Re: High availability email server...
Well, as far as I know, the mailboxes.db and other databases are only opened and modified by the master process. But I'm not sure here. But as your assumption sounds correct and because this seems to work with cluster (and I fully believe you here, no question), your assumption regarding the DBs somewhat must be correct. Thanks! I would be glad if some list member who has in depth knowledge here could comment! Best, Daniel Andrew Morgan schrieb: On Tue, 1 Aug 2006, Daniel Eckl wrote: Well, I don't have cluster knowledge, and so of course I simply believe you that a good cluster system will never have file locking problems. I already stated this below! But how will the cluster affect application level database locking? That was my primary question and you didn't name this at all. A database file which is in use is practically always inconsistent until it's being closed by the database application. That's why databases can be corrupt after an application crash and have to be reconstructed. When you have two applications changing the same database file, you have a never ending fight, because every application thinks, the database is inconsistent, but it's just in use by another application. And every app will try to reconstruct it and so break it for the other app(s). It's like letting two cyrus master run on the same single node! It will break in my opinion. Can you shed some light on this subject? I think the point here is that the situation you describe already occurs all the time on a stand-alone Cyrus server. There are multiple imapd processes accessing the mailboxes.db database concurrently. If you are using Berkeley DB, it has an API to manage concurrent access. I assume the same is true of skiplist and the other backend formats. I don't know enough about the Berkeley DB internals to explain how it actually works, but it does. :) Andy Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sendmail or cyrus question... not sure
Hi, --On 1. August 2006 17:48:20 -0400 Chris Mattingly <[EMAIL PROTECTED]> wrote: Please send me over to a sendmail list if this question would be better suited over there, but I'm hoping to get some help here. :) I'm using sendmail 8.13.1 & cyrus 2.2.12. In my sendmail config, I have set cyrusv2 as my LOCAL_MAILER. What's happening is that mail for any recipient is being accepted by the MTA, failing the lmtp delivery as a non-existent user, then bouncing back to me (postmaster). What's the cleanest way around this problem? Obviously, the solution I'd like is for invalid recipients to get blocked at the "RCPT TO" command. we use virtusertables for that. The setup goes like this: sendmail.mc: ... FEATURE(virtusertable)dnl VIRTUSER_DOMAIN_FILE(`/etc/mail/virtualdomains')dnl ... Then you add all your domains in /etc/mail/virtualdomains (instead of /etc/mail/local-host-names) and put all your users in /etc/mail/virtusertable: [EMAIL PROTECTED] user ... At the the end you put something like this: @domain error:5.1.1:550 User unknown Cheers, Sebastian Hagedorn -- .:.Sebastian Hagedorn - RZKR-R1 (Gebäude 52), Zimmer 18.:. Zentrum für angewandte Informatik - Universitätsweiter Service RRZK .:.Universität zu Köln / Cologne University - Tel. +49-221-478-5587.:. .:.:.:.Skype: shagedorn.:.:.:. pgpqsAuR88VCC.pgp Description: PGP signature Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Only some mailboxes don't accept incoming messages, no error in the logs for this?!
Hello, i am pretty new to cyrus, so excuse my low expertise: We've set up a combination of postfix+sasl+mysql+cyrus. Transport is postfix-lmtp. It is running now flawlessly since about one year, but now, we've got a severe problem: Three of our customers can't get mails. The Mail is transported via postfix and via lmtp. Both logg an "sent=ok", the lmtp-log only contains additionally some errors about missing sieve-files. However i got no sieve configured, so it should be not of interest. What can i look for now? Where could be the error? It seems, that postfix/lmtp delivers the mail and cyrus accepts it, without error. And then the Mail get's lost?! Of course, there is enough diskspace and no high load. Kind regards, Florian ** IMPORTANT: The contents of this email and any attachments are confidential. They are intended for the named recipient(s) only. If you have received this email in error, please notify the system manager or the sender immediately and do not disclose the contents to anyone or make copies thereof. *** eSafe scanned this email for viruses, vandals, and malicious content. *** ** Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Legal cyrus mailbox names?
Hi, I'm trying to figure out what I can actually have as a valid mailbox name in cyrus, due to problems with mail being delivered to the wrong account. I realise I can't have any '.' in the name, but currently mail for user 'jim+test' (who can login just fine) is being delivered to user 'jim' instead. I've also seen people suggesting that mailboxes can be [EMAIL PROTECTED], but I get permission denied whenever I try and create a mailbox in that format. Any suggestions/links to good documentation would be appreciated :) Thanks, Jim [EMAIL PROTECTED] Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Only some mailboxes don't accept incoming messages, no error in the logs for this?!
Last time I had such a problem, the recipient accidentially discarded all mails using a sieve rule. Could this apply to you, too? Can your customers set sieve rules? Perhaps they aren't discarded, but forwarded without storing locally? Best, Daniel Rustedt, Florian schrieb: Hello, i am pretty new to cyrus, so excuse my low expertise: We've set up a combination of postfix+sasl+mysql+cyrus. Transport is postfix-lmtp. It is running now flawlessly since about one year, but now, we've got a severe problem: Three of our customers can't get mails. The Mail is transported via postfix and via lmtp. Both logg an "sent=ok", the lmtp-log only contains additionally some errors about missing sieve-files. However i got no sieve configured, so it should be not of interest. What can i look for now? Where could be the error? It seems, that postfix/lmtp delivers the mail and cyrus accepts it, without error. And then the Mail get's lost?! Of course, there is enough diskspace and no high load. Kind regards, Florian ** IMPORTANT: The contents of this email and any attachments are confidential. They are intended for the named recipient(s) only. If you have received this email in error, please notify the system manager or the sender immediately and do not disclose the contents to anyone or make copies thereof. *** eSafe scanned this email for viruses, vandals, and malicious content. *** ** Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Legal cyrus mailbox names?
James Yale wrote: Hi, I'm trying to figure out what I can actually have as a valid mailbox name in cyrus, due to problems with mail being delivered to the wrong account. I realise I can't have any '.' in the name, but currently mail for user 'jim+test' (who can login just fine) is being delivered to user 'jim' instead. In this case, you'd want to read about subfolder addressing (or plus addressing). I've also seen people suggesting that mailboxes can be [EMAIL PROTECTED], but I get permission denied whenever I try and create a mailbox in that format. You'd want to set up virtual domains to accomplish this. Any suggestions/links to good documentation would be appreciated :) Start with http://cyrusimap.web.cmu.edu/imapd/faq.html since you'll see both of these topics covered. Thanks, Dave Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: unable to login with cyradm
Could someone *please* take a look at this? Joe Harvell wrote: > I used cyradm a long time ago to set up two mailboxes, and now I need to > use it again, but I can't login: > > I am running cyrus-imapd 2.2.12. I know that the latest 2.3 version > supports TLS with cyradm. But I am not ready to upgrade. I just want > to be able to run cyradm from the localhost. Here is what happens when > I enter the cyradm command: > > [EMAIL PROTECTED] ~ $ cyradm --user cyrus --server localhost --port 993 > IMAP Password: > [EMAIL PROTECTED] ~ $ > > > Here is my syslog: > > Jul 31 17:10:13 dingo master[18188]: about to exec /usr/lib/cyrus/imapd > Jul 31 17:10:13 dingo imaps[18188]: executed > Jul 31 17:10:13 dingo imaps[18188]: auxpropfunc error invalid parameter > supplied > Jul 31 17:10:13 dingo imaps[18188]: _sasl_plugin_load failed on > sasl_auxprop_plug_init for plugin: ldapdb > Jul 31 17:10:13 dingo imaps[18188]: sql_select option missing > Jul 31 17:10:13 dingo imaps[18188]: auxpropfunc error no mechanism available > Jul 31 17:10:13 dingo imaps[18188]: _sasl_plugin_load failed on > sasl_auxprop_plug_init for plugin: sql > Jul 31 17:10:13 dingo imaps[18188]: accepted connection > Jul 31 17:10:13 dingo imaps[18188]: imaps TLS negotiation failed: > localhost [127.0.0.1] > Jul 31 17:10:13 dingo imaps[18188]: Fatal error: tls_start_servertls() > failed > Jul 31 17:10:13 dingo master[31124]: process 18188 exited, status 75 > Jul 31 17:10:13 dingo master[31124]: service imaps pid 18188 in BUSY > state: terminated abnormally > > And here is my imapd.conf: > > # $Header: > /var/cvsroot/gentoo-x86/net-mail/cyrus-imapd/files/imapd.conf,v 1.5 2 > 004/08/27 06:02:45 langthang Exp $ > > # Don't forget to use chattr +S (if you are using ext[23]) > # when you change these directories (read the docs). > configdirectory:/var/imap > partition-default: /var/spool/imap > sievedir: /var/imap/sieve > > tls_ca_path:/etc/ssl/certs > tls_cert_file: /etc/ssl/cyrus/dingo.x509.pem > tls_key_file: /etc/ssl/cyrus/dingo.rsakeys.pem > > # Don't use an everyday user as admin. > admins: cyrus > > hashimapspool: yes > allowanonymouslogin:no > allowplaintext: no > > # Allow renaming of top-level mailboxes. > #allowusermoves: yes > > # Use this if sieve-scripts could be in ~user/.sieve. > #sieveusehomedir: yes > > # Use saslauthd if you want to use pam for imap. > # But be warned: login with DIGEST-MD5 or CRAM-MD5 > # is not possible using pam. > sasl_pwcheck_method:saslauthd > > servername: dingo.dogpad.net. > > > ## This is a recommended authentication method if you > ## emerge cyrus-sasl with 'postgres' or 'mysql' > ## To use with mysql database uncomment those lines below. > > #sasl_pwcheck_method: auxprop > #sasl_auxprop_plugin: sql > > ## possible values for sasl_auxprop_plugin 'mysql', 'pgsql', 'sqlite'. > #sasl_sql_engine: mysql > > ## all possible values. > #sasl_mech_list: LOGIN PLAIN CRAM-MD5 DIGEST-MD5 NTLM > ## or limit to CRAM-MD5 only > #sasl_mech_list: CRAM-MD5 > > ## change below to suit your setup. > #sasl_sql_user: mailsqluser > #sasl_sql_passwd: password > #sasl_sql_database: mailsqldb > #sasl_sql_hostnames: localhost > #sasl_sql_select: SELECT clear FROM users WHERE email = '[EMAIL PROTECTED]' > > > Cyrus Home Page: http://asg.web.cmu.edu/cyrus > Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
AW: Re: Only some mailboxes don't accept incoming messages, no error in the logs for this?!
Thanks for the answer, no, my customers don't do sieve. But i resolved my prob now, it was something stupid: We have about 3.000 mailadresses running on our mailboxes and there was an emailadress that had no name in front of the "@", so EVERY email out of the concerned domain was fed into the same mailbox and that was a newly generated one?! So we killed this alias and redelivered all mails from the box to solve this problem. I think, this is closed now, so thank for your help. Sincerely, Florian -Ursprüngliche Nachricht- Von: Daniel Eckl [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 2. August 2006 14:09 An: Rustedt, Florian Cc: 'info-cyrus@lists.andrew.cmu.edu' Betreff: Released from eSafe SPAM quarantine: Re: Only some mailboxes don't accept incoming messages, no error in the logs for this?! Last time I had such a problem, the recipient accidentially discarded all mails using a sieve rule. Could this apply to you, too? Can your customers set sieve rules? Perhaps they aren't discarded, but forwarded without storing locally? Best, Daniel Rustedt, Florian schrieb: > Hello, > > i am pretty new to cyrus, so excuse my low expertise: > We've set up a combination of postfix+sasl+mysql+cyrus. Transport is > postfix-lmtp. > > It is running now flawlessly since about one year, but now, we've got a > severe problem: > Three of our customers can't get mails. The Mail is transported via postfix > and via lmtp. Both logg an "sent=ok", the lmtp-log only contains > additionally some errors about missing sieve-files. However i got no sieve > configured, so it should be not of interest. > > What can i look for now? Where could be the error? > > It seems, that postfix/lmtp delivers the mail and cyrus accepts it, without > error. And then the Mail get's lost?! > > Of course, there is enough diskspace and no high load. > > Kind regards, Florian > ** > IMPORTANT: The contents of this email and any attachments are confidential. They are intended for the > named recipient(s) only. > If you have received this email in error, please notify the system manager or the sender immediately and do > not disclose the contents to anyone or make copies thereof. > *** eSafe scanned this email for viruses, vandals, and malicious content. *** > ** > > > Cyrus Home Page: http://asg.web.cmu.edu/cyrus > Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html ** IMPORTANT: The contents of this email and any attachments are confidential. They are intended for the named recipient(s) only. If you have received this email in error, please notify the system manager or the sender immediately and do not disclose the contents to anyone or make copies thereof. *** eSafe scanned this email for viruses, vandals, and malicious content. *** ** Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: unable to login with cyradm
Hi Joe! Cyradm (or only your cyradm? Dunno...) might not be SSL capable. So either use port 143 to connect or if you have to user IMAPS Port 993, then you could establish an ssl tunnel with stunnel program. Best, Daniel Joe Harvell schrieb: Could someone *please* take a look at this? Joe Harvell wrote: I used cyradm a long time ago to set up two mailboxes, and now I need to use it again, but I can't login: I am running cyrus-imapd 2.2.12. I know that the latest 2.3 version supports TLS with cyradm. But I am not ready to upgrade. I just want to be able to run cyradm from the localhost. Here is what happens when I enter the cyradm command: [EMAIL PROTECTED] ~ $ cyradm --user cyrus --server localhost --port 993 IMAP Password: [EMAIL PROTECTED] ~ $ Here is my syslog: Jul 31 17:10:13 dingo master[18188]: about to exec /usr/lib/cyrus/imapd Jul 31 17:10:13 dingo imaps[18188]: executed Jul 31 17:10:13 dingo imaps[18188]: auxpropfunc error invalid parameter supplied Jul 31 17:10:13 dingo imaps[18188]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb Jul 31 17:10:13 dingo imaps[18188]: sql_select option missing Jul 31 17:10:13 dingo imaps[18188]: auxpropfunc error no mechanism available Jul 31 17:10:13 dingo imaps[18188]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql Jul 31 17:10:13 dingo imaps[18188]: accepted connection Jul 31 17:10:13 dingo imaps[18188]: imaps TLS negotiation failed: localhost [127.0.0.1] Jul 31 17:10:13 dingo imaps[18188]: Fatal error: tls_start_servertls() failed Jul 31 17:10:13 dingo master[31124]: process 18188 exited, status 75 Jul 31 17:10:13 dingo master[31124]: service imaps pid 18188 in BUSY state: terminated abnormally And here is my imapd.conf: # $Header: /var/cvsroot/gentoo-x86/net-mail/cyrus-imapd/files/imapd.conf,v 1.5 2 004/08/27 06:02:45 langthang Exp $ # Don't forget to use chattr +S (if you are using ext[23]) # when you change these directories (read the docs). configdirectory:/var/imap partition-default: /var/spool/imap sievedir: /var/imap/sieve tls_ca_path:/etc/ssl/certs tls_cert_file: /etc/ssl/cyrus/dingo.x509.pem tls_key_file: /etc/ssl/cyrus/dingo.rsakeys.pem # Don't use an everyday user as admin. admins: cyrus hashimapspool: yes allowanonymouslogin:no allowplaintext: no # Allow renaming of top-level mailboxes. #allowusermoves: yes # Use this if sieve-scripts could be in ~user/.sieve. #sieveusehomedir: yes # Use saslauthd if you want to use pam for imap. # But be warned: login with DIGEST-MD5 or CRAM-MD5 # is not possible using pam. sasl_pwcheck_method:saslauthd servername: dingo.dogpad.net. ## This is a recommended authentication method if you ## emerge cyrus-sasl with 'postgres' or 'mysql' ## To use with mysql database uncomment those lines below. #sasl_pwcheck_method: auxprop #sasl_auxprop_plugin: sql ## possible values for sasl_auxprop_plugin 'mysql', 'pgsql', 'sqlite'. #sasl_sql_engine: mysql ## all possible values. #sasl_mech_list: LOGIN PLAIN CRAM-MD5 DIGEST-MD5 NTLM ## or limit to CRAM-MD5 only #sasl_mech_list: CRAM-MD5 ## change below to suit your setup. #sasl_sql_user: mailsqluser #sasl_sql_passwd: password #sasl_sql_database: mailsqldb #sasl_sql_hostnames: localhost #sasl_sql_select: SELECT clear FROM users WHERE email = '[EMAIL PROTECTED]' Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: unable to login with cyradm
addendum to my info: http://article.gmane.org/gmane.mail.imap.cyrus/824 http://article.gmane.org/gmane.mail.imap.cyrus/21264/ Best, Daniel Daniel Eckl schrieb: Hi Joe! Cyradm (or only your cyradm? Dunno...) might not be SSL capable. So either use port 143 to connect or if you have to user IMAPS Port 993, then you could establish an ssl tunnel with stunnel program. Best, Daniel Joe Harvell schrieb: Could someone *please* take a look at this? Joe Harvell wrote: I used cyradm a long time ago to set up two mailboxes, and now I need to use it again, but I can't login: I am running cyrus-imapd 2.2.12. I know that the latest 2.3 version supports TLS with cyradm. But I am not ready to upgrade. I just want to be able to run cyradm from the localhost. Here is what happens when I enter the cyradm command: [EMAIL PROTECTED] ~ $ cyradm --user cyrus --server localhost --port 993 IMAP Password: [EMAIL PROTECTED] ~ $ Here is my syslog: Jul 31 17:10:13 dingo master[18188]: about to exec /usr/lib/cyrus/imapd Jul 31 17:10:13 dingo imaps[18188]: executed Jul 31 17:10:13 dingo imaps[18188]: auxpropfunc error invalid parameter supplied Jul 31 17:10:13 dingo imaps[18188]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb Jul 31 17:10:13 dingo imaps[18188]: sql_select option missing Jul 31 17:10:13 dingo imaps[18188]: auxpropfunc error no mechanism available Jul 31 17:10:13 dingo imaps[18188]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql Jul 31 17:10:13 dingo imaps[18188]: accepted connection Jul 31 17:10:13 dingo imaps[18188]: imaps TLS negotiation failed: localhost [127.0.0.1] Jul 31 17:10:13 dingo imaps[18188]: Fatal error: tls_start_servertls() failed Jul 31 17:10:13 dingo master[31124]: process 18188 exited, status 75 Jul 31 17:10:13 dingo master[31124]: service imaps pid 18188 in BUSY state: terminated abnormally And here is my imapd.conf: # $Header: /var/cvsroot/gentoo-x86/net-mail/cyrus-imapd/files/imapd.conf,v 1.5 2 004/08/27 06:02:45 langthang Exp $ # Don't forget to use chattr +S (if you are using ext[23]) # when you change these directories (read the docs). configdirectory:/var/imap partition-default: /var/spool/imap sievedir: /var/imap/sieve tls_ca_path:/etc/ssl/certs tls_cert_file: /etc/ssl/cyrus/dingo.x509.pem tls_key_file: /etc/ssl/cyrus/dingo.rsakeys.pem # Don't use an everyday user as admin. admins: cyrus hashimapspool: yes allowanonymouslogin:no allowplaintext: no # Allow renaming of top-level mailboxes. #allowusermoves: yes # Use this if sieve-scripts could be in ~user/.sieve. #sieveusehomedir: yes # Use saslauthd if you want to use pam for imap. # But be warned: login with DIGEST-MD5 or CRAM-MD5 # is not possible using pam. sasl_pwcheck_method:saslauthd servername: dingo.dogpad.net. ## This is a recommended authentication method if you ## emerge cyrus-sasl with 'postgres' or 'mysql' ## To use with mysql database uncomment those lines below. #sasl_pwcheck_method: auxprop #sasl_auxprop_plugin: sql ## possible values for sasl_auxprop_plugin 'mysql', 'pgsql', 'sqlite'. #sasl_sql_engine: mysql ## all possible values. #sasl_mech_list: LOGIN PLAIN CRAM-MD5 DIGEST-MD5 NTLM ## or limit to CRAM-MD5 only #sasl_mech_list: CRAM-MD5 ## change below to suit your setup. #sasl_sql_user: mailsqluser #sasl_sql_passwd: password #sasl_sql_database: mailsqldb #sasl_sql_hostnames: localhost #sasl_sql_select: SELECT clear FROM users WHERE email = '[EMAIL PROTECTED]' Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Good book on Cyrus?
Wesley Craig wrote: On 17 Jul 2006, at 09:59, Forrest Aldrich wrote: Short answer, there are no good books. Managing IMAP is minimally useful - in a basic sense. The one salient chapter happens to be online: http://www.oreilly.com/catalog/mimap/chapter/ch09.html if that helps. However, I contacted O'Reilly about a possible "Nutshell" book, and as I recall the response was there were no plans for anything. And so, we have this large scalable product that doesn't have a good book - it's complex enough that it deserves one. I would think there's a good market fo a Cyrus IMAP book. Did _Managing IMAP_ sell particularly poorly? I along with several current and former CMU folks have talked numerous times about writing a Cyrus book (our preference would be to do it with O'Reilly), but we've never gotten beyond the "it would be a good idea stage). Perhaps if we get a "Cyrus Center" up and running with proper funding, we'd be able to consider authoring a book more seriously. -- Kenneth Murchison Systems Programmer Project Cyrus Developer/Maintainer Carnegie Mellon University Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Proxy Authentication
Hi, We are looking at migrating our current mail store (UWash IMAP) to Cyrus. One of the first things we need to accomplish is to get a proxy in front of our existing servers so that we can start moving mailboxes around to alleviate load issues. 1) Is it possible to configure a Front-end server from the Cyrus Murder to pass the user's authentication on to the Back-end instead of using the proxy_authname/proxy_password? 2) Assuming this is possible, will the Cyrus Front-ends "talk" to a Uwash IMAP store? This would involved manually updating the MUPDATE server with the location of the mailboxes. 3) I am hoping that #1/2 will work. However, if not: Does anyone know of another IMAP proxy that will accept Kerberos V5 (GSSAPI) authentication or tie into the Cyrus SASL for authentication? Thanks, Joshua Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: XFER ACL issue (Was: Replication is broken with modseq issue in 2.3.6)
Wesley Craig wrote: I was tracking a very similar issue with xfer between 2.2 and 2.3.6. xfer'ing vanilla 2.2.12 mailboxes to 2.3.6 seems to work fine, and xfer'ing a 2.3.6 mailbox to 2.2.12 also more or less works (permissions are broken since 2.3.6 blindly uses rfc 4314 ACLs rather than paying attention to whether the target backend supports only legacy ACLs). Wes, I just tested and committed a fix for the XFER 2.3 -> 2,2 ACL issue. -- Kenneth Murchison Systems Programmer Project Cyrus Developer/Maintainer Carnegie Mellon University Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: AW: Re: Only some mailboxes don't accept incoming messages, no error in the logs for this?!
Rustedt, Florian wrote: So we killed this alias and redelivered all mails from the box to solve this problem. May I ask how you did this? Thanks in advance, Rudy Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: SSL certs on proxy pool?
On Tue, 1 Aug 2006, Vincent Fox wrote: Wondering how people deal with SSL certs with multiple frontends? Do you put wildcard certs on the proxies and leave the SSL processing on each unit? Do you use an SSL-aware load-balancer and let it hold a cert for the published hostname and do the heavy lifting? If there's some 3rd way, I'm interested to hear it. I'm not really clear what would happen on a load-balancer with TLS switchovers, doesn't that imply the load-balancer has to be application-aware not just like a hardware version of stunnel? We use a ServerIronXL network load balancer here, with 2 frontends behind it. It just load balances the network ports IMAP, IMAPS, and LMTP between the 2 frontends (no SSL processing on it). We have a cname, imap.onid.oregonstate.edu, which points at the load balancer. The cert for imap.onid.oregonstate.edu is installed on both frontends. Andy Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: AW: Re: Only some mailboxes don't accept incoming messages, no error in the logs for this?!
Arghhh... I was too fast. Your question was actually how he redelivered the mails, am I right? ... Sorry... Best, Daniel Daniel Eckl schrieb: He told that in the part you deleted from quote. He accidentially made some kind of °catch-all alias" which catched away all the mails. He deleted the alias and the mailboxes worked again. I hope I understodd that correctly, though... Best, Daniel Rudy Gevaert schrieb: Rustedt, Florian wrote: So we killed this alias and redelivered all mails from the box to solve this problem. May I ask how you did this? Thanks in advance, Rudy Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: SSL certs on proxy pool?
we have a mail.columbia.edu cert on each of our frontends. They are behind a load balancer which has the name mail.columbia.edu. Clients connect to the load balancer which passes them to one of the frontends. The CN name in the cert matches the name the client thinks they connected to and things work fine. -Patrick On Aug 1, 2006, at 8:27 PM, Vincent Fox wrote: Wondering how people deal with SSL certs with multiple frontends? Do you put wildcard certs on the proxies and leave the SSL processing on each unit? Do you use an SSL-aware load-balancer and let it hold a cert for the published hostname and do the heavy lifting? If there's some 3rd way, I'm interested to hear it. I'm not really clear what would happen on a load-balancer with TLS switchovers, doesn't that imply the load-balancer has to be application-aware not just like a hardware version of stunnel? Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: AW: Re: Only some mailboxes don't accept incoming messages, no error in the logs for this?!
He told that in the part you deleted from quote. He accidentially made some kind of °catch-all alias" which catched away all the mails. He deleted the alias and the mailboxes worked again. I hope I understodd that correctly, though... Best, Daniel Rudy Gevaert schrieb: Rustedt, Florian wrote: So we killed this alias and redelivered all mails from the box to solve this problem. May I ask how you did this? Thanks in advance, Rudy Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Trouble with cyradm xfer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 HI, I'm trying to migrate users from one backend cyrus 2.3.7 server to another. I've got the imapd.conf on the servers set up so that authentication is working between them just fine (using gssapi). When I run the xfer command from inside cyradm, I get the following error: cyrus1.mail.rice.edu> xfer user/wilma cyrus2.mail.rice.edu xfermailbox: The remote Server(s) denied the operation Examining the protocol log on cyrus2 shows me: <11545390421154539042>LC1 OK Completed <11545390421154539042>+ go ahead >1154539042>D01 NO Bad protocol >1154539042>* BYE decoding error: generic failure; SASL(-1): generic failure: security flags do not match required And the syslog shows: Aug 2 12:09:15 cyrus1 master[20761]: about to exec /usr/site/cyrus-imapd-2.3.7/bin/imapd Aug 2 12:09:15 cyrus1 imap[20761]: executed Aug 2 12:09:15 cyrus1 imap[20761]: accepted connection Aug 2 12:09:15 cyrus1 imap[20761]: login: cyrus1.mail.rice.edu [10.129.93.100] mailadmin GSSAPI User logged in Aug 2 12:17:22 cyrus1 imap[20761]: Could not move mailbox: user.wilma, UNDUMP failed Aug 2 12:17:22 cyrus1 imap[20761]: Could not back out remote mailbox during move of user/wilma (Server(s) unavailable to complete operation) And then the mailbox is in an untenable state. An empty mailbox exists on cyrus2, but on cyrus1 it's marked as a remote mailbox, so further attempts to do anything to it fail. The only way I've been able to return to a working state is to dump the mailboxes.db to text, edit the entry for that mailbox to be on a local partition again, and then reimport it. Here are some relevant lines from my imapd.conf (the same on both cyrus1 & cyrus2) admins: mailadmin allowusermoves: 1 proxy_authname: mailadmin proxyservers: mailadmin I tried setting a defaultacl on cyrus2, but that didn't apply to the newly created mailbox. Am I missing something obvious? Should I have created "user" as a mailbox first, with the default acl set appropriately, and only then created all the "user/foo" mailboxes? Right now, "user" isn't a mailbox, so trying to put an acl on it fails. -paul - -- Paul D. Engle| Rice University Sr. Systems Administrator| Information Technology - MS119 (713) 348-4702 | P.O. Box 1892 [EMAIL PROTECTED] | Houston, TX 77251-1892 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFE0OFvCpkISWtyHNsRAnhYAJ9JeKZjFMgnIDliE92iE/y5dd26YACdFvnN YOhS1Gjj5N52se0DwpJBNt4= =U9Yd -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
RE: unable to login with cyradm
Cyrus IMAP v2.3.3 and above have TLS support. You might have to add the "--tls" switch to make it work. For older versions see the patch on https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=2036 > -Original Message- > From: [EMAIL PROTECTED] [mailto:info-cyrus- > [EMAIL PROTECTED] On Behalf Of Daniel Eckl > Sent: Wednesday, August 02, 2006 10:41 AM > To: Joe Harvell > Cc: info-cyrus@lists.andrew.cmu.edu > Subject: Re: unable to login with cyradm > > Hi Joe! > > Cyradm (or only your cyradm? Dunno...) might not be SSL capable. > > So either use port 143 to connect or if you have to user IMAPS Port 993, > then you could establish an ssl tunnel with stunnel program. > > Best, > Daniel > > Joe Harvell schrieb: > > Could someone *please* take a look at this? > > > > Joe Harvell wrote: > >> I used cyradm a long time ago to set up two mailboxes, and now I need > to > >> use it again, but I can't login: > >> > >> I am running cyrus-imapd 2.2.12. I know that the latest 2.3 version > >> supports TLS with cyradm. But I am not ready to upgrade. I just want > >> to be able to run cyradm from the localhost. Here is what happens when > >> I enter the cyradm command: > >> > >> [EMAIL PROTECTED] ~ $ cyradm --user cyrus --server localhost --port 993 > >> IMAP Password: > >> [EMAIL PROTECTED] ~ $ > >> > >> > >> Here is my syslog: > >> > >> Jul 31 17:10:13 dingo master[18188]: about to exec /usr/lib/cyrus/imapd > >> Jul 31 17:10:13 dingo imaps[18188]: executed > >> Jul 31 17:10:13 dingo imaps[18188]: auxpropfunc error invalid parameter > >> supplied > >> Jul 31 17:10:13 dingo imaps[18188]: _sasl_plugin_load failed on > >> sasl_auxprop_plug_init for plugin: ldapdb > >> Jul 31 17:10:13 dingo imaps[18188]: sql_select option missing > >> Jul 31 17:10:13 dingo imaps[18188]: auxpropfunc error no mechanism > available > >> Jul 31 17:10:13 dingo imaps[18188]: _sasl_plugin_load failed on > >> sasl_auxprop_plug_init for plugin: sql > >> Jul 31 17:10:13 dingo imaps[18188]: accepted connection > >> Jul 31 17:10:13 dingo imaps[18188]: imaps TLS negotiation failed: > >> localhost [127.0.0.1] > >> Jul 31 17:10:13 dingo imaps[18188]: Fatal error: tls_start_servertls() > >> failed > >> Jul 31 17:10:13 dingo master[31124]: process 18188 exited, status 75 > >> Jul 31 17:10:13 dingo master[31124]: service imaps pid 18188 in BUSY > >> state: terminated abnormally > >> > >> And here is my imapd.conf: > >> > >> # $Header: > >> /var/cvsroot/gentoo-x86/net-mail/cyrus-imapd/files/imapd.conf,v 1.5 2 > >> 004/08/27 06:02:45 langthang Exp $ > >> > >> # Don't forget to use chattr +S (if you are using ext[23]) > >> # when you change these directories (read the docs). > >> configdirectory:/var/imap > >> partition-default: /var/spool/imap > >> sievedir: /var/imap/sieve > >> > >> tls_ca_path:/etc/ssl/certs > >> tls_cert_file: /etc/ssl/cyrus/dingo.x509.pem > >> tls_key_file: /etc/ssl/cyrus/dingo.rsakeys.pem > >> > >> # Don't use an everyday user as admin. > >> admins: cyrus > >> > >> hashimapspool: yes > >> allowanonymouslogin:no > >> allowplaintext: no > >> > >> # Allow renaming of top-level mailboxes. > >> #allowusermoves: yes > >> > >> # Use this if sieve-scripts could be in ~user/.sieve. > >> #sieveusehomedir: yes > >> > >> # Use saslauthd if you want to use pam for imap. > >> # But be warned: login with DIGEST-MD5 or CRAM-MD5 > >> # is not possible using pam. > >> sasl_pwcheck_method:saslauthd > >> > >> servername: dingo.dogpad.net. > >> > >> > >> ## This is a recommended authentication method if you > >> ## emerge cyrus-sasl with 'postgres' or 'mysql' > >> ## To use with mysql database uncomment those lines below. > >> > >> #sasl_pwcheck_method: auxprop > >> #sasl_auxprop_plugin: sql > >> > >> ## possible values for sasl_auxprop_plugin 'mysql', 'pgsql', 'sqlite'. > >> #sasl_sql_engine: mysql > >> > >> ## all possible values. > >> #sasl_mech_list: LOGIN PLAIN CRAM-MD5 DIGEST-MD5 NTLM > >> ## or limit to CRAM-MD5 only > >> #sasl_mech_list: CRAM-MD5 > >> > >> ## change below to suit your setup. > >> #sasl_sql_user: mailsqluser > >> #sasl_sql_passwd: password > >> #sasl_sql_database: mailsqldb > >> #sasl_sql_hostnames: localhost > >> #sasl_sql_select: SELECT clear FROM users WHERE email = '[EMAIL PROTECTED]' > >> > >> > >> Cyrus Home Page: http://asg.web.cmu.edu/cyrus > >> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu > >> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > > > > > > Cyrus Home Page: http://asg.web.cmu.edu/cyrus > > Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu > > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > > Cyrus Home Page: http://asg.web.cmu.edu/cyrus > Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus H
Re: restore email
On Wed, 2 Aug 2006, Sam wrote: Andrew Morgan wrote: On Wed, 2 Aug 2006, Sam wrote: Hi I am not using Legato backup client. What I have is only a copy of the user /mail/imap/spool/user/sam directory. eg. # ls -l total 52 drwx-- 2 root wheel512 Aug 1 17:24 Drafts drwx-- 2 root wheel512 Aug 1 17:24 Sent Items drwx-- 2 root wheel512 Aug 1 17:24 Trash -rw--- 1 root wheel 4 Aug 1 17:24 cyrus.cache -rw--- 1 root wheel179 Aug 1 17:24 cyrus.header -rw--- 1 root wheel 76 Aug 1 17:24 cyrus.index -rw--- 1 root wheel 39983 Aug 1 17:24 cyrus.squat Can I just copy the older fodlers/files from the backup server to the production mail server and execute steps 12 and 13 as you mentioned below? I found that reconstruct didn't work quite right unless I only had the message files and the cyrus.header file (don't copy over the other cyrus.xxx files). Don't forget to set the unix ownership and permissions to whatever your cyrus user is. Hi, I found the cyrus.header file, but which message files? Those are the 1., 2., 3., etc files. Andy Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Seg faults in lmtpd in Cyrus 2.3.7
Hello,
I'm currently using Simon's rpms on a Centos 4 murder setup. For
awhile now, I've been getting (occasionally) 15-20 minutes worth of
"Deferred" messages from sendmail. I never believed it was sendmail,
but I've been having issues proving that. We managed to get the
debug_command going in Cyrus, and have now found that it's lmtpd
that's seg faulting, but I'm still confused as to why.
This happens, like I said, randomly for 15-20 minutes at a time. It
will eventually start delivering fine on it's own. As a matter of
fact, any attempt at restarting services (cyrus, sendmail, etc) or
rebooting the server has NO effect (it will just keep Deferring until
it starts randomly delivering again).
At any rate, I so far have telemetry and strace logs and will paste an
example here. I hope to recompile with debugging and have a gdb
backtrace soon as well, but was wondering if anyone had ideas.
This has been happening for awhile now. It even happened occasionally
in 2.2.x tho nowhere near as bad as 2.3.x has been. This also seems to
happen after the "Rcpt to:", either before or during the DATA section.
Example telemetry log:
1154532184>220 X.net LMTP Cyrus v2.3.7-Invoca-RPM-2.3.7-2.LN1 ready
<1154532184
1154532184>250-cX.net
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-SIZE
250-AUTH EXTERNAL
250 IGNOREQUOTA
<1154532184 SIZE=2109
1154532184>250 2.1.0 ok
<1154532184
RCPT To:<[EMAIL PROTECTED]>
DATA
(and that's the last thing in the telemetry log).
Excerpt from strace:
11:23:04.144071 send(5, "<23>Aug 2 11:23:04 lmtpunix[100"..., 73,
MSG_NOSIGNAL) = 73
11:23:04.144318 open("/var/lib/imap/log/postman/10002",
O_WRONLY|O_APPEND|O_CREAT, 0644) = 8
11:23:04.144569 time(NULL) = 1154532184
11:23:04.144788 write(8, "-- postman Wed Aug 2 11"..., 45) = 45
11:23:04.145044 select(1, [0], NULL, NULL, {0, 0}) = 0 (Timeout)
11:23:04.145206 time([1154532184]) = 1154532184
11:23:04.145351 write(8, ">1154532184>", 12) = 12
11:23:04.145508 write(8, "220 XXX.net LMTP Cyr"..., 72) = 72
11:23:04.145704 write(1, "220 XXX.net LMTP Cyr"..., 72) = 72
11:23:04.146082 time(NULL) = 1154532184
11:23:04.146225 select(1, [0], NULL, NULL, {360, 0}) = 1 (in [0], left
{360, 0})
11:23:04.146408 time(NULL) = 1154532184
11:23:04.146532 time(NULL) = 1154532184
11:23:04.146684 read(0, "LHLO XXX.net\r\n", 4096) = 26
11:23:04.146856 time([1154532184]) = 1154532184
11:23:04.147030 write(8, "<1154532184<", 12) = 12
11:23:04.147187 write(8, "LHLO XX.net\r\n", 26) = 26
11:23:04.147430 select(1, [0], NULL, NULL, {0, 0}) = 0 (Timeout)
11:23:04.147592 time([1154532184]) = 1154532184
11:23:04.147763 write(8, ">1154532184>", 12) = 12
11:23:04.147914 write(8, "250-XXX.net\r\n250-8BI"..., 126) = 126
11:23:04.148065 write(1, "250-XXX.net\r\n250-8BI"..., 126) = 126
11:23:04.149743 time(NULL) = 1154532184
11:23:04.149893 select(1, [0], NULL, NULL, {360, 0}) = 1 (in [0], left
{360, 0})
11:23:04.150075 time(NULL) = 1154532184
11:23:04.150198 time(NULL) = 1154532184
11:23:04.150317 read(0, "MAIL From:<[EMAIL PROTECTED]"..., 4096) = 48
11:23:04.150484 time([1154532184]) = 1154532184
11:23:04.150658 write(8, "<1154532184<", 12) = 12
11:23:04.150822 write(8, "MAIL From:<[EMAIL PROTECTED]"..., 48) = 48
11:23:04.151030 open("/var/lib/imap/msg/shutdown", O_RDONLY) = -1
ENOENT (No such file or directory)
11:23:04.151314 select(1, [0], NULL, NULL, {0, 0}) = 0 (Timeout)
11:23:04.151477 time([1154532184]) = 1154532184
11:23:04.151619 write(8, ">1154532184>", 12) = 12
11:23:04.151811 write(8, "250 2.1.0 ok\r\n", 14) = 14
11:23:04.151961 write(1, "250 2.1.0 ok\r\n", 14) = 14
11:23:04.153298 time(NULL) = 1154532184
11:23:04.153442 select(1, [0], NULL, NULL, {360, 0}) = 1 (in [0], left
{360, 0})
11:23:04.153619 time(NULL) = 1154532184
11:23:04.153779 time(NULL) = 1154532184
11:23:04.153902 read(0, "RCPT To:<[EMAIL PROTECTED]>\r\n"..., 4096) = 70
11:23:04.154068 time([1154532184]) = 1154532184
11:23:04.154215 write(8, "<1154532184<", 12) = 12
11:23:04.154364 write(8, "RCPT To:<[EMAIL PROTECTED]>\r\n"..., 70) = 70
11:23:04.154539 open("/var/lib/imap/msg/shutdown", O_RDONLY) = -1
ENOENT (No such file or directory)
11:23:04.154809 select(7, [6], NULL, NULL, {0, 0}) = 0 (Timeout)
11:23:04.155000 write(6,
"\0\0\0:\305\"K\341U\326w:u4\273hx\263\274\363\374\246\24"..., 62) = 62
11:23:04.155671 time(NULL) = 1154532184
11:23:04.155818 read(6,
"\0\0\0\246\205\3669\356\212\360\351S\260t\305\233\274@"..., 4096) = 170
11:23:04.156045 --- SIGSEGV (Segmentation fault) @ 0 (0) ---
I'll try to post a backtrace of a crashing lmtpd process as soon as I
can, but does anyone have any ideas as to where I can start looking?
Thanks.
Lenny
--
"Wisdom is to a man an infinite Treasure" -
Re: unable to login with cyradm
Joe Harvell wrote: I used cyradm a long time ago to set up two mailboxes, and now I need to use it again, but I can't login: I am running cyrus-imapd 2.2.12. I know that the latest 2.3 version supports TLS with cyradm. But I am not ready to upgrade. I just want to be able to run cyradm from the localhost. Here is what happens when I enter the cyradm command: Indeed, 2.3 has tls support. However, does anybody know how I make use of the tls key file that needs to be give to cyradm? How do I create such a tls key file? Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Idea for filtered access to cyrus
Rob Carter (duke) and I have been discussing for some time how to provide filtered access to the IMAP store using cyrus (cuz we use cyrus - duh!). Problem: With the blackberry a user can filter what email is sent to their device. It's a handy and powerful ability. Non-blackberry devices that speak the IMAP protocol do not have such a filtering ability. You essentially get ALL your mail. We see this as problematic. So, how to provide a filtering ability without changing the clients? The Idea: I will present this idea from the user perspective and drill down. The user enters into the device as login information: username +filter=foo and pw. (or something to that effect - don't get hung up on the details at this point). Cyrus gets this and slices off the +filter= and places the value "foo" into a FILTER variable. On the mail delivery side: LMTP is changed to look for X-IMAP-FILTER headers and to store the value of the header as an IMAP flag. Assuming X-IMAP-Filter: foo then we add /filter=foo to the IMAP flags. Do so for each X-IMAP-FILTER header found. then we modify the code to apply looking for /filter=foo to limit all eligible email for the life of the session. Any mail stored (copied, moved, etc) would retain or have added the /filter=foo flag. It is our hope that getting down deep enough into the code that this is not all that hard to do. We then create a web page service to allow people to tag email with X-IMAP-Filter headers based on whatever rules using things like sieve, procmail or whatever you favorite mechanism may be. You can have multiple filters for different devices or purposes. from the user perspective - a simple web interface to create/modify filters and a simple mechanism to login to an IMAP server with ANY client and have a limited view of all the mail. I am really not interested in negative filters being implemented at this level - negative filters would be implemented by the web page and the sieve like mechanism to control what X-IMAP-Filter headers are added. So, if you wanted to flag all non-junkmail then handle this by setting a non-junkmail filter. (this takes a little thought to realize the implications). So, this is the really simple view of this idea. I don't see any major show stoppers and it dramatically increases the utility of cyrus to small devices in particular. Thoughts? /mrg Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: restore email
On Wed, 2 Aug 2006, Sam wrote: After removed the cyrus.cache, cyrus.squat, and cyrus.index files, the mail client (thunderbird) got an error " Unable to lock ... file... I/O error". You must run reconstruct and quota -f (see my original restore steps) to recreate those files. Andy Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Idea for filtered access to cyrus
Cyrus gets this and slices off the +filter= and places the value "foo" into a FILTER variable. On the mail delivery side: LMTP is changed to look for X-IMAP- FILTER headers and to store the value of the header as an IMAP flag. Assuming X-IMAP-Filter: foo then we add /filter=foo to the IMAP flags. Do so for each X-IMAP- FILTERheader found. Could this be more generically implemented by creating a sieve extension to manipulate IMAP flags when storing a message to a folder? -rob Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Idea for filtered access to cyrus
I don't know - if there exists some plumbing today to make this happen - I am happy to utilize it in this idea. So, I'd appreciate some education if any of the capabilities of this idea already exist in some form. /mrg On Aug 2, 2006, at 14:23, Robert Banz wrote: Cyrus gets this and slices off the +filter= and places the value "foo" into a FILTER variable. On the mail delivery side: LMTP is changed to look for X-IMAP- FILTER headers and to store the value of the header as an IMAP flag. Assuming X-IMAP-Filter: foo then we add /filter=foo to the IMAP flags. Do so for each X-IMAP- FILTERheader found. Could this be more generically implemented by creating a sieve extension to manipulate IMAP flags when storing a message to a folder? -rob Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: AW: Re: Only some mailboxes don't accept incoming messages, no error in the logs for this?!
Daniel Eckl wrote: Arghhh... I was too fast. Your question was actually how he redelivered the mails, am I right? ... Yes :) I'm interested in that. If it would be easy to do (I mean automatically). Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Strange Sieve Behaviour
Sorry - I know this may be a little off-topic - but I'm really stuck
and wondering if anybody else here has seen this before.
System: RHEL 4, Apache 2.0.52 w/PHP 4.3.9, Cyrus 2.3.7 from Simon
Matter's rpms.
Setup: Horde: 3.1.2, Imp: H3 (4.1.2), Ingo: H3 (1.1.1), SAM 0.1-cvs
Basic summary: I cannot authenticate my users to the Sieve server
through Ingo (Horde/IMP's filter manager which user PEAR's
Net::Sieve) unless their password is the same as the cyrus admin user.
I applied this patch - because I was having problems after enabling
TLS in Cyrus and no Sieve worked at all:
http://www.kolab.org/pipermail/kolab-devel/2006-June/005636.html
At this moment, my user works - because the password for me and the
cyrus admin user is the same - no other usernames work with saving
sieve rules to the server through Ingo - but they can all connect
just fine with sivtest and sieveshell.
I just tried with the user bob and got this in the logs while
accessing from Ingo:
Jul 27 15:40:26 fenring sieve[4037]: badlogin: localhost.localdomain
[127.0.0.1] PLAIN authentication failure
But I can log in through IMP and sivtest just fine:
[EMAIL PROTECTED] darron]# sivtest -u bob -a bob localhost
S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7-Invoca-RPM-2.3.7-2"
S: "SASL" "PLAIN"
S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation
imapflags notify envelope relational regex subaddress copy"
S: "STARTTLS"
S: OK
Please enter your password:
C: AUTHENTICATE "PLAIN" {20+}
Ym9iAGJvYgBqb25lcw==
S: OK
Authenticated.
Security strength factor: 0
That's with his normal password - if I change the password to be the
same as the cyrus admin user, it works fine here (as it should) and
in Ingo:
Jul 27 15:45:47 fenring sieve[4412]: login: localhost.localdomain
[127.0.0.1] bob PLAIN User logged in
Does it have something to do with the "-a" flag in sivtest and
sieveshell? Is there any way to make Ingo use it?
Anyone else seen this?
--
darron froese
principal
nonfiction studios inc.
t 403.686.8887
c 403.819.7887
f 403.313.9233
w http://nonfiction.ca/
e [EMAIL PROTECTED]
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Idea for filtered access to cyrus
Because this is too confusing to our users. They want the small device to see the same emails as their regular mail client. So, if my INBOX is filtered on my PDA and I delete the message, it should be deleted on the server as well and the reverse should also be true. Our users also don't want to have to check mail in multiple folders. Your suggestion is viable from strictly the berry or other small device perspective but not from the perspective of using a berry/other device in concert with your normal IMAP client such as thunderbird, outlook, applemail and friends. Lastly, getting people to point their INBOX at an alternate folder is confusing for users. Please remember that not all users are intelligent. Given that we have many many thousands of users the smallest support consideration is significant. This idea was largely borne from the concern of how do we keep this as simple as possible such that the users can really understand the service they are getting. /mrg On Aug 2, 2006, at 15:12, David Lang wrote: this seems overly complicated. why not just have your filter software (of which there is a wide variety, includign sieve) put the messages you want into a INBOX.filtered folder and have your e-mail client (including a blackberry if you want) just read that folder? since many of these filter programs are opensource it would be pretty trivial to have them modify a flag as well, they generally don't do much with flags now becouse many IMAP servers don't have user-definable flags and they want to be compatable with as many different servers as possible. David Lang Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
wrong realm is passed to cyrus-sasl with virtdomains option enabled
Hello everybody. I didn't find answer on google, mailing list archive, so if it was discussed earlier, give me a link, please.. I am trying to set up several separate domains on one mail system (Gentoo). My /etc/imapd.conf: configdirectory: /var/imap partition-default: /var/spool/imap admins: [EMAIL PROTECTED] hashimapspool: yes allowanonymouslogin: no allowplaintext: yes virtdomains: userid defaultdomain: test.ru sasl_pwcheck_method: auxprop sasl_auxprop_plugin: sql sasl_sql_hostnames: localhost sasl_sql_user: sasl_sql_passwd: sasl_sql_database: mail sasl_sql_select: SELECT user_password FROM exim_users INNER JOIN exim_domains ON user_domain = domain_id WHERE user_login = '%u' AND domain_name = '%r' sasl_log_level: 9 When trying to authenticate as [EMAIL PROTECTED] with right password, it fails and the following query appear in logs: Aug 1 03:14:14 mail imap[32287]: sql plugin create statement from userPassword mail mail Aug 1 03:14:14 mail imap[32287]: sql plugin doing query SELECT user_password FROM exim_users INNER JOIN exim_domains ON user_domain = domain_id WHERE user_login = 'mail' AND domain_name = 'mail'; So hostname but not 'test.ru' is passed to cyrus-sasl. Why it happens? -- Best regards, Andrey Bulgakov Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Good book on Cyrus?
Ken Murchison wrote: Wesley Craig wrote: On 17 Jul 2006, at 09:59, Forrest Aldrich wrote: Short answer, there are no good books. Managing IMAP is minimally useful - in a basic sense. The one salient chapter happens to be online: http://www.oreilly.com/catalog/mimap/chapter/ch09.html if that helps. However, I contacted O'Reilly about a possible "Nutshell" book, and as I recall the response was there were no plans for anything. And so, we have this large scalable product that doesn't have a good book - it's complex enough that it deserves one. I would think there's a good market fo a Cyrus IMAP book. Did _Managing IMAP_ sell particularly poorly? I along with several current and former CMU folks have talked numerous times about writing a Cyrus book (our preference would be to do it with O'Reilly), but we've never gotten beyond the "it would be a good idea stage). Perhaps if we get a "Cyrus Center" up and running with proper funding, we'd be able to consider authoring a book more seriously. This would be a wonderful idea. I think this is well overdue, particularly after the addition of Cyrus Murder. A great opportunity to get more Cyrus out there, and better reference, examples, etc. _F Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Good book on Cyrus?
Forrest Aldrich wrote: Ken Murchison wrote: Wesley Craig wrote: On 17 Jul 2006, at 09:59, Forrest Aldrich wrote: Short answer, there are no good books. Managing IMAP is minimally useful - in a basic sense. The one salient chapter happens to be online: http://www.oreilly.com/catalog/mimap/chapter/ch09.html if that helps. However, I contacted O'Reilly about a possible "Nutshell" book, and as I recall the response was there were no plans for anything. And so, we have this large scalable product that doesn't have a good book - it's complex enough that it deserves one. I would think there's a good market fo a Cyrus IMAP book. Did _Managing IMAP_ sell particularly poorly? I along with several current and former CMU folks have talked numerous times about writing a Cyrus book (our preference would be to do it with O'Reilly), but we've never gotten beyond the "it would be a good idea stage). Perhaps if we get a "Cyrus Center" up and running with proper funding, we'd be able to consider authoring a book more seriously. This would be a wonderful idea. I think this is well overdue, particularly after the addition of Cyrus Murder. A great opportunity to get more Cyrus out there, and better reference, examples, etc. Assuming the potential authors know what they're talking about ;) -- Kenneth Murchison Systems Programmer Project Cyrus Developer/Maintainer Carnegie Mellon University Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Good book on Cyrus?
Forrest Aldrich wrote: Ken Murchison wrote: Wesley Craig wrote: On 17 Jul 2006, at 09:59, Forrest Aldrich wrote: Short answer, there are no good books. Managing IMAP is minimally useful - in a basic sense. The one salient chapter happens to be online: http://www.oreilly.com/catalog/mimap/chapter/ch09.html if that helps. However, I contacted O'Reilly about a possible "Nutshell" book, and as I recall the response was there were no plans for anything. And so, we have this large scalable product that doesn't have a good book - it's complex enough that it deserves one. I would think there's a good market fo a Cyrus IMAP book. Did _Managing IMAP_ sell particularly poorly? I along with several current and former CMU folks have talked numerous times about writing a Cyrus book (our preference would be to do it with O'Reilly), but we've never gotten beyond the "it would be a good idea stage). Perhaps if we get a "Cyrus Center" up and running with proper funding, we'd be able to consider authoring a book more seriously. This would be a wonderful idea. I think this is well overdue, particularly after the addition of Cyrus Murder. A great opportunity to get more Cyrus out there, and better reference, examples, etc. Assuming the potential authors know what they're talking about ;) I wanted to throw in there that a Cryus Cookbook would be good as well. Kind of like the Sendmail and Perl Cookbooks. sigh Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: High availability email server...
On 02 Aug 2006, at 03:24, Daniel Eckl wrote: Well, as far as I know, the mailboxes.db and other databases are only opened and modified by the master process. That's not the case. :; grep -lw mboxlist_open *[ch] arbitron.c chk_cyrus.c ctl_cyrusdb.c ctl_mboxlist.c cyr_expire.c cyrdump.c fud.c idled.c imapd.c ipurge.c lmtpd.c make_md5.c mbexamine.c mboxlist.c mboxlist.h mbpath.c mupdate.c nntpd.c pop3d.c quota.c reconstruct.c smmapd.c squatter.c sync_client.c sync_reset.c sync_server.c unexpunge.c :; So at least imapd, lmtpd, pop3d, and mupdate directly access mailboxes.db. And further, master never accesses mailboxes.db. :wes Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: XFER ACL issue
Excellent. Looks good. I'll try it out soon. In the meantime, I have encountered another ACL issue, and I'd like to propose a solution. Because 2.3.x currently stores ACLs in non-legacy format, when these non-legacy ACLs are stored in a 2.2.x MUPDATE server, 2.2.x frontends report ACLs that have 'c' and 'd' rights stripped out. I suggest that 2.3.x instead store ACLs in legacy format: that is, in the format that rfc 4314 specifies for presentation to clients. When reading these ACLs, the 2.2.x frontends would drop the new ACLs, leaving the client with ACLs that properly represent what the client is permitted to do. The patch implementing this is here: http://cvs.itd.umich.edu/cgi-bin/cvsweb.cgi/lfs/cyrus- imap23/237p3.diff?rev=1.2 It also includes: a fix for the bug in backend.c which causes sync_client to use the wrong network interface under some circumstances; a reduction in the unnecessarily large amount of memory that sync_server allocates for per-message pathnames; calls to telemetry_rusage() to log per-user CPU logging. It also includes my now-deprecated fix for the XFER ACL issue. FWIW, these are the *only* patches I'm currently using in our mixed 2.2/2.3 environment, and I'm able to successfully XFER mailboxes back and forth between 2.2 and 2.3 backends. I have several open issues, related to XFER & replication, nothing that can't be worked around by our admins until we can propose fixes. :wes On 02 Aug 2006, at 11:19, Ken Murchison wrote: Wesley Craig wrote: I was tracking a very similar issue with xfer between 2.2 and 2.3.6. xfer'ing vanilla 2.2.12 mailboxes to 2.3.6 seems to work fine, and xfer'ing a 2.3.6 mailbox to 2.2.12 also more or less works (permissions are broken since 2.3.6 blindly uses rfc 4314 ACLs rather than paying attention to whether the target backend supports only legacy ACLs). I just tested and committed a fix for the XFER 2.3 -> 2,2 ACL issue. Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
sieve filtering: global ?
'k, I've dont a quick search of google, and am not finding anything, so ... Using horde/ingo, I'm logging in as one of the admins for a domain, and putting a filter in place ... on the server side, its being dump'd into a 'global' directory, ie: /var/spool/sieve/domain/m/mydomain.com/g/global ... Is there something about the admins: users that causes this? Looking at the logins, the login is for [EMAIL PROTECTED], so I would have expected it to go into /var/spool/sieve/domain/m/mydomain.com/a/admin ... Thanks ... Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email . [EMAIL PROTECTED] MSN . [EMAIL PROTECTED] Yahoo . yscrappy Skype: hub.orgICQ . 7615664 Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
