Re: mail coming without MX; how ?
Andrew McNamara --> info-cyrus (2007-04-26 16:16:49 +1000): > >if you check the domain "infoservices.in" with dnsstuff.com you can > >see no MX for that domain. > >But still mail is coming at [EMAIL PROTECTED]we are using it for > >our official purposes and infoservices.in is our official site too. > > > >I wounder how mail is still coming with out MX ? could any one kindly > >explain ? > > Most Mail Transport Agents will fall back to the A record if no MX > records are found. This precident was set by sendmail, and woe betide > any implementation that ignores precident, but it would be foolish to > count on all MTAs behaving this way. With SMTP to you _can_ count on this behaviour. Quoting RFC 2821: 5. Address Resolution and Mail Handling [...] The lookup first attempts to locate an MX record associated with the name. [...] If no MX records are found, but an A RR is found, the A RR is treated as if it was associated with an implicit MX RR, with a preference of 0, pointing to that host. Regards, Jukka -- bashian roulette: $ ((RANDOM%6)) || rm -rf ~ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
what would be my imap.conf configuration ?
Dear list, it has now cleared to me If no MX is found for domain, the MTA will sent the mail to the resolving host. In this way a no. of mail system is working. now I also have a domain which is pointing to my remote root server. say it is mydomain.com So how can I use this domain to get mail for [EMAIL PROTECTED] here is my /etc/imapd.conf which I configured for dedicated.hosteurope.de - configdirectory: /var/lib/imap partition-default: /var/spool/imap sievedir: /var/lib/sieve admins: cyrus allowanonymouslogin: no allowplaintext: yes sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN LOGIN sasl_minimum_layer: 0 autocreatequota: 1 reject8bit: no quotawarn: 90 timeout: 30 poptimeout: 10 dracinterval: 0 drachost: localhost servername: lvps87-230-8-228.dedicated.hosteurope.de defaultdomain: dedicated.hosteurope.de loginrealms: dedicated.hosteurope.de unixhierarchysep: no virtdomains: yes hashimapspool: true lmtp_overquota_perm_failure: no lmtp_downcase_rcpt: yes lmtpsocket: /var/lib/imap/socket/lmtp tls_ca_file: /var/myca/demoCA/cacert.pem tls_cert_file:/var/myca/newcert.pem tls_key_file: /var/myca/newreq.pem Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: lmtpd -a and unified murder
On Wed, Apr 25, 2007 at 10:55:52AM -0700, Andrew Morgan wrote: > I can't answer the SASL question. How about relaying the mail from the > list server to your spam-scanner machines? Yeah, that's probably the most simple solution. Thanks. --Janne -- Janne Peltonen <[EMAIL PROTECTED]> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Restrictive access to some users
On Thu, Apr 26, 2007 at 12:14:13PM +0530, ram wrote: > On our cyrus server some users need access from office as well as from > outside our LAN. So we nat the imap port on our firewall and people are > able to access > > But Contract employees need not access mails from outside the office. > How can I allow access for such users only from the office Cyrus imapd doesn't have source ip filter feature, afaik and support only one authorization group (ldap_filter). With this reason you have to use some tric. You need to configure two access groups and two cyrus servers (with replication or murder configuration) and use different groups on this servers. Possible, some imap proxy can be configured for using second group. WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Restrictive access to some users
On Thu, Apr 26, 2007 at 12:07:20PM +0400, Dmitriy Kirhlarov wrote: > On Thu, Apr 26, 2007 at 12:14:13PM +0530, ram wrote: > > > On our cyrus server some users need access from office as well as from > > outside our LAN. So we nat the imap port on our firewall and people are > > able to access > > > > But Contract employees need not access mails from outside the office. > > How can I allow access for such users only from the office > > Cyrus imapd doesn't have source ip filter feature, afaik and support > only one authorization group (ldap_filter). > With this reason you have to use some tric. > > You need to configure two access groups and two cyrus servers (with > replication or murder configuration) and use different groups on this > servers. > Possible, some imap proxy can be configured for using second group. O-ops.. :) cyrus.conf: ... SERVICES { public cmd="imapd -C /public.imapd.conf" listen=public_ip:imap private cmd=imapd listen=private_ip:imap } WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
authentication failure: cross-realm
Dear list, Here is the config I had with working cyrus /etc/imapd.conf --- servername: lvps87-230-8-228.dedicated.hosteurope.de defaultdomain: dedicated.hosteurope.de loginrealms: dedicated.hosteurope.de --- here is the change I have done after getting a DNS pointing to my email server - servername : opendingo.com defaultdomain: opendingo.com loginrealms: opendingo.com - but now "cyradm -u cyrus localhost" says login relams fail. can anyone have any idea of this problem ? Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: mail coming without MX; how ?
>> Most Mail Transport Agents will fall back to the A record if no MX >> records are found. This precident was set by sendmail, and woe betide >> any implementation that ignores precident, but it would be foolish to >> count on all MTAs behaving this way. > >With SMTP to you _can_ count on this behaviour. Quoting RFC 2821: > > 5. Address Resolution and Mail Handling > [...] > The lookup first attempts to locate an MX > record associated with the name. [...] If > no MX records are found, but an A RR is > found, the A RR is treated as if it was > associated with an implicit MX RR, with a > preference of 0, pointing to that host. RFC 2821 is relatively new (certainly newer than most MTAs), and while the popular ones have made some effort to comply with it, many others still struggle to comply with RFC 821. -- Andrew McNamara, Senior Developer, Object Craft http://www.object-craft.com.au/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Restrictive access to some users
Dmitriy Kirhlarov wrote: On Thu, Apr 26, 2007 at 12:07:20PM +0400, Dmitriy Kirhlarov wrote: On Thu, Apr 26, 2007 at 12:14:13PM +0530, ram wrote: On our cyrus server some users need access from office as well as from outside our LAN. So we nat the imap port on our firewall and people are able to access But Contract employees need not access mails from outside the office. How can I allow access for such users only from the office Cyrus imapd doesn't have source ip filter feature, afaik and support only one authorization group (ldap_filter). With this reason you have to use some tric. You need to configure two access groups and two cyrus servers (with replication or murder configuration) and use different groups on this servers. Possible, some imap proxy can be configured for using second group. O-ops.. :) cyrus.conf: ... SERVICES { public cmd="imapd -C /public.imapd.conf" listen=public_ip:imap private cmd=imapd listen=private_ip:imap } That doesn't fix the problem because you can't say which user can log in on what interface. But you could maybe do it like this: two different imapd.confs. In one of them you use a different saslauthd (if you would be using this) socket. And run a second saslauthd with different config. -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Rudy Gevaert [EMAIL PROTECTED] tel:+32 9 264 4734 Directie ICT, afd. Infrastructuur ICT Department, Infrastructure office Groep SystemenSystems group Universiteit Gent Ghent University Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: what would be my imap.conf configuration ?
On Thu, April 26, 2007 09:39, JOYDEEP wrote: > Dear list, > > it has now cleared to me If no MX is found for domain, the MTA will > sent the mail to the resolving host. > In this way a no. of mail system is working. now I also have a domain > which is pointing to my remote root server. > say it is mydomain.com So how can I use this domain to get mail for > [EMAIL PROTECTED] > here is my /etc/imapd.conf which I configured for dedicated.hosteurope.de > - Again, your imap server has absolutely nothing to do with mail being transported from A to B. If you want mail for [EMAIL PROTECTED] be delivered to: 1) dedicated.hosteurope.de [80.237.128.168] create MX record on nameserver for mydomain.com mydomain.com.86400IN MX 10 80.237.128.168 2) lvps87-230-8-228.dedicated.hosteurope.de [87.230.8.228] create MX record on nameserver for mydomain.com mydomain.com.86400IN MX 10 87.230.8.228 -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: ZFS compression?
On Tue, 24 Apr 2007, Vincent Fox wrote: ; Has anyone attempted using ZFS compression on mail spools? Yes, we use it here on some servers. The servers were originally IO bound but since enabling compression (and delayed expunge...) they are coping fine. The CPU utilisation went up a bit as a result but the server's still nowhere near being busy. A. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: what would be my imap.conf configuration ?
Mogens Melander wrote: > On Thu, April 26, 2007 09:39, JOYDEEP wrote: > >> Dear list, >> >> it has now cleared to me If no MX is found for domain, the MTA will >> sent the mail to the resolving host. >> In this way a no. of mail system is working. now I also have a domain >> which is pointing to my remote root server. >> say it is mydomain.com So how can I use this domain to get mail for >> [EMAIL PROTECTED] >> here is my /etc/imapd.conf which I configured for dedicated.hosteurope.de >> - >> > > Again, your imap server has absolutely nothing to do with mail > being transported from A to B. > > If you want mail for [EMAIL PROTECTED] be delivered to: > > 1) dedicated.hosteurope.de [80.237.128.168] create MX record >on nameserver for mydomain.com > >mydomain.com.86400IN MX 10 80.237.128.168 > > 2) lvps87-230-8-228.dedicated.hosteurope.de [87.230.8.228] create MX record >on nameserver for mydomain.com > >mydomain.com.86400IN MX 10 87.230.8.228 > > > That's ok, but I don't have access on MX hence I have to depend on A record. So here I have to use the A record of mydomain.com Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Restrictive access to some users
On Thu, Apr 26, 2007 at 12:09:28PM +0200, Rudy Gevaert wrote: > >cyrus.conf: > >... > >SERVICES { > >public cmd="imapd -C /public.imapd.conf" > >listen=public_ip:imap > >private cmd=imapd > >listen=private_ip:imap > >} > > That doesn't fix the problem because you can't say which user can log in on > what > interface. > > But you could maybe do it like this: > > two different imapd.confs. In one of them you use a different Yes. I mean this. > saslauthd (if you would be using this) socket. And run a second > saslauthd with different config. Using ldap_group_* and ldap_member_* imapd.conf parameters more accurate, for me WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html