Re: expected release date for cyrus-imapd-2.3.4?
Yes I'm looking for Bug# 2806, mupdate process fix. I have checked Bugzilla and its says this has been fixed, so I'm just waiting for the release which contains this bug fix. Thanks KMK --- Ken Murchison [EMAIL PROTECTED] wrote: Khalid Mehmood wrote: What is the expected release date of cyrus-imapd-2.3.4? Hadn't even thought about it? Is there a particular fix that you are looking for? -- Kenneth Murchison Systems Programmer Project Cyrus Developer/Maintainer Carnegie Mellon University __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Restoring Mailboxes
Am Mittwoch, 19. April 2006 18:27 schrieb Andrew Morgan: On Wed, 19 Apr 2006, Dr. Harry Knitter wrote: Am Mittwoch, 19. April 2006 15:27 schrieb [EMAIL PROTECTED]: Hello, we have a problem to restore Cyrus mailboxes from an installation of SuSE 9.2 which we want to transfer do a SuSE 10.0 installation. We have backuped the directories /var/lib/imap and /var/spool/imap and copied them to the new installation. after restarting Cyrus syslog was flooded with messages snip Seems you have a mismatch in version numbers between your old Berkeley DB4 installation and your new installation. The problem is that your old .db files (in db4.xx) is not compatible with your new Berkeley installation. Albeit cumbersome you can fix it if you still have the old server available where you need to run cvt_cyrusdb on each file being stored in Berkeley database format. The easiest way to find those files is probably just to run a find /var/lib/imap |xargs file|grep -i berkeley And then manually convert those files to flat format doing: cvt_cyrusdb /your/berkeley_db4.db berkeley /your/berkeley_flatfile flat Then copy the files to your new installation and covert them back to Berkeley with your new berkeley db4 format (cumbersome but needed step) Good luck, Best regards, Jesper K. Pedersen Doesn´t sound very good. The old server does not exist anymore. On the other side I have a server that was upgraded and seems to use the old file format. How can I find out what version of Berkeley DB this cyrus is using? Or are there any tools to do this without cyrus? You could also try deleting the files in the configdirectory/db/ directory (make a copy to be safe). Those are the transaction logs, etc, for BerkeleyDB and skiplist. They should be safe to delete because the actual information is in the mailboxes.db file. Andy Could you please give me a hint what you mean with configdirectory? In my case (SuSE 10.0 as well as 9.2) I found a subdirectory db in /var/lib/imap the directory where the database seems to be located. There is a directory deliverdb with a subdirectory db in the same place. As having copied the whole directory /var/lib/imap including subdirectories from the old installation to the new one I cant´t imagine that these old directories are the cause of a changed Berkeley DB version. Regards Harry Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
What is the correct mailbox delivery action in 2.3.3-2
Ken, Using Internal namespaces and 2.3.3-2 gives following results. If I create user.jbasile and NO INBOX, I can deliver an email and it appears at user.jbasile If I then create user.jbasile.INBOX, I can deliver an email and it appears at user.jbasile, not at the INBOX Mailbox is user.jbasile (\HasChildren) user.jbasile.Draft (\HasNoChildren) user.jbasile.INBOX (\HasNoChildren) user.jbasile.Sent (\HasNoChildren) user.jbasile.Trash (\HasNoChildren) The ACL being set is user.jbasile: jbasile lrswipkxtecda cyrus lrswipkxtecda user.jbasile.Draft: jbasile lrswipkxtecda cyrus lrswipkxtecda user.jbasile.INBOX: jbasile lrswipkxtecda cyrus lrswipkxtecda user.jbasile.Sent: jbasile lrswipkxtecda cyrus lrswipkxtecda user.jbasile.Trash: jbasile lrswipkxtecda cyrus lrswipkxtecda What should happen ? Also, If I want to deliver mail to a submailbox directly, is this possible ? Thanks John Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Skiplist vs Berkley db
Marc G. Fournier wrote: On Wed, 19 Apr 2006, John Hampton wrote: barsalou wrote: What I was wondering iscan someone help list the pro's and cons of skiplist and Bdb? I found the following link to be very helpful http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/WhatDatabaseBackend 'k, just read this, thx ... first question I have is what is /var/spool/imap/db? mboxlist? nothing else on that page appears appropriate, but just want to make sure ... AFAIK, there is no such thing as /var/spool/imap/db (not in the IMAP spool). There will be something like /var/imap/db (in configdir), which is the BDB environment directory. -- Kenneth Murchison Systems Programmer Project Cyrus Developer/Maintainer Carnegie Mellon University Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: does xfer require murder?
Perry Brown wrote:
Thanks for the imtest idea.
It looks like I can log in OK.
server1.sub1% /opt/mail/cyrus-imapd/bin/imtest -m login -p imap
server2.sub2.domain.com
Force imtest to use one of the SASL mechanisms that are listed. The
backends *only* use SASL, not protocol specific login commands (IMAP
LOGIN, POP3 USER/PASS, NNTP AUTHINFO USER/PASS).
S: * OK server2.sub2.domain.com Cyrus IMAP4 v2.2.8 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR LISTEXT
LIST-SUBSCRIBED X-NETSCAPE
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN cyrus {8}
S: + go ahead
C: omitted
S: L01 OK User logged in
Authenticated.
Security strength factor: 0
CAPABILITY
* BAD Invalid tag
LIST
* BAD Invalid tag
list
* BAD Invalid tag
It looks like the cyrus account gets authenticated OK.
Andrew Morgan wrote:
On Wed, 19 Apr 2006, Ken Murchison wrote:
Perry Brown wrote:
Here is what my imapd.conf looks like:
defaultpartition: imap1
configdirectory: /var/imap
partition-imap1: /var/spool/imap1
admins: cyrus support
srvtab: /var/imap/srvtab
quotawarn: 85
popminpoll: 0
autocreatequota: 3
sasl_pwcheck_method: saslauthd
lmtp_over_quota_perm_failure: 1
allowusermoves:yes
proxy_authname: cyrus
proxy_password: password
proxyservers: cyrus
Just tested XFER on 2.2.13 and it works fine. Your problem is that
you've specified the password for a machine named 'proxy'.
Presumably, you want:
server1_password: password
server2_password: password
on the respective machines
I have a test murder environment running with v2.2.12. I've been
using proxy_authname and proxy_password on my frontend server just
fine. The man page says that those parameters set the defaults for
connecting to a backend, but they an be overridden with hostname
specific versions.
Hmm. You're right. Then I'd try using imtest to connect to the
backends using the proxy_authname and proxy_password to see what its
complains about.
--
Kenneth Murchison
Systems Programmer
Project Cyrus Developer/Maintainer
Carnegie Mellon University
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
--
Kenneth Murchison
Systems Programmer
Project Cyrus Developer/Maintainer
Carnegie Mellon University
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Skiplist vs Berkley db
John Hampton wrote: barsalou wrote: What I was wondering iscan someone help list the pro's and cons of skiplist and Bdb? I found the following link to be very helpful http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/WhatDatabaseBackend Yes, this is a good place to look. One thing that isn't on that page yet is berkeley_hash and berkeley_hash_nosync. These use hash tables instead of btrees. They have the same properties and use cases, but the hash table versions seem to have solved some locking issues that we were seeing at CMU. -- Kenneth Murchison Systems Programmer Project Cyrus Developer/Maintainer Carnegie Mellon University Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Move from one server with 2.1.11 to another server with 2.2.12
I did not see a reply to Martijn's inquiry. I am particularly interested in question #2and #4 below, but in my case it's on a Solaris 5.8 (Cyrus 2.1.11) platform migrating to Linux AS 3.0 (Cyrus 2.2.12). 2.1.11 does not have the xfer command, 2.2.12 does. Which release of 2.1.XX was the 'xfer' command introduced? I did find it beginning in 2.2.3 (non-beta/alpha), I believe. Do I have to upgrade from 2.1.11 to 2.2.3 to be able to use the 'xfer' function? The Solaris box is being replaced by the Linux box and prefer not to upgrade if possible. Thanks. Bob DateMon, 03 Jan 2005 18:56:11 +0100 To info-cyrus@lists.andrew.cmu.edu FromMartijn [EMAIL PROTECTED] Reply-To: Martijn [EMAIL PROTECTED] Hello all, I have a old server with Suse 8.2 and Cyrus 2.1.9 and have setup new server with Suse 9.1 and cyrus 2.2.3.Using imapcopy (disabled the seen-flag) I transfered the mailboxes. On the new server folders without messages/contents are not listed with listmailbox nor can I set ACL permissions, cyradm will return the message Mailbox does not exist. Squirrelmail will not list the empty folders. Thunderbird shows the folders in light gray with italic fonts, it is not possible to subscribe to these folders. My questions: 1. Is it possible to recover these folders/rights? when not: 2. Can I use the xfer/xfermailbox cyradm command to move the mailboxes from 2.1.9 to 2.2.3? when this is also not possible: 3. How to upgrade using the exist mailbox? I had a look at the /doc/install-upgrade.html doc but the section upgrading from 2.1.x all wasn't to clear to me. I think it is use full to upgrade the db since skiplist is faster. There are files in the /var/spool/imap/ folder and mailbox.db in /var/lib/imap/ is do I only need to upgrade the mailboxes.db? at last: 4. It would possible to do the tranfser again with the imapsynch script. But will it work with cyrus version 2.2.3? Thank you in advance for any pointers they are appreciated since this is fairly new to me. Martijn Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Sieve script for a shared mailbox
Create a sieve script for a user mailbox is simple. But I want to create a sieve script for a shared mailbox (seen by a users group). A user foo has a mailbox /var/spool/cyrus/f/user/foo/ and sieve /var/spool/sieve/f/foo/ . But a shared mailbox [EMAIL PROTECTED] has a /var/spool/cyrus/i/info but no sieve. How to create a sieve script for a shared mailbox ? The link http://www.cyrusoft.com/sieve/ is dead. Version: Cyrus 2.1.18 Debian 3.1 Sarge with Postfix. Thanks -- Etienne ETOURNAY ALIXEN tel: 01 69 85 24 13 fax: 01 69 85 24 10 Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Restoring Mailboxes
On Thu, 20 Apr 2006, Dr. Harry Knitter wrote: Could you please give me a hint what you mean with configdirectory? In my case (SuSE 10.0 as well as 9.2) I found a subdirectory db in /var/lib/imap the directory where the database seems to be located. There is a directory deliverdb with a subdirectory db in the same place. As having copied the whole directory /var/lib/imap including subdirectories from the old installation to the new one I cant´t imagine that these old directories are the cause of a changed Berkeley DB version. In your /etc/imapd.conf, something like: # Configuration directory configdirectory: /var/spool/cyrus/config The db subdirectory under the configdirectory holds some transaction log type stuff. I've had trouble in the past with changing versions unless I clean out that directory first. Andy Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: What is the correct mailbox delivery action in 2.3.3-2
On Thu, 20 Apr 2006, John Basile wrote: Ken, Using Internal namespaces and 2.3.3-2 gives following results. If I create user.jbasile and NO INBOX, I can deliver an email and it appears at user.jbasile If I then create user.jbasile.INBOX, I can deliver an email and it appears at user.jbasile, not at the INBOX Mailbox is user.jbasile (\HasChildren) user.jbasile.Draft (\HasNoChildren) user.jbasile.INBOX (\HasNoChildren) user.jbasile.Sent (\HasNoChildren) user.jbasile.Trash (\HasNoChildren) The ACL being set is user.jbasile: jbasile lrswipkxtecda cyrus lrswipkxtecda user.jbasile.Draft: jbasile lrswipkxtecda cyrus lrswipkxtecda user.jbasile.INBOX: jbasile lrswipkxtecda cyrus lrswipkxtecda user.jbasile.Sent: jbasile lrswipkxtecda cyrus lrswipkxtecda user.jbasile.Trash: jbasile lrswipkxtecda cyrus lrswipkxtecda What should happen ? Uhh, user.jbasile *is* the INBOX. When an imap client connects to cyrus and requests INBOX (a reserved name in IMAP), cyrus shows them the contents of user.jbasile. There is no reason to create a subfolder named INBOX, and I wonder what problems that might create to confuse imap clients. Andy Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve script for a shared mailbox
On Thu, Apr 20, 2006 at 06:06:21PM +0200, Etienne ETOURNAY wrote: Create a sieve script for a user mailbox is simple. But I want to create a sieve script for a shared mailbox (seen by a users group). A user foo has a mailbox /var/spool/cyrus/f/user/foo/ and sieve /var/spool/sieve/f/foo/ . But a shared mailbox [EMAIL PROTECTED] has a /var/spool/cyrus/i/info but no sieve. How to create a sieve script for a shared mailbox ? The link http://www.cyrusoft.com/sieve/ is dead. Version: Cyrus 2.1.18 Debian 3.1 Sarge with Postfix. If I remember correctly, this was just implemented in 2.2.13, released a few days ago. Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Restoring Mailboxes
Am Donnerstag, 20. April 2006 18:31 schrieb Andrew Morgan: On Thu, 20 Apr 2006, Dr. Harry Knitter wrote: Could you please give me a hint what you mean with configdirectory? In my case (SuSE 10.0 as well as 9.2) I found a subdirectory db in /var/lib/imap the directory where the database seems to be located. There is a directory deliverdb with a subdirectory db in the same place. As having copied the whole directory /var/lib/imap including subdirectories from the old installation to the new one I cant´t imagine that these old directories are the cause of a changed Berkeley DB version. In your /etc/imapd.conf, something like: # Configuration directory configdirectory: /var/spool/cyrus/config The db subdirectory under the configdirectory holds some transaction log type stuff. I've had trouble in the past with changing versions unless I clean out that directory first. Andy I´ll try that. However I can´t believe that this might be the cause. Also the directory /var/spool/imap was completely transferred to the new installation. If there were informations concerning dtabase version in this directory these informations would tell cyrus the type of the backuped data. So why should this not work? Harry PGP key-ID 8A0657DB Fingerprint AE7B 61F1 ACC2 5944 A29A 8C31 2D12 2190 8A06 57DB Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Skiplist vs Berkley db
On Thu, 20 Apr 2006, Ken Murchison wrote: Marc G. Fournier wrote: On Wed, 19 Apr 2006, John Hampton wrote: barsalou wrote: What I was wondering iscan someone help list the pro's and cons of skiplist and Bdb? I found the following link to be very helpful http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/WhatDatabaseBackend 'k, just read this, thx ... first question I have is what is /var/spool/imap/db? mboxlist? nothing else on that page appears appropriate, but just want to make sure ... AFAIK, there is no such thing as /var/spool/imap/db (not in the IMAP spool). There will be something like /var/imap/db (in configdir), which is the BDB environment directory. I have my imapd.conf file setup to point to /var/spool/imap ... not sure why I did this, but I've had it like this forever now ... same as the default /var/imap ... So, based on the above ... if I were to switch *everything* to skiplist, then that directory would go away? Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email: [EMAIL PROTECTED] Yahoo!: yscrappy ICQ: 7615664 Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Skiplist vs Berkley db
Marc G. Fournier wrote: On Thu, 20 Apr 2006, Ken Murchison wrote: Marc G. Fournier wrote: On Wed, 19 Apr 2006, John Hampton wrote: barsalou wrote: What I was wondering iscan someone help list the pro's and cons of skiplist and Bdb? I found the following link to be very helpful http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/WhatDatabaseBackend 'k, just read this, thx ... first question I have is what is /var/spool/imap/db? mboxlist? nothing else on that page appears appropriate, but just want to make sure ... AFAIK, there is no such thing as /var/spool/imap/db (not in the IMAP spool). There will be something like /var/imap/db (in configdir), which is the BDB environment directory. I have my imapd.conf file setup to point to /var/spool/imap ... not sure why I did this, but I've had it like this forever now ... same as the default /var/imap ... So, based on the above ... if I were to switch *everything* to skiplist, then that directory would go away? It wouldn't go away by itself, but you could remove it. -- Kenneth Murchison Systems Programmer Project Cyrus Developer/Maintainer Carnegie Mellon University Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Skiplist vs Berkley db
On Thu, 20 Apr 2006, Ken Murchison wrote: Marc G. Fournier wrote: On Thu, 20 Apr 2006, Ken Murchison wrote: Marc G. Fournier wrote: On Wed, 19 Apr 2006, John Hampton wrote: barsalou wrote: What I was wondering iscan someone help list the pro's and cons of skiplist and Bdb? I found the following link to be very helpful http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/WhatDatabaseBackend 'k, just read this, thx ... first question I have is what is /var/spool/imap/db? mboxlist? nothing else on that page appears appropriate, but just want to make sure ... AFAIK, there is no such thing as /var/spool/imap/db (not in the IMAP spool). There will be something like /var/imap/db (in configdir), which is the BDB environment directory. I have my imapd.conf file setup to point to /var/spool/imap ... not sure why I did this, but I've had it like this forever now ... same as the default /var/imap ... So, based on the above ... if I were to switch *everything* to skiplist, then that directory would go away? It wouldn't go away by itself, but you could remove it. 'k ... just to make sure that I fully understand though ... as long as I use Berkeley DB for *anything*, that directory needs to exist ... ? For instance, if duplicate_db == db3? Basically, I'm going to look at switching over to using the configuration recommended on the WhatDatabaseBackend page, which means using berkeley(_nosync) ... Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email: [EMAIL PROTECTED] Yahoo!: yscrappy ICQ: 7615664 Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Restoring Mailboxes
Am Mittwoch, 19. April 2006 18:27 schrieb Andrew Morgan: You could also try deleting the files in the configdirectory/db/ directory (make a copy to be safe). Those are the transaction logs, etc, for BerkeleyDB and skiplist. They should be safe to delete because the actual information is in the mailboxes.db file. Andy Hello Andy, your tip was worth gold. It works. I have tried it and have back my old mailboxes. Excuse my scepticism. Thousand thanks to you Harry Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: does xfer require murder?
Perry Brown wrote:
Thanks for the imtest idea.
It looks like I can log in OK.
server1.sub1% /opt/mail/cyrus-imapd/bin/imtest -m login -p imap
server2.sub2.domain.com
Force imtest to use one of the SASL mechanisms that are listed. The
backends *only* use SASL, not protocol specific login commands (IMAP LOGIN,
POP3 USER/PASS, NNTP AUTHINFO USER/PASS).
I'm sorry I got my dounce cap on today or something.
Should I change the -m login to -m and one of the AUTH= values from the
CAPABILITY output?
ie -m GSSAPI? or digest-md5 etc...
I gave this a try with GSSAPI, and got nothing.
digest-md5,
server1.sub1% /opt/mail/cyrus-imapd/bin/imtest -m digest-md5
WARNING: no hostname supplied, assuming localhost
S: * OK server1.sub1.domain.com Cyrus IMAP4 v2.2.8 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY
SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=GSSAPI
AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR LISTEXT LIST-SUBSCRIBED X-NETSCAPE
S: C01 OK Completed
C: A01 AUTHENTICATE DIGEST-MD5
S:
wkrnfjknf (etc list of characters)
Please enter your password: (I enter passwd for cyrus)
C: dXNlcm5h (another long list of characters)
S: A01 NO user not found
Authentication failed. generic failure
Security strength factor: 128
This is what I see in local6.log on server1.sub1
Apr 20 11:04:32 server1 imap[17729]: accepted connection
Apr 20 11:04:38 server1 imap[17729]: badlogin: localhost.localdomain
[127.0.0.1] DIGEST-MD5 [SASL(-13): user not found: no secret in database]
This is in the auth.log
Apr 20 11:06:26 server1 imap[15971]: unable to open Berkeley db
/etc/sasldb2: No such file or directory
Apr 20 11:06:26 server1 imap[15971]: unable to open Berkeley db
/etc/sasldb2: No such file or directory
Apr 20 11:06:26 server1 imap[15971]: no secret in database
cram-md5 got me pretty much the same thing.
Is there a cyrus or sasl command I should/can run to get the auth for
digest-md5 working?
Perry
S: * OK server2.sub2.domain.com Cyrus IMAP4 v2.2.8 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY
SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=GSSAPI
AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR LISTEXT LIST-SUBSCRIBED X-NETSCAPE
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN cyrus {8}
S: + go ahead
C: omitted
S: L01 OK User logged in
Authenticated.
Security strength factor: 0
CAPABILITY
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: mupdate slave master on the same machine?
This is a stupid question i had.I just saw in the documentation Note that you can have the MUPDATE master be one of your frontend machines, just do not configure a slave mupdate process on this machine. excuse me for asking pointless questions :) simon. -- http://www.fastmail.fm - Access your email from home and the web Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Skiplist vs Berkley db
On Thu, 20 Apr 2006, Ken Murchison wrote: Marc G. Fournier wrote: 'k ... just to make sure that I fully understand though ... as long as I use Berkeley DB for *anything*, that directory needs to exist ... ? For instance, if duplicate_db == db3? Yes. I you use BDB for any of the databases, then you will have a configdir/db/ directory. I have only skiplist and quotalegacy backends defined on my v2.2.12 box, and yet I still have the following in configdir/db/: -rw--- 1 cyrus mail16384 Apr 18 11:01 __db.001 -rw--- 1 cyrus mail 663552 Apr 18 11:01 __db.002 -rw--- 1 cyrus mail98304 Apr 18 11:01 __db.003 -rw--- 1 cyrus mail 18563072 Apr 18 11:01 __db.004 -rw--- 1 cyrus mail32768 Apr 18 11:01 __db.005 -rw--- 1 cyrus mail 10485760 Feb 14 00:01 log.01 -rw--- 1 cyrus mail4 Apr 18 11:01 skipstamp It appears that the log.01 is probably leftover from previous BDB days, but the others are obviously being updated regularly during the daily checkpoint of databases. Andy Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Restoring Mailboxes
On Thu, 20 Apr 2006, Dr. Harry Knitter wrote: Am Donnerstag, 20. April 2006 18:31 schrieb Andrew Morgan: On Thu, 20 Apr 2006, Dr. Harry Knitter wrote: Could you please give me a hint what you mean with configdirectory? In my case (SuSE 10.0 as well as 9.2) I found a subdirectory db in /var/lib/imap the directory where the database seems to be located. There is a directory deliverdb with a subdirectory db in the same place. As having copied the whole directory /var/lib/imap including subdirectories from the old installation to the new one I cant´t imagine that these old directories are the cause of a changed Berkeley DB version. In your /etc/imapd.conf, something like: # Configuration directory configdirectory: /var/spool/cyrus/config The db subdirectory under the configdirectory holds some transaction log type stuff. I've had trouble in the past with changing versions unless I clean out that directory first. Andy I´ll try that. However I can´t believe that this might be the cause. Also the directory /var/spool/imap was completely transferred to the new installation. If there were informations concerning dtabase version in this directory these informations would tell cyrus the type of the backuped data. So why should this not work? Supposedly you can migrate from one version of BDB to another, but I've never had any luck unless I dump to a flatfile on the old system and import the flatfile on the new system. Please don't ask me to explain BDB! :) Andy Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: does xfer require murder?
On Thu, 20 Apr 2006, Perry Brown wrote: I'm sorry I got my dounce cap on today or something. Should I change the -m login to -m and one of the AUTH= values from the CAPABILITY output? ie -m GSSAPI? or digest-md5 etc... Maybe -m plain? Andy Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: does xfer require murder?
Perry Brown wrote:
Thanks for the imtest idea.
It looks like I can log in OK.
server1.sub1% /opt/mail/cyrus-imapd/bin/imtest -m login -p imap
server2.sub2.domain.com
Force imtest to use one of the SASL mechanisms that are listed. The
backends *only* use SASL, not protocol specific login commands (IMAP
LOGIN, POP3 USER/PASS, NNTP AUTHINFO USER/PASS).
I'm sorry I got my dounce cap on today or something.
Should I change the -m login to -m and one of the AUTH= values from the
CAPABILITY output?
ie -m GSSAPI? or digest-md5 etc...
Andy Morgan wrote:
Maybe -m plain?
thank you for the suggestion Andy but no luck.
server1.sub1% /opt/mail/cyrus-imapd/bin/imtest -m plain -p imap
WARNING: no hostname supplied, assuming localhost
S: * OK server1.sub1.domain.com Cyrus IMAP4 v2.2.8 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY
SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=GSSAPI
AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR LISTEXT LIST-SUBSCRIBED X-NETSCAPE
S: C01 OK Completed
Please enter your password:
C: A01 AUTHENTICATE PLAIN Y3lyaW1hcABjeXJpbWFwAGpTdXZTMTFz
S: A01 NO no mechanism available
Authentication failed. generic failure
Security strength factor: 0
I gave this a try with GSSAPI, and got nothing.
digest-md5,
server1.sub1% /opt/mail/cyrus-imapd/bin/imtest -m digest-md5
WARNING: no hostname supplied, assuming localhost
S: * OK server1.sub1.domain.com Cyrus IMAP4 v2.2.8 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY
SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=GSSAPI
AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR LISTEXT LIST-SUBSCRIBED X-NETSCAPE
S: C01 OK Completed
C: A01 AUTHENTICATE DIGEST-MD5
S:
wkrnfjknf (etc list of characters)
Please enter your password: (I enter passwd for cyrus)
C: dXNlcm5h (another long list of characters)
S: A01 NO user not found
Authentication failed. generic failure
Security strength factor: 128
This is what I see in local6.log on server1.sub1
Apr 20 11:04:32 server1 imap[17729]: accepted connection
Apr 20 11:04:38 server1 imap[17729]: badlogin: localhost.localdomain
[127.0.0.1] DIGEST-MD5 [SASL(-13): user not found: no secret in database]
This is in the auth.log
Apr 20 11:06:26 server1 imap[15971]: unable to open Berkeley db
/etc/sasldb2: No such file or directory
Apr 20 11:06:26 server1 imap[15971]: unable to open Berkeley db
/etc/sasldb2: No such file or directory
Apr 20 11:06:26 server1 imap[15971]: no secret in database
cram-md5 got me pretty much the same thing.
Is there a cyrus or sasl command I should/can run to get the auth for
digest-md5 working?
Perry
S: * OK server2.sub2.domain.com Cyrus IMAP4 v2.2.8 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR LISTEXT LIST-SUBSCRIBED
X-NETSCAPE
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN cyrus {8}
S: + go ahead
C: omitted
S: L01 OK User logged in
Authenticated.
Security strength factor: 0
CAPABILITY
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: mupdate slave master on the same machine?
On Apr 20, 2006, at 5:16 PM, Andrew Morgan wrote: On Thu, 20 Apr 2006, Patrick Radtke wrote: I'm not sure if its to clear from the documentation (or if its in there) but you can also configure lmtpproxyd on each frontend to query the slave mupdate process on the localhost. On a busy system this can reduce the load on the murder master since lmtpproxyd won't be connecting to it for every incoming email message. How do you do this? I can't find a manpage for lmtpproxyd on my v2.2.12 box. Andy probably isn't a manpage... I think I just read the lmtpd one and assumed they would be similar in Cyrus.conf we have lmtpunixcmd=lmtpproxyd -C /etc/lmtp.conf listen=/var/cyrus/ socket/lmtp prefork=15 maxchild=540 /etc/lmtp.conf is identical to our imapd.conf file except that it has this line (which tell lmtp to connect locally) mupdate_server: localhost we connect locally using plaintext and the 'frontend' user. Then we run mupdate on the same machine with the relevant portions admins: cyrus murder frontend #allowplaintext: no mupdate_server: notdog so on each frontend, mupdate talks to the murder master and then lmtpproxyd talks to the local mupdate. We found this had several benefits: 1. Less load on murder master 2. Faster response for lmtpproxyd queries 3. Easier to keep mail being delivered during a murder master outage (we had 2-3 hosts dedicated to just lmtpproxyd, so during a murder master outage we just run mupdate with the -m on those frontends. This effectively makes the machine think its the master, and makes it 'ready' for connections and allows mail delivery to continue. When murder master has been fixed, we remove the '-m' and it becomes a salve to the real murder master) This worked great until our mail volume got to high, so we switched most of our mail to be sent directly to the backends using sendmail aliases. anyhow, hope that helps someone:) -Patrick Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
preauth with lmtpproxyd
I'm testing out cyrus murder with v2.2.12 and I noticed that lmtpproxyd doesn't seem to support the -a (preauth) option that the regular lmtpd does. On my standalone cyrus system, I use lmtpd -a to accept mail from our campus mail relays running postfix, and I use tcpwrappers to block all connections except the mail relays. I attempted to use a similar configuration on my test frontend server running lmtpproxyd, but the -a option is not supported. Am I going about this wrong? Is there a different or better way to accept mail over the network using lmtp in a murder? Thanks, Andy Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: does xfer require murder?
You need to use tls as well for PLAIN to work. add -t to your
arguments
What mechanism do you want to use for connecting between backends? If
its PLAIN then you want
force_sasl_client_mech: PLAIN
in your imapd.conf file.
Otherwise, the machines will see GSSAPI advertised and will try using
that.
-Patrick
On Apr 20, 2006, at 5:19 PM, Perry Brown wrote:
Perry Brown wrote:
Thanks for the imtest idea.
It looks like I can log in OK.
server1.sub1% /opt/mail/cyrus-imapd/bin/imtest -m login -p imap
server2.sub2.domain.com
Force imtest to use one of the SASL mechanisms that are listed.
The backends *only* use SASL, not protocol specific login
commands (IMAP LOGIN, POP3 USER/PASS, NNTP AUTHINFO USER/PASS).
I'm sorry I got my dounce cap on today or something.
Should I change the -m login to -m and one of the AUTH= values
from the CAPABILITY output?
ie -m GSSAPI? or digest-md5 etc...
Andy Morgan wrote:
Maybe -m plain?
thank you for the suggestion Andy but no luck.
server1.sub1% /opt/mail/cyrus-imapd/bin/imtest -m plain -p imap
WARNING: no hostname supplied, assuming localhost
S: * OK server1.sub1.domain.com Cyrus IMAP4 v2.2.8 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-
REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN
MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES
ANNOTATEMORE IDLE AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR
LISTEXT LIST-SUBSCRIBED X-NETSCAPE
S: C01 OK Completed
Please enter your password:
C: A01 AUTHENTICATE PLAIN Y3lyaW1hcABjeXJpbWFwAGpTdXZTMTFz
S: A01 NO no mechanism available
Authentication failed. generic failure
Security strength factor: 0
I gave this a try with GSSAPI, and got nothing.
digest-md5,
server1.sub1% /opt/mail/cyrus-imapd/bin/imtest -m digest-md5
WARNING: no hostname supplied, assuming localhost
S: * OK server1.sub1.domain.com Cyrus IMAP4 v2.2.8 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-
REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN
MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES
ANNOTATEMORE IDLE AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-
IR LISTEXT LIST-SUBSCRIBED X-NETSCAPE
S: C01 OK Completed
C: A01 AUTHENTICATE DIGEST-MD5
S:
wkrnfjknf (etc list of characters)
Please enter your password: (I enter passwd for cyrus)
C: dXNlcm5h (another long list of characters)
S: A01 NO user not found
Authentication failed. generic failure
Security strength factor: 128
This is what I see in local6.log on server1.sub1
Apr 20 11:04:32 server1 imap[17729]: accepted connection
Apr 20 11:04:38 server1 imap[17729]: badlogin:
localhost.localdomain [127.0.0.1] DIGEST-MD5 [SASL(-13): user not
found: no secret in database]
This is in the auth.log
Apr 20 11:06:26 server1 imap[15971]: unable to open Berkeley db /
etc/sasldb2: No such file or directory
Apr 20 11:06:26 server1 imap[15971]: unable to open Berkeley db /
etc/sasldb2: No such file or directory
Apr 20 11:06:26 server1 imap[15971]: no secret in database
cram-md5 got me pretty much the same thing.
Is there a cyrus or sasl command I should/can run to get the auth
for digest-md5 working?
Perry
S: * OK server2.sub2.domain.com Cyrus IMAP4 v2.2.8 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-
REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT
CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT
THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=GSSAPI AUTH=DIGEST-MD5
AUTH=CRAM-MD5 SASL-IR LISTEXT LIST-SUBSCRIBED X-NETSCAPE
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN cyrus {8}
S: + go ahead
C: omitted
S: L01 OK User logged in
Authenticated.
Security strength factor: 0
CAPABILITY
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: does xfer require murder?
I tried with plain: /opt/mail/cyrus-imapd/bin/imtest -m plain -p imap And it got rejected. C: A01 AUTHENTICATE PLAIN Y3lyaW1hcABjeXJpbWFwAGpTdXZTMTFz S: A01 NO no mechanism available Authentication failed. generic failure Security strength factor: 0 I can not find a tls conf file so I do not thing starttls is set up. I added the entry mentioned to imapd.conf $ cat /etc/imapd.conf defaultpartition: imap1 configdirectory: /var/imap partition-imap1: /var/spool/imap1 admins: cyrus support srvtab: /var/imap/srvtab quotawarn: 85 popminpoll: 0 autocreatequota: 3 sasl_pwcheck_method: saslauthd lmtp_over_quota_perm_failure: 1 allowusermoves: yes proxy_authname: cyrus proxy_password: password force_sasl_client_mech: PLAIN And it gets things furthur along then before $ sudo /opt/mail/cyrus-imapd/bin/cyradm --user cyrus --server server1 --auth PLAIN domain.com authorized use only. [EMAIL PROTECTED] Password: Password: IMAP Password: server1.sub1.domain.com server1.sub1.domain.com xfer user.vbperry server2.sub2.domain.com xfermailbox: Server(s) unavailable to complete operation log on source: Apr 20 17:42:05 server1 imap[1458]: accepted connection Apr 20 17:42:07 server1 imap[1458]: badlogin: server1.ssub1.domain.com [10.12.12.12] PLAIN [SASL(-4): no mechanism available: security flags do not match required] Apr 20 17:42:14 server1 imap[1458]: login: server1.sub1.domain.com [10.12.12.12] cyrus plaintext User logged in Apr 20 17:42:41 server1 master[27630]: process 32354 exited, status 0 Apr 20 17:42:41 server1 master[2161]: about to exec /opt/mail/cyrus-imapd/bin/imapd Apr 20 17:42:41 server1 imap[2161]: executed Apr 20 17:42:55 server1 imap[1458]: couldn't authenticate to backend server: authentication failure Apr 20 17:42:55 server1 imap[1458]: Could not move mailbox: user.vbperry, Initial backend connect failed But I'm now at least seeing something on the destination server: Apr 20 17:42:52 server2 imap[24375]: badlogin: server1.sub1.domain.com [10.12.12.12] PLAIN [SASL(-4): no mechanism available: security flags do not match required] If I can take a step back (sorry I'm trying to decipher how the previous admin had things set up in the environment). The document on how this was set up states. cyrus-sasl was config'ed with ./configure --prefix=/opt/mail/cyrus-sasl \ --enable-login --enable-plain --enable-cram \ --enable-digest --with-bdb-incdir=/usr/include/db4 \ --with-pam --enable-static=yes --enable-sample \ --disable-java --disable-otp --disable-krb4 \ --with-plugindir=/opt/mail/cyrus-sasl/lib/sasl2 The cyrus-sasl cyrus.conf states: srvtab: /var/imap/srvtab seems I could remove this since kerberos is disabled above. pwcheck_method: saslauthd saslauthd is started in with pam support: root 2060 0.0 0.0 2564 1036 ?SApr14 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam There is /etc/pam.d/imap and pop3 with the following content.. #%PAM-1.0 auth required /lib/security/pam_stack.so service=system-auth accountrequired /lib/security/pam_stack.so service=system-auth Cyrus-imap was compiled with (again what is in the notes from install from previoys admin) CFLAGS=-I/usr/kerberos/include ./configure --prefix=/opt/mail/cyrus-imapd \ --with-cyrus-prefix=/opt/mail/cyrus-imapd \ --with-cyrus-user=cyrimap \ --with-cyrus-group=mail \ --with-bdb-incdir=/usr/include/db4 \ --build=i686-pc-linux-gnu \ --with-sasl=/opt/mail/cyrus-sasl \ --with-auth=unix \ --enable-netscapehack \ --enable-listext \ --with-perl=/opt/third-party/bin/perl \ --disable-murder I can run a testsaslauthd and it works fine to the local host server1.sub1% /usr/sbin/testsaslauthd -u cyrus -p password -R 3 0: OK Success. 1: OK Success. 2: OK Success. It seems I do not need to have a realm defined because we are using pam. and if I do a sasldbpasswd2 it says /etc/sasldb2 does not exist. This not seem to be the problem though since saslauthd is using pam. yes? When I login into cyradm again locally with --auth plain I can do commands like listmailbox and such. I can't seem to be able to run info I just go back to the prompt on that one. What should my security flags be? What am I missing? Thank you perry You need to use tls as well for PLAIN to work. add -t to your arguments What mechanism do you want to use for connecting between backends? If its PLAIN then you want force_sasl_client_mech: PLAIN in your imapd.conf file. Otherwise, the machines will see GSSAPI advertised and will try using that. -Patrick On Apr 20, 2006, at 5:19 PM, Perry Brown wrote: Perry Brown wrote: Thanks for the imtest idea. It looks like I can log in OK. server1.sub1% /opt/mail/cyrus-imapd/bin/imtest -m login -p imap server2.sub2.domain.com Force imtest to use one of the SASL mechanisms that are listed. The backends *only* use SASL, not protocol specific login
