Re: archive and downgrade
On Fri, 23 Mar 2018 18:41:47 +0100 (CET) Gabriele Bulfon wrote: > for some reasons, I had to move old folders onto an older system for > archiving. I would probably move via IMAP. -- Papst Franziskus ruft zum Kampf gegen Fake News auf. Wir finden, der Mann, der sich als Stellvertreter Christi ausgibt, von dem er behauptet, dessen Mutter sei zeitlebens Jungfrau gewesen, er hätte über Wasser gehen und selbiges in Wein verwandeln können, hat vollkommen recht. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Why Cyrus?
On Thu, 18 Jan 2018 09:13:14 +0100 Binarus wrote: > I do not know if this is still the case, but this experience shows > that you should test *every possible client software* you (the > customer) could use with Dovecot, and that you should set up all IMAP > features and test if any actions you will carry out in the future > will work. This is still the case with recent dovecot versions. Obviously, you can mark messages as deleted and then purge them later instead of moving them. Furthermore, dovecot can't handle quotas in public namespace. Chris -- Papst Franziskus ruft zum Kampf gegen Fake News auf. Wir finden, der Mann, der sich als Stellvertreter Christi ausgibt, von dem er behauptet, dessen Mutter sei zeitlebens Jungfrau gewesen, er hätte über Wasser gehen und selbiges in Wein verwandeln können, hat vollkommen recht. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: ACL inheritance in Shared Namespace
Ken Murchison via Info-cyrus wrote: > Unless someone other than me changed the code, ACL inheritance only > applies to mailbox creation. Once a mailbox exists, its ACL is > independent of all others. Thank you for your quick reply. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
ACL inheritance in Shared Namespace
All, is ACL inheritance possible in shared namespace? If I revoke access for someone in folderA/, does this also apply to folderA/subfolderA1? Thank you in advance. - Chris Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: How Do i get last lgin date for all my users
On 2013-04-13 09:26, Adam Tauno Williams wrote: On Sat, 2013-04-13 at 12:56 +0100, Charles Bradshaw wrote: This seems very unreliable, slow, and hacky. When I login to my e-mail the system typically tells me the last time I logged in [at least to that app]. Doesn't the meta-data in the IMAP server 'know' this information? at one point I was using the fud-client for this. But of late versions I have not been able to get it working. Once I upgrade to 2.5 I will try again. C. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
small patch to disable openssl compression
Hi - This patch disables openssl compression - not sure if this is a security risk or not... but, I don't think I like the encryption library performing compression anyway, it's complicated already. Maybe. Chris diff -rupN cyrus-imapd-2.4.17/imap/tls.c cyrus-imapd-2.4.17.f/imap/tls.c --- cyrus-imapd-2.4.17/imap/tls.c 2012-12-01 19:57:54.0 + +++ cyrus-imapd-2.4.17.f/imap/tls.c 2013-01-18 15:27:58.0 + @@ -667,6 +667,11 @@ int tls_init_serverengine(const char off |= SSL_OP_NO_SSLv3; } SSL_CTX_set_options(s_ctx, off); + +#ifdef SSL_OP_NO_COMPRESSION +SSL_CTX_set_options(s_ctx, SSL_OP_NO_COMPRESSION); +#endif + SSL_CTX_set_info_callback(s_ctx, (void (*)()) apps_ssl_info_callback); /* Don't use an internal session cache */ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Migrating seen database
On 2012-11-15 15:34, Dan White wrote: On 11/15/12 11:59 +1100, Puthick Hok wrote: Hi, I am migrating my cyrus imap from the current server with cyrus 2.3.7 to a new server with better hardware running cyrus 2.3.16. I've googled for the command to dump the seen database in /var/lib/imap/user/... without success. I have played with some the cyrus command on my inbox and it made all my emails unread. Fortunately, only my inbox is affected. It's scary. I have copied the binary files including the sub database. The subscription or subfolder (sub database) seems to ok but the seen database is not very good. Some of my sub folders get all emails unread which is wrong. My work around if I cannot find a way to copy the seen database would be ask everyone to create a folder called Read and create a Thunderbird rule to move all read emails to this folder prior to migration. However, there should be a better way than this, except that I don't know it. I hope someone can give me some advices to deal with this problem. You could use an imap synchronization program (like imapsync) to transfer your emails, which will transfer your seen state in a portable format (IMAP). Hello, My first instinct when I made an upgrade from an antique 2.2.x installation to a 2.3.16 was to use imapsync; but that proved to be cumbersome and also quite slow. In practice, cyrus upgraded databases perfectly from even such an old install, and I simply copied via rsync the spools and databases and the seen files and had zero issues other than a corrupted tls database that I simply deleted and moved on. When you copy the databases and seen files to the new server, it doesn't work correctly? I am surprised by this. Chris Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Migrating seen database
On 2012-11-15 15:51, Bron Gondwana wrote: On Thu, Nov 15, 2012, at 09:46 PM, Chris Conn wrote: On 2012-11-15 15:34, Dan White wrote: On 11/15/12 11:59 +1100, Puthick Hok wrote: Hi, I am migrating my cyrus imap from the current server with cyrus 2.3.7 to a new server with better hardware running cyrus 2.3.16. When you are upgrading 2.3.x to 2.4.x it does an in-place mailbox conversion the first time you open it. This conversion copies some data from the .seen file into the cyrus.index. Bron. unless its a typo, he is upgrading to 2.3.16? If its a typo and the upgrade is to 2.4 from 2.3.7 my experience is not applicable to this situation. Chris Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: what does cyrus support through ldap?
On 2012-04-24 15:42, Jules Agee wrote: On 04/24/2012 02:00 AM, Martin Kraus wrote: Hi. I hoped that cyrus would be managable through ldap but that doesn't seem to be the case. Is the cyrus ldap support strictly for authentication? It's just that sasl can do that as well. I'd like to know if there are other options to managing mailboxes besides calling perl scripts. I need to come up with some kind of a graphical interface to manage mailboxes and I'm looking for the available options to interface with cyrus. thanks Martin we use an apparently old cyradm library from a PHP script to add, delete and modify LDAP configs for our mailboxes. Its called php-cyradm http://stocker.bz/cyrus-tools/php-cyradm-2.0.1.tar.bz2 We had to tweak a few things but its quite solid. We stole the library functions in cyradm-php.lib of this to call in our own system Chris Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: RPMs for cyrus-imapd v2.4.13?
On 2012-01-19 11:40, Rosenbaum, Larry M. wrote: Are there any RPMs available yet for cyrus-imapd v2.4.13? We're running RHEL6. Larry M. Rosenbaum Oak Ridge National Laboratory http://www.invoca.ch/pub/packages/cyrus-imapd/ I built them on a Centos 6.2 server and they worked well in my setup. Chris Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: sieve and SASL
IMPLEMENTATION Cyrus timsieved v2.4.8-Invoca-RPM-2.4.8-1.el4 SASL PLAIN SIEVE comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy STARTTLS OK Other question, do you have cyrus-sasl-plain installed? Thanks, Simon Hello, Thank you for pointing out the obvious, no, cyrus-sasl-plain was AWOL from the system. I owe you a chilly beverage. C. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
sieve and SASL
Hello, I am trying to get sieve working with a RPM distro of Cyrus I built using Invoca. I believe my problem is caused by timsieved not advertising LOGIN or PLAIN capability and causing the client (horde/ingo) to fail`; IMPLEMENTATION Cyrus timsieved v2.4.8-Invoca-RPM-2.4.8-1.el6 SASL SIEVE comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy STARTTLS OK after SASL is , which usually has; SASL PLAIN in other implementations I have seen. The error I see in horde/ingo is; There was an error activating the script. The driver said: No supported authentication method found. The server supports these methods: , but we only support: DIGEST-MD5,CRAM-MD5,EXTERNAL,PLAIN,LOGIN I note that horde/ingo seems to not see any useable authentication methods and therefore fails. Is there something I forgot to set somewhere to allow sieve to use PLAIN or LOGIN? Thank you, Chris C. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Upgrading from 2.3 to til 2.4
BTW: What happened to the rpms published by Simon Matter? Nothing to be found at http://www.invoca.ch/pub/packages/cyrus-imapd/ recently. -psi Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ http://www.invoca.ch/pub/packages/cyrus-imapd/pkg/ils-5/SRPMS/ This seems pretty recent. C. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: disconnect_on_vanished_mailbox
No. This kind of bogus, racy, non-deterministing messing is precisely what the strong consistent locking design of Cyrus 2.4 is designed to avoid! You could always: cd /var/imap/proc; grep -l $username * | xargs kill if you actually want to kill the user connections. Bron. Trust me, I despise this method and have hit people over the head, literally. I don't know who came up with this scheme but I have always disagreed with its use; severe reverse-learning is in order. I was actually looking to have the management script check the proc files to see if there was an active process on a mailbox and deny the rename if that was the case. Guess its my only option, and it sounds good. Thanks, Chris Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
disconnect_on_vanished_mailbox
Hello, I am looking at this option for 2.4.5; disconnect_on_vanished_mailbox: 1 If enabled, IMAP/POP3/NNTP clients will be disconnected by the server if the currently selected mailbox is (re)moved by another session. Otherwise, the missing mailbox is treated as empty while in use by the client. Some techs have the nasty habit of renaming mailboxes as some sort of means to remove POP3 locks on a dead customer session. This renaming atrocity seems to work on pop3 clients, however my tests show that if we rename a mailbox on a active IMAP connection, the rename works, however the original mailbox is only deleted once the socket times out or the client closes his client. I was hoping this option would disconnect the IMAP client, as I added a pop3test to try and remove the IMAP mailbox lock on the old mailbox, but to no avail. The end result is a duplicate account, mail is moved to the new mailbox and we have to manually move back the mailbox name. Is there any way I can cheat on a mailbox lock to allow a rename when an active IMAP connection is on that locked mailbox? Chris Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
toying with SIEVE and ldap
Hello, I'm toying with a Horde module that allows to create SIEVE filters and store them in an ldap directory. This works, however I haven't found any documentation as to how it might be (is it?) possible to read these filters from the mailSieveRuleSource: of a ldap dn. The module is Ingo, and it seems to convert a vacation message into; mailSieveRuleSource:: IyBTaWV2ZSBGaWx0ZXIKIyBHZW5lcmF0ZWQgYnkgSW5nbyAoaHR0cDov L3d3dy5ob3JkZS5vcmcvaW5nby8pICgxMi8wMS8yMDEwLCAxMTo0NjoxNCBBTSkKCnJlcXVpcmUgW yJ2YWNhdGlvbiIsICJyZWdleCJdOwoKIyBWYWNhdGlvbgppZiBhbGxvZiAoIG5vdCBleGlzdHMgWy JsaXN0LWhlbHAiLCAibGlzdC11bnN1YnNjcmliZSIsICJsaXN0LXN1YnNjcmliZSIsICJsaXN0LW9 3bmVyIiwgImxpc3QtcG9zdCIsICJsaXN0LWFyY2hpdmUiLCAibGlzdC1pZCIsICJNYWlsaW5nLUxp c3QiXSwgbm90IGhlYWRlciA6Y29tcGFyYXRvciAiaTthc2NpaS1jYXNlbWFwIiA6aXMgIlByZWNlZ GVuY2UiIFsibGlzdCIsICJidWxrIiwgImp1bmsiXSwgbm90IGhlYWRlciA6Y29tcGFyYXRvciAiaT thc2NpaS1jYXNlbWFwIiA6bWF0Y2hlcyAiVG8iICJNdWx0aXBsZSByZWNpcGllbnRzIG9mKiIgKSB 7IAogICAgaWYgaGVhZGVyIDpyZWdleCAiUmVjZWl2ZWQiICJeLiooMjAxMCkgKFxcKC4qXFwpICk/ Li46Li46Li4gKFxcKC4qXFwpICk/KChcXCt8XFwtKVtbOmRpZ2l0Ol1dezR9fC57MSw1fSkoIFxcK C4qXFwpKT8kIiB7CiAgICB9Cgp9Cg== Is there a way to get Cyrus to read this and apply the sieve filter? Thanks, Chris Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Sync_client fails after upgrade 2.3.16 to 2.4.4
on replica user.user - 41 43 Nov 29 04:19:07 node2 sync_client[17881]: MAILBOX received NO response: IMAP_MAILBOX_CRC Checksum Failure Nov 29 04:19:07 node2 sync_client[17881]: do_folders(): update failed: user.user 'Mailbox format corruption detected' Nov 29 04:19:07 node2 sync_client[17881]: MAILBOX received NO response: IMAP_MAILBOX_CRC Checksum Failure Nov 29 04:19:07 node2 sync_client[17881]: CRC failure on sync for user.user, trying full update Nov 29 04:19:07 node2 sync_client[17881]: IOERROR: opening /var/spool/imap/u/user/user/22.: No such file or directory Nov 29 04:19:07 node2 sync_client[17880]: process 17881 exited, signaled to death by 6 reconstruct and start again; Nov 29 04:19:20 node2 syncserver[17904]: IOERROR: failed to parse /var/spool/imap/sync./17904/3a4cfcd97496017d40cb8be29682920eef0da4e7 Nov 29 04:19:20 node2 syncserver[17904]: Failed to append file user.user 16 Nov 29 04:21:16 node2 sync_client[27906]: MAILBOX received NO response: IMAP_MAILBOX_CRC Checksum Failure Nov 29 04:21:17 node2 sync_client[27906]: CRC failure on sync for user.cconn, trying full update Nov 29 04:21:17 node2 sync_client[27906]: MAILBOX received NO response: IMAP_MAILBOX_CRC Checksum Failure Nov 29 04:21:17 node2 sync_client[27906]: CRC failure on sync for user.user, trying full update Nov 29 04:21:17 node2 sync_client[27906]: FETCH received NO response: IMAP_MAILBOX_NONEXISTENT No Such Mailbox Nov 29 04:21:17 node2 sync_client[27905]: process 27906 exited, signaled to death by 6 meanwhile on the master; Nov 29 04:21:16 node1 syncserver[2525]: higher modseq on replica user.cconn - 433 434 Nov 29 04:21:17 node1 syncserver[2525]: higher modseq on replica user.user - 45 46 Nov 29 04:21:44 node1 sync_client[2501]: MAILBOX received NO response: System I/O error Nov 29 04:21:44 node1 sync_client[2501]: do_folders(): update failed: user.user 'The remote Server(s) denied the operation' Nov 29 04:21:52 node1 sync_client[2501]: MAILBOX received NO response: System I/O error Nov 29 04:21:52 node1 sync_client[2501]: do_folders(): update failed: user.user 'The remote Server(s) denied the operation' Nov 29 04:21:52 node1 sync_client[2501]: IOERROR: The remote Server(s) denied the operation Nov 29 04:21:52 node1 sync_client[2501]: Error in do_sync(): bailing out! The remote Server(s) denied the operation Nov 29 04:21:52 node1 sync_client[2501]: Processing sync log file /var/lib/imap/sync/log-2500 failed: The remote Server(s) denied the operation Nov 29 04:21:52 node1 sync_client[2500]: process 2501 exited, status 1 Nov 29 04:23:32 node1 syncserver[12603]: higher modseq on replica user.user - 45 46 Nov 29 04:23:39 node1 sync_client[12580]: MAILBOX received NO response: System I/O error Nov 29 04:23:39 node1 sync_client[12580]: do_folders(): update failed: user.user 'The remote Server(s) denied the operation' Nov 29 04:23:46 node1 sync_client[12580]: MAILBOX received NO response: System I/O error Nov 29 04:23:46 node1 sync_client[12580]: do_folders(): update failed: user.user 'The remote Server(s) denied the operation' Nov 29 04:23:46 node1 sync_client[12580]: IOERROR: The remote Server(s) denied the operation Nov 29 04:23:46 node1 sync_client[12580]: Error in do_sync(): bailing out! The remote Server(s) denied the operation Nov 29 04:23:46 node1 sync_client[12580]: Processing sync log file /var/lib/imap/sync/log-12579 failed: The remote Server(s) denied the operation Nov 29 04:35:52 node1 reconstruct[10397]: user.user uid 16 not found Nov 29 04:36:09 node1 reconstruct[10399]: user.user: updating sync_crc = 482C1C6F so my only solution was to delete the 16. file under user.user, which was an email that was successfully replicated at 00:15 am that same day. So is this the same bug? In any case, this happens every day when the logrotate emails get sent from master to slave and slave to master, as they are sending a different email to the same mailbox roughly at the same time. Hopefully running 2.4.5 will avoid this? Chris Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Sync_client fails after upgrade 2.3.16 to 2.4.4
I didn't think that the slave was supposed to be setup to accept incoming mail? http://comments.gmane.org/gmane.mail.imap.cyrus/33805 Hello, Hmm I hadn't read that. I was aware that doing it in a high volume scenario was problematic, but was under the impression that an occasional delivery here and there was theoretically possible. Its pretty amazing since I test it manually and I can send to either one or the other and replication happens correctly; however, when the stupid logrotate message gets sent on the slave within seconds of a similar message being sent on the master, things die. People that use replication as a quasi-hot standby server in the case the master goes down/needs maintenance etc, etc, how do you deal with locally generated mails that will eventually get delivered to a cyrus mailbox on the master to which this is the slave? Chris Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Sync_client fails after upgrade 2.3.16 to 2.4.4
Hmm I hadn't read that. I was aware that doing it in a high volume scenario was problematic, but was under the impression that an occasional delivery here and there was theoretically possible. Its pretty amazing since I test it manually and I can send to either one or the other and replication happens correctly; however, when the stupid logrotate message gets sent on the slave within seconds of a similar message being sent on the master, things die. Must be a timing issue that sync_client can't handle. Clearly. A cronjob I made to echo to the stdout every minute on both the master and the slave causes instant death to replication. I don't have to wait until tomorrow morning to find out. I am going to find a way to pipe locally generated mail to a process that smarthosts/mailhubs to the master. Hopefully someday cyrus will be able to handle inbound emails on replicated systems, as well as pop3/imap traffic. The world would be ideal :) C. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Sync_client fails after upgrade 2.3.16 to 2.4.4
On 2010-11-29 16:49, Bron Gondwana wrote: So set the clocks on the machines out by a few more seconds and you'll be fine. Seriously - the problem is that it works when you test manually because they're not happening at the same time. things die because replication is asynchronous, and the same UID gets allocated to messages with different content! That said - it should be able to resolve the situation without crashing. When we shut down one end, we bring up the other. Downtime is a couple of seconds maximum. Everything gets delivered to postfix locally which forwards to an LMTP proxy which knows which host is the master, and delivers appropriately. Most MTAs are happy to spool locally generated mail until the server is back up. Store and forward. Bron. Hello, First, I hope my comments were not taken as criticism of the Cyrus model, I like Cyrus enormously and am glad to deploy it ;) I am working instead on a second sendmail process that listens on localhost to forward all mail to the master in order to avoid this issue. I might disable sendmail on the public IP of the slave entirely unless I need to temporarily use the slave and bring down the master for whatever reason. Glad its just architectural. Thanks again, Chris Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: disable IMAP IDLE
The RFC for the IDLE says: This document specifies the syntax of an IDLE command, which will allow a client to tell the server that it's ready to accept such real-time updates. This doesn't say anything about keeping connections open, it only talks about the near-instant new email notification. -Chris On 11/23/2010 10:01 AM, Ron Vachiyer wrote: Date: Tue, 23 Nov 2010 14:44:34 + From: i...@sussex.ac.uk To: prout...@hotmail.com; info-cyrus@lists.andrew.cmu.edu Subject: Re: disable IMAP IDLE --On 22 November 2010 18:40:37 -0500 Ron Vachiyer prout...@hotmail.com wrote: Hello, I thought it was possible in Cyrus to disable the IDLE functionality, either with imapidlepoll: 0 in imapd.conf, or by commenting idled in cyrus.conf. However, having both disabled, clients still connect and maintain their socket open on tcp 143. Is it not possible or am I going about it wrong? I thought sessions remained open for efficiency, regardless of IDLE, until closed by the client or 30 minutes have elapsed. IDLE just lets the server notify the client if new email arrives, doesn't it? Even without IDLE, there are benefits in leaving the session open. Hello, I won't argue since clearly I am in the minority ;) Using courier-imap on our Plesk servers, TCP/143 is closed after every new mail verification. A dovecot server I checked does the same. Cyrus seems to allow the session to be maintained, and yes, it does not advertise IDLE. Below is an example courier-imap capability; * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2004 Double Precision, Inc. See COPYING for distribution information. . CAPABILITY * CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA ACL ACL2=UNION STARTTLS this one is cyrus 2.4.4 . capability * CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS AUTH=PLAIN SASL-IR ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY X-NETSCAPE COMPRESS=DEFLATE . OK Completed I was asked by IT to not permit IDLE since the current server went down after 4-500 blackberries ate up all the (limited) capabilities of that machine.Perhaps I am looking in the wrong place, the point is the demand I am facing is to have IMAP that essentially behaves as a POP3 client when it comes to inbox scans. I believe there was an issue as well where POP clients using outlook would cause mailbox corruption when they popped a mailbox being maintained by a blackberry connected via IMAP. R. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: disable IMAP IDLE
IDLE does require the session to stay open. But the server doesn't have to support IDLE for the client to keep the connection open. -Chris On 11/23/2010 11:20 AM, Ian Eiloart wrote: --On 23 November 2010 10:19:28 -0500 Chris Mattingly ch...@camattin.com wrote: The RFC for the IDLE says: This document specifies the syntax of an IDLE command, which will allow a client to tell the server that it's ready to accept such real-time updates. This doesn't say anything about keeping connections open, it only talks about the near-instant new email notification. IDLE requires the session to remain open, doesn't it? After all, nothing in the spec allows the client to say how it can be contacted. The open session is used for the notification. In fact, RFC 2177 says this about keeping sessions open: The server MAY consider a client inactive if it has an IDLE command running, and if such a server has an inactivity timeout it MAY log the client off implicitly at the end of its timeout period. Because of that, clients using IDLE are advised to terminate the IDLE and re-issue it at least every 29 minutes to avoid being logged off. This still allows a client to receive immediate mailbox updates even though it need only poll at half hour intervals. -Chris On 11/23/2010 10:01 AM, Ron Vachiyer wrote: Date: Tue, 23 Nov 2010 14:44:34 + From: i...@sussex.ac.uk To: prout...@hotmail.com; info-cyrus@lists.andrew.cmu.edu Subject: Re: disable IMAP IDLE --On 22 November 2010 18:40:37 -0500 Ron Vachiyer prout...@hotmail.com wrote: Hello, I thought it was possible in Cyrus to disable the IDLE functionality, either with imapidlepoll: 0 in imapd.conf, or by commenting idled in cyrus.conf. However, having both disabled, clients still connect and maintain their socket open on tcp 143. Is it not possible or am I going about it wrong? I thought sessions remained open for efficiency, regardless of IDLE, until closed by the client or 30 minutes have elapsed. IDLE just lets the server notify the client if new email arrives, doesn't it? Even without IDLE, there are benefits in leaving the session open. Hello, I won't argue since clearly I am in the minority ;) Using courier-imap on our Plesk servers, TCP/143 is closed after every new mail verification. A dovecot server I checked does the same. Cyrus seems to allow the session to be maintained, and yes, it does not advertise IDLE. Below is an example courier-imap capability; * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2004 Double Precision, Inc. See COPYING for distribution information. . CAPABILITY * CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA ACL ACL2=UNION STARTTLS this one is cyrus 2.4.4 . capability * CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS AUTH=PLAIN SASL-IR ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY X-NETSCAPE COMPRESS=DEFLATE . OK Completed I was asked by IT to not permit IDLE since the current server went down after 4-500 blackberries ate up all the (limited) capabilities of that machine.Perhaps I am looking in the wrong place, the point is the demand I am facing is to have IMAP that essentially behaves as a POP3 client when it comes to inbox scans. I believe there was an issue as well where POP clients using outlook would cause mailbox corruption when they popped a mailbox being maintained by a blackberry connected via IMAP. R. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Odd problem: IMAP/S suddenly not working, but no errors, and IMAP still works
On 11/1/10 10:46 AM, Simon Matter wrote: Bron, My Cyrus is from RPM, and I am just nursing it along until my users finish migrating off and FastMail manages to complete my own migration, so I don't want to build from source. Why would IMAP/S block on empty /dev/random, while IMAP+STARTTLS works? FWIW, SASL2 seems to use urandom. If this is really stock CentOS 5 then I think everything Cyrus related should use /dev/urandom and not /dev/random. But, could it be that other software you installed uses /dev/random and makes it empty? Most things are CentOS RPMs (thanks for those! ;), with a few from RPMforge. [r...@inspector ~]# rpm -q cyrus-imapd amavisd-new clamav spamassassin postfix httpd mod_ssl cyrus-imapd-2.3.7-7.el5_4.3 amavisd-new-2.6.4-3.el5.rf clamav-0.96.4-1.el5.rf spamassassin-3.3.1-3.el5.rf postfix-2.3.3-2.1.el5_2 httpd-2.2.3-43.el5.centos.3 mod_ssl-2.2.3-43.el5.centos.3 Which still leaves me thinking my port 993 problem isn't entropy, because STARTTLS works fine. Chris [r...@inspector random]# strings /usr/lib/libsasl* |grep random /dev/urandom /dev/urandom But my /dev/random does seem quite low. Still surfing and looking for a good way to fill it on a mostly headless server -- I haven't found a good solution yet. Chris [r...@inspector ~]# ls -l /dev/*random crw-rw-rw- 1 root root 1, 8 Oct 31 02:05 /dev/random cr--r--r-- 1 root root 1, 9 Oct 31 02:05 /dev/urandom [r...@inspector ~]# cd /proc/sys/kernel/random [r...@inspector random]# more *|cat :: boot_id :: d3724e19-7462-4224-960b-49d5d3a18d7a :: entropy_avail :: 17 :: poolsize :: 4096 :: read_wakeup_threshold :: 64 :: uuid :: a3ed2323-e04d-4034-a72a-76b5d4b697f7 :: write_wakeup_threshold :: 128 On 10/31/10 9:26 PM, Bron Gondwana wrote: Sounds like your /dev/random is empty. You can compile with /dev/urandom or add a source of entropy... Chris Pepperpep...@cbio.mskcc.org wrote: mail.reppep.com (CentOS 5) is running cyrus-imapd-2.3.7-7.el5_4.3, along with SquirrelMail, postfix, etc. Last night, I noticed that when I sent mail from Thunderbird, it was not able to file copies in the Sent mailbox, although they did reach the recipients, so postfix was accepting mail on 587/tcp. I restarted Cyrus IMAPd but don't see any error messages in /var/log/maillog, and the cert key look fine. SquirrelMail is fine using plain IMAP. I opened 143/tcp in the firewall, and am able to fetch mail via IMAP with STARTTLS, so it looks like the cert and key are fine. But telnet mail.reppep.com 993 and openssl fail to get any response. Port 993 is open to the Internet, FWIW. Does anyone have any suggestions for what went wrong and/or how to fix? I'll try tcpdump next to see if it's responding at all. Alternatively, is there a way to make sure Cyrus requires STARTTLS on 143? I was blocking external access to it to make sure users always use encryption to connect, but port 143 with STARTTLS required would be an acceptable alternative. Thanks, Chris Pepper pep...@imp:~$ !openssl openssl s_client -connect www.reppep.com:993 CONNECTED(0003) 4284:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/SourceCache/OpenSSL098/OpenSSL098-32/src/ssl/s23_lib.c:188: [r...@inspector ~]# cat /etc/imapd.conf admins: cyrus altnamespace: yes configdirectory: /var/lib/imap duplicatesuppression: yes hashimapspool: no partition-default: /var/spool/imap servername: mail.reppep.com singleinstancestore: yes #syslog_prefix: cyrus unixhierarchysep: yes lmtp_downcase_rcpt: yes maxmessagesize: 20971520 sendmail: /usr/sbin/sendmail #quotawarn: 80 #allowplaintext: yes #allowplainwithouttls: yes sasl_pwcheck_method: saslauthd #imap_auth_login: yes #imap_auth_cram_md5: yes #imap_auth_plain: yes autocreateinboxfolders: Junk autocreatequota: -1 #autocreate_sieve_script: /etc/junk.sieve autocreate_sieve_compiledscript: /etc/sieve.bc autosievefolders: Junk autosubscribeinboxfolders: Junk createonpost: yes #sievedir: /var/lib/imap/sieve sieveusehomedir: true tls_ca_file: /etc/pki/tls/certs/mail.reppep.com.20100115.crt tls_cert_file: /etc/pki/tls/certs/mail.reppep.com.20100115.crt tls_key_file: /etc/pki/tls/private/mail.reppep.com.20080219.key tls_cipher_list: SSLv3:TLSv1:!NULL:!EXPORT:!DES:!LOW:@STRENGTH [r...@inspector ~]# ls -l /etc/pki/tls/certs/mail.reppep.com.20100115.crt /etc/pki/tls/private/mail.reppep.com.20080219.key -rw-r--r-- 1 root root 6466 Oct 1 17:13 /etc/pki/tls/certs/mail.reppep.com.20100115.crt -rw-r- 1 root mail 497 Feb 19 2008 /etc/pki/tls/private/mail.reppep.com.20080219.key [r...@inspector ~]# netstat -an|grep LIST|grep tcp|sort -n tcp0 0 0.0.0.0:110 0.0.0.0:* LISTEN tcp0
Re: Odd problem: IMAP/S suddenly not working, but no errors, and IMAP still works
On 11/1/10 10:41 AM, Dan White wrote: On 31/10/10 20:51 -0400, Chris Pepper wrote: Alternatively, is there a way to make sure Cyrus requires STARTTLS on 143? I was blocking external access to it to make sure users always use encryption to connect, but port 143 with STARTTLS required would be an acceptable alternative. You can set 'allowplaintext: 0' to disallow plaintext logins over port 143. That would require clients to perform a STARTTLS, or negotiate a SASL security layer which meets your 'sasl_minimum_layer:' setting. Excellent, thanks! allowplaintext: 0 I am leaving sasl_minimum_layer at default for now. LOGINDISABLED before STARTTLS is encouraging, but I don't know why Authentication failed. generic failure *after* STARTTLS. On the other hand, with allowplaintext: 0 and after restarting cyrus-imapd, I can still get mail, so I suspect this is exactly what I wanted. Thanks, Chris [r...@inspector ~]# imtest -u pepper -t localhost S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS LOGINDISABLED AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR] mail.reppep.com Cyrus IMAP4 v2.3.7-Invoca-RPM-2.3.7-7.el5_4.3 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS LOGINDISABLED AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH S: C01 OK Completed C: S01 STARTTLS S: S01 OK Begin TLS negotiation now verify error:num=19:self signed certificate in certificate chain TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits) C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=LOGIN SASL-IR ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH S: C01 OK Completed Please enter your password: C: A01 AUTHENTICATE PLAIN S: A01 NO authentication failure Authentication failed. generic failure Security strength factor: 256 -- Chris Pepper:http://cbio.mskcc.org/ http://www.extrapepperoni.com/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Odd problem: IMAP/S suddenly not working, but no errors, and IMAP still works
On 11/1/10 11:21 AM, Simon Matter wrote: On 11/1/10 10:46 AM, Simon Matter wrote: Bron, My Cyrus is from RPM, and I am just nursing it along until my users finish migrating off and FastMail manages to complete my own migration, so I don't want to build from source. Why would IMAP/S block on empty /dev/random, while IMAP+STARTTLS works? FWIW, SASL2 seems to use urandom. If this is really stock CentOS 5 then I think everything Cyrus related should use /dev/urandom and not /dev/random. But, could it be that other software you installed uses /dev/random and makes it empty? Most things are CentOS RPMs (thanks for those! ;), with a few from RPMforge. [r...@inspector ~]# rpm -q cyrus-imapd amavisd-new clamav spamassassin postfix httpd mod_ssl cyrus-imapd-2.3.7-7.el5_4.3 amavisd-new-2.6.4-3.el5.rf clamav-0.96.4-1.el5.rf spamassassin-3.3.1-3.el5.rf postfix-2.3.3-2.1.el5_2 httpd-2.2.3-43.el5.centos.3 mod_ssl-2.2.3-43.el5.centos.3 Which still leaves me thinking my port 993 problem isn't entropy, because STARTTLS works fine. That's my impression from the beginning, because lack of entropy has not been a known problem on the RHEL/CentOS configs. That's not much help of course. If you already restarted master and you know it's not stuck somehow, then the only thing I could think to check is your /var/lib/imap/tls_sessions.db database. I don't know if a broken TLS db could result in what you see but better check it out. Interesting. I moved tls_sessions.db aside restarted IMAPd, and it's apparently in a new format -- perhaps the default format has changed since it was first created. But 993 is still open but not responsive. I am going to try disabling Cyrus' IMAP/SSL and swapping in stunnel, as Rob @ FastMail has suggested as a workaround. Thanks, Chris [r...@inspector imap]# ls -l tls* -rw--- 1 cyrus mail 8192 Nov 1 11:27 tls_sessions.db -rw--- 1 cyrus mail 1976 Nov 1 11:27 tls_sessions.db.BAD [r...@inspector imap]# file tls* tls_sessions.db: Berkeley DB (Btree, version 9, native byte-order) tls_sessions.db.BAD: Cyrus skiplist DB -- Chris Pepper:http://cbio.mskcc.org/ http://www.extrapepperoni.com/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Odd problem: IMAP/S suddenly not working, but no errors, and IMAP still works
On 11/1/10 7:26 PM, Bron Gondwana wrote: On Sun, Oct 31, 2010 at 10:40:13PM -0400, Chris Pepper wrote: Bron, My Cyrus is from RPM, and I am just nursing it along until my users finish migrating off and FastMail manages to complete my own migration, so I don't want to build from source. Why would IMAP/S block on empty /dev/random, while IMAP+STARTTLS works? FWIW, SASL2 seems to use urandom. I really don't know to be honest - we don't run any ssl enabled imapds, we do all the ssl in nginx on the frontend. It sounds like Rob's workaround might be all you need though :) Neither do I. I decided to re-enable pop3 (which I don't use or allow, and had recently commented out) in cyrus.conf and restarted cyrus-imapd, and IMAP/SSL is working again! I commented it out and restarted Cyrus, and port 993 is still working. I'd say I just needed to restart the daemon, except I rebooted Saturday night after port 993 stopped working, so I don't know what's up. One interesting odd data point: after service cyrus-imapd stop, I still had a couple active connections to an imap daemon which was listening on port 993. I killed the process, but again that couldn't have persisted across the reboot I performed 1d19h ago. Bizarre! Thanks for everyone's suggestions. Chris Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Odd problem: IMAP/S suddenly not working, but no errors, and IMAP still works
mail.reppep.com (CentOS 5) is running cyrus-imapd-2.3.7-7.el5_4.3, along with SquirrelMail, postfix, etc. Last night, I noticed that when I sent mail from Thunderbird, it was not able to file copies in the Sent mailbox, although they did reach the recipients, so postfix was accepting mail on 587/tcp. I restarted Cyrus IMAPd but don't see any error messages in /var/log/maillog, and the cert key look fine. SquirrelMail is fine using plain IMAP. I opened 143/tcp in the firewall, and am able to fetch mail via IMAP with STARTTLS, so it looks like the cert and key are fine. But telnet mail.reppep.com 993 and openssl fail to get any response. Port 993 is open to the Internet, FWIW. Does anyone have any suggestions for what went wrong and/or how to fix? I'll try tcpdump next to see if it's responding at all. Alternatively, is there a way to make sure Cyrus requires STARTTLS on 143? I was blocking external access to it to make sure users always use encryption to connect, but port 143 with STARTTLS required would be an acceptable alternative. Thanks, Chris Pepper pep...@imp:~$ !openssl openssl s_client -connect www.reppep.com:993 CONNECTED(0003) 4284:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/SourceCache/OpenSSL098/OpenSSL098-32/src/ssl/s23_lib.c:188: [r...@inspector ~]# cat /etc/imapd.conf admins: cyrus altnamespace: yes configdirectory: /var/lib/imap duplicatesuppression: yes hashimapspool: no partition-default: /var/spool/imap servername: mail.reppep.com singleinstancestore: yes #syslog_prefix: cyrus unixhierarchysep: yes lmtp_downcase_rcpt: yes maxmessagesize: 20971520 sendmail: /usr/sbin/sendmail #quotawarn: 80 #allowplaintext: yes #allowplainwithouttls: yes sasl_pwcheck_method: saslauthd #imap_auth_login: yes #imap_auth_cram_md5: yes #imap_auth_plain: yes autocreateinboxfolders: Junk autocreatequota: -1 #autocreate_sieve_script: /etc/junk.sieve autocreate_sieve_compiledscript: /etc/sieve.bc autosievefolders: Junk autosubscribeinboxfolders: Junk createonpost: yes #sievedir: /var/lib/imap/sieve sieveusehomedir: true tls_ca_file: /etc/pki/tls/certs/mail.reppep.com.20100115.crt tls_cert_file: /etc/pki/tls/certs/mail.reppep.com.20100115.crt tls_key_file: /etc/pki/tls/private/mail.reppep.com.20080219.key tls_cipher_list: SSLv3:TLSv1:!NULL:!EXPORT:!DES:!LOW:@STRENGTH [r...@inspector ~]# ls -l /etc/pki/tls/certs/mail.reppep.com.20100115.crt /etc/pki/tls/private/mail.reppep.com.20080219.key -rw-r--r-- 1 root root 6466 Oct 1 17:13 /etc/pki/tls/certs/mail.reppep.com.20100115.crt -rw-r- 1 root mail 497 Feb 19 2008 /etc/pki/tls/private/mail.reppep.com.20080219.key [r...@inspector ~]# netstat -an|grep LIST|grep tcp|sort -n tcp0 0 0.0.0.0:110 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:139 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:143 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:20000.0.0.0:* LISTEN tcp0 0 0.0.0.0:25 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:33060.0.0.0:* LISTEN tcp0 0 0.0.0.0:445 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:587 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:993 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:995 0.0.0.0:* LISTEN tcp0 0 10.0.104.200:53 0.0.0.0:* LISTEN tcp0 0 :::110 :::* LISTEN tcp0 0 127.0.0.1:10024 0.0.0.0:* LISTEN tcp0 0 127.0.0.1:10025 0.0.0.0:* LISTEN tcp0 0 127.0.0.1:530.0.0.0:* LISTEN tcp0 0 127.0.0.1:953 0.0.0.0:* LISTEN tcp0 0 :::143 :::* LISTEN tcp0 0 ::1:953 :::* LISTEN tcp0 0 :::2000 :::* LISTEN tcp0 0 :::22 :::* LISTEN tcp0 0 :::4242 :::* LISTEN tcp0 0 :::443 :::* LISTEN tcp0 0 :::5222 :::* LISTEN tcp0 0 :::5223 :::* LISTEN tcp0 0 :::5229
Re: Odd problem: IMAP/S suddenly not working, but no errors, and IMAP still works
Bron, My Cyrus is from RPM, and I am just nursing it along until my users finish migrating off and FastMail manages to complete my own migration, so I don't want to build from source. Why would IMAP/S block on empty /dev/random, while IMAP+STARTTLS works? FWIW, SASL2 seems to use urandom. [r...@inspector random]# strings /usr/lib/libsasl* |grep random /dev/urandom /dev/urandom But my /dev/random does seem quite low. Still surfing and looking for a good way to fill it on a mostly headless server -- I haven't found a good solution yet. Chris [r...@inspector ~]# ls -l /dev/*random crw-rw-rw- 1 root root 1, 8 Oct 31 02:05 /dev/random cr--r--r-- 1 root root 1, 9 Oct 31 02:05 /dev/urandom [r...@inspector ~]# cd /proc/sys/kernel/random [r...@inspector random]# more *|cat :: boot_id :: d3724e19-7462-4224-960b-49d5d3a18d7a :: entropy_avail :: 17 :: poolsize :: 4096 :: read_wakeup_threshold :: 64 :: uuid :: a3ed2323-e04d-4034-a72a-76b5d4b697f7 :: write_wakeup_threshold :: 128 On 10/31/10 9:26 PM, Bron Gondwana wrote: Sounds like your /dev/random is empty. You can compile with /dev/urandom or add a source of entropy... Chris Pepperpep...@cbio.mskcc.org wrote: mail.reppep.com (CentOS 5) is running cyrus-imapd-2.3.7-7.el5_4.3, along with SquirrelMail, postfix, etc. Last night, I noticed that when I sent mail from Thunderbird, it was not able to file copies in the Sent mailbox, although they did reach the recipients, so postfix was accepting mail on 587/tcp. I restarted Cyrus IMAPd but don't see any error messages in /var/log/maillog, and the cert key look fine. SquirrelMail is fine using plain IMAP. I opened 143/tcp in the firewall, and am able to fetch mail via IMAP with STARTTLS, so it looks like the cert and key are fine. But telnet mail.reppep.com 993 and openssl fail to get any response. Port 993 is open to the Internet, FWIW. Does anyone have any suggestions for what went wrong and/or how to fix? I'll try tcpdump next to see if it's responding at all. Alternatively, is there a way to make sure Cyrus requires STARTTLS on 143? I was blocking external access to it to make sure users always use encryption to connect, but port 143 with STARTTLS required would be an acceptable alternative. Thanks, Chris Pepper pep...@imp:~$ !openssl openssl s_client -connect www.reppep.com:993 CONNECTED(0003) 4284:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/SourceCache/OpenSSL098/OpenSSL098-32/src/ssl/s23_lib.c:188: [r...@inspector ~]# cat /etc/imapd.conf admins: cyrus altnamespace: yes configdirectory: /var/lib/imap duplicatesuppression: yes hashimapspool: no partition-default: /var/spool/imap servername: mail.reppep.com singleinstancestore: yes #syslog_prefix: cyrus unixhierarchysep: yes lmtp_downcase_rcpt: yes maxmessagesize: 20971520 sendmail: /usr/sbin/sendmail #quotawarn: 80 #allowplaintext: yes #allowplainwithouttls: yes sasl_pwcheck_method: saslauthd #imap_auth_login: yes #imap_auth_cram_md5: yes #imap_auth_plain: yes autocreateinboxfolders: Junk autocreatequota: -1 #autocreate_sieve_script: /etc/junk.sieve autocreate_sieve_compiledscript: /etc/sieve.bc autosievefolders: Junk autosubscribeinboxfolders: Junk createonpost: yes #sievedir: /var/lib/imap/sieve sieveusehomedir: true tls_ca_file: /etc/pki/tls/certs/mail.reppep.com.20100115.crt tls_cert_file: /etc/pki/tls/certs/mail.reppep.com.20100115.crt tls_key_file: /etc/pki/tls/private/mail.reppep.com.20080219.key tls_cipher_list: SSLv3:TLSv1:!NULL:!EXPORT:!DES:!LOW:@STRENGTH [r...@inspector ~]# ls -l /etc/pki/tls/certs/mail.reppep.com.20100115.crt /etc/pki/tls/private/mail.reppep.com.20080219.key -rw-r--r-- 1 root root 6466 Oct 1 17:13 /etc/pki/tls/certs/mail.reppep.com.20100115.crt -rw-r- 1 root mail 497 Feb 19 2008 /etc/pki/tls/private/mail.reppep.com.20080219.key [r...@inspector ~]# netstat -an|grep LIST|grep tcp|sort -n tcp0 0 0.0.0.0:110 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:139 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:143 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:20000.0.0.0:* LISTEN tcp0 0 0.0.0.0:25 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:33060.0.0.0:* LISTEN tcp0 0 0.0.0.0:445 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:587 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:993
Re: IMAP not seeing old mail present on filesystem
On 10/4/10 9:17 AM, Simon Matter wrote: Simon, I did recover /var/lib/imap (although a bit later, FWIW) and I think a bit later is your problem. But I think reconstruct should fix this. BTW, did you check the subscription status of mailboxes? Maybe the folders are there but not subscribed, and that's why some users can't see them? Simon, No, users see the folders, just not old messages. For most (all?) INBOXes but my own, new messages started arriving as 1. and continued from there. Users can see the new mail, but not the old. This makes me think it's not an internal permissions problem, because they see the mailboxes and (some) mail in them. All file permissions I checked appear correct reconstruct -rfx doesn't help. Is there anything else to try? Thanks, Chris /etc/imapd.conf. I just now compared /etc/cyrus.conf and added squatter adjusted prefork numbers -- the rest all matched. Is there other configuration I should check? Both systems are 64-bit CentOS 5, so the db4 installations should be fully compatible. If both the old and the new system are basically the same I don't think there is anything missing. Simon Thanks, Chris On 10/4/10 8:36 AM, Simon Matter wrote: All, I have run a small mail service based on Cyrus IMAP for a few years. The (CentOS 5) server I've used for the past couple years failed last week. I brought up a new CentOS 5 system on a new Linux server, installed cyrus-imapd-2.3.7-7.el5_4.3, mounted the old /var disk (actually one of 2 mdadm submirrors), and copied /var/spool/imap over to the new /var FS. It's running CentOS' cyrus-imapd-2.3.7-7.el5_4.3 RPM. Did you also recover /var/lib/imap from the old server and make sure the configs are the same? Simon Unfortunately, for many users (all but me?), mail clients (at least Apple's Mail.app and SquirrelMail) don't show any messages from before the migration in INBOX. When I grope around in /var/spool/imap/user, I see the old message (with high numbers) and the new messages (starting a new sequence from 1). I know there are last-message counters in the cyrus.* files, so would resetting those have caused IMAP to start storing new messages from 1. and vanish the old ones? I don't know how those could have been cleared for at least 6 users simultaneously. Presumably it happened for all, and I just fixed it for myself somehow. More importantly, I don't know how to make the old messages accessible to my users via IMAP (I can give them the files, but that's quite awkward). chk_cyrus agrees with IMAP clients about message counts (very low). I have tried reconstruct with various combinations of -rfx, and quota -f, but not found any way to make it show the old messages. Any suggestions? Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: IMAP not seeing old mail present on filesystem
Simon, I did recover /var/lib/imap (although a bit later, FWIW) and /etc/imapd.conf. I just now compared /etc/cyrus.conf and added squatter adjusted prefork numbers -- the rest all matched. Is there other configuration I should check? Both systems are 64-bit CentOS 5, so the db4 installations should be fully compatible. Thanks, Chris On 10/4/10 8:36 AM, Simon Matter wrote: All, I have run a small mail service based on Cyrus IMAP for a few years. The (CentOS 5) server I've used for the past couple years failed last week. I brought up a new CentOS 5 system on a new Linux server, installed cyrus-imapd-2.3.7-7.el5_4.3, mounted the old /var disk (actually one of 2 mdadm submirrors), and copied /var/spool/imap over to the new /var FS. It's running CentOS' cyrus-imapd-2.3.7-7.el5_4.3 RPM. Did you also recover /var/lib/imap from the old server and make sure the configs are the same? Simon Unfortunately, for many users (all but me?), mail clients (at least Apple's Mail.app and SquirrelMail) don't show any messages from before the migration in INBOX. When I grope around in /var/spool/imap/user, I see the old message (with high numbers) and the new messages (starting a new sequence from 1). I know there are last-message counters in the cyrus.* files, so would resetting those have caused IMAP to start storing new messages from 1. and vanish the old ones? I don't know how those could have been cleared for at least 6 users simultaneously. Presumably it happened for all, and I just fixed it for myself somehow. More importantly, I don't know how to make the old messages accessible to my users via IMAP (I can give them the files, but that's quite awkward). chk_cyrus agrees with IMAP clients about message counts (very low). I have tried reconstruct with various combinations of -rfx, and quota -f, but not found any way to make it show the old messages. Any suggestions? Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: IMAP not seeing old mail present on filesystem
On 10/4/10 1:12 AM, Patrick Goetz wrote: On 10/3/2010 6:57 AM, Chris Pepper wrote: More importantly, I don't know how to make the old messages accessible to my users via IMAP (I can give them the files, but that's quite awkward). chk_cyrus agrees with IMAP clients about message counts (very low). I have tried reconstruct with various combinations of -rfx, and quota -f, but not found any way to make it show the old messages. Any suggestions? You probably need to run cyrreconstruct on each user mailbox. On my system it's /usr/lib/cyrus-imapd/reconstruct, and I have. No joy, alas. Chris Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: IMAP not seeing old mail present on filesystem
On 10/4/10 10:23 AM, Patrick Goetz wrote: On 10/04/2010 08:37 AM, Chris Pepper wrote: No, users see the folders, just not old messages. For most (all?) INBOXes but my own, new messages started arriving as 1. and continued from there. Users can see the new mail, but not the old. This makes me think it's not an internal permissions problem, because they see the mailboxes and (some) mail in them. All file permissions I checked appear correct reconstruct -rfx doesn't help. Is there anything else to try? I wasn't clear about whether the old install was completely gone or could still be booted. If you can still start cyrus on the old server, you could try imapsync to transfer mail to the new one. Old system is not bootable, unfortunately. FYI: I have 943 directories 298,409 mail files, so manually fixing things isn't feasible. Thanks for all the suggestions! Chris -- Chris Pepper:http://cbio.mskcc.org/ http://www.extrapepperoni.com/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: IMAP not seeing old mail present on filesystem
On 10/4/10 11:36 AM, Bron Gondwana wrote: On Mon, Oct 04, 2010 at 11:17:59AM -0400, Chris Pepper wrote: On 10/4/10 10:23 AM, Patrick Goetz wrote: I wasn't clear about whether the old install was completely gone or could still be booted. If you can still start cyrus on the old server, you could try imapsync to transfer mail to the new one. Old system is not bootable, unfortunately. FYI: I have 943 directories 298,409 mail files, so manually fixing things isn't feasible. ^^ Well, of course not. It there were 5 directories and 20 mail files I wouldn't consider doing it manually - I'd write a script to automate it and then sit back and drink coffee. Manually is how you do the first one to find out how it's done. And then the second one to make sure the process you settled on after stack of trial and error is repeatable. Maybe a third one if you screwed up number 2. After that, you automate the process you've decided on and let the rest happen automatically. It always amazes me to see admins repeating themselves manually over and over for a frequent task. I'd love to see the output of your reconstruct command (including syslog with the logging level turned up) to see why it's not finding the files. And maybe an 'ls -la' of one of the imap directories with this issue as well. I'm away on a team building exercise for the next couple of days Oslo time - but I can certainly look at it afterwards. I've been travelling (from Australia) which is why I haven't been looking in on this earlier... it's a strange set of symptoms. If you have a small folder that you don't mind sharing, a tar.gz of the entire folder contents (including the metadata files) would be fantastic, because then I could check the contents of the .index and .cache files as well - and maybe even try a reconstruct on a testbed here. But file permissions are the most interesting - I'm wondering if reconstruct is unable to read the directory correctly or unable to read the old files. Bron, Unfortunately I don't know how to write a script to do this. The old system was CentOS 5/x64, just like the new system. I believe it had the same cyrus-imapd db4 RPMs, as I had patched a few weeks ago, but I cannot confirm. I will send you a tarball of this directory directly. I will try reconstruct -rfx with debug logging enabled in syslog tonight. Thanks, Chris [r...@inspector ~]# ls -ltr /var/spool/imap/user/julia/ total 1756 -rw--- 1 cyrus mail 2931 May 20 12:56 158. -rw--- 1 cyrus mail 2052 Jun 21 08:33 159. -rw--- 1 cyrus mail 1536 Aug 11 17:15 162. -rw--- 1 cyrus mail 2221 Aug 13 08:15 163. -rw--- 1 cyrus mail 413395 Aug 14 18:40 164. -rw--- 1 cyrus mail 79756 Aug 21 13:57 165. -rw--- 1 cyrus mail 296759 Aug 22 15:18 166. -rw--- 1 cyrus mail 156064 Sep 4 09:43 167. -rw--- 1 cyrus mail 75003 Sep 4 10:06 168. -rw--- 1 cyrus mail 164035 Sep 6 09:51 169. -rw--- 1 cyrus mail 156853 Sep 7 12:24 170. -rw--- 1 cyrus mail 340068 Sep 16 17:44 171. drwx-- 2 cyrus mail 4096 Oct 1 21:31 Junk drwx-- 2 cyrus mail 4096 Oct 2 23:40 Drafts drwx-- 2 cyrus mail 4096 Oct 2 23:40 Sent drwx-- 2 cyrus mail 4096 Oct 2 23:40 Apple Mail To Do drwx-- 2 cyrus mail 4096 Oct 2 23:40 Deleted Messages -rw--- 1 cyrus mail 1148 Oct 2 23:44 1. drwx-- 2 cyrus mail 4096 Oct 3 00:09 Trash drwx-- 2 cyrus mail 4096 Oct 3 13:16 Sent Messages -rw--- 1 cyrus mail179 Oct 3 13:39 cyrus.header -rw--- 1 cyrus mail176 Oct 4 09:04 cyrus.index -rw--- 1 cyrus mail640 Oct 4 09:04 cyrus.cache -- Chris Pepper:http://cbio.mskcc.org/ http://www.extrapepperoni.com/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: IMAP not seeing old mail present on filesystem
Thanks, all, for the generous help. Bron asked about output from reconstruct, which never provided any. It turns out that I was using the wrong delimiters (., per chk_cyrus output, rather than /), and reconstruct wasn't even trying. It looks like all the missing mail is accessible again. Thanks again! Chris -- Chris Pepper:http://cbio.mskcc.org/ http://www.extrapepperoni.com/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
IMAP not seeing old mail present on filesystem
All, I have run a small mail service based on Cyrus IMAP for a few years. The (CentOS 5) server I've used for the past couple years failed last week. I brought up a new CentOS 5 system on a new Linux server, installed cyrus-imapd-2.3.7-7.el5_4.3, mounted the old /var disk (actually one of 2 mdadm submirrors), and copied /var/spool/imap over to the new /var FS. It's running CentOS' cyrus-imapd-2.3.7-7.el5_4.3 RPM. Unfortunately, for many users (all but me?), mail clients (at least Apple's Mail.app and SquirrelMail) don't show any messages from before the migration in INBOX. When I grope around in /var/spool/imap/user, I see the old message (with high numbers) and the new messages (starting a new sequence from 1). I know there are last-message counters in the cyrus.* files, so would resetting those have caused IMAP to start storing new messages from 1. and vanish the old ones? I don't know how those could have been cleared for at least 6 users simultaneously. Presumably it happened for all, and I just fixed it for myself somehow. More importantly, I don't know how to make the old messages accessible to my users via IMAP (I can give them the files, but that's quite awkward). chk_cyrus agrees with IMAP clients about message counts (very low). I have tried reconstruct with various combinations of -rfx, and quota -f, but not found any way to make it show the old messages. Any suggestions? Thanks, Chris Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Proxyd connecting to backend on 143, not 993
Matt, Thanks for the confirmation! I figured this out earlier this afternoon, and should've posted the solution. The answer was masked because I had specified LOGIN as a mechanism, and not PLAIN, so that when the backend_connect happened, I got a SIGSEV. Regards, Chris On Oct 1, 2010, at 9:31 PM, Matt Selsky wrote: On Thu, 30 Sep 2010, Chris Riggins wrote: I'm running Cyrus IMAP 2.3.16, trying to get a murder working, but the proxyd -s daemon on the frontend isn't connecting to my backend on the secure port. How does one make that happen? An strace on the proxyd process shows that it never even attempts the IMAPS connection. Your backends should be listening on port 143. proxyd is meant to listen on 143 and 993 and forward connections to the backends on 143. proxyd will use TLS to secure the connection. -- Matt Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Proxyd connecting to backend on 143, not 993
All: I'm running Cyrus IMAP 2.3.16, trying to get a murder working, but the proxyd -s daemon on the frontend isn't connecting to my backend on the secure port. How does one make that happen? An strace on the proxyd process shows that it never even attempts the IMAPS connection. Here's the frontend imapd.conf: configdirectory: /apps/imap/conf partition-default: /var/spool/imap admins: cyrus mupdate_admins: murder proxyservers: murder proxy_authname: murder proxy_password: ** woodward_password: ** woodward_mechs: LOGIN lmtpproxy_username: murder lmtpproxy_authname: murder lmtpproxy_password: ** mupdate_server: front.company.com mupdate_username: murder mupdate_authname: murder mupdate_password: ** sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: saslauthd sasl_mech_list: LOGIN tls_cipher_list: TLSv1:SSLv2:SSLv3:!NULL:!EXPORT:!DES:!LOW:@STRENGTH tls_cert_file: /apps/var/imap/front.pem tls_key_file: /apps/var/imap/front.pem tls_ca_file: /apps/var/imap/myca.crt and here's the backend imapd.conf: configdirectory: /apps/var/lib/imap partition-default: /apps/var/spool/imap admins: cyrus mupdate_admins: murder proxyservers: murder lmtp_admins: murder mupdate_server: backend.company.com mupdate_username: murder mupdate_authname: murder mupdate_password: ** sievedir: /apps/var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: saslauthd sasl_mech_list: LOGIN tls_cipher_list: TLSv1:SSLv3:SSLv2:!NULL:!EXPORT:!DES:!LOW:@STRENGTH tls_cert_file: /apps/var/imap/back.pem tls_key_file: /apps/var/imap/back.pem tls_ca_file: /apps/var/imap/myca.crt Regards, Chris Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Fwd: Docs for Cyrus/GFS?
Jens-- Thanks for your help! I've been able to get Cyrus IMAP running now with a shared backend, and my tests thus far indicate that it's working dandy. It looks like most of the important databases are already skiplists; the only ones that defaulted to BDB were the duplicate, tlscache, and ptscache databases. What, if anything, do I need to do special when converting my data over? I'll not be changing Cyrus versions; will it just work to move all of my current data, or will I need to convert databases/reconstruct/etc.? Thanks again! Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University On Mon, 8 Sep 2008, Jens Hoffrichter wrote: There I told him to write to the list, and I just clicked the wrong reply button myself ;) Sorry for that. -- Forwarded message -- From: Jens Hoffrichter [EMAIL PROTECTED] Date: 2008/9/8 Subject: Re: Docs for Cyrus/GFS? To: Chris St. Pierre [EMAIL PROTECTED] Hi Chris, 2008/9/8 Chris St. Pierre [EMAIL PROTECTED]: I'm looking for any good documentation on using Cyrus IMAP with shared storage (in our case, GFS). Thus far, all I've been able to turn up is a few snippets on mailing lists and in the wiki, but nothing really comprehensive. Any pointers? Thanks! There is no real documentation up to now, I think, but I'm in the process of implementing a quite big mail system on top of a GFS, so if you have any specific questions, just ask here on the list or me directly, though on the list would probably be better, to share the answers. Just some hints for things I stumbled upon up to now: I suppose you meta directory will be shared, so you need to separate out some directories between the single nodes, where each node can put its own files. Directories coming to my mind are proc and backup. There are probably some more, but I have no access to the machine right now to check it. For the separation there I used the named symlinks from GFS, which worked quite fine. The other thing is: Make ABSOLUTELY sure that you turn off anything related to bdb during compile (you probably need to compile your own cyrus anyway, we are using the incova sources here), as berkeley db just doesn't work on top of GFS. Or, at least not in a cyrus context. And it isn't sufficient to just use skiplist in the config file, you definitely need to switch off compiling bdb support. The reason for this is that even if you don't have any bdbs configured, cyrus will still initialize some sort of bdb environment in your meta directory, and if on another sort the same thing is happening during the same time, it will try to sleep on a mutex, waiting for the release of the mutex. Yet, the callback to wake up never comes when using GFS, so your process will hang indefinitely. That one took us at least 3 weeks to figure out ;) Besides from those little things, cyrus works on top of the GFS just fine, you probably need to tweak some tuning parameters, but I don't remember them right now, if you need them, I can look them up for you. The performance is nothing to brag about, though, cyrus and GFS just don't play that well together. But I got the performance I needed (around 15 logins per second with three nodes using a loadbalancer), which is sufficient for our needs. The added reliability is nice, though, as you can turn off one node, and the whole thing still works. I don't know if you have any experience using RedHat Cluster, but be absolutely sure to understand about fencing and quorum of the cluster before you start any configuration. Cluster software is by no means really easy to use, IMO, and everything you do needs some extra thinking if you are just used working with single nodes normally :) Just try your luck, and if you have any questions, just ask. Jens Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Docs for Cyrus/GFS?
I'm looking for any good documentation on using Cyrus IMAP with shared storage (in our case, GFS). Thus far, all I've been able to turn up is a few snippets on mailing lists and in the wiki, but nothing really comprehensive. Any pointers? Thanks! Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus Murder or IMAP proxy.
On Mon, 28 Jul 2008, UnlimitedMail.net - Carles Xavier Munyoz Baldó wrote: Then, for a production system, should I use an IMAP proxy solution instead of Cyrus Murder? Is there anyone using Cyrus Murder in a hevay loaded production e-mail system? May you recomend me an IMAP proxy? What I'm losing if I use an IMAP proxy instead of Cyrus Murder? Cyrus Murder gives you the ability to share folders across backends. In other words, if Alice has a mailbox on imap-1.example.com and Bob has a mailbox on imap-2.example.com, they _can_ share folders if you run Cyrus Murder, but they _can't_ if you use multiple backends with a proxy. Unless you have a serious need for mailbox sharing, Murder isn't worth it, IMHO. It takes a LOT of hardware to be really fault-tolerant, and has all of the other caveats you posted. Perdition is the IMAP proxy usually used for this application. Another possibility is running multiple IMAP servers connected to common storage -- i.e., a SAN. Then users can share mailboxes, since every user is on every server, but you don't introduce the complexity of Murder. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Return-Path in Sieve Scripts
On Fri, 16 May 2008, Nikolaus Rath wrote: Hello, I am delivering mail to cyrus from exim using lmtpd. Apparently lmtpd adds the Return-Path header only after the sieve scripts have been processed, because in the scripts I cannot match this header. This was fixed back in 2.2. See http://bugzilla.andrew.cmu.edu/show_bug.cgi?id=2202. What release are you running? -Chris Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Plaintext only for loopback?
Jorey Bump wrote: Chris Pepper wrote, at 01/13/2008 01:59 AM: I want to allow plaintext auth only for SquirrelMail (running on the Cyrus IMAPd server), and require encrypted authentication over all physical network connections. Why do you want plaintext auth only for SquirrelMail? It supports TLS, alternate ports, CRAM-MD5, and DIGEST-MD5. For example, My Squirrelmail is set up to use LOGIN/TLS on port 993 (settings inherited from a historical setup, I can also support the other options). Are you trying to avoid the overhead of TLS? Arrgh! SquirrelMail offers plain, cram-md5, and digest-md5, and only plain appears to work against /etc/shadow. I don't want the overhead of running TLS over loopback, so I think I will have to do without forcing secure auth for non-SSL IMAP/POP, and use the firewall to prevent Internet users from connecting over the Internet w/o SSL (so I don't have to worry about them unwisely using PLAIN or LOGIN over plaintext connection). Pity. It would be nice to have the option of doing IMAP on the IMAP port without worrying about unencrypted plaintext auth. Thanks, Chris PS-Bron, I don't want to deal with multiple instances, and I don't need too, since I can firewall IMAP (non-SSL) and only let SquirrelMail connect to port 143. I'm not looking forward to the SpamAssassin/ClamAV sandwich on the SMTP side. -- Chris Pepper:http://www.reppep.com/~pepper/ http://www.extrapepperoni.com/ The Rockefeller University: http://www.rockefeller.edu/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Plaintext only for loopback?
Hello, I want to allow plaintext auth only for SquirrelMail (running on the Cyrus IMAPd server), and require encrypted authentication over all physical network connections. I see several options governing plaintext auth in the documentation for imap.conf: allowplaintext: 1 Allow the use of cleartext passwords on the wire. plaintextloginpause: 0 Number of seconds to pause after a successful plaintext login. For systems that support strong authentication, this permits users to perceive a cost of using plaintext passwords. (This does not affect the use of PLAIN in SASL authentications.) plaintextloginalert: none Message to send to client after a successful plaintext login. In addition, my Invoca 2.3.7 RPM includes: allowplainwithouttls: 0 Allow plain login mechanism without an encrypted connection. So I'm left wondering: a) if there is a way to do this that I'm not getting (perhaps on the wire is more subtle than my simplistic reading), and b) if not, what's the best way to request/suggest this as an enhancement. Should I just open a bug in Bugzilla, or is there a better way? Thanks, Chris Pepper -- Chris Pepper:http://www.reppep.com/~pepper/ http://www.extrapepperoni.com/ The Rockefeller University: http://www.rockefeller.edu/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Migration: INBOX^Trash friends
I have 'www', a Mac OS X 10.4 Server system, running Apple's build of Cyrus, and want to move my mail over to 'pe', a CentOS 5.1 system running CentOS 5.1's cyrus-imapd-2.3.7-1.1.el5.rpm (derived from Simon Matter's Invoca RPM). I would very much like to rsync the mail over and (when ready) change the hostnames and have email clients not notice the difference. In particular, if Eudora decides the mailbox layout has changed, it will reysnc all mail and lose much of its status information, so I want to avoid this if possible. I'm getting hung up on a directory naming discrepancy I don't understand. Any guidance on where the discrepancy originates will be much appreciated. On the Mac, pepper's top-level directory structure looks like this (folders, not files): www:~ root# ls -d /var/spool/imap/user/pepper/*/ /var/spool/imap/user/pepper/Deleted Messages/ /var/spool/imap/user/pepper/Drafts/ /var/spool/imap/user/pepper/JUNK.20061225/ /var/spool/imap/user/pepper/Junk/ /var/spool/imap/user/pepper/Sent Messages/ /var/spool/imap/user/pepper/Sent/ /var/spool/imap/user/pepper/Trash/ /var/spool/imap/user/pepper/bulk/ /var/spool/imap/user/pepper/company-archive/ /var/spool/imap/user/pepper/company/ /var/spool/imap/user/pepper/debevoise/ /var/spool/imap/user/pepper/debevoise2/ /var/spool/imap/user/pepper/frb/ /var/spool/imap/user/pepper/goldman-sachs/ /var/spool/imap/user/pepper/hh2005/ /var/spool/imap/user/pepper/hh2006/ /var/spool/imap/user/pepper/hh2007/ /var/spool/imap/user/pepper/hts^20060328^txt/ /var/spool/imap/user/pepper/info-mac/ /var/spool/imap/user/pepper/keepers-archive/ /var/spool/imap/user/pepper/list-archive/ /var/spool/imap/user/pepper/list/ /var/spool/imap/user/pepper/macworld-expo/ /var/spool/imap/user/pepper/mail/ /var/spool/imap/user/pepper/misc/ /var/spool/imap/user/pepper/people-archive/ /var/spool/imap/user/pepper/people/ /var/spool/imap/user/pepper/pepper^development/ /var/spool/imap/user/pepper/reppep/ /var/spool/imap/user/pepper/reppep^com/ /var/spool/imap/user/pepper/ru-archive/ /var/spool/imap/user/pepper/ru/ /var/spool/imap/user/pepper/scratch/ /var/spool/imap/user/pepper/tidbits-archive/ /var/spool/imap/user/pepper/tidbits/ /var/spool/imap/user/pepper/writing/ On the Linux system, pepper's top-level directory structure looks like this: [EMAIL PROTECTED] imap]# ls -l /var/spool/imap/user/pepper/ total 40 -rw--- 1 cyrus mail4 Jan 5 17:37 cyrus.cache -rw--- 1 cyrus mail 154 Jan 5 17:36 cyrus.header -rw--- 1 cyrus mail 96 Jan 5 17:37 cyrus.index drwx-- 2 cyrus mail 4096 Jan 5 17:36 Drafts drwx-- 2 cyrus mail 4096 Jan 5 17:36 hh2007 drwx-- 2 cyrus mail 4096 Jan 5 17:36 INBOX^Drafts drwx-- 2 cyrus mail 4096 Jan 5 17:36 INBOX^Sent drwx-- 2 cyrus mail 4096 Jan 5 17:36 INBOX^Trash drwx-- 2 cyrus mail 4096 Jan 5 17:36 Sent drwx-- 2 cyrus mail 4096 Jan 5 17:36 Trash I have Cyrus set to auto-create Trash | Sent | Junk, and that's working, but I don't understand why they are prefixed by INBOX^. I tried renaming the folders to simply 'Drafts', 'Sent', and 'Trash' and reconstructing, and imapd re-created the INBOX^* files to match the contents of mailboxes.db. So what causes the discrepancy? I don't know if there's a configuration setting I missed, or a compilation option that Apple changed, but I have verified that both systems have altnamespace: yes and unixhierarchysep: yes. Thanks, Chris Pepper PS-I'm sorry if this is a FAQ. I've read all the docs I could find under http://cyrusimap.web.cmu.edu/imapd/, and Google doesn't ignores '^', so I'm having no luck at tracking this down. -- Chris Pepper:http://www.reppep.com/~pepper/ http://www.extrapepperoni.com/ The Rockefeller University: http://www.rockefeller.edu/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Migration: INBOX^Trash friends
I have 'www', a Mac OS X 10.4 Server system, running Apple's build of Cyrus, and want to move my mail over to 'pe', a CentOS 5.1 system running CentOS 5.1's cyrus-imapd-2.3.7-1.1.el5.rpm (derived from Simon Matter's Invoca RPM). I would very much like to rsync the mail over and (when ready) change the hostnames and have email clients not notice the difference. In particular, if Eudora decides the mailbox layout has changed, it will reysnc all mail and lose much of its status information, so I want to avoid this if possible. I'm getting hung up on a directory naming discrepancy I don't understand. Any guidance on where the discrepancy originates will be much appreciated. So what causes the discrepancy? I don't know if there's a configuration setting I missed, or a compilation option that Apple changed, but I have verified that both systems have altnamespace: yes and unixhierarchysep: yes. For the record, it wasn't Cyrus IMAPd at all. SquirrelMail (which I was using to check Cyrus functionality) was recreating the undesired folders whenever I accessed the account. I tweaked the defaults (including manually overriding the default Cyrus delimiter) and now all looks right. Sorry for the noise. Chris Pepper -- Chris Pepper:http://www.reppep.com/~pepper/ http://www.extrapepperoni.com/ The Rockefeller University: http://www.rockefeller.edu/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Plugging into the imap system
On Sat, 22 Dec 2007, Dale Ghent wrote: On Dec 21, 2007, at 12:03 PM, Mike Eggleston wrote: There is some system (on freshmeat?) that has a special folder in IMAP for storing calendar events. The program uses the IMAP defined protocol though. FWIW, Exchange also exposes all calendar entries (with .ics files), journals, to-dos, and anything else in their own folders. I find it handy since exchange is what I'm stuck with at my new place of employment :( and I sync to iCal on my mac by dragging the ics files out of the exchange Calendar folder and into iCal. Any calendaring system worth its salt should be CalDAV underneath. Then the world would be all shiny and pretty and stuff, or at last more so. I was planning on trying to find some time to look at the code and read some RFCs before I brought this up, but has anybody thought about hooking a native CalDAV interface into Cyrus? Admittedly, I haven't put any real thought into it so far, other than that it would be incredibly useful. I'm thinking a native CalDAV interface for remote clients (calendard), message processing via LMTP to inject ics attachments through a calendar extension to SIEVE, calendar data exported via CalDAV or via imap through an alternate mailbox (calendar/username being the default calendar / INBOX equivalent, calendar/username/calendarname for alternate calendars). -Chris Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: syslog-ng
On Saturday 20 October 2007, Anders Norrbring wrote: So, I went to the SUSE sources and looked it up.. Seems like they compile with --with-syslogfacility=DAEMON.. I have no idea what that makes Cyrus do, I tried Google to find some answers, but came up empty handed. You can filter on the DAEMON facility (instead of 'local6' as in my case). If there are other apps that use the DAEMON facility then you'll have to break it down further, using program names etc. Look at the log entries you now have and determine what you can filter by, ie: program names of: 'lmtpunix', 'ctl_cyrusdb', and 'master', if others use those as well you may need a second level filter with a match statement. -- Chris Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: syslog-ng
On Friday 19 October 2007, Anders Norrbring wrote:
Hi, I need help setting up Cyrus and syslog-ng to have all the Cyrus
logs in their own files.
It seems like I just cannot get it right, no matter how I try.
So, I'd be grateful for setup info on syslog-ng to accomplish this.
My distro sets up cyrus to use the local6 facility for logging. I use the
following lines in my syslog-ng.conf (in their proper sections):
===
destination d_local6 { file(/var/log/mail/imapd.log); };
filter f_local6 { facility(local6); };
log { source(src); filter(f_local6); destination(d_local6); flags(final); };
===
Works just fine. I put all of my mail logs in a separate directory
(/var/log/mail/).
Note - you may have to touch the destination file to create it.
--
Chris
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: syslog-ng
On Friday 19 October 2007, Chris Smith wrote:
On Friday 19 October 2007, Anders Norrbring wrote:
Hi, I need help setting up Cyrus and syslog-ng to have all the Cyrus
logs in their own files.
It seems like I just cannot get it right, no matter how I try.
So, I'd be grateful for setup info on syslog-ng to accomplish this.
My distro sets up cyrus to use the local6 facility for logging. I use the
following lines in my syslog-ng.conf (in their proper sections):
===
destination d_local6 { file(/var/log/mail/imapd.log); };
filter f_local6 { facility(local6); };
log { source(src); filter(f_local6); destination(d_local6); flags(final);
}; ===
Works just fine. I put all of my mail logs in a separate directory
(/var/log/mail/).
Note - you may have to touch the destination file to create it.
Just adding that, as Baltasar stated, some programs may use the same facility
and if this is the case you can probably filter on program name (or match, or
program name and match, etc.). Some that I filter this way are:
=
filter f_cupsd { program(cupsd); };
filter f_dhcpd { program(dhcpd); };
filter f_slapd { program(slapd); };
filter f_rsync { program(rsync); };
=
Normally if the facility is unique I use it for the filter.
--
Chris
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
createmailbox: Invalid mailbox name
So I've hit a wall in attempting to move our mailboxes onto a new server. I've built/installed Simon's RPMs for 2.3.8 on x86_64. After tarring up my old mail spool (2.2.12 on x86) and dumping the mailboxes file to a flat format and copying to the new machine, I am unable to reconstruct any mailboxes. It merely exits silently. I can create mailboxes in the default domain (cm user/test), but if I attempt to create virtual domain users e.g. cm user/[EMAIL PROTECTED] I get createmailbox: Invalid mailbox name What am I doing wrong? Thanks, Chris # imapd.conf entries configdirectory: /var/lib/imap defaultpartition: default partition-default: /var/spool/imap fulldirhash: 0 hashimapspool: 1 duplicate_db: skiplist mboxlist_db: skiplist admins: [EMAIL PROTECTED] sasl_pwcheck_method: auxprop virtdomains: userid defaultdomain: mail #(this is not the machine's name) unixhierarchysep: on tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt allownanonymouslogin: no allowplaintext: yes allowusermoves: yes loginrealms: mail domain1.tld domain2.tld Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve, Postfix and exec() sendmail
# chmod 755 /var/spool/imap/stage./ did resolve the issue. On 9/27/07, Alain Spineux [EMAIL PROTECTED] wrote: On 9/28/07, Chris U [EMAIL PROTECTED] wrote: Hi Alain, I am running RHEL5; I used prebuilt rpms from RedHat. I did not change anything recently. Postfix is not running in chroot. [EMAIL PROTECTED] ~]# ls -ld /var/spool/imap/stage./ drwx-- 2 cyrus mail 4096 Sep 27 10:04 /var/spool/imap/stage./ [EMAIL PROTECTED] ~]# could you try a # chmod 755 /var/spool/imap/stage./ Chris On 9/27/07, Alain Spineux [EMAIL PROTECTED] wrote: Did you change something recently ? Is postfix running chrooted ? what about # ls -ld /var/spool/imap/stage./ ? Regards Alain On 9/27/07, Chris U [EMAIL PROTECTED] wrote: Hi, I've done some searching on the list about issues with Sieve performing rejects, redirects, and vacations using the binary sendmail. Below are some links from cyrus mailing lists. Link: http://tinyurl.com/2mkp5n Link: http://tinyurl.com/2rylzs Link: http://tinyurl.com/2k2stg Any help would be greatly appreciated! Scenario: User1 has a sieve script that keeps a copy of the received message and forwards mail to User2. Problem: FATAL: couldn't exec() sendmail Outcome: User2 mail not delivered. 100% CPU usage. Any further received mail is stalled in postfix queue and not delivered to mailbox. Imapd.conf configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt lmtp_downcase_rcpt: yes sieve_maxscriptsize: 32 [EMAIL PROTECTED] ls -al sendmail -rwxr-xr-x 1 root root 201784 Sep 1 2006 /usr/sbin/sendmail Logs Sep 27 09:52:22 kane postfix/smtpd[8597]: connect from unknown[10.100.10.160] Sep 27 09:52:31 kane postfix/smtpd[8597]: 147C030E81BB: client=unknown[10.100.10.160] Sep 27 09:52:35 kane postfix/smtpd[8597]: C8DB930E81BB: client=unknown[10.100.10.160] Sep 27 09:52:35 kane postfix/cleanup[8600]: C8DB930E81BB: message-id=[EMAIL PROTECTED] Sep 27 09:52:35 kane postfix/qmgr[6988]: C8DB930E81BB: from=[EMAIL PROTECTED], size=346, nrcpt=1 (queue active) Sep 27 09:52:35 kane lmtpunix[8603]: accepted connection Sep 27 09:52:35 kane lmtpunix[8603]: lmtp connection preauth'd as postman Sep 27 09:52:35 kane master[8629]: about to exec /usr/lib/cyrus-imapd/lmtpd Sep 27 09:52:35 kane lmtpunix[8629]: executed Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: [EMAIL PROTECTED] user.user1 0 Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: [EMAIL PROTECTED] user.user1 0 Sep 27 09:52:35 kane lmtpunix[8603]: mystore: starting txn 2147483663 Sep 27 09:52:35 kane lmtpunix[8603]: mystore: committing txn 2147483663 Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_mark: [EMAIL PROTECTED] user.user1 1190922755 0 Sep 27 09:52:35 kane lmtpunix[8603]: Delivered: [EMAIL PROTECTED] to mailbox: user.user1 Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: [EMAIL PROTECTED][EMAIL PROTECTED] .user1.sieve. 0 Sep 27 09:52:35 kane lmtpunix[8630]: FATAL: couldn't exec() sendmail Sep 27 09:52:35 kane lmtpunix[8603]: sieve runtime error for user1 id [EMAIL PROTECTED]: Redirect: Sendmail process terminated normally, exit status 75 Sep 27 09:52:35 kane lmtpunix[8603]: DBERROR db4: Locker does not exist Sep 27 09:52:35 kane lmtpunix[8603]: DBERROR: error fetching [EMAIL PROTECTED]: Invalid argument Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: error looking up [EMAIL PROTECTED]/user.user1: cyrusdb error Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: [EMAIL PROTECTED] user.user1 0 Sep 27 09:52:35 kane lmtpunix[8603]: IOERROR: opening /var/spool/imap/stage./8603-1190922755-0: No such file or directory Sep 27 09:52:35 kane postfix/lmtp[8602]: C8DB930E81BB: to=[EMAIL PROTECTED], relay=tipg.net[/var/lib/imap/socket/lmtp], delay=0.07, delays=0.05/0/0.01/0.01, dsn=4.3.0, status=deferred (host tipg.net[/var/lib/imap/socket/lmtp] said: 421 4.3.0 lmtpd: couldn't exec() sendmail (in reply to end of DATA command)) Sep 27 09:52:35 kane lmtpunix[8603]: IOERROR: error unlinking file /var/spool/imap/stage./8603-1190922755-0: No such file or directory Sep 27 09:52:36 kane postfix/smtpd[8597]: disconnect from unknown[10.100.10.160] Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info
Re: Sieve, Postfix and exec() sendmail
Based on what I've been reading around, I'm not sure why I'd be throwing an exit code of 75. http://www.unix.org.ua/orelly/networking/sendmail/ch36_05.htm Output [EMAIL PROTECTED] ~]# rpm -Vf $(readlink -f /usr/sbin/sendmail) S.5T c /etc/postfix/main.cf [EMAIL PROTECTED] ~]# rpm -V cyrus-imapd S.5T c /etc/cyrus.conf S.5T c /etc/imapd.conf [EMAIL PROTECTED] ~]# On 9/27/07, Simon Matter [EMAIL PROTECTED] wrote: Hi Alain, I am running RHEL5; I used prebuilt rpms from RedHat. I did not change anything recently. Postfix is not running in chroot. [EMAIL PROTECTED] ~]# ls -ld /var/spool/imap/stage./ drwx-- 2 cyrus mail 4096 Sep 27 10:04 /var/spool/imap/stage./ [EMAIL PROTECTED] ~]# Chris On 9/27/07, Alain Spineux [EMAIL PROTECTED] wrote: Did you change something recently ? Is postfix running chrooted ? what about # ls -ld /var/spool/imap/stage./ ? Regards Alain On 9/27/07, Chris U [EMAIL PROTECTED] wrote: Hi, I've done some searching on the list about issues with Sieve performing rejects, redirects, and vacations using the binary sendmail. Below are some links from cyrus mailing lists. Link: http://tinyurl.com/2mkp5n Link: http://tinyurl.com/2rylzs Link: http://tinyurl.com/2k2stg Any help would be greatly appreciated! Scenario: User1 has a sieve script that keeps a copy of the received message and forwards mail to User2. Problem: FATAL: couldn't exec() sendmail Your sendmail call has terminated with exit code 75, try to find out what 75 means. Can you show us the output of the following commands: rpm -Vf $(readlink -f /usr/sbin/sendmail) rpm -V cyrus-imapd Simon Outcome: User2 mail not delivered. 100% CPU usage. Any further received mail is stalled in postfix queue and not delivered to mailbox. Imapd.conf configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt lmtp_downcase_rcpt: yes sieve_maxscriptsize: 32 [EMAIL PROTECTED] ls -al sendmail -rwxr-xr-x 1 root root 201784 Sep 1 2006 /usr/sbin/sendmail Logs Sep 27 09:52:22 kane postfix/smtpd[8597]: connect from unknown[10.100.10.160] Sep 27 09:52:31 kane postfix/smtpd[8597]: 147C030E81BB: client=unknown[10.100.10.160] Sep 27 09:52:35 kane postfix/smtpd[8597]: C8DB930E81BB: client=unknown[10.100.10.160] Sep 27 09:52:35 kane postfix/cleanup[8600]: C8DB930E81BB: message-id=[EMAIL PROTECTED] Sep 27 09:52:35 kane postfix/qmgr[6988]: C8DB930E81BB: from=[EMAIL PROTECTED], size=346, nrcpt=1 (queue active) Sep 27 09:52:35 kane lmtpunix[8603]: accepted connection Sep 27 09:52:35 kane lmtpunix[8603]: lmtp connection preauth'd as postman Sep 27 09:52:35 kane master[8629]: about to exec /usr/lib/cyrus-imapd/lmtpd Sep 27 09:52:35 kane lmtpunix[8629]: executed Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: [EMAIL PROTECTED] user.user1 0 Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: [EMAIL PROTECTED] user.user1 0 Sep 27 09:52:35 kane lmtpunix[8603]: mystore: starting txn 2147483663 Sep 27 09:52:35 kane lmtpunix[8603]: mystore: committing txn 2147483663 Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_mark: [EMAIL PROTECTED] user.user1 1190922755 0 Sep 27 09:52:35 kane lmtpunix[8603]: Delivered: [EMAIL PROTECTED] to mailbox: user.user1 Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: [EMAIL PROTECTED][EMAIL PROTECTED] .user1.sieve. 0 Sep 27 09:52:35 kane lmtpunix[8630]: FATAL: couldn't exec() sendmail Sep 27 09:52:35 kane lmtpunix[8603]: sieve runtime error for user1 id [EMAIL PROTECTED]: Redirect: Sendmail process terminated normally, exit status 75 Sep 27 09:52:35 kane lmtpunix[8603]: DBERROR db4: Locker does not exist Sep 27 09:52:35 kane lmtpunix[8603]: DBERROR: error fetching [EMAIL PROTECTED]: Invalid argument Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: error looking up [EMAIL PROTECTED]/user.user1: cyrusdb error Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: [EMAIL PROTECTED] user.user1 0 Sep 27 09:52:35 kane lmtpunix[8603]: IOERROR: opening /var/spool/imap/stage./8603-1190922755-0: No such file or directory Sep 27 09:52:35 kane postfix/lmtp[8602]: C8DB930E81BB: to=[EMAIL PROTECTED], relay=tipg.net[/var/lib/imap/socket/lmtp], delay=0.07, delays=0.05/0/0.01/0.01, dsn=4.3.0, status=deferred (host tipg.net[/var/lib/imap/socket/lmtp] said: 421 4.3.0 lmtpd: couldn't exec() sendmail (in reply to end of DATA command)) Sep 27 09:52:35 kane lmtpunix[8603
Re: Sieve, Postfix and exec() sendmail
Oppps. Meant to say it did NOT resolve the issue. On 9/28/07, Chris U [EMAIL PROTECTED] wrote: # chmod 755 /var/spool/imap/stage./ did resolve the issue. On 9/27/07, Alain Spineux [EMAIL PROTECTED] wrote: On 9/28/07, Chris U [EMAIL PROTECTED] wrote: Hi Alain, I am running RHEL5; I used prebuilt rpms from RedHat. I did not change anything recently. Postfix is not running in chroot. [EMAIL PROTECTED] ~]# ls -ld /var/spool/imap/stage./ drwx-- 2 cyrus mail 4096 Sep 27 10:04 /var/spool/imap/stage./ [EMAIL PROTECTED] ~]# could you try a # chmod 755 /var/spool/imap/stage./ Chris On 9/27/07, Alain Spineux [EMAIL PROTECTED] wrote: Did you change something recently ? Is postfix running chrooted ? what about # ls -ld /var/spool/imap/stage./ ? Regards Alain On 9/27/07, Chris U [EMAIL PROTECTED] wrote: Hi, I've done some searching on the list about issues with Sieve performing rejects, redirects, and vacations using the binary sendmail. Below are some links from cyrus mailing lists. Link: http://tinyurl.com/2mkp5n Link: http://tinyurl.com/2rylzs Link: http://tinyurl.com/2k2stg Any help would be greatly appreciated! Scenario: User1 has a sieve script that keeps a copy of the received message and forwards mail to User2. Problem: FATAL: couldn't exec() sendmail Outcome: User2 mail not delivered. 100% CPU usage. Any further received mail is stalled in postfix queue and not delivered to mailbox. Imapd.conf configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt lmtp_downcase_rcpt: yes sieve_maxscriptsize: 32 [EMAIL PROTECTED] ls -al sendmail -rwxr-xr-x 1 root root 201784 Sep 1 2006 /usr/sbin/sendmail Logs Sep 27 09:52:22 kane postfix/smtpd[8597]: connect from unknown[10.100.10.160] Sep 27 09:52:31 kane postfix/smtpd[8597]: 147C030E81BB: client=unknown[10.100.10.160] Sep 27 09:52:35 kane postfix/smtpd[8597]: C8DB930E81BB: client=unknown[10.100.10.160] Sep 27 09:52:35 kane postfix/cleanup[8600]: C8DB930E81BB: message-id=[EMAIL PROTECTED] Sep 27 09:52:35 kane postfix/qmgr[6988]: C8DB930E81BB: from=[EMAIL PROTECTED], size=346, nrcpt=1 (queue active) Sep 27 09:52:35 kane lmtpunix[8603]: accepted connection Sep 27 09:52:35 kane lmtpunix[8603]: lmtp connection preauth'd as postman Sep 27 09:52:35 kane master[8629]: about to exec /usr/lib/cyrus-imapd/lmtpd Sep 27 09:52:35 kane lmtpunix[8629]: executed Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: [EMAIL PROTECTED] user.user1 0 Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: [EMAIL PROTECTED] user.user1 0 Sep 27 09:52:35 kane lmtpunix[8603]: mystore: starting txn 2147483663 Sep 27 09:52:35 kane lmtpunix[8603]: mystore: committing txn 2147483663 Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_mark: [EMAIL PROTECTED] user.user1 1190922755 0 Sep 27 09:52:35 kane lmtpunix[8603]: Delivered: [EMAIL PROTECTED] to mailbox: user.user1 Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: [EMAIL PROTECTED][EMAIL PROTECTED] .user1.sieve. 0 Sep 27 09:52:35 kane lmtpunix[8630]: FATAL: couldn't exec() sendmail Sep 27 09:52:35 kane lmtpunix[8603]: sieve runtime error for user1 id [EMAIL PROTECTED]: Redirect: Sendmail process terminated normally, exit status 75 Sep 27 09:52:35 kane lmtpunix[8603]: DBERROR db4: Locker does not exist Sep 27 09:52:35 kane lmtpunix[8603]: DBERROR: error fetching [EMAIL PROTECTED]: Invalid argument Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: error looking up [EMAIL PROTECTED]/user.user1: cyrusdb error Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: [EMAIL PROTECTED] user.user1 0 Sep 27 09:52:35 kane lmtpunix[8603]: IOERROR: opening /var/spool/imap/stage./8603-1190922755-0: No such file or directory Sep 27 09:52:35 kane postfix/lmtp[8602]: C8DB930E81BB: to=[EMAIL PROTECTED], relay=tipg.net[/var/lib/imap/socket/lmtp], delay=0.07, delays=0.05/0/0.01/0.01, dsn=4.3.0, status=deferred (host tipg.net[/var/lib/imap/socket/lmtp] said: 421 4.3.0 lmtpd: couldn't exec() sendmail (in reply to end of DATA command)) Sep 27 09:52:35 kane lmtpunix[8603]: IOERROR: error unlinking file /var/spool/imap/stage./8603-1190922755-0: No such file
Re: upgrading to a different achitecture
Thanks for the info. The man page for cyr_dbtool doesn't indicate this is possible (which is not to say it isn't possible, just undocumented). cvt_cyrusdb appears to be more of a candidate. Is this what I should be using, or could you give an example of how to use cyr_dbtool? Many thanks, Chris Bron Gondwana wrote: On Wed, Sep 26, 2007 at 11:46:08AM -0500, Chris Harms wrote: Hello, We will be migrating our cyrus server from x86 to x86_64 for an interim period and then likely returning to x86 after some time. We will be upgrading from 2.2.x to 2.3.x as well, and I am wondering if there is a way to preserve the per mailbox databases, specifically the seen state? I have run through a test of this process once without luck retaining the information. Is there a way to do this moving to x86_64 and then likewise moving back to x86? You can always dump and restore the seen state using cyr_dbtool, though that's a fair bit of work! Amazing how much isn't hard work once you have a tested script to do it for you though :)[0] There are also a couple of fields (e.g. QUOTA information, MODSEQ) in the cyrus.index file which if you've got values higher than 2^32 in them will change value when you switch back to 32 bit. Bron. [0] and it looks like you've actually tested that your process will work before committing to it, which puts you ahead of 90% of the IT shops out there! Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Sieve, Postfix and exec() sendmail
Hi, I've done some searching on the list about issues with Sieve performing rejects, redirects, and vacations using the binary sendmail. Below are some links from cyrus mailing lists. Link: http://tinyurl.com/2mkp5n Link: http://tinyurl.com/2rylzs Link: http://tinyurl.com/2k2stg Any help would be greatly appreciated! Scenario: User1 has a sieve script that keeps a copy of the received message and forwards mail to User2. Problem: FATAL: couldn't exec() sendmail Outcome: User2 mail not delivered. 100% CPU usage. Any further received mail is stalled in postfix queue and not delivered to mailbox. Imapd.conf configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt lmtp_downcase_rcpt: yes sieve_maxscriptsize: 32 [EMAIL PROTECTED] ls -al sendmail -rwxr-xr-x 1 root root 201784 Sep 1 2006 /usr/sbin/sendmail Logs Sep 27 09:52:22 kane postfix/smtpd[8597]: connect from unknown[10.100.10.160] Sep 27 09:52:31 kane postfix/smtpd[8597]: 147C030E81BB: client=unknown[10.100.10.160] Sep 27 09:52:35 kane postfix/smtpd[8597]: C8DB930E81BB: client=unknown[10.100.10.160] Sep 27 09:52:35 kane postfix/cleanup[8600]: C8DB930E81BB: message-id=[EMAIL PROTECTED] Sep 27 09:52:35 kane postfix/qmgr[6988]: C8DB930E81BB: from=[EMAIL PROTECTED], size=346, nrcpt=1 (queue active) Sep 27 09:52:35 kane lmtpunix[8603]: accepted connection Sep 27 09:52:35 kane lmtpunix[8603]: lmtp connection preauth'd as postman Sep 27 09:52:35 kane master[8629]: about to exec /usr/lib/cyrus-imapd/lmtpd Sep 27 09:52:35 kane lmtpunix[8629]: executed Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: [EMAIL PROTECTED] user.user1 0 Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: [EMAIL PROTECTED] user.user1 0 Sep 27 09:52:35 kane lmtpunix[8603]: mystore: starting txn 2147483663 Sep 27 09:52:35 kane lmtpunix[8603]: mystore: committing txn 2147483663 Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_mark: [EMAIL PROTECTED] user.user1 1190922755 0 Sep 27 09:52:35 kane lmtpunix[8603]: Delivered: [EMAIL PROTECTED] to mailbox: user.user1 Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: [EMAIL PROTECTED][EMAIL PROTECTED] .user1.sieve. 0 Sep 27 09:52:35 kane lmtpunix[8630]: FATAL: couldn't exec() sendmail Sep 27 09:52:35 kane lmtpunix[8603]: sieve runtime error for user1 id [EMAIL PROTECTED]: Redirect: Sendmail process terminated normally, exit status 75 Sep 27 09:52:35 kane lmtpunix[8603]: DBERROR db4: Locker does not exist Sep 27 09:52:35 kane lmtpunix[8603]: DBERROR: error fetching [EMAIL PROTECTED]: Invalid argument Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: error looking up [EMAIL PROTECTED]/user.user1: cyrusdb error Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: [EMAIL PROTECTED] user.user1 0 Sep 27 09:52:35 kane lmtpunix[8603]: IOERROR: opening /var/spool/imap/stage./8603-1190922755-0: No such file or directory Sep 27 09:52:35 kane postfix/lmtp[8602]: C8DB930E81BB: to=[EMAIL PROTECTED], relay=tipg.net[/var/lib/imap/socket/lmtp], delay=0.07, delays=0.05/0/0.01/0.01, dsn=4.3.0, status=deferred (host tipg.net[/var/lib/imap/socket/lmtp] said: 421 4.3.0 lmtpd: couldn't exec() sendmail (in reply to end of DATA command)) Sep 27 09:52:35 kane lmtpunix[8603]: IOERROR: error unlinking file /var/spool/imap/stage./8603-1190922755-0: No such file or directory Sep 27 09:52:36 kane postfix/smtpd[8597]: disconnect from unknown[10.100.10.160] Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve, Postfix and exec() sendmail
Hi Alain, I am running RHEL5; I used prebuilt rpms from RedHat. I did not change anything recently. Postfix is not running in chroot. [EMAIL PROTECTED] ~]# ls -ld /var/spool/imap/stage./ drwx-- 2 cyrus mail 4096 Sep 27 10:04 /var/spool/imap/stage./ [EMAIL PROTECTED] ~]# Chris On 9/27/07, Alain Spineux [EMAIL PROTECTED] wrote: Did you change something recently ? Is postfix running chrooted ? what about # ls -ld /var/spool/imap/stage./ ? Regards Alain On 9/27/07, Chris U [EMAIL PROTECTED] wrote: Hi, I've done some searching on the list about issues with Sieve performing rejects, redirects, and vacations using the binary sendmail. Below are some links from cyrus mailing lists. Link: http://tinyurl.com/2mkp5n Link: http://tinyurl.com/2rylzs Link: http://tinyurl.com/2k2stg Any help would be greatly appreciated! Scenario: User1 has a sieve script that keeps a copy of the received message and forwards mail to User2. Problem: FATAL: couldn't exec() sendmail Outcome: User2 mail not delivered. 100% CPU usage. Any further received mail is stalled in postfix queue and not delivered to mailbox. Imapd.conf configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt lmtp_downcase_rcpt: yes sieve_maxscriptsize: 32 [EMAIL PROTECTED] ls -al sendmail -rwxr-xr-x 1 root root 201784 Sep 1 2006 /usr/sbin/sendmail Logs Sep 27 09:52:22 kane postfix/smtpd[8597]: connect from unknown[10.100.10.160] Sep 27 09:52:31 kane postfix/smtpd[8597]: 147C030E81BB: client=unknown[10.100.10.160] Sep 27 09:52:35 kane postfix/smtpd[8597]: C8DB930E81BB: client=unknown[10.100.10.160] Sep 27 09:52:35 kane postfix/cleanup[8600]: C8DB930E81BB: message-id=[EMAIL PROTECTED] Sep 27 09:52:35 kane postfix/qmgr[6988]: C8DB930E81BB: from=[EMAIL PROTECTED], size=346, nrcpt=1 (queue active) Sep 27 09:52:35 kane lmtpunix[8603]: accepted connection Sep 27 09:52:35 kane lmtpunix[8603]: lmtp connection preauth'd as postman Sep 27 09:52:35 kane master[8629]: about to exec /usr/lib/cyrus-imapd/lmtpd Sep 27 09:52:35 kane lmtpunix[8629]: executed Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: [EMAIL PROTECTED] user.user1 0 Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: [EMAIL PROTECTED] user.user1 0 Sep 27 09:52:35 kane lmtpunix[8603]: mystore: starting txn 2147483663 Sep 27 09:52:35 kane lmtpunix[8603]: mystore: committing txn 2147483663 Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_mark: [EMAIL PROTECTED] user.user1 1190922755 0 Sep 27 09:52:35 kane lmtpunix[8603]: Delivered: [EMAIL PROTECTED] to mailbox: user.user1 Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: [EMAIL PROTECTED][EMAIL PROTECTED] .user1.sieve. 0 Sep 27 09:52:35 kane lmtpunix[8630]: FATAL: couldn't exec() sendmail Sep 27 09:52:35 kane lmtpunix[8603]: sieve runtime error for user1 id [EMAIL PROTECTED]: Redirect: Sendmail process terminated normally, exit status 75 Sep 27 09:52:35 kane lmtpunix[8603]: DBERROR db4: Locker does not exist Sep 27 09:52:35 kane lmtpunix[8603]: DBERROR: error fetching [EMAIL PROTECTED]: Invalid argument Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: error looking up [EMAIL PROTECTED]/user.user1: cyrusdb error Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: [EMAIL PROTECTED] user.user1 0 Sep 27 09:52:35 kane lmtpunix[8603]: IOERROR: opening /var/spool/imap/stage./8603-1190922755-0: No such file or directory Sep 27 09:52:35 kane postfix/lmtp[8602]: C8DB930E81BB: to=[EMAIL PROTECTED], relay=tipg.net[/var/lib/imap/socket/lmtp], delay=0.07, delays=0.05/0/0.01/0.01, dsn=4.3.0, status=deferred (host tipg.net[/var/lib/imap/socket/lmtp] said: 421 4.3.0 lmtpd: couldn't exec() sendmail (in reply to end of DATA command)) Sep 27 09:52:35 kane lmtpunix[8603]: IOERROR: error unlinking file /var/spool/imap/stage./8603-1190922755-0: No such file or directory Sep 27 09:52:36 kane postfix/smtpd[8597]: disconnect from unknown[10.100.10.160] Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -- Alain Spineux aspineux gmail com May the sources be with you Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: SQUAT config
brian wrote:
Chris Mattingly wrote:
brian wrote:
Thanks, this is becoming clearer. But how do i configure squatter? Am i
looking in the wrong place?
brian
Place the options in your cyrus.conf for squatter and you should be all
set. For example:
EVENTS
{
other stuff
squatter cmd=squatter -s period=180
}
Yes, i see, that's to invoke it. But i'm also reading that the config
must be in imapd.conf yet i've seen no example for the syntax to do so
(nor what is required (or even suggested)).
I'm also wondering how to have squatter run against all IMAP mailboxes.
Do i need to specify them all when i invoke it? Or can i get away with
feeding it /var/spool/imap with the -r switch and hoping it will
figure it out?
brian
I don't believe there are any squatter specific options that go into
imapd.conf. I suspect that the reference you're seeing to squatter
reading imapd.conf (or other config referenced by -C) is simply for
squatter to see where the imap spool is (i.e. partition-default), and
possibly some other environment-specific parameters it needs to know.
The only options squatter takes are those specified in its man page, and
those would go in cyrus.conf.
Unless you specify with via mboxcfg to not index a mailbox, or you
specify a single mailbox on the command line, sieve will index all
mailboxes by default.
My exact cyrus.conf entry is:
squatter cmd=squatter period=180
And all mailboxes on my (rather small) system are indexed every 3 hours.
-Chris
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: SQUAT config
brian wrote:
Thanks, this is becoming clearer. But how do i configure squatter? Am i
looking in the wrong place?
brian
Place the options in your cyrus.conf for squatter and you should be all
set. For example:
EVENTS
{
other stuff
squatter cmd=squatter -s period=180
}
-Chris
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Global mailbox
On Monday 30 July 2007, Lorenzo Milesi wrote: I've configured a few users for login, and other mailboxes accessed as Other Users. The problem are those boxes: I need to have GLOBAL flags (i.e. if I read a message in those shared mailboxes everyone else must see the message as read). That's all! Just use a separate account for that mailbox. Each user will have a minimum of 2 imap accounts - their user account, and the global user account (all users use the same name and password for this one). Whenever an operation occurs on the global account everyone sees it the same way. -- Chris Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: LTMPD rejecting large messages, maxmessagesize is _not_ set
On Fri, 13 Jul 2007, David Carter wrote: On Tue, 10 Jul 2007, Chris St. Pierre wrote: LMTPD is rejecting large messages; I've been unable to figure out the exact threshold, but I am seeing messages like this in my Postfix logs: Jun 28 20:23:12 vostok postfix/qmgr[9323]: 22F5373D6F6: from=[EMAIL PROTECTED], size=16243464, nrcpt=1 (queue active) Jun 28 20:23:22 vostok postfix/lmtp[13405]: warning: non-LMTP response from imap.nebrwesleyan.edu[10.1.1.31]: sendmail: fatal: [EMAIL PROTECTED](76): Message file too big I don't think that Cyrus generated that error messages. Try strings on the lmtpd binary. Errors from Cyrus should be all variants on: ec IMAP_MESSAGE_TOO_LARGE, Message size exceeds fixed limit Is sendmail/postfix using a staging partition which has run out space? -- David Carter Email: [EMAIL PROTECTED] University Computing Service,Phone: (01223) 334502 New Museums Site, Pembroke Street, Fax: (01223) 334679 Cambridge UK. CB2 3QH. Right you are. It's Postfix's 'sendmail' binary that appears to be generating the error, although I'm still perplexed that it claims to be in response to a non-LMTP response from lmtpd. Well, off to ask on the Postfix list. Thanks. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University LOPSA Sysadmin Days: Professional Training for Professional SysAdmins August 6-7, Cherry Hill, NJ http://lopsa.org/SysadminDays Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: LTMPD rejecting large messages, maxmessagesize is _not_ set
On Fri, 13 Jul 2007, Chris St. Pierre wrote: On Fri, 13 Jul 2007, David Carter wrote: On Tue, 10 Jul 2007, Chris St. Pierre wrote: LMTPD is rejecting large messages; I've been unable to figure out the exact threshold, but I am seeing messages like this in my Postfix logs: Jun 28 20:23:12 vostok postfix/qmgr[9323]: 22F5373D6F6: from=[EMAIL PROTECTED], size=16243464, nrcpt=1 (queue active) Jun 28 20:23:22 vostok postfix/lmtp[13405]: warning: non-LMTP response from imap.nebrwesleyan.edu[10.1.1.31]: sendmail: fatal: [EMAIL PROTECTED](76): Message file too big I don't think that Cyrus generated that error messages. Try strings on the lmtpd binary. Errors from Cyrus should be all variants on: ec IMAP_MESSAGE_TOO_LARGE, Message size exceeds fixed limit Is sendmail/postfix using a staging partition which has run out space? Right you are. It's Postfix's 'sendmail' binary that appears to be generating the error, although I'm still perplexed that it claims to be in response to a non-LMTP response from lmtpd. Some investigation confirmed my initial suspicions: that Cyrus lmtpd is returning to Postfix's lmtp delivery daemon the message: sendmail: fatal: [EMAIL PROTECTED](76): Message file too big Since that doesn't start with [2-5]\d\d, it's not a valid LMTP response, and Postfix is doing the right thing by complaining. Why would Cyrus return that? Obviously something is wrong with the delivery, but under what circumstances would a) lmtpd invoke the sendmail binary? b) sendmail fail thusly? c) lmtpd pass the failure message, unadorned, back to the sender? The latter in particular seems like broken behavior; shouldn't lmtpd return something like '5xx sendmail: fatal: ...'? There's plenty of free space everywhere, and message size limits are either set high or not at all. Any ideas? Thanks! Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University LOPSA Sysadmin Days: Professional Training for Professional SysAdmins August 6-7, Cherry Hill, NJ http://lopsa.org/SysadminDays Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: LTMPD rejecting large messages, maxmessagesize is _not_ set
On Fri, 13 Jul 2007, Sebastian Hagedorn wrote: Why would Cyrus return that? Obviously something is wrong with the delivery, but under what circumstances would a) lmtpd invoke the sendmail binary? That would happen if the user in question has a sieve redirect rule. Yep, I just figured that out. The user is forwarding their mail off, and the service to which they are forwarding is rejecting the message. Thanks! c) lmtpd pass the failure message, unadorned, back to the sender? The latter in particular seems like broken behavior; shouldn't lmtpd return something like '5xx sendmail: fatal: ...'? Sure, but that's a known bug :-) At least I seem to remember that it came up some time ago. Yeesh. If I was a C programmer, I'd fix that. That seems decidely less robust than one would expect. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University LOPSA Sysadmin Days: Professional Training for Professional SysAdmins August 6-7, Cherry Hill, NJ http://lopsa.org/SysadminDays Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: LTMPD rejecting large messages, maxmessagesize is _not_ set
On Wed, 11 Jul 2007, Roberto R. Morelli wrote: Look at the postfix config (main.cf). The value to look at is message_size_limit. Had the same problem long time ago. Mine is set to message_size_limit = 51200 Which is email size of 512MB (folks here use email like ftp .) Thanks for the suggestion, but when Postfix rejects a message because it's too big, Postfix generates the bounce; it doesn't wait to deliver it via LMTP and then complain that LMTP gave a bad return value (which is nonsensical, if Postfix is rejecting the message). Re-read the error message; note that Postfix is merely reporting the error it got from LMTPD. For the message in question, here's the Postfix queue manager receiving it: Jun 25 13:58:47 vostok postfix/qmgr[9323]: 58A6373D6F6: from=[EMAIL PROTECTED], size=16243093, nrcpt=1 (queue active) From main.cf: message_size_limit = 2048 16243093 2048 I can also see the message being processed by the cleanup daemon, which is the daemon that would be bouncing the messages if they were too large. This remains a problem with LMTPD. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University LOPSA Sysadmin Days: Professional Training for Professional SysAdmins August 6-7, Cherry Hill, NJ http://lopsa.org/SysadminDays --On Tuesday, July 10, 2007 08:17:43 AM -0500 Chris St. Pierre [EMAIL PROTECTED] wrote: LMTPD is rejecting large messages; I've been unable to figure out the exact threshold, but I am seeing messages like this in my Postfix logs: Jun 28 20:23:12 vostok postfix/qmgr[9323]: 22F5373D6F6: from=[EMAIL PROTECTED], size=16243464, nrcpt=1 (queue active) Jun 28 20:23:22 vostok postfix/lmtp[13405]: warning: non-LMTP response from imap.nebrwesleyan.edu[10.1.1.31]: sendmail: fatal: [EMAIL PROTECTED](76): Message file too big I have no maxmessagesize directive in my imapd.conf (which I've included below for reference). My reading of the man page indicates that, with no maxmessagesize set, no messages should be rejected due to size. Any ideas? Thanks! imapd.conf # configdirectory: /var/lib/imap partition-default: /var/spool/cyrus/imap sievedir: /var/spool/cyrus/sieve sendmail: /usr/sbin/sendmail admins: cyradm hashimapspool: true sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN tls_cert_file: /usr/share/ssl/certs/server.crt tls_key_file: /usr/share/ssl/certs/server.key tls_ca_file: /usr/share/ssl/certs/ca-bundle.crt ldap_uri: ldap://ldap.nebrwesleyan.edu ldap_member_base: ou=people,o=nebrwesleyan.edu,o=isp ldap_referrals: 1 createonpost: 1 autocreateinboxfolders: Junk Mail|Trash autosubscribeinboxfolders: Junk Mail|Trash autocreatequota: 102400 autocreate_sieve_script: /etc/default_filter.sieve autocreate_sieve_compiledscript: /etc/default_filter.bc anysievefolder: yes foolstupidclients: 1 lmtp_downcase_rcpt: 1 unix_group_enable: 0 lmtp_over_quota_perm_failure: yes # Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University LOPSA Sysadmin Days: Professional Training for Professional SysAdmins August 6-7, Cherry Hill, NJ http://lopsa.org/SysadminDays Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
LTMPD rejecting large messages, maxmessagesize is _not_ set
LMTPD is rejecting large messages; I've been unable to figure out the exact threshold, but I am seeing messages like this in my Postfix logs: Jun 28 20:23:12 vostok postfix/qmgr[9323]: 22F5373D6F6: from=[EMAIL PROTECTED], size=16243464, nrcpt=1 (queue active) Jun 28 20:23:22 vostok postfix/lmtp[13405]: warning: non-LMTP response from imap.nebrwesleyan.edu[10.1.1.31]: sendmail: fatal: [EMAIL PROTECTED](76): Message file too big I have no maxmessagesize directive in my imapd.conf (which I've included below for reference). My reading of the man page indicates that, with no maxmessagesize set, no messages should be rejected due to size. Any ideas? Thanks! imapd.conf # configdirectory: /var/lib/imap partition-default: /var/spool/cyrus/imap sievedir: /var/spool/cyrus/sieve sendmail: /usr/sbin/sendmail admins: cyradm hashimapspool: true sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN tls_cert_file: /usr/share/ssl/certs/server.crt tls_key_file: /usr/share/ssl/certs/server.key tls_ca_file: /usr/share/ssl/certs/ca-bundle.crt ldap_uri: ldap://ldap.nebrwesleyan.edu ldap_member_base: ou=people,o=nebrwesleyan.edu,o=isp ldap_referrals: 1 createonpost: 1 autocreateinboxfolders: Junk Mail|Trash autosubscribeinboxfolders: Junk Mail|Trash autocreatequota: 102400 autocreate_sieve_script: /etc/default_filter.sieve autocreate_sieve_compiledscript: /etc/default_filter.bc anysievefolder: yes foolstupidclients: 1 lmtp_downcase_rcpt: 1 unix_group_enable: 0 lmtp_over_quota_perm_failure: yes # Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University LOPSA Sysadmin Days: Professional Training for Professional SysAdmins August 6-7, Cherry Hill, NJ http://lopsa.org/SysadminDays Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Starting imapd 2.3.8 with db 4.5 (patched)
Hello, I am building a new server. Nothing big, just for my self and some family members. I have used Cyrus for the last four years now I am installing 2.3.8 on an LFS version dated 2007-05-05. LFS comes with DB 4.5.20. However IMAPd uses old calls to DB which are fixed by a patch posted in the thread Cyrus-IMAPD 2.3.8 an BerekelyDB 4.5.20 starting March 22, 2007. I used this patch which solve the compile problem. But... The first boot of IMAPd gives a lot of DBERROR messages in the log file. I have create the folders imap, mail, sieve, spool and srvtab in the folder /srv/cyrus all owned by cyrus and the group mail. The imapd.conf points to the right folders, I used to change the folders on other configurations as well so I know this should work. This is an ls -l of the folder: [EMAIL PROTECTED]:/srv/cyrus$ ls -l totaal 20 drwxr-x--- 6 cyrus mail 4096 jun 10 13:42 imap drwxr-x--- 2 cyrus mail 4096 jun 10 12:33 mail drwxr-x--- 2 cyrus mail 4096 jun 10 12:33 sieve drwxr-x--- 2 cyrus mail 4096 jun 10 12:33 spool drwxr-x--- 2 cyrus mail 4096 jun 10 12:33 srvtab On starting the following messages where written to the log: Jun 10 11:26:30 jcw-dualserv-dev master[4347]: about to exec /usr/bin/imapd Jun 10 11:26:30 jcw-dualserv-dev imaps[4347]: DBERROR db4: /srv/cyrus/imap/db/__db.001: No such file or directory Jun 10 11:26:30 jcw-dualserv-dev imaps[4347]: DBERROR: dbenv-open '/srv/cyrus/imap/db' failed: No such file or directory Jun 10 11:26:30 jcw-dualserv-dev imaps[4347]: DBERROR: init() on berkeley Jun 10 11:26:30 jcw-dualserv-dev imaps[4347]: DBERROR: reading /srv/cyrus/imap/db/skipstamp, assuming the worst: No such file or directory Jun 10 11:26:30 jcw-dualserv-dev imaps[4347]: executed Jun 10 11:26:30 jcw-dualserv-dev pop3s[4348]: skiplist: recovered /srv/cyrus/imap/mailboxes.db (0 records, 144 bytes) in 0 second The folder /srv/cyrus/imap exists, but is seems imaps fails to create the db folder for whatever reason. After creating it manually imaps could start properly. Is this a bug related to the use of DB 4.5? Regards, Chris Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
I give up... How do I unsubscribe?
I've followed the directions at http://asg.web.cmu.edu/cyrus/mailing-list.html and even tried a few other things that haven't worked. Thanks, - Chris Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: vacation programs
On Tue, 20 Mar 2007, Gene Rackow wrote: I know the subject of vacation programs have come up a few times in the past. I'm curious what people may be using to provide a reasonable auto-response. The problem that I have seen popping up is the spammers are sending mail directly to the users address. The From line is forged. The spam is staying under the radar on the various anti-spam measures in place so it gets delivered to the user as a real message. The vacation program then responds to this junk mail. In a few cases the person at the other end of the forged address reports the vacation message as spam to some RBL site. The RBL site gives the option to respond that this is, or isn't real, and wants us to take action. If we don't respond to them, they add our site to the blacklist. So far it's been managable, but I do see that things are going to need to change before long. My current vacation program is based on the Unix vacation rules. Only respond to mail that you are listed on the To: or cc: lines. No response to mailing lists, precedence: bulk or junk, some black-listed addresses, etc. We use Sieve to do vacation responses after spam filtering. With the amount of sender spoofing going on these days, responding (or forwarding, for that matter) before filtering will cause problems for you. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University Never send mail to [EMAIL PROTECTED] Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Spam filtering / Sieve on bulletinboards
On Tue, 27 Feb 2007, Janne Peltonen wrote: So apparently you can sieve mail coming to a bulletin board? How? I just assumed the OP had figured _that_ part out. :) Presumably, though, if the BB system checks for mail to it via POP or IMAP, you could set sieve filters for its account. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University Never send mail to [EMAIL PROTECTED] Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Spam filtering / Sieve on bulletinboards
On Mon, 26 Feb 2007, Andre Plante wrote:
I have recently setup some bulletin boards, which are designed to
receive mail from our external clients alerting us of issues.
What I am now trying to do, but can't find any references on how to do
this, is setup sieve filtering of the messages so that the messages that
are likely spam (as judged by spamassassin) as automatically moved into
a seperate folder.
We use something like this:
# Probably Spam
if header :comparator i;ascii-casemap :matches Subject [SPAM:*
{
fileinto INBOX.Junk Mail;
stop;
}
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
Never send mail to [EMAIL PROTECTED]
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Real Time Cyrus user lookups [was: help with backscatter]
I am very close to having Real Time Cyrus working and performing user lookups to halt our backscatter problem. However, it appears to be skipping aliases, etc and trying to validate every email address as is, instead of resolving aliases to the underlying mailboxes. To complicate matters, all of the Sendmail maps are done in a database. Since aliases work fine without using mrs_cyrus_mailertable, I'm guess that is my issue. Any pointers are appreciated. I have configured based on the RTCyrus docs for our domains as follows: # configuration info # Sendmail.mc: FEATURE(`mrs')dnl FEATURE(`mrs_cyrus')dnl MAILER(`cyrusv2d')dnl Required release B if you use mrs_cyrus_mailertable mailertable: # directly specify errot message for non existing cyrus mailboxes each.domain mrs_cyrus_mailertable:error:5.1.1:550 User unknown acess (if you want to accept message to the domains from anywhere): to:1st.domain RELAY to:2nd.domain RELAY to:3rd.domain RELAY Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
help with backscatter
Hello, We are having some trouble with our servers sending out backscatter spam. I realize this is really a Sendmail issue, but if any list readers have some insights on the best way to make Sendmail stop sending bounces to outside domains, it would be greatly appreciated. Thanks in advance, Chris Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: help with backscatter
Thank you for the links, this looks to be very helpful. To those who have kindly told me to go to the Sendmail groups, I suspect Cyrus plays a part in our problem. I'm now fairly certain that our access db is misconfigured, with the reason stemming from using To:domain.tld RELAY as a workaround for Sendmail not delivering to Cyrus many moons ago. I don't think we should need to do this, but I distinctly recall it NOT working if we didn't have it in there. I suppose the 'duct tape' is coming unglued now. I'm currently working on putting together a development machine to try out 2.3.7 and removal of the aforementioned lines in access db. Any pointers on whether my hunch about the access file is correct or not are welcome. Matthew Seaman wrote: Chris Harms wrote: We are having some trouble with our servers sending out backscatter spam. I realize this is really a Sendmail issue, but if any list readers have some insights on the best way to make Sendmail stop sending bounces to outside domains, it would be greatly appreciated. The general approach is that you need to decide if a message is spam or not *during* the SMTP dialog. In that case, you can return a 5xx error code to the sending server directly. If you decide the message is spam after you've accepted it your only alternatives are to return a bounce-o-gram is to the sender address which as you've found is almost invariably forged, or to drop the message in the bit-bucket, which is counter to the letter of the SMTP standards and does nothing to indicate to the spammers that they should give up and go and do something more worthwhile. Sendmail's milter interface allows you to filter messages through AV and anti-spam filters -- FEATURE(`delay_checks') in your sendmail.mc file is often useful in that case. See http://www.sendmail.org/m4/anti_spam.html Some milters I use: spamass-milter: http://savannah.nongnu.org/projects/spamass-milt/ milter-greylist: http://hcpnet.free.fr/milter-greylist/ clamav-milter: http://www.clamav.net/ FEATURE(greet_pause) in sendmail.mc is also good at weeding out botnet style mailers. There's an excellent write up (of a pretty severe spam-filtering setup) which does a good job of exploring all the various issues at: http://www.acme.com/mail_filtering/ Cheers, Matthew Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: problems on folders containing @
On Fri, 10 Nov 2006, Marten Lehmann wrote: why does this give an error? x create [EMAIL PROTECTED] x NO Invalid mailbox name Escape the @ sign: create [EMAIL PROTECTED] Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: performance on large inboxes
On Thursday 09 November 2006 02:02, Paul Dekkers wrote: So maybe you're indeed facing the quality of your IMAP client That can be a lot of it. I run a cyrus mail store on my local network and as much as I like Kmail it is painfully slow opening folders with a lot of messages (I have one with ~70,000) - even if there are no changes in the mailbox and I just left it and went back to it, for some reason whatever it is doing takes a long time (on a fast system with fast I/O and lots of memory) and there is little to no load being placed on the server during this time (according to top), while Thunderbird opens said folder instantly. I really hope Kmail will catch up as an imap client sooner rather than later. Chris Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Login attack on cyrus imap
Take Ben's advice. Use fail2ban, FUT, or any of the other programs out there that are designed for this. If the attacker is using a single IP address, fail2ban (properly configured) should block them in under a second. There's probably a way to prevent Cyrus from taking too many connections, but that still allows a DoS attack -- if the attacker is using up all of your available connections, no real customer can get on. It also uses up a bunch of system resources, unnecessarily. Don't limit the attacker -- ban them. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University On Thu, 2 Nov 2006, Jim John wrote: I found out that it was a single IP from the log files. That person (or bot) logs into the POP3 server and tries to authenticate itself. The problem is that it logs in as a different user each time and does ALOT of these logins per second, causing LDAP to overload with connections. Is there any way to limit the number of connections in the cyrus server using some config parameter? Thanks. __ Check out the New Yahoo! Mail - Fire up a more powerful email and get things done faster. (http://advision.webevents.yahoo.com/mailbeta) Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Sort by date wierdness
I have a user whose inbox has a few messages that are sorted incorrectly. We first noticed this using IMP (part of Horde), which uses IMAP to do its sorting. The user's inbox lists the following messages, in this order: 2446 09:54:04 AM ... 224 02/21/2002 ... 339 12/31/1903 ... 2445 06:32:26 AM ... Cyrus reports the same dates: * 2446 FETCH (INTERNALDATE 24-Aug-2006 09:55:30 -0500) * 224 FETCH (INTERNALDATE 20-Aug-2006 09:32:03 -0500) * 339 FETCH (INTERNALDATE 20-Aug-2006 09:32:04 -0500) * 2445 FETCH (INTERNALDATE 24-Aug-2006 06:32:34 -0500) As you can see, messages 2445 and 2446 are sorted correctly, but the others both have INTERNALDATEs of several days ago, when we migrated to Cyrus -- they don't have INTERNALDATEs between 6:32 am and 9:55 am today. I turned on telemetry logs for the user and checked her email. IMP issues the following command: UID SORT (REVERSE DATE) US-ASCII ALL The response starts: * SORT 2727 2726 2725 2728 2724 2723 2720 224 339 2698 2697 As you can see, the user has received some mail between the time I did my initial debugging, and messages #224 and #339 have actually moved *up* the list. This morning, they continued to move up the list and are now nearly the newest messages in the inbox when sorted by reverse date. My Cyrus IMAP version is the latest offered with RHEL 4: % rpm -qi cyrus-imapd Name: cyrus-imapd Relocations: (not relocatable) Version : 2.2.12Vendor: Red Hat, Inc. Release : 3.RHEL4.1 Build Date: Sat 23 Apr 2005 03:45:01 PM CDT Any ideas what might be causing this? Thanks! Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Command-line reconstruct different from cyradm reconstruct?
I have a number of users with quotas that are set correctly, but Cyrus is confused about the amount of data they have. For instance: imap lq user.jpublic STORAGE 0/307200 (0%) If I run: # su - cyrus -c /usr/lib64/cyrus-imapd/reconstruct -rf user.jpublic nothing changes, and all remains as it was: imap lq user.jpublic STORAGE 0/307200 (0%) But if I run reconstruct from cyradm, it works fine: imap reconstruct user.jpublic imap lq user.jpublic STORAGE 23140/307200 (7.5325520833%) Two questions: 1. Why would this be? 2. I need to reconstruct several thousand mailboxes thusly. How can I script this? Cyrus::IMAP::Admin doesn't appear to have a reconstruct method, and piping a text file into cyradm doesn't work because of the password prompt. Other ideas? I'm using the RHEL4 package of Cyrus IMAP v2.2.12. Thanks! Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
sendmail or cyrus question... not sure
Hi all, Please send me over to a sendmail list if this question would be better suited over there, but I'm hoping to get some help here. :) I'm using sendmail 8.13.1 cyrus 2.2.12. In my sendmail config, I have set cyrusv2 as my LOCAL_MAILER. What's happening is that mail for any recipient is being accepted by the MTA, failing the lmtp delivery as a non-existent user, then bouncing back to me (postmaster). What's the cleanest way around this problem? Obviously, the solution I'd like is for invalid recipients to get blocked at the RCPT TO command. Thanks! -Chris Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Performance and cheap storage
Our mail store is on a LeftHand SAN, which we bought this summer. The speed is pretty good, even on just a GigE network, and it's certainly a helluva lot cheaper than FC stuff. Downsides include the lack of an integrated fencing device for failover (most FC switches are fencing devices), and the general lack of clue in LeftHand's frontline support. Upsides include all of the cash that's still in our pocketses. Luckily, I don't think that a kernel-level implementation of iSCSI will be a big drawback, since Cyrus IMAP (and IMAP servers in general) aren't processor-bound. We'll run into I/O problems long before we run out of oomph to drive iSCSI and Cyrus IMAP. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University On Sat, 29 Jul 2006, Greg A. Woods wrote: At Wed, 26 Jul 2006 16:20:57 -0500, Greg Harris wrote: On 7/26/06 3:33 PM, Greg A. Woods [EMAIL PROTECTED] wrote: Using a SCSI host interface isn't going to be nearly so flexible as using a Fibre Channel one, especially in the longer run (e.g. if you ever want to add more storage, more storage controllers, share them amongst multiple hosts, add backup devices and also share them between hosts, etc., etc., etc.). If your really looking for flexibility, check out Left Hand Networks solution. Their claim is that they can beat FC stuff. Not having the need for speed at this point, I can't testify personally for how fast, but the solution looks like an awesome concept with lots of real world app. Left Hand Networks just sell an open iSCSI based SAN implementation. While iSCSI might be a more flexible solution at some time in the future, it's still relatively bleeding edge, especially in terms of wide-spread adoption and wide-spread installed base and existing industry experience. I think Fibre Channel will still give one far more options for the immediate future, including lots of options for low-end and used gear too. Right now I think beating FC in the performance department depends on buiding dedicated 10-GigE networks and using rather high-end processors as iSCSI is typically still implemented deep in the OS, not yet in smart controllers that simply make it look like a more traditional storage device thus off-loading all the protocol handling to a dedicated control processor. In other words the very things that supposedly make iSCSI more flexible are also the same things which can easily hobble its performance if one doesn't design one's infrastructure very carefully. -- Greg A. Woods H:+1 416 218-0098 W:+1 416 489-5852 x122 VE3TCP RoboHack [EMAIL PROTECTED] Planix, Inc. [EMAIL PROTECTED] Secrets of the Weird [EMAIL PROTECTED] Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: High availability email server...
Michael-- One of the major problems you'd run into is /var/lib/imap, the config directory. It contains, among other things, a Berkeley DB of information about the mail store. GFS, Lustre, and other cluster filesystems do file-level locking; in order to properly read and write to the BDB backend, you'd need DB-level locking, which is not possible from a filesystem. If you tried putting /var/lib/imap on shared storage, you'd have data corruption and loss in no time. IMAP is also a stateful connection; depending on how you set up your cluster, some clients might not handle it gracefully (e.g., Pine). Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University On Sat, 29 Jul 2006, Michael Menge wrote: Hi, Quoting Pascal Gienger [EMAIL PROTECTED]: I would NEVER suggest to mount the cyrus mail spool via NFS, locking is important and for these crucial things I like to have a real block device with a real filesystem, so SANs are ok to me. does someone use lustre as cyrus mail spoll? Would it be possible to run cryus on 2 ore more systems with a shared spool for loadbalancing and HA with lustre? Michael Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: High availability email server...
Chad-- We've put /var/lib/imap and /var/spool/imap on a SAN and have two machines -- one active, and one hot backup. If the active server fails, the other mounts the storage and takes over. This is not yet in production, but it's a pretty simple setup and can be done without running any bleeding edge software, and it appears that it will work fine. There's no need to use a SAN, either -- you could share your mail storage out via NFS with the same effect. We're going production with this in mid-August; if you'd like to know how everything goes, drop me a note in a month or so. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University On Thu, 27 Jul 2006, Chad A. Prey wrote: OK...I'm searching for strategies to have a realtime email backup in the event of backend failure. We've been running cyrus-imap for about a year and a half with incredible success. Our failures have all been due to using junky storage. One idea is to have a continuous rsync of the cyrus /var/spool/imap and /var/lib/imap to another server I've also considered delivering email to two discreet email backends and keeping the /var/lib/imap file sync'd . I don't think I can use murder to do this. Is anyone out there using RHEL in a cluster that would like to share their architecture? Any contractors out there that want to get paid to help us implement? Chad P. [EMAIL PROTECTED] Salk Institute for Biological Studies -- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus::SIEVE::managesieve documentation?
Ditto here. I tried emailing the guy listed in the Cyrus::SIEVE::managesieve man page, but the address no longer appears to be active. As of now, my options appear to be: 1. Learn Ruby, and write the first (and probably last) Ruby script at my site; or 2. Guess with Perl. Neither is a great alternative. :) Are there any other scripts out there that use Cyrus::SIEVE::managesieve? I'm fine with learning by example -- I just need more than one example. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University On Tue, 18 Jul 2006, Andrés Tarallo wrote: Im more a PERL person, what can be done for me? Thanks Andres Hi Chris On Mon, 2006-07-17 at 11:13 -0500, Chris St. Pierre wrote: Does anyone know of any documentation for Cyrus::SIEVE::managesieve? The man page is decidedly sparse. Reading through the source of sieveshell gives some idea, but not enough to start writing my own code. Thanks! If you're into ruby too you can try my ManageSieve library at http://managesieve.rubyforge.org/ Docs at http://managesieve.rubyforge.org/managesieve/classes/ManageSieve.html and feedback welcome :) You might also consider getting the cvs version, it has some enhancements to the sievectl util. Best regards, Andre Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html A/P Andres Tarallo WDB Consultores Montevideo - Uruguay Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus::SIEVE::managesieve documentation?
Does anyone know of any documentation for Cyrus::SIEVE::managesieve? The man page is decidedly sparse. Reading through the source of sieveshell gives some idea, but not enough to start writing my own code. Thanks! Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus Active Directory
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have googled, read everything in /usr/share/doc/ and even tried beating my head against the desk. I am completely unable to get Cyrus SASL and IMAP to use Active Directory to authenticate. I have tried to use kerberos, LDAP, libpam-ldap, and black magic. Does anyone have a working recipe for getting Cyrus to authenticate via Active Directory? I would greatly appreciate any assistance you can offer. Thanks in advance, Chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) iD8DBQFErnHb98ixrK2vMtARAhPbAKCOc4QzQHLPDWyNCaluRllxuGL+fgCfYmoB niXk6buNkseg9sYc/LN9vYg= =/xD/ -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: migrating from dovecot to cyrus
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marten Lehmann wrote: What would be an recommended way to move maildirs (one file per message) to the cyrus storage for several thousand maildirs? There was a recent thread about migration on this list; I believe the consensus was to use a tool called 'imapsync'. I've used it to move a lot of messages around before, it worked really well. - -- Chris Hilts [EMAIL PROTECTED] Say it with flowers -- Send them a triffid! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (MingW32) iD8DBQFEoA7E98ixrK2vMtARAhL/AJoCszThwhwRv7KwdtOAF59BQeg+6wCfX6X/ kzJNlhlUzKKB/NUBctcpacY= =uUsG -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Canon User Plugin Skeleton - Help Needed
Scott Russell wrote: Pedro Algarvio wrote: I need some help on getting at least a skeleton for a cannon user plugin, and info on how to compile it please. You plan to shoot users who go over quota with a cannon? I'm interested! How about a winamp plugin to then play the 1812 Overture? Chris Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Implementing IMAP advice for first timer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sebastian Hagedorn wrote: Don't bother with Courier, it's not a real IMAP server. It isn't? Since when? - -- Chris Hilts [EMAIL PROTECTED] Say it with flowers -- Send them a triffid! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (MingW32) iD8DBQFEdFPC98ixrK2vMtARAqk4AJ0Z4KP0Tf3ful8ZDNAy5V3JP7PY7gCfff0x DEwpJy2L+vYrNOJmWTB2o2A= =A83f -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
cyrus+sendmail+lmtpunix connection refused by localhost
Hello, We have recently started to experience an inconsistent problem after restarting cyrus and sendmail after a nightly backup script runs. All services seem to start properly, but mail delivery is deferred with sendmail logging dsn=4.4.1, stat=Deferred: Connection refused by localhost It appears to be something in lmtp, but we aren't sure what exactly. We are using the socket for lmtpunix delivery. The magic bullet seemed to be stopping all services and removing /var/run/cyrus-master.pid and some old lmtp lock files, but then this may have been coincidental. I found a few similar reports on Google, but no definite answers to this problem. Any insight as to why this would just start happening out of the blue would be most appreciated. Thank you, Chris Harms # additional info # Software versions cyrus 2.2.12 sendmail 8.13.6 # /var/imap/socket srwxrwxrwx 1 root root 0 May 16 22:36 lmtp # cyrus.conf lmtp cmd=lmtpd listen=lmtp prefork=0 lmtpunix cmd=lmtpd listen=/var/imap/socket/lmtp prefork=1 Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus+sendmail+lmtpunix connection refused by localhost
Andrzej Adam Filip wrote: Chris Harms [EMAIL PROTECTED] writes: Hello, We have recently started to experience an inconsistent problem after restarting cyrus and sendmail after a nightly backup script runs. All services seem to start properly, but mail delivery is deferred with sendmail logging dsn=4.4.1, stat=Deferred: Connection refused by localhost It appears to be something in lmtp, but we aren't sure what exactly. We are using the socket for lmtpunix delivery. The magic bullet seemed to be stopping all services and removing /var/run/cyrus-master.pid and some old lmtp lock files, but then this may have been coincidental. I found a few similar reports on Google, but no definite answers to this problem. Any insight as to why this would just start happening out of the blue would be most appreciated. Thank you, Chris Harms # additional info # Software versions cyrus 2.2.12 sendmail 8.13.6 # /var/imap/socket srwxrwxrwx 1 root root 0 May 16 22:36 lmtp # cyrus.conf lmtp cmd=lmtpd listen=lmtp prefork=0 lmtpunix cmd=lmtpd listen=/var/imap/socket/lmtp prefork=1 Two recomended tests: a) direct execution of deliver program (echo subject: test; echo) | cyrdeliver -- mailbox_name [ it will try to submit message via unix socket ] b) making sendmail deliver the message in verbose mode in sendmail-8.12+ as root execute: (echo subject: test; echo)| sendmail -v mailbox_name One possible source of problem: HostStatusDirectory option makes sendmail remember for some time initial problems with delivery to cyrus imap. Have you set the option in your sendmail.cf? It appears to be enabled: O HostStatusDirectory=.hoststat Reviewing my backup script shows the stopping / starting of sendmail to be commented out, so I should probably uncomment that first. Or would it be a good idea to turn off the HostStatusDirectory option anyway? Thank you for your help, Chris Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
altnamespace with cyrus 2.3.3 and thundebird
Hello, After using Cyrus 2.1 for a few years I wanted to use a new Cyrus version on my new server. Although it is not yet marked as stable I downloaded version 2.3.3 and tried to connect to it with Thunderbird 1.5.0.2. The host system is a LFS 6.1 system. Although I set the altnamespace option in the imapd.conf file all folders are shown beneath the INBOX. When I checked the namespace options in Thunderbird it came up with these values: Personal namespace: INBOX. Public namespace: Other users:user. Comparing these values to my old Cyrus version (2.1.15) Personal namespace: Public namespace: Public Folders. Other users:Other Users. Creating folders in Thunderbird with the mailbox select (1 level higher than inbox) works but in cyradm these are created at root level, no prefix what so ever. I tried to set the sharedprefix and userprefix option but it did not help. Thunderbird configuration allows these settings to be taken over from server. But also disables and filling the 2.1.15 values does not solve the problem. Is this a bug of I am missing somehting here? Regards, Chris Wesdorp Current imapd.conf: # Begin /etc/imapd.conf configdirectory: /srv/cyrus/imap partition-default: /srv/cyrus/spool srvtab: /srv/cyrus/srvtab admins: root chris cyrus sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN sasl_minimum_layer: 0 allowanonymouslogin: no allowplaintext: yes altnamespace: yes sendmail: /usr/sbin/sendmail sievedir: /srv/cyrus/sieve hashimapspool: true tls_cert_file: /srv/cyrus/imap/server.pem tls_key_file: /srv/cyrus/imap/server.pem # End /etc/imapd.conf Output of listmailbox in cyradm as user cyrus: Mailpj1 (\HasNoChildren) Trash (\HasNoChildren) user.chris (\HasChildren) user.chris.Archief (\HasNoChildren) user.chris.Sent (\HasNoChildren) user.chris.Trash (\HasChildren) user.chris.Trash.test2 (\HasNoChildren) user.chris.test (\HasNoChildren) Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: altnamespace with cyrus 2.3.3 and thundebird
Thanks, that was quick. It also resolved the problem! Maybe something for the FAQ? Regards, Chris On 05-05-2006 00:02, Andrew Morgan wrote: On Thu, 4 May 2006, Chris Wesdorp wrote: [snip] admins: root chris cyrus [snip] Output of listmailbox in cyradm as user cyrus: Mailpj1 (\HasNoChildren) Trash (\HasNoChildren) user.chris (\HasChildren) user.chris.Archief (\HasNoChildren) user.chris.Sent (\HasNoChildren) user.chris.Trash (\HasChildren) user.chris.Trash.test2 (\HasNoChildren) user.chris.test (\HasNoChildren) Don't ever create a mailbox for, or login from a normal imap client with, an admin user. I expect if you remove 'chris' from the list of admins, you'll see the correct altnamespace behavior. :) Andy Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: autocreate: why do I need autocreatequota?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andreas Hasenack wrote: Regarding the autocreate patches, did I missread the documentation or do I need to set a default quota for an user? Why can't I just give these autocreated mailboxes unlimited quota? I'd say you misread the documentation. If you want unlimited quota and autocreate enabled, try a negative number. - From man imapd.conf: autocreatequota: 0 If nonzero, normal users may create their own IMAP accounts by creating the mailbox INBOX. The user's quota is set to the valueif it is positive, otherwise the user has unlimited quota. - -- Chris Hilts [EMAIL PROTECTED] Say it with flowers -- Send them a triffid! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (MingW32) iD8DBQFETlCm98ixrK2vMtARAi6qAKCdexnlL2R8TP5SiY2KqPOxuNpIzQCePfig Nx+uqk6DdS1vIAI0k2T9GbI= =9fK7 -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: setting up tls
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 nikhil BS wrote: how do i setup cyrus to use the starttls command?i tried creating some certificates using openssl set the tls_cert_* fields in the imapd.conf file and have gotten nowhere. help please What have you tried? Post the relevant portions of your config. We need details to be able to help. - -- Chris Hilts [EMAIL PROTECTED] Say it with flowers -- Send them a triffid! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (MingW32) iD8DBQFERj2R98ixrK2vMtARAjs2AJ4y2Dkc1QY91pwafF0Aw6IfpS5rVwCbBEG+ 7Nsll2Ua4hJP9arvRG+s9AM= =WY7L -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: How to suppress Couldn't find mech CRAM-MD5 message
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 We don't support CRAM-MD5, but we don't want to be warned every time somebody tries to use it. Cyrus SASL was compiled without CRAM-MD5 support. Here is some other configuration information: Is Cyrus reporting it can do CRAM-MD5 in the CAPABILITY response? What have you got your sasl_mech_list set to? - -- Chris Hilts [EMAIL PROTECTED] Say it with flowers -- Send them a triffid! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.1 (MingW32) iD8DBQFEFYz/98ixrK2vMtARAs69AKCRGBKG6b+BL/tpcbib4XTJcVp71ACfTXrO s0pFhstoa8fHtJWqYu57tio= =8As2 -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Compiling 2.2.12 on Slackware
Hello, I'm also trying to compile on Slackware (Version 10+ish). I believe I've made it past the BerkeleyDB problems I was having at first (Thanks to Jorey Bump for that part...), but now I'm getting the following: ./configure \ --with-bdb-libdir=DIR=/usr/lib \ --with-bdb-incdir=/usr/include/db4 make Snip the stuff that compiled fine In file included from version.c:59: xversion.h:3:23: warning: no newline at end of file Snip some more gcc -c -I.. -I./../lib -I../et -I./../sieve -I/usr/include/db4 -DHAVE_CONFIG_H -g -O2 \ message.c tls.c: In function `get_session_cb': tls.c:527: warning: passing arg 2 of `d2i_SSL_SESSION' from incompatible pointer type gcc -c -I.. -I./../lib -I../et -I./../sieve -I/usr/include/db4 -DHAVE_CONFIG_H -g -O2 \ global.c gcc -c -I.. -I./../lib -I../et -I./../sieve -I/usr/include/db4 -DHAVE_CONFIG_H -g -O2 \ imap_err.c version.c: In function `id_response': version.c:103: error: syntax error before ')' token distcc[20459] ERROR: compile version.c on 192.168.1.140 failed make[1]: *** [version.o] Error 1 make[1]: *** Waiting for unfinished jobs make[1]: Leaving directory `/src/cyrus/cyrus-imapd-2.2.12/imap' make: *** [all] Error 1 Any ideas? Thanks -Chris P.S. In case anyone should wonder, I've googled and googled till my googler was sore, I'm not just coming here at the first sign of a problem. Thanks. Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: why does cyrus have to have a password
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andreas Haase wrote: I would really not like people to be able to ssh into the cyrus account. set the login shell of your cyrus admin user to /bin/false or something similiar. Specifically, check the AllowGroups/AllowUsers and DenyGroups/DenyUsers parameters for sshd. (man 5 sshd_config) - -- Chris Hilts [EMAIL PROTECTED] Say it with flowers -- Send them a triffid! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) iD8DBQFDpyNy98ixrK2vMtARAhetAJ4maBMr9SFTx2THR4RRczkhd4JUJwCfQPB4 P7NXFej9hquGhQsE9akpb08= =co7S -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Log level question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 not sure how he's accessing (dial-in, dsl, etc) but your could certainly catch him by doing a tcpdump filtering on pop3 (and hopefully) his ip address. you'll see the DELE command in the data section of the tcp packets ... of course, some sort of transaction logging would be better :-), but if all else fails ... Great googly moogly. How about setting up telemetry? Granted you're going to end up with all his mail in there too, but it'd be easier than sniffing the traffic. - From overview.html: log Directory The subdirectory log under the configuration directory permits administrators to keep protocol telemetry logs on a per-user basis. If a subdirectory of log exists with the same name as a user, the IMAP and POP3 servers will keep a telemetry log of protocol sessions authenticating as that user. The telemetry log is stored in the subdirectory with a filename of the server process-id and starts with the first command following authentication. - -- Chris Hilts [EMAIL PROTECTED] Say it with flowers -- Send them a triffid! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) iD8DBQFDOYP998ixrK2vMtARAjrRAJ9VjvyzfgYdBws5+6CdvqRK2ziUVACgkWIN DGtc6PhiLMFq7qXxk7+oQi8= =44BB -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Permissions / Mailbox Problems
I know it's been said before and I betray my utter ignorance of how it all hangs together but... I've inherited the set-up of a new server which has Cyrus installed, but I doubt ever running. I followed some (admittedly old) instructions got as far as setting up two mailboxes with cyradm. Couldn't use 'em because the DNS for the mail server was wrong. Someone restarted the services.. and now my original mailboxes seem to have vanished I get Permission Denied trying to create any new mailbox (I can run su - cyrus, then cyradm localhost login without problems) We are trying to run a default domain 3 sub-domains, as we want email addresses of the format [EMAIL PROTECTED] [EMAIL PROTECTED] I have virtdomains set, I have Apache servicing the corresponding web pages. If I try something list cm [EMAIL PROTECTED] I get Invalid Mailbox (I tried setting the unix hierarchy flag using / but still no go). ok, I've probably not said enough about the environment. It's Red Hat enterprise,fairly much straight out of the box. I can see lots of advice, but it all assumes you are starting from point X (or Y or W or...) nothing that I can say ok, don't know where the other fellow finished, Cyrus is installed, but how can I configure it from scratch. I don't need (I hope) to recompile everything, I can verify a login for Cyrus admin, but I can't even create a mailbox. Is there a proper idiots' guide to Cyrus? Chris --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: moving message on nearly full mailbox with IMAP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 If i have a Mailbox with 5MB quota, there is 4.9MB in use and i want to move one message with 1 MB from one folder to another, cyrus gives me an error message that says i'm over quota. Why does moving a message need space in the mailbox, i don't want to copy it but to move. Because there is no such thing as a move when you're using IMAP. It's copy, then delete. You don't have enough quota remaining for two instances of that message at once, therefor the move (copy then delete) fails. For more details, see RFC 3501. - -- Chris Hilts [EMAIL PROTECTED] Say it with flowers - send them a triffid. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iEYEARECAAYFAkLFkLMACgkQ98ixrK2vMtCa1wCfbqx1ZsiKNfIK9o7E3xWObvuH in4An3ejpe/FGqYf3RLrhVRNZombSN5Y =PhGE -END PGP SIGNATURE- --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: moving message on nearly full mailbox with IMAP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Is it wise to modify these clients to instead FETCH, delete/expunge, then STORE? Sounds like a recipe for lost messages should anything go wrong.. What happens if as you FETCH, new messages arrive and take up just enough quota that the STORE would put it over quota? What do you do with the message? - -- Chris Hilts [EMAIL PROTECTED] Say it with flowers - send them a triffid. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iEYEARECAAYFAkLFng8ACgkQ98ixrK2vMtD1rACfaqxMq485Ofi0VaIz2YvYoO6S 2qMAn08s5nOkHUfblgqzVFqxQ+pT7sAy =w6b6 -END PGP SIGNATURE- --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
