Re: 2.4.2 on Solaris - Crashes in mailbox_unlock_index
On Sun, 31 Oct 2010, Bron Gondwana wrote: ; On Sat, Oct 30, 2010 at 11:19:14PM +, Andy Fiddaman wrote: ; On Sun, 31 Oct 2010, Bron Gondwana wrote: ; ; ; ; I don't suppose the stacktrace went any further up than that? I'm ; ; more interested in the call-site of mailbox_close, because that's ; ; where a dirty mailbox will be being closed. ; ; Here are a couple: ; ; Ok - that's all I needed. This is a bug. I'll push a fix ; to master straight away, and it will be in 2.4.3. Thanks, superb support as always. I'll apply the patch and look at rolling out 2.4.2 to production this week then go to 2.4.3 when it's out. Andy Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: 2.4.2 on Solaris - Crashes in mailbox_unlock_index
On Sunday, October 31, 2010 02:02:19 pm Andy Fiddaman wrote: On Sun, 31 Oct 2010, Bron Gondwana wrote: ; On Sat, Oct 30, 2010 at 11:19:14PM +, Andy Fiddaman wrote: ; On Sun, 31 Oct 2010, Bron Gondwana wrote: ; ; ; ; I don't suppose the stacktrace went any further up than that? I'm ; ; more interested in the call-site of mailbox_close, because that's ; ; where a dirty mailbox will be being closed. ; ; Here are a couple: ; ; Ok - that's all I needed. This is a bug. I'll push a fix ; to master straight away, and it will be in 2.4.3. Thanks, superb support as always. I'll apply the patch and look at rolling out 2.4.2 to production this week then go to 2.4.3 when it's out. Can we make sure this ends up in Bugzilla as well? Referring to the mailing list thread/post would suffice. Kind regards, Jeroen van Meeuwen Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: very long cyr_expire at startup and no mail delivery
Hi Henrique, Am Freitag, den 29.10.2010, 15:52 -0200 schrieb Henrique de Moraes Holschuh: On Fri, 29 Oct 2010, Marcus wrote: Id like to come back to an old question. Should I disable tlsprune in the startup too? Well, if it is backed by BDB, you should be able to run the prune with the system hot with impunity (thus, not delaying the start up). It is the *one* thing BDB is damn good for. But that obviously requires that the BDB environment is sane on your cyrus install (enough lock and buffer space, etc). I've changed to skiplist, because I had some problems für dbd. /etc/imapd.conf: duplicate_db: skiplist tlscache_db: skiplist I've disabled tlsprune and delprune in the START section of cyrus.conf and after a restart the cyrus comes up very quickly. :) Ciao, Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: 2.4.2 on Solaris - Crashes in mailbox_unlock_index
On Sun, Oct 31, 2010 at 01:02:19PM +, Andy Fiddaman wrote: On Sun, 31 Oct 2010, Bron Gondwana wrote: ; On Sat, Oct 30, 2010 at 11:19:14PM +, Andy Fiddaman wrote: ; On Sun, 31 Oct 2010, Bron Gondwana wrote: ; ; ; ; I don't suppose the stacktrace went any further up than that? I'm ; ; more interested in the call-site of mailbox_close, because that's ; ; where a dirty mailbox will be being closed. ; ; Here are a couple: ; ; Ok - that's all I needed. This is a bug. I'll push a fix ; to master straight away, and it will be in 2.4.3. Thanks, superb support as always. I'll apply the patch and look at rolling out 2.4.2 to production this week then go to 2.4.3 when it's out. Sorry - it's stuck in a queue behind some other stuff I don't want to push just yet. Here's the patch attached. The other stuff is pretty shiny - XFER support back to older versions of Cyrus :) Unfortunately there's an issue with .seen support in Cyrus 2.2 that's going to screw me up I think - I'm going to have to create a .seen file as well - with backported entries for each folder! Don't know how that's going to all come together... tricky. Anyway... Here's your patch :) Bron. From 32a713e74a8547b9023e4df5ba4e00530e506d1a Mon Sep 17 00:00:00 2001 From: Bron Gondwana br...@opera.com Date: Sun, 31 Oct 2010 11:22:37 +1100 Subject: [PATCH 1/3] Commit mailbox after annotation based expiry Fixes a bug reported by Andy Fiddaman cy...@fiddaman.net on the mailing list. --- imap/cyr_expire.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/imap/cyr_expire.c b/imap/cyr_expire.c index a23b1d2..ae9c8a4 100644 --- a/imap/cyr_expire.c +++ b/imap/cyr_expire.c @@ -228,6 +228,7 @@ int expire(char *name, int matchlen, int maycreate __attribute__((unused)), } r = mailbox_expunge(mailbox, expire_cb, erock, NULL); + if (!r) r = mailbox_commit(mailbox); if (r) { syslog(LOG_ERR, failed to expire old messages: %s, mailbox-name); mailbox_close(mailbox); -- 1.7.1 Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Odd problem: IMAP/S suddenly not working, but no errors, and IMAP still works
mail.reppep.com (CentOS 5) is running cyrus-imapd-2.3.7-7.el5_4.3, along with SquirrelMail, postfix, etc. Last night, I noticed that when I sent mail from Thunderbird, it was not able to file copies in the Sent mailbox, although they did reach the recipients, so postfix was accepting mail on 587/tcp. I restarted Cyrus IMAPd but don't see any error messages in /var/log/maillog, and the cert key look fine. SquirrelMail is fine using plain IMAP. I opened 143/tcp in the firewall, and am able to fetch mail via IMAP with STARTTLS, so it looks like the cert and key are fine. But telnet mail.reppep.com 993 and openssl fail to get any response. Port 993 is open to the Internet, FWIW. Does anyone have any suggestions for what went wrong and/or how to fix? I'll try tcpdump next to see if it's responding at all. Alternatively, is there a way to make sure Cyrus requires STARTTLS on 143? I was blocking external access to it to make sure users always use encryption to connect, but port 143 with STARTTLS required would be an acceptable alternative. Thanks, Chris Pepper pep...@imp:~$ !openssl openssl s_client -connect www.reppep.com:993 CONNECTED(0003) 4284:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/SourceCache/OpenSSL098/OpenSSL098-32/src/ssl/s23_lib.c:188: [r...@inspector ~]# cat /etc/imapd.conf admins: cyrus altnamespace: yes configdirectory: /var/lib/imap duplicatesuppression: yes hashimapspool: no partition-default: /var/spool/imap servername: mail.reppep.com singleinstancestore: yes #syslog_prefix: cyrus unixhierarchysep: yes lmtp_downcase_rcpt: yes maxmessagesize: 20971520 sendmail: /usr/sbin/sendmail #quotawarn: 80 #allowplaintext: yes #allowplainwithouttls: yes sasl_pwcheck_method: saslauthd #imap_auth_login: yes #imap_auth_cram_md5: yes #imap_auth_plain: yes autocreateinboxfolders: Junk autocreatequota: -1 #autocreate_sieve_script: /etc/junk.sieve autocreate_sieve_compiledscript: /etc/sieve.bc autosievefolders: Junk autosubscribeinboxfolders: Junk createonpost: yes #sievedir: /var/lib/imap/sieve sieveusehomedir: true tls_ca_file: /etc/pki/tls/certs/mail.reppep.com.20100115.crt tls_cert_file: /etc/pki/tls/certs/mail.reppep.com.20100115.crt tls_key_file: /etc/pki/tls/private/mail.reppep.com.20080219.key tls_cipher_list: SSLv3:TLSv1:!NULL:!EXPORT:!DES:!LOW:@STRENGTH [r...@inspector ~]# ls -l /etc/pki/tls/certs/mail.reppep.com.20100115.crt /etc/pki/tls/private/mail.reppep.com.20080219.key -rw-r--r-- 1 root root 6466 Oct 1 17:13 /etc/pki/tls/certs/mail.reppep.com.20100115.crt -rw-r- 1 root mail 497 Feb 19 2008 /etc/pki/tls/private/mail.reppep.com.20080219.key [r...@inspector ~]# netstat -an|grep LIST|grep tcp|sort -n tcp0 0 0.0.0.0:110 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:139 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:143 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:20000.0.0.0:* LISTEN tcp0 0 0.0.0.0:25 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:33060.0.0.0:* LISTEN tcp0 0 0.0.0.0:445 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:587 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:993 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:995 0.0.0.0:* LISTEN tcp0 0 10.0.104.200:53 0.0.0.0:* LISTEN tcp0 0 :::110 :::* LISTEN tcp0 0 127.0.0.1:10024 0.0.0.0:* LISTEN tcp0 0 127.0.0.1:10025 0.0.0.0:* LISTEN tcp0 0 127.0.0.1:530.0.0.0:* LISTEN tcp0 0 127.0.0.1:953 0.0.0.0:* LISTEN tcp0 0 :::143 :::* LISTEN tcp0 0 ::1:953 :::* LISTEN tcp0 0 :::2000 :::* LISTEN tcp0 0 :::22 :::* LISTEN tcp0 0 :::4242 :::* LISTEN tcp0 0 :::443 :::* LISTEN tcp0 0 :::5222 :::* LISTEN tcp0 0 :::5223 :::* LISTEN tcp0 0 :::5229
Re: Odd problem: IMAP/S suddenly not wo rking, but no errors, and IMAP still works
Sounds like your /dev/random is empty. You can compile with /dev/urandom or add a source of entropy... Chris Pepper pep...@cbio.mskcc.org wrote: mail.reppep.com (CentOS 5) is running cyrus-imapd-2.3.7-7.el5_4.3, along with SquirrelMail, postfix, etc. Last night, I noticed that when I sent mail from Thunderbird, it was not able to file copies in the Sent mailbox, although they did reach the recipients, so postfix was accepting mail on 587/tcp. I restarted Cyrus IMAPd but don't see any error messages in /var/log/maillog, and the cert key look fine. SquirrelMail is fine using plain IMAP. I opened 143/tcp in the firewall, and am able to fetch mail via IMAP with STARTTLS, so it looks like the cert and key are fine. But telnet mail.reppep.com 993 and openssl fail to get any response. Port 993 is open to the Internet, FWIW. Does anyone have any suggestions for what went wrong and/or how to fix? I'll try tcpdump next to see if it's responding at all. Alternatively, is there a way to make sure Cyrus requires STARTTLS on 143? I was blocking external access to it to make sure users always use encryption to connect, but port 143 with STARTTLS required would be an acceptable alternative. Thanks, Chris Pepper pep...@imp:~$ !openssl openssl s_client -connect www.reppep.com:993 CONNECTED(0003) 4284:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/SourceCache/OpenSSL098/OpenSSL098-32/src/ssl/s23_lib.c:188: [r...@inspector ~]# cat /etc/imapd.conf admins: cyrus altnamespace: yes configdirectory: /var/lib/imap duplicatesuppression: yes hashimapspool: no partition-default: /var/spool/imap servername: mail.reppep.com singleinstancestore: yes #syslog_prefix: cyrus unixhierarchysep: yes lmtp_downcase_rcpt: yes maxmessagesize: 20971520 sendmail: /usr/sbin/sendmail #quotawarn: 80 #allowplaintext: yes #allowplainwithouttls: yes sasl_pwcheck_method: saslauthd #imap_auth_login: yes #imap_auth_cram_md5: yes #imap_auth_plain: yes autocreateinboxfolders: Junk autocreatequota: -1 #autocreate_sieve_script: /etc/junk.sieve autocreate_sieve_compiledscript: /etc/sieve.bc autosievefolders: Junk autosubscribeinboxfolders: Junk createonpost: yes #sievedir: /var/lib/imap/sieve sieveusehomedir: true tls_ca_file: /etc/pki/tls/certs/mail.reppep.com.20100115.crt tls_cert_file: /etc/pki/tls/certs/mail.reppep.com.20100115.crt tls_key_file: /etc/pki/tls/private/mail.reppep.com.20080219.key tls_cipher_list: SSLv3:TLSv1:!NULL:!EXPORT:!DES:!LOW:@STRENGTH [r...@inspector ~]# ls -l /etc/pki/tls/certs/mail.reppep.com.20100115.crt /etc/pki/tls/private/mail.reppep.com.20080219.key -rw-r--r-- 1 root root 6466 Oct 1 17:13 /etc/pki/tls/certs/mail.reppep.com.20100115.crt -rw-r- 1 root mail 497 Feb 19 2008 /etc/pki/tls/private/mail.reppep.com.20080219.key [r...@inspector ~]# netstat -an|grep LIST|grep tcp|sort -n tcp0 0 0.0.0.0:110 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:139 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:143 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:20000.0.0.0:* LISTEN tcp0 0 0.0.0.0:25 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:33060.0.0.0:* LISTEN tcp0 0 0.0.0.0:445 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:587 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:993 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:995 0.0.0.0:* LISTEN tcp0 0 10.0.104.200:53 0.0.0.0:* LISTEN tcp0 0 :::110 :::* LISTEN tcp0 0 127.0.0.1:10024 0.0.0.0:* LISTEN tcp0 0 127.0.0.1:10025 0.0.0.0:* LISTEN tcp0 0 127.0.0.1:530.0.0.0:* LISTEN tcp0 0 127.0.0.1:953 0.0.0.0:* LISTEN tcp0 0 :::143 :::* LISTEN tcp0 0 ::1:953 :::* LISTEN tcp0 0 :::2000 :::* LISTEN tcp0 0 :::22 :::* LISTEN tcp0 0 :::4242 :::* LISTEN tcp0 0 :::443 :::* LISTEN tcp0 0 :::5222 :::*
Re: Odd problem: IMAP/S suddenly not working, but no errors, and IMAP still works
Bron, My Cyrus is from RPM, and I am just nursing it along until my users finish migrating off and FastMail manages to complete my own migration, so I don't want to build from source. Why would IMAP/S block on empty /dev/random, while IMAP+STARTTLS works? FWIW, SASL2 seems to use urandom. [r...@inspector random]# strings /usr/lib/libsasl* |grep random /dev/urandom /dev/urandom But my /dev/random does seem quite low. Still surfing and looking for a good way to fill it on a mostly headless server -- I haven't found a good solution yet. Chris [r...@inspector ~]# ls -l /dev/*random crw-rw-rw- 1 root root 1, 8 Oct 31 02:05 /dev/random cr--r--r-- 1 root root 1, 9 Oct 31 02:05 /dev/urandom [r...@inspector ~]# cd /proc/sys/kernel/random [r...@inspector random]# more *|cat :: boot_id :: d3724e19-7462-4224-960b-49d5d3a18d7a :: entropy_avail :: 17 :: poolsize :: 4096 :: read_wakeup_threshold :: 64 :: uuid :: a3ed2323-e04d-4034-a72a-76b5d4b697f7 :: write_wakeup_threshold :: 128 On 10/31/10 9:26 PM, Bron Gondwana wrote: Sounds like your /dev/random is empty. You can compile with /dev/urandom or add a source of entropy... Chris Pepperpep...@cbio.mskcc.org wrote: mail.reppep.com (CentOS 5) is running cyrus-imapd-2.3.7-7.el5_4.3, along with SquirrelMail, postfix, etc. Last night, I noticed that when I sent mail from Thunderbird, it was not able to file copies in the Sent mailbox, although they did reach the recipients, so postfix was accepting mail on 587/tcp. I restarted Cyrus IMAPd but don't see any error messages in /var/log/maillog, and the cert key look fine. SquirrelMail is fine using plain IMAP. I opened 143/tcp in the firewall, and am able to fetch mail via IMAP with STARTTLS, so it looks like the cert and key are fine. But telnet mail.reppep.com 993 and openssl fail to get any response. Port 993 is open to the Internet, FWIW. Does anyone have any suggestions for what went wrong and/or how to fix? I'll try tcpdump next to see if it's responding at all. Alternatively, is there a way to make sure Cyrus requires STARTTLS on 143? I was blocking external access to it to make sure users always use encryption to connect, but port 143 with STARTTLS required would be an acceptable alternative. Thanks, Chris Pepper pep...@imp:~$ !openssl openssl s_client -connect www.reppep.com:993 CONNECTED(0003) 4284:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/SourceCache/OpenSSL098/OpenSSL098-32/src/ssl/s23_lib.c:188: [r...@inspector ~]# cat /etc/imapd.conf admins: cyrus altnamespace: yes configdirectory: /var/lib/imap duplicatesuppression: yes hashimapspool: no partition-default: /var/spool/imap servername: mail.reppep.com singleinstancestore: yes #syslog_prefix: cyrus unixhierarchysep: yes lmtp_downcase_rcpt: yes maxmessagesize: 20971520 sendmail: /usr/sbin/sendmail #quotawarn: 80 #allowplaintext: yes #allowplainwithouttls: yes sasl_pwcheck_method: saslauthd #imap_auth_login: yes #imap_auth_cram_md5: yes #imap_auth_plain: yes autocreateinboxfolders: Junk autocreatequota: -1 #autocreate_sieve_script: /etc/junk.sieve autocreate_sieve_compiledscript: /etc/sieve.bc autosievefolders: Junk autosubscribeinboxfolders: Junk createonpost: yes #sievedir: /var/lib/imap/sieve sieveusehomedir: true tls_ca_file: /etc/pki/tls/certs/mail.reppep.com.20100115.crt tls_cert_file: /etc/pki/tls/certs/mail.reppep.com.20100115.crt tls_key_file: /etc/pki/tls/private/mail.reppep.com.20080219.key tls_cipher_list: SSLv3:TLSv1:!NULL:!EXPORT:!DES:!LOW:@STRENGTH [r...@inspector ~]# ls -l /etc/pki/tls/certs/mail.reppep.com.20100115.crt /etc/pki/tls/private/mail.reppep.com.20080219.key -rw-r--r-- 1 root root 6466 Oct 1 17:13 /etc/pki/tls/certs/mail.reppep.com.20100115.crt -rw-r- 1 root mail 497 Feb 19 2008 /etc/pki/tls/private/mail.reppep.com.20080219.key [r...@inspector ~]# netstat -an|grep LIST|grep tcp|sort -n tcp0 0 0.0.0.0:110 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:139 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:143 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:20000.0.0.0:* LISTEN tcp0 0 0.0.0.0:25 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:33060.0.0.0:* LISTEN tcp0 0 0.0.0.0:445 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:587 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:993