Re: suddenly 'User unknown'?
Ha.. SOLVED IT :-))
/etc/host REQUIRES the entry:
192.168.0.3 dell2600-1.bradcan.homelinux.com dell2600-1
Then:
[root@dell2600-1 brad]# sendmail -C /etc/mail/sendmail.cf -bt
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter
> $=w
dell2600-1.bradcan.homelinux.com
dell2600-1
localhost.localdomain
localhost
bradcan.co.uk
[192.168.0.3]
> /quit
Don't ask me what changed...
Thanks for the 'help'
On 02/12/2018 14:19, Charles Bradshaw via Info-cyrus wrote:
> Edda,
>
> I think there might be some clues, but I'm struggling to understand the
> below results.
>
> On 30/11/2018 17:36, Edda wrote:
>> Am 30.11.18 um 17:34 schrieb Charles Bradshaw:
>>> Edda,
>>>
>>> On 30/11/2018 15:48, Edda wrote:
>>>> Not a cyrus issue. Apparently sendmail strips the domain as you see in
>>>> lines like "RCPT To:"
>>>>
>>>> Your cyrusv2 Mailer in sendmail.mc seems correct to me.
>>>>
>>>> What do you get from (you can skip all the line for user root)
>>>>
>>>> sendmail -d21.1 -bv b...@bradcan.homelinux.com
>>> as brad:
>>>
>>> [brad@dell2600-1 ~]$ sendmail -d21.1 -bv b...@bradcan.homelinux.com
>>> Notice: -bv may give misleading output for non-privileged user
>>> can not chdir(/var/spool/mqueue/): Permission denied
>>> Program mode requires special privileges, e.g., root or TrustedUser.
>>>
>>> How do I setup TrustUser?
>> The message is a bit missleading. You can't just add a TrustedUser to
>> sendmail and run this test. You would have to change all
>> privileges It's absolutely ok to check the daemon as root.
>>
>>> but as root:
>>>
>>> [root@dell2600-1 brad]# sendmail -d21.1 -bv b...@bradcan.homelinux.com
>>>
>>> [...]
>>> . com . >
>>> rewrite: ruleset Parse1 input: brad < @ bradcan . homelinux
>>> . com . >
>>> rewrite: ruleset Parse1 returns: $# cyrusv2 $: brad
>>> rewrite: ruleset parse returns: $# cyrusv2 $: brad
>>> rewrite: ruleset 2 input: brad
>>> rewrite: ruleset 2 returns: brad
>>> rewrite: ruleset EnvToSMT input: brad
>>> rewrite: ruleset EnvToSMT returns: brad
>>> rewrite: ruleset final input: brad
>>> rewrite: ruleset final returns: brad
>>> b...@bradcan.homelinux.com... deliverable: mailer cyrusv2, user brad
>> The Parse1 ruleset considers b...@bradcan.homeliniux.com as a local
>> machine's user (Class $=w in sendmail). Therefore it strips the domain.
>>
>> You can check $=w like this:
>>
>> sendmail -C sendmail.cf -bt
>>> $=w
>> localhost
>> [127.0.0.1]
>> dell2600-1.bradcan.homelinux.com
>> [...]
>>> /quit
>> Look for bradcan.homelinux.com
>>
>> Do you have an entry for bradcan.homelinux.com in /etc/hosts? Then you
>> can simply delete it.
> No bradcan.homelinux.com is not in /etc/hosts or /etc/resolv.conf - But
> this:
>
> [brad@dell2600-1 ~]$ sendmail -C /etc/mail/sendmail.cf -bt
> ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
> Enter
>> $=w
> dell2600-1.bradcan.homelinux.com
> [213.106.111.18]
> localhost.localdomain
> localhost
> bradcan.co.uk
> bradcan.homelinux.com
>> /quit
> And this:
>
> [root@dell2600-1 mail]# hostname --fqdn
> bradcan.homelinux.com
>
> Whereas other hosts on the network show: host.bradcan.homelinux.com
>
> ~o~
>
> And after removing some comments and ignoring binary file matches # grep
> bradcan.homelinyx.com /etc/mail/* produces:
>
> access:bradcan.homelinux.com RELAY
>
> mailertable:bradcan.homelinux.com cyrusv2:/var/lib/imap/socket/lmtp
>
> sendmail.cf:C{M}bradcan.homelinux.com
>
> sendmail.mc:MASQUERADE_DOMAIN(bradcan.homelinux.com)
> sendmail.mc~:MASQUERADE_DOMAIN(bradcan.homelinux.com)
>
> virtusertable:@bradcan.co.uk %1...@bradcan.homelinux.com
>
> ??? are any of the above now somehow incorrect ???
>
> ??? Should I have the following line in virtusertable, The comments seem
> to suggest that I should. ???:
>
> @bradcan.homelinux.com %1%3
>
>> Edda
>>
>>
>> Cyrus Home Page: http://www.cyrusimap.org/
>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>> To Unsubscribe:
>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: suddenly 'User unknown'?
Edda,
I think there might be some clues, but I'm struggling to understand the
below results.
On 30/11/2018 17:36, Edda wrote:
> Am 30.11.18 um 17:34 schrieb Charles Bradshaw:
>> Edda,
>>
>> On 30/11/2018 15:48, Edda wrote:
>>> Not a cyrus issue. Apparently sendmail strips the domain as you see in
>>> lines like "RCPT To:"
>>>
>>> Your cyrusv2 Mailer in sendmail.mc seems correct to me.
>>>
>>> What do you get from (you can skip all the line for user root)
>>>
>>> sendmail -d21.1 -bv b...@bradcan.homelinux.com
>> as brad:
>>
>> [brad@dell2600-1 ~]$ sendmail -d21.1 -bv b...@bradcan.homelinux.com
>> Notice: -bv may give misleading output for non-privileged user
>> can not chdir(/var/spool/mqueue/): Permission denied
>> Program mode requires special privileges, e.g., root or TrustedUser.
>>
>> How do I setup TrustUser?
>
> The message is a bit missleading. You can't just add a TrustedUser to
> sendmail and run this test. You would have to change all
> privileges It's absolutely ok to check the daemon as root.
>
>>
>> but as root:
>>
>> [root@dell2600-1 brad]# sendmail -d21.1 -bv b...@bradcan.homelinux.com
>>
>> [...]
>> . com . >
>> rewrite: ruleset Parse1 input: brad < @ bradcan . homelinux
>> . com . >
>> rewrite: ruleset Parse1 returns: $# cyrusv2 $: brad
>> rewrite: ruleset parse returns: $# cyrusv2 $: brad
>> rewrite: ruleset 2 input: brad
>> rewrite: ruleset 2 returns: brad
>> rewrite: ruleset EnvToSMT input: brad
>> rewrite: ruleset EnvToSMT returns: brad
>> rewrite: ruleset final input: brad
>> rewrite: ruleset final returns: brad
>> b...@bradcan.homelinux.com... deliverable: mailer cyrusv2, user brad
>
> The Parse1 ruleset considers b...@bradcan.homeliniux.com as a local
> machine's user (Class $=w in sendmail). Therefore it strips the domain.
>
> You can check $=w like this:
>
> sendmail -C sendmail.cf -bt
> > $=w
> localhost
> [127.0.0.1]
> dell2600-1.bradcan.homelinux.com
> [...]
> >/quit
>
> Look for bradcan.homelinux.com
>
> Do you have an entry for bradcan.homelinux.com in /etc/hosts? Then you
> can simply delete it.
No bradcan.homelinux.com is not in /etc/hosts or /etc/resolv.conf - But
this:
[brad@dell2600-1 ~]$ sendmail -C /etc/mail/sendmail.cf -bt
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter
> $=w
dell2600-1.bradcan.homelinux.com
[213.106.111.18]
localhost.localdomain
localhost
bradcan.co.uk
bradcan.homelinux.com
> /quit
And this:
[root@dell2600-1 mail]# hostname --fqdn
bradcan.homelinux.com
Whereas other hosts on the network show: host.bradcan.homelinux.com
~o~
And after removing some comments and ignoring binary file matches # grep
bradcan.homelinyx.com /etc/mail/* produces:
access:bradcan.homelinux.com RELAY
mailertable:bradcan.homelinux.com cyrusv2:/var/lib/imap/socket/lmtp
sendmail.cf:C{M}bradcan.homelinux.com
sendmail.mc:MASQUERADE_DOMAIN(bradcan.homelinux.com)
sendmail.mc~:MASQUERADE_DOMAIN(bradcan.homelinux.com)
virtusertable:@bradcan.co.uk %1...@bradcan.homelinux.com
??? are any of the above now somehow incorrect ???
??? Should I have the following line in virtusertable, The comments seem
to suggest that I should. ???:
@bradcan.homelinux.com %1%3
> Edda
>
>
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: suddenly 'User unknown'?
: brad < @ bradcan . homelinux
. com . >
rewrite: ruleset parse input: brad < @ bradcan . homelinux
. com . >
rewrite: ruleset Parse0 input: brad < @ bradcan . homelinux
. com . >
rewrite: ruleset Parse0 returns: brad < @ bradcan . homelinux
. com . >
rewrite: ruleset ParseLocal input: brad < @ bradcan . homelinux
. com . >
rewrite: ruleset ParseLocal returns: brad < @ bradcan . homelinux
. com . >
rewrite: ruleset Parse1 input: brad < @ bradcan . homelinux
. com . >
rewrite: ruleset Parse1 returns: $# cyrusv2 $: brad
rewrite: ruleset parse returns: $# cyrusv2 $: brad
rewrite: ruleset 2 input: brad
rewrite: ruleset 2 returns: brad
rewrite: ruleset EnvToSMT input: brad
rewrite: ruleset EnvToSMT returns: brad
rewrite: ruleset final input: brad
rewrite: ruleset final returns: brad
b...@bradcan.homelinux.com... deliverable: mailer cyrusv2, user brad
But as root:
[root@dell2600-1 brad]# sendmail b...@bradcan.homelinux.com < email.txt
Still reports 'User unknown' in /etc/maillog
>
> Greets,
> Edda
>
> Am 30.11.18 um 16:34 schrieb Charles Bradshaw via Info-cyrus:
>>
>> Patrick, Javier, at last progress. Brilliant. :-) See below.
>>
>> [root@dell2600-1 brad]# strace -p 10146
>>
>>
> [...]
>> read(0, "RCPT To:\r\nDATA\r\n", 4096) = 22
>>
> [...]
>> +++ exited with 0 +++
>>
>> I don't understand the above! Except there are a number of lines like:
>>
>> open("/var/lib/imap/log/postman/lmtpunix-10146",
>> O_WRONLY|O_CREAT|O_APPEND, 0644) = -1 ENOENT (No such file or directory)
>>
>> Does any of the above explain 'User unknown', apart from fact that
>> lmtp quit with SIGALRM
>>
>> I created /var/lib/imap/log/postman then when the test email is sent
>> /var/lib/imap/log/postman contains this message:
>>
>> -- postman Fri Nov 30 15:04:47 2018
>>
>> >1543590287>220 dell2600-1.bradcan.homelinux.com Cyrus LMTP
>> v2.4.17-Invoca-RPM-2.4.17-7.el6 server ready
>> <1543590287> >1543590287>250-dell2600-1.bradcan.homelinux.com
>> 250-8BITMIME
>> 250-ENHANCEDSTATUSCODES
>> 250-PIPELINING
>> 250-SIZE
>> 250-AUTH EXTERNAL
>> 250 IGNOREQUOTA
>> <1543590287 SIZE=653
>> >1543590287>250 2.1.0 ok
>> <1543590287
>> DATA
>> >1543590287>550-Mailbox unknown. Either there is no mailbox
>> associated with this
>> 550-name or you do not have authorization to see it.
>> 550 5.1.1 User unknown
>> ...
>>
>> Now I'm guessing, since user b...@bradcan.homelinux.com does exist
>> and is working then it must be authorization.
>>
>> So why is authorization failing after years of working? How do I test
>> authorization?
>>
>>
>
>
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: suddenly 'User unknown'?
Is my TLS configuration correct? /etc/imapd.conf contains: tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt tls_cipher_list: TLSv1:SSLv3:!NULL:!EXPORT:!DES:!LOW:@STRENGTH Files exist: [root@dell2600-1 brad]# ls -l /etc/pki/cyrus-imapd/cyrus-imapd.pem -rw-r-. 1 root mail 3242 Apr 12 2014 /etc/pki/cyrus-imapd/cyrus-imapd.pem [root@dell2600-1 brad]# ls -l /etc/pki/tls/certs/ca-bundle.crt -rw-r--r--. 1 root root 754217 Feb 28 2018 /etc/pki/tls/certs/ca-bundle.crt Is the tls_cipher_list still valid?? CUT: Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: suddenly 'User unknown'?
Patrick, Javier, at last progress. Brilliant. :-) See below.
On 30/11/2018 14:16, Patrick Boutilier wrote:
> On 11/30/18 10:00 AM, Charles Bradshaw via Info-cyrus wrote:
>> Javier
>>
>> On 30/11/2018 11:49, Javier Angulo wrote:
>>> On 11/29/18 8:00 PM, Charles Bradshaw via Info-cyrus wrote:
>>>> Now you tell me is cyrus syslog being sent to /var/log/maillog? Or
>>>> should it be going to /var/imapd.log as the configuration files, man
>>>> pages and cyrus installation guides ( found here:
>>>> https://www.cyrusimap.org/imap/installing.html ) say it should?
>>> I believe there is no "syslog_facility:" option in cyrus 2.4 (at
>>> least I
>>> was unable to find it). You can configure it in cyrus3 and maybe in
>>> cyrus 2.5.
>> I removed syslog_facility from imapd.conf
>>> So in /etc/imapd.conf I would remove the syslog_facility line and set:
>>> syslog_prefix: cyrus
>> Has no effect: present or not, or changed to test.
>>> And in /etc/rsyslog.conf:
>>> mail.* -/var/log/maillog
>> Has always been in my rsyslog.conf
>>>
>>> Restart rsyslog and check logs for cyrus/something ...
>>
>> # /etc/init.d/rsyslog restart
>>
>> # service sendmail restart
>>
>> Now when I connect (from another host) using Thunderbird Mail I see in
>> /etc/maillog:
>>
>> Nov 30 13:01:02 dell2600-1 sendmail[9865]: NOQUEUE: stopping daemon,
>> reason=signal
>> Nov 30 13:01:02 dell2600-1 sendmail[9950]: starting daemon (8.14.4):
>> SMTP+queueing@01:00:00
>> Nov 30 13:01:02 dell2600-1 sendmail[9950]: STARTTLS: CRLFile missing
>> Nov 30 13:01:03 dell2600-1 sendmail[9950]: STARTTLS=server,
>> Diffie-Hellman init, key=1024 bit (1)
>> Nov 30 13:01:03 dell2600-1 sendmail[9950]: STARTTLS=server, init=1
>> Nov 30 13:01:03 dell2600-1 sendmail[9950]: started as:
>> /usr/sbin/sendmail -bd -q1h
>> Nov 30 13:01:03 dell2600-1 sm-msp-queue[9960]: starting daemon (8.14.4):
>> queueing@01:00:00
>> Nov 30 13:01:26 dell2600-1 cyrus/imaps[8645]: USAGE
>> b...@bradcan.homelinux.com user: 0.141978 sys: 0.087986
>> Nov 30 13:05:59 dell2600-1 cyrus/imaps[8743]: starttls: TLSv1.2 with
>> cipher AES128-SHA (128/128 bits new) no authentication
>> Nov 30 13:05:59 dell2600-1 cyrus/imaps[8743]: login: [192.168.0.6]
>> b...@bradcan.homelinux.com CRAM-MD5+TLS User logged in
>> SESSIONID=
>> Nov 30 13:05:59 dell2600-1 cyrus/imaps[8743]: client id: "name"
>> "Thunderbird" "version" "60.2.1"
>>
>> Hum.. cyrus/imaps sends logging to /etc/maillog
>>
>> I think it is absolutely clear:
>>
>> 1 - where cyrus syslog goes to is a red herring. It goes to, and has
>> always gone to /var/maillog. It is simply that the prefix 'cyrus' only
>> appears for cyrus imap transactions and other sendmail is labeled
>> 'sendmail'
>>
>> 2 - imapd is working fine: allows brad.bradcan.homelinux.com to connect
>> an email client. Also to move email from one mailbox to another. The
>> proof is that since enabling telemetry logging
>> /var/lib/imap/log/b...@bradcan.homelinux.com/ reflects imap
>> transactions.
>>
>> 3 - A problem remains with LMTP. as is clearly evident from 'User
>> unknown' appearing in maillog.
>>
>> My original question remains: How do I diagnose this when a test email
>> is sent to b...@bradcan.homelinux.com :
>>
>> Nov 30 12:59:48 dell2600-1 sendmail[9882]: wAUCxmBS009882:
>> to=b...@bradcan.homelinux.com, delay=00:00:00, xdelay=00:00:00,
>> mailer=cyrusv2, pri=32701, relay=localhost [[UNIX:
>> /var/lib/imap/socket/lmtp]], dsn=5.1.1, stat=User unknown
>
>
> I think why people are concentrating on the logging is that there
> should be lmtp entries in your logs to indicate what the issue is. Are
> there any lmtp entries in either /etc/maillog or /var/log/maillog ?
The only lmtp entries are the one shown above.
I do # cat /var/log/maillog | grep lmtp
Nov 30 12:59:48 dell2600-1 sendmail[9882]: wAUCxmBR009882:
to=, delay=00:00:00, xdelay=00:00:00,
mailer=cyrusv2, pri=31677, relay=localhost [[UNIX:
/var/lib/imap/socket/lmtp]], dsn=5.1.1, stat=User unknown
>
>
> Another option is to limit lmtpd to one process and strace it.
If I do:
[root@dell2600-1 brad]# ps -A | grep lmtp
10146 ? 00:00:00 lmtpd
[root@dell2600-1 brad]# strace -p 10146
Process 10146 attached
accept(4, 0, NULL) = 11
fcntl64(10, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 0
write(3, "\2\0\0\0\242'\0\0", 8) = 8
dup2(11, 0
Re: suddenly 'User unknown'?
Javier On 30/11/2018 11:49, Javier Angulo wrote: > On 11/29/18 8:00 PM, Charles Bradshaw via Info-cyrus wrote: >> Now you tell me is cyrus syslog being sent to /var/log/maillog? Or >> should it be going to /var/imapd.log as the configuration files, man >> pages and cyrus installation guides ( found here: >> https://www.cyrusimap.org/imap/installing.html ) say it should? > I believe there is no "syslog_facility:" option in cyrus 2.4 (at least I > was unable to find it). You can configure it in cyrus3 and maybe in > cyrus 2.5. I removed syslog_facility from imapd.conf > So in /etc/imapd.conf I would remove the syslog_facility line and set: > syslog_prefix: cyrus Has no effect: present or not, or changed to test. > And in /etc/rsyslog.conf: > mail.* -/var/log/maillog Has always been in my rsyslog.conf > > Restart rsyslog and check logs for cyrus/something ... # /etc/init.d/rsyslog restart # service sendmail restart Now when I connect (from another host) using Thunderbird Mail I see in /etc/maillog: Nov 30 13:01:02 dell2600-1 sendmail[9865]: NOQUEUE: stopping daemon, reason=signal Nov 30 13:01:02 dell2600-1 sendmail[9950]: starting daemon (8.14.4): SMTP+queueing@01:00:00 Nov 30 13:01:02 dell2600-1 sendmail[9950]: STARTTLS: CRLFile missing Nov 30 13:01:03 dell2600-1 sendmail[9950]: STARTTLS=server, Diffie-Hellman init, key=1024 bit (1) Nov 30 13:01:03 dell2600-1 sendmail[9950]: STARTTLS=server, init=1 Nov 30 13:01:03 dell2600-1 sendmail[9950]: started as: /usr/sbin/sendmail -bd -q1h Nov 30 13:01:03 dell2600-1 sm-msp-queue[9960]: starting daemon (8.14.4): queueing@01:00:00 Nov 30 13:01:26 dell2600-1 cyrus/imaps[8645]: USAGE b...@bradcan.homelinux.com user: 0.141978 sys: 0.087986 Nov 30 13:05:59 dell2600-1 cyrus/imaps[8743]: starttls: TLSv1.2 with cipher AES128-SHA (128/128 bits new) no authentication Nov 30 13:05:59 dell2600-1 cyrus/imaps[8743]: login: [192.168.0.6] b...@bradcan.homelinux.com CRAM-MD5+TLS User logged in SESSIONID= Nov 30 13:05:59 dell2600-1 cyrus/imaps[8743]: client id: "name" "Thunderbird" "version" "60.2.1" Hum.. cyrus/imaps sends logging to /etc/maillog I think it is absolutely clear: 1 - where cyrus syslog goes to is a red herring. It goes to, and has always gone to /var/maillog. It is simply that the prefix 'cyrus' only appears for cyrus imap transactions and other sendmail is labeled 'sendmail' 2 - imapd is working fine: allows brad.bradcan.homelinux.com to connect an email client. Also to move email from one mailbox to another. The proof is that since enabling telemetry logging /var/lib/imap/log/b...@bradcan.homelinux.com/ reflects imap transactions. 3 - A problem remains with LMTP. as is clearly evident from 'User unknown' appearing in maillog. My original question remains: How do I diagnose this when a test email is sent to b...@bradcan.homelinux.com : Nov 30 12:59:48 dell2600-1 sendmail[9882]: wAUCxmBS009882: to=b...@bradcan.homelinux.com, delay=00:00:00, xdelay=00:00:00, mailer=cyrusv2, pri=32701, relay=localhost [[UNIX: /var/lib/imap/socket/lmtp]], dsn=5.1.1, stat=User unknown Thanks for your patience. > > Cheers > > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: suddenly 'User unknown'?
Brian On 29/11/2018 19:34, Shaw, Brian wrote: > It looks like you may have some type of disk permissions issue. > > Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070: Losing > ./qfwATIapgq005070: savemail panic > Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070: SYSERR(root): > savemail: cannot save rejected email anywhere > > This may be the cause of your "user unknown" error. Either way, you > shouldn't have errors like this. Nice idea but not true. The above lines follow from 'User unknown' because /etc/aliases contains: postmaster: root root: b...@bradcan.homelinux.com So in event that b...@bradcan.homelinux.com is unknown then so is root and postmaster. Therefore: 'savemail: cannot save rejected email anywhere' is to be expected. > > Brian > > On 2018-11-29 2:00 pm, Charles Bradshaw via Info-cyrus wrote: >> Simon >> >> My original post contained a dump of /var/log/maillog, butwas asked by >> Dan "what does cyrus syslog say" so assumed there should be some more >> log messages somewhere. >> >> For the record I do: Clear /var/log/maillog then send a test email from >> the command line. Then /var/log/maillog contains: >> >> Nov 29 18:36:51 dell2600-1 sendmail[5067]: wATIapoE005067: from=brad, >> size=44, class=0, nrcpts=1, >> msgid=<201811291836.watiapoe005...@bradcan.homelinux.com>, >> relay=brad@localhost >> Nov 29 18:36:51 dell2600-1 sendmail[5068]: NOQUEUE: connect from >> localhost.localdomain [127.0.0.1] >> Nov 29 18:36:51 dell2600-1 sendmail[5068]: AUTH: available mech=CRAM-MD5 >> DIGEST-MD5, allowed mech=EXTERNAL DIGEST-MD5 CRAM-MD5 >> Nov 29 18:36:51 dell2600-1 sendmail[5068]: wATIapgq005068: Milter: no >> active filter >> Nov 29 18:36:51 dell2600-1 sendmail[5068]: STARTTLS=server, >> relay=localhost.localdomain [127.0.0.1], version=TLSv1/SSLv3, verify=NO, >> cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256 >> Nov 29 18:36:51 dell2600-1 sendmail[5068]: STARTTLS=server, >> cert-subject=, cert-issuer=, verifymsg=ok >> Nov 29 18:36:51 dell2600-1 sendmail[5068]: AUTH: available mech=CRAM-MD5 >> DIGEST-MD5, allowed mech=EXTERNAL DIGEST-MD5 CRAM-MD5 >> Nov 29 18:36:51 dell2600-1 sendmail[5067]: STARTTLS=client, >> relay=[127.0.0.1], version=TLSv1/SSLv3, verify=FAIL, >> cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256 >> Nov 29 18:36:51 dell2600-1 sendmail[5068]: ruleset=trust_auth, >> arg1=b...@bradcan.homelinux.com, relay=localhost.localdomain >> [127.0.0.1], reject=550 5.7.1 ... not >> authenticated >> Nov 29 18:36:51 dell2600-1 sendmail[5068]: wATIapgr005068: >> from=, size=358, class=0, nrcpts=1, >> msgid=<201811291836.watiapoe005...@bradcan.homelinux.com>, proto=ESMTP, >> daemon=MTA, relay=localhost.localdomain [127.0.0.1] >> Nov 29 18:36:51 dell2600-1 sendmail[5070]: AUTH=client, relay=localhost, >> mech=, bits=0 >> Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgr005068: >> to=, delay=00:00:00, xdelay=00:00:00, >> mailer=cyrusv2, pri=120358, relay=localhost, dsn=5.1.1, stat=User >> unknown >> Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgr005068: >> wATIapgq005070: DSN: User unknown >> Nov 29 18:36:51 dell2600-1 sendmail[5067]: wATIapoE005067: >> to=b...@bradcan.homelinux.com, ctladdr=brad (500/500), delay=00:00:00, >> xdelay=00:00:00, mailer=relay, pri=30044, relay=[127.0.0.1] [127.0.0.1], >> dsn=2.0.0, stat=Sent (wATIapgr005068 Message accepted for delivery) >> Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070: >> to=, delay=00:00:00, xdelay=00:00:00, >> mailer=cyrusv2, pri=31677, relay=localhost [[UNIX: >> /var/lib/imap/socket/lmtp]], dsn=5.1.1, stat=User unknown >> >> NOTE: The following is to be expected because both root and postmaster >> are aliased to b...@bradcan.homelinux.com >> >> Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070: alias >> MAILER-DAEMON => postmaster >> Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070: alias >> postmaster => root >> Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070: alias root => >> b...@bradcan.homelinux.com >> Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070: alias >> postmaster => root >> Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070: alias root => >> b...@bradcan.homelinux.com >> Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070: >> wATIapgr005070: return to sender: User unknown >> Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgr005070: >> to=b...@bradcan.homelinux.com, delay=00:00:00, xdelay=00:00:00, >> mailer=cyrusv2, pri=32701, r
suddenly 'User unknown'?
On 29/11/2018 15:32, Dan White wrote: > Do you otherwise see log entries for an imap connection? Where would I find these? Other than in /etc/imapd.log > > Is there a permissions problem on the lmtpunix mux > (/var/lib/imap/socket/lmtp)? Your syslog entry seems to indicate it is > communicating with cyrus, but perhaps I'm misreading it. # ls -lA /var/lib/imap/socket/lmtp srwxrwxrwx. 1 root root 0 Nov 29 14:38 /var/lib/imap/socket/lmtp > > Look up telemetry logging, and lmtptest for other ways to verify your > cyrus > config. You may need to temporarily enable lmtp on a TCP port to test. I did: [root@dell2600-1 brad]# ls -l /var/lib/imap/log total 0 [root@dell2600-1 brad]# mkdir /var/lib/imap/log/b...@bradcan.homelinux.com [root@dell2600-1 brad]# chown cyrus /var/lib/imap/log/b...@bradcan.homelinux.com [root@dell2600-1 brad]# ls -l /var/lib/imap/log/ total 4 drwxr-xr-x. 2 cyrus root 4096 Nov 29 16:51 b...@bradcan.homelinux.com then re-connect from another client on the network using Thunderbird Mail. I then see: [root@dell2600-1 brad]# ls -l /var/lib/imap/log/b...@bradcan.homelinux.com total 52 -rw---. 1 cyrus mail 25990 Nov 29 16:59 imaps-4288 -rw---. 1 cyrus mail 21539 Nov 29 17:07 imaps-4646 I think that's as expected? I looked at # man lmtptest, but I don't begin to understand! Not surprising since lmtptest seems to be a debugging tool for developers, which I definitely ain't :-( Perhaps you would be kind enough to post the specific lmtptest command I should use and the expected result. > > On 11/29/18 15:25 +, Charles Bradshaw wrote: >> I have, and have always had, an empty /var/log/imapd.log so I'm not >> going to make progress until I fix that. >> >> In n /etc/rsyslog.conf >> >> # cyrus imapd >> #local6.* /var/log/imapd.log - tried this >> first. >> local6.debug /var/log/imapd.log >> auth.debug /var/log/auth.log >> >> and in /etc/imapd.conf >> >> syslog_prefix: cyrus >> syslog_facility: LOCAL6 >> >> If I remove the file /etc/imapd.log then >> >> # /etc/init.d/rsyslog restart >> >> # logger local6.debug 'test log message' >> >> # cat /var/log/imapd.log >> >> Nov 29 15:06:42 dell2600-1 brad: test log message >> >> Obviously syslog is working local6. But still no messages from cyrus! >> Therefor I'm now stuck with this secondary problem. >> >> I have followed the cyrus instructions as best I can, but no go. I say >> again this has all worked for years, albeit with an always empty >> imapd.log >> >> There must be some missing cyrus syslog configuration. > >> On 29/11/2018 14:39, Dan White wrote: >>> On 11/29/18 00:46 +, Charles Bradshaw wrote: >>>>>> Nov 27 15:18:36 dell2600-1 sendmail[4801]: wARFIavg004801: >>>>>> to=, delay=00:00:00, xdelay=00:00:00, >>>>>> mailer=cyrusv2, pri=31677, relay=localhost [[UNIX: >>>>>> /var/lib/imap/socket/lmtp]], dsn=5.1.1, stat=User unknown Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: suddenly 'User unknown'?
Simon My original post contained a dump of /var/log/maillog, butwas asked by Dan "what does cyrus syslog say" so assumed there should be some more log messages somewhere. For the record I do: Clear /var/log/maillog then send a test email from the command line. Then /var/log/maillog contains: Nov 29 18:36:51 dell2600-1 sendmail[5067]: wATIapoE005067: from=brad, size=44, class=0, nrcpts=1, msgid=<201811291836.watiapoe005...@bradcan.homelinux.com>, relay=brad@localhost Nov 29 18:36:51 dell2600-1 sendmail[5068]: NOQUEUE: connect from localhost.localdomain [127.0.0.1] Nov 29 18:36:51 dell2600-1 sendmail[5068]: AUTH: available mech=CRAM-MD5 DIGEST-MD5, allowed mech=EXTERNAL DIGEST-MD5 CRAM-MD5 Nov 29 18:36:51 dell2600-1 sendmail[5068]: wATIapgq005068: Milter: no active filter Nov 29 18:36:51 dell2600-1 sendmail[5068]: STARTTLS=server, relay=localhost.localdomain [127.0.0.1], version=TLSv1/SSLv3, verify=NO, cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256 Nov 29 18:36:51 dell2600-1 sendmail[5068]: STARTTLS=server, cert-subject=, cert-issuer=, verifymsg=ok Nov 29 18:36:51 dell2600-1 sendmail[5068]: AUTH: available mech=CRAM-MD5 DIGEST-MD5, allowed mech=EXTERNAL DIGEST-MD5 CRAM-MD5 Nov 29 18:36:51 dell2600-1 sendmail[5067]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256 Nov 29 18:36:51 dell2600-1 sendmail[5068]: ruleset=trust_auth, arg1=b...@bradcan.homelinux.com, relay=localhost.localdomain [127.0.0.1], reject=550 5.7.1 ... not authenticated Nov 29 18:36:51 dell2600-1 sendmail[5068]: wATIapgr005068: from=, size=358, class=0, nrcpts=1, msgid=<201811291836.watiapoe005...@bradcan.homelinux.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1] Nov 29 18:36:51 dell2600-1 sendmail[5070]: AUTH=client, relay=localhost, mech=, bits=0 Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgr005068: to=, delay=00:00:00, xdelay=00:00:00, mailer=cyrusv2, pri=120358, relay=localhost, dsn=5.1.1, stat=User unknown Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgr005068: wATIapgq005070: DSN: User unknown Nov 29 18:36:51 dell2600-1 sendmail[5067]: wATIapoE005067: to=b...@bradcan.homelinux.com, ctladdr=brad (500/500), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30044, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (wATIapgr005068 Message accepted for delivery) Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070: to=, delay=00:00:00, xdelay=00:00:00, mailer=cyrusv2, pri=31677, relay=localhost [[UNIX: /var/lib/imap/socket/lmtp]], dsn=5.1.1, stat=User unknown NOTE: The following is to be expected because both root and postmaster are aliased to b...@bradcan.homelinux.com Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070: alias MAILER-DAEMON => postmaster Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070: alias postmaster => root Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070: alias root => b...@bradcan.homelinux.com Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070: alias postmaster => root Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070: alias root => b...@bradcan.homelinux.com Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070: wATIapgr005070: return to sender: User unknown Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgr005070: to=b...@bradcan.homelinux.com, delay=00:00:00, xdelay=00:00:00, mailer=cyrusv2, pri=32701, relay=localhost [[UNIX: /var/lib/imap/socket/lmtp]], dsn=5.1.1, stat=User unknown Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgr005070: alias MAILER-DAEMON => postmaster Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgr005070: alias postmaster => root Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgr005070: alias root => b...@bradcan.homelinux.com Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgr005070: done; delay=00:00:00, ntries=1 Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070: Losing ./qfwATIapgq005070: savemail panic Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070: SYSERR(root): savemail: cannot save rejected email anywhere Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070: done; delay=00:00:00, ntries=1 Nov 29 18:36:52 dell2600-1 sendmail[5070]: wATIapgr005068: done; delay=00:00:01, ntries=1 That's the entire content. Now you tell me is cyrus syslog being sent to /var/log/maillog? Or should it be going to /var/imapd.log as the configuration files, man pages and cyrus installation guides ( found here: https://www.cyrusimap.org/imap/installing.html ) say it should? I originally asked for an explanation of the mechanism (IE. sequence of events) lmtp uses to decide stat = 'User unknown" or not. But I seem to be getting deeper and deeper into where the logs are going rather than understanding the process. On 29/11/2018 17:55, Simon Matter wrote: >> Dan >> >> I have, and have always had, an empty /var/log/imapd.log so I'm not >> going to make progress until I fix that. >> >> In n /etc/rsyslog.conf >> >> # cyrus imapd >>
Re: suddenly 'User unknown'?
Dan I have, and have always had, an empty /var/log/imapd.log so I'm not going to make progress until I fix that. In n /etc/rsyslog.conf # cyrus imapd #local6.* /var/log/imapd.log - tried this first. local6.debug /var/log/imapd.log auth.debug /var/log/auth.log and in /etc/imapd.conf syslog_prefix: cyrus syslog_facility: LOCAL6 If I remove the file /etc/imapd.log then # /etc/init.d/rsyslog restart # logger local6.debug 'test log message' # cat /var/log/imapd.log Nov 29 15:06:42 dell2600-1 brad: test log message Obviously syslog is working local6. But still no messages from cyrus! Therefor I'm now stuck with this secondary problem. I have followed the cyrus instructions as best I can, but no go. I say again this has all worked for years, albeit with an always empty imapd.log There must be some missing cyrus syslog configuration. On 29/11/2018 14:39, Dan White wrote: > On 11/29/18 00:46 +0000, Charles Bradshaw wrote: >> >> lm user/b...@bradcan.homelinux.com >> user/b...@bradcan.homelinux.com (\HasChildren) >> >> and the directory >> /var/spool/imap/domain/b/bradcan.homelinux.com/b/user/brad exists and is >> intact. > >> Perhaps I should change my rsyslog configuration. >> https://cyrusimap.org/imap/installing.html has some alternative >> instructions. >> >> Will the following be more helpful? >> >> |local6.* /var/log/imapd.log| >> >> |auth.debug /var/log/auth.log| > > Yes that should hopefully get you something useful from Cyrus to work > with. > Some OS packages, like Debian, modifiy the syslog facility, so you may > need > to consult your system documentation if that doesn't give appropriate > output. > >> On 28/11/2018 16:12, Dan White wrote: >>> On 11/28/18 15:21 +, Charles Bradshaw via Info-cyrus wrote: >>>> My tests while logged in to the server as brad: >>>> >>>> Nov 27 15:18:36 dell2600-1 sendmail[4801]: wARFIavg004801: >>>> to=, delay=00:00:00, xdelay=00:00:00, >>>> mailer=cyrusv2, pri=31677, relay=localhost [[UNIX: >>>> /var/lib/imap/socket/lmtp]], dsn=5.1.1, stat=User unknown >>> >>> What do your cyrus syslog entries say? >>> >>> Does the output of 'lm' look correct? >>> >>>> and /etc/imapd.conf >>>> [root@dell2600-1 brad]# cat /etc/imapd.conf >>>> configdirectory: /var/lib/imap >>>> partition-default: /var/spool/imap >>>> admins: cyrus >>>> sievedir: /var/lib/imap/sieve >>>> sendmail: /usr/sbin/sendmail >>>> hashimapspool: true >>>> sasl_pwcheck_method: auxprop >>>> # >>>> sasl_auxprop_plugin:sql >>>> # >>>> allowplaintext: no >>>> unixhierarchysep: yes >>>> virtdomains: userid Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: suddenly 'User unknown'?
Hi Dan, thanks for the prompt reply. Not sure if I should reply to the list or direct to you. lm user/b...@bradcan.homelinux.com user/b...@bradcan.homelinux.com (\HasChildren) and the directory /var/spool/imap/domain/b/bradcan.homelinux.com/b/user/brad exists and is intact. Sorry I don't I'm not sure about cyrus syslog configuration: I have this in rsyslog.conf: # cyrus imapd auth.* /var/log/auth.log So I assume auth.log has the log entries you ask for. Here it is: Nov 25 11:40:07 dell2600-1 sendmail[4274]: sql auxprop plugin using mysql engine Nov 25 11:42:23 dell2600-1 sendmail[4296]: sql freeing memory Nov 25 11:43:17 dell2600-1 sendmail[4340]: sql auxprop plugin using mysql engine Nov 25 11:49:28 dell2600-1 sendmail[4372]: sql freeing memory Nov 25 11:58:25 dell2600-1 sendmail[3760]: sql auxprop plugin using mysql engine Nov 25 11:58:36 dell2600-1 sendmail[4073]: sql freeing memory Nov 25 12:00:31 dell2600-1 sendmail[4145]: sql freeing memory Nov 25 12:05:43 dell2600-1 sendmail[4200]: sql freeing memory Nov 25 12:10:54 dell2600-1 sendmail[4250]: sql freeing memory Nov 25 14:33:32 dell2600-1 seahorse-daemon[4850]: DNS-SD initialization failed: Daemon not running Nov 25 14:33:32 dell2600-1 seahorse-daemon[4850]: init gpgme version 1.1.8 Nov 25 14:45:04 dell2600-1 gnome-keyring-daemon[4848]: dbus failure unregistering from session: Connection is closed Nov 26 11:39:21 dell2600-1 seahorse-daemon[10052]: DNS-SD initialization failed: Daemon not running Nov 26 11:39:21 dell2600-1 seahorse-daemon[10052]: init gpgme version 1.1.8 Nov 26 13:23:09 dell2600-1 sendmail[10809]: sql auxprop plugin using mysql engine Nov 26 13:31:51 dell2600-1 gnome-keyring-daemon[10049]: GVFS-RemoteVolumeMonitor: Owner :1.31 of volume monitor org.gtk.Private.GduVolumeMonitor disconnected from the bus; removing drives/volumes/mounts Nov 26 13:34:27 dell2600-1 sendmail[3741]: sql auxprop plugin using mysql engine Nov 26 13:34:40 dell2600-1 sendmail[4049]: sql freeing memory Nov 26 15:12:20 dell2600-1 sendmail[4601]: sql auxprop plugin using mysql engine Nov 27 12:18:06 dell2600-1 sendmail[4602]: sql auxprop plugin using mysql engine Nov 27 13:12:15 dell2600-1 sendmail[3750]: sql auxprop plugin using mysql engine Nov 27 13:12:22 dell2600-1 sendmail[3837]: sql freeing memory Nov 27 13:12:30 dell2600-1 sendmail[3986]: sql freeing memory Nov 27 13:32:41 dell2600-1 sendmail[4240]: sql freeing memory Nov 27 13:47:29 dell2600-1 sendmail[4292]: sql freeing memory Nov 27 13:50:19 dell2600-1 sendmail[4307]: sql freeing memory Nov 27 13:51:06 dell2600-1 sendmail[4315]: sql freeing memory Nov 27 15:50:03 dell2600-1 sendmail[4971]: sql freeing memory Nov 27 18:28:08 dell2600-1 sendmail[5493]: sql freeing memory Nov 27 22:55:05 dell2600-1 sendmail[6234]: sql freeing memory Nov 27 22:58:00 dell2600-1 sendmail[6244]: sql freeing memory Nov 27 23:34:53 dell2600-1 sendmail[6352]: sql freeing memory Nov 28 00:01:47 dell2600-1 sendmail[6446]: sql freeing memory Nov 28 01:05:00 dell2600-1 sendmail[6612]: sql freeing memory Nov 28 03:09:05 dell2600-1 sendmail[6943]: sql freeing memory Nov 28 13:10:49 dell2600-1 perl: DIGEST-MD5 client step 2 Nov 28 13:12:44 dell2600-1 perl: DIGEST-MD5 client step 3 Nov 28 14:45:18 dell2600-1 perl: DIGEST-MD5 client step 2 Nov 28 14:45:48 dell2600-1 perl: DIGEST-MD5 client step 3 Nov 28 15:03:30 dell2600-1 perl: DIGEST-MD5 client step 2 Nov 28 15:03:58 dell2600-1 perl: DIGEST-MD5 client step 3 Nov 28 15:16:15 dell2600-1 sendmail[9878]: sql freeing memory Nov 28 23:38:15 dell2600-1 perl: DIGEST-MD5 client step 2 Nov 28 23:38:35 dell2600-1 perl: DIGEST-MD5 client step 3 Perhaps I should change my rsyslog configuration. https://cyrusimap.org/imap/installing.html has some alternative instructions. Will the following be more helpful? |local6.* /var/log/imapd.log| |auth.debug /var/log/auth.log| On 28/11/2018 16:12, Dan White wrote: > On 11/28/18 15:21 +0000, Charles Bradshaw via Info-cyrus wrote: >> My tests while logged in to the server as brad: >> >> [root@dell2600-1 brad]# cat /var/log/maillog >> Nov 27 15:18:35 dell2600-1 sendmail[4798]: wARFIZXZ004798: from=brad, >> size=44, class=0, nrcpts=1, >> msgid=<201811271518.warfizxz004...@bradcan.homelinux.com>, >> relay=brad@localhost >> Nov 27 15:18:35 dell2600-1 sendmail[4799]: wARFIZvh004799: >> from=, size=358, class=0, nrcpts=1, >> msgid=<201811271518.warfizxz004...@bradcan.homelinux.com>, >> proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1] >> Nov 27 15:18:36 dell2600-1 sendmail[4798]: wARFIZXZ004798: >> to=b...@bradcan.homelinux.com, ctladdr=brad (500/500), >> delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30044, >> relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (wARFIZvh004799 >> Message accepted for delivery) >> >> Nov 27 15:18:36 dell2600-1
suddenly 'User unknown'?
I have been running cyrus imap successfully for some years. Suddenly the
server is throwing 'User unknown' in the maillog.
I can login using using Thunderbird Mail OK, but NOTHING is being delivered to
any user, pecifically to me b...@bradcan.homelinux.com
I am at a complete loss to understand what has gone wrong.
How do I diagnose the problem?
What in detail is mechanism that decides that a user is known/unknown?
I have included what I think are the relevant messages and parts of my
configuration files (sendmail.mc cyrus.conf) files (sorry about the length)
My tests while logged in to the server as brad:
[brad@dell2600-1 ~]$ hostname
dell2600-1.bradcan.homelinux.com
[brad@dell2600-1 ~]$ sendmail b...@bradcan.homelinux.com < email.txt
< THIS FAILS see below
As root maillog content following the above:
[root@dell2600-1 brad]# cat /var/log/maillog
Nov 27 15:18:35 dell2600-1 sendmail[4798]: wARFIZXZ004798: from=brad,
size=44, class=0, nrcpts=1,
msgid=<201811271518.warfizxz004...@bradcan.homelinux.com>,
relay=brad@localhost
Nov 27 15:18:35 dell2600-1 sendmail[4799]: NOQUEUE: connect from
localhost.localdomain [127.0.0.1]
Nov 27 15:18:35 dell2600-1 sendmail[4799]: AUTH: available mech=CRAM-MD5
DIGEST-MD5, allowed mech=EXTERNAL DIGEST-MD5 CRAM-MD5
Nov 27 15:18:35 dell2600-1 sendmail[4799]: wARFIZvg004799: Milter: no active
filter
Nov 27 15:18:35 dell2600-1 sendmail[4799]: STARTTLS=server,
relay=localhost.localdomain [127.0.0.1], version=TLSv1/SSLv3, verify=NO,
cipher=DHE RSA-AES256-GCM-SHA384, bits=256/256
Nov 27 15:18:35 dell2600-1 sendmail[4799]: STARTTLS=server, cert-subject=,
cert-issuer=, verifymsg=ok
Nov 27 15:18:35 dell2600-1 sendmail[4798]: STARTTLS=client, relay=[127.0.0.1],
version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256
Nov 27 15:18:35 dell2600-1 sendmail[4799]: AUTH: available mech=CRAM-MD5
DIGEST-MD5, allowed mech=EXTERNAL DIGEST-MD5 CRAM-MD5
Nov 27 15:18:35 dell2600-1 sendmail[4799]: ruleset=trust_auth,
arg1=b...@bradcan.homelinux.com, relay=localhost.localdomain [127.0.0.1],
reject=550 5.7.1 ... not authenticated
Nov 27 15:18:35 dell2600-1 sendmail[4799]: wARFIZvh004799:
from=, size=358, class=0, nrcpts=1,
msgid=<201811271518.warfizxz004...@bradcan.homelinux.com>, proto=ESMTP,
daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Nov 27 15:18:36 dell2600-1 sendmail[4798]: wARFIZXZ004798:
to=b...@bradcan.homelinux.com, ctladdr=brad (500/500), delay=00:00:01,
xdelay=00:00:01, mailer=relay, pri=30044, relay=[127.0.0.1] [127.0.0.1],
dsn=2.0.0, stat=Sent (wARFIZvh004799 Message accepted for delivery)
Nov 27 15:18:36 dell2600-1 sendmail[4801]: AUTH=client, relay=localhost, mech=,
bits=0
Nov 27 15:18:36 dell2600-1 sendmail[4801]: wARFIZvh004799:
to=, delay=00:00:01, xdelay=00:00:00,
mailer=cyrusv2, pri=120358, relay=localhost, dsn=5.1.1, stat=User unknown
Nov 27 15:18:36 dell2600-1 sendmail[4801]: wARFIZvh004799: wARFIavg004801: DSN:
User unknown
Nov 27 15:18:36 dell2600-1 sendmail[4801]: wARFIavg004801:
to=, delay=00:00:00, xdelay=00:00:00,
mailer=cyrusv2, pri=31677, relay=localhost [[UNIX: /var/lib/imap/socket/lmtp]],
dsn=5.1.1, stat=User unknown
~ o ~
What cyradmin says:
localhost.localdomain> ver
name : Cyrus IMAPD
version: v2.4.17-Invoca-RPM-2.4.17-7.el6 d1df8aff 2012-12-01
vendor : Project Cyrus
support-url: http://www.cyrusimap.org
os : Linux
os-version : 2.6.32-754.6.3.el6.i686
environment: Built w/Cyrus SASL 2.1.23
Running w/Cyrus SASL 2.1.23
Built w/OpenSSL 1.0.1e-fips 11 Feb 2013
Running w/OpenSSL 1.0.1e-fips 11 Feb 2013
Built w/zlib 1.2.3
Running w/zlib 1.2.3
CMU Sieve 2.4
mmap = shared
lock = fcntl
nonblock = fcntl
idle = idled
localhost.localdomain> info user/b...@bradcan.homelinux.com
{user/b...@bradcan.homelinux.com}:
duplicatedeliver: false
lastpop: 24-Oct-2013 21:04:43 +0100
lastupdate: 27-Nov-2018 04:00:00 +
partition: default
pop3newuidl: true
sharedseen: false
size: 8489796
~ o ~
Part of /etc/mail/sendmail.mc
...
MASQUERADE_DOMAIN(bradcan.homelinux.com)
MASQUERADE_DOMAIN(localhost)dnl
MASQUERADE_DOMAIN(localhost.localdomain)dnl
MAILER(smtp)dnl
MAILER(cyrusv2)dnl
MAILER_DEFINITIONS
Mcyrusv2, P=[IPC], F=_MODMF_(CONCAT(_DEF_CYRUSV2_MAILER_FLAGS,
CYRUSV2_MAILER_FLAGS), `CYRUSV2'),
S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMT, E=\r\n,
_OPTINS(`CYRUSV2_MAILER_MAXMSGS', `m=', `,
')_OPTINS(`CYRUSV2_MAILER_MAXRCPTS', `r=', `,
')_OPTINS(`CYRUSV2_MAILER_CHARSET', `C=', `,
')T=DNS/RFC822/SMTP,_CYRUSV2_QGRP
A=CYRUSV2_MAILER_ARGS
/etc/cyrus.conf:
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd="ctl_cyrusdb -r"
# this is only necessary if
Complete mailbox delete?
Hello info-cyrus, I'm sure this question has been asked before, but I can find no definitive answer. I have used cyradm to delete some virtual domain mail boxes. cyradm lm now lists them as DELETED and my /var/spool/imap/domain/s/somedomain.com/u/DELETED/user/ now contains copies of the deleted mail boxes. Assuming that the old user has no use for the contents, is it safe to just delete these? Supposing that all of the somedomain.com users are now gone can I just remove .../somedomain.com and all its sub directories? TIA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyrus compile under Centos 6.5
Parrick Yes openssl-devel.i686 1.0.1e-16.el6_5.7 is installed. Brad On Tue, 2014-04-15 at 10:38 -0300, Patrick Boutilier wrote: On 04/15/2014 08:38 AM, Charles Bradshaw wrote: Thanks Andy, Here goes a source build. I downloaded cyrus-imapd-2.4.17 and cyrus-sasl-2.1.26 from ftp://ftp.cyrusimap.org config.log from: [brad@dell2600-1 cyrus-sasl-2.1.26]$ ./configure make fails with the following errors: [brad@dell2600-1 cyrus-sasl-2.1.26]$ make ... gcc -DHAVE_CONFIG_H -I. -I.. -I../include -I../lib -I../sasldb -I../include -DOBSOLETE_CRAM_ATTR=1 -Wall -W -g -O2 -MT digestmd5.lo -MD -MP -MF .deps/digestmd5.Tpo -c digestmd5.c -fPIC -DPIC -o digestmd5.lo digestmd5.c:859: error: expected specifier-qualifier-list before 'des_key_schedule' digestmd5.c: In function 'dec_3des': digestmd5.c:896: warning: implicit declaration of function 'des_ede2_cbc_encrypt' digestmd5.c:899: error: 'des_context_t' has no member named 'keysched' digestmd5.c:900: error: 'des_context_t' has no member named 'keysched2' digestmd5.c:901: error: 'des_context_t' has no member named 'ivec' digestmd5.c:902: error: 'DES_DECRYPT' undeclared (first use in this function) digestmd5.c:902: error: (Each undeclared identifier is reported only once digestmd5.c:902: error: for each function it appears in.) digestmd5.c: In function 'enc_3des': digestmd5.c:947: error: 'des_context_t' has no member named 'keysched' digestmd5.c:948: error: 'des_context_t' has no member named 'keysched2' digestmd5.c:949: error: 'des_context_t' has no member named 'ivec' digestmd5.c:950: error: 'DES_ENCRYPT' undeclared (first use in this function) digestmd5.c: In function 'init_3des': digestmd5.c:970: warning: implicit declaration of function 'des_key_sched' digestmd5.c:970: error: 'des_cblock' undeclared (first use in this function) digestmd5.c:970: error: expected expression before ')' token digestmd5.c:974: error: expected expression before ')' token digestmd5.c:976: error: 'des_context_t' has no member named 'ivec' digestmd5.c:983: error: expected expression before ')' token digestmd5.c:987: error: expected expression before ')' token digestmd5.c:990: error: 'des_context_t' has no member named 'ivec' digestmd5.c: In function 'dec_des': digestmd5.c:1014: warning: implicit declaration of function 'des_cbc_encrypt' digestmd5.c:1017: error: 'des_context_t' has no member named 'keysched' digestmd5.c:1018: error: 'des_context_t' has no member named 'ivec' digestmd5.c:1019: error: 'DES_DECRYPT' undeclared (first use in this function) digestmd5.c:1023: error: 'des_context_t' has no member named 'ivec' digestmd5.c: In function 'enc_des': digestmd5.c:1068: error: 'des_context_t' has no member named 'keysched' digestmd5.c:1069: error: 'des_context_t' has no member named 'ivec' digestmd5.c:1070: error: 'DES_ENCRYPT' undeclared (first use in this function) digestmd5.c:1074: error: 'des_context_t' has no member named 'ivec' digestmd5.c: In function 'init_des': digestmd5.c:1094: error: 'des_cblock' undeclared (first use in this function) digestmd5.c:1094: error: expected expression before ')' token digestmd5.c:1096: error: 'des_context_t' has no member named 'ivec' digestmd5.c:1103: error: expected expression before ')' token digestmd5.c:1105: error: 'des_context_t' has no member named 'ivec' digestmd5.c: In function 'digestmd5_server_mech_step': digestmd5.c:3051: warning: pointer targets in assignment differ in signedness make[2]: *** [digestmd5.lo] Error 1 make[2]: Leaving directory `/home/brad/Downloads/cyrus-sasl-2.1.26/plugins' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/brad/Downloads/cyrus-sasl-2.1.26' make: *** [all] Error 2 [brad@dell2600-1 cyrus-sasl-2.1.26]$ Is openssl-devel rpm installed? On Mon, 2014-04-14 at 14:07 -0700, Andrew Morgan wrote: snip ... I sure would try to get Cyrus v2.4.17 to compile. v2.3 is very old... We would be happy to help you compile v2.4.17 on CentOS 6.5. Alternatively, there are Source RPMs available at: http://www.invoca.ch/pub/packages/cyrus-imapd/ Andy Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Reconstruct a downgrade?
I'm trying to move my cyrus imap from Fedora 17 to Centos 6.5, unfortunately the package versions of cyrus-imapd appear to be a downgrade from version 2.4 to 2.3 I have copied /var/lib/imap and /var/spool/imap and the necessary /etc/.. conf files cyrus-imapd appears to run correctly and I can connect a client (Evolution). The clients mailboxes appear, but Evolution throws this error: IMAP command failed: Mailbox has an invalid format And /var/log/maillog has this messages: ... Apr 14 16:03:55 dell2600-1 imaps[3058]: fetching user_deny.db entry for 'x...@my.domain.com' Apr 14 16:04:10 dell2600-1 imaps[3058]: Future index version: my.domain.com!user.xxx (12 10) Apr 14 16:04:10 dell2600-1 imaps[3058]: fetching user_deny.db entry for 'x...@my.domain.com' After deleting cyrus.index, cyrus.header annd cyrus.cache from the user x...@my.domain.com inbox directory and a reconstruct -r user/x...@my.domain.com mail boxes and messages are restored successfully. But there are now thousands of, presumably, previously deleted messages and the 'seen', 'replied' etc flags are gone! Is there a way to reconstruct the necessary db files so that I don't loose the flags? I tried a build from source of a later version but failed with dozens of compiler errors! Thanks in advance, Charles Bradshaw Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Undestanding maillog?
Hello List
Sorry about the long post.
I am trying hard to get to understand my /var/log/maillog when
connecting to cyrus-imapd.
When I open Evolution and connect /var/log/maillog says:
Oct 24 21:52:33 dell2600 imaps[15186]: starttls: SSLv3 with cipher
DHE-RSA-CAMELLIA256-SHA (256/256 bits new) no authentication
Oct 24 21:52:33 dell2600 imaps[15186]: login: testbox.mydomain.com
[192.168.0.8] m...@mydomain.com DIGEST-MD5+TLS User logged in
SESSIONID=dell2600.bradcan.homelinux.com-15186-1382647953-1
What does the first log entry above no authentication mean? Imediatly
followed by User logged in!
TIA, Charles Bradshaw
~o~
I'm using Evolution for testing configured like this:
Receiving:
IMAP port 993
SSL encryption
DIGEST-MD5
Sending:
SMTP port 587
TLS encryption
DIGEST-MD5 authentication
~o~
/etc/imapd.conf contains:
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: auxprop
sasl_mech_list: PLAIN DIGEST-MD5 CRAM-MD5
#
sasl_auxprop_plugin:sql
sasl_sql_engine:mysql
sasl_sql_hostnames:127.0.0.1:3306
sasl_sql_user:mail
sasl_sql_passwd:qy19pbV63
sasl_sql_database:mail
sasl_sql_select:SELECT pwd('%u','%r');
#
allowplaintext: no
unixhierarchysep: yes
virtdomains: userid
#
tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
tls_cipher_list: TLSv1:SSLv3:!NULL:!EXPORT:!DES:!LOW:@STRENGTH
~o~
/etc/cyrus.conf Contains:
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd=ctl_cyrusdb -r
# this is only necessary if using idled for IMAP IDLE
idled cmd=idled
}
# UNIX sockets start with a slash and are put into /var/lib/imap/sockets
SERVICES {
# add or remove based on preferences
imap cmd=imapd listen=imap prefork=5
imaps cmd=imapd -s listen=imaps prefork=1
pop3 cmd=pop3d listen=pop3 prefork=3
pop3s cmd=pop3d -s listen=pop3s prefork=1
sieve cmd=timsieved listen=sieve prefork=0
# these are only necessary if receiving/exporting usenet via NNTP
# nntp cmd=nntpd listen=nntp prefork=3
# nntpscmd=nntpd -s listen=nntps prefork=1
# at least one LMTP is required for delivery
# lmtp cmd=lmtpd listen=lmtp prefork=0
lmtpunix cmd=lmtpd listen=/var/lib/imap/socket/lmtp prefork=1
# this is only necessary if using notifications
# notify cmd=notifyd listen=/var/lib/imap/socket/notify proto=udp
prefork=1
}
EVENTS {
# this is required
checkpointcmd=ctl_cyrusdb -c period=30
# this is only necessary if using duplicate delivery suppression,
# Sieve or NNTP
delprune cmd=cyr_expire -E 3 at=0400
# this is only necessary if caching TLS sessions
tlsprune cmd=tls_prune at=0400
}
~o~
/etc/services contains:
imap 143/tcp
imaps 993/tcp
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Failed authentication logging
I'm seeing a huge increase in the number of brute force attempts to
authenticate my mail server. Mostly the attempts are directed at SMTP,
and because I'm using the sql plugin the failed attempts result in a
auth.log entry like this:
Apr 19 23:10:42 mail sendmail[17780]: sql plugin doing query SELECT
pwd('ana','mail.example.com');;
Apr 19 23:10:42 dell2600 sendmail[17780]: sql plugin: no result found
and a maillog entry like this:
Apr 19 23:10:42 dell2600 sendmail[17770]: r3JMAfHF017770: nrhz.de
[85.214.92.29] did not issue MAIL/EXPN/VRFY/ETRN during connection to
MTA
The problem is that the auth.log does not record the IP address of the
offender, and while the maillog does the 'did not issue' string might be
legitimate.
I'm proposing to use fail2ban on the maillog, but it would be much
cleaner to monitor auth.log.
Is there any way to get the offending IP address into auth.log?
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: How Do i get last lgin date for all my users
Attached is a little perl script which parses /var/log/maillog and lists the last time users logged in. It can be easily adapted to do an in depth scan any/all log file. On Thu, 2013-04-11 at 10:15 +0200, Marc Patermann wrote: Dale J Chatham schrieb (10.04.2013 21:49 Uhr): Assuming Linux?UNIX, log onto the machine, run the command: last This does only work, if IMAP users are system users - which most of the time is not the case. Perl is your friend. Pass your imap log for User logged in. Extract username and timestamp. Update the users entry in your data store with the timestamp. Maybe your syslog daemon can do something like that for you. Marc Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus last-login.pl Description: Perl program Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: How Do i get last lgin date for all my users
Humm.. definitely it's a hack, but hay it works. Slow because every line of the log must be examined and there could be many thousands. Why would anybody care if it's slow? It's only unreliable in the context of different log formats, so modify it to your requirements. ;-) It doesn't necessarily follow that the server 'knows', it's possible that it's just your mail client keeping track. On Sat, 2013-04-13 at 09:26 -0400, Adam Tauno Williams wrote: On Sat, 2013-04-13 at 12:56 +0100, Charles Bradshaw wrote: Attached is a little perl script which parses /var/log/maillog and lists the last time users logged in. This seems very unreliable, slow, and hacky. When I login to my e-mail the system typically tells me the last time I logged in [at least to that app]. Doesn't the meta-data in the IMAP server 'know' this information? The underlying authentication system [PAM via lastlog, etc...] might also have this information. If your authentication system is LDAP then the DSA might know this as well. Assuming Linux?UNIX, log onto the machine, run the command: last This does only work, if IMAP users are system users - which most of the time is not the case. Yep. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: MD5 Passwords in MySql?
Further to our previous discussion on the possibility of storing hashed passwords in the imap authentication database. I draw your attention to: http://www.ietf.org/rfc/rfc2195.txt, which abstract clearly states; This specification provides a simple challenge-response authentication protocol that is suitable for use with IMAP4. Since it utilizes Keyed-MD5 digests and does not require that the secret be stored in the clear on the server. While I don't fully understand the cryptography details of the proposal it is clear that the requirement to avoid storing clear text passwords while retaining the security advantages of challenge-response is possible. Is there the possibility to implement this? Charles Bradshaw On Tue, 2013-03-26 at 08:00 -0400, Adam Tauno Williams wrote: On Tue, 2013-03-26 at 10:17 +, Charles Bradshaw wrote: Thanks Guys I think it's finally sunk in. DIGEST-MD5 and CRAM-MD5 are mutually exclusive with hashed passwords. D'oh! I think I even posted that fact in answer to a previous thread. No problem, it happens to us all. Yesterday I posted two messages to lists relating to issues that as soon as I posted them I found the answers right there in the documentation. Right there! I swear I had already looked twice. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: How Do i get last lgin date for all my users
Your maillog contains the info you require. As root on a linux install try: # cat /var/log/maillog | grep login Which should give you a list of all login details up to the last date stamp on maillog (or whatever your log file is named). Your syslog is your friend. Brad On Thu, 2013-04-11 at 10:15 +0200, Marc Patermann wrote: Dale J Chatham schrieb (10.04.2013 21:49 Uhr): Assuming Linux?UNIX, log onto the machine, run the command: last This does only work, if IMAP users are system users - which most of the time is not the case. Perl is your friend. Pass your imap log for User logged in. Extract username and timestamp. Update the users entry in your data store with the timestamp. Maybe your syslog daemon can do something like that for you. Marc Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: MD5 Passwords in MySql?
Thanks Guys I think it's finally sunk in. DIGEST-MD5 and CRAM-MD5 are mutually exclusive with hashed passwords. D'oh! I think I even posted that fact in answer to a previous thread. On Mon, 2013-03-25 at 21:09 -0400, Adam Tauno Williams wrote: On Mon, 2013-03-25 at 17:03 -0500, Scott Lambert wrote: On Mon, Mar 25, 2013 at 09:32:16PM +, Charles Bradshaw wrote: Andy Thanks for the link. If you read on you will see that while PAM allows storage of encrypted passwords in mysql, DIGEST-MD5 and CRAM-MD5 can then NOT be used. That's definitely as step in the wrong direction. I'm coming to the conclusion that I need understand the code well enough to add something to cyrus, but sadly I'm just too old to grok the tangle of C. Basically, Digest-MD5 and CRAM-MD5 avoid passing the cleartext password across the wire by hashing something with the cleartext password. These authentication methods require that the cleartext password be known (or at least recoverable) by the server and the client. Yep, which was pointed out originally. If the cred store is encrypted it needs to be a two-way crypt [can be decrypted]. So you basically have a crypted filesystem store anyway. Therefore, the server cannot be using a non-reversible hash of the password for its password store. You can store cleartext passwords in your password database and avoid passing passwords in cleartext across the wire. OR You can store hashed passwords in your password database and pass cleartext passwords over the wire, hopefully inside an SSL/TLS connection. +1 If you use crypted MD5 hashed passords in your database, you will have to disable Digest-MD5 and CRAM-MD5 in your SASL auth mechanisms. My system is not running in that configuration so I am not certain that you can tell saslauthd to use a mysql database for encrypted password storage. I use saslauthd to a PostgreSQL database that stores crypted passwords - but it can only do PLAIN/LOGIN in that configuration, none of the newer mechs that all the cool kids are using. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: MD5 Passwords in MySql?
Daniel Yes I understand and accept the weakness of MD5. In the world of exponentially increasing processing power there will always be weakness, of ANY scheme. The question is not however about the efficacy of encryption methods! It's about how to achieve password hashing in a mysql database. I have indicated how to use AES. Its' strength however is compromised by the necessity of revealing the key in many places. I would be most great-full, if anybody KNOWS: Is there a way to store MD5 hashed passwords when using the mysql plugin? Security through obscurity is always a bad principle. On Mon, 2013-03-25 at 08:59 +1030, Daniel O'Connor wrote: On 25/03/2013, at 7:33, Charles Bradshaw b...@bradcan.homelinux.com wrote: That seems very wrong to me. It might be a kludge, but it's not wrong. It avoids storing plain text passwords, which are always a risk. The purpose of MD5 digest is to make passwords truly private to the user. Not even root knows users passwords when stored in shadow(MD5). The only risk to shadow passwords is a brute force attack which is relatively easy to detect and foil. FYI a single round of MD5 is considered quite weak these days. The whole point of hashing a password is to make it difficult to find a password if the password DB is leaked. MD5 is no longer sufficient for this (even with salt). A modern GPU can brute force billions of passwords per second and humans suck at generating them. -- Daniel O'Connor software and network engineer Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: MD5 Passwords in MySql?
Adam The end goal was simply stated previously: 'To store MD5 hashed passwords in a mysql database'. My reasons for wanting to do so are complex and NOT the subject of the thread. Had I been seeking general advice about possibilities I might have asked: Is it advisable to do such and such? Or maybe, what do you advise as a method of increasing security of the password file? We could debate the pros and cons or various security stratagems for ever! I suggest that this is not the place to do so. For starters the internet is becoming swamped with: Well why don't you use Dovecot and Postfix, they're much simpler to configure? or Why don't you use XYZ because I find it blah balh blah? In my view, understanding network security, with a view to making educated decisions, is better accomplished by studying the some of the many excellent books on the subject, and vigilance of the emergent cracking techniques. Sadly mailing list are becoming increasingly useless because of the phenomenon of answering questions with, oft, irrelevant questions! It is gratifying, but wholly pointless, that somebody says; I have no clue. It seems entirely reasonable to me to MD5 the raw passwords because it provides a simple extra layer of defence against a penetrated password file. Yes, a further layer might be to encrypt the entire disk, but at what cost? Who knows, I might be running my database on a 486 with slow old IDE disk drives! No, I don't, but you will take the point. Since it is clear that nobody knows how to do the MD5 thing out of the box, or perhaps it's impossible? Maybe I'll resort to reading the code with a view to doing my own mod. Hum.. probably not though, the code is evil! On Mon, 2013-03-25 at 07:50 -0400, Adam Tauno Williams wrote: On Mon, 2013-03-25 at 11:40 +, Charles Bradshaw wrote: Yes I understand and accept the weakness of MD5. In the world of exponentially increasing processing power there will always be weakness, of ANY scheme. The question is not however about the efficacy of encryption methods! It's about how to achieve password hashing in a mysql database. I have indicated how to use AES. Its' strength however is compromised by the necessity of revealing the key in many places. I would be most great-full, if anybody KNOWS: Is there a way to store MD5 hashed passwords when using the mysql plugin? I have no clue. BUT I still wonder what the end-goal is. If you are actually worried about theft of the underlying database then it would seem volume encryption is the correct answer - encrypt the entire database, on disk. That isn't hard and doesn't require modification of any software. Anyway, storing essentially clear-text credentials in the authorization database (be it a KDC, an LDAP server, an Active Directory server, etc...) is normal, accepted, and common. Most worthwhile authorization schemes require an 'effectively' clear-text secret on both ends. Guard the credential database and ensure communication channels are secure [encrypted]. Make /etc/passwd useless is an abandoned meme, you cannot win that fight. Security through obscurity is always a bad principle. No one here is recommending that or stating that it is. On Mon, 2013-03-25 at 08:59 +1030, Daniel O'Connor wrote: On 25/03/2013, at 7:33, Charles Bradshaw b...@bradcan.homelinux.com wrote: That seems very wrong to me. It might be a kludge, but it's not wrong. It avoids storing plain text passwords, which are always a risk. The purpose of MD5 digest is to make passwords truly private to the user. Not even root knows users passwords when stored in shadow(MD5). The only risk to shadow passwords is a brute force attack which is relatively easy to detect and foil. FYI a single round of MD5 is considered quite weak these days. The whole point of hashing a password is to make it difficult to find a password if the password DB is leaked. MD5 is no longer sufficient for this (even with salt). A modern GPU can brute force billions of passwords per second and humans suck at generating them. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: MD5 Passwords in MySql?
Andy Thanks for the link. If you read on you will see that while PAM allows storage of encrypted passwords in mysql, DIGEST-MD5 and CRAM-MD5 can then NOT be used. That's definitely as step in the wrong direction. I'm coming to the conclusion that I need understand the code well enough to add something to cyrus, but sadly I'm just too old to grok the tangle of C. I think the thread is now dead. Thanks for all contributions. Charles Bradshaw. On Mon, 2013-03-25 at 13:56 -0700, Andrew Morgan wrote: On Sun, 24 Mar 2013, Charles Bradshaw wrote: In my /etc/imapd.conf I'm using: sasl_auxprop_plugin:sql sasl_sql_engine:mysql I want to store MD5 hashed passwords in my database. Is this possible? I was thinking about modifying the sql plugin to MD5 the password before comparison, but... I'm no C programmer so understanding sql.c (the plugin source) is quite beyond me. It looks as though we just check for the presence of the password and don't actual compare passwords! Surely I'm wrong here? I could use a symmetric encryption, eg AES, and place the necessary decrypt in the sasl_sql_select statement, but that seems a bit pointless since the key is now visible in various logs. This could be illuminating: http://serverfault.com/questions/81958/postfix-sasl-mysql-use-md5-encryption They suggest using the pam_mysql module so that you can specify the password storage format. It appears the SQL auxprop plugin only works with passwords stored in plaintext. Andy Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
MD5 Passwords in MySql?
In my /etc/imapd.conf I'm using: sasl_auxprop_plugin:sql sasl_sql_engine:mysql I want to store MD5 hashed passwords in my database. Is this possible? I was thinking about modifying the sql plugin to MD5 the password before comparison, but... I'm no C programmer so understanding sql.c (the plugin source) is quite beyond me. It looks as though we just check for the presence of the password and don't actual compare passwords! Surely I'm wrong here? I could use a symmetric encryption, eg AES, and place the necessary decrypt in the sasl_sql_select statement, but that seems a bit pointless since the key is now visible in various logs. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: MD5 Passwords in MySql?
Adam Gently... This question has be asked before, but remains unanswered. I am using sendmail and cyrus-imapd, not PostFix or LDAP for which the MD5 password in mysql problem appears to have solved. On Sun, 2013-03-24 at 14:12 -0400, Adam Tauno Williams wrote: On Sun, 2013-03-24 at 14:21 +, Charles Bradshaw wrote: In my /etc/imapd.conf I'm using: sasl_auxprop_plugin:sql sasl_sql_engine:mysql I want to store MD5 hashed passwords in my database. Is this possible? I would *assume* that the database doesn't much care about the hashing/encoding of the password/secret - I'd *assume* it just stores and retrieves it. The database might not care, but something does. The question is what? Or even how to configure cyrus to use MD5 hashed passwords with the sql plugin. Because I'm dealing with virtual domains, passwords are stored ONLY in the database. My users have no accounts or passwords stored elsewhere. Concerns for the validity of the secret are up-the-stack, is SASL proper, and not in the storage plugin. OK, specifically, where up the stack is the password checked? I could be wrong; I've mostly dealt with storing credentials in LDAP. LDAP is a whole other can of worms and not appropriate to my circumstances. I was thinking about modifying the sql plugin to MD5 the password before comparison, but... That seems wrong to me. Can't you just tell SASL via configuration that you want to use MD5? Obviously I can't! I wouldn't have asked the question otherwise. Answering a question with the same question is absurd. I'm no C programmer so understanding sql.c (the plugin source) is quite beyond me. It looks as though we just check for the presence of the password and don't actual compare passwords! Surely I'm wrong here? That is what I would *assume* it does. And correctly. So where is the password compared? I could use a symmetric encryption, eg AES, and place the necessary decrypt in the sasl_sql_select statement, but that seems a bit pointless since the key is now visible in various logs. That seems very wrong to me. It might be a kludge, but it's not wrong. It avoids storing plain text passwords, which are always a risk. The purpose of MD5 digest is to make passwords truly private to the user. Not even root knows users passwords when stored in shadow(MD5). The only risk to shadow passwords is a brute force attack which is relatively easy to detect and foil. I wonder why you care are credentials are stored; is SASL authentication not working? No, I have authentication working fine. I care because mysql is the mechanism I prefer. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Good webmail client software for cyrus?
Hi all, After much pain I have my cyrus-imap server up and working with sendmail. I have penetrated the configuration subtleties of serving virtual domains and persuading cyrus and sendmail to co-operate using today's security protocols.(MD5 and TLS/SSL). I am now researching how to provide a HTTP (webmail style) MAU as an alternative to a bunch of IMAP feature lacking, or otherwise broken, desktop user agents. I also need to source a GUI mailbox/password server management tool. Currently I'm using MySql Workbench for password management and cyradm command line for mailbox configuration. I'm hoping to combine the above management features in one web enabled system. I see Zimbra and roundcube. The former commercial, the latter open source, appear to provide the required technical solutions. Although it is slightly unclear that either provide configurable password management capable of interfacing to MySql. Neither of the above are ideal. The first because it isn't open source. The latter because it is written in PHP. A paradigm I am too old to become proficient in. I would much prefer an open source GPL modperl approach. I attempted to install WING: http://sourceforge.net/projects/web-imap/,. but the project appears dead. My request to the mailing list: wing-admin-subscr...@maillist.ox.ac.uk bounced immediately. Also I suspect that it has some embedded UW IMAP server dependency. I have started looking at Cyrus::IMAP::Admin with some preliminary success. This not easy because of the stunning lack of documentation and the particularly obscure 'perlish' coding style! I have two questions therefore: First has anybody got any insight into any other good open source solutions? Alternatively is there a modperl webmail like project out there I could contribute to? Charles Bradshaw Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: [Cyrus-CVS] Error: Folder appears in listing but can not be accessed mailbox does not exist
What does cyradm say the access rights are for account shared.folder@domain are? localhostlistacl user/shared.folder@domain shared.folder@domain lrswipkxtecda user@domain lrswip needs to be something here ? The account name 'user' is confusing! Are you using virtual domains? The shared account 'shared.folder@domain' is virtual what about 'user@domain'? localhost lm user/user@domain user/user@domain (\HasNoChildren)does this exist ? Or is 'user' a real account? Charles Bradshaw On: Thu, 07 Feb 2013 09:57:24 +0100, Henning wrote: Hi, my problem still exists, anyone got some ideas about this? Henning Am 03.01.2013 09:37, schrieb Henning Holly: Hi, I recently ran into a problem with cyrus and shared folders. I have a kolab server running whose setup involves a cyrus imap server. So, I created a simple shared folder, which appears as shared.folder@domain in cyradm's mailbox-listing (lm * as cyrus-admin user manager). If I connect as client via IMAP/SASL (mail: user@domain, login: user) it gets listed as shared.folder only and I cannot access it, because cyrus claims that the mailbox does not exist. How can I resolve this? kind regards, Henning Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus --- End of Original Message --- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Can anyone explain localhost phenomenon?
On: Mon, 04 Feb 2013 06:29:56 -0500, Adam wrote: On Sun, 2013-02-03 at 15:42 +0100, Gabor Gombas wrote: IIRC MySQL tries to use an UNIX socket instead of TCP for connecting to the server when it sees the localhost string. If e.g. sendmail runs chrooted, then it won't see the MySQL server's socket, therefore it won't be able to connect. What happens if, instead of the literal localhost, you say 127.0.0.1. Hi-jacking the localhost string seems wrong, but it might be accepted/well-known behavior at this point. And possibly buried in the MySQL library [and not in SASL; in fact, I'd wager that is true. Shortcuts and general funny-business is pretty much MySQL's primary prerogative]. Yes 127.0.0.1 instead of localhost works... it's down to somebodies ghost in the machine then! Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: alternative login names
Gentelman Sorry to but into this thread at so late a stage. Indeed SASL does not support encrypted pass words because it can't! SASL CRAM-MD5 and DIGEST-MD5 do not transmit the pass word over the link, as a consequence both the client and the server need knowledge of the clear text. It is possible to store encrypted passwords in some kind of database provided that the lookup mechanism is capable doing the de-crypt. Mysql AES is one possibility. Both MD5 and SHA are a one way hashing functions! Pass word verification against either requires knowledge of the clear text! Charles Bradshaw On: Mon, 4 Feb 2013 18:44:48 +0100, Marc Paterman wrote: Wolfgang Wolfgang Rosenauer schrieb (04.02.2013 18:03 Uhr): I played around some more with openldap's SASL and ran exactly into the issue that SASL seems to explicitely _not_ support CRYPT userPasswords. So yes, keeping saslauthd using PAM would help with that. What did you test? (I did not do it myself.) Like an ldapsearch with -Y cram-md5 or -Y plain both do not work against an object where userPassword is encrypted with CRYPT? And both do work while it is encrypted with like SHA or unencrypted? Marc Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Can anyone explain localhost phenomenon?
If I specify localhost as the host name for both imapd and sendmail sql plugin authentication like this: eg /etc/imapd.conf contains: sasl_sql_hostnames:localhost:3306 changing localhost to mail-host here and /etc/sasl2/Sendmail.conf contains: sql_hostnames:localhost:3306 and here works! Using localhost the connection to mysql fails for the sendmail connection while the imap connection succeeds. On the other hand, if I use the servers real host name instead of localhost then both connections succeed! This must be something to do with the sql plugin and mysql using a socket when connecting to localhost! But what? Command line connections to mysql, from 2 different terminals, to localhost for the same user like this: $ mysql mail --user=** --password=*** work just fine! Confused, Charles Bradshaw Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Switching to Mysql from sasldb2 SOLVED
OK, I found the documentation here: /usr/share/doc/cyrus-sasl-lib-2.1.23/options.html I had a maybe 2 mistakes which are commented below! Also SELinux is preventing /usr/lib/cyrus-imapd/imapd from search access on the directory /var/lib/mysql. The fix for that is: # cat /var/log/messages | audit2allow -m local imap-sql.te # checkmodule -M -m imap-sql.mod imap-sql.te # semodule_package -o imap-sql.pp -m imap-sql.mod # semodule -i imap-sql.pp WARNING: Do NOT just follow the above unless you know what you are doing! You actually need to do the first step above more than once then edit the imap-sql.te file before installing the policy. This is del Charles Bradshaw On: Fri, 1 Feb 2013 23:15:15 +, Charles Bradshaw wrote: I am trying to switch from using sasldb2 to mysql, but I am seeing: Feb 1 22:48:20 ** imaps[2553]: badlogin: * [192.168.0.8] DIGEST-MD5 [SASL(-13): user not found: no secret in In /etc/log/maillog (I have inserted *** to hide the actual server and host atempting to login) I am seeing no query on the database so I presume I have something wrong with one of my configurations? Any help would be most appreciated. Where is the documentation for imapd.conf using mysql? $ yum list cyrus-sasl-sql Installed Packages cyrus-sasl-sql.i686 2.1.23-31.fc17 ~ o ~ /etc/imapd.conf configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true # sasl_pwcheck_method: auxprop sasl_mech_list: PLAIN DIGEST-MD5 CRAM-MD5 # #sasl_auxprop_plugin:sasldb sasl_auxprop_plugin:sql # # added these for mysql sasl_sql_engine:mysql sasl_sql_hostname:localhost:3306 Above should be sasl_sql_hostnames NOT sasl_sql_hostname! sasl_sql_user:mail_admin sasl_sql_passwd: sasl_sql_database:mail sql_statement:SELECT pwd FROM users WHERE id = '%u@%r' Above should be sasl_sql_select NOT sql_statement! sasl_sql_verbose:yes No such tag as sql_verbose! sasl_sql_usessl: no # allowplaintext: yes debug: yes unixhierarchysep: yes # virtdomains: userid tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt tls_cipher_list: TLSv1:SSLv3:!NULL:!EXPORT:!DES:!LOW:@STRENGTH ~ o ~ /etc/sasl2/Sendmail pwcheck_method:auxprop mech_list:DIGEST-MD5 CRAM-MD5 PLAIN # #auxprop_plugin:sasldb auxprop_plugin:sql # # adde these for mysql sql_engine:mysql sql_hostname:localhost:3303 Above should be sql_hostnames NOT sql_hostname ! sql_user:mail_admin sql_passwd: sql_database:mail sql_statement:SELECT pwd FROM users WHERE id = '%u@%r' Above should be sql_select NOT sql_statement sql_verbose:yes sql_usessl: no # debug:yes log_level:5 ~ o ~ Mysql query session (just to prove that it works): $ mysql --user mail_admin --password Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 44 Server version: 5.5.29-log MySQL Community Server (GPL) Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql SELECT pwd FROM mail.users WHERE id = 'test@mydomain'; +--+ | pwd | +--+ | | +--+ 1 row in set (0.00 sec) mysql quit Bye Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus --- End of Original Message --- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Switching to Mysql from sasldb2 SOLVED
Oops.. sorry posted before complete. OK, I found the documentation here: /usr/share/doc/cyrus-sasl-lib-2.1.23/options.html I had a maybe 2 mistakes which are commented below! Also SELinux is preventing /usr/lib/cyrus-imapd/imapd from search access on the directory /var/lib/mysql and connection to mysql socket. The fix for that is: # cat /var/log/messages | audit2allow -m local imap-sql.te # checkmodule -M -m imap-sql.mod imap-sql.te # semodule_package -o imap-sql.pp -m imap-sql.mod # semodule -i imap-sql.pp WARNING: Do NOT just follow the above unless you know what you are doing! You actually need to do the first step above more than once then edit the imap-sql.te file before installing the policy. This is deliberately vague because you really need to know what you are doing with SELinux. Charles Bradshaw On: Fri, 1 Feb 2013 23:15:15 +, Charles Bradshaw wrote: I am trying to switch from using sasldb2 to mysql, but I am seeing: Feb 1 22:48:20 ** imaps[2553]: badlogin: * [192.168.0.8] DIGEST-MD5 [SASL(-13): user not found: no secret in In /etc/log/maillog (I have inserted *** to hide the actual server and host atempting to login) I am seeing no query on the database so I presume I have something wrong with one of my configurations? Any help would be most appreciated. Where is the documentation for imapd.conf using mysql? $ yum list cyrus-sasl-sql Installed Packages cyrus-sasl-sql.i686 2.1.23-31.fc17 ~ o ~ /etc/imapd.conf configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true # sasl_pwcheck_method: auxprop sasl_mech_list: PLAIN DIGEST-MD5 CRAM-MD5 # #sasl_auxprop_plugin:sasldb sasl_auxprop_plugin:sql # # added these for mysql sasl_sql_engine:mysql sasl_sql_hostname:localhost:3306 Above should be sasl_sql_hostnames NOT sasl_sql_hostname! sasl_sql_user:mail_admin sasl_sql_passwd: sasl_sql_database:mail sql_statement:SELECT pwd FROM users WHERE id = '%u@%r' Above should be sasl_sql_select NOT sql_statement! sasl_sql_verbose:yes No such tag as sql_verbose! sasl_sql_usessl: no # allowplaintext: yes debug: yes unixhierarchysep: yes # virtdomains: userid tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt tls_cipher_list: TLSv1:SSLv3:!NULL:!EXPORT:!DES:!LOW:@STRENGTH ~ o ~ /etc/sasl2/Sendmail pwcheck_method:auxprop mech_list:DIGEST-MD5 CRAM-MD5 PLAIN # #auxprop_plugin:sasldb auxprop_plugin:sql # # adde these for mysql sql_engine:mysql sql_hostname:localhost:3303 Above should be sql_hostnames NOT sql_hostname ! sql_user:mail_admin sql_passwd: sql_database:mail sql_statement:SELECT pwd FROM users WHERE id = '%u@%r' Above should be sql_select NOT sql_statement sql_verbose:yes sql_usessl: no # debug:yes log_level:5 ~ o ~ Mysql query session (just to prove that it works): $ mysql --user mail_admin --password Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 44 Server version: 5.5.29-log MySQL Community Server (GPL) Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql SELECT pwd FROM mail.users WHERE id = 'test@mydomain'; +--+ | pwd | +--+ | | +--+ 1 row in set (0.00 sec) mysql quit Bye Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus --- End of Original Message --- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Switching to Mysql from sasldb2
I am trying to switch from using sasldb2 to mysql, but I am seeing: Feb 1 22:48:20 ** imaps[2553]: badlogin: * [192.168.0.8] DIGEST-MD5 [SASL(-13): user not found: no secret in In /etc/log/maillog (I have inserted *** to hide the actual server and host atempting to login) I am seeing no query on the database so I presume I have something wrong with one of my configurations? Any help would be most appreciated. Where is the documentation for imapd.conf using mysql? $ yum list cyrus-sasl-sql Installed Packages cyrus-sasl-sql.i686 2.1.23-31.fc17 ~ o ~ /etc/imapd.conf configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true # sasl_pwcheck_method: auxprop sasl_mech_list: PLAIN DIGEST-MD5 CRAM-MD5 # #sasl_auxprop_plugin:sasldb sasl_auxprop_plugin:sql # # added these for mysql sasl_sql_engine:mysql sasl_sql_hostname:localhost:3306 sasl_sql_user:mail_admin sasl_sql_passwd: sasl_sql_database:mail sql_statement:SELECT pwd FROM users WHERE id = '%u@%r' sasl_sql_verbose:yes sasl_sql_usessl: no # allowplaintext: yes debug: yes unixhierarchysep: yes # virtdomains: userid tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt tls_cipher_list: TLSv1:SSLv3:!NULL:!EXPORT:!DES:!LOW:@STRENGTH ~ o ~ /etc/sasl2/Sendmail pwcheck_method:auxprop mech_list:DIGEST-MD5 CRAM-MD5 PLAIN # #auxprop_plugin:sasldb auxprop_plugin:sql # # adde these for mysql sql_engine:mysql sql_hostname:localhost:3303 sql_user:mail_admin sql_passwd: sql_database:mail sql_statement:SELECT pwd FROM users WHERE id = '%u@%r' sql_verbose:yes sql_usessl: no # debug:yes log_level:5 ~ o ~ Mysql query session (just to prove that it works): $ mysql --user mail_admin --password Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 44 Server version: 5.5.29-log MySQL Community Server (GPL) Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql SELECT pwd FROM mail.users WHERE id = 'test@mydomain'; +--+ | pwd | +--+ | | +--+ 1 row in set (0.00 sec) mysql quit Bye Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Mailbox does not exist question
Andrew Just a thought, should the mailbox name be 'user.test@mydomain' instead of 'user.test'? Here is a dump of /var/lib/imap/mailboxes.db # hexdump -c /var/lib/imap/mailboxes.db 000 241 002 213 \r s k i p l i s t f i l 010 e \0 \0 \0 \0 \0 \0 001 \0 \0 \0 002 \0 \0 \0 024 020 \0 \0 \0 001 \0 \0 \0 001 \0 \0 \0 320 Q 001 4 312 030 \0 \0 001 001 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 220 040 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 * 080 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 377 377 377 377 090 \0 \0 \0 001 \0 \0 \0 \t u s e r . t e s 0a0 t \0 \0 \0 \0 \0 \0 035 0 d e f a u l 0b0 t t e s t \t l r s w i p k x t 0c0 e c d a \t \0 \0 \0 \0 \0 \0 \0 377 377 377 377 0d0 I see a \tuser.test is the tab correct? Also curiously cryadm cannot delete user.test giving Permission denied: # cyradm -u cyrus localhost Password: localhost lm user.brad (\HasNoChildren) localhost dm user.brad deletemailbox: Permission denied localhost quit Something fishy here. Thanks for your help, Charles Bradshaw On: Thu, 24 Jan 2013 13:11:02 -0800 (PST), Andrew Morgan wrote: On Thu, 24 Jan 2013, Charles Bradshaw wrote: On: Thu, 24 Jan 2013 12:37:18 -0800 (PST), Andy wrote: On Thu, 24 Jan 2013, Charles Bradshaw wrote: Output from cyradm: $ cyradm --user cyrus localhost Password: localhost lm * user.test (\HasNoChildren) localhost Perhaps the user does not permission to see the mailbox? What does lam user.test in cyradm report? Andy # cyradm -u cyrus localhost Password: localhost lam user.test test lrswipkxtecda localhost Okay, can we confirm that you are connecting as the user test? Check your syslog for a message similar to: imap[30372]: login: cyrus-fe3.onid.oregonstate.edu [128.193.4.145] test PLAIN User logged in Perhaps we have a problem with virtualdomains. Andy --- End of Original Message --- Andy Here is a complete /var/log/maillog for a session. Jan 24 21:16:06 dell2600 imap[4844]: accepted connection Jan 24 21:16:06 dell2600 master[5029]: about to exec /usr/lib/cyrus-imapd/imapd Jan 24 21:16:06 dell2600 imap[5029]: executed Jan 24 21:16:36 dell2600 imap[4844]: fetching user_deny.db entry for 'test@mydomain' Jan 24 21:16:36 dell2600 imap[4844]: login: localhost [::1] test@mydomain plaintext User logged in SESSIONID=dell2600.bradcan.homelinux.com-4844-1359062166-1 Jan 24 21:16:36 dell2600 imap[4844]: fetching user_deny.db entry for 'test@mydomain' Jan 24 21:16:51 dell2600 imap[4844]: fetching user_deny.db entry for 'test@mydomain' Jan 24 21:16:59 dell2600 imap[4844]: USAGE test@mydomain user: 0.009998 sys: 0.009998 Jan 24 21:18:51 dell2600 master[4485]: process 4844 exited, status 0 Jan 24 21:19:06 dell2600 master[5036]: about to exec /usr/lib/cyrus-imapd/ctl_cyrusdb Jan 24 21:19:06 dell2600 ctl_cyrusdb[5036]: checkpointing cyrus databases Jan 24 21:19:06 dell2600 ctl_cyrusdb[5036]: archiving database file: /var/lib/imap/mailboxes.db Jan 24 21:19:06 dell2600 ctl_cyrusdb[5036]: archiving database file: /var/lib/imap/annotations.db Jan 24 21:19:06 dell2600 ctl_cyrusdb[5036]: done checkpointing cyrus databases Jan 24 21:19:06 dell2600 master[4485]: process 5036 exited, status 0 Also the telemetry log from /var/lib/imap/log/test@mydomain (I figured that I need to name the directory user@realm) 1359062196a1 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY X-NETSCAPE LOGINDISABLED COMPRESS=DEFLATE IDLE] User logged in SESSIONID=dell2600.bradcan.homelinux.com-4844-1359062166-1 1359062211a2 LIST * 1359062211a2 OK Completed (0.000 secs) 1359062219a3 LOGOUT 1359062219* BYE LOGOUT received a3 OK Completed Charles Bradshaw Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Mailbox does not exist question
Andy We're nearly there, phew.. Yes I want to use virtual domains. Yes I have virtdomains: userid in /etc/imapd.conf OK, so I understand why no imap INBOX, but sendmail and cyrusv2 are therefore delivering mail to the wrong mailbox, that is to user.test NOT user.test@mydomain I have sendmail.mc containing: define(`confLOCAL_MAILER', `cyrusv2')dnl define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl MAILER(cyrusv2)dnl and mailertable containing: mydomain cyrusv2:/var/lib/imap/socket/lmtp Obviously the mailertable entry is wrong? Or maybe I need something else to stop sendmail/cyrusv2 stripping mydomain from email sent to test@mydomain ? Thanks for your patients with this old hack, Charles Bradshaw On: Fri, 25 Jan 2013 12:04:15 -0800 (PST), Andrew Morgan wrote: Yes, the mailbox should be named user.test@mydomain, assuming you actually want to use virtual domains. Do you have virtdomains set in imapd.conf? Andy On Fri, 25 Jan 2013, Charles Bradshaw wrote: Andrew Just a thought, should the mailbox name be 'user.test@mydomain' instead of 'user.test'? Here is a dump of /var/lib/imap/mailboxes.db # hexdump -c /var/lib/imap/mailboxes.db 000 241 002 213 \r s k i p l i s t f i l 010 e \0 \0 \0 \0 \0 \0 001 \0 \0 \0 002 \0 \0 \0 024 020 \0 \0 \0 001 \0 \0 \0 001 \0 \0 \0 320 Q 001 4 312 030 \0 \0 001 001 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 220 040 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 * 080 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 377 377 377 377 090 \0 \0 \0 001 \0 \0 \0 \t u s e r . t e s 0a0 t \0 \0 \0 \0 \0 \0 035 0 d e f a u l 0b0 t t e s t \t l r s w i p k x t 0c0 e c d a \t \0 \0 \0 \0 \0 \0 \0 377 377 377 377 0d0 I see a \tuser.test is the tab correct? Also curiously cryadm cannot delete user.test giving Permission denied: # cyradm -u cyrus localhost Password: localhost lm user.brad (\HasNoChildren) localhost dm user.brad deletemailbox: Permission denied localhost quit Something fishy here. Thanks for your help, Charles Bradshaw On: Thu, 24 Jan 2013 13:11:02 -0800 (PST), Andrew Morgan wrote: On Thu, 24 Jan 2013, Charles Bradshaw wrote: On: Thu, 24 Jan 2013 12:37:18 -0800 (PST), Andy wrote: On Thu, 24 Jan 2013, Charles Bradshaw wrote: Output from cyradm: $ cyradm --user cyrus localhost Password: localhost lm * user.test (\HasNoChildren) localhost Perhaps the user does not permission to see the mailbox? What does lam user.test in cyradm report? Andy # cyradm -u cyrus localhost Password: localhost lam user.test test lrswipkxtecda localhost Okay, can we confirm that you are connecting as the user test? Check your syslog for a message similar to: imap[30372]: login: cyrus-fe3.onid.oregonstate.edu [128.193.4.145] test PLAIN User logged in Perhaps we have a problem with virtualdomains. Andy --- End of Original Message --- Andy Here is a complete /var/log/maillog for a session. Jan 24 21:16:06 dell2600 imap[4844]: accepted connection Jan 24 21:16:06 dell2600 master[5029]: about to exec /usr/lib/cyrus-imapd/imapd Jan 24 21:16:06 dell2600 imap[5029]: executed Jan 24 21:16:36 dell2600 imap[4844]: fetching user_deny.db entry for 'test@mydomain' Jan 24 21:16:36 dell2600 imap[4844]: login: localhost [::1] test@mydomain plaintext User logged in SESSIONID=dell2600.bradcan.homelinux.com-4844-1359062166-1 Jan 24 21:16:36 dell2600 imap[4844]: fetching user_deny.db entry for 'test@mydomain' Jan 24 21:16:51 dell2600 imap[4844]: fetching user_deny.db entry for 'test@mydomain' Jan 24 21:16:59 dell2600 imap[4844]: USAGE test@mydomain user: 0.009998 sys: 0.009998 Jan 24 21:18:51 dell2600 master[4485]: process 4844 exited, status 0 Jan 24 21:19:06 dell2600 master[5036]: about to exec /usr/lib/cyrus-imapd/ctl_cyrusdb Jan 24 21:19:06 dell2600 ctl_cyrusdb[5036]: checkpointing cyrus databases Jan 24 21:19:06 dell2600 ctl_cyrusdb[5036]: archiving database file: /var/lib/imap/mailboxes.db Jan 24 21:19:06 dell2600 ctl_cyrusdb[5036]: archiving database file: /var/lib/imap/annotations.db Jan 24 21:19:06 dell2600 ctl_cyrusdb[5036]: done checkpointing cyrus databases Jan 24 21:19:06 dell2600 master[4485]: process 5036 exited, status 0 Also the telemetry log from /var/lib/imap/log/test@mydomain (I figured that I need to name the directory user@realm) 1359062196a1 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY THREAD=ORDEREDSUBJECT THREAD
Re: Mailbox does not exist question
On: Wed, 23 Jan 2013 14:28:28 -0800 (PST), Andrew Morgan wrote: On Wed, 23 Jan 2013, Charles Bradshaw wrote: I'm seeing the following when I test cyrus-imapd using telnet. I seem to be missing some fundamental configuration. What am I doing wrong? Thanks in advance, Charles Bradshaw Telnet imap session: # telnet localhost imap Trying ::1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS AUTH=PLAIN AUTH=CRAM-MD5 AUTH=DIGEST-MD5 SASL-IR] imap-host.mydomain Cyrus IMAP v2.4.14-Fedora-RPM-2.4.14-1.fc17 server ready a1 LOGIN test@mydomain *** a1 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY X-NETSCAPE LOGINDISABLED COMPRESS=DEFLATE IDLE] User logged in SESSIONID=imap-host.mydomain-1720-1358978359-1 a2 LIST * a2 OK Completed (0.000 secs) I expected something like '* LIST (\HasNoChildren) . INBOX', but the response is blank! ~ o ~ Telnet pop session: # telnet localhost 110 Trying ::1... Connected to localhost. Escape character is '^]'. +OK imap-host.mydomain Cyrus POP3 v2.4.14-Fedora-RPM-2.4.14-1.fc17 server ready 1420303981.1358957093@imap-host.mydomain USER test@mydomain +OK Name is a valid mailbox PASS ** -ERR [SYS/PERM] Unable to locate maildrop: Mailbox does not exist /val/log/maillog has: pop3s[13116]: Unable to locate maildrop mydomain!user.test: Mailbox does not exist ~ o ~ However /var/spool/imap/t/user/test mailbox exists and contains mail: # ls -l /var/spool/imap/t/user/test total 24 -rw---. 1 cyrus mail 602 Jan 23 14:36 1. -rw---. 1 cyrus mail 606 Jan 23 14:59 2. -rw---. 1 cyrus mail 603 Jan 23 15:49 3. -rw---. 1 cyrus mail 1884 Jan 23 15:49 cyrus.cache -rw---. 1 cyrus mail 154 Jan 21 09:58 cyrus.header -rw---. 1 cyrus mail 416 Jan 23 15:49 cyrus.index # cat /etc/imapd.conf configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: auxprop sasl_mech_list: PLAIN DIGEST-MD5 CRAM-MD5 sasl_auxprop_plugin:sasldb allowplaintext: yes virtdomains: userid tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt tls_cipher_list: TLSv1:SSLv3:!NULL:!EXPORT:!DES:!LOW:@STRENGTH +OK imap-host.mydomain Cyrus POP3 v2.4.14-Fedora-RPM-2.4.14-1.fc17 server ready 1420303981.1358957093@imap-host.mydomain USER test@mydomain +OK Name is a valid mailbox PASS ** -ERR [SYS/PERM] Unable to locate maildrop: Mailbox does not exist /val/log/maillog has: pop3s[13116]: Unable to locate maildrop mydomain!user.test: Mailbox does not exist ~ o ~ However /var/spool/imap/t/user/test mailbox exists and contains mail: # ls -l /var/spool/imap/t/user/test total 24 -rw---. 1 cyrus mail 602 Jan 23 14:36 1. -rw---. 1 cyrus mail 606 Jan 23 14:59 2. -rw---. 1 cyrus mail 603 Jan 23 15:49 3. -rw---. 1 cyrus mail 1884 Jan 23 15:49 cyrus.cache -rw---. 1 cyrus mail 154 Jan 21 09:58 cyrus.header -rw---. 1 cyrus mail 416 Jan 23 15:49 cyrus.index # cat /etc/imapd.conf configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: auxprop sasl_mech_list: PLAIN DIGEST-MD5 CRAM-MD5 sasl_auxprop_plugin:sasldb allowplaintext: yes virtdomains: userid tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt tls_cipher_list: TLSv1:SSLv3:!NULL:!EXPORT:!DES:!LOW:@STRENGTH Run cyradm --user cyrus localhost and type lm *. Is the mailbox user.test in the output? Andy --- End of Original Message --- Output from cyradm: $ cyradm --user cyrus localhost Password: localhost lm * user.test (\HasNoChildren) localhost Charles Bradshaw Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Mailbox does not exist question (is this the answer?)
I have enabled debug. (in imapd.conf debug: yes). Now when I start a telnet imap session /var/log/maillog has this: Jan 24 13:25:59 dell2600 imap[4507]: accepted connection Jan 24 13:25:59 dell2600 master[4549]: about to exec /usr/lib/cyrus-imapd/imapd Jan 24 13:25:59 dell2600 imap[4549]: executed Jan 24 13:25:59 dell2600 imap[4549]: IOERROR: opening /var/lib/imap/user_deny.db: No such file or directory Is this the problem? How do I create user_deny.db ? Charles Bradshaw On: Wed, 23 Jan 2013 14:28:28 -0800 (PST), Andrew Morgan wrote: On Wed, 23 Jan 2013, Charles Bradshaw wrote: I'm seeing the following when I test cyrus-imapd using telnet. I seem to be missing some fundamental configuration. What am I doing wrong? Thanks in advance, Charles Bradshaw Telnet imap session: # telnet localhost imap Trying ::1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS AUTH=PLAIN AUTH=CRAM-MD5 AUTH=DIGEST-MD5 SASL-IR] imap-host.mydomain Cyrus IMAP v2.4.14-Fedora-RPM-2.4.14-1.fc17 server ready a1 LOGIN test@mydomain *** a1 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY X-NETSCAPE LOGINDISABLED COMPRESS=DEFLATE IDLE] User logged in SESSIONID=imap-host.mydomain-1720-1358978359-1 a2 LIST * a2 OK Completed (0.000 secs) I expected something like '* LIST (\HasNoChildren) . INBOX', but the response is blank! ~ o ~ Telnet pop session: # telnet localhost 110 Trying ::1... Connected to localhost. Escape character is '^]'. +OK imap-host.mydomain Cyrus POP3 v2.4.14-Fedora-RPM-2.4.14-1.fc17 server ready 1420303981.1358957093@imap-host.mydomain USER test@mydomain +OK Name is a valid mailbox PASS ** -ERR [SYS/PERM] Unable to locate maildrop: Mailbox does not exist /val/log/maillog has: pop3s[13116]: Unable to locate maildrop mydomain!user.test: Mailbox does not exist ~ o ~ However /var/spool/imap/t/user/test mailbox exists and contains mail: # ls -l /var/spool/imap/t/user/test total 24 -rw---. 1 cyrus mail 602 Jan 23 14:36 1. -rw---. 1 cyrus mail 606 Jan 23 14:59 2. -rw---. 1 cyrus mail 603 Jan 23 15:49 3. -rw---. 1 cyrus mail 1884 Jan 23 15:49 cyrus.cache -rw---. 1 cyrus mail 154 Jan 21 09:58 cyrus.header -rw---. 1 cyrus mail 416 Jan 23 15:49 cyrus.index # cat /etc/imapd.conf configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: auxprop sasl_mech_list: PLAIN DIGEST-MD5 CRAM-MD5 sasl_auxprop_plugin:sasldb allowplaintext: yes virtdomains: userid tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt tls_cipher_list: TLSv1:SSLv3:!NULL:!EXPORT:!DES:!LOW:@STRENGTH +OK imap-host.mydomain Cyrus POP3 v2.4.14-Fedora-RPM-2.4.14-1.fc17 server ready 1420303981.1358957093@imap-host.mydomain USER test@mydomain +OK Name is a valid mailbox PASS ** -ERR [SYS/PERM] Unable to locate maildrop: Mailbox does not exist /val/log/maillog has: pop3s[13116]: Unable to locate maildrop mydomain!user.test: Mailbox does not exist ~ o ~ However /var/spool/imap/t/user/test mailbox exists and contains mail: # ls -l /var/spool/imap/t/user/test total 24 -rw---. 1 cyrus mail 602 Jan 23 14:36 1. -rw---. 1 cyrus mail 606 Jan 23 14:59 2. -rw---. 1 cyrus mail 603 Jan 23 15:49 3. -rw---. 1 cyrus mail 1884 Jan 23 15:49 cyrus.cache -rw---. 1 cyrus mail 154 Jan 21 09:58 cyrus.header -rw---. 1 cyrus mail 416 Jan 23 15:49 cyrus.index # cat /etc/imapd.conf configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: auxprop sasl_mech_list: PLAIN DIGEST-MD5 CRAM-MD5 sasl_auxprop_plugin:sasldb allowplaintext: yes virtdomains: userid tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt tls_cipher_list: TLSv1:SSLv3:!NULL:!EXPORT:!DES:!LOW:@STRENGTH Run cyradm --user cyrus localhost and type lm *. Is the mailbox user.test in the output? Andy --- End of Original Message --- Output from cyradm: $ cyradm --user cyrus localhost Password: localhost lm * user.test (\HasNoChildren) localhost Charles Bradshaw Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http
Re: Mailbox does not exist question (NO it is NOT the answer!)
I have enabled debug. (in imapd.conf debug: yes). Now when I start a telnet imap session /var/log/maillog has this: Jan 24 13:25:59 dell2600 imap[4507]: accepted connection Jan 24 13:25:59 dell2600 master[4549]: about to exec /usr/lib/cyrus-imapd/imapd Jan 24 13:25:59 dell2600 imap[4549]: executed Jan 24 13:25:59 dell2600 imap[4549]: IOERROR: opening /var/lib/imap/user_deny.db: No such file or directory Is this the problem? How do I create user_deny.db ? ~ o ~ The debug exposed error has been eliminated by creating user_deny.db #su cyrus bash-4.2$ touch /var/lib/imap/user_deny.db Telnet session still does NOT report the presence of INBOX: $ telnet localhost imap Trying ::1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS AUTH=PLAIN AUTH=CRAM-MD5 AUTH=DIGEST-MD5 SASL-IR] dell2600.bradcan.homelinux.com Cyrus IMAP v2.4.14-Fedora-RPM-2.4.14-1.fc17 server ready a1 LOGIN b...@bradcan.homelinux.com wH3x14or a1 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY X-NETSCAPE LOGINDISABLED COMPRESS=DEFLATE IDLE] User logged in SESSIONID=dell2600.bradcan.homelinux.com-4597-1359054779-1 a2 LIST * a2 OK Completed (0.000 secs) I am at a complete loss to understand how it is possible that mail is delivered, but at the same time the INBOX is not being identified during the imap session. Is there some way to increase the bebug level of imapd ? Charles Bradshaw On: Wed, 23 Jan 2013 14:28:28 -0800 (PST), Andrew Morgan wrote: On Wed, 23 Jan 2013, Charles Bradshaw wrote: I'm seeing the following when I test cyrus-imapd using telnet. I seem to be missing some fundamental configuration. What am I doing wrong? Thanks in advance, Charles Bradshaw Telnet imap session: # telnet localhost imap Trying ::1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS AUTH=PLAIN AUTH=CRAM-MD5 AUTH=DIGEST-MD5 SASL-IR] imap-host.mydomain Cyrus IMAP v2.4.14-Fedora-RPM-2.4.14-1.fc17 server ready a1 LOGIN test@mydomain *** a1 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY X-NETSCAPE LOGINDISABLED COMPRESS=DEFLATE IDLE] User logged in SESSIONID=imap-host.mydomain-1720-1358978359-1 a2 LIST * a2 OK Completed (0.000 secs) I expected something like '* LIST (\HasNoChildren) . INBOX', but the response is blank! ~ o ~ Telnet pop session: # telnet localhost 110 Trying ::1... Connected to localhost. Escape character is '^]'. +OK imap-host.mydomain Cyrus POP3 v2.4.14-Fedora-RPM-2.4.14-1.fc17 server ready 1420303981.1358957093@imap-host.mydomain USER test@mydomain +OK Name is a valid mailbox PASS ** -ERR [SYS/PERM] Unable to locate maildrop: Mailbox does not exist /val/log/maillog has: pop3s[13116]: Unable to locate maildrop mydomain!user.test: Mailbox does not exist ~ o ~ However /var/spool/imap/t/user/test mailbox exists and contains mail: # ls -l /var/spool/imap/t/user/test total 24 -rw---. 1 cyrus mail 602 Jan 23 14:36 1. -rw---. 1 cyrus mail 606 Jan 23 14:59 2. -rw---. 1 cyrus mail 603 Jan 23 15:49 3. -rw---. 1 cyrus mail 1884 Jan 23 15:49 cyrus.cache -rw---. 1 cyrus mail 154 Jan 21 09:58 cyrus.header -rw---. 1 cyrus mail 416 Jan 23 15:49 cyrus.index # cat /etc/imapd.conf configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: auxprop sasl_mech_list: PLAIN DIGEST-MD5 CRAM-MD5 sasl_auxprop_plugin:sasldb allowplaintext: yes virtdomains: userid tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt tls_cipher_list: TLSv1:SSLv3:!NULL:!EXPORT:!DES:!LOW:@STRENGTH +OK imap-host.mydomain Cyrus POP3 v2.4.14-Fedora-RPM-2.4.14-1.fc17 server ready 1420303981.1358957093@imap-host.mydomain USER test@mydomain +OK Name is a valid mailbox PASS ** -ERR [SYS/PERM] Unable to locate maildrop: Mailbox does not exist /val/log/maillog has: pop3s[13116]: Unable to locate maildrop mydomain!user.test: Mailbox does not exist ~ o ~ However /var/spool/imap/t/user/test mailbox exists and contains mail: # ls -l /var/spool/imap/t/user/test total 24 -rw---. 1 cyrus
Re: Mailbox does not exist question (NO it is NOT the answer!)
The file owner is root, but ps aux says: cyrus 4844 0.0 0.1 50004 2224 ?S19:31 0:00 imapd So the running daemon and the mailbox is owned by cyrus, which is correct. The mail directory cannot be owned by the user because she is virtual and therefore has no account. Instead cyrus is proxy. I like your signature though :) The only skill I have is perseverance! Charles Bradshaw On: Thu, 24 Jan 2013 13:28:55 -0600,Dale wrote: No expert, but does the proper user own imap? Is it writeable the the mail user? On 01/24/2013 01:17 PM, Charles Bradshaw wrote: I have enabled debug. (in imapd.conf debug: yes). Now when I start a telnet imap session /var/log/maillog has this: Jan 24 13:25:59 dell2600 imap[4507]: accepted connection Jan 24 13:25:59 dell2600 master[4549]: about to exec /usr/lib/cyrus-imapd/imapd Jan 24 13:25:59 dell2600 imap[4549]: executed Jan 24 13:25:59 dell2600 imap[4549]: IOERROR: opening /var/lib/imap/user_deny.db: No such file or directory Is this the problem? How do I create user_deny.db ? ~ o ~ The debug exposed error has been eliminated by creating user_deny.db #su cyrus bash-4.2$ touch /var/lib/imap/user_deny.db Telnet session still does NOT report the presence of INBOX: $ telnet localhost imap Trying ::1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS AUTH=PLAIN AUTH=CRAM-MD5 AUTH=DIGEST-MD5 SASL-IR] dell2600.bradcan.homelinux.com Cyrus IMAP v2.4.14-Fedora-RPM-2.4.14-1.fc17 server ready a1 LOGIN b...@bradcan.homelinux.com wH3x14or a1 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY X-NETSCAPE LOGINDISABLED COMPRESS=DEFLATE IDLE] User logged in SESSIONID=dell2600.bradcan.homelinux.com-4597-1359054779-1 a2 LIST * a2 OK Completed (0.000 secs) I am at a complete loss to understand how it is possible that mail is delivered, but at the same time the INBOX is not being identified during the imap session. Is there some way to increase the bebug level of imapd ? Charles Bradshaw On: Wed, 23 Jan 2013 14:28:28 -0800 (PST), Andrew Morgan wrote: On Wed, 23 Jan 2013, Charles Bradshaw wrote: I'm seeing the following when I test cyrus-imapd using telnet. I seem to be missing some fundamental configuration. What am I doing wrong? Thanks in advance, Charles Bradshaw Telnet imap session: # telnet localhost imap Trying ::1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS AUTH=PLAIN AUTH=CRAM-MD5 AUTH=DIGEST-MD5 SASL-IR] imap-host.mydomain Cyrus IMAP v2.4.14-Fedora-RPM-2.4.14-1.fc17 server ready a1 LOGIN test@mydomain *** a1 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY X-NETSCAPE LOGINDISABLED COMPRESS=DEFLATE IDLE] User logged in SESSIONID=imap-host.mydomain-1720-1358978359-1 a2 LIST * a2 OK Completed (0.000 secs) I expected something like '* LIST (\HasNoChildren) . INBOX', but the response is blank! ~ o ~ Telnet pop session: # telnet localhost 110 Trying ::1... Connected to localhost. Escape character is '^]'. +OK imap-host.mydomain Cyrus POP3 v2.4.14-Fedora-RPM-2.4.14-1.fc17 server ready1420303981.1358957093@imap-host.mydomain USER test@mydomain +OK Name is a valid mailbox PASS ** -ERR [SYS/PERM] Unable to locate maildrop: Mailbox does not exist /val/log/maillog has: pop3s[13116]: Unable to locate maildrop mydomain!user.test: Mailbox does not exist ~ o ~ However /var/spool/imap/t/user/test mailbox exists and contains mail: # ls -l /var/spool/imap/t/user/test total 24 -rw---. 1 cyrus mail 602 Jan 23 14:36 1. -rw---. 1 cyrus mail 606 Jan 23 14:59 2. -rw---. 1 cyrus mail 603 Jan 23 15:49 3. -rw---. 1 cyrus mail 1884 Jan 23 15:49 cyrus.cache -rw---. 1 cyrus mail 154 Jan 21 09:58 cyrus.header -rw---. 1 cyrus mail 416 Jan 23 15:49 cyrus.index # cat /etc/imapd.conf configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: auxprop sasl_mech_list: PLAIN DIGEST-MD5 CRAM-MD5 sasl_auxprop_plugin:sasldb allowplaintext: yes virtdomains: userid tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
Re: Mailbox does not exist question (NO it is NOT the answer!)
Dale The installation is from cyrus-imapd.i686 2.4.14-1.fc17 Yes there have been file ownership problems, but you will observe from my previous post that the mailbox has been written to by the cyrus mailer! Therefore one would naturally expect imapd to be able to read it! For the record /var/spool/imap/b/user/test are all 700 and the files in /test are 600 and every thing is owner cyrus and group mail. Yes I agree possibly a file ownership problem, but how? One of the first things I tried was changing everything to 777 with no result! More likely some quirk with BSD vis Fedora low level file access. Most of the Fedora forum posts on the subject of cyrus-imapd say ! Oops can't post it here. ;-) Charles Bradshaw On: Thu, 24 Jan 2013 14:11:09 -0600, Dale woote: The directory and files must be writeable by either the owner of the process (cyrus) or the group the owner belongs to. I suggest you write down who owns the directory, make sure you remember and chown to it. Keep in mind that some directories may be written by sendmail/postfix and/or read by cyrus. I suspect it's a permission problem, though. Did you compile yourself, rpm, package, ??? What OS? On 01/24/2013 02:00 PM, Charles Bradshaw wrote: The file owner is root, but ps aux says: cyrus 4844 0.0 0.1 50004 2224 ?S19:31 0:00 imapd So the running daemon and the mailbox is owned by cyrus, which is correct. The mail directory cannot be owned by the user because she is virtual and therefore has no account. Instead cyrus is proxy. I like your signature though :) The only skill I have is perseverance! Charles Bradshaw On: Thu, 24 Jan 2013 13:28:55 -0600,Dale wrote: No expert, but does the proper user own imap? Is it writeable the the mail user? On 01/24/2013 01:17 PM, Charles Bradshaw wrote: I have enabled debug. (in imapd.conf debug: yes). Now when I start a telnet imap session /var/log/maillog has this: Jan 24 13:25:59 dell2600 imap[4507]: accepted connection Jan 24 13:25:59 dell2600 master[4549]: about to exec /usr/lib/cyrus-imapd/imapd Jan 24 13:25:59 dell2600 imap[4549]: executed Jan 24 13:25:59 dell2600 imap[4549]: IOERROR: opening /var/lib/imap/user_deny.db: No such file or directory Is this the problem? How do I create user_deny.db ? ~ o ~ The debug exposed error has been eliminated by creating user_deny.db #su cyrus bash-4.2$ touch /var/lib/imap/user_deny.db Telnet session still does NOT report the presence of INBOX: $ telnet localhost imap Trying ::1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS AUTH=PLAIN AUTH=CRAM-MD5 AUTH=DIGEST-MD5 SASL-IR] dell2600.bradcan.homelinux.com Cyrus IMAP v2.4.14-Fedora-RPM-2.4.14-1.fc17 server ready a1 LOGIN b...@bradcan.homelinux.com wH3x14or a1 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY X-NETSCAPE LOGINDISABLED COMPRESS=DEFLATE IDLE] User logged in SESSIONID=dell2600.bradcan.homelinux.com-4597-1359054779-1 a2 LIST * a2 OK Completed (0.000 secs) I am at a complete loss to understand how it is possible that mail is delivered, but at the same time the INBOX is not being identified during the imap session. Is there some way to increase the bebug level of imapd ? Charles Bradshaw On: Wed, 23 Jan 2013 14:28:28 -0800 (PST), Andrew Morgan wrote: On Wed, 23 Jan 2013, Charles Bradshaw wrote: I'm seeing the following when I test cyrus-imapd using telnet. I seem to be missing some fundamental configuration. What am I doing wrong? Thanks in advance, Charles Bradshaw Telnet imap session: # telnet localhost imap Trying ::1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS AUTH=PLAIN AUTH=CRAM-MD5 AUTH=DIGEST-MD5 SASL-IR] imap-host.mydomain Cyrus IMAP v2.4.14-Fedora-RPM-2.4.14-1.fc17 server ready a1 LOGIN test@mydomain *** a1 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY X-NETSCAPE LOGINDISABLED COMPRESS=DEFLATE IDLE] User logged in SESSIONID=imap-host.mydomain-1720-1358978359-1 a2 LIST * a2 OK Completed (0.000 secs) I expected something like '* LIST (\HasNoChildren) . INBOX', but the response is blank! ~ o ~ Telnet pop session: # telnet localhost 110
Re: Mailbox does not exist question
On: Thu, 24 Jan 2013 12:37:18 -0800 (PST), Andy wrote: On Thu, 24 Jan 2013, Charles Bradshaw wrote: Output from cyradm: $ cyradm --user cyrus localhost Password: localhost lm * user.test (\HasNoChildren) localhost Perhaps the user does not permission to see the mailbox? What does lam user.test in cyradm report? Andy # cyradm -u cyrus localhost Password: localhost lam user.test test lrswipkxtecda localhost Charles Bradshaw Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Mailbox does not exist question (NO it is NOT the answer!)
Adam The telnet session is listed in full below. Snip: client: a2 LIST * should be a list here containing something! server: a2 OK Completed (0.000 secs) Expected response like this: * LIST (\Unmarked \HasChildren) . INBOX How do I enable telemetry logging ? I tried creating /var/lib/imap/log/test but this remains empty! The mailbox exists and has been written, ie contains email messages. (see my earlier posts). Charles Bradshaw Sent: Thu, 24 Jan 2013 15:45:40 -0500, Adam wrote: On Thu, 2013-01-24 at 19:17 +, Charles Bradshaw wrote: I have enabled debug. (in imapd.conf debug: yes). Now when I start a telnet imap session /var/log/maillog has this: Jan 24 13:25:59 dell2600 imap[4507]: accepted connection Jan 24 13:25:59 dell2600 master[4549]: about to exec /usr/lib/cyrus-imapd/imapd Jan 24 13:25:59 dell2600 imap[4549]: executed Jan 24 13:25:59 dell2600 imap[4549]: IOERROR: opening /var/lib/imap/user_deny.db: No such file or directory Is this the problem? How do I create user_deny.db ? No, it is OK for user_deny to not exist. [this is a chronically confusing message; you can't really tell DEBUG 'error' messages from real error messages]. Telnet session still does NOT report the presence of INBOX: I don't understand this statement. $ telnet localhost imap Trying ::1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS AUTH=PLAIN AUTH=CRAM-MD5 AUTH=DIGEST-MD5 SASL-IR] dell2600.bradcan.homelinux.com Cyrus IMAP v2.4.14-Fedora-RPM-2.4.14-1.fc17 server ready a1 LOGIN b...@bradcan.homelinux.com wH3x14or a1 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY X-NETSCAPE LOGINDISABLED COMPRESS=DEFLATE IDLE] User logged in SESSIONID=dell2600.bradcan.homelinux.com-4597-1359054779-1 a2 LIST * a2 OK Completed (0.000 secs) I am at a complete loss to understand how it is possible that mail is delivered, but at the same time the INBOX is not being identified during the imap session. Is there some way to increase the bebug level of imapd ? Have you enabled telemetry logging for that user? Does the mailbox in question appear in the mailbox list? -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus --- End of Original Message --- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Mailbox does not exist question
On: Thu, 24 Jan 2013 13:11:02 -0800 (PST), Andrew Morgan wrote: On Thu, 24 Jan 2013, Charles Bradshaw wrote: On: Thu, 24 Jan 2013 12:37:18 -0800 (PST), Andy wrote: On Thu, 24 Jan 2013, Charles Bradshaw wrote: Output from cyradm: $ cyradm --user cyrus localhost Password: localhost lm * user.test (\HasNoChildren) localhost Perhaps the user does not permission to see the mailbox? What does lam user.test in cyradm report? Andy # cyradm -u cyrus localhost Password: localhost lam user.test test lrswipkxtecda localhost Okay, can we confirm that you are connecting as the user test? Check your syslog for a message similar to: imap[30372]: login: cyrus-fe3.onid.oregonstate.edu [128.193.4.145] test PLAIN User logged in Perhaps we have a problem with virtualdomains. Andy --- End of Original Message --- Andy Here is a complete /var/log/maillog for a session. Jan 24 21:16:06 dell2600 imap[4844]: accepted connection Jan 24 21:16:06 dell2600 master[5029]: about to exec /usr/lib/cyrus-imapd/imapd Jan 24 21:16:06 dell2600 imap[5029]: executed Jan 24 21:16:36 dell2600 imap[4844]: fetching user_deny.db entry for 'test@mydomain' Jan 24 21:16:36 dell2600 imap[4844]: login: localhost [::1] test@mydomain plaintext User logged in SESSIONID=dell2600.bradcan.homelinux.com-4844-1359062166-1 Jan 24 21:16:36 dell2600 imap[4844]: fetching user_deny.db entry for 'test@mydomain' Jan 24 21:16:51 dell2600 imap[4844]: fetching user_deny.db entry for 'test@mydomain' Jan 24 21:16:59 dell2600 imap[4844]: USAGE test@mydomain user: 0.009998 sys: 0.009998 Jan 24 21:18:51 dell2600 master[4485]: process 4844 exited, status 0 Jan 24 21:19:06 dell2600 master[5036]: about to exec /usr/lib/cyrus-imapd/ctl_cyrusdb Jan 24 21:19:06 dell2600 ctl_cyrusdb[5036]: checkpointing cyrus databases Jan 24 21:19:06 dell2600 ctl_cyrusdb[5036]: archiving database file: /var/lib/imap/mailboxes.db Jan 24 21:19:06 dell2600 ctl_cyrusdb[5036]: archiving database file: /var/lib/imap/annotations.db Jan 24 21:19:06 dell2600 ctl_cyrusdb[5036]: done checkpointing cyrus databases Jan 24 21:19:06 dell2600 master[4485]: process 5036 exited, status 0 Also the telemetry log from /var/lib/imap/log/test@mydomain (I figured that I need to name the directory user@realm) 1359062196a1 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY X-NETSCAPE LOGINDISABLED COMPRESS=DEFLATE IDLE] User logged in SESSIONID=dell2600.bradcan.homelinux.com-4844-1359062166-1 1359062211a2 LIST * 1359062211a2 OK Completed (0.000 secs) 1359062219a3 LOGOUT 1359062219* BYE LOGOUT received a3 OK Completed Charles Bradshaw Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Authentication 'realm' problem SOLVED
I am now able to connect using imtest and authenticate using sasldb2 from both localhost and elsewhere. 1 - In imapd.conf insert the line: virtdomains: userid. 2 - In the imtest command use: -a user@mydomain NOTE imtest -a user -r mydomain does NOT work. I have to remove the defaultdomain: line from imapd.conf otherwise imtest from another host fails. In the above mydomain has absolutly nothing to do with network domains. It is simply an additional grouping identifier REALM to be used in the auth database lookup process. For example: [root@imap-host ~]# saslpasswd2 -c test -u administration and [user@other-host ~]$ imtest -a test@administration imap-host Authenticates just fine. Charles Bradshaw On: Mon, 21 Jan 2013 17:47:53 +, Charles Bradshaw wrote I am seeing an authentication problem when using imtest. I have cyrus-imapd-utils-2.4.14-1.fc17.i686 The imtest man page says the -r switch specifies the 'realm', but -r does not seem to work. I used: [root@imap-server ~]# saslpasswd2 user Password ... and [root@imap-server ~]# saslpasswd2 cyrus ... Which puts cyrus@imap-host.mydomain and user@imap-host@mydomain into /etc/sasldb2 Now: $ imtest -s -a cyrus localhost' Authenticates. But $ imtest -s -a cyrus imap-host $ imtest -s -a cyrus -r imap-host.mydomain imap-host From another host fails with: Authentication failed. generic failure On the other hand: $ imtest -s -a user localhost $ imtest -s -a user BOTH authenticate, but are pointless because I need to authenticate for other, different, realms. If instead I use: [root@imap-server ~]# saslpasswd2 -u mydomain user Password ... That is, secify the (badly named 'domain') realm realm for sasldb2. Now: $ imtest -s -a user -r mydomain localhost $ imtest -s -a user -r mydomain imap-host Both produce Authentication failed. generic failure The /var/log/maillog messages are equally un-helpfull: Jan 21 17:39:21 imap-host imaps[5610]: starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication Jan 21 17:39:48 imap-host imaps[5610]: badlogin: localhost [::1] DIGEST-MD5 [SASL(-13): user not found: no secret in database] Obviously I missed some 'realm' configuration for cyrus-imapd or don't understand how to use -u realm for saslpasswd2 or the -r realm parameter for imtest! I think I understood saslpasswd -u realm because I have realms working for sendmail using saslauthd. What am I doing wrong? # cat /etc/imapd.conf configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: auxprop sasl_mech_list: PLAIN DIGEST-MD5 CRAM-MD5 sasl_auxprop_plugin:sasldb #allowplaintext: no #defaultdomain: mail #loginrealms: mydomain tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt I tried loginrealms: mydomain without success! The localhost test FQDN is imap-host.mydomain and my DNS works. ie '$ host imap-host' produces imap-host.mydomain has address 192.168.#.# Thanks in advance, Charles Bradshaw Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus --- End of Original Message --- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Mailbox does not exist question
I'm seeing the following when I test cyrus-imapd using telnet. I seem to be missing some fundamental configuration. What am I doing wrong? Thanks in advance, Charles Bradshaw Telnet imap session: # telnet localhost imap Trying ::1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS AUTH=PLAIN AUTH=CRAM-MD5 AUTH=DIGEST-MD5 SASL-IR] imap-host.mydomain Cyrus IMAP v2.4.14-Fedora-RPM-2.4.14-1.fc17 server ready a1 LOGIN test@mydomain *** a1 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY X-NETSCAPE LOGINDISABLED COMPRESS=DEFLATE IDLE] User logged in SESSIONID=imap-host.mydomain-1720-1358978359-1 a2 LIST * a2 OK Completed (0.000 secs) I expected something like '* LIST (\HasNoChildren) . INBOX', but the response is blank! ~ o ~ Telnet pop session: # telnet localhost 110 Trying ::1... Connected to localhost. Escape character is '^]'. +OK imap-host.mydomain Cyrus POP3 v2.4.14-Fedora-RPM-2.4.14-1.fc17 server ready 1420303981.1358957093@imap-host.mydomain USER test@mydomain +OK Name is a valid mailbox PASS ** -ERR [SYS/PERM] Unable to locate maildrop: Mailbox does not exist /val/log/maillog has: pop3s[13116]: Unable to locate maildrop mydomain!user.test: Mailbox does not exist ~ o ~ However /var/spool/imap/t/user/test mailbox exists and contains mail: # ls -l /var/spool/imap/t/user/test total 24 -rw---. 1 cyrus mail 602 Jan 23 14:36 1. -rw---. 1 cyrus mail 606 Jan 23 14:59 2. -rw---. 1 cyrus mail 603 Jan 23 15:49 3. -rw---. 1 cyrus mail 1884 Jan 23 15:49 cyrus.cache -rw---. 1 cyrus mail 154 Jan 21 09:58 cyrus.header -rw---. 1 cyrus mail 416 Jan 23 15:49 cyrus.index # cat /etc/imapd.conf configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: auxprop sasl_mech_list: PLAIN DIGEST-MD5 CRAM-MD5 sasl_auxprop_plugin:sasldb allowplaintext: yes virtdomains: userid tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt tls_cipher_list: TLSv1:SSLv3:!NULL:!EXPORT:!DES:!LOW:@STRENGTH +OK imap-host.mydomain Cyrus POP3 v2.4.14-Fedora-RPM-2.4.14-1.fc17 server ready 1420303981.1358957093@imap-host.mydomain USER test@mydomain +OK Name is a valid mailbox PASS ** -ERR [SYS/PERM] Unable to locate maildrop: Mailbox does not exist /val/log/maillog has: pop3s[13116]: Unable to locate maildrop mydomain!user.test: Mailbox does not exist ~ o ~ However /var/spool/imap/t/user/test mailbox exists and contains mail: # ls -l /var/spool/imap/t/user/test total 24 -rw---. 1 cyrus mail 602 Jan 23 14:36 1. -rw---. 1 cyrus mail 606 Jan 23 14:59 2. -rw---. 1 cyrus mail 603 Jan 23 15:49 3. -rw---. 1 cyrus mail 1884 Jan 23 15:49 cyrus.cache -rw---. 1 cyrus mail 154 Jan 21 09:58 cyrus.header -rw---. 1 cyrus mail 416 Jan 23 15:49 cyrus.index # cat /etc/imapd.conf configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: auxprop sasl_mech_list: PLAIN DIGEST-MD5 CRAM-MD5 sasl_auxprop_plugin:sasldb allowplaintext: yes virtdomains: userid tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt tls_cipher_list: TLSv1:SSLv3:!NULL:!EXPORT:!DES:!LOW:@STRENGTH Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Authentication 'realm' problem
I am seeing an authentication problem when using imtest. I have cyrus-imapd-utils-2.4.14-1.fc17.i686 The imtest man page says the -r switch specifies the 'realm', but -r does not seem to work. I used: [root@imap-server ~]# saslpasswd2 user Password ... and [root@imap-server ~]# saslpasswd2 cyrus ... Which puts cyrus@imap-host.mydomain and user@imap-host@mydomain into /etc/sasldb2 Now: $ imtest -s -a cyrus localhost' Authenticates. But $ imtest -s -a cyrus imap-host $ imtest -s -a cyrus -r imap-host.mydomain imap-host From another host fails with: Authentication failed. generic failure On the other hand: $ imtest -s -a user localhost $ imtest -s -a user BOTH authenticate, but are pointless because I need to authenticate for other, different, realms. If instead I use: [root@imap-server ~]# saslpasswd2 -u mydomain user Password ... That is, secify the (badly named 'domain') realm realm for sasldb2. Now: $ imtest -s -a user -r mydomain localhost $ imtest -s -a user -r mydomain imap-host Both produce Authentication failed. generic failure The /var/log/maillog messages are equally un-helpfull: Jan 21 17:39:21 imap-host imaps[5610]: starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication Jan 21 17:39:48 imap-host imaps[5610]: badlogin: localhost [::1] DIGEST-MD5 [SASL(-13): user not found: no secret in database] Obviously I missed some 'realm' configuration for cyrus-imapd or don't understand how to use -u realm for saslpasswd2 or the -r realm parameter for imtest! I think I understood saslpasswd -u realm because I have realms working for sendmail using saslauthd. What am I doing wrong? # cat /etc/imapd.conf configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: auxprop sasl_mech_list: PLAIN DIGEST-MD5 CRAM-MD5 sasl_auxprop_plugin:sasldb #allowplaintext: no #defaultdomain: mail #loginrealms: mydomain tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt I tried loginrealms: mydomain without success! The localhost test FQDN is imap-host.mydomain and my DNS works. ie '$ host imap-host' produces imap-host.mydomain has address 192.168.#.# Thanks in advance, Charles Bradshaw Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyrus-imap configuration question
Thanks Dan, Here are the details you asked for. My /etc/imapd.conf : configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: auxprop sasl_mech_list: PLAIN DIGEST-MD5 CRAM-MD5 sasl_auxprop_plugin:sasldb #allowplaintext: no #defaultdomain: mail tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt # uncomment this if you're operating in a DSCP environment (RFC-4594) # qosmarking: af13 I have played with allowplaintext and defaultdomain. For the record the 3 sasl_... values are the same as the entries in /etc/sasl2/Sendmail.conf Directory ownership: ls -ld /var/lib/imap drwxr-x---. 18 cyrus mail 4096 Jan 19 19:37 lib/imap ls -l lib/imap total 72 drwx--. 2 cyrus mail 4096 Jan 20 03:35 backup drwx--. 2 cyrus mail 4096 Jan 19 19:37 db drwx--. 2 cyrus mail 4096 Jan 19 19:37 db.backup1 drwx--. 2 cyrus mail 4096 Jan 19 16:45 db.backup2 -rw---. 1 cyrus mail 144 Jan 19 12:20 deliver.db drwx--. 2 cyrus mail 4096 Mar 15 2012 log -rw---. 1 root root 144 Jan 14 07:13 mailboxes.db drwx--. 2 cyrus mail 4096 Mar 15 2012 md5 drwx--. 2 cyrus mail 4096 Mar 15 2012 meta drwx--. 2 cyrus mail 4096 Mar 15 2012 msg drwx--. 2 cyrus mail 4096 Mar 15 2012 proc drwx--. 2 cyrus mail 4096 Mar 15 2012 ptclient drwx--. 2 cyrus mail 4096 Mar 15 2012 quota drwx--. 2 cyrus mail 4096 Jan 19 15:29 rpm drwx--. 2 cyrus mail 4096 Mar 15 2012 sieve drwxr-x---. 2 cyrus mail 4096 Jan 19 19:37 socket drwx--. 2 cyrus mail 4096 Mar 15 2012 sync drwx--. 2 cyrus mail 4096 Mar 15 2012 user ls -ld /var/spool/imap drwxr-x---. 4 cyrus mail 4096 Jan 19 11:39 /var/spool/imap ls -l /var/spool/imap total 8 drwxr-xr-x. 2 cyrus mail 4096 Jan 19 11:39 stage. drwxr-xr-x. 2 cyrus mail 4096 Jan 19 11:39 sync. stage. and sync. are empty The only possibility I see above is mailboxes.db is root:root IS THIS THE PROBLEM? I assume this was created during: [root@dell2600 ~]# su cyrus bash-4.2$ /usr/lib/cyrus-imapd/mkimap Charles Bradshaw -- Original Message --- On: Sat, 19 Jan 2013 18:46:38 -0600, Dan wrote On 01/19/13 17:51 +, Charles Bradshaw wrote: I'm tying to configure cyrus-imap on a Fedora 17 system. cyrus-imapd version cyrus-imapd.i686 2.4.14-1.fc17 I have sendmail and saslauthd working using DIGEST-MD5 and CRAM-MD5 working. I have gone through the cyrus-imap configuration procedure, but when I try to start the server: # systemctl start cyrus-imapd.service Job failed. See system journal and 'systemctl status' for details. # systemctl status cyrus-imapd.service cyrus-imapd.service - Cyrus-imapd IMAP/POP3 email server Loaded: loaded (/usr/lib/systemd/system/cyrus-imapd.service; disabled) Active: failed (Result: exit-code) since Sat, 19 Jan 2013 13:29:32 +; 28s ago Process: 2049 ExecStartPre=/usr/lib/cyrus-imapd/cyr_systemd_helper start (code=exited, status=75) CGroup: name=systemd:/system/cyrus-imapd.service If I start the master process manually or in debug mode: # /usr/lib/cyrus-imapd/cyrus-master -D (or -d) fatal error: can't read mailboxes file ctl_cyrusdb: unable to archive environment On 01/19/13 18:17 +, Charles Bradshaw wrote: File permissions are: # cd /var/spool # ls -l imap total 8 drwxr-xr-x. 2 cyrus mail 4096 Jan 19 11:39 stage. drwxr-xr-x. 2 cyrus mail 4096 Jan 19 11:39 sync. [root@dell2600 spool]# ls -ld imap drwxr-x---. 4 cyrus mail 4096 Jan 19 11:39 imap # cd /var # ls -ld imap drwxr-x---. 2 cyrus mail 4096 Jan 19 11:32 imap Your 'configdirectory' option in /etc/imapd.conf should point to the location of your cyrus database files, including the mailboxes database. That directory, and all files underneath it, should be owned by cyrus:mail. If permissions look correct, please provide the contents of your /etc/imapd.conf file, and a directory listing of the 'configdirectory' directory. -- Dan White --- End of Original Message --- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyrus-imap configuration question SOLVED
Thanks All, Well yes, ahem.. obviously! Since I'm a complete beginner at this, who, what and how did the ownership of mailboxes.db get set wrongly in the first place? The script /usr/lib/cyrus-imapd/mkimap was run as user cyrus, as per the instructions. Surely cyrus CANNOT create a root owned file ?? Observation: Just as a quick experiment I changed mailboxes.db permissions to 666 and low it works! But something knows and changed the ownership to cyrus:mail with permissions 600 Something very fishy there. ~ o ~ While on the subject of incorrect permissions. The file /var/lib/imap/db/skipstamp was also root:root and causing this from systemctl status cyrus-imapd after a SUCCESSFUL start. Jan 20 12:15:44 blanked.com ctl_cyrusdb[1652]: DBERROR: writing /var/lib/imap/db/skipstamp: Permission denied I have know idea why these Permission denied messages are not in /var/log/messages, perhaps it has something to do with SELinux !! Thanks for all the help, Charles Bradshaw On: Sun, 20 Jan 2013 07:20:18 -0400, Patrick wrote: On 01/20/2013 06:40 AM, Charles Bradshaw wrote: Thanks Dan, Here are the details you asked for. My /etc/imapd.conf : configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: auxprop sasl_mech_list: PLAIN DIGEST-MD5 CRAM-MD5 sasl_auxprop_plugin:sasldb #allowplaintext: no #defaultdomain: mail tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt # uncomment this if you're operating in a DSCP environment (RFC-4594) # qosmarking: af13 I have played with allowplaintext and defaultdomain. For the record the 3 sasl_... values are the same as the entries in /etc/sasl2/Sendmail.conf Directory ownership: ls -ld /var/lib/imap drwxr-x---. 18 cyrus mail 4096 Jan 19 19:37 lib/imap ls -l lib/imap total 72 drwx--. 2 cyrus mail 4096 Jan 20 03:35 backup drwx--. 2 cyrus mail 4096 Jan 19 19:37 db drwx--. 2 cyrus mail 4096 Jan 19 19:37 db.backup1 drwx--. 2 cyrus mail 4096 Jan 19 16:45 db.backup2 -rw---. 1 cyrus mail 144 Jan 19 12:20 deliver.db drwx--. 2 cyrus mail 4096 Mar 15 2012 log -rw---. 1 root root 144 Jan 14 07:13 mailboxes.db drwx--. 2 cyrus mail 4096 Mar 15 2012 md5 drwx--. 2 cyrus mail 4096 Mar 15 2012 meta drwx--. 2 cyrus mail 4096 Mar 15 2012 msg drwx--. 2 cyrus mail 4096 Mar 15 2012 proc drwx--. 2 cyrus mail 4096 Mar 15 2012 ptclient drwx--. 2 cyrus mail 4096 Mar 15 2012 quota drwx--. 2 cyrus mail 4096 Jan 19 15:29 rpm drwx--. 2 cyrus mail 4096 Mar 15 2012 sieve drwxr-x---. 2 cyrus mail 4096 Jan 19 19:37 socket drwx--. 2 cyrus mail 4096 Mar 15 2012 sync drwx--. 2 cyrus mail 4096 Mar 15 2012 user ls -ld /var/spool/imap drwxr-x---. 4 cyrus mail 4096 Jan 19 11:39 /var/spool/imap ls -l /var/spool/imap total 8 drwxr-xr-x. 2 cyrus mail 4096 Jan 19 11:39 stage. drwxr-xr-x. 2 cyrus mail 4096 Jan 19 11:39 sync. stage. and sync. are empty The only possibility I see above is mailboxes.db is root:root IS THIS THE PROBLEM? mailboxes.db should be owned by cyrus user. I assume this was created during: [root@dell2600 ~]# su cyrus bash-4.2$ /usr/lib/cyrus-imapd/mkimap Charles Bradshaw -- Original Message --- On: Sat, 19 Jan 2013 18:46:38 -0600, Dan wrote On 01/19/13 17:51 +, Charles Bradshaw wrote: I'm tying to configure cyrus-imap on a Fedora 17 system. cyrus-imapd version cyrus-imapd.i686 2.4.14-1.fc17 I have sendmail and saslauthd working using DIGEST-MD5 and CRAM-MD5 working. I have gone through the cyrus-imap configuration procedure, but when I try to start the server: # systemctl start cyrus-imapd.service Job failed. See system journal and 'systemctl status' for details. # systemctl status cyrus-imapd.service cyrus-imapd.service - Cyrus-imapd IMAP/POP3 email server Loaded: loaded (/usr/lib/systemd/system/cyrus-imapd.service; disabled) Active: failed (Result: exit-code) since Sat, 19 Jan 2013 13:29:32 +; 28s ago Process: 2049 ExecStartPre=/usr/lib/cyrus-imapd/cyr_systemd_helper start (code=exited, status=75) CGroup: name=systemd:/system/cyrus-imapd.service If I start the master process manually or in debug mode: # /usr/lib/cyrus-imapd/cyrus-master -D (or -d) fatal error: can't read mailboxes file ctl_cyrusdb: unable to archive environment On 01/19/13 18:17 +, Charles Bradshaw wrote: File permissions are: # cd /var/spool # ls -l imap total 8 drwxr-xr-x. 2 cyrus mail 4096 Jan 19 11:39 stage. drwxr-xr-x. 2 cyrus mail 4096 Jan 19 11:39 sync. [root@dell2600 spool]# ls -ld imap drwxr-x---. 4 cyrus mail 4096 Jan 19 11:39
cyrus-imap configuration question
I'm tying to configure cyrus-imap on a Fedora 17 system. cyrus-imapd version cyrus-imapd.i686 2.4.14-1.fc17 I have sendmail and saslauthd working using DIGEST-MD5 and CRAM-MD5 working. I have gone through the cyrus-imap configuration procedure, but when I try to start the server: # systemctl start cyrus-imapd.service Job failed. See system journal and 'systemctl status' for details. # systemctl status cyrus-imapd.service cyrus-imapd.service - Cyrus-imapd IMAP/POP3 email server Loaded: loaded (/usr/lib/systemd/system/cyrus-imapd.service; disabled) Active: failed (Result: exit-code) since Sat, 19 Jan 2013 13:29:32 +; 28s ago Process: 2049 ExecStartPre=/usr/lib/cyrus-imapd/cyr_systemd_helper start (code=exited, status=75) CGroup: name=systemd:/system/cyrus-imapd.service If I start the master process manually or in debug mode: # /usr/lib/cyrus-imapd/cyrus-master -D (or -d) fatal error: can't read mailboxes file ctl_cyrusdb: unable to archive environment At this point ps -A reports: cyrus-master imapd defunct imapd pop3 defunct pop3d lmtpd Top reports imapd pop3d are sporning and are being zombied at a rate of about 1 second! Surely this is not right? Looks like the deamons are crashing imediately! Telnet seems to connect, but there is NO imap OK .. Ready response: $ telnet localhost 143 (or 993) Trying ::1... Connected to localhost. Escape character is '^]'. The telnet connection must then be killed. Similarly if I run imtest or cyradm both just hang. Am I doing something wrong? Thanks in advance, Charles Bradshaw Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
cyrus-imap configuration questions
I'm tying to configure cyrus-imap on a Fedora 17 Linux version 3.6.11-5.fc17.i686.PAE. cyrus-imapd version cyrus-imapd.i686 2.4.14-1.fc17 I have sendmail and saslauthd working using DIGEST-MD5 and CRAM-MD5 working. I have gone through the cyrus-imap configuration procedure, but when I try to start the server: # systemctl start cyrus-imapd.service Job failed. See system journal and 'systemctl status' for details. # systemctl status cyrus-imapd.service cyrus-imapd.service - Cyrus-imapd IMAP/POP3 email server Loaded: loaded (/usr/lib/systemd/system/cyrus-imapd.service; disabled) Active: failed (Result: exit-code) since Sat, 19 Jan 2013 13:29:32 +; 28s ago Process: 2049 ExecStartPre=/usr/lib/cyrus-imapd/cyr_systemd_helper start (code=exited, status=75) CGroup: name=systemd:/system/cyrus-imapd.service If I start the master process manually or in debug mode: # /usr/lib/cyrus-imapd/cyrus-master -D (or -d) fatal error: can't read mailboxes file ctl_cyrusdb: unable to archive environment At this point ps -A reports: cyrus-master imapd defunct imapd pop3 defunct pop3d lmtpd Top reports imapd pop3d are sporning and being zombied at a rate of about 1 second. Also 2 dual core 2.40Ghz processors are using 98% CPU! Surely this is not right? As soon as I kill cyrus-master my processor load reduces to 10,0,5 and 0%. Looks very much like the deamons are crashing imediately! Telnet seems to connect, but there is NO imap OK .. Ready response: # telnet localhost 143 (or 993) Trying ::1... Connected to localhost. Escape character is '^]'. The telnet connection must then be killed. Similarly if I run imtest or cyradm both just hang. Am I doing something wrong? Thanks in advance, Charles Bradshaw Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyrus-imap configuration question
File permissions are: # cd /var/spool # ls -l imap total 8 drwxr-xr-x. 2 cyrus mail 4096 Jan 19 11:39 stage. drwxr-xr-x. 2 cyrus mail 4096 Jan 19 11:39 sync. [root@dell2600 spool]# ls -ld imap drwxr-x---. 4 cyrus mail 4096 Jan 19 11:39 imap # cd /var # ls -ld imap drwxr-x---. 2 cyrus mail 4096 Jan 19 11:32 imap Date: Sat, 19 Jan 2013 19:12:41 +0100 Download Re: cyrus-imap configuration question .msg From: J. Roeleveld jo...@antarean.orgImport addresses jo...@antarean.org Block email jo...@antarean.org Block SMTP Relay smtp2.tb.mail.iss.as9143.net To: b...@bradcan.homelinux.com, Charles Bradshaw b...@bradcan.homelinux.com, info-cyru . Subject: Re: cyrus-imap configuration question All headers Charles Bradshaw b...@bradcan.homelinux.com wrote: I'm tying to configure cyrus-imap on a Fedora 17 system. cyrus-imapd version cyrus-imapd.i686 2.4.14-1.fc17 I have sendmail and saslauthd working using DIGEST-MD5 and CRAM-MD5 working. I have gone through the cyrus-imap configuration procedure, but when I try to start the server: # systemctl start cyrus-imapd.service Job failed. See system journal and 'systemctl status' for details. # systemctl status cyrus-imapd.service cyrus-imapd.service - Cyrus-imapd IMAP/POP3 email server Loaded: loaded (/usr/lib/systemd/system/cyrus-imapd.service; disabled) Active: failed (Result: exit-code) since Sat, 19 Jan 2013 13:29:32 +; 28s ago Process: 2049 ExecStartPre=/usr/lib/cyrus-imapd/cyr_systemd_helper start (code=exited, status=75) CGroup: name=systemd:/system/cyrus-imapd.service If I start the master process manually or in debug mode: # /usr/lib/cyrus-imapd/cyrus-master -D (or -d) fatal error: can't read mailboxes file ctl_cyrusdb: unable to archive environment At this point ps -A reports: cyrus-master imapd defunct imapd pop3 defunct pop3d lmtpd Top reports imapd pop3d are sporning and are being zombied at a rate of about 1 second! Surely this is not right? Looks like the deamons are crashing imediately! Telnet seems to connect, but there is NO imap OK .. Ready response: $ telnet localhost 143 (or 993) Trying ::1... Connected to localhost. Escape character is '^]'. The telnet connection must then be killed. Similarly if I run imtest or cyradm both just hang. Am I doing something wrong? Thanks in advance, Charles Bradshaw Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
