Re: archive and downgrade
On Fri, 23 Mar 2018 18:41:47 +0100 (CET) Gabriele Bulfon wrote: > for some reasons, I had to move old folders onto an older system for > archiving. I would probably move via IMAP. -- Papst Franziskus ruft zum Kampf gegen Fake News auf. Wir finden, der Mann, der sich als Stellvertreter Christi ausgibt, von dem er behauptet, dessen Mutter sei zeitlebens Jungfrau gewesen, er hätte über Wasser gehen und selbiges in Wein verwandeln können, hat vollkommen recht. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Why Cyrus?
On Thu, 18 Jan 2018 09:13:14 +0100 Binarus wrote: > I do not know if this is still the case, but this experience shows > that you should test *every possible client software* you (the > customer) could use with Dovecot, and that you should set up all IMAP > features and test if any actions you will carry out in the future > will work. This is still the case with recent dovecot versions. Obviously, you can mark messages as deleted and then purge them later instead of moving them. Furthermore, dovecot can't handle quotas in public namespace. Chris -- Papst Franziskus ruft zum Kampf gegen Fake News auf. Wir finden, der Mann, der sich als Stellvertreter Christi ausgibt, von dem er behauptet, dessen Mutter sei zeitlebens Jungfrau gewesen, er hätte über Wasser gehen und selbiges in Wein verwandeln können, hat vollkommen recht. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: ACL inheritance in Shared Namespace
Ken Murchison via Info-cyrus wrote: > Unless someone other than me changed the code, ACL inheritance only > applies to mailbox creation. Once a mailbox exists, its ACL is > independent of all others. Thank you for your quick reply. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
ACL inheritance in Shared Namespace
All, is ACL inheritance possible in shared namespace? If I revoke access for someone in folderA/, does this also apply to folderA/subfolderA1? Thank you in advance. - Chris Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: How Do i get last lgin date for all my users
On 2013-04-13 09:26, Adam Tauno Williams wrote: > On Sat, 2013-04-13 at 12:56 +0100, Charles Bradshaw wrote: > This seems very unreliable, slow, and hacky. When I login to my e-mail > the system typically tells me the last time I logged in [at least to > that app]. Doesn't the meta-data in the IMAP server 'know' this > information? > > > > at one point I was using the fud-client for this. But of late versions I have not been able to get it working. Once I upgrade to 2.5 I will try again. C. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
small patch to disable openssl compression
Hi - This patch disables openssl compression - not sure if this is a security risk or not... but, I don't think I like the encryption library performing compression anyway, it's complicated already. Maybe. Chris diff -rupN cyrus-imapd-2.4.17/imap/tls.c cyrus-imapd-2.4.17.f/imap/tls.c --- cyrus-imapd-2.4.17/imap/tls.c 2012-12-01 19:57:54.0 + +++ cyrus-imapd-2.4.17.f/imap/tls.c 2013-01-18 15:27:58.0 + @@ -667,6 +667,11 @@ int tls_init_serverengine(const char off |= SSL_OP_NO_SSLv3; } SSL_CTX_set_options(s_ctx, off); + +#ifdef SSL_OP_NO_COMPRESSION +SSL_CTX_set_options(s_ctx, SSL_OP_NO_COMPRESSION); +#endif + SSL_CTX_set_info_callback(s_ctx, (void (*)()) apps_ssl_info_callback); /* Don't use an internal session cache */ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Migrating seen database
On 2012-11-15 15:51, Bron Gondwana wrote: > On Thu, Nov 15, 2012, at 09:46 PM, Chris Conn wrote: >> On 2012-11-15 15:34, Dan White wrote: >>> On 11/15/12 11:59 +1100, Puthick Hok wrote: >>>> Hi, >>>> >>>> I am migrating my cyrus imap from the current server with cyrus 2.3.7 >>>> to a new server with better hardware running cyrus 2.3.16. >>>> >>>> When you are upgrading 2.3.x to 2.4.x it does an in-place mailbox >>>> conversion >>>> the first time you open it. This conversion copies some data from the >>>> .seen >>>> file into the cyrus.index. >>>> >>>> >>>> Bron. unless its a typo, he is upgrading to 2.3.16? If its a typo and the upgrade is to 2.4 from 2.3.7 my experience is not applicable to this situation. Chris Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Migrating seen database
On 2012-11-15 15:34, Dan White wrote: > On 11/15/12 11:59 +1100, Puthick Hok wrote: >> Hi, >> >> I am migrating my cyrus imap from the current server with cyrus 2.3.7 >> to a new server with better hardware running cyrus 2.3.16. >> >> I've googled for the command to dump the seen database in >> /var/lib/imap/user/... without success. I have played with some the >> cyrus command on my inbox and it made all my emails unread. >> Fortunately, only my inbox is affected. It's scary. I have copied the >> binary files including the sub database. The subscription or subfolder >> (sub database) seems to ok but the seen database is not very good. >> Some of my sub folders get all emails unread which is wrong. >> >> My work around if I cannot find a way to copy the seen database would >> be ask everyone to create a folder called Read and create a >> Thunderbird rule to move all read emails to this folder prior to >> migration. However, there should be a better way than this, except >> that I don't know it. >> >> I hope someone can give me some advices to deal with this problem. > You could use an imap synchronization program (like imapsync) to transfer > your emails, which will transfer your seen state in a portable format > (IMAP). > Hello, My first instinct when I made an upgrade from an antique 2.2.x installation to a 2.3.16 was to use imapsync; but that proved to be cumbersome and also quite slow. In practice, cyrus upgraded databases perfectly from even such an old install, and I simply copied via rsync the spools and databases and the seen files and had zero issues other than a corrupted tls database that I simply deleted and moved on. When you copy the databases and seen files to the new server, it doesn't work correctly? I am surprised by this. Chris Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: what does cyrus support through ldap?
On 2012-04-24 15:42, Jules Agee wrote: > On 04/24/2012 02:00 AM, Martin Kraus wrote: >> Hi. I hoped that cyrus would be managable through ldap but that doesn't >> seem to be the case. Is the cyrus ldap support strictly for authentication? >> It's just that sasl can do that as well. >> >> I'd like to know if there are other options to managing mailboxes besides >> calling perl scripts. I need to come up with some kind of a graphical >> interface to manage mailboxes and I'm looking for the available options to >> interface with cyrus. >> >> thanks >> Martin >> > we use an apparently old cyradm library from a PHP script to add, delete and modify LDAP configs for our mailboxes. Its called php-cyradm http://stocker.bz/cyrus-tools/php-cyradm-2.0.1.tar.bz2 We had to tweak a few things but its quite solid. We stole the library functions in cyradm-php.lib of this to call in our own system Chris Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: RPMs for cyrus-imapd v2.4.13?
On 2012-01-19 11:40, Rosenbaum, Larry M. wrote: Are there any RPMs available yet for cyrus-imapd v2.4.13? We're running RHEL6. Larry M. Rosenbaum Oak Ridge National Laboratory http://www.invoca.ch/pub/packages/cyrus-imapd/ I built them on a Centos 6.2 server and they worked well in my setup. Chris Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: sieve and SASL
> "IMPLEMENTATION" "Cyrus timsieved v2.4.8-Invoca-RPM-2.4.8-1.el4" > "SASL" "PLAIN" > "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags > notify envelope relational regex subaddress copy" > "STARTTLS" > OK > > Other question, do you have cyrus-sasl-plain installed? > > Thanks, > Simon Hello, Thank you for pointing out the obvious, no, cyrus-sasl-plain was AWOL from the system. I owe you a chilly beverage. C. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
sieve and SASL
Hello, I am trying to get sieve working with a RPM distro of Cyrus I built using Invoca. I believe my problem is caused by timsieved not advertising LOGIN or PLAIN capability and causing the client (horde/ingo) to fail`; "IMPLEMENTATION" "Cyrus timsieved v2.4.8-Invoca-RPM-2.4.8-1.el6" "SASL" "" "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy" "STARTTLS" OK after SASL is "", which usually has; "SASL" "PLAIN" in other implementations I have seen. The error I see in horde/ingo is; There was an error activating the script. The driver said: No supported authentication method found. The server supports these methods: , but we only support: DIGEST-MD5,CRAM-MD5,EXTERNAL,PLAIN,LOGIN I note that horde/ingo seems to not see any useable authentication methods and therefore fails. Is there something I forgot to set somewhere to allow sieve to use PLAIN or LOGIN? Thank you, Chris C. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Upgrading from 2.3 to til 2.4
> BTW: What happened to the rpms published by Simon Matter? Nothing to be > found at http://www.invoca.ch/pub/packages/cyrus-imapd/ recently. > > -psi > > > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ http://www.invoca.ch/pub/packages/cyrus-imapd/pkg/ils-5/SRPMS/ This seems pretty recent. C. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: SSL certificates
I use a GoDaddy 2048bit cert on my personal server with no issues. In imapd.conf I have set the following: tls_cert_file: /etc/pki/cyrus-imapd/.crt tls_key_file: /etc/pki/cyrus-imapd/server.key tls_ca_file: /etc/pki/cyrus-imapd/gd_intermediate_bundle.crt (I think this one is only for authorizing inbound client certs) tls_ca_path: /etc/ssl/certs My gd_intermediate_bundle.crt contains the 2 intermediates and the root certs in PEM format, cat'd together. Order shouldn't be significant, but in mine, the order is (by cert subject): CN=Go Daddy Secure Certification Authority/serialNumber=07969287 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 2 Policy Validation Authority, CN=http://www.valicert.com//emailAddress=i...@valicert.com Basically listed in the 'correct' order of the chain. To Kevin's point about the private key, I agree that you should remove the passphrase from your key. It will only cause complications with startup. Hope this helps, -Chris On 3/1/2011 9:22 AM, Kevin Kobb wrote: > On 2/28/2011 9:44 AM, Anthony Tibbs wrote: >> Good morning, >> >> I've been running Cyrus at a couple of small sites since 2001 or so. >> I've run into a snag trying to setup SSL using something other than the >> self-signed, auto-generated certificate. The domain has a GoDaddy >> 2048-bit SSL certificate. From the SSL manager, one downloads a bundle >> that contains a certificate chain bundle, and a separate file with the >> certificate for the domain itself. >> >> The key and CSR was generated with: >> >> openssl genrsa -des3 -out xxx.key 2048 >> openssl req -new -key xxx.key -out xxx.csr >> >> I've seen a few different methodologies posted about how to install >> this. One is to conctenate the domain certificate, the certificate >> chain, and the private key into one .pem file and set tls_cert_file, >> tls_ca_file, and tls_key_file to point to the same '.pem' file. Another >> is to keep the files completely separate. >> >> No matter what I have tried, I've been unsuccessful. Thunderbird reports >> that it received an SSL record that is too long, and/or the imapd >> process becomes stuck at 100% CPU utilization until it is killed forcibly. >> >> Is there something I'm missing on this? >> >> - Anthony >> >> >> >> >> Cyrus Home Page: http://www.cyrusimap.org/ >> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > Couple of things you might look at. First, I think you need to drop the > -des3 option when you create the private key. Do something like: > openssl genrsa -out xxx.key 2048 instead. Otherwise, you wind up with an > encrypted private key that needs a pass phrase every time you start the > server. I didn't think Cyrus would even start with a key like this. > Apache is about the only thing I've used that would prompt you for a > pass phrase on start up. > > To remove the key pass phrase you can do something like: > openssl rsa -in xxx.key -out xxx.key.nopass > > I haven't used GoDaddy certs for a while because you had the extra > hassle of dealing with intermediate certificates, and I can get > single-root certs cheaper. That being said, I believe all you should > need to do is cat the signed cert and the intermediate cert together, > and use this for the tls_cert_file: value in imapd.conf. Point the > tls_key_file: value to your private key, and that should do it. > > This is all off the top of my head and a sick child meant I only got > about 3 hours of sleep last night, so please make copies of everything > before trying any of this! > > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: disconnect_on_vanished_mailbox
> No. This kind of bogus, racy, non-deterministing messing is precisely what > the strong consistent locking design of Cyrus 2.4 is designed to avoid! > > You could always: > > cd /var/imap/proc; grep -l $username * | xargs kill > > if you actually want to kill the user connections. > > Bron. Trust me, I despise this method and have hit people over the head, literally. I don't know who came up with this scheme but I have always disagreed with its use; severe reverse-learning is in order. I was actually looking to have the management script check the proc files to see if there was an active process on a mailbox and deny the rename if that was the case. Guess its my only option, and it sounds good. Thanks, Chris Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
disconnect_on_vanished_mailbox
Hello, I am looking at this option for 2.4.5; disconnect_on_vanished_mailbox: 1 If enabled, IMAP/POP3/NNTP clients will be disconnected by the server if the currently selected mailbox is (re)moved by another session. Otherwise, the missing mailbox is treated as empty while in use by the client. Some techs have the nasty habit of renaming mailboxes as some sort of means to remove POP3 locks on a dead customer session. This renaming atrocity seems to work on pop3 clients, however my tests show that if we rename a mailbox on a active IMAP connection, the rename works, however the original mailbox is only deleted once the socket times out or the client closes his client. I was hoping this option would disconnect the IMAP client, as I added a pop3test to try and remove the IMAP mailbox lock on the old mailbox, but to no avail. The end result is a duplicate account, mail is moved to the new mailbox and we have to manually move back the mailbox name. Is there any way I can cheat on a mailbox lock to allow a rename when an active IMAP connection is on that locked mailbox? Chris Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
toying with SIEVE and ldap
Hello, I'm toying with a Horde module that allows to create SIEVE filters and store them in an ldap directory. This works, however I haven't found any documentation as to how it might be (is it?) possible to read these filters from the mailSieveRuleSource: of a ldap dn. The module is Ingo, and it seems to convert a vacation message into; mailSieveRuleSource:: IyBTaWV2ZSBGaWx0ZXIKIyBHZW5lcmF0ZWQgYnkgSW5nbyAoaHR0cDov L3d3dy5ob3JkZS5vcmcvaW5nby8pICgxMi8wMS8yMDEwLCAxMTo0NjoxNCBBTSkKCnJlcXVpcmUgW yJ2YWNhdGlvbiIsICJyZWdleCJdOwoKIyBWYWNhdGlvbgppZiBhbGxvZiAoIG5vdCBleGlzdHMgWy JsaXN0LWhlbHAiLCAibGlzdC11bnN1YnNjcmliZSIsICJsaXN0LXN1YnNjcmliZSIsICJsaXN0LW9 3bmVyIiwgImxpc3QtcG9zdCIsICJsaXN0LWFyY2hpdmUiLCAibGlzdC1pZCIsICJNYWlsaW5nLUxp c3QiXSwgbm90IGhlYWRlciA6Y29tcGFyYXRvciAiaTthc2NpaS1jYXNlbWFwIiA6aXMgIlByZWNlZ GVuY2UiIFsibGlzdCIsICJidWxrIiwgImp1bmsiXSwgbm90IGhlYWRlciA6Y29tcGFyYXRvciAiaT thc2NpaS1jYXNlbWFwIiA6bWF0Y2hlcyAiVG8iICJNdWx0aXBsZSByZWNpcGllbnRzIG9mKiIgKSB 7IAogICAgaWYgaGVhZGVyIDpyZWdleCAiUmVjZWl2ZWQiICJeLiooMjAxMCkgKFxcKC4qXFwpICk/ Li46Li46Li4gKFxcKC4qXFwpICk/KChcXCt8XFwtKVtbOmRpZ2l0Ol1dezR9fC57MSw1fSkoIFxcK C4qXFwpKT8kIiB7CiAgICB9Cgp9Cg== Is there a way to get Cyrus to read this and apply the sieve filter? Thanks, Chris Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Sync_client fails after upgrade 2.3.16 to 2.4.4
On 2010-11-29 16:49, Bron Gondwana wrote: > So set the clocks on the machines out by a few more seconds and you'll > be fine. > > Seriously - the problem is that it works when you test manually because > they're not happening at the same time. "things die" because > replication is asynchronous, and the same UID gets allocated to messages > with different content! > > That said - it should be able to resolve the situation without crashing. > When we shut down one end, we bring up the other. Downtime is a couple > of seconds maximum. Everything gets delivered to postfix locally which > forwards to an LMTP proxy which knows which host is the master, and > delivers appropriately. > > Most MTAs are happy to spool locally generated mail until the server > is back up. Store and forward. > > Bron. Hello, First, I hope my comments were not taken as criticism of the Cyrus model, I like Cyrus enormously and am glad to deploy it ;) I am working instead on a second sendmail process that listens on localhost to forward all mail to the master in order to avoid this "issue". I might disable sendmail on the public IP of the slave entirely unless I need to temporarily use the slave and bring down the master for whatever reason. Glad its just architectural. Thanks again, Chris Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Sync_client fails after upgrade 2.3.16 to 2.4.4
>> Hmm I hadn't read that. I was aware that doing it in a high volume >> scenario was problematic, but was under the impression that an >> occasional delivery here and there was theoretically possible. Its >> pretty amazing since I test it manually and I can send to either one or >> the other and replication happens correctly; however, when the stupid >> logrotate message gets sent on the slave within seconds of a similar >> message being sent on the master, things die. > > Must be a timing issue that sync_client can't handle. > Clearly. A cronjob I made to echo to the stdout every minute on both the master and the slave causes instant death to replication. I don't have to wait until tomorrow morning to find out. I am going to find a way to pipe locally generated mail to a process that smarthosts/mailhubs to the master. Hopefully someday cyrus will be able to handle inbound emails on replicated systems, as well as pop3/imap traffic. The world would be ideal :) C. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Sync_client fails after upgrade 2.3.16 to 2.4.4
> > I didn't think that the slave was supposed to be setup to accept > incoming mail? > > > http://comments.gmane.org/gmane.mail.imap.cyrus/33805 > > Hello, Hmm I hadn't read that. I was aware that doing it in a high volume scenario was problematic, but was under the impression that an occasional delivery here and there was theoretically possible. Its pretty amazing since I test it manually and I can send to either one or the other and replication happens correctly; however, when the stupid logrotate message gets sent on the slave within seconds of a similar message being sent on the master, things die. People that use replication as a quasi-hot standby server in the case the master goes down/needs maintenance etc, etc, how do you deal with locally generated mails that will eventually get delivered to a cyrus mailbox on the master to which this is the slave? Chris Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Sync_client fails after upgrade 2.3.16 to 2.4.4
ov 29 04:16:36 node2 syncserver[7865]: higher modseq on replica user.user - 41 < 43 Nov 29 04:19:07 node2 sync_client[17881]: MAILBOX received NO response: IMAP_MAILBOX_CRC Checksum Failure Nov 29 04:19:07 node2 sync_client[17881]: do_folders(): update failed: user.user 'Mailbox format corruption detected' Nov 29 04:19:07 node2 sync_client[17881]: MAILBOX received NO response: IMAP_MAILBOX_CRC Checksum Failure Nov 29 04:19:07 node2 sync_client[17881]: CRC failure on sync for user.user, trying full update Nov 29 04:19:07 node2 sync_client[17881]: IOERROR: opening /var/spool/imap/u/user/user/22.: No such file or directory Nov 29 04:19:07 node2 sync_client[17880]: process 17881 exited, signaled to death by 6 reconstruct and start again; Nov 29 04:19:20 node2 syncserver[17904]: IOERROR: failed to parse /var/spool/imap/sync./17904/3a4cfcd97496017d40cb8be29682920eef0da4e7 Nov 29 04:19:20 node2 syncserver[17904]: Failed to append file user.user 16 Nov 29 04:21:16 node2 sync_client[27906]: MAILBOX received NO response: IMAP_MAILBOX_CRC Checksum Failure Nov 29 04:21:17 node2 sync_client[27906]: CRC failure on sync for user.cconn, trying full update Nov 29 04:21:17 node2 sync_client[27906]: MAILBOX received NO response: IMAP_MAILBOX_CRC Checksum Failure Nov 29 04:21:17 node2 sync_client[27906]: CRC failure on sync for user.user, trying full update Nov 29 04:21:17 node2 sync_client[27906]: FETCH received NO response: IMAP_MAILBOX_NONEXISTENT No Such Mailbox Nov 29 04:21:17 node2 sync_client[27905]: process 27906 exited, signaled to death by 6 meanwhile on the master; Nov 29 04:21:16 node1 syncserver[2525]: higher modseq on replica user.cconn - 433 < 434 Nov 29 04:21:17 node1 syncserver[2525]: higher modseq on replica user.user - 45 < 46 Nov 29 04:21:44 node1 sync_client[2501]: MAILBOX received NO response: System I/O error Nov 29 04:21:44 node1 sync_client[2501]: do_folders(): update failed: user.user 'The remote Server(s) denied the operation' Nov 29 04:21:52 node1 sync_client[2501]: MAILBOX received NO response: System I/O error Nov 29 04:21:52 node1 sync_client[2501]: do_folders(): update failed: user.user 'The remote Server(s) denied the operation' Nov 29 04:21:52 node1 sync_client[2501]: IOERROR: The remote Server(s) denied the operation Nov 29 04:21:52 node1 sync_client[2501]: Error in do_sync(): bailing out! The remote Server(s) denied the operation Nov 29 04:21:52 node1 sync_client[2501]: Processing sync log file /var/lib/imap/sync/log-2500 failed: The remote Server(s) denied the operation Nov 29 04:21:52 node1 sync_client[2500]: process 2501 exited, status 1 Nov 29 04:23:32 node1 syncserver[12603]: higher modseq on replica user.user - 45 < 46 Nov 29 04:23:39 node1 sync_client[12580]: MAILBOX received NO response: System I/O error Nov 29 04:23:39 node1 sync_client[12580]: do_folders(): update failed: user.user 'The remote Server(s) denied the operation' Nov 29 04:23:46 node1 sync_client[12580]: MAILBOX received NO response: System I/O error Nov 29 04:23:46 node1 sync_client[12580]: do_folders(): update failed: user.user 'The remote Server(s) denied the operation' Nov 29 04:23:46 node1 sync_client[12580]: IOERROR: The remote Server(s) denied the operation Nov 29 04:23:46 node1 sync_client[12580]: Error in do_sync(): bailing out! The remote Server(s) denied the operation Nov 29 04:23:46 node1 sync_client[12580]: Processing sync log file /var/lib/imap/sync/log-12579 failed: The remote Server(s) denied the operation Nov 29 04:35:52 node1 reconstruct[10397]: user.user uid 16 not found Nov 29 04:36:09 node1 reconstruct[10399]: user.user: updating sync_crc => 482C1C6F so my only solution was to delete the 16. file under user.user, which was an email that was successfully replicated at 00:15 am that same day. So is this the same bug? In any case, this happens every day when the logrotate emails get sent from master to slave and slave to master, as they are sending a different email to the same mailbox roughly at the same time. Hopefully running 2.4.5 will avoid this? Chris Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: disable IMAP IDLE
IDLE does require the session to stay open. But the server doesn't have to support IDLE for the client to keep the connection open. -Chris On 11/23/2010 11:20 AM, Ian Eiloart wrote: > > > --On 23 November 2010 10:19:28 -0500 Chris Mattingly > wrote: > >> >> >> The RFC for the IDLE says: >> >> This document specifies the syntax of an IDLE command, which will >> allow a client to tell the server that it's ready to accept such >> real-time updates. >> >> This doesn't say anything about keeping connections open, it only talks >> about the near-instant new email notification. > > IDLE requires the session to remain open, doesn't it? After all, > nothing in the spec allows the client to say how it can be contacted. > The open session is used for the notification. > > In fact, RFC 2177 says this about keeping sessions open: > >"The server MAY consider a client inactive if it has an IDLE command > running, and if such a server has an inactivity timeout it MAY log > the client off implicitly at the end of its timeout period. Because > of that, clients using IDLE are advised to terminate the IDLE and > re-issue it at least every 29 minutes to avoid being logged off. > This still allows a client to receive immediate mailbox updates even > though it need only "poll" at half hour intervals." > > >> -Chris >> >> On 11/23/2010 10:01 AM, Ron Vachiyer wrote: >>> >>> >>> > Date: Tue, 23 Nov 2010 14:44:34 + >>> > From: i...@sussex.ac.uk >>> > To: prout...@hotmail.com; info-cyrus@lists.andrew.cmu.edu >>> > Subject: Re: disable IMAP IDLE >>> > >>> > >>> > >>> > --On 22 November 2010 18:40:37 -0500 Ron Vachiyer >>> >>> > wrote: >>> > >>> > > >>> > > Hello, >>> > > >>> > > I thought it was possible in Cyrus to disable the IDLE >>> functionality, >>> > > either with imapidlepoll: 0 in imapd.conf, or by commenting >>> idled in >>> > > cyrus.conf. However, having both disabled, clients still connect >>> and >>> > > maintain their socket open on tcp 143. Is it not possible or am I >>> going >>> > > about it wrong? >>> > >>> > I thought sessions remained open for efficiency, regardless of IDLE, >>> until >>> > closed by the client or 30 minutes have elapsed. >>> > >>> > IDLE just lets the server notify the client if new email arrives, >>> doesn't >>> > it? >>> > >>> > Even without IDLE, there are benefits in leaving the session open. >>> >>> Hello, >>> >>> I won't argue since clearly I am in the minority ;) Using >>> courier-imap on our Plesk servers, TCP/143 is closed after every new >>> mail verification. A dovecot server I checked does the same. Cyrus >>> seems to allow the session to be maintained, and yes, it does not >>> advertise IDLE. >>> >>> Below is an example courier-imap capability; >>> >>> * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE >>> THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA ACL ACL2=UNION >>> STARTTLS] Courier-IMAP ready. Copyright 1998-2004 Double Precision, >>> Inc. See COPYING for distribution information. >>> . CAPABILITY >>> * CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE >>> THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA ACL ACL2=UNION >>> STARTTLS >>> >>> >>> this one is cyrus 2.4.4 >>> >>> . capability >>> * CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS AUTH=PLAIN SASL-IR >>> ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS >>> NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE >>> CONDSTORE ESEARCH SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT >>> THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN QRESYNC SCAN XLIST >>> URLAUTH URLAUTH=BINARY X-NETSCAPE COMPRESS=DEFLATE >>> . OK Completed >>> >>> I was asked by IT to not permit IDLE since the current server went >>> down after 4-500 blackberries ate up all the (limited) capabilities of >>> that machine.Perhaps I am looking in the wrong place, the point is >>> the demand I am facing is to have IMAP that essentially behaves as a >>> POP3 client when it comes to inbox scans. >>> >>> I believe there was an issue as well where POP clients using outlook >>> would cause mailbox corruption when they popped a mailbox being >>> maintained by a blackberry connected via IMAP. >>> >>> R. >>> >>> >>> >>> Cyrus Home Page: http://www.cyrusimap.org/ >>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >> > > > Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: disable IMAP IDLE
The RFC for the IDLE says: This document specifies the syntax of an IDLE command, which will allow a client to tell the server that it's ready to accept such real-time updates. This doesn't say anything about keeping connections open, it only talks about the near-instant new email notification. -Chris On 11/23/2010 10:01 AM, Ron Vachiyer wrote: > Date: Tue, 23 Nov 2010 14:44:34 + > From: i...@sussex.ac.uk > To: prout...@hotmail.com; info-cyrus@lists.andrew.cmu.edu > Subject: Re: disable IMAP IDLE > > > > --On 22 November 2010 18:40:37 -0500 Ron Vachiyer > wrote: > > > > > Hello, > > > > I thought it was possible in Cyrus to disable the IDLE functionality, > > either with imapidlepoll: 0 in imapd.conf, or by commenting idled in > > cyrus.conf. However, having both disabled, clients still connect and > > maintain their socket open on tcp 143. Is it not possible or am I going > > about it wrong? > > I thought sessions remained open for efficiency, regardless of IDLE, until > closed by the client or 30 minutes have elapsed. > > IDLE just lets the server notify the client if new email arrives, doesn't > it? > > Even without IDLE, there are benefits in leaving the session open. Hello, I won't argue since clearly I am in the minority ;) Using courier-imap on our Plesk servers, TCP/143 is closed after every new mail verification. A dovecot server I checked does the same. Cyrus seems to allow the session to be maintained, and yes, it does not advertise IDLE. Below is an example courier-imap capability; * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2004 Double Precision, Inc. See COPYING for distribution information. . CAPABILITY * CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA ACL ACL2=UNION STARTTLS this one is cyrus 2.4.4 . capability * CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS AUTH=PLAIN SASL-IR ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY X-NETSCAPE COMPRESS=DEFLATE . OK Completed I was asked by IT to not permit IDLE since the current server went down after 4-500 blackberries ate up all the (limited) capabilities of that machine.Perhaps I am looking in the wrong place, the point is the demand I am facing is to have IMAP that essentially behaves as a POP3 client when it comes to inbox scans. I believe there was an issue as well where POP clients using outlook would cause mailbox corruption when they popped a mailbox being maintained by a blackberry connected via IMAP. R. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Odd problem: IMAP/S suddenly not working, but no errors, and IMAP still works
On 11/1/10 7:26 PM, Bron Gondwana wrote: > On Sun, Oct 31, 2010 at 10:40:13PM -0400, Chris Pepper wrote: >> Bron, >> >> My Cyrus is from RPM, and I am just nursing it along until my users >> finish migrating off and FastMail manages to complete my own >> migration, so I don't want to build from source. Why would IMAP/S >> block on empty /dev/random, while IMAP+STARTTLS works? FWIW, SASL2 >> seems to use urandom. > > I really don't know to be honest - we don't run any ssl enabled imapds, > we do all the ssl in nginx on the frontend. It sounds like Rob's > workaround might be all you need though :) Neither do I. I decided to re-enable pop3 (which I don't use or allow, and had recently commented out) in cyrus.conf and restarted cyrus-imapd, and IMAP/SSL is working again! I commented it out and restarted Cyrus, and port 993 is still working. I'd say I just needed to restart the daemon, except I rebooted Saturday night after port 993 stopped working, so I don't know what's up. One interesting & odd data point: after "service cyrus-imapd stop", I still had a couple active connections to an imap daemon which was listening on port 993. I killed the process, but again that couldn't have persisted across the reboot I performed 1d19h ago. Bizarre! Thanks for everyone's suggestions. Chris Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Odd problem: IMAP/S suddenly not working, but no errors, and IMAP still works
On 11/1/10 11:21 AM, Simon Matter wrote: >> On 11/1/10 10:46 AM, Simon Matter wrote: >>>> Bron, >>>> >>>>My Cyrus is from RPM, and I am just nursing it along until my users >>>> finish migrating off and FastMail manages to complete my own migration, >>>> so I don't want to build from source. Why would IMAP/S block on empty >>>> /dev/random, while IMAP+STARTTLS works? FWIW, SASL2 seems to use >>>> urandom. >>> >>> If this is really stock CentOS 5 then I think everything Cyrus related >>> should use /dev/urandom and not /dev/random. But, could it be that other >>> software you installed uses /dev/random and makes it "empty"? >> >> Most things are CentOS RPMs (thanks for those! ;), with a few from >> RPMforge. >> >>> [r...@inspector ~]# rpm -q cyrus-imapd amavisd-new clamav spamassassin >>> postfix httpd mod_ssl >>> cyrus-imapd-2.3.7-7.el5_4.3 >>> amavisd-new-2.6.4-3.el5.rf >>> clamav-0.96.4-1.el5.rf >>> spamassassin-3.3.1-3.el5.rf >>> postfix-2.3.3-2.1.el5_2 >>> httpd-2.2.3-43.el5.centos.3 >>> mod_ssl-2.2.3-43.el5.centos.3 >> >> Which still leaves me thinking my port 993 problem isn't entropy, >> because >> STARTTLS works fine. > > That's my impression from the beginning, because lack of entropy has not > been a known problem on the RHEL/CentOS configs. That's not much help of > course. > > If you already restarted master and you know it's not stuck somehow, then > the only thing I could think to check is your > /var/lib/imap/tls_sessions.db database. I don't know if a broken TLS db > could result in what you see but better check it out. Interesting. I moved tls_sessions.db aside & restarted IMAPd, and it's apparently in a new format -- perhaps the default format has changed since it was first created. But 993 is still open but not responsive. I am going to try disabling Cyrus' IMAP/SSL and swapping in stunnel, as Rob @ FastMail has suggested as a workaround. Thanks, Chris > [r...@inspector imap]# ls -l tls* > -rw--- 1 cyrus mail 8192 Nov 1 11:27 tls_sessions.db > -rw--- 1 cyrus mail 1976 Nov 1 11:27 tls_sessions.db.BAD > [r...@inspector imap]# file tls* > tls_sessions.db: Berkeley DB (Btree, version 9, native byte-order) > tls_sessions.db.BAD: Cyrus skiplist DB -- Chris Pepper:<http://cbio.mskcc.org/> <http://www.extrapepperoni.com/> Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Odd problem: IMAP/S suddenly not working, but no errors, and IMAP still works
On 11/1/10 10:41 AM, Dan White wrote: > On 31/10/10 20:51 -0400, Chris Pepper wrote: >> Alternatively, is there a way to make sure Cyrus requires STARTTLS on >> 143? I was blocking external access to it to make sure users always use >> encryption to connect, but port 143 with STARTTLS required would be an >> acceptable alternative. > > You can set 'allowplaintext: 0' to disallow plaintext logins over port 143. > That would require clients to perform a STARTTLS, or negotiate a SASL > security layer which meets your 'sasl_minimum_layer:' setting. Excellent, thanks! > allowplaintext: 0 I am leaving sasl_minimum_layer at default for now. LOGINDISABLED before STARTTLS is encouraging, but I don't know why "Authentication failed. generic failure" *after* STARTTLS. On the other hand, with "allowplaintext: 0" and after restarting cyrus-imapd, I can still get mail, so I suspect this is exactly what I wanted. Thanks, Chris > [r...@inspector ~]# imtest -u pepper -t "" localhost > S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS LOGINDISABLED > AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR] mail.reppep.com Cyrus IMAP4 > v2.3.7-Invoca-RPM-2.3.7-7.el5_4.3 server ready > C: C01 CAPABILITY > S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS LOGINDISABLED > AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS > NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT > SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE > CONDSTORE IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH > S: C01 OK Completed > C: S01 STARTTLS > S: S01 OK Begin TLS negotiation now > verify error:num=19:self signed certificate in certificate chain > TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits) > C: C01 CAPABILITY > S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN AUTH=DIGEST-MD5 > AUTH=CRAM-MD5 AUTH=LOGIN SASL-IR ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS > NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT > SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE > CONDSTORE IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH > S: C01 OK Completed > Please enter your password: > C: A01 AUTHENTICATE PLAIN > S: A01 NO authentication failure > Authentication failed. generic failure > Security strength factor: 256 -- Chris Pepper:<http://cbio.mskcc.org/> <http://www.extrapepperoni.com/> Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Odd problem: IMAP/S suddenly not working, but no errors, and IMAP still works
On 11/1/10 10:46 AM, Simon Matter wrote: >> Bron, >> >> My Cyrus is from RPM, and I am just nursing it along until my users >> finish migrating off and FastMail manages to complete my own migration, >> so I don't want to build from source. Why would IMAP/S block on empty >> /dev/random, while IMAP+STARTTLS works? FWIW, SASL2 seems to use urandom. > > If this is really stock CentOS 5 then I think everything Cyrus related > should use /dev/urandom and not /dev/random. But, could it be that other > software you installed uses /dev/random and makes it "empty"? Most things are CentOS RPMs (thanks for those! ;), with a few from RPMforge. > [r...@inspector ~]# rpm -q cyrus-imapd amavisd-new clamav spamassassin > postfix httpd mod_ssl > cyrus-imapd-2.3.7-7.el5_4.3 > amavisd-new-2.6.4-3.el5.rf > clamav-0.96.4-1.el5.rf > spamassassin-3.3.1-3.el5.rf > postfix-2.3.3-2.1.el5_2 > httpd-2.2.3-43.el5.centos.3 > mod_ssl-2.2.3-43.el5.centos.3 Which still leaves me thinking my port 993 problem isn't entropy, because STARTTLS works fine. Chris >>> [r...@inspector random]# strings /usr/lib/libsasl* |grep random >>> /dev/urandom >>> /dev/urandom >> >> >> But my /dev/random does seem quite low. Still surfing and looking for a >> good way to fill it on a mostly headless server -- I haven't found a >> good solution yet. >> >> Chris >> >>> [r...@inspector ~]# ls -l /dev/*random >>> crw-rw-rw- 1 root root 1, 8 Oct 31 02:05 /dev/random >>> cr--r--r-- 1 root root 1, 9 Oct 31 02:05 /dev/urandom >>> [r...@inspector ~]# cd /proc/sys/kernel/random >>> [r...@inspector random]# more *|cat >>> :: >>> boot_id >>> :: >>> d3724e19-7462-4224-960b-49d5d3a18d7a >>> :: >>> entropy_avail >>> :: >>> 17 >>> :: >>> poolsize >>> :: >>> 4096 >>> :: >>> read_wakeup_threshold >>> :: >>> 64 >>> :: >>> uuid >>> :: >>> a3ed2323-e04d-4034-a72a-76b5d4b697f7 >>> :: >>> write_wakeup_threshold >>> :: >>> 128 >> >> >> On 10/31/10 9:26 PM, Bron Gondwana wrote: >>> Sounds like your /dev/random is empty. You can compile with /dev/urandom >>> or add a source of entropy... >>> >>> "Chris Pepper" wrote: >>> >>>>mail.reppep.com (CentOS 5) is running cyrus-imapd-2.3.7-7.el5_4.3, >>>> along with SquirrelMail, postfix, etc. Last night, I noticed that when >>>> I >>>> sent mail from Thunderbird, it was not able to file copies in the Sent >>>> mailbox, although they did reach the recipients, so postfix was >>>> accepting mail on 587/tcp. >>>> >>>>I restarted Cyrus IMAPd but don't see any error messages in >>>> /var/log/maillog, and the cert& key look fine. SquirrelMail is fine >>>> using plain IMAP. I opened 143/tcp in the firewall, and am able to >>>> fetch >>>> mail via IMAP with STARTTLS, so it looks like the cert and key are >>>> fine. >>>> >>>>But "telnet mail.reppep.com 993" and openssl fail to get any response. >>>> Port 993 is open to the Internet, FWIW. >>>> >>>>Does anyone have any suggestions for what went wrong and/or how to >>>> fix? >>>> I'll try tcpdump next to see if it's responding at all. >>>> >>>>Alternatively, is there a way to make sure Cyrus requires STARTTLS on >>>> 143? I was blocking external access to it to make sure users always use >>>> encryption to connect, but port 143 with STARTTLS required would be an >>>> acceptable alternative. >>>> >>>> Thanks, >>>> >>>> Chris Pepper >>>> >>>>> pep...@imp:~$ !openssl >>>>> openssl s_client -connect www.reppep.com:993 >>>>> CONNECTED(0003) >>>>> 4284:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake >>>>> failure:/SourceCache/OpenSSL098/OpenSSL098-32/src/ssl/s23_lib.c:188: >>>> >>>> >>>>> [r...@inspector ~]# cat /etc/imapd.conf >>>>> admins: cyrus >>>>> altnamespace: yes >>>>> configdirectory: /var/lib/imap >>>>> duplicatesuppression: yes >>
Re: Odd problem: IMAP/S suddenly not working, but no errors, and IMAP still works
Bron, My Cyrus is from RPM, and I am just nursing it along until my users finish migrating off and FastMail manages to complete my own migration, so I don't want to build from source. Why would IMAP/S block on empty /dev/random, while IMAP+STARTTLS works? FWIW, SASL2 seems to use urandom. > [r...@inspector random]# strings /usr/lib/libsasl* |grep random > /dev/urandom > /dev/urandom But my /dev/random does seem quite low. Still surfing and looking for a good way to fill it on a mostly headless server -- I haven't found a good solution yet. Chris > [r...@inspector ~]# ls -l /dev/*random > crw-rw-rw- 1 root root 1, 8 Oct 31 02:05 /dev/random > cr--r--r-- 1 root root 1, 9 Oct 31 02:05 /dev/urandom > [r...@inspector ~]# cd /proc/sys/kernel/random > [r...@inspector random]# more *|cat > :: > boot_id > :: > d3724e19-7462-4224-960b-49d5d3a18d7a > :: > entropy_avail > :: > 17 > :: > poolsize > :: > 4096 > :: > read_wakeup_threshold > :: > 64 > :: > uuid > :: > a3ed2323-e04d-4034-a72a-76b5d4b697f7 > :: > write_wakeup_threshold > :: > 128 On 10/31/10 9:26 PM, Bron Gondwana wrote: > Sounds like your /dev/random is empty. You can compile with /dev/urandom or > add a source of entropy... > > "Chris Pepper" wrote: > >> mail.reppep.com (CentOS 5) is running cyrus-imapd-2.3.7-7.el5_4.3, >> along with SquirrelMail, postfix, etc. Last night, I noticed that when I >> sent mail from Thunderbird, it was not able to file copies in the Sent >> mailbox, although they did reach the recipients, so postfix was >> accepting mail on 587/tcp. >> >> I restarted Cyrus IMAPd but don't see any error messages in >> /var/log/maillog, and the cert& key look fine. SquirrelMail is fine >> using plain IMAP. I opened 143/tcp in the firewall, and am able to fetch >> mail via IMAP with STARTTLS, so it looks like the cert and key are fine. >> >> But "telnet mail.reppep.com 993" and openssl fail to get any response. >> Port 993 is open to the Internet, FWIW. >> >> Does anyone have any suggestions for what went wrong and/or how to fix? >> I'll try tcpdump next to see if it's responding at all. >> >> Alternatively, is there a way to make sure Cyrus requires STARTTLS on >> 143? I was blocking external access to it to make sure users always use >> encryption to connect, but port 143 with STARTTLS required would be an >> acceptable alternative. >> >> Thanks, >> >> Chris Pepper >> >>> pep...@imp:~$ !openssl >>> openssl s_client -connect www.reppep.com:993 >>> CONNECTED(0003) >>> 4284:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake >>> failure:/SourceCache/OpenSSL098/OpenSSL098-32/src/ssl/s23_lib.c:188: >> >> >>> [r...@inspector ~]# cat /etc/imapd.conf >>> admins: cyrus >>> altnamespace: yes >>> configdirectory: /var/lib/imap >>> duplicatesuppression: yes >>> hashimapspool: no >>> partition-default: /var/spool/imap >>> servername: mail.reppep.com >>> singleinstancestore: yes >>> #syslog_prefix: cyrus >>> unixhierarchysep: yes >>> >>> lmtp_downcase_rcpt: yes >>> maxmessagesize: 20971520 >>> sendmail: /usr/sbin/sendmail >>> #quotawarn: 80 >>> >>> #allowplaintext: yes >>> #allowplainwithouttls: yes >>> sasl_pwcheck_method: saslauthd >>> #imap_auth_login: yes >>> #imap_auth_cram_md5: yes >>> #imap_auth_plain: yes >>> >>> autocreateinboxfolders: Junk >>> autocreatequota: -1 >>> #autocreate_sieve_script: /etc/junk.sieve >>> autocreate_sieve_compiledscript: /etc/sieve.bc >>> autosievefolders: Junk >>> autosubscribeinboxfolders: Junk >>> createonpost: yes >>> #sievedir: /var/lib/imap/sieve >>> sieveusehomedir: true >>> >>> tls_ca_file: /etc/pki/tls/certs/mail.reppep.com.20100115.crt >>> tls_cert_file: /etc/pki/tls/certs/mail.reppep.com.20100115.crt >>> tls_key_file: /etc/pki/tls/private/mail.reppep.com.20080219.key >>> tls_cipher_list: SSLv3:TLSv1:!NULL:!EXPORT:!DES:!LOW:@STRENGTH >>> [r...@inspector ~]# ls -l /etc/pki/tls/certs/mail.reppep.com.20100115.crt >>> /etc/pki/tls/private/mail.reppep.com.20080219.key >>> -rw-r--r-- 1 root root 6466 Oct 1 17:13 >>> /etc/pki/tls/certs/mail.reppep.com.20100115.crt
Odd problem: IMAP/S suddenly not working, but no errors, and IMAP still works
mail.reppep.com (CentOS 5) is running cyrus-imapd-2.3.7-7.el5_4.3, along with SquirrelMail, postfix, etc. Last night, I noticed that when I sent mail from Thunderbird, it was not able to file copies in the Sent mailbox, although they did reach the recipients, so postfix was accepting mail on 587/tcp. I restarted Cyrus IMAPd but don't see any error messages in /var/log/maillog, and the cert & key look fine. SquirrelMail is fine using plain IMAP. I opened 143/tcp in the firewall, and am able to fetch mail via IMAP with STARTTLS, so it looks like the cert and key are fine. But "telnet mail.reppep.com 993" and openssl fail to get any response. Port 993 is open to the Internet, FWIW. Does anyone have any suggestions for what went wrong and/or how to fix? I'll try tcpdump next to see if it's responding at all. Alternatively, is there a way to make sure Cyrus requires STARTTLS on 143? I was blocking external access to it to make sure users always use encryption to connect, but port 143 with STARTTLS required would be an acceptable alternative. Thanks, Chris Pepper > pep...@imp:~$ !openssl > openssl s_client -connect www.reppep.com:993 > CONNECTED(0003) > 4284:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake > failure:/SourceCache/OpenSSL098/OpenSSL098-32/src/ssl/s23_lib.c:188: > [r...@inspector ~]# cat /etc/imapd.conf > admins: cyrus > altnamespace: yes > configdirectory: /var/lib/imap > duplicatesuppression: yes > hashimapspool: no > partition-default: /var/spool/imap > servername: mail.reppep.com > singleinstancestore: yes > #syslog_prefix: cyrus > unixhierarchysep: yes > > lmtp_downcase_rcpt: yes > maxmessagesize: 20971520 > sendmail: /usr/sbin/sendmail > #quotawarn: 80 > > #allowplaintext: yes > #allowplainwithouttls: yes > sasl_pwcheck_method: saslauthd > #imap_auth_login: yes > #imap_auth_cram_md5: yes > #imap_auth_plain: yes > > autocreateinboxfolders: Junk > autocreatequota: -1 > #autocreate_sieve_script: /etc/junk.sieve > autocreate_sieve_compiledscript: /etc/sieve.bc > autosievefolders: Junk > autosubscribeinboxfolders: Junk > createonpost: yes > #sievedir: /var/lib/imap/sieve > sieveusehomedir: true > > tls_ca_file: /etc/pki/tls/certs/mail.reppep.com.20100115.crt > tls_cert_file: /etc/pki/tls/certs/mail.reppep.com.20100115.crt > tls_key_file: /etc/pki/tls/private/mail.reppep.com.20080219.key > tls_cipher_list: SSLv3:TLSv1:!NULL:!EXPORT:!DES:!LOW:@STRENGTH > [r...@inspector ~]# ls -l /etc/pki/tls/certs/mail.reppep.com.20100115.crt > /etc/pki/tls/private/mail.reppep.com.20080219.key > -rw-r--r-- 1 root root 6466 Oct 1 17:13 > /etc/pki/tls/certs/mail.reppep.com.20100115.crt > -rw-r- 1 root mail 497 Feb 19 2008 > /etc/pki/tls/private/mail.reppep.com.20080219.key > [r...@inspector ~]# netstat -an|grep LIST|grep tcp|sort -n > tcp0 0 0.0.0.0:110 0.0.0.0:* > LISTEN > tcp0 0 0.0.0.0:111 0.0.0.0:* > LISTEN > tcp0 0 0.0.0.0:139 0.0.0.0:* > LISTEN > tcp0 0 0.0.0.0:143 0.0.0.0:* > LISTEN > tcp0 0 0.0.0.0:20000.0.0.0:* > LISTEN > tcp0 0 0.0.0.0:25 0.0.0.0:* > LISTEN > tcp0 0 0.0.0.0:33060.0.0.0:* > LISTEN > tcp0 0 0.0.0.0:445 0.0.0.0:* > LISTEN > tcp0 0 0.0.0.0:587 0.0.0.0:* > LISTEN > tcp0 0 0.0.0.0:993 0.0.0.0:* > LISTEN > tcp0 0 0.0.0.0:995 0.0.0.0:* > LISTEN > tcp0 0 10.0.104.200:53 0.0.0.0:* > LISTEN > tcp0 0 :::110 :::* > LISTEN > tcp0 0 127.0.0.1:10024 0.0.0.0:* > LISTEN > tcp0 0 127.0.0.1:10025 0.0.0.0:* > LISTEN > tcp0 0 127.0.0.1:530.0.0.0:* > LISTEN > tcp0 0 127.0.0.1:953 0.0.0.0:* > LISTEN > tcp0 0 :::143 :::* > LISTEN > tcp0 0 ::1:953 :::* > LISTEN > tcp0 0 :::2000 :::* > LISTEN > tcp0 0 :::22 :::*
Re: IMAP not seeing old mail present on filesystem
Thanks, all, for the generous help. Bron asked about output from reconstruct, which never provided any. It turns out that I was using the wrong delimiters (., per chk_cyrus output, rather than /), and reconstruct wasn't even trying. It looks like all the missing mail is accessible again. Thanks again! Chris -- Chris Pepper:<http://cbio.mskcc.org/> <http://www.extrapepperoni.com/> Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: IMAP not seeing old mail present on filesystem
On 10/4/10 11:36 AM, Bron Gondwana wrote: > On Mon, Oct 04, 2010 at 11:17:59AM -0400, Chris Pepper wrote: >> On 10/4/10 10:23 AM, Patrick Goetz wrote: >>> I wasn't clear about whether the old install was completely gone or >>> could still be booted. If you can still start cyrus on the old server, >>> you could try imapsync to transfer mail to the new one. >> >> Old system is not bootable, unfortunately. >> >> FYI: I have 943 directories& 298,409 mail files, >> so manually fixing things isn't feasible. > ^^ > > Well, of course not. It there were 5 directories and 20 mail > files I wouldn't consider doing it manually - I'd write a script > to automate it and then sit back and drink coffee. Manually is > how you do the first one to find out how it's done. > > And then the second one to make sure the process you settled on > after stack of trial and error is repeatable. Maybe a third one > if you screwed up number 2. > > After that, you automate the process you've decided on and let > the rest happen automatically. It always amazes me to see > admins repeating themselves manually over and over for a > frequent task. > > I'd love to see the output of your reconstruct command (including > syslog with the logging level turned up) to see why it's not > finding the files. And maybe an 'ls -la' of one of the imap > directories with this issue as well. I'm away on a "team building" > exercise for the next couple of days Oslo time - but I can certainly > look at it afterwards. I've been travelling (from Australia) which > is why I haven't been looking in on this earlier... it's a strange > set of symptoms. > > If you have a small folder that you don't mind sharing, a tar.gz of > the entire folder contents (including the metadata files) would be > fantastic, because then I could check the contents of the .index > and .cache files as well - and maybe even try a reconstruct on a > testbed here. > > But file permissions are the most interesting - I'm wondering if > reconstruct is unable to read the directory correctly or unable > to read the old files. Bron, Unfortunately I don't know how to write a script to do this. The old system was CentOS 5/x64, just like the new system. I believe it had the same cyrus-imapd & db4 RPMs, as I had patched a few weeks ago, but I cannot confirm. I will send you a tarball of this directory directly. I will try "reconstruct -rfx" with debug logging enabled in syslog tonight. Thanks, Chris > [r...@inspector ~]# ls -ltr /var/spool/imap/user/julia/ > total 1756 > -rw--- 1 cyrus mail 2931 May 20 12:56 158. > -rw--- 1 cyrus mail 2052 Jun 21 08:33 159. > -rw--- 1 cyrus mail 1536 Aug 11 17:15 162. > -rw--- 1 cyrus mail 2221 Aug 13 08:15 163. > -rw--- 1 cyrus mail 413395 Aug 14 18:40 164. > -rw--- 1 cyrus mail 79756 Aug 21 13:57 165. > -rw--- 1 cyrus mail 296759 Aug 22 15:18 166. > -rw--- 1 cyrus mail 156064 Sep 4 09:43 167. > -rw--- 1 cyrus mail 75003 Sep 4 10:06 168. > -rw--- 1 cyrus mail 164035 Sep 6 09:51 169. > -rw--- 1 cyrus mail 156853 Sep 7 12:24 170. > -rw--- 1 cyrus mail 340068 Sep 16 17:44 171. > drwx-- 2 cyrus mail 4096 Oct 1 21:31 Junk > drwx-- 2 cyrus mail 4096 Oct 2 23:40 Drafts > drwx-- 2 cyrus mail 4096 Oct 2 23:40 Sent > drwx-- 2 cyrus mail 4096 Oct 2 23:40 Apple Mail To Do > drwx-- 2 cyrus mail 4096 Oct 2 23:40 Deleted Messages > -rw--- 1 cyrus mail 1148 Oct 2 23:44 1. > drwx-- 2 cyrus mail 4096 Oct 3 00:09 Trash > drwx-- 2 cyrus mail 4096 Oct 3 13:16 Sent Messages > -rw--- 1 cyrus mail179 Oct 3 13:39 cyrus.header > -rw--- 1 cyrus mail176 Oct 4 09:04 cyrus.index > -rw--- 1 cyrus mail640 Oct 4 09:04 cyrus.cache -- Chris Pepper:<http://cbio.mskcc.org/> <http://www.extrapepperoni.com/> Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: IMAP not seeing old mail present on filesystem
On 10/4/10 10:23 AM, Patrick Goetz wrote: > On 10/04/2010 08:37 AM, Chris Pepper wrote: >> >> No, users see the folders, just not old messages. For most (all?) >> INBOXes but my own, new messages started arriving as 1. and continued >> from there. Users can see the new mail, but not the old. This makes me >> think it's not an internal permissions problem, because they see the >> mailboxes and (some) mail in them. All file permissions I checked appear >> correct >> >> "reconstruct -rfx" doesn't help. Is there anything else to try? >> > > > I wasn't clear about whether the old install was completely gone or > could still be booted. If you can still start cyrus on the old server, > you could try imapsync to transfer mail to the new one. Old system is not bootable, unfortunately. FYI: I have 943 directories & 298,409 mail files, so manually fixing things isn't feasible. Thanks for all the suggestions! Chris -- Chris Pepper:<http://cbio.mskcc.org/> <http://www.extrapepperoni.com/> Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: IMAP not seeing old mail present on filesystem
Simon, I did recover /var/lib/imap (although a bit later, FWIW) and /etc/imapd.conf. I just now compared /etc/cyrus.conf and added squatter & adjusted prefork numbers -- the rest all matched. Is there other configuration I should check? Both systems are 64-bit CentOS 5, so the db4 installations should be fully compatible. Thanks, Chris On 10/4/10 8:36 AM, Simon Matter wrote: >> All, >> >> I have run a small mail service based on Cyrus IMAP for a few >> years. The (CentOS 5) server I've used for the past couple years failed >> last week. I brought up a new CentOS 5 system on a new Linux server, >> installed cyrus-imapd-2.3.7-7.el5_4.3, mounted the old /var disk >> (actually one of 2 mdadm submirrors), and copied /var/spool/imap over to >> the new /var FS. It's running CentOS' cyrus-imapd-2.3.7-7.el5_4.3 RPM. > > Did you also recover /var/lib/imap from the old server and make sure the > configs are the same? > > Simon > >> >> Unfortunately, for many users (all but me?), mail clients (at least >> Apple's Mail.app and SquirrelMail) don't show any messages from before >> the migration in INBOX. When I grope around in /var/spool/imap/user, I >> see the old message (with high numbers) and the new messages (starting a >> new sequence from 1). >> >> I know there are last-message counters in the cyrus.* files, so >> would resetting those have caused IMAP to start storing new messages >> from 1. and vanish the old ones? I don't know how those could have been >> cleared for at least 6 users simultaneously. Presumably it happened for >> all, and I just fixed it for myself somehow. >> >> More importantly, I don't know how to make the old messages >> accessible to my users via IMAP (I can give them the files, but that's >> quite awkward). chk_cyrus agrees with IMAP clients about message counts >> (very low). I have tried reconstruct with various combinations of >> "-rfx", and "quota -f", but not found any way to make it show the old >> messages. >> >> Any suggestions? Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: IMAP not seeing old mail present on filesystem
On 10/4/10 1:12 AM, Patrick Goetz wrote: > On 10/3/2010 6:57 AM, Chris Pepper wrote: >> >>More importantly, I don't know how to make the old messages >> accessible to my users via IMAP (I can give them the files, but that's >> quite awkward). chk_cyrus agrees with IMAP clients about message counts >> (very low). I have tried reconstruct with various combinations of >> "-rfx", and "quota -f", but not found any way to make it show the old >> messages. >> >> Any suggestions? >> > > You probably need to run cyrreconstruct on each user mailbox. On my system it's /usr/lib/cyrus-imapd/reconstruct, and I have. No joy, alas. Chris Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: IMAP not seeing old mail present on filesystem
On 10/4/10 9:17 AM, Simon Matter wrote: >> Simon, >> >> I did recover /var/lib/imap (although a bit later, FWIW) and > > I think "a bit later" is your problem. But I think reconstruct should fix > this. > BTW, did you check the subscription status of mailboxes? Maybe the folders > are there but not subscribed, and that's why some users can't see them? Simon, No, users see the folders, just not old messages. For most (all?) INBOXes but my own, new messages started arriving as 1. and continued from there. Users can see the new mail, but not the old. This makes me think it's not an internal permissions problem, because they see the mailboxes and (some) mail in them. All file permissions I checked appear correct "reconstruct -rfx" doesn't help. Is there anything else to try? Thanks, Chris >> /etc/imapd.conf. I just now compared /etc/cyrus.conf and added squatter >> & adjusted prefork numbers -- the rest all matched. >> >> Is there other configuration I should check? Both systems are 64-bit >> CentOS 5, so the db4 installations should be fully compatible. > > If both the old and the new system are basically the same I don't think > there is anything missing. > > Simon > >> >> Thanks, >> >> Chris >> >> On 10/4/10 8:36 AM, Simon Matter wrote: >>>> All, >>>> >>>>I have run a small mail service based on Cyrus IMAP for a few >>>> years. The (CentOS 5) server I've used for the past couple years failed >>>> last week. I brought up a new CentOS 5 system on a new Linux server, >>>> installed cyrus-imapd-2.3.7-7.el5_4.3, mounted the old /var disk >>>> (actually one of 2 mdadm submirrors), and copied /var/spool/imap over >>>> to >>>> the new /var FS. It's running CentOS' cyrus-imapd-2.3.7-7.el5_4.3 RPM. >>> >>> Did you also recover /var/lib/imap from the old server and make sure the >>> configs are the same? >>> >>> Simon >>> >>>> >>>>Unfortunately, for many users (all but me?), mail clients (at >>>> least >>>> Apple's Mail.app and SquirrelMail) don't show any messages from before >>>> the migration in INBOX. When I grope around in /var/spool/imap/user, I >>>> see the old message (with high numbers) and the new messages (starting >>>> a >>>> new sequence from 1). >>>> >>>>I know there are last-message counters in the cyrus.* files, so >>>> would resetting those have caused IMAP to start storing new messages >>>> from 1. and vanish the old ones? I don't know how those could have been >>>> cleared for at least 6 users simultaneously. Presumably it happened for >>>> all, and I just fixed it for myself somehow. >>>> >>>>More importantly, I don't know how to make the old messages >>>> accessible to my users via IMAP (I can give them the files, but that's >>>> quite awkward). chk_cyrus agrees with IMAP clients about message counts >>>> (very low). I have tried reconstruct with various combinations of >>>> "-rfx", and "quota -f", but not found any way to make it show the old >>>> messages. >>>> >>>> Any suggestions? >> > > Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
IMAP not seeing old mail present on filesystem
All, I have run a small mail service based on Cyrus IMAP for a few years. The (CentOS 5) server I've used for the past couple years failed last week. I brought up a new CentOS 5 system on a new Linux server, installed cyrus-imapd-2.3.7-7.el5_4.3, mounted the old /var disk (actually one of 2 mdadm submirrors), and copied /var/spool/imap over to the new /var FS. It's running CentOS' cyrus-imapd-2.3.7-7.el5_4.3 RPM. Unfortunately, for many users (all but me?), mail clients (at least Apple's Mail.app and SquirrelMail) don't show any messages from before the migration in INBOX. When I grope around in /var/spool/imap/user, I see the old message (with high numbers) and the new messages (starting a new sequence from 1). I know there are last-message counters in the cyrus.* files, so would resetting those have caused IMAP to start storing new messages from 1. and vanish the old ones? I don't know how those could have been cleared for at least 6 users simultaneously. Presumably it happened for all, and I just fixed it for myself somehow. More importantly, I don't know how to make the old messages accessible to my users via IMAP (I can give them the files, but that's quite awkward). chk_cyrus agrees with IMAP clients about message counts (very low). I have tried reconstruct with various combinations of "-rfx", and "quota -f", but not found any way to make it show the old messages. Any suggestions? Thanks, Chris Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Proxyd connecting to backend on 143, not 993
Matt, Thanks for the confirmation! I figured this out earlier this afternoon, and should've posted the solution. The answer was masked because I had specified LOGIN as a mechanism, and not PLAIN, so that when the backend_connect happened, I got a SIGSEV. Regards, Chris On Oct 1, 2010, at 9:31 PM, Matt Selsky wrote: > On Thu, 30 Sep 2010, Chris Riggins wrote: > >> I'm running Cyrus IMAP 2.3.16, trying to get a murder working, but the >> "proxyd -s" daemon on the frontend isn't connecting to my >> backend on the secure port. How does one make that happen? An strace on >> the proxyd process shows that it never even attempts the IMAPS >> connection. > > Your backends should be listening on port 143. proxyd is meant to listen on > 143 and 993 and forward connections to the backends on 143. proxyd will use > TLS to secure the connection. > > > -- > Matt Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Proxyd connecting to backend on 143, not 993
All: I'm running Cyrus IMAP 2.3.16, trying to get a murder working, but the "proxyd -s" daemon on the frontend isn't connecting to my backend on the secure port. How does one make that happen? An strace on the proxyd process shows that it never even attempts the IMAPS connection. Here's the frontend imapd.conf: configdirectory: /apps/imap/conf partition-default: /var/spool/imap admins: cyrus mupdate_admins: murder proxyservers: murder proxy_authname: murder proxy_password: ** woodward_password: ** woodward_mechs: LOGIN lmtpproxy_username: murder lmtpproxy_authname: murder lmtpproxy_password: ** mupdate_server: front.company.com mupdate_username: murder mupdate_authname: murder mupdate_password: ** sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: saslauthd sasl_mech_list: LOGIN tls_cipher_list: TLSv1:SSLv2:SSLv3:!NULL:!EXPORT:!DES:!LOW:@STRENGTH tls_cert_file: /apps/var/imap/front.pem tls_key_file: /apps/var/imap/front.pem tls_ca_file: /apps/var/imap/myca.crt and here's the backend imapd.conf: configdirectory: /apps/var/lib/imap partition-default: /apps/var/spool/imap admins: cyrus mupdate_admins: murder proxyservers: murder lmtp_admins: murder mupdate_server: backend.company.com mupdate_username: murder mupdate_authname: murder mupdate_password: ** sievedir: /apps/var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: saslauthd sasl_mech_list: LOGIN tls_cipher_list: TLSv1:SSLv3:SSLv2:!NULL:!EXPORT:!DES:!LOW:@STRENGTH tls_cert_file: /apps/var/imap/back.pem tls_key_file: /apps/var/imap/back.pem tls_ca_file: /apps/var/imap/myca.crt Regards, Chris Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Fwd: Docs for Cyrus/GFS?
Jens-- Thanks for your help! I've been able to get Cyrus IMAP running now with a shared backend, and my tests thus far indicate that it's working dandy. It looks like most of the "important" databases are already skiplists; the only ones that defaulted to BDB were the duplicate, tlscache, and ptscache databases. What, if anything, do I need to do special when converting my data over? I'll not be changing Cyrus versions; will it "just work" to move all of my current data, or will I need to convert databases/reconstruct/etc.? Thanks again! Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University On Mon, 8 Sep 2008, Jens Hoffrichter wrote: > There I told him to write to the list, and I just clicked the wrong > reply button myself ;) > > Sorry for that. > > > -- Forwarded message -- > From: Jens Hoffrichter <[EMAIL PROTECTED]> > Date: 2008/9/8 > Subject: Re: Docs for Cyrus/GFS? > To: "Chris St. Pierre" <[EMAIL PROTECTED]> > > > Hi Chris, > > 2008/9/8 Chris St. Pierre <[EMAIL PROTECTED]>: > >> I'm looking for any good documentation on using Cyrus IMAP with shared >> storage (in our case, GFS). Thus far, all I've been able to turn up >> is a few snippets on mailing lists and in the wiki, but nothing really >> comprehensive. Any pointers? Thanks! > There is no real documentation up to now, I think, but I'm in the > process of implementing a quite big mail system on top of a GFS, so if > you have any specific questions, just ask here on the list or me > directly, though on the list would probably be better, to share the > answers. > > Just some hints for things I stumbled upon up to now: > > I suppose you meta directory will be shared, so you need to separate > out some directories between the single nodes, where each node can put > its own files. Directories coming to my mind are "proc" and "backup". > There are probably some more, but I have no access to the machine > right now to check it. For the separation there I used the named > symlinks from GFS, which worked quite fine. > > The other thing is: Make ABSOLUTELY sure that you turn off anything > related to bdb during compile (you probably need to compile your own > cyrus anyway, we are using the incova sources here), as berkeley db > just doesn't work on top of GFS. Or, at least not in a cyrus context. > And it isn't sufficient to just use skiplist in the config file, you > definitely need to switch off compiling bdb support. > > The reason for this is that even if you don't have any bdbs > configured, cyrus will still initialize some sort of bdb environment > in your meta directory, and if on another sort the same thing is > happening during the same time, it will try to sleep on a mutex, > waiting for the release of the mutex. Yet, the callback to wake up > never comes when using GFS, so your process will hang indefinitely. > That one took us at least 3 weeks to figure out ;) > > Besides from those little things, cyrus works on top of the GFS just > fine, you probably need to tweak some tuning parameters, but I don't > remember them right now, if you need them, I can look them up for you. > > The performance is nothing to brag about, though, cyrus and GFS just > don't play that well together. But I got the performance I needed > (around 15 logins per second with three nodes using a loadbalancer), > which is sufficient for our needs. The added reliability is nice, > though, as you can turn off one node, and the whole thing still works. > > I don't know if you have any experience using RedHat Cluster, but be > absolutely sure to understand about fencing and quorum of the cluster > before you start any configuration. Cluster software is by no means > really easy to use, IMO, and everything you do needs some extra > thinking if you are just used working with single nodes normally :) > > Just try your luck, and if you have any questions, just ask. > > Jens > > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Docs for Cyrus/GFS?
I'm looking for any good documentation on using Cyrus IMAP with shared storage (in our case, GFS). Thus far, all I've been able to turn up is a few snippets on mailing lists and in the wiki, but nothing really comprehensive. Any pointers? Thanks! Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus Murder or IMAP proxy.
On Mon, 28 Jul 2008, UnlimitedMail.net - Carles Xavier Munyoz Baldó wrote: Then, for a production system, should I use an IMAP proxy solution instead of Cyrus Murder? Is there anyone using Cyrus Murder in a hevay loaded production e-mail system? May you recomend me an IMAP proxy? What I'm losing if I use an IMAP proxy instead of Cyrus Murder? Cyrus Murder gives you the ability to share folders across backends. In other words, if Alice has a mailbox on imap-1.example.com and Bob has a mailbox on imap-2.example.com, they _can_ share folders if you run Cyrus Murder, but they _can't_ if you use multiple backends with a proxy. Unless you have a serious need for mailbox sharing, Murder isn't worth it, IMHO. It takes a LOT of hardware to be really fault-tolerant, and has all of the other caveats you posted. Perdition is the IMAP proxy usually used for this application. Another possibility is running multiple IMAP servers connected to common storage -- i.e., a SAN. Then users can share mailboxes, since every user is on every server, but you don't introduce the complexity of Murder. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Return-Path in Sieve Scripts
On Fri, 16 May 2008, Nikolaus Rath wrote: > Hello, > > I am delivering mail to cyrus from exim using lmtpd. > > Apparently lmtpd adds the Return-Path header only after the sieve > scripts have been processed, because in the scripts I cannot match this > header. This was fixed back in 2.2. See <http://bugzilla.andrew.cmu.edu/show_bug.cgi?id=2202>. What release are you running? -Chris Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Plaintext only for loopback?
Jorey Bump wrote:
> Chris Pepper wrote, at 01/13/2008 01:59 AM:
>
>> I want to allow plaintext auth only for SquirrelMail (running on
>> the Cyrus IMAPd server), and require encrypted authentication over all
>> physical network connections.
>
> Why do you want plaintext auth only for SquirrelMail? It supports TLS,
> alternate ports, CRAM-MD5, and DIGEST-MD5. For example, My Squirrelmail
> is set up to use LOGIN/TLS on port 993 (settings inherited from a
> historical setup, I can also support the other options). Are you trying
> to avoid the overhead of TLS?
Arrgh! SquirrelMail offers plain, cram-md5, and digest-md5, and only
plain appears to work against /etc/shadow. I don't want the overhead of
running TLS over loopback, so I think I will have to do without forcing
secure auth for non-SSL IMAP/POP, and use the firewall to prevent
Internet users from connecting over the Internet w/o SSL (so I don't
have to worry about them unwisely using PLAIN or LOGIN over plaintext
connection).
Pity. It would be nice to have the option of doing IMAP on the IMAP
port without worrying about unencrypted plaintext auth.
Thanks,
Chris
PS-Bron, I don't want to deal with multiple instances, and I don't need
too, since I can firewall IMAP (non-SSL) and only let SquirrelMail
connect to port 143. I'm not looking forward to the SpamAssassin/ClamAV
sandwich on the SMTP side.
--
Chris Pepper:<http://www.reppep.com/~pepper/>
<http://www.extrapepperoni.com/>
The Rockefeller University: <http://www.rockefeller.edu/>
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Plaintext only for loopback?
Hello,
I want to allow plaintext auth only for SquirrelMail (running on the
Cyrus IMAPd server), and require encrypted authentication over all
physical network connections. I see several options governing plaintext
auth in the documentation for imap.conf:
> allowplaintext: 1
> Allow the use of cleartext passwords on the wire.
> plaintextloginpause: 0
> Number of seconds to pause after a successful plaintext login. For systems
> that support strong authentication, this permits users to perceive a cost of
> using plaintext passwords. (This does not affect the use of PLAIN in SASL
> authentications.)
> plaintextloginalert:
> Message to send to client after a successful plaintext login.
In addition, my Invoca 2.3.7 RPM includes:
> allowplainwithouttls: 0
> Allow plain login mechanism without an encrypted connection.
So I'm left wondering: a) if there is a way to do this that I'm not
getting (perhaps "on the wire" is more subtle than my simplistic
reading), and b) if not, what's the best way to request/suggest this as
an enhancement. Should I just open a bug in Bugzilla, or is there a
better way?
Thanks,
Chris Pepper
--
Chris Pepper:<http://www.reppep.com/~pepper/>
<http://www.extrapepperoni.com/>
The Rockefeller University: <http://www.rockefeller.edu/>
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Migration: INBOX^Trash & friends
> I have 'www', a Mac OS X 10.4 Server system, running Apple's build of > Cyrus, and want to move my mail over to 'pe', a CentOS 5.1 system running > CentOS 5.1's cyrus-imapd-2.3.7-1.1.el5.rpm (derived from Simon Matter's > Invoca RPM). I would very much like to rsync the mail over and (when ready) > change the hostnames and have email clients not notice the difference. In > particular, if Eudora decides the mailbox layout has changed, it will reysnc > all mail and lose much of its status information, so I want to avoid this if > possible. > > I'm getting hung up on a directory naming discrepancy I don't understand. > Any guidance on where the discrepancy originates will be much appreciated. > So what causes the discrepancy? I don't know if there's a configuration > setting I missed, or a compilation option that Apple changed, but I have > verified that both systems have "altnamespace: yes" and "unixhierarchysep: > yes". For the record, it wasn't Cyrus IMAPd at all. SquirrelMail (which I was using to check Cyrus functionality) was recreating the undesired folders whenever I accessed the account. I tweaked the defaults (including manually overriding the default Cyrus delimiter) and now all looks right. Sorry for the noise. Chris Pepper -- Chris Pepper:<http://www.reppep.com/~pepper/> <http://www.extrapepperoni.com/> The Rockefeller University: <http://www.rockefeller.edu/> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Migration: INBOX^Trash & friends
I have 'www', a Mac OS X 10.4 Server system, running Apple's build of
Cyrus, and want to move my mail over to 'pe', a CentOS 5.1 system
running CentOS 5.1's cyrus-imapd-2.3.7-1.1.el5.rpm (derived from Simon
Matter's Invoca RPM). I would very much like to rsync the mail over and
(when ready) change the hostnames and have email clients not notice the
difference. In particular, if Eudora decides the mailbox layout has
changed, it will reysnc all mail and lose much of its status
information, so I want to avoid this if possible.
I'm getting hung up on a directory naming discrepancy I don't
understand. Any guidance on where the discrepancy originates will be
much appreciated.
On the Mac, pepper's top-level directory structure looks like this
(folders, not files):
> www:~ root# ls -d /var/spool/imap/user/pepper/*/
> /var/spool/imap/user/pepper/Deleted Messages/
> /var/spool/imap/user/pepper/Drafts/
> /var/spool/imap/user/pepper/JUNK.20061225/
> /var/spool/imap/user/pepper/Junk/
> /var/spool/imap/user/pepper/Sent Messages/
> /var/spool/imap/user/pepper/Sent/
> /var/spool/imap/user/pepper/Trash/
> /var/spool/imap/user/pepper/bulk/
> /var/spool/imap/user/pepper/company-archive/
> /var/spool/imap/user/pepper/company/
> /var/spool/imap/user/pepper/debevoise/
> /var/spool/imap/user/pepper/debevoise2/
> /var/spool/imap/user/pepper/frb/
> /var/spool/imap/user/pepper/goldman-sachs/
> /var/spool/imap/user/pepper/hh2005/
> /var/spool/imap/user/pepper/hh2006/
> /var/spool/imap/user/pepper/hh2007/
> /var/spool/imap/user/pepper/hts^20060328^txt/
> /var/spool/imap/user/pepper/info-mac/
> /var/spool/imap/user/pepper/keepers-archive/
> /var/spool/imap/user/pepper/list-archive/
> /var/spool/imap/user/pepper/list/
> /var/spool/imap/user/pepper/macworld-expo/
> /var/spool/imap/user/pepper/mail/
> /var/spool/imap/user/pepper/misc/
> /var/spool/imap/user/pepper/people-archive/
> /var/spool/imap/user/pepper/people/
> /var/spool/imap/user/pepper/pepper^development/
> /var/spool/imap/user/pepper/reppep/
> /var/spool/imap/user/pepper/reppep^com/
> /var/spool/imap/user/pepper/ru-archive/
> /var/spool/imap/user/pepper/ru/
> /var/spool/imap/user/pepper/scratch/
> /var/spool/imap/user/pepper/tidbits-archive/
> /var/spool/imap/user/pepper/tidbits/
> /var/spool/imap/user/pepper/writing/
On the Linux system, pepper's top-level directory structure looks like
this:
> [EMAIL PROTECTED] imap]# ls -l /var/spool/imap/user/pepper/
> total 40
> -rw--- 1 cyrus mail4 Jan 5 17:37 cyrus.cache
> -rw--- 1 cyrus mail 154 Jan 5 17:36 cyrus.header
> -rw--- 1 cyrus mail 96 Jan 5 17:37 cyrus.index
> drwx-- 2 cyrus mail 4096 Jan 5 17:36 Drafts
> drwx-- 2 cyrus mail 4096 Jan 5 17:36 hh2007
> drwx-- 2 cyrus mail 4096 Jan 5 17:36 INBOX^Drafts
> drwx-- 2 cyrus mail 4096 Jan 5 17:36 INBOX^Sent
> drwx-- 2 cyrus mail 4096 Jan 5 17:36 INBOX^Trash
> drwx-- 2 cyrus mail 4096 Jan 5 17:36 Sent
> drwx-- 2 cyrus mail 4096 Jan 5 17:36 Trash
I have Cyrus set to auto-create "Trash | Sent | Junk", and that's
working, but I don't understand why they are prefixed by "INBOX^". I
tried renaming the folders to simply 'Drafts', 'Sent', and 'Trash' and
reconstructing, and imapd re-created the INBOX^* files to match the
contents of mailboxes.db.
So what causes the discrepancy? I don't know if there's a configuration
setting I missed, or a compilation option that Apple changed, but I have
verified that both systems have "altnamespace: yes" and
"unixhierarchysep: yes".
Thanks,
Chris Pepper
PS-I'm sorry if this is a FAQ. I've read all the docs I could find under
<http://cyrusimap.web.cmu.edu/imapd/>, and Google doesn't ignores '^',
so I'm having no luck at tracking this down.
--
Chris Pepper:<http://www.reppep.com/~pepper/>
<http://www.extrapepperoni.com/>
The Rockefeller University: <http://www.rockefeller.edu/>
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Plugging into the imap system
On Sat, 22 Dec 2007, Dale Ghent wrote:
> On Dec 21, 2007, at 12:03 PM, Mike Eggleston wrote:
>
>> There is some system (on freshmeat?) that has a special folder in IMAP
>> for storing calendar events. The program uses the IMAP defined protocol
>> though.
>
> FWIW, Exchange also exposes all calendar entries (with .ics files),
> journals, to-dos, and anything else in their own folders. I find it
> handy since exchange is what I'm stuck with at my new place of
> employment :( and I "sync" to iCal on my mac by dragging the ics files
> out of the exchange Calendar folder and into iCal.
>
> Any calendaring system worth its salt should be CalDAV underneath. Then
> the world would be all shiny and pretty and stuff, or at last more so.
I was planning on trying to find some time to look at the code and read
some RFCs before I brought this up, but has anybody thought about hooking
a native CalDAV interface into Cyrus?
Admittedly, I haven't put any real thought into it so far, other than that
it would be incredibly useful. I'm thinking a native CalDAV interface for
remote clients ("calendard"), message processing via LMTP to inject ics
attachments through a calendar extension to SIEVE, calendar data exported
via CalDAV or via imap through an alternate mailbox (calendar/username
being the default calendar / INBOX equivalent,
calendar/username/calendarname for alternate calendars).
-Chris
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: syslog-ng
On Saturday 20 October 2007, Anders Norrbring wrote: > So, I went to the SUSE sources and looked it up.. Seems like they > compile with --with-syslogfacility=DAEMON.. > I have no idea what that makes Cyrus do, I tried Google to find some > answers, but came up empty handed. You can filter on the DAEMON facility (instead of 'local6' as in my case). If there are other apps that use the DAEMON facility then you'll have to break it down further, using program names etc. Look at the log entries you now have and determine what you can filter by, ie: program names of: 'lmtpunix', 'ctl_cyrusdb', and 'master', if others use those as well you may need a second level filter with a match statement. -- Chris Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: syslog-ng
On Friday 19 October 2007, Anders Norrbring wrote:
> Hi, I need help setting up Cyrus and syslog-ng to have all the Cyrus
> logs in their own files.
>
> It seems like I just cannot get it right, no matter how I try.
> So, I'd be grateful for setup info on syslog-ng to accomplish this.
My distro sets up cyrus to use the local6 facility for logging. I use the
following lines in my syslog-ng.conf (in their proper sections):
===
destination d_local6 { file("/var/log/mail/imapd.log"); };
filter f_local6 { facility(local6); };
log { source(src); filter(f_local6); destination(d_local6); flags(final); };
===
Works just fine. I put all of my mail logs in a separate directory
(/var/log/mail/).
Note - you may have to "touch" the destination file to create it.
--
Chris
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: syslog-ng
On Friday 19 October 2007, Chris Smith wrote:
> On Friday 19 October 2007, Anders Norrbring wrote:
> > Hi, I need help setting up Cyrus and syslog-ng to have all the Cyrus
> > logs in their own files.
> >
> > It seems like I just cannot get it right, no matter how I try.
> > So, I'd be grateful for setup info on syslog-ng to accomplish this.
>
> My distro sets up cyrus to use the local6 facility for logging. I use the
> following lines in my syslog-ng.conf (in their proper sections):
> ===
> destination d_local6 { file("/var/log/mail/imapd.log"); };
> filter f_local6 { facility(local6); };
> log { source(src); filter(f_local6); destination(d_local6); flags(final);
> }; ===
>
> Works just fine. I put all of my mail logs in a separate directory
> (/var/log/mail/).
> Note - you may have to "touch" the destination file to create it.
Just adding that, as Baltasar stated, some programs may use the same facility
and if this is the case you can probably filter on program name (or match, or
program name and match, etc.). Some that I filter this way are:
=
filter f_cupsd { program(cupsd); };
filter f_dhcpd { program(dhcpd); };
filter f_slapd { program(slapd); };
filter f_rsync { program(rsync); };
=====
Normally if the facility is unique I use it for the filter.
--
Chris
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve, Postfix and exec() sendmail
Oppps. Meant to say it did NOT resolve the issue. On 9/28/07, Chris U <[EMAIL PROTECTED]> wrote: > # chmod 755 /var/spool/imap/stage./ did resolve the issue. > > On 9/27/07, Alain Spineux <[EMAIL PROTECTED]> wrote: > > On 9/28/07, Chris U <[EMAIL PROTECTED]> wrote: > > > Hi Alain, > > > > > > I am running RHEL5; I used prebuilt rpms from RedHat. I did not change > > > anything recently. Postfix is not running in chroot. > > > > > > [EMAIL PROTECTED] ~]# ls -ld /var/spool/imap/stage./ > > > drwx-- 2 cyrus mail 4096 Sep 27 10:04 /var/spool/imap/stage./ > > > [EMAIL PROTECTED] ~]# > > > > could you try a > > # chmod 755 /var/spool/imap/stage./ > > > > > > > > > > > > Chris > > > > > > On 9/27/07, Alain Spineux <[EMAIL PROTECTED]> wrote: > > > > Did you change something recently ? > > > > Is postfix running chrooted ? > > > > > > > > what about > > > > # ls -ld /var/spool/imap/stage./ > > > > ? > > > > > > > > Regards > > > > > > > > Alain > > > > > > > > On 9/27/07, Chris U <[EMAIL PROTECTED]> wrote: > > > > > Hi, > > > > > > > > > > I've done some searching on the list about issues with Sieve > > > > > performing rejects, redirects, and vacations using the binary > > > > > sendmail. Below are some links from cyrus mailing lists. > > > > > > > > > > Link: http://tinyurl.com/2mkp5n > > > > > Link: http://tinyurl.com/2rylzs > > > > > Link: http://tinyurl.com/2k2stg > > > > > > > > > > Any help would be greatly appreciated! > > > > > > > > > > Scenario: User1 has a sieve script that keeps a copy of the received > > > > > message and forwards mail to User2. > > > > > > > > > > Problem: FATAL: couldn't exec() sendmail > > > > > > > > > > Outcome: User2 mail not delivered. 100% CPU usage. Any further > > > > > received mail is stalled in postfix queue and not delivered to > > > > > mailbox. > > > > > > > > > > Imapd.conf > > > > > configdirectory: /var/lib/imap > > > > > partition-default: /var/spool/imap > > > > > admins: cyrus > > > > > sievedir: /var/lib/imap/sieve > > > > > sendmail: /usr/sbin/sendmail > > > > > hashimapspool: true > > > > > sasl_pwcheck_method: saslauthd > > > > > sasl_mech_list: PLAIN > > > > > tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem > > > > > tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem > > > > > tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt > > > > > lmtp_downcase_rcpt: yes > > > > > sieve_maxscriptsize: 32 > > > > > > > > > > [EMAIL PROTECTED] ls -al sendmail > > > > > -rwxr-xr-x 1 root root 201784 Sep 1 2006 /usr/sbin/sendmail > > > > > > > > > > Logs > > > > > > > > > > Sep 27 09:52:22 kane postfix/smtpd[8597]: connect from > > > > > unknown[10.100.10.160] > > > > > Sep 27 09:52:31 kane postfix/smtpd[8597]: 147C030E81BB: > > > > > client=unknown[10.100.10.160] > > > > > Sep 27 09:52:35 kane postfix/smtpd[8597]: C8DB930E81BB: > > > > > client=unknown[10.100.10.160] > > > > > Sep 27 09:52:35 kane postfix/cleanup[8600]: C8DB930E81BB: > > > > > message-id=<[EMAIL PROTECTED]> > > > > > Sep 27 09:52:35 kane postfix/qmgr[6988]: C8DB930E81BB: > > > > > from=<[EMAIL PROTECTED]>, size=346, nrcpt=1 (queue active) > > > > > Sep 27 09:52:35 kane lmtpunix[8603]: accepted connection > > > > > Sep 27 09:52:35 kane lmtpunix[8603]: lmtp connection preauth'd as > > > > > postman > > > > > Sep 27 09:52:35 kane master[8629]: about to exec > > > > > /usr/lib/cyrus-imapd/lmtpd > > > > > Sep 27 09:52:35 kane lmtpunix[8629]: executed > > > > > Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: > > > > > <[EMAIL PROTECTED]> user.user1 0 > > > > > Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: > > > > > <[EMAIL PROTECTED]> user.user1 0 > > > > > Sep 27 09:52:35 kane lmtpunix[860
Re: Sieve, Postfix and exec() sendmail
Based on what I've been reading around, I'm not sure why I'd be throwing an exit code of 75. http://www.unix.org.ua/orelly/networking/sendmail/ch36_05.htm Output [EMAIL PROTECTED] ~]# rpm -Vf $(readlink -f /usr/sbin/sendmail) S.5T c /etc/postfix/main.cf [EMAIL PROTECTED] ~]# rpm -V cyrus-imapd S.5T c /etc/cyrus.conf S.5T c /etc/imapd.conf [EMAIL PROTECTED] ~]# On 9/27/07, Simon Matter <[EMAIL PROTECTED]> wrote: > > Hi Alain, > > > > I am running RHEL5; I used prebuilt rpms from RedHat. I did not change > > anything recently. Postfix is not running in chroot. > > > > [EMAIL PROTECTED] ~]# ls -ld /var/spool/imap/stage./ > > drwx-- 2 cyrus mail 4096 Sep 27 10:04 /var/spool/imap/stage./ > > [EMAIL PROTECTED] ~]# > > > > Chris > > > > On 9/27/07, Alain Spineux <[EMAIL PROTECTED]> wrote: > >> Did you change something recently ? > >> Is postfix running chrooted ? > >> > >> what about > >> # ls -ld /var/spool/imap/stage./ > >> ? > >> > >> Regards > >> > >> Alain > >> > >> On 9/27/07, Chris U <[EMAIL PROTECTED]> wrote: > >> > Hi, > >> > > >> > I've done some searching on the list about issues with Sieve > >> > performing rejects, redirects, and vacations using the binary > >> > sendmail. Below are some links from cyrus mailing lists. > >> > > >> > Link: http://tinyurl.com/2mkp5n > >> > Link: http://tinyurl.com/2rylzs > >> > Link: http://tinyurl.com/2k2stg > >> > > >> > Any help would be greatly appreciated! > >> > > >> > Scenario: User1 has a sieve script that keeps a copy of the received > >> > message and forwards mail to User2. > >> > > >> > Problem: FATAL: couldn't exec() sendmail > > Your sendmail call has terminated with exit code 75, try to find out what > 75 means. > > Can you show us the output of the following commands: > > rpm -Vf $(readlink -f /usr/sbin/sendmail) > > rpm -V cyrus-imapd > > Simon > > >> > > >> > Outcome: User2 mail not delivered. 100% CPU usage. Any further > >> > received mail is stalled in postfix queue and not delivered to > >> > mailbox. > >> > > >> > Imapd.conf > >> > configdirectory: /var/lib/imap > >> > partition-default: /var/spool/imap > >> > admins: cyrus > >> > sievedir: /var/lib/imap/sieve > >> > sendmail: /usr/sbin/sendmail > >> > hashimapspool: true > >> > sasl_pwcheck_method: saslauthd > >> > sasl_mech_list: PLAIN > >> > tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem > >> > tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem > >> > tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt > >> > lmtp_downcase_rcpt: yes > >> > sieve_maxscriptsize: 32 > >> > > >> > [EMAIL PROTECTED] ls -al sendmail > >> > -rwxr-xr-x 1 root root 201784 Sep 1 2006 /usr/sbin/sendmail > >> > > >> > Logs > >> > > >> > Sep 27 09:52:22 kane postfix/smtpd[8597]: connect from > >> unknown[10.100.10.160] > >> > Sep 27 09:52:31 kane postfix/smtpd[8597]: 147C030E81BB: > >> > client=unknown[10.100.10.160] > >> > Sep 27 09:52:35 kane postfix/smtpd[8597]: C8DB930E81BB: > >> > client=unknown[10.100.10.160] > >> > Sep 27 09:52:35 kane postfix/cleanup[8600]: C8DB930E81BB: > >> > message-id=<[EMAIL PROTECTED]> > >> > Sep 27 09:52:35 kane postfix/qmgr[6988]: C8DB930E81BB: > >> > from=<[EMAIL PROTECTED]>, size=346, nrcpt=1 (queue active) > >> > Sep 27 09:52:35 kane lmtpunix[8603]: accepted connection > >> > Sep 27 09:52:35 kane lmtpunix[8603]: lmtp connection preauth'd as > >> postman > >> > Sep 27 09:52:35 kane master[8629]: about to exec > >> /usr/lib/cyrus-imapd/lmtpd > >> > Sep 27 09:52:35 kane lmtpunix[8629]: executed > >> > Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: > >> > <[EMAIL PROTECTED]> user.user1 0 > >> > Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: > >> > <[EMAIL PROTECTED]> user.user1 0 > >> > Sep 27 09:52:35 kane lmtpunix[8603]: mystore: starting txn 2147483663 > >> > Sep 27 09:52:35 kane lmtpunix[8603]: mystore: committing txn > >> 2147483663 > >> > Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_mark:
Re: Sieve, Postfix and exec() sendmail
# chmod 755 /var/spool/imap/stage./ did resolve the issue. On 9/27/07, Alain Spineux <[EMAIL PROTECTED]> wrote: > On 9/28/07, Chris U <[EMAIL PROTECTED]> wrote: > > Hi Alain, > > > > I am running RHEL5; I used prebuilt rpms from RedHat. I did not change > > anything recently. Postfix is not running in chroot. > > > > [EMAIL PROTECTED] ~]# ls -ld /var/spool/imap/stage./ > > drwx-- 2 cyrus mail 4096 Sep 27 10:04 /var/spool/imap/stage./ > > [EMAIL PROTECTED] ~]# > > could you try a > # chmod 755 /var/spool/imap/stage./ > > > > > > > Chris > > > > On 9/27/07, Alain Spineux <[EMAIL PROTECTED]> wrote: > > > Did you change something recently ? > > > Is postfix running chrooted ? > > > > > > what about > > > # ls -ld /var/spool/imap/stage./ > > > ? > > > > > > Regards > > > > > > Alain > > > > > > On 9/27/07, Chris U <[EMAIL PROTECTED]> wrote: > > > > Hi, > > > > > > > > I've done some searching on the list about issues with Sieve > > > > performing rejects, redirects, and vacations using the binary > > > > sendmail. Below are some links from cyrus mailing lists. > > > > > > > > Link: http://tinyurl.com/2mkp5n > > > > Link: http://tinyurl.com/2rylzs > > > > Link: http://tinyurl.com/2k2stg > > > > > > > > Any help would be greatly appreciated! > > > > > > > > Scenario: User1 has a sieve script that keeps a copy of the received > > > > message and forwards mail to User2. > > > > > > > > Problem: FATAL: couldn't exec() sendmail > > > > > > > > Outcome: User2 mail not delivered. 100% CPU usage. Any further > > > > received mail is stalled in postfix queue and not delivered to > > > > mailbox. > > > > > > > > Imapd.conf > > > > configdirectory: /var/lib/imap > > > > partition-default: /var/spool/imap > > > > admins: cyrus > > > > sievedir: /var/lib/imap/sieve > > > > sendmail: /usr/sbin/sendmail > > > > hashimapspool: true > > > > sasl_pwcheck_method: saslauthd > > > > sasl_mech_list: PLAIN > > > > tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem > > > > tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem > > > > tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt > > > > lmtp_downcase_rcpt: yes > > > > sieve_maxscriptsize: 32 > > > > > > > > [EMAIL PROTECTED] ls -al sendmail > > > > -rwxr-xr-x 1 root root 201784 Sep 1 2006 /usr/sbin/sendmail > > > > > > > > Logs > > > > > > > > Sep 27 09:52:22 kane postfix/smtpd[8597]: connect from > > > > unknown[10.100.10.160] > > > > Sep 27 09:52:31 kane postfix/smtpd[8597]: 147C030E81BB: > > > > client=unknown[10.100.10.160] > > > > Sep 27 09:52:35 kane postfix/smtpd[8597]: C8DB930E81BB: > > > > client=unknown[10.100.10.160] > > > > Sep 27 09:52:35 kane postfix/cleanup[8600]: C8DB930E81BB: > > > > message-id=<[EMAIL PROTECTED]> > > > > Sep 27 09:52:35 kane postfix/qmgr[6988]: C8DB930E81BB: > > > > from=<[EMAIL PROTECTED]>, size=346, nrcpt=1 (queue active) > > > > Sep 27 09:52:35 kane lmtpunix[8603]: accepted connection > > > > Sep 27 09:52:35 kane lmtpunix[8603]: lmtp connection preauth'd as > > > > postman > > > > Sep 27 09:52:35 kane master[8629]: about to exec > > > > /usr/lib/cyrus-imapd/lmtpd > > > > Sep 27 09:52:35 kane lmtpunix[8629]: executed > > > > Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: > > > > <[EMAIL PROTECTED]> user.user1 0 > > > > Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: > > > > <[EMAIL PROTECTED]> user.user1 0 > > > > Sep 27 09:52:35 kane lmtpunix[8603]: mystore: starting txn 2147483663 > > > > Sep 27 09:52:35 kane lmtpunix[8603]: mystore: committing txn 2147483663 > > > > Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_mark: > > > > <[EMAIL PROTECTED]> user.user1 1190922755 > > > > 0 > > > > Sep 27 09:52:35 kane lmtpunix[8603]: Delivered: > > > > <[EMAIL PROTECTED]> to mailbox: user.user1 > > > > Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: > > > > <[EMAIL PROTECTED]>[EMAIL PROTECTED] .use
createmailbox: Invalid mailbox name
So I've hit a wall in attempting to move our mailboxes onto a new server. I've built/installed Simon's RPMs for 2.3.8 on x86_64. After tarring up my old mail spool (2.2.12 on x86) and dumping the mailboxes file to a flat format and copying to the new machine, I am unable to reconstruct any mailboxes. It merely exits silently. I can create mailboxes in the default domain (cm user/test), but if I attempt to create virtual domain users e.g. cm user/[EMAIL PROTECTED] I get "createmailbox: Invalid mailbox name" What am I doing wrong? Thanks, Chris # imapd.conf entries configdirectory: /var/lib/imap defaultpartition: default partition-default: /var/spool/imap fulldirhash: 0 hashimapspool: 1 duplicate_db: skiplist mboxlist_db: skiplist admins: [EMAIL PROTECTED] sasl_pwcheck_method: auxprop virtdomains: userid defaultdomain: mail #(this is not the machine's name) unixhierarchysep: on tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt allownanonymouslogin: no allowplaintext: yes allowusermoves: yes loginrealms: mail domain1.tld domain2.tld Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve, Postfix and exec() sendmail
Hi Alain, I am running RHEL5; I used prebuilt rpms from RedHat. I did not change anything recently. Postfix is not running in chroot. [EMAIL PROTECTED] ~]# ls -ld /var/spool/imap/stage./ drwx-- 2 cyrus mail 4096 Sep 27 10:04 /var/spool/imap/stage./ [EMAIL PROTECTED] ~]# Chris On 9/27/07, Alain Spineux <[EMAIL PROTECTED]> wrote: > Did you change something recently ? > Is postfix running chrooted ? > > what about > # ls -ld /var/spool/imap/stage./ > ? > > Regards > > Alain > > On 9/27/07, Chris U <[EMAIL PROTECTED]> wrote: > > Hi, > > > > I've done some searching on the list about issues with Sieve > > performing rejects, redirects, and vacations using the binary > > sendmail. Below are some links from cyrus mailing lists. > > > > Link: http://tinyurl.com/2mkp5n > > Link: http://tinyurl.com/2rylzs > > Link: http://tinyurl.com/2k2stg > > > > Any help would be greatly appreciated! > > > > Scenario: User1 has a sieve script that keeps a copy of the received > > message and forwards mail to User2. > > > > Problem: FATAL: couldn't exec() sendmail > > > > Outcome: User2 mail not delivered. 100% CPU usage. Any further > > received mail is stalled in postfix queue and not delivered to > > mailbox. > > > > Imapd.conf > > configdirectory: /var/lib/imap > > partition-default: /var/spool/imap > > admins: cyrus > > sievedir: /var/lib/imap/sieve > > sendmail: /usr/sbin/sendmail > > hashimapspool: true > > sasl_pwcheck_method: saslauthd > > sasl_mech_list: PLAIN > > tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem > > tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem > > tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt > > lmtp_downcase_rcpt: yes > > sieve_maxscriptsize: 32 > > > > [EMAIL PROTECTED] ls -al sendmail > > -rwxr-xr-x 1 root root 201784 Sep 1 2006 /usr/sbin/sendmail > > > > Logs > > > > Sep 27 09:52:22 kane postfix/smtpd[8597]: connect from > > unknown[10.100.10.160] > > Sep 27 09:52:31 kane postfix/smtpd[8597]: 147C030E81BB: > > client=unknown[10.100.10.160] > > Sep 27 09:52:35 kane postfix/smtpd[8597]: C8DB930E81BB: > > client=unknown[10.100.10.160] > > Sep 27 09:52:35 kane postfix/cleanup[8600]: C8DB930E81BB: > > message-id=<[EMAIL PROTECTED]> > > Sep 27 09:52:35 kane postfix/qmgr[6988]: C8DB930E81BB: > > from=<[EMAIL PROTECTED]>, size=346, nrcpt=1 (queue active) > > Sep 27 09:52:35 kane lmtpunix[8603]: accepted connection > > Sep 27 09:52:35 kane lmtpunix[8603]: lmtp connection preauth'd as postman > > Sep 27 09:52:35 kane master[8629]: about to exec /usr/lib/cyrus-imapd/lmtpd > > Sep 27 09:52:35 kane lmtpunix[8629]: executed > > Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: > > <[EMAIL PROTECTED]> user.user1 0 > > Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: > > <[EMAIL PROTECTED]> user.user1 0 > > Sep 27 09:52:35 kane lmtpunix[8603]: mystore: starting txn 2147483663 > > Sep 27 09:52:35 kane lmtpunix[8603]: mystore: committing txn 2147483663 > > Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_mark: > > <[EMAIL PROTECTED]> user.user1 1190922755 > > 0 > > Sep 27 09:52:35 kane lmtpunix[8603]: Delivered: > > <[EMAIL PROTECTED]> to mailbox: user.user1 > > Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: > > <[EMAIL PROTECTED]>[EMAIL PROTECTED] .user1.sieve. > > 0 > > Sep 27 09:52:35 kane lmtpunix[8630]: FATAL: couldn't exec() sendmail > > Sep 27 09:52:35 kane lmtpunix[8603]: sieve runtime error for user1 id > > <[EMAIL PROTECTED]>: Redirect: Sendmail process > > terminated normally, exit status 75 > > Sep 27 09:52:35 kane lmtpunix[8603]: DBERROR db4: Locker does not exist > > Sep 27 09:52:35 kane lmtpunix[8603]: DBERROR: error fetching > > <[EMAIL PROTECTED]>: Invalid argument > > Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: error looking up > > <[EMAIL PROTECTED]>/user.user1: cyrusdb error > > Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: > > <[EMAIL PROTECTED]> user.user1 0 > > Sep 27 09:52:35 kane lmtpunix[8603]: IOERROR: opening > > /var/spool/imap/stage./8603-1190922755-0: No such file or directory > > Sep 27 09:52:35 kane postfix/lmtp[8602]: C8DB930E81BB: > > to=<[EMAIL PROTECTED]>, relay=tipg.net[/var/lib/imap/socket/lmtp], > > delay=0.07, delays=0.05/0/0.01/0.01, dsn=4.3.0, status=deferred (host > > tipg.net[/var/lib/imap/socket/lmtp] said: 421 4.3.0 lmtpd: could
Sieve, Postfix and exec() sendmail
Hi, I've done some searching on the list about issues with Sieve performing rejects, redirects, and vacations using the binary sendmail. Below are some links from cyrus mailing lists. Link: http://tinyurl.com/2mkp5n Link: http://tinyurl.com/2rylzs Link: http://tinyurl.com/2k2stg Any help would be greatly appreciated! Scenario: User1 has a sieve script that keeps a copy of the received message and forwards mail to User2. Problem: FATAL: couldn't exec() sendmail Outcome: User2 mail not delivered. 100% CPU usage. Any further received mail is stalled in postfix queue and not delivered to mailbox. Imapd.conf configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt lmtp_downcase_rcpt: yes sieve_maxscriptsize: 32 [EMAIL PROTECTED] ls -al sendmail -rwxr-xr-x 1 root root 201784 Sep 1 2006 /usr/sbin/sendmail Logs Sep 27 09:52:22 kane postfix/smtpd[8597]: connect from unknown[10.100.10.160] Sep 27 09:52:31 kane postfix/smtpd[8597]: 147C030E81BB: client=unknown[10.100.10.160] Sep 27 09:52:35 kane postfix/smtpd[8597]: C8DB930E81BB: client=unknown[10.100.10.160] Sep 27 09:52:35 kane postfix/cleanup[8600]: C8DB930E81BB: message-id=<[EMAIL PROTECTED]> Sep 27 09:52:35 kane postfix/qmgr[6988]: C8DB930E81BB: from=<[EMAIL PROTECTED]>, size=346, nrcpt=1 (queue active) Sep 27 09:52:35 kane lmtpunix[8603]: accepted connection Sep 27 09:52:35 kane lmtpunix[8603]: lmtp connection preauth'd as postman Sep 27 09:52:35 kane master[8629]: about to exec /usr/lib/cyrus-imapd/lmtpd Sep 27 09:52:35 kane lmtpunix[8629]: executed Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: <[EMAIL PROTECTED]> user.user1 0 Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: <[EMAIL PROTECTED]> user.user1 0 Sep 27 09:52:35 kane lmtpunix[8603]: mystore: starting txn 2147483663 Sep 27 09:52:35 kane lmtpunix[8603]: mystore: committing txn 2147483663 Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_mark: <[EMAIL PROTECTED]> user.user1 1190922755 0 Sep 27 09:52:35 kane lmtpunix[8603]: Delivered: <[EMAIL PROTECTED]> to mailbox: user.user1 Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: <[EMAIL PROTECTED]>[EMAIL PROTECTED] .user1.sieve. 0 Sep 27 09:52:35 kane lmtpunix[8630]: FATAL: couldn't exec() sendmail Sep 27 09:52:35 kane lmtpunix[8603]: sieve runtime error for user1 id <[EMAIL PROTECTED]>: Redirect: Sendmail process terminated normally, exit status 75 Sep 27 09:52:35 kane lmtpunix[8603]: DBERROR db4: Locker does not exist Sep 27 09:52:35 kane lmtpunix[8603]: DBERROR: error fetching <[EMAIL PROTECTED]>: Invalid argument Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: error looking up <[EMAIL PROTECTED]>/user.user1: cyrusdb error Sep 27 09:52:35 kane lmtpunix[8603]: duplicate_check: <[EMAIL PROTECTED]> user.user1 0 Sep 27 09:52:35 kane lmtpunix[8603]: IOERROR: opening /var/spool/imap/stage./8603-1190922755-0: No such file or directory Sep 27 09:52:35 kane postfix/lmtp[8602]: C8DB930E81BB: to=<[EMAIL PROTECTED]>, relay=tipg.net[/var/lib/imap/socket/lmtp], delay=0.07, delays=0.05/0/0.01/0.01, dsn=4.3.0, status=deferred (host tipg.net[/var/lib/imap/socket/lmtp] said: 421 4.3.0 lmtpd: couldn't exec() sendmail (in reply to end of DATA command)) Sep 27 09:52:35 kane lmtpunix[8603]: IOERROR: error unlinking file /var/spool/imap/stage./8603-1190922755-0: No such file or directory Sep 27 09:52:36 kane postfix/smtpd[8597]: disconnect from unknown[10.100.10.160] Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: upgrading to a different achitecture
Thanks for the info. The man page for cyr_dbtool doesn't indicate this is possible (which is not to say it isn't possible, just undocumented). cvt_cyrusdb appears to be more of a candidate. Is this what I should be using, or could you give an example of how to use cyr_dbtool? Many thanks, Chris Bron Gondwana wrote: > On Wed, Sep 26, 2007 at 11:46:08AM -0500, Chris Harms wrote: > >> Hello, >> >> We will be migrating our cyrus server from x86 to x86_64 for an interim >> period and then likely returning to x86 after some time. We will be >> upgrading from 2.2.x to 2.3.x as well, and I am wondering if there is a >> way to preserve the per mailbox databases, specifically the seen state? >> I have run through a test of this process once without luck retaining >> the information. Is there a way to do this moving to x86_64 and then >> >> likewise moving back to x86? >> > > You can always dump and restore the seen state using cyr_dbtool, though > that's a fair bit of work! Amazing how much isn't hard work once you > have a tested script to do it for you though :)[0] > > There are also a couple of fields (e.g. QUOTA information, MODSEQ) in > the cyrus.index file which if you've got values higher than 2^32 in them > will change value when you switch back to 32 bit. > > Bron. > > [0] and it looks like you've actually tested that your process will work > before committing to it, which puts you ahead of 90% of the IT shops > out there! > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
upgrading to a different achitecture
Hello, We will be migrating our cyrus server from x86 to x86_64 for an interim period and then likely returning to x86 after some time. We will be upgrading from 2.2.x to 2.3.x as well, and I am wondering if there is a way to preserve the per mailbox databases, specifically the seen state? I have run through a test of this process once without luck retaining the information. Is there a way to do this moving to x86_64 and then likewise moving back to x86? Thanks, Chris Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: SQUAT config
brian wrote:
> Chris Mattingly wrote:
>
>> brian wrote:
>>
>>
>>> Thanks, this is becoming clearer. But how do i configure squatter? Am i
>>> looking in the wrong place?
>>>
>>> brian
>>>
>>>
>> Place the options in your cyrus.conf for squatter and you should be all
>> set. For example:
>>
>> EVENTS
>> {
>>
>> squatter cmd="squatter -s" period=180
>> }
>>
>>
>
> Yes, i see, that's to invoke it. But i'm also reading that the config
> must be in imapd.conf yet i've seen no example for the syntax to do so
> (nor what is required (or even suggested)).
>
> I'm also wondering how to have squatter run against all IMAP mailboxes.
> Do i need to specify them all when i invoke it? Or can i get away with
> feeding it "/var/spool/imap" with the -r switch and hoping it will
> figure it out?
>
> brian
>
I don't believe there are any squatter specific options that go into
imapd.conf. I suspect that the reference you're seeing to squatter
reading imapd.conf (or other config referenced by -C) is simply for
squatter to see where the imap spool is (i.e. partition-default), and
possibly some other environment-specific parameters it needs to know.
The only options squatter takes are those specified in its man page, and
those would go in cyrus.conf.
Unless you specify with via mboxcfg to not index a mailbox, or you
specify a single mailbox on the command line, sieve will index all
mailboxes by default.
My exact cyrus.conf entry is:
squatter cmd="squatter" period=180
And all mailboxes on my (rather small) system are indexed every 3 hours.
-Chris
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: SQUAT config
brian wrote:
> Thanks, this is becoming clearer. But how do i configure squatter? Am i
> looking in the wrong place?
>
> brian
>
Place the options in your cyrus.conf for squatter and you should be all
set. For example:
EVENTS
{
squatter cmd="squatter -s" period=180
}
-Chris
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Global mailbox
On Monday 30 July 2007, Lorenzo Milesi wrote: > I've configured a few users for login, and other mailboxes accessed as > "Other Users". The problem are those boxes: I need to have GLOBAL flags > (i.e. if I read a message in those shared mailboxes everyone else must > see the message as read). That's all! Just use a separate account for that mailbox. Each user will have a minimum of 2 imap accounts - their user account, and the global user account (all users use the same name and password for this one). Whenever an operation occurs on the global account everyone sees it the same way. -- Chris Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: LTMPD rejecting large messages, maxmessagesize is _not_ set
On Fri, 13 Jul 2007, Sebastian Hagedorn wrote: >> Why would Cyrus return that? Obviously something is wrong with the >> delivery, but under what circumstances would a) lmtpd invoke the >> sendmail binary? > > That would happen if the user in question has a sieve redirect rule. Yep, I just figured that out. The user is forwarding their mail off, and the service to which they are forwarding is rejecting the message. Thanks! >> c) lmtpd pass the failure >> message, unadorned, back to the sender? The latter in particular >> seems like broken behavior; shouldn't lmtpd return something like '5xx >> sendmail: fatal: ...'? > > Sure, but that's a known bug :-) At least I seem to remember that it came up > some time ago. Yeesh. If I was a C programmer, I'd fix that. That seems decidely less robust than one would expect. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University LOPSA Sysadmin Days: Professional Training for Professional SysAdmins August 6-7, Cherry Hill, NJ http://lopsa.org/SysadminDays Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: LTMPD rejecting large messages, maxmessagesize is _not_ set
On Fri, 13 Jul 2007, Chris St. Pierre wrote: > On Fri, 13 Jul 2007, David Carter wrote: > >> On Tue, 10 Jul 2007, Chris St. Pierre wrote: >> >>> LMTPD is rejecting large messages; I've been unable to figure out the exact >>> threshold, but I am seeing messages like this in my Postfix logs: >>> >>> Jun 28 20:23:12 vostok postfix/qmgr[9323]: 22F5373D6F6: >>> from=<[EMAIL PROTECTED]>, size=16243464, nrcpt=1 (queue active) Jun 28 >>> 20:23:22 vostok postfix/lmtp[13405]: warning: non-LMTP response from >>> imap.nebrwesleyan.edu[10.1.1.31]: sendmail: fatal: [EMAIL PROTECTED](76): >>> Message file too big >> >> I don't think that Cyrus generated that error messages. Try "strings" on the >> lmtpd binary. Errors from Cyrus should be all variants on: >> >> ec IMAP_MESSAGE_TOO_LARGE, >>"Message size exceeds fixed limit" >> >> Is sendmail/postfix using a staging partition which has run out space? > > Right you are. It's Postfix's 'sendmail' binary that appears to be > generating the error, although I'm still perplexed that it claims to > be in response to a non-LMTP response from lmtpd. Some investigation confirmed my initial suspicions: that Cyrus lmtpd is returning to Postfix's lmtp delivery daemon the message: "sendmail: fatal: [EMAIL PROTECTED](76): Message file too big" Since that doesn't start with [2-5]\d\d, it's not a valid LMTP response, and Postfix is doing the right thing by complaining. Why would Cyrus return that? Obviously something is wrong with the delivery, but under what circumstances would a) lmtpd invoke the sendmail binary? b) sendmail fail thusly? c) lmtpd pass the failure message, unadorned, back to the sender? The latter in particular seems like broken behavior; shouldn't lmtpd return something like '5xx sendmail: fatal: ...'? There's plenty of free space everywhere, and message size limits are either set high or not at all. Any ideas? Thanks! Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University LOPSA Sysadmin Days: Professional Training for Professional SysAdmins August 6-7, Cherry Hill, NJ http://lopsa.org/SysadminDays Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: LTMPD rejecting large messages, maxmessagesize is _not_ set
On Fri, 13 Jul 2007, David Carter wrote: > On Tue, 10 Jul 2007, Chris St. Pierre wrote: > >> LMTPD is rejecting large messages; I've been unable to figure out the exact >> threshold, but I am seeing messages like this in my Postfix logs: >> >> Jun 28 20:23:12 vostok postfix/qmgr[9323]: 22F5373D6F6: >> from=<[EMAIL PROTECTED]>, size=16243464, nrcpt=1 (queue active) Jun 28 >> 20:23:22 vostok postfix/lmtp[13405]: warning: non-LMTP response from >> imap.nebrwesleyan.edu[10.1.1.31]: sendmail: fatal: [EMAIL PROTECTED](76): >> Message file too big > > I don't think that Cyrus generated that error messages. Try "strings" on the > lmtpd binary. Errors from Cyrus should be all variants on: > > ec IMAP_MESSAGE_TOO_LARGE, >"Message size exceeds fixed limit" > > Is sendmail/postfix using a staging partition which has run out space? > > -- > David Carter Email: [EMAIL PROTECTED] > University Computing Service,Phone: (01223) 334502 > New Museums Site, Pembroke Street, Fax: (01223) 334679 > Cambridge UK. CB2 3QH. > > Right you are. It's Postfix's 'sendmail' binary that appears to be generating the error, although I'm still perplexed that it claims to be in response to a non-LMTP response from lmtpd. Well, off to ask on the Postfix list. Thanks. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University LOPSA Sysadmin Days: Professional Training for Professional SysAdmins August 6-7, Cherry Hill, NJ http://lopsa.org/SysadminDays Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: LTMPD rejecting large messages, maxmessagesize is _not_ set
On Wed, 11 Jul 2007, Roberto R. Morelli wrote: > Look at the postfix config (main.cf). The value to look at is > "message_size_limit". Had the same problem long time ago. > > Mine is set to "message_size_limit = 51200" Which is email size of 512MB > (folks here use email like ftp .) Thanks for the suggestion, but when Postfix rejects a message because it's too big, Postfix generates the bounce; it doesn't wait to deliver it via LMTP and then complain that LMTP gave a bad return value (which is nonsensical, if Postfix is rejecting the message). Re-read the error message; note that Postfix is merely reporting the error it got from LMTPD. For the message in question, here's the Postfix queue manager receiving it: Jun 25 13:58:47 vostok postfix/qmgr[9323]: 58A6373D6F6: from=<[EMAIL PROTECTED]>, size=16243093, nrcpt=1 (queue active) >From main.cf: message_size_limit = 2048 16243093 < 2048 I can also see the message being processed by the cleanup daemon, which is the daemon that would be bouncing the messages if they were too large. This remains a problem with LMTPD. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University LOPSA Sysadmin Days: Professional Training for Professional SysAdmins August 6-7, Cherry Hill, NJ http://lopsa.org/SysadminDays > > --On Tuesday, July 10, 2007 08:17:43 AM -0500 "Chris St. Pierre" > <[EMAIL PROTECTED]> wrote: > >> LMTPD is rejecting large messages; I've been unable to figure out the >> exact threshold, but I am seeing messages like this in my Postfix >> logs: >> >> Jun 28 20:23:12 vostok postfix/qmgr[9323]: 22F5373D6F6: >> from=<[EMAIL PROTECTED]>, size=16243464, nrcpt=1 (queue active) >> Jun 28 20:23:22 vostok postfix/lmtp[13405]: warning: non-LMTP response >> from imap.nebrwesleyan.edu[10.1.1.31]: sendmail: fatal: >> [EMAIL PROTECTED](76): Message file too big >> >> I have no maxmessagesize directive in my imapd.conf (which I've >> included below for reference). My reading of the man page indicates >> that, with no maxmessagesize set, no messages should be rejected due >> to size. Any ideas? >> >> Thanks! >> >> imapd.conf # >> configdirectory: /var/lib/imap >> partition-default: /var/spool/cyrus/imap >> sievedir: /var/spool/cyrus/sieve >> sendmail: /usr/sbin/sendmail >> admins: cyradm >> hashimapspool: true >> sasl_pwcheck_method: saslauthd >> sasl_mech_list: PLAIN >> tls_cert_file: /usr/share/ssl/certs/server.crt >> tls_key_file: /usr/share/ssl/certs/server.key >> tls_ca_file: /usr/share/ssl/certs/ca-bundle.crt >> ldap_uri: ldap://ldap.nebrwesleyan.edu >> ldap_member_base: ou=people,o=nebrwesleyan.edu,o=isp >> ldap_referrals: 1 >> createonpost: 1 >> autocreateinboxfolders: Junk Mail|Trash >> autosubscribeinboxfolders: Junk Mail|Trash >> autocreatequota: 102400 >> autocreate_sieve_script: /etc/default_filter.sieve >> autocreate_sieve_compiledscript: /etc/default_filter.bc >> anysievefolder: yes >> foolstupidclients: 1 >> lmtp_downcase_rcpt: 1 >> unix_group_enable: 0 >> lmtp_over_quota_perm_failure: yes >> # >> >> Chris St. Pierre >> Unix Systems Administrator >> Nebraska Wesleyan University >> >> LOPSA Sysadmin Days: Professional Training for Professional SysAdmins >> August 6-7, Cherry Hill, NJ >> http://lopsa.org/SysadminDays >> >> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html >> > > > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
LTMPD rejecting large messages, maxmessagesize is _not_ set
LMTPD is rejecting large messages; I've been unable to figure out the exact threshold, but I am seeing messages like this in my Postfix logs: Jun 28 20:23:12 vostok postfix/qmgr[9323]: 22F5373D6F6: from=<[EMAIL PROTECTED]>, size=16243464, nrcpt=1 (queue active) Jun 28 20:23:22 vostok postfix/lmtp[13405]: warning: non-LMTP response from imap.nebrwesleyan.edu[10.1.1.31]: sendmail: fatal: [EMAIL PROTECTED](76): Message file too big I have no maxmessagesize directive in my imapd.conf (which I've included below for reference). My reading of the man page indicates that, with no maxmessagesize set, no messages should be rejected due to size. Any ideas? Thanks! imapd.conf # configdirectory: /var/lib/imap partition-default: /var/spool/cyrus/imap sievedir: /var/spool/cyrus/sieve sendmail: /usr/sbin/sendmail admins: cyradm hashimapspool: true sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN tls_cert_file: /usr/share/ssl/certs/server.crt tls_key_file: /usr/share/ssl/certs/server.key tls_ca_file: /usr/share/ssl/certs/ca-bundle.crt ldap_uri: ldap://ldap.nebrwesleyan.edu ldap_member_base: ou=people,o=nebrwesleyan.edu,o=isp ldap_referrals: 1 createonpost: 1 autocreateinboxfolders: Junk Mail|Trash autosubscribeinboxfolders: Junk Mail|Trash autocreatequota: 102400 autocreate_sieve_script: /etc/default_filter.sieve autocreate_sieve_compiledscript: /etc/default_filter.bc anysievefolder: yes foolstupidclients: 1 lmtp_downcase_rcpt: 1 unix_group_enable: 0 lmtp_over_quota_perm_failure: yes ##### Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University LOPSA Sysadmin Days: Professional Training for Professional SysAdmins August 6-7, Cherry Hill, NJ http://lopsa.org/SysadminDays Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Starting imapd 2.3.8 with db 4.5 (patched)
Hello, I am building a new server. Nothing big, just for my self and some family members. I have used Cyrus for the last four years now I am installing 2.3.8 on an LFS version dated 2007-05-05. LFS comes with DB 4.5.20. However IMAPd uses old calls to DB which are fixed by a patch posted in the thread "Cyrus-IMAPD 2.3.8 an BerekelyDB 4.5.20" starting March 22, 2007. I used this patch which solve the compile problem. But... The first boot of IMAPd gives a lot of DBERROR messages in the log file. I have create the folders imap, mail, sieve, spool and srvtab in the folder /srv/cyrus all owned by cyrus and the group mail. The imapd.conf points to the right folders, I used to change the folders on other configurations as well so I know this should work. This is an ls -l of the folder: [EMAIL PROTECTED]:/srv/cyrus$ ls -l totaal 20 drwxr-x--- 6 cyrus mail 4096 jun 10 13:42 imap drwxr-x--- 2 cyrus mail 4096 jun 10 12:33 mail drwxr-x--- 2 cyrus mail 4096 jun 10 12:33 sieve drwxr-x--- 2 cyrus mail 4096 jun 10 12:33 spool drwxr-x--- 2 cyrus mail 4096 jun 10 12:33 srvtab On starting the following messages where written to the log: Jun 10 11:26:30 jcw-dualserv-dev master[4347]: about to exec /usr/bin/imapd Jun 10 11:26:30 jcw-dualserv-dev imaps[4347]: DBERROR db4: /srv/cyrus/imap/db/__db.001: No such file or directory Jun 10 11:26:30 jcw-dualserv-dev imaps[4347]: DBERROR: dbenv->open '/srv/cyrus/imap/db' failed: No such file or directory Jun 10 11:26:30 jcw-dualserv-dev imaps[4347]: DBERROR: init() on berkeley Jun 10 11:26:30 jcw-dualserv-dev imaps[4347]: DBERROR: reading /srv/cyrus/imap/db/skipstamp, assuming the worst: No such file or directory Jun 10 11:26:30 jcw-dualserv-dev imaps[4347]: executed Jun 10 11:26:30 jcw-dualserv-dev pop3s[4348]: skiplist: recovered /srv/cyrus/imap/mailboxes.db (0 records, 144 bytes) in 0 second The folder /srv/cyrus/imap exists, but is seems imaps fails to create the db folder for whatever reason. After creating it manually imaps could start properly. Is this a bug related to the use of DB 4.5? Regards, Chris Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
I give up... How do I unsubscribe?
I've followed the directions at
http://asg.web.cmu.edu/cyrus/mailing-list.html and even tried a few
other things that haven't worked.
Thanks,
- Chris
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: vacation programs
On Tue, 20 Mar 2007, Gene Rackow wrote: I know the subject of vacation programs have come up a few times in the past. I'm curious what people may be using to provide a reasonable auto-response. The problem that I have seen popping up is the spammers are sending mail directly to the users address. The From line is forged. The spam is staying under the radar on the various anti-spam measures in place so it gets delivered to the user as a real message. The vacation program then responds to this junk mail. In a few cases the person at the other end of the forged address reports the vacation message as spam to some RBL site. The RBL site gives the option to respond that this is, or isn't real, and wants us to take action. If we don't respond to them, they add our site to the blacklist. So far it's been managable, but I do see that things are going to need to change before long. My current vacation program is based on the Unix vacation rules. Only respond to mail that you are listed on the To: or cc: lines. No response to mailing lists, precedence: bulk or junk, some black-listed addresses, etc. We use Sieve to do vacation responses after spam filtering. With the amount of sender spoofing going on these days, responding (or forwarding, for that matter) before filtering will cause problems for you. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University Never send mail to [EMAIL PROTECTED] Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Spam filtering / Sieve on bulletinboards
On Tue, 27 Feb 2007, Janne Peltonen wrote: So apparently you can sieve mail coming to a bulletin board? How? I just assumed the OP had figured _that_ part out. :) Presumably, though, if the BB system checks for mail to it via POP or IMAP, you could set sieve filters for its account. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University Never send mail to [EMAIL PROTECTED] Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Spam filtering / Sieve on bulletinboards
On Mon, 26 Feb 2007, Andre Plante wrote:
I have recently setup some bulletin boards, which are designed to
receive mail from our external clients alerting us of issues.
What I am now trying to do, but can't find any references on how to do
this, is setup sieve filtering of the messages so that the messages that
are likely spam (as judged by spamassassin) as automatically moved into
a seperate folder.
We use something like this:
# Probably Spam
if header :comparator "i;ascii-casemap" :matches "Subject" "[SPAM:*"
{
fileinto "INBOX.Junk Mail";
stop;
}
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
Never send mail to [EMAIL PROTECTED]
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: (no subject)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wickham, Larry wrote: > I am currently charged with administering our 1 semester old Cyrus > server. When the server was introduced a policy was written which stated > that emails over a certain age would be deleted. I can find no such > function or feature in Cyrus or it's associated tools. Does anyone know > of a means to accomplish this? Check out the manpage for 'ipurge'. Make sure you educate your users about this policy; unless you're only purging mail from specific folders (Trash, Sent, or something similar), you're setting your users up for unexpected mail loss. Chris [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFjB2p98ixrK2vMtARAm1tAJ4sioDkFlrkBo0x8veX6uiWNDXxPwCdFMzC f7/EgZJdZWJhjb91mFIK5Z0= =3lQH -END PGP SIGNATURE- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Real Time Cyrus user lookups [was: help with backscatter]
I am very close to having Real Time Cyrus working and performing user lookups to halt our backscatter problem. However, it appears to be skipping aliases, etc and trying to validate every email address as is, instead of resolving aliases to the underlying mailboxes. To complicate matters, all of the Sendmail maps are done in a database. Since aliases work fine without using mrs_cyrus_mailertable, I'm guess that is my issue. Any pointers are appreciated. I have configured based on the RTCyrus docs for our domains as follows: # configuration info # Sendmail.mc: FEATURE(`mrs')dnl FEATURE(`mrs_cyrus')dnl MAILER(`cyrusv2d')dnl Required release B if you use mrs_cyrus_mailertable mailertable: # directly specify errot message for non existing cyrus mailboxes each.domain mrs_cyrus_mailertable:error:5.1.1:550 User unknown acess (if you want to accept message to the domains from anywhere): to:1st.domain RELAY to:2nd.domain RELAY to:3rd.domain RELAY Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: help with backscatter
Thank you for the links, this looks to be very helpful. To those who have kindly told me to go to the Sendmail groups, I suspect Cyrus plays a part in our problem. I'm now fairly certain that our access db is misconfigured, with the reason stemming from using "To:domain.tld RELAY" as a workaround for Sendmail not delivering to Cyrus many moons ago. I don't think we should need to do this, but I distinctly recall it NOT working if we didn't have it in there. I suppose the 'duct tape' is coming unglued now. I'm currently working on putting together a development machine to try out 2.3.7 and removal of the aforementioned lines in access db. Any pointers on whether my hunch about the access file is correct or not are welcome. Matthew Seaman wrote: Chris Harms wrote: We are having some trouble with our servers sending out backscatter spam. I realize this is really a Sendmail issue, but if any list readers have some insights on the best way to make Sendmail stop sending bounces to outside domains, it would be greatly appreciated. The general approach is that you need to decide if a message is spam or not *during* the SMTP dialog. In that case, you can return a 5xx error code to the sending server directly. If you decide the message is spam after you've accepted it your only alternatives are to return a bounce-o-gram is to the sender address which as you've found is almost invariably forged, or to drop the message in the bit-bucket, which is counter to the letter of the SMTP standards and does nothing to indicate to the spammers that they should give up and go and do something more worthwhile. Sendmail's milter interface allows you to filter messages through AV and anti-spam filters -- FEATURE(`delay_checks') in your sendmail.mc file is often useful in that case. See http://www.sendmail.org/m4/anti_spam.html Some milters I use: spamass-milter: http://savannah.nongnu.org/projects/spamass-milt/ milter-greylist: http://hcpnet.free.fr/milter-greylist/ clamav-milter: http://www.clamav.net/ FEATURE(greet_pause) in sendmail.mc is also good at weeding out botnet style mailers. There's an excellent write up (of a pretty severe spam-filtering setup) which does a good job of exploring all the various issues at: http://www.acme.com/mail_filtering/ Cheers, Matthew Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
help with backscatter
Hello, We are having some trouble with our servers sending out backscatter spam. I realize this is really a Sendmail issue, but if any list readers have some insights on the best way to make Sendmail stop sending bounces to outside domains, it would be greatly appreciated. Thanks in advance, Chris Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: problems on folders containing @
On Fri, 10 Nov 2006, Marten Lehmann wrote: > why does this give an error? > > x create [EMAIL PROTECTED] > x NO Invalid mailbox name Escape the @ sign: create [EMAIL PROTECTED] Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: performance on large inboxes
On Thursday 09 November 2006 02:02, Paul Dekkers wrote: > So maybe you're indeed facing the quality of your IMAP client That can be a lot of it. I run a cyrus mail store on my local network and as much as I like Kmail it is painfully slow opening folders with a lot of messages (I have one with ~70,000) - even if there are no changes in the mailbox and I just left it and went back to it, for some reason whatever it is doing takes a long time (on a fast system with fast I/O and lots of memory) and there is little to no load being placed on the server during this time (according to top), while Thunderbird opens said folder instantly. I really hope Kmail will catch up as an imap client sooner rather than later. Chris Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Login attack on cyrus imap
Take Ben's advice. Use fail2ban, FUT, or any of the other programs out there that are designed for this. If the attacker is using a single IP address, fail2ban (properly configured) should block them in under a second. There's probably a way to prevent Cyrus from taking too many connections, but that still allows a DoS attack -- if the attacker is using up all of your available connections, no real customer can get on. It also uses up a bunch of system resources, unnecessarily. Don't limit the attacker -- ban them. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University On Thu, 2 Nov 2006, Jim John wrote: >I found out that it was a single IP from the log >files. That person (or bot) logs into the POP3 server >and tries to authenticate itself. The problem is that >it logs in as a different user each time and does ALOT >of these logins per second, causing LDAP to overload >with connections. Is there any way to limit the number >of connections in the cyrus server using some config >parameter? Thanks. > > > > >__ >Check out the New Yahoo! Mail - Fire up a more powerful email and get things >done faster. >(http://advision.webevents.yahoo.com/mailbeta) > > >Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Sort by date wierdness
I have a user whose inbox has a few messages that are sorted incorrectly. We first noticed this using IMP (part of Horde), which uses IMAP to do its sorting. The user's inbox lists the following messages, in this order: 2446 09:54:04 AM ... 224 02/21/2002 ... 339 12/31/1903 ... 2445 06:32:26 AM ... Cyrus reports the same dates: * 2446 FETCH (INTERNALDATE "24-Aug-2006 09:55:30 -0500") * 224 FETCH (INTERNALDATE "20-Aug-2006 09:32:03 -0500") * 339 FETCH (INTERNALDATE "20-Aug-2006 09:32:04 -0500") * 2445 FETCH (INTERNALDATE "24-Aug-2006 06:32:34 -0500") As you can see, messages 2445 and 2446 are sorted correctly, but the others both have INTERNALDATEs of several days ago, when we migrated to Cyrus -- they don't have INTERNALDATEs between 6:32 am and 9:55 am today. I turned on telemetry logs for the user and checked her email. IMP issues the following command: UID SORT (REVERSE DATE) US-ASCII ALL The response starts: * SORT 2727 2726 2725 2728 2724 2723 2720 224 339 2698 2697 As you can see, the user has received some mail between the time I did my initial debugging, and messages #224 and #339 have actually moved *up* the list. This morning, they continued to move up the list and are now nearly the newest messages in the inbox when sorted by reverse date. My Cyrus IMAP version is the latest offered with RHEL 4: % rpm -qi cyrus-imapd Name: cyrus-imapd Relocations: (not relocatable) Version : 2.2.12Vendor: Red Hat, Inc. Release : 3.RHEL4.1 Build Date: Sat 23 Apr 2005 03:45:01 PM CDT Any ideas what might be causing this? Thanks! Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Command-line reconstruct different from cyradm reconstruct?
I have a number of users with quotas that are set correctly, but Cyrus is confused about the amount of data they have. For instance: imap> lq user.jpublic STORAGE 0/307200 (0%) If I run: # su - cyrus -c "/usr/lib64/cyrus-imapd/reconstruct -rf user.jpublic" nothing changes, and all remains as it was: imap> lq user.jpublic STORAGE 0/307200 (0%) But if I run reconstruct from cyradm, it works fine: imap> reconstruct user.jpublic imap> lq user.jpublic STORAGE 23140/307200 (7.5325520833%) Two questions: 1. Why would this be? 2. I need to reconstruct several thousand mailboxes thusly. How can I script this? Cyrus::IMAP::Admin doesn't appear to have a "reconstruct" method, and piping a text file into cyradm doesn't work because of the password prompt. Other ideas? I'm using the RHEL4 package of Cyrus IMAP v2.2.12. Thanks! Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
sendmail or cyrus question... not sure
Hi all, Please send me over to a sendmail list if this question would be better suited over there, but I'm hoping to get some help here. :) I'm using sendmail 8.13.1 & cyrus 2.2.12. In my sendmail config, I have set cyrusv2 as my LOCAL_MAILER. What's happening is that mail for any recipient is being accepted by the MTA, failing the lmtp delivery as a non-existent user, then bouncing back to me (postmaster). What's the cleanest way around this problem? Obviously, the solution I'd like is for invalid recipients to get blocked at the "RCPT TO" command. Thanks! -Chris Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: High availability email server...
Michael-- One of the major problems you'd run into is /var/lib/imap, the config directory. It contains, among other things, a Berkeley DB of information about the mail store. GFS, Lustre, and other cluster filesystems do file-level locking; in order to properly read and write to the BDB backend, you'd need DB-level locking, which is not possible from a filesystem. If you tried putting /var/lib/imap on shared storage, you'd have data corruption and loss in no time. IMAP is also a stateful connection; depending on how you set up your cluster, some clients might not handle it gracefully (e.g., Pine). Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University On Sat, 29 Jul 2006, Michael Menge wrote: > Hi, > > Quoting Pascal Gienger <[EMAIL PROTECTED]>: > >> >> >> I would NEVER suggest to mount the cyrus mail spool via NFS, locking is >> important and for these crucial things I like to have a real block >> device with a real filesystem, so SANs are ok to me. >> > > does someone use lustre as cyrus mail spoll? Would it be possible to > run cryus on 2 ore more systems with a shared spool for loadbalancing > and HA with lustre? > > Michael > > > > Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Performance and cheap storage
Our mail store is on a LeftHand SAN, which we bought this summer. The speed is pretty good, even on just a GigE network, and it's certainly a helluva lot cheaper than FC stuff. Downsides include the lack of an integrated fencing device for failover (most FC switches are fencing devices), and the general lack of clue in LeftHand's frontline support. Upsides include all of the cash that's still in our pocketses. Luckily, I don't think that a kernel-level implementation of iSCSI will be a big drawback, since Cyrus IMAP (and IMAP servers in general) aren't processor-bound. We'll run into I/O problems long before we run out of oomph to drive iSCSI and Cyrus IMAP. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University On Sat, 29 Jul 2006, Greg A. Woods wrote: >At Wed, 26 Jul 2006 16:20:57 -0500, >Greg Harris wrote: >> >> On 7/26/06 3:33 PM, "Greg A. Woods" <[EMAIL PROTECTED]> wrote: >> >> > Using a SCSI host interface isn't going to be nearly so flexible as >> > using a Fibre Channel one, especially in the longer run (e.g. if you >> > ever want to add more storage, more storage controllers, share them >> > amongst multiple hosts, add backup devices and also share them between >> > hosts, etc., etc., etc.). >> >> If your really looking for flexibility, check out Left Hand Networks >> solution. Their claim is that they can beat FC stuff. Not having the need >> for speed at this point, I can't testify personally for how fast, but the >> solution looks like an awesome concept with lots of real world app. > >Left Hand Networks just sell an "open" iSCSI based SAN implementation. > >While iSCSI might be a more flexible solution at some time in the >future, it's still relatively bleeding edge, especially in terms of >wide-spread adoption and wide-spread installed base and existing >industry experience. > >I think Fibre Channel will still give one far more options for the >immediate future, including lots of options for low-end and used gear >too. > >Right now I think beating FC in the performance department depends on >buiding dedicated 10-GigE networks and using rather high-end processors >as iSCSI is typically still implemented deep in the OS, not yet in smart >controllers that simply make it look like a more traditional storage >device thus off-loading all the protocol handling to a dedicated control >processor. In other words the very things that supposedly make iSCSI >more flexible are also the same things which can easily hobble its >performance if one doesn't design one's infrastructure very carefully. > >-- > Greg A. Woods > >H:+1 416 218-0098 W:+1 416 489-5852 x122 VE3TCP RoboHack <[EMAIL PROTECTED]> >Planix, Inc. <[EMAIL PROTECTED]> Secrets of the Weird <[EMAIL PROTECTED]> > >Cyrus Home Page: http://asg.web.cmu.edu/cyrus >Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu >List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: High availability email server...
Chad-- We've put /var/lib/imap and /var/spool/imap on a SAN and have two machines -- one active, and one hot backup. If the active server fails, the other mounts the storage and takes over. This is not yet in production, but it's a pretty simple setup and can be done without running any bleeding edge software, and it appears that it will work fine. There's no need to use a SAN, either -- you could share your mail storage out via NFS with the same effect. We're going production with this in mid-August; if you'd like to know how everything goes, drop me a note in a month or so. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University On Thu, 27 Jul 2006, Chad A. Prey wrote: >OK...I'm searching for strategies to have a "realtime" email backup in >the event of backend failure. We've been running cyrus-imap for about a >year and a half with incredible success. Our failures have all been due >to using junky storage. > >One idea is to have a continuous rsync of the cyrus /var/spool/imap >and /var/lib/imap to another server > >I've also considered delivering email to two discreet email backends and >keeping the /var/lib/imap file sync'd . I don't think I can use murder >to do this. > >Is anyone out there using RHEL in a cluster that would like to share >their architecture? Any contractors out there that want to get paid to >help us implement? > >Chad P. >[EMAIL PROTECTED] >Salk Institute for Biological Studies > > >-- > > >Cyrus Home Page: http://asg.web.cmu.edu/cyrus >Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu >List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus::SIEVE::managesieve documentation?
Ditto here. I tried emailing the guy listed in the Cyrus::SIEVE::managesieve man page, but the address no longer appears to be active. As of now, my options appear to be: 1. Learn Ruby, and write the first (and probably last) Ruby script at my site; or 2. Guess with Perl. Neither is a great alternative. :) Are there any other scripts out there that use Cyrus::SIEVE::managesieve? I'm fine with learning by example -- I just need more than one example. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University On Tue, 18 Jul 2006, Andrés Tarallo wrote: >Im more a PERL person, what can be done for me? > >Thanks > >Andres > >> Hi Chris >> >> On Mon, 2006-07-17 at 11:13 -0500, Chris St. Pierre wrote: >> > Does anyone know of any documentation for >Cyrus::SIEVE::managesieve? >> > The man page is decidedly sparse. Reading through the source of >> > sieveshell gives some idea, but not enough to start writing my own >> > code. Thanks! >> >> If you're into ruby too you can try my ManageSieve library at >> >> http://managesieve.rubyforge.org/ >> >> Docs at >> >> >http://managesieve.rubyforge.org/managesieve/classes/ManageSieve.html >> >> and feedback welcome :) >> >> You might also consider getting the cvs version, it has some >> enhancements to the sievectl util. >> >> Best regards, >> Andre >> >> >> Cyrus Home Page: http://asg.web.cmu.edu/cyrus >> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu >> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html >> >> > >A/P Andres Tarallo >WD&B Consultores >Montevideo - Uruguay > >Cyrus Home Page: http://asg.web.cmu.edu/cyrus >Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu >List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus::SIEVE::managesieve documentation?
Does anyone know of any documentation for Cyrus::SIEVE::managesieve? The man page is decidedly sparse. Reading through the source of sieveshell gives some idea, but not enough to start writing my own code. Thanks! Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus & Active Directory
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have googled, read everything in /usr/share/doc/ and even tried beating my head against the desk. I am completely unable to get Cyrus SASL and IMAP to use Active Directory to authenticate. I have tried to use kerberos, LDAP, libpam-ldap, and black magic. Does anyone have a working recipe for getting Cyrus to authenticate via Active Directory? I would greatly appreciate any assistance you can offer. Thanks in advance, Chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) iD8DBQFErnHb98ixrK2vMtARAhPbAKCOc4QzQHLPDWyNCaluRllxuGL+fgCfYmoB niXk6buNkseg9sYc/LN9vYg= =/xD/ -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: migrating from dovecot to cyrus
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marten Lehmann wrote: > What would be an recommended way to move maildirs (one file per message) > to the cyrus storage for several thousand maildirs? There was a recent thread about migration on this list; I believe the consensus was to use a tool called 'imapsync'. I've used it to move a lot of messages around before, it worked really well. - -- Chris Hilts [EMAIL PROTECTED] Say it with flowers -- Send them a triffid! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (MingW32) iD8DBQFEoA7E98ixrK2vMtARAhL/AJoCszThwhwRv7KwdtOAF59BQeg+6wCfX6X/ kzJNlhlUzKKB/NUBctcpacY= =uUsG -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Canon User Plugin Skeleton - Help Needed
Scott Russell wrote: Pedro Algarvio wrote: I need some help on getting at least a skeleton for a cannon user plugin, and info on how to compile it please. You plan to shoot users who go over quota with a cannon? I'm interested! How about a winamp plugin to then play the 1812 Overture? Chris Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Looking for a *good* X based GUI IMAP client for Cyrus IMAP ...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greg A. Woods wrote: > The report about Thunderbird on Windoze not using the squat index is > interesting though I think that's a flawed report. It's my understanding that the SQUAT index is used behind the scenes, automatically, by Cyrus if it is available. There's no special IMAP request for a SQUAT search, so there's no reason Cyrus has any idea that it's Thunderbird and not SquirrelMail or Evolution doing the search. Probably the user sitting in front of the keyboard going "gee, this search is slow." - -- Chris Hilts [EMAIL PROTECTED] Say it with flowers -- Send them a triffid! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (MingW32) iD8DBQFEjytK98ixrK2vMtARAiUoAJ9GRmTcu/3xw5Kdy9HygIncnLygxQCgg9qC /p51UPmGP28JLEL1KqSdH+M= =/ioF -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Implementing IMAP advice for first timer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sebastian Hagedorn wrote: > Don't bother with Courier, it's not a real IMAP server. It isn't? Since when? - -- Chris Hilts [EMAIL PROTECTED] Say it with flowers -- Send them a triffid! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (MingW32) iD8DBQFEdFPC98ixrK2vMtARAqk4AJ0Z4KP0Tf3ful8ZDNAy5V3JP7PY7gCfff0x DEwpJy2L+vYrNOJmWTB2o2A= =A83f -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus+sendmail+lmtpunix connection refused by localhost
Andrzej Adam Filip wrote: Chris Harms <[EMAIL PROTECTED]> writes: Hello, We have recently started to experience an inconsistent problem after restarting cyrus and sendmail after a nightly backup script runs. All services seem to start properly, but mail delivery is deferred with sendmail logging dsn=4.4.1, stat=Deferred: Connection refused by localhost It appears to be something in lmtp, but we aren't sure what exactly. We are using the socket for lmtpunix delivery. The magic bullet seemed to be stopping all services and removing /var/run/cyrus-master.pid and some old lmtp lock files, but then this may have been coincidental. I found a few similar reports on Google, but no definite answers to this problem. Any insight as to why this would just start happening out of the blue would be most appreciated. Thank you, Chris Harms # additional info # Software versions cyrus 2.2.12 sendmail 8.13.6 # /var/imap/socket srwxrwxrwx 1 root root 0 May 16 22:36 lmtp # cyrus.conf lmtp cmd="lmtpd" listen="lmtp" prefork=0 lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=1 Two recomended tests: a) direct execution of deliver program (echo subject: test; echo) | cyrdeliver -- mailbox_name [ it will try to submit message via unix socket ] b) making sendmail deliver the message in verbose mode in sendmail-8.12+ as root execute: (echo subject: test; echo)| sendmail -v mailbox_name One possible source of problem: HostStatusDirectory option makes sendmail "remember" for some time initial problems with delivery to cyrus imap. Have you set the option in your sendmail.cf? It appears to be enabled: O HostStatusDirectory=.hoststat Reviewing my backup script shows the stopping / starting of sendmail to be commented out, so I should probably uncomment that first. Or would it be a good idea to turn off the HostStatusDirectory option anyway? Thank you for your help, Chris Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
cyrus+sendmail+lmtpunix connection refused by localhost
Hello, We have recently started to experience an inconsistent problem after restarting cyrus and sendmail after a nightly backup script runs. All services seem to start properly, but mail delivery is deferred with sendmail logging dsn=4.4.1, stat=Deferred: Connection refused by localhost It appears to be something in lmtp, but we aren't sure what exactly. We are using the socket for lmtpunix delivery. The magic bullet seemed to be stopping all services and removing /var/run/cyrus-master.pid and some old lmtp lock files, but then this may have been coincidental. I found a few similar reports on Google, but no definite answers to this problem. Any insight as to why this would just start happening out of the blue would be most appreciated. Thank you, Chris Harms # additional info # Software versions cyrus 2.2.12 sendmail 8.13.6 # /var/imap/socket srwxrwxrwx 1 root root 0 May 16 22:36 lmtp # cyrus.conf lmtp cmd="lmtpd" listen="lmtp" prefork=0 lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=1 Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: altnamespace with cyrus 2.3.3 and thundebird
Thanks, that was quick. It also resolved the problem! Maybe something for the FAQ? Regards, Chris On 05-05-2006 00:02, Andrew Morgan wrote: On Thu, 4 May 2006, Chris Wesdorp wrote: [snip] admins: root chris cyrus [snip] Output of listmailbox in cyradm as user cyrus: Mailpj1 (\HasNoChildren) Trash (\HasNoChildren) user.chris (\HasChildren) user.chris.Archief (\HasNoChildren) user.chris.Sent (\HasNoChildren) user.chris.Trash (\HasChildren) user.chris.Trash.test2 (\HasNoChildren) user.chris.test (\HasNoChildren) Don't ever create a mailbox for, or login from a normal imap client with, an admin user. I expect if you remove 'chris' from the list of admins, you'll see the correct altnamespace behavior. :) Andy Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
altnamespace with cyrus 2.3.3 and thundebird
Hello, After using Cyrus 2.1 for a few years I wanted to use a new Cyrus version on my new server. Although it is not yet marked as stable I downloaded version 2.3.3 and tried to connect to it with Thunderbird 1.5.0.2. The host system is a LFS 6.1 system. Although I set the altnamespace option in the imapd.conf file all folders are shown beneath the INBOX. When I checked the namespace options in Thunderbird it came up with these values: Personal namespace: "INBOX." Public namespace: "" Other users:"user." Comparing these values to my old Cyrus version (2.1.15) Personal namespace: "" Public namespace: "Public Folders." Other users:"Other Users." Creating folders in Thunderbird with the mailbox select (1 level higher than inbox) works but in cyradm these are created at root level, no prefix what so ever. I tried to set the sharedprefix and userprefix option but it did not help. Thunderbird configuration allows these settings to be taken over from server. But also disables and filling the 2.1.15 values does not solve the problem. Is this a bug of I am missing somehting here? Regards, Chris Wesdorp Current imapd.conf: # Begin /etc/imapd.conf configdirectory: /srv/cyrus/imap partition-default: /srv/cyrus/spool srvtab: /srv/cyrus/srvtab admins: root chris cyrus sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN sasl_minimum_layer: 0 allowanonymouslogin: no allowplaintext: yes altnamespace: yes sendmail: /usr/sbin/sendmail sievedir: /srv/cyrus/sieve hashimapspool: true tls_cert_file: /srv/cyrus/imap/server.pem tls_key_file: /srv/cyrus/imap/server.pem # End /etc/imapd.conf Output of listmailbox in cyradm as user cyrus: Mailpj1 (\HasNoChildren) Trash (\HasNoChildren) user.chris (\HasChildren) user.chris.Archief (\HasNoChildren) user.chris.Sent (\HasNoChildren) user.chris.Trash (\HasChildren) user.chris.Trash.test2 (\HasNoChildren) user.chris.test (\HasNoChildren) Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: autocreate: why do I need autocreatequota?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andreas Hasenack wrote: > Regarding the autocreate patches, did I missread the documentation or do > I need to set a default quota for an user? Why can't I just give these > autocreated mailboxes unlimited quota? I'd say you misread the documentation. If you want unlimited quota and autocreate enabled, try a negative number. - From man imapd.conf: autocreatequota: 0 If nonzero, normal users may create their own IMAP accounts by creating the mailbox INBOX. The user's quota is set to the valueif it is positive, otherwise the user has unlimited quota. - -- Chris Hilts [EMAIL PROTECTED] Say it with flowers -- Send them a triffid! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (MingW32) iD8DBQFETlCm98ixrK2vMtARAi6qAKCdexnlL2R8TP5SiY2KqPOxuNpIzQCePfig Nx+uqk6DdS1vIAI0k2T9GbI= =9fK7 -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: setting up tls
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 nikhil BS wrote: > how do i setup cyrus to use the starttls command?i tried creating some > certificates using openssl set the tls_cert_* fields in the imapd.conf > file and have gotten nowhere. help please What have you tried? Post the relevant portions of your config. We need details to be able to help. - -- Chris Hilts [EMAIL PROTECTED] Say it with flowers -- Send them a triffid! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (MingW32) iD8DBQFERj2R98ixrK2vMtARAjs2AJ4y2Dkc1QY91pwafF0Aw6IfpS5rVwCbBEG+ 7Nsll2Ua4hJP9arvRG+s9AM= =WY7L -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: How to suppress "Couldn't find mech CRAM-MD5" message
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > We don't support CRAM-MD5, but we don't want to be warned every time > somebody tries to use it. Cyrus SASL was compiled without CRAM-MD5 > support. Here is some other configuration information: Is Cyrus reporting it can do CRAM-MD5 in the CAPABILITY response? What have you got your "sasl_mech_list" set to? - -- Chris Hilts [EMAIL PROTECTED] Say it with flowers -- Send them a triffid! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.1 (MingW32) iD8DBQFEFYz/98ixrK2vMtARAs69AKCRGBKG6b+BL/tpcbib4XTJcVp71ACfTXrO s0pFhstoa8fHtJWqYu57tio= =8As2 -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Compiling 2.2.12 on Slackware
Hello, I'm also trying to compile on Slackware (Version 10+ish). I believe I've made it past the BerkeleyDB problems I was having at first (Thanks to Jorey Bump for that part...), but now I'm getting the following: ./configure \ --with-bdb-libdir=DIR=/usr/lib \ --with-bdb-incdir=/usr/include/db4 make In file included from version.c:59: xversion.h:3:23: warning: no newline at end of file gcc -c -I.. -I./../lib -I../et -I./../sieve -I/usr/include/db4 -DHAVE_CONFIG_H -g -O2 \ message.c tls.c: In function `get_session_cb': tls.c:527: warning: passing arg 2 of `d2i_SSL_SESSION' from incompatible pointer type gcc -c -I.. -I./../lib -I../et -I./../sieve -I/usr/include/db4 -DHAVE_CONFIG_H -g -O2 \ global.c gcc -c -I.. -I./../lib -I../et -I./../sieve -I/usr/include/db4 -DHAVE_CONFIG_H -g -O2 \ imap_err.c version.c: In function `id_response': version.c:103: error: syntax error before ')' token distcc[20459] ERROR: compile version.c on 192.168.1.140 failed make[1]: *** [version.o] Error 1 make[1]: *** Waiting for unfinished jobs make[1]: Leaving directory `/src/cyrus/cyrus-imapd-2.2.12/imap' make: *** [all] Error 1 Any ideas? Thanks -Chris P.S. In case anyone should wonder, I've googled and googled till my googler was sore, I'm not just coming here at the first sign of a problem. Thanks. Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: why does cyrus have to have a password
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andreas Haase wrote: >> I would really not like people to be able to ssh into the cyrus account. > > set the login shell of your cyrus admin user to /bin/false or something > similiar. Specifically, check the AllowGroups/AllowUsers and DenyGroups/DenyUsers parameters for sshd. (man 5 sshd_config) - -- Chris Hilts [EMAIL PROTECTED] Say it with flowers -- Send them a triffid! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) iD8DBQFDpyNy98ixrK2vMtARAhetAJ4maBMr9SFTx2THR4RRczkhd4JUJwCfQPB4 P7NXFej9hquGhQsE9akpb08= =co7S -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
