Strange Sieve Behaviour
Sorry - I know this may be a little off-topic - but I'm really stuck
and wondering if anybody else here has seen this before.
System: RHEL 4, Apache 2.0.52 w/PHP 4.3.9, Cyrus 2.3.7 from Simon
Matter's rpms.
Setup: Horde: 3.1.2, Imp: H3 (4.1.2), Ingo: H3 (1.1.1), SAM 0.1-cvs
Basic summary: I cannot authenticate my users to the Sieve server
through Ingo (Horde/IMP's filter manager which user PEAR's
Net::Sieve) unless their password is the same as the cyrus admin user.
I applied this patch - because I was having problems after enabling
TLS in Cyrus and no Sieve worked at all:
http://www.kolab.org/pipermail/kolab-devel/2006-June/005636.html
At this moment, my user works - because the password for me and the
cyrus admin user is the same - no other usernames work with saving
sieve rules to the server through Ingo - but they can all connect
just fine with sivtest and sieveshell.
I just tried with the user bob and got this in the logs while
accessing from Ingo:
Jul 27 15:40:26 fenring sieve[4037]: badlogin: localhost.localdomain
[127.0.0.1] PLAIN authentication failure
But I can log in through IMP and sivtest just fine:
[EMAIL PROTECTED] darron]# sivtest -u bob -a bob localhost
S: IMPLEMENTATION Cyrus timsieved v2.3.7-Invoca-RPM-2.3.7-2
S: SASL PLAIN
S: SIEVE comparator-i;ascii-numeric fileinto reject vacation
imapflags notify envelope relational regex subaddress copy
S: STARTTLS
S: OK
Please enter your password:
C: AUTHENTICATE PLAIN {20+}
Ym9iAGJvYgBqb25lcw==
S: OK
Authenticated.
Security strength factor: 0
That's with his normal password - if I change the password to be the
same as the cyrus admin user, it works fine here (as it should) and
in Ingo:
Jul 27 15:45:47 fenring sieve[4412]: login: localhost.localdomain
[127.0.0.1] bob PLAIN User logged in
Does it have something to do with the -a flag in sivtest and
sieveshell? Is there any way to make Ingo use it?
Anyone else seen this?
--
darron froese
principal
nonfiction studios inc.
t 403.686.8887
c 403.819.7887
f 403.313.9233
w http://nonfiction.ca/
e [EMAIL PROTECTED]
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sql based Spamassassin with sieve
On Monday, September 15, 2003, at 01:53 AM, Joakim Ryden wrote:
How about this?
http://au2.spamassassin.org/full/2.5x/dist/sql/README
works for me.
--
darron froese
I started from that page too. My actual problem is How Do I tell cyrus
( or sieve ) to run spamassassin with the user name to whom the mail
is addressed
As far as I have been able to understand you don't. You'll have to use
procmail (or maildrop or whatever is your preference) as your
LDA/intermediary ( IDA? :) - call SA from procmailrc the first thing
you
do and call deliver the last thing you do. But I may be missing
something.
This is how I do it:
Start spamd so it's listening on localhost:
spamd -d -q -x -u cyrus
In postfix/main.cf:
mailbox_command = /usr/bin/procmail -t -a $EXTENSION
mailbox_transport = procmail
In postfix/master.cf:
procmail unix - n n - - pipe
flags=Ru user=cyrus argv=/usr/bin/procmail -t -m USER=${user}
EXTENSION=${extension} /etc/procmailrc
Then in my procmail recipe it sends the email via spamc:
DELIVERMAIL=/usr/lib/cyrus/deliver
IMAP=$DELIVERMAIL -e -a $USER -m user.$USER
SPAMIT=$DELIVERMAIL -e -a $USER -m user.$USER.spam
DROPPRIVS=yes
:0fw
| /usr/bin/spamc -f -u $USER
:0
* ^X-Spam-Status: Yes
| $SPAMIT
# If it's got an extension - put it there.
:0 w
* EXTENSION ?? [EMAIL PROTECTED]
| $IMAP.$EXTENSION
# If there's no extension - put it in the INBOX.
:0 w
| $IMAP
:0 w
{
EXITCODE=$?
HOST
}
That's how one of my boxes does it - it works pretty well.
--
darron froese
principal
nonfiction studios inc.
t 403.686.8887
c 403.819.7887
f 403.313.9233
w http://nonfiction.ca/
e [EMAIL PROTECTED]
Re: Sql based Spamassassin with sieve
On Monday, September 15, 2003, at 09:38 AM, Ramprasad A Padmanabhan wrote: So Does that mean That I have to use procmail and .procmailrc You have to use procmail to do it this way - but you don't have to use .procmailrc. You could put the spamc stuff in your /etc/procmailrc which is run every time procmail starts up. So you won't need extra .procmailrc files for each user. The only problem with this is that *everyone* will have their mail scanned by spamassassin this way. But my problem is I dont the (Unix )users created on my imap server. The users are simple LDAP accounts and cyrus Account So there are no home areas and no procmailrc file I don't have local users either - all email authentication is done from a mysql database. -- darron froese principal nonfiction studios inc. t 403.686.8887 c 403.819.7887 f 403.313.9233 w http://nonfiction.ca/ e [EMAIL PROTECTED]
Re: Sql based Spamassassin with sieve
On Friday, September 12, 2003, at 03:11 AM, Ramprasad A Padmanabhan wrote: Precisely. But thats what I do not want. There are some people in my office who themselves will decide what is spam and what is not Now How Can I run a spamassassasin with individual settings If there are 5 rcpts the SA must sperate instances run for all 5 of them Must be someway in sieve But I am not able to get one working How about this? http://au2.spamassassin.org/full/2.5x/dist/sql/README works for me. -- darron froese
Re: Script admin problems
On 8/9/01 2:34 AM, Warren Flemmer [EMAIL PROTECTED] wrote: Cyrus is working well with postfix using pam (mysql) for authentication. I now need to setup automated scripts to create mailboxes, set quotas etc. I have tried three different approaches each of which ending without successes so I now pass it to the group. I should point out that cyradm works without problems. [SNIPPED] I would prefer to use one of the first two method with perl but will settle for tcl if I have no other choice. If there are any other approaches that may work I will give them a try. Someway of automating at least the mailbox creation is essential. You can use a tool called expect to automate things like this. Try this: [darron@xavier darron]$ autoexpect cyradm localhost autoexpect started, file is script.exp Please enter your password: localhost.localdomain lm INBOX INBOX.admin INBOX.logsINBOX.tech INBOX.SentINBOX.educ8r INBOX.mwj INBOX.test2 INBOX.Trash INBOX.linux INBOX.sutjav localhost.localdomain quit autoexpect done, file is script.exp Take a look at script.exp - it's a complete copy of everything you've done and can be modified to do whatever you want it to do. I've got an expect script that automatically creates the mailbox, sets permissions on it properly and sets a quota - it works great for us. -- Darron [EMAIL PROTECTED]
Re: quota sharing
On 12/4/00 7:14 PM, "unplug" [EMAIL PROTECTED] wrote: If I still continue to send 1MB email to user.abc, he can't receive the mail, right!! However, I can see the maillog and it shows me that the 1MB email is delivered without problem. Where does the 1MB email go?? Does it go to the queue or just delete by the deliver?? Where do the 1MB email keep if it is not deleted?? Can user.abc get back the 1MB email after he deletes his mailbox and get back below 100%?? If it's being delivered, then make sure that you're not running deliver with the -q option. That option means: -q Deliver message even when receiving mailbox is over quota. If it's being delivered, then it's probably sitting in his INBOX waiting to be read. Thanks for your script. You run your script once a day and the sender receiver will notified by a long delay if his mailbox is over 100% in the morning. It seems too long to have such notification. Then run it from cron more frequently - I run it once a day because of my users' patterns. You could run it once an hour if you'd like - it's up to you. Does there any methods that there will be a notification once the mailbox quota excess. I mean if there is any setting for cyrus such that a notification will be sent to the sender immediately if the receiver's mailbox is over 100%. There is a "quotawarn" option in your /etc/imapd.conf it is supposed to: quotawarn: 90 The percent of quota utilization over which the server generates warnings. I have never actually seen a quota warning - I'm not sure that all email clients support it. I've seen it when I've used telnet to test and login, but not in the actual email client. -- Darron [EMAIL PROTECTED]
Re: quota sharing
On 12/3/00 11:20 PM, "unplug" [EMAIL PROTECTED] wrote:
But I would like to know the situation below.
The qutoa of user.abc is 1.
I send several mail to user.abc that make his account to 11000.
If a certain user is below 100% of their quota *any* email that's being
received will be delivered. It will not be rejected because of quota until
they are *over* their quota.
Example:
User.abc has a 10MB quota.
User is at 8MB of mail stored - 80% full.
User is receiving a 10MB email - since they are still below 99% full, cyrus
will take and store the email.
Now they're at 180% and no more mail will be received.
I continue to send mail to user.abc but he can't receieve it anymore.
Q: How can I make a warning message to the sender receiver to tell
them
there is a qutoa problem??
I posted a script that does this already - I run it from cron every night:
#!/usr/bin/perl
# TODO
# 1. Make this web enabled for checking by the individual users.
# 2. Make it configurable % wise for each user with 80% as the default.
# Perl Module
use Mail::Mailer;
# Variables
$quota_warn = "80";
$quota_max = "99";
$quota_application = "/usr/local/cyrus-imapd/bin/quota|";
$sysadmin_email = "sysadmin\@domain.com";
$email_subject = "It's time to clean out your email!";
$email_body_standard = "In order to assure that you will not lose any email
(due to being over your email storage quota), ";
$email_body_standard .= "please clean up and delete any email that is not
needed anymore. Messages with large attachments (sounds, movies, etc.) are
the usual culprits, taking up large amounts of space and storage
capacity.\n\n";
$email_body_standard .= "You will continue to receive this email once a day
until your email usage goes below $quota_warn%.\n\n";
$email_body_standard .= "If you have any questions at all, please don't
hesitate to contact $sysadmin_email for any further clarification.\n\nThe
Server Team";
# TODO: Check to see if you're the cyrus user.
# This is the motherlode of cyrus quota information.
open (QUOTA, "$quota_application");
# Go!
while (QUOTA) {
chomp;
($null, $quota, $percent, $used, $user) = split(/\s+/);
($null, $user) = split(/\./, $user);
# Log the info to /var/log/messages if they're over 80% full.
system ("/usr/bin/logger \"$user is at $percent\% of mail quota.\"") if
($percent $quota_warn);
# Send the user an explanatory email if they're over $quota_warn (but
under $quota_max) full.
if (($percent $quota_warn) ($percent $quota_max)) {
# Create the email body.
$email_body = "This is just a friendly reminder that your email that
is stored on the server is $percent\% full.\n\n";
$email_body .= $email_body_standard;
$mailer = Mail::Mailer-new();
$mailer-open({From=$sysadmin_email,
To=$user,
Subject =$email_subject,
}) or die;
print $mailer $email_body;
$mailer-close();
} else {
# Do nothing.
}
# If the user is over $quota_max, any mail for them will bounce SO
# send a quick email to sysadmin to let them know.
if ($percent $quota_max) {
$warning_body = "$user is at $percent\% of mail quota.";
$warning_subject = "$user is over quota and is now bouncing email";
$mailer = Mail::Mailer-new();
$mailer-open({ From= $sysadmin_email,
To = $sysadmin_email,
Subject = $warning_subject,
}) or die;
print $mailer $warning_body;
$mailer-close();
}
}
It's pretty rough but it works. It looks through the quota each night and:
1. Notifies the user if they're over $quota_min full and below $quota_max.
2. If they're over $quota_max - then the sysadmin is notified so that they
can deal with it.
However, I can see the maillog and the mail still sending to user.abc.
Q: I wonder where is the mail store.
The mail store is setup in the /etc/imapd.conf in the "partition-default"
setting.
Q: Can user.abc get back the mails after deleting the existing mail,
how??
If it's deleted - it's gone. I'm a little confuzed as to what you're asking
here.
--
Darron
[EMAIL PROTECTED]
