Re: mail coming without MX; how ?

[Antoine Jacoutot]

On Thu, 26 Apr 2007, JOYDEEP wrote:

if you check the domain infoservices.in  with  dnsstuff.com  you can
see no MX for that domain.
But still mail is coming at [EMAIL PROTECTED]we are using it for
our official purposes and infoservices.in is our official site too.

I wounder how mail is still coming with out MX ? could any one kindly
explain ?


This is to summarize...
If no MX is found for your domain, the MTA will sent the mail to the 
resolving host.


$ host -t MX infoservices.in
infoservices.in has no MX record
$ host infoservices.in
infoservices.in has address 85.199.129.73

So, your mail to [EMAIL PROTECTED] will be delivered to user at 
85.199.129.73.


Cheers.

--
Antoine

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: mail coming without MX; how ?

[JOYDEEP]

Antoine Jacoutot wrote:
 On Thu, 26 Apr 2007, JOYDEEP wrote:
 if you check the domain infoservices.in  with  dnsstuff.com  you can
 see no MX for that domain.
 But still mail is coming at [EMAIL PROTECTED]we are using it for
 our official purposes and infoservices.in is our official site too.

 I wounder how mail is still coming with out MX ? could any one kindly
 explain ?

 This is to summarize...
 If no MX is found for your domain, the MTA will sent the mail to the
 resolving host.

 $ host -t MX infoservices.in
 infoservices.in has no MX record
 $ host infoservices.in
 infoservices.in has address 85.199.129.73

 So, your mail to [EMAIL PROTECTED] will be delivered to user at
 85.199.129.73.

Thanks Antoine for the clarification , have a nice day


 Cheers.



Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: mail coming without MX; how ?

[Andrew McNamara]

if you check the domain infoservices.in  with  dnsstuff.com  you can
see no MX for that domain.
But still mail is coming at [EMAIL PROTECTED]we are using it for
our official purposes and infoservices.in is our official site too.

I wounder how mail is still coming with out MX ? could any one kindly
explain ?

Most Mail Transport Agents will fall back to the A record if no MX
records are found. This precident was set by sendmail, and woe betide
any implementation that ignores precident, but it would be foolish to
count on all MTAs behaving this way.

-- 
Andrew McNamara, Senior Developer, Object Craft
http://www.object-craft.com.au/

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Restrictive access to some users

[ram]

Hi,

On our cyrus server some users need access from office as well as from
outside our LAN. So we nat the imap port on our firewall and people are
able to access 

But Contract employees need not access mails from outside the office.
How can I allow access for such users only from the office


Thanks
Ram


Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: mail coming without MX; how ?

[Jukka Salmi]

Andrew McNamara -- info-cyrus (2007-04-26 16:16:49 +1000):
 if you check the domain infoservices.in  with  dnsstuff.com  you can
 see no MX for that domain.
 But still mail is coming at [EMAIL PROTECTED]we are using it for
 our official purposes and infoservices.in is our official site too.
 
 I wounder how mail is still coming with out MX ? could any one kindly
 explain ?
 
 Most Mail Transport Agents will fall back to the A record if no MX
 records are found. This precident was set by sendmail, and woe betide
 any implementation that ignores precident, but it would be foolish to
 count on all MTAs behaving this way.

With SMTP to you _can_ count on this behaviour. Quoting RFC 2821:

  5. Address Resolution and Mail Handling
  [...]
  The lookup first attempts to locate an MX
  record associated with the name. [...] If
  no MX records are found, but an A RR is
  found, the A RR is treated as if it was
  associated with an implicit MX RR, with a
  preference of 0, pointing to that host.


Regards, Jukka

-- 
bashian roulette:
$ ((RANDOM%6)) || rm -rf ~

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

what would be my imap.conf configuration ?

[JOYDEEP]

Dear list,

it has now cleared to me   If no MX is found for domain, the MTA will
sent the mail to the resolving host.
In this way a no. of mail system is working. now I also have a domain
which is pointing to my remote root server.
say it is mydomain.com   So how can I use this domain to get mail for
[EMAIL PROTECTED] 
here is my /etc/imapd.conf which I configured for dedicated.hosteurope.de
-
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
sievedir: /var/lib/sieve

admins: cyrus
allowanonymouslogin: no
allowplaintext: yes
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN LOGIN
sasl_minimum_layer: 0

autocreatequota: 1
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost

servername: lvps87-230-8-228.dedicated.hosteurope.de
defaultdomain: dedicated.hosteurope.de
loginrealms:  dedicated.hosteurope.de

unixhierarchysep:  no
virtdomains:   yes
hashimapspool: true

lmtp_overquota_perm_failure: no
lmtp_downcase_rcpt: yes
lmtpsocket:  /var/lib/imap/socket/lmtp

tls_ca_file:  /var/myca/demoCA/cacert.pem
tls_cert_file:/var/myca/newcert.pem
tls_key_file: /var/myca/newreq.pem



Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: lmtpd -a and unified murder

[Janne Peltonen]

On Wed, Apr 25, 2007 at 10:55:52AM -0700, Andrew Morgan wrote:
 I can't answer the SASL question.  How about relaying the mail from the 
 list server to your spam-scanner machines?

Yeah, that's probably the most simple solution. Thanks.


--Janne
-- 
Janne Peltonen [EMAIL PROTECTED]

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Restrictive access to some users

[Dmitriy Kirhlarov]

On Thu, Apr 26, 2007 at 12:14:13PM +0530, ram wrote:

 On our cyrus server some users need access from office as well as from
 outside our LAN. So we nat the imap port on our firewall and people are
 able to access 
 
 But Contract employees need not access mails from outside the office.
 How can I allow access for such users only from the office

Cyrus imapd doesn't have source ip filter feature, afaik and support
only one authorization group (ldap_filter).
With this reason you have to use some tric.

You need to configure two access groups and two cyrus servers (with
replication or murder configuration) and use different groups on this
servers.
Possible, some imap proxy can be configured for using second group.

WBR.
Dmitriy

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Restrictive access to some users

[Dmitriy Kirhlarov]

On Thu, Apr 26, 2007 at 12:07:20PM +0400, Dmitriy Kirhlarov wrote:
 On Thu, Apr 26, 2007 at 12:14:13PM +0530, ram wrote:
 
  On our cyrus server some users need access from office as well as from
  outside our LAN. So we nat the imap port on our firewall and people are
  able to access 
  
  But Contract employees need not access mails from outside the office.
  How can I allow access for such users only from the office
 
 Cyrus imapd doesn't have source ip filter feature, afaik and support
 only one authorization group (ldap_filter).
 With this reason you have to use some tric.
 
 You need to configure two access groups and two cyrus servers (with
 replication or murder configuration) and use different groups on this
 servers.
 Possible, some imap proxy can be configured for using second group.

O-ops.. :)

cyrus.conf:
...
SERVICES {
public  cmd=imapd -C /public.imapd.conf   listen=public_ip:imap
private cmd=imapd   listen=private_ip:imap
}

WBR.
Dmitriy

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

authentication failure: cross-realm

[JOYDEEP]

Dear list,

Here is the config I had with working cyrus

/etc/imapd.conf
---
servername: lvps87-230-8-228.dedicated.hosteurope.de
defaultdomain: dedicated.hosteurope.de
loginrealms:  dedicated.hosteurope.de
---

here is the change I have done after getting a DNS pointing to my email
server
-
servername : opendingo.com
defaultdomain:   opendingo.com
loginrealms:   opendingo.com
-

but now cyradm -u cyrus localhost  says
login relams fail.

can anyone have any idea of this problem ?


Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: mail coming without MX; how ?

[Andrew McNamara]

 Most Mail Transport Agents will fall back to the A record if no MX
 records are found. This precident was set by sendmail, and woe betide
 any implementation that ignores precident, but it would be foolish to
 count on all MTAs behaving this way.

With SMTP to you _can_ count on this behaviour. Quoting RFC 2821:

  5. Address Resolution and Mail Handling
  [...]
  The lookup first attempts to locate an MX
  record associated with the name. [...] If
  no MX records are found, but an A RR is
  found, the A RR is treated as if it was
  associated with an implicit MX RR, with a
  preference of 0, pointing to that host.

RFC 2821 is relatively new (certainly newer than most MTAs), and while
the popular ones have made some effort to comply with it, many others
still struggle to comply with RFC 821.

-- 
Andrew McNamara, Senior Developer, Object Craft
http://www.object-craft.com.au/

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Restrictive access to some users

[Rudy Gevaert]

Dmitriy Kirhlarov wrote:

On Thu, Apr 26, 2007 at 12:07:20PM +0400, Dmitriy Kirhlarov wrote:

On Thu, Apr 26, 2007 at 12:14:13PM +0530, ram wrote:


On our cyrus server some users need access from office as well as from
outside our LAN. So we nat the imap port on our firewall and people are
able to access 


But Contract employees need not access mails from outside the office.
How can I allow access for such users only from the office

Cyrus imapd doesn't have source ip filter feature, afaik and support
only one authorization group (ldap_filter).
With this reason you have to use some tric.

You need to configure two access groups and two cyrus servers (with
replication or murder configuration) and use different groups on this
servers.
Possible, some imap proxy can be configured for using second group.


O-ops.. :)

cyrus.conf:
...
SERVICES {
public  cmd=imapd -C /public.imapd.conf listen=public_ip:imap
private cmd=imapd   listen=private_ip:imap
}


That doesn't fix the problem because you can't say which user can log in 
 on what interface.


But you could maybe do it like this:

two different imapd.confs.  In one of them you use a different saslauthd 
(if you would be using this) socket.  And run a second saslauthd with 
different config.


--
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Rudy Gevaert  [EMAIL PROTECTED]  tel:+32 9 264 4734
Directie ICT, afd. Infrastructuur ICT Department, Infrastructure office
Groep SystemenSystems group
Universiteit Gent Ghent University
Krijgslaan 281, gebouw S9, 9000 Gent, Belgie   www.UGent.be
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: what would be my imap.conf configuration ?

[Mogens Melander]

On Thu, April 26, 2007 09:39, JOYDEEP wrote:
 Dear list,

 it has now cleared to me   If no MX is found for domain, the MTA will
 sent the mail to the resolving host.
 In this way a no. of mail system is working. now I also have a domain
 which is pointing to my remote root server.
 say it is mydomain.com   So how can I use this domain to get mail for
 [EMAIL PROTECTED]
 here is my /etc/imapd.conf which I configured for dedicated.hosteurope.de
 -

Again, your imap server has absolutely nothing to do with mail
being transported from A to B.

If you want mail for [EMAIL PROTECTED] be delivered to:

1) dedicated.hosteurope.de [80.237.128.168] create MX record
   on nameserver for mydomain.com

   mydomain.com.86400IN MX   10   80.237.128.168

2) lvps87-230-8-228.dedicated.hosteurope.de [87.230.8.228] create MX record
   on nameserver for mydomain.com

   mydomain.com.86400IN MX   10   87.230.8.228


-- 
Later

Mogens Melander
+45 40 85 71 38
+66 870 133 224



-- 
This message has been scanned for viruses and
dangerous content by OpenProtect(http://www.openprotect.com), and is
believed to be clean.


Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: ZFS compression?

[Andy Fiddaman]

On Tue, 24 Apr 2007, Vincent Fox wrote:

; Has anyone attempted using ZFS compression on mail spools?

Yes, we use it here on some servers. The servers were originally IO bound
but since enabling compression (and delayed expunge...) they are coping
fine. The CPU utilisation went up a bit as a result but the server's still
nowhere near being busy.

A.

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: what would be my imap.conf configuration ?

[JOYDEEP]

Mogens Melander wrote:
 On Thu, April 26, 2007 09:39, JOYDEEP wrote:
   
 Dear list,

 it has now cleared to me   If no MX is found for domain, the MTA will
 sent the mail to the resolving host.
 In this way a no. of mail system is working. now I also have a domain
 which is pointing to my remote root server.
 say it is mydomain.com   So how can I use this domain to get mail for
 [EMAIL PROTECTED]
 here is my /etc/imapd.conf which I configured for dedicated.hosteurope.de
 -
 

 Again, your imap server has absolutely nothing to do with mail
 being transported from A to B.

 If you want mail for [EMAIL PROTECTED] be delivered to:

 1) dedicated.hosteurope.de [80.237.128.168] create MX record
on nameserver for mydomain.com

mydomain.com.86400IN MX   10   80.237.128.168

 2) lvps87-230-8-228.dedicated.hosteurope.de [87.230.8.228] create MX record
on nameserver for mydomain.com

mydomain.com.86400IN MX   10   87.230.8.228


   
That's ok, but I don't have access on MX hence I have to depend on A
record. So here I have to use the A record of mydomain.com


Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Restrictive access to some users

[Dmitriy Kirhlarov]

On Thu, Apr 26, 2007 at 12:09:28PM +0200, Rudy Gevaert wrote:

 cyrus.conf:
 ...
 SERVICES {
 public   cmd=imapd -C /public.imapd.conf   
 listen=public_ip:imap
 private  cmd=imapd   
 listen=private_ip:imap
 }
 
 That doesn't fix the problem because you can't say which user can log in  on 
 what 
 interface.
 
 But you could maybe do it like this:
 
 two different imapd.confs.  In one of them you use a different

Yes. I mean this.

 saslauthd (if you would be using this) socket.  And run a second
 saslauthd with different config.

Using ldap_group_* and ldap_member_* imapd.conf parameters more
accurate, for me

WBR.
Dmitriy

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html