyrus # make I used mail:mail as the uid because it's there, and adding users into /etc/passed is painful on a slug. /opt/cyrus isn't big enough (unless you're using non-standard partitioning) so I made it a symlink into /share/hdd/data/cyrus. ian --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
group quota
can i setup groups of users inside cyrus and add specifc quota to that group or i have to setup quota user by user ? -- Lincoln Zuljewic Silva --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: [RFC] EXTERNAL auth choosing between CN and email address?
Marco Colombo wrote: What field is that, exaclty? v3 extension? I'm not sure... it's in the OpenSSL headers files as "NID_pkcs9_emailAddress". Anyway, the goal of authentication is to identify users not email addresses. The whole idea of using certs is broken, unless you use the cert itself. No CA makes any attempt to provide _unique_ information. And the uniqueness of an email address it pretty weak. The only unique info you can extract from a cert is the public key, which is what you're actually using to identify the remote party. I agree, but in this case the email address _is_ the user name. Of course, if your server trust only _one_ CA, and you have control on how that CA works, you can use certs safely. You can make sure CN data (or any data) is unique. Exactly, that's the only scenario where this is viable. When I document this for people to use, I'll make that perfectly clear: if you configure your system to accept _any_ client certificate, you are not doing yourself any good. This method _only_ works when you are administering the CA yourself and have complete control over the contents of the certs and who has access to them. Granted, I could also just make the CN in the cert be the user's email address, but I'd rather leave it as their full name (it's much nicer in Horde that way, plus we also use it for Trac). --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: --with-auth only for group memberships?
Igor Brezac wrote: --auth-auth specifies an authorization (not authentication) mechanism. The unix module is mostly useful for group. OK, yeah, authorization vs. authentication, right. Since SASL cannot provide authorization details, Cyrus IMAP has to get them from somewhere else, so that's understandable. This is not correct. unix_group_enable is used only when you compile the unix authorization mechanism, otherwise it has not effect. Understood. I'll continue using the combination of --with-auth=unix and unix_group_enable turned off, which will keep Cyrus IMAP from caring about group memberships (and looking at my passwd/group files). --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus Murder patch
Dear all, I'm submitting a patch which fixes a slightly irritating (although not serious) problem, whereby the Cyrus Murder daemons proxyd and lmtpproxyd do not bind to the correct interface when opening tcp connections to the backend servers. This happens when the servername of the Murder front-end is not the primary interface on the host. This leads to inconsistent Cyrus logs and Received headers on delivered mail. The patch simply adds a bind() call to the backend_connect() function of imap/backend.c. It tries to bind the socket to the interface specified by the servername imapd.conf option. I'd be grateful if someone could take a look at this. It should patch OK against the CVS HEAD. Regards, Stephen Grier -- Stephen Grier Systems Developer Computing Services Queen Mary, University of London diff -Naur cyrus-imapd-2.2.10.old/imap/backend.c cyrus-imapd-2.2.10/imap/backend.c --- cyrus-imapd-2.2.10.old/imap/backend.c 2004-10-27 17:53:35.0 +0100 +++ cyrus-imapd-2.2.10/imap/backend.c 2005-02-24 14:39:46.542462000 + @@ -272,7 +272,7 @@ int sock = -1; int r; int err; -struct addrinfo hints, *res0 = NULL, *res; +struct addrinfo hints, *res0 = NULL, *res1 = NULL, *res; struct sockaddr_un sunsock; char buf[2048], *mechlist = NULL; struct sigaction action; @@ -315,6 +315,12 @@ free(ret); return NULL; } +/* Get addrinfo struct for local interface. */ +err = getaddrinfo(config_servername, NULL, &hints, &res1); +if(err) { +syslog(LOG_ERR, "getaddrinfo(%s) failed: %s", + config_servername, gai_strerror(err)); +} } /* Setup timeout */ @@ -331,6 +337,15 @@ sock = socket(res->ai_family, res->ai_socktype, res->ai_protocol); if (sock < 0) continue; +/* Bind to local interface. */ +if (!err) { +if (bind(sock, res1->ai_addr, res1->ai_addrlen) < 0) { +struct sockaddr_in *local_sockaddr = (struct sockaddr_in *) res1->ai_addr; +syslog(LOG_ERR, "failed to bind to address %s: %s", + inet_ntoa(local_sockaddr->sin_addr), strerror(errno)); +} +freeaddrinfo(res1); +} alarm(config_getint(IMAPOPT_CLIENT_TIMEOUT)); if (connect(sock, res->ai_addr, res->ai_addrlen) >= 0) break;
Re: Using DB_CONFIG (how?)
Jukka Salmi wrote: Henrique de Moraes Holschuh --> info-cyrus (2005-02-24 12:25:48 -0300): On Thu, 24 Feb 2005, Stephan A. Rickauer wrote: Great help, thanks! I moved my DB_CONFIG into db/ and tried to restart cyrus _without_ doing "db_recover" first. Guess what, the new parameters have been set properly. How come? What version of Berkeley DB? They might have fixed this design thinko by now... :) Isn't 'ctl_cyrusdb -r' run by default on startup? At least that's what I have in my cyrus.conf. That would explain why a manual db_recover was not needed... Jukka This is it! -- Stephan --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Postfix+Cyrus - Blank message-id: header results in bounced
Cristi Mitrana said: > Matt Goebel wrote: > >>Henrique de Moraes Holschuh said: >> >> >>>On Thu, 24 Feb 2005, Matt Goebel wrote: >>> >>> How would I go about telling postix to insert a message-id if one is not there? It DOESN'T do that now. With Postfix+Dovecot I get the message >>>It must, AFAIK. BTW, a broken message-id is not the same as no >>> message-id. >>>If the message-id header is there but empty (or broken), postfix won't >>>replace it AFAIK. >>> >>> >>> >> >>That's the problem. The message-id header is there but blank. It's >>clearly a broken client (Lotus Notes) that's doing it. Unfortunetly I >>have no control over users outside my domain and I have to support >>messages from them. There's a easy way to reproduce/test this without >>using lotus notes: >> >>"sendmail -i [EMAIL PROTECTED] < email.txt" >> >>where "email.txt" contains: >> >>Subject: Mail Delivery Problem Test >>To: [EMAIL PROTECTED] >>Cc: >>From: [EMAIL PROTECTED] >>Date: 22-Feb-2005 09:21:51 tPST >>Message-ID: >>MIME-Version: 1.0 >>Content-type: text/plain; charset=US-ASCII >> >> >> > > Actually I tested with sendmail and cyrus accepts it without problems, > I'm using the cyrus from debian testing (2.1.17) and delivery works fine. > 'sendmail' is actually the postfix 'sendmail' command and it delivers > happily > to lmtpd without any problems. > > What version are you using ? any patches applied ? > > mitu > > --- > Cyrus Home Page: http://asg.web.cmu.edu/cyrus > Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > > The sendmail command I refered to is part of the postfix program as you've stated. No relation to the Sendmail SMTP server. Does Sendmail (SMTP) rewrite the blank message-id? I've pretty much narrowed it down to cyrus here. I'm running postfix-2.1.5-2.4.FC3 (standard Fedora core 3 RPM, except I've recompiled with with MySQL support), cyrus-imapd-2.2.10-3.fc3 (standard Fedora core 3 RPM, which I swapped out the autocreate patch for the newest one so I could auto create sieve scripts, and rebuilt the RPM), mailscanner-4.36.4-1, clamav-0.83-1, and spamassassin-3.0.1-0.FC3. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Using DB_CONFIG (how?)
Henrique de Moraes Holschuh --> info-cyrus (2005-02-24 12:25:48 -0300): > On Thu, 24 Feb 2005, Stephan A. Rickauer wrote: > > Great help, thanks! I moved my DB_CONFIG into db/ and tried to restart > > cyrus _without_ doing "db_recover" first. Guess what, the new parameters > > have been set properly. How come? > > What version of Berkeley DB? They might have fixed this design thinko by > now... :) Isn't 'ctl_cyrusdb -r' run by default on startup? At least that's what I have in my cyrus.conf. That would explain why a manual db_recover was not needed... Jukka -- bashian roulette: $ ((RANDOM%6)) || rm -rf ~ --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Using DB_CONFIG (how?)
On Thu, 24 Feb 2005, Stephan A. Rickauer wrote: > Great help, thanks! I moved my DB_CONFIG into db/ and tried to restart > cyrus _without_ doing "db_recover" first. Guess what, the new parameters > have been set properly. How come? What version of Berkeley DB? They might have fixed this design thinko by now... :) -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Using DB_CONFIG (how?)
Hallo Stephan A. Rickauer, --On 24. Februar 2005 16:00:14 Uhr +0100 "Stephan A. Rickauer" <[EMAIL PROTECTED]> wrote: Sebastian Hagedorn wrote: --On 24. Februar 2005 15:37:31 Uhr +0100 Sebastian Hagedorn no, it's not. It's db/ subdirectory, i.e. /drbd/system/var/lib/imap/db/ in your case. sorry, I just noticed I'm wrong ... I should have re-checked that first. /var/lib/imap *is* the DB_HOME. Sorry again. doch :) (No it isn't) ... at least I falsified this by moving DB_CONFIG up again and then the old default settings were restored. After putting it back into db/ my new settings have been applied again. Well, maybe there is another reason for that, but at this point I don't care ... I must be very confused today :-) I was thrown off track by a test that was conceptually flawed ... as you have noticed I was right the first time around. Cheers, Sebastian Hagedorn -- Sebastian Hagedorn M.A. - RZKR-R1 (GebÃude 52), Zimmer 18 Zentrum fÃr angewandte Informatik - UniversitÃtsweiter Service RRZK UniversitÃt zu KÃln / Cologne University - Tel. +49-221-478-5587 pgpthkK0qVfal.pgp Description: PGP signature
Re: --with-auth only for group memberships?
On Thu, 24 Feb 2005, Kevin P. Fleming wrote: I've just reworked my Cyrus IMAP installation, and I'm beginning to get the impression that --with-auth (which defaults to "unix") is only for group memberships, and really has no other effect. It certainly doesn't seem to affect SASL in any way, which is what actually handles authentication. --auth-auth specifies an authorization (not authentication) mechanism. The unix module is mostly useful for group. Since I have "unix_group_enable: 0" in my imapd.conf file, does that mean that it no longer matters what I specify for --with-auth? If so, the documentation could use an update to make that abundantly clear, and ideally the option could be renamed so people don't think it has anything to do with actually authenticating users :-) This is not correct. unix_group_enable is used only when you compile the unix authorization mechanism, otherwise it has not effect. -- Igor --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Using DB_CONFIG (how?)
Great help, thanks! I moved my DB_CONFIG into db/ and tried to restart cyrus _without_ doing "db_recover" first. Guess what, the new parameters have been set properly. How come? Thanks again. Stephan Sebastian Hagedorn wrote: Hi, --On 24. Februar 2005 14:53:04 Uhr +0100 "Stephan A. Rickauer" <[EMAIL PROTECTED]> wrote: My DB_HOME is nowhere set as an environment variable, but given that my db's are stored in /drbd/system/var/lib/imap/ I assume that this is it. no, it's not. It's db/ subdirectory, i.e. /drbd/system/var/lib/imap/db/ in your case. Cheers, Sebastian Hagedorn -- Sebastian Hagedorn M.A. - RZKR-R1 (Gebäude 52), Zimmer 18 Zentrum für angewandte Informatik - Universitätsweiter Service RRZK Universität zu Köln / Cologne University - Tel. +49-221-478-55 87 --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Using DB_CONFIG (how?)
Hi, --On 24. Februar 2005 15:37:31 Uhr +0100 Sebastian Hagedorn <[EMAIL PROTECTED]> wrote: --On 24. Februar 2005 14:53:04 Uhr +0100 "Stephan A. Rickauer" <[EMAIL PROTECTED]> wrote: My DB_HOME is nowhere set as an environment variable, but given that my db's are stored in /drbd/system/var/lib/imap/ I assume that this is it. no, it's not. It's db/ subdirectory, i.e. /drbd/system/var/lib/imap/db/ in your case. sorry, I just noticed I'm wrong ... I should have re-checked that first. /var/lib/imap *is* the DB_HOME. Sorry again. -- Sebastian Hagedorn M.A. - RZKR-R1 (GebÃude 52), Zimmer 18 Zentrum fÃr angewandte Informatik - UniversitÃtsweiter Service RRZK UniversitÃt zu KÃln / Cologne University - Tel. +49-221-478-5587 pgplz2STlzg0j.pgp Description: PGP signature
Re: Using DB_CONFIG (how?)
Sebastian Hagedorn wrote: --On 24. Februar 2005 15:37:31 Uhr +0100 Sebastian Hagedorn no, it's not. It's db/ subdirectory, i.e. /drbd/system/var/lib/imap/db/ in your case. sorry, I just noticed I'm wrong ... I should have re-checked that first. /var/lib/imap *is* the DB_HOME. Sorry again. doch :) (No it isn't) ... at least I falsified this by moving DB_CONFIG up again and then the old default settings were restored. After putting it back into db/ my new settings have been applied again. Well, maybe there is another reason for that, but at this point I don't care ... -- Stephan A. Rickauer --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus and Usenet
kael wrote: On 08.02.2005 02:28, kael wrote: I wish to use the _push_ method, as described in http://asg.web.cmu.edu/cyrus/download/imapd/install-netnews.html. I have been searching but haven't ben able to deliver NetNews via Cyrus. imapd.conf is managed with the following lines: partition-news: /var/spool/imap/news newsspool: /var/spool/news newspeer: news-in.newsfeeds.com:119 news-out.newsfeeds.com:119 newsprefix: Usenet I then ran /usr/lib/cyrus-imapd/nntpd but no articles are delivered in the correponding mailboxes e.g. Usenet/comp.mail.imap. Please, could you help me ? The newsspool option is deprecated and not needed. Have you created the "Usenet.comp.mail.imap" mailbox on your "news" partition (/var/spool/imap/news) and given at least the "anonymous" user the "p" right? You probably want to grant your newsgroups "anyone lrsp". Have you told your news provider to send you articles? Do you have a local NNTP client that can access your Cyrus server and LIST newsgroups and POST articles (you can do this with nntptest if you know how to use NNTP manually)? If not, you need to fix this before worrying about accepting articles from the outside. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Using DB_CONFIG (how?)
Hi, --On 24. Februar 2005 14:53:04 Uhr +0100 "Stephan A. Rickauer" <[EMAIL PROTECTED]> wrote: My DB_HOME is nowhere set as an environment variable, but given that my db's are stored in /drbd/system/var/lib/imap/ I assume that this is it. no, it's not. It's db/ subdirectory, i.e. /drbd/system/var/lib/imap/db/ in your case. Cheers, Sebastian Hagedorn -- Sebastian Hagedorn M.A. - RZKR-R1 (GebÃude 52), Zimmer 18 Zentrum fÃr angewandte Informatik - UniversitÃtsweiter Service RRZK UniversitÃt zu KÃln / Cologne University - Tel. +49-221-478-5587 pgp41eRBCrSS3.pgp Description: PGP signature
Re: Using DB_CONFIG (how?)
On Thu, 24 Feb 2005, Stephan A. Rickauer wrote: > given above. After restarting cyrusd I checked the config with "db_stat > /drbd/system/var/lib/imap/deliver.db -l" ... but neither of the two > parameters have been adjusted. You have to stop everything using that DB, then run a db_recover to rebuild the environment. Only then the new parameters will be activated. > DB_HOME is .. is there a way to find out? I've also read about some > "db_recover" and that it should be run before starting cyrus again. But Exactly that. Do it. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Migration from Suse to Debian
On Thu, 24 Feb 2005, Paul van der Vlis wrote: > Debian uses a hashed mailspool, Suse does not. > > Is it possible to transfer the mail over IMAP from server to server? Yes, but you can do it fs-to-fs as well. Look at the /usr/lib/cyrus/upgrade dir in the Debian install... -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Basic FAQs and HOWTOs
Kevin P. Fleming wrote: Craig White wrote: My goal was to be my own CA - generate per user certificates and have revocation rights. I haven't had many issues with creating certs for various applications such as ldap/apache etc. I was looking for some granular control for individual users. I do this manually using OpenSSL commands directly; it's really not that difficult. The biggest issue is ensuring that all your SSL/TLS-enabled services are aware of your CRL (revocation list). As best I can tell, Cyrus IMAP does not currently support a CRL, so you wouldn't be able to stop users from accessing your IMAP/POP servers using a cert you supplied. This sounds interesting and potentially useful. Patches are always welcome. ;) -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Migration from Suse to Debian
Hello, I want to migrate mailboxes from several Suse 8.1 machines (with Cyrus 2.1.9) and Suse 8.2 machines (with Cyrus 2.1.12) to Debian Sarge machines (with Cyrus 2.1.17). Debian uses a hashed mailspool, Suse does not. Is it possible to transfer the mail over IMAP from server to server? Or does somebody know a better way? With regards, Paul van der Vlis. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Using DB_CONFIG (how?)
Folks, our Institute runs a Cyrus 2.2.3 on a SuSE Box 9.1 for two month without a problem (~100 mail accounts). Today, we have got the well known error message: DBERROR db4: Logging region out of memory; you may need to increase its size DBERROR: opening /drbd/system/var/lib/imap/deliver.db: Cannot allocate memory With the help of this list I found out that this refers to the way DB is configured. I also found out, that I should increase "Log record cache size" and "Log region size" (set_lg_regionmax 131072 and set_lg_bsize 524288) by creating a file called "DB_CONFIG" in my DB_HOME. Let me tell you what I did not find out :) My DB_HOME is nowhere set as an environment variable, but given that my db's are stored in /drbd/system/var/lib/imap/ I assume that this is it. Hence, I stored the DB_CONFIG file in there -- listing the parameters given above. After restarting cyrusd I checked the config with "db_stat /drbd/system/var/lib/imap/deliver.db -l" ... but neither of the two parameters have been adjusted. I think I miss a step somewhere and I do not know for sure what my DB_HOME is .. is there a way to find out? I've also read about some "db_recover" and that it should be run before starting cyrus again. But any help on this topic is really appreciated, since I am not a Berkeley DB master at all... and since this is my life db ... well, you know. Thanks a lot! -- Stephan A. Rickauer Institut für Neuroinformatik IT-Koordinator Universität / ETH Zürich Winterthurerstr. 190 CH-8057 Zürich Tel: +41 44 635 30 50 Sek: +41 44 635 30 52 Fax: +41 44 635 30 53 http://www.ini.unizh.ch [EMAIL PROTECTED] --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Problems with sieveshell under Solaris 9
Robert Scussel wrote: This might be a shot in the dark, but having recently battled through some quirks on Solaris 9, make sure that your perl binary is one that was compiled on the Solaris box with gcc ( unless of course you actually have the sun compiler and compiled cyrus with it ). The one from sunfreeware works. I was having all sorts of issues trying to install perl modules with the solaris CC compiled perl. Hope this helps, B Hi Robert, the perl binary is the one from sunfreeware. It's version 5.8.3. So it should work? I use gcc version 3.2.2 also from sunfreeware. But I don't know if that perl version is compiled with gcc 3.2.2. I also tried the perl that comes with Solaris 9 but that didn't work. I got an error message: > make[2]: cc: Command not found > make[2]: *** [IMAP.o] Error 127 The compiling stops in the directory ./perl/imap. It seems that the Sun compiler is assumed from the perl binary shipped with Solaris. I think I try it with self compiled version of perl. Thanks Thomas --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: [RFC] EXTERNAL auth choosing between CN and email address?
On Thu, 24 Feb 2005, Kevin P. Fleming wrote: I'm working on a webmail system using client certificates for authentication. I have Cyrus IMAP working fine with Cyrus SASL and "AUTH=EXTERNAL" after negotiating TLS... the IMAP daemon authenticate the user properly. However, it chooses the CN from the client cert as the authentication identity. With a bit of hacking to imap/tls.c I was able to convince it to use the "email address" instead, but I'd rather not keep it this way... ^ What field is that, exaclty? v3 extension? Anyway, the goal of authentication is to identify users not email addresses. The whole idea of using certs is broken, unless you use the cert itself. No CA makes any attempt to provide _unique_ information. And the uniqueness of an email address it pretty weak. The only unique info you can extract from a cert is the public key, which is what you're actually using to identify the remote party. There should be a way to associate public keys with cyrus usernames. Of course, if your server trust only _one_ CA, and you have control on how that CA works, you can use certs safely. You can make sure CN data (or any data) is unique. BTW, I've used EXTERNAL myself, but only for lmtp, and to identify servers. And I used an internal CA. CN was server name, and I'm pretty sure there's no other cert with that CN data. .TM. -- / / / / / / Marco Colombo ___/ ___ / / Technical Manager / / / ESI s.r.l. _/ _/ _/ [EMAIL PROTECTED] --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus 2.2.8: imapd dies + corrupt inbox
Have you tried to use lsof to see which files are open? I wrote a little script that runs as cronjob and uses lsof to count all open files owned by the cyrus user: #!/bin/sh PATH="/bin:/sbin:/usr/bin:/usr/sbin:/opt/bin" time=`date +"%Y-%m-%d %H:%M:%S"` num=`lsof -b 2>/dev/null |awk '($3 ~ /cyrus/){print $NF}' |wc -l` numu=`lsof -b 2>/dev/null |awk '($3 ~ /cyrus/){print $NF}' |sort -u |wc -l` echo "$time\t$num\t$numu" >>/var/log/cyrus_lsof.log The first column is the number of all open files (with duplicates) and the second is the number of unique files. 2005-02-21 11:00:0015218 872 2005-02-21 12:00:0014076 856 2005-02-21 13:00:0013968 844 2005-02-21 14:00:0014659 897 2005-02-21 15:00:0014005 849 2005-02-21 16:00:0015200 903 2005-02-21 17:00:0114857 920 2005-02-21 18:00:0014477 886 2005-02-21 19:00:0012984 789 2005-02-21 20:00:0011976 590 2005-02-21 21:00:0011944 635 2005-02-21 22:00:0111766 638 2005-02-21 23:00:0111798 619 2005-02-22 00:00:0011562 625 2005-02-22 01:00:0011726 631 2005-02-22 02:00:0011831 636 2005-02-22 03:00:0011771 647 2005-02-22 04:00:0011688 648 2005-02-22 05:00:0011527 643 2005-02-22 06:00:0011664 650 2005-02-22 07:00:0011300 638 2005-02-22 08:00:0012239 697 2005-02-22 09:00:0013860 805 2005-02-22 10:00:0014870 878 2005-02-22 11:00:0015528 931 2005-02-22 12:00:0016705 972 2005-02-22 13:00:0013883 828 2005-02-22 14:00:00 6414 467 2005-02-22 15:00:01141221015 2005-02-22 16:00:0014164 710 2005-02-22 17:00:0013840 785 2005-02-22 18:00:0113869 838 2005-02-22 19:00:0012477 747 2005-02-22 20:00:0111836 607 2005-02-22 21:00:0011217 607 2005-02-22 22:00:0011480 638 2005-02-22 23:00:0011254 616 2005-02-23 00:00:0011074 609 2005-02-23 01:00:0011070 609 2005-02-23 02:00:0011062 618 2005-02-23 03:00:0011062 621 2005-02-23 04:00:0011132 631 2005-02-23 05:00:0010784 619 2005-02-23 06:00:0010859 622 2005-02-23 07:00:0011209 630 2005-02-23 08:00:0011959 669 2005-02-23 09:00:0013560 770 2005-02-23 10:00:0015097 843 2005-02-23 11:00:0015658 927 2005-02-23 12:00:0014674 890 2005-02-23 13:00:0013262 824 2005-02-23 14:00:0014485 872 2005-02-23 15:00:0013718 841 2005-02-23 16:00:0013639 803 2005-02-23 17:00:0013939 819 2005-02-23 18:00:0013458 841 2005-02-23 19:00:0011805 743 2005-02-23 20:00:0011488 594 2005-02-23 21:00:0011770 659 2005-02-23 22:00:0011527 674 2005-02-23 23:00:0011625 672 2005-02-24 00:00:0111085 649 2005-02-24 01:00:0110931 635 2005-02-24 02:00:0010964 637 2005-02-24 03:00:0010962 635 2005-02-24 04:00:0010947 646 2005-02-24 05:00:0011075 654 2005-02-24 06:00:0011013 658 2005-02-24 07:00:00 9661 687 2005-02-24 08:00:0010424 712 2005-02-24 09:00:0112472 849 2005-02-24 10:00:0013810 978 2005-02-24 11:00:01147031060 I'm waiting until Cyrus begins to complain about too many open files. The process that complains is lmtpunix but the core files are from imapd. Regards, Bernd --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Postfix+Cyrus - Blank message-id: header results in bounced
Matt Goebel wrote: Henrique de Moraes Holschuh said: On Thu, 24 Feb 2005, Matt Goebel wrote: How would I go about telling postix to insert a message-id if one is not there? It DOESN'T do that now. With Postfix+Dovecot I get the message It must, AFAIK. BTW, a broken message-id is not the same as no message-id. If the message-id header is there but empty (or broken), postfix won't replace it AFAIK. That's the problem. The message-id header is there but blank. It's clearly a broken client (Lotus Notes) that's doing it. Unfortunetly I have no control over users outside my domain and I have to support messages from them. There's a easy way to reproduce/test this without using lotus notes: "sendmail -i [EMAIL PROTECTED] < email.txt" where "email.txt" contains: Subject: Mail Delivery Problem Test To: [EMAIL PROTECTED] Cc: From: [EMAIL PROTECTED] Date: 22-Feb-2005 09:21:51 tPST Message-ID: MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Actually I tested with sendmail and cyrus accepts it without problems, I'm using the cyrus from debian testing (2.1.17) and delivery works fine. 'sendmail' is actually the postfix 'sendmail' command and it delivers happily to lmtpd without any problems. What version are you using ? any patches applied ? mitu --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html