Re: Solaris to Linux move
Scott wrote: Right now I have a Sun box that has been running Cyrus for about 4 years. The box has 8 Sparc v9 @ 400MHz and 6GB of memory. About 2 years ago we put all of the mail queue, DB, seen and sub files onto a 2GB solid state drive. This setup has been running fine, supporting about 20K webmail users. The mail store is on a NetApp that has a 1TB LUN direct FC connection. 8-way machine, 6 GB of RAM, database on solid-state drive and mail spool on an FC array ... I don't know all the specific, but that seem like pretty good hardware to me. Is there a particuliar reason why you want to move off your Sun box ? Do you have specific performance problems ? Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Message contains invalid header
Hi, I have a problem with thunderbird and Cyrus 2.2.12. One of my user is trying to transfer messages that have been downloaded from a POP account. When he try to drag the message from his POP account folder in Thunderbird to a Cyrus IMAP account folder, he receive an error Message contains invalid header. Looking at the message source, I can see that this message have an SMTP envelope header From blabla... at the top. I guess that this is the problematic header. Is this the case ? If yes, is there a workaround ? What is really mystifying me is that some other message that also have the From blabla header import correctly. This make me doubt it's this particuliar header that is problematic. Thanks ! Etienne Goyer Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Need a mailbox with a dot in the name
Martin Müller wrote: I need a mailbox like [EMAIL PROTECTED]. But I cant create it with the command cm [EMAIL PROTECTED] (virtual domain) When i try this, i get a error permission denied. How can i create such a mailbox? You must set : unixhierarchysep: yes in /etc/imapd.conf. Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Need a mailbox with a dot in the name
Etienne Goyer wrote: You must set : unixhierarchysep: yes in /etc/imapd.conf. I forgot to specify that this will change the IMAP separator from '.' to '/', so you will have to do in cyradm : cm user/[EMAIL PROTECTED] Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sasl authentication problems
Fred Blaise wrote: I am trying to fix the cyrus SASL authentication against openLDAP, I guess. When I run that, here is the error: OX1:~# ldapsearch -D cn=manager,dc=ilr,dc=lu -h ldapsmb-pdc.ilr.lu -b dc=ilr,dc=lu (uid=sp) SASL/DIGEST-MD5 authentication started Please enter your password: ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80) additional info: SASL(-13): user not found: no secret in database You would need to use simple bind to authenticate using the userPassword attribute; try ldapsearch -W -x -D... instead. If you worry about sending password cleartext, consider using SSL/TLS. Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sasl authentication problems
Fred Blaise wrote: I am running TLS.. an ldapsearch -ZZ works fine with the -x simple bind. However, cyrus - saslauthd (PAM) - pam_ldap requires an SASL authentication on the ldap server, am I right? Not supposed to ... it use simple bind AFAIK. Have you checked if testsaslauthd give positive result ? Have you tried saslauthd - PAM - pam_unix.so with regular (ie non-LDAP) Unix accounts? Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus-imapd virtual domains
Ondrej Sury wrote: Don't enable virtual domain support in cyrus. Just create map in your MTA which will map email addresses to cyrus names. The downside being that all the domains share the same namespace, thus there could not be two mailbox named info, for example. Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: new cyrus + exim setup on debian? - newbie
Disclaimer : I use the experimental 2.2.x package, not cyrus21-*. https://alioth.debian.org/projects/pkg-cyrus-imapd/ Derek Stevenson wrote: 1. install sasl2-bin, libsasl2, libsasl2-modules packages 2. install cyrus21-imapd package 3. get saslauthd working (want to auth users with their unix username/pwd - is there a step here where I have to generate keys, usernames, etc??) No step to take here, saslauthd default to using PAM. It's defined in /etc/default/saslauthd, FYI. 4. configure /etc/imapd.conf with proper settings (... and other steps??) 5. configure /etc/exim4/conf.d/* with proper settings to talk to cyrus (... and other steps??) If you plan on using IMAPS or POP3S, you will also need to generate SSL certificate. I use the make-ssl-certs script from the ssl-cert package. I've looked at /usr/share/doc/cyrus21-doc/html/install-configure.html but one of the problems I'm having is trying to distinguish what/if the debian package install has already done and what I'm supposed to do manually. You pretty much only have to review imapd.conf/cyrus.conf, create mailboxes (using cyradm from the cyrus21-admin package) and configure your MTA to deliver to LMTP. The package installation have taken care of the rest (mkimap et cie). One thing to check out for that may save you an hour or three of troubleshooting : make sure the user Exim run as is member of the sasl group. Beside that, I think you are on the right track. Good luck ! Etienne Goyer Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus imapd authentication problem
David Carter wrote: pam and when I run a saslauthdtest, it works fine. My syslog give me an error like this: badlogin: localhost.localdomain [127.0.0.1] plaintext cyrus SASL(-1): generic failure: checkpass failed. In my auth.log, I get cannot connect to saslauthd server: Permission denied. Any ideas would be met with appreciation. Make sure Cyrus can connect to the saslauthd socket. Check the permission on /var/run/saslauthd. In Debian, process that need to talk to saslauthd have to be in the sasl group. Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Imap timeout with 27k messages...
Jared Watkins wrote: Well... I've run reconstruct on large mailboxes before... and when things are normal.. I can look at a top listing and see reconstruct at the top the list.. using lots of resources while it runs. In this case... it's not using any resources.. it shows no evidence that it's doing anything.. and when I ctrl-c it... it exits immediately with no error messages. What could cause reconstruct to act this way? reconstruct badly need a verbose switch that give users some feedback. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Debian package for Cyrus imapd 2.2.x ?
Hi, I am looking for a Debian (Sarge) package of Cyrus imapd 2.2.x. As it is, Debian ship with either 1.5.19 (yike!) or 2.1.18. Ideally, a well maintained package from a reputable source. If possible, something as functionnal as the Simon Matter's RPM, which include a lot of very useful patches and scripts. Thanks ! Etienne Goyer --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Debian package for Cyrus imapd 2.2.x ?
I found out that 2.2.12 Debian package is currently in experiemental stage; see https://alioth.debian.org/projects/pkg-cyrus-imapd/. I'll give the experiemental dpkg a try. I also found a few other sources on apt-get.org. If you have any suggestion, they are still welcome. Etienne Goyer wrote: Hi, I am looking for a Debian (Sarge) package of Cyrus imapd 2.2.x. As it is, Debian ship with either 1.5.19 (yike!) or 2.1.18. Ideally, a well maintained package from a reputable source. If possible, something as functionnal as the Simon Matter's RPM, which include a lot of very useful patches and scripts. Thanks ! Etienne Goyer --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: MUPDATE too busy
LaurentG wrote: *The problem* : mupdate chokes in a strange way when frontends receive few hundreds of mails (mailing lists for example), and 300 messages take at least 1 hour 1/2 to get deliverred. I have seen that in the past. The MUPDATE master server was stepping over the open files limit. I was not the one assigned to the resolution of this problem so I do not know the details, but I think they fixed the problem by setting maxfds to something larger than 256 in cyrus.conf. You might want ot give that a try. Check the cyrus.conf man page for the exact syntax. signature.asc Description: OpenPGP digital signature
Authenticating virtual domain users with saslauthd
Hi, I would like to authenticate virtual domain users using saslauthd. I want the possibility to have the same username in more than one domain (ie [EMAIL PROTECTED] and [EMAIL PROTECTED]). I will probably use LDAP as authentication backend, but this remain to be decided. Right now, for testing, I have saslauthd configured for PAM with shadow. I have a user etienne, and login is successful for any combination of [EMAIL PROTECTED] I suppose saslauthd strip the @domain part, which would break my setup when authenticating user from different domain with the same username (part before the @). If I use LDAP, my users would be in different OU. Ideally, I could tell saslauthd to authenticate users from example.com in ou=exemple.com, etc. Is this possible somehow ? Peripheric question : which syslog facility do saslauthd is logging to, and at what level for authentication success ? Thanks for your input. Please ask for clarification if I am not clear enough. Etienne Goyer signature.asc Description: OpenPGP digital signature
Re: Duplicated messages in INBOX
Phil Brutsche wrote: [EMAIL PROTECTED] wrote: I was hired for updating the server, i choosed Fedora and Cyrus; now the problem is that from time to time, some users download the same messages again (because they are not old enough to being deleted) so, that way, they got the same message more than twice. Outlook doesn't like the POP3 UID values generated by Cyrus. I'm afraid that outside of dumping Outlook for something else there isn't anything that can be done about it. I had the Outlook problem with Cyrus UIDL about two years ago. AFAIK, it was restricted to Outlook 2k3, and fixed with SP1 (or so I have been said). IIRC Outlook Express suffers from a similar affliction. It was not my experience. However, there might be other issue that I am not aware of. signature.asc Description: OpenPGP digital signature
One partition per virtdomain
Hi, Are there a way to have a different partition for each virtual domain ? I know you can specify the partition when creating the mailbox, with cyradm for example, but is there another way ? I plan on using autocreatequota and createonpost and I would like to have user's mailbox created in specific partition based on the domain. Thanks ! Etienne Goyer signature.asc Description: OpenPGP digital signature
Re: One partition per virtdomain
Don't bother, I started playing with virtdomain and see that mailbox are created in separated domain/domainname.com folder. That satisfy my needs. Thanks anyway ! Etienne Goyer wrote: Hi, Are there a way to have a different partition for each virtual domain ? I know you can specify the partition when creating the mailbox, with cyradm for example, but is there another way ? I plan on using autocreatequota and createonpost and I would like to have user's mailbox created in specific partition based on the domain. Thanks ! Etienne Goyer signature.asc Description: OpenPGP digital signature
Re: EMBARRASSING TO THE LIST: Re: *WARNING* Your EmailAccount Will Be Closed
Marco Colombo wrote: On Tue, 2005-05-31 at 11:46 -0700, Jules Agee wrote: Seconded. info-cyrus is the only list I'm subscribed to that allows posting by non-subscribers. Maybe it's not a coincidence that it's also the only list that I get spam viruses from on a regular basis. This makes no sense. As I said before, it takes a close-to-zero effort to forge headers. Subscribers-only or open, it's a matter of list _policy_. It may have a minimal effect of reducing spam, but that's not the point. If you want to stop spam, use a specific filter. Bypassing the subscribers-only check is trivial. What you are saying is technically correct. But there is a caveat. I am subscribed to about two dozens list (more ? I lost count), and the only one I am getting spam from is info-cyrus. It's also the only one that I aware permit posting by non-subscriber. So there is a correllation, but are there a causation ? I do not know, it might be a coincidence. But it's one heck of a coincidence. Also, I do believe that list administrator have a responsability to take measure against abuse of their list. Acting as amplificator for spammer certainly constitute an abuse. I admin a few low-volume myself, and I take spam very seriously. The only list where I permit posting by non-subscribers is moderated. While my list do not have the volume or notoriety of info-cyrus, I can't remember the last time a spam got through one my list. If forged sender address ever become a problem, I will run my lists through SpamAssassin and moderate high-scoring mail by hand. Simple matter of responsability to my users. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: EMBARRASSING TO THE LIST: Re: *WARNING* Your EmailAccount Will Be Closed
Marco Colombo wrote: On Wed, 2005-06-01 at 09:42 -0400, Etienne Goyer wrote: What you are saying is technically correct. But there is a caveat. I am subscribed to about two dozens list (more ? I lost count), and the only one I am getting spam from is info-cyrus. It's also the only one that I aware permit posting by non-subscriber. So there is a correllation, but are there a causation ? I do not know, it might be a coincidence. But it's one heck of a coincidence. Interesting theories. But they seem to backfire on you, since, according to Mr. Jeffrey T Eaton [EMAIL PROTECTED] this list _is_ closed: The list is not now, nor ever has been, open-posting. Posting is restricted to subscribers, or to those users local to cmu.edu My sincere apologies then. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: MURDER : tuning for increasing load
John Madden wrote: I have to deal with increasing charge of by now 500 users that will grow up to 100 000. All mailboxes exist, for a 65Mb mailboxes.db on mupdate Is murder even necessary for such a configuration? Based on the numbers on Cyrus' pages, I assumed 200k accounts on one big, beefy box would be ok (and management more easily swallowed 4 CPU box with 8 GB RAM than they did lots of little boxes.) It depend. If they make intensive use of SSL (POP3S and IMAPS), I guess they risk becoming CPU-bound, in which case it might be easier to split the load among multiple frontends. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Running ctl_mboxlist -m on a running server
Greeting, folks, I have a Murder with two backends. We have experienced what we believe to be skiplist corruption on the mupdate master server. More precisely, the log show a few instance of such an error : May 17 09:50:26 mupdate mupdate[19842]: DBERROR: skiplist recovery \ /var/imap/mailboxes.db: 45DF894 should be ADD or DELETE May 17 09:50:26 mupdate mupdate[19842]: DBERROR: error updating \ database user.test1234.subtest123: cyrusdb error Problem is : user.test1234.subtest123 exist on a backend, but don't show in the mupdate database. Thus we can't delete the mailbox, frontend don't know about it, etc. What would be the best to go about it ? Would running ctl_mboxlist -m on the backends fix it ? Is yes, is it possible to run it while the backend are live ? Thanks very much for any tips ! Etienne Goyer --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Running ctl_mboxlist -m on a running server
João Assad wrote: Etienne Goyer wrote: May 17 09:50:26 mupdate mupdate[19842]: DBERROR: skiplist recovery \ /var/imap/mailboxes.db: 45DF894 should be ADD or DELETE May 17 09:50:26 mupdate mupdate[19842]: DBERROR: error updating \ database user.test1234.subtest123: cyrusdb error Which OS / kernel version are you using ? RHEL 4, kernel 2.4.21-27.0.4.ELsmp You can delete the mailboxes.db and restart cyrus, then you can run ctl_mboxlist -m on the backends I would ... if it would'nt take a fews hour. We have 400K mailboxes on two backends. You could also recover the mailboxes.db getting it from the hot backup in the db.backup1/2 directories and then run ctl_mboxlist -m on the backends. That would work only if your hot backup isnt already corrupted The corruption would have happenned yesterday, and the backup are rotated every five minutes ... :( Thanks for your input ! --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Bug with mupdatetest and CRAM-MD5
Hi, I have been getting this error lately when using mupdatetest : [EMAIL PROTECTED] root]# mupdatetest -a mailadmin -u mailadmin mupdate S: * AUTH CRAM-MD5 S: * PARTIAL-UPDATE S: * OK MUPDATE mupdate Cyrus Murder v2.2.6 (master) C: A01 AUTHENTICATE CRAM-MD5{0+} C: S: A01 BAD Extra arguments base64 decoding error Authentication failed. generic failure Security strength factor: 0 Then, the connection idle there until I hit Ctrl-C. I guess the extra argument is the {0+} on the AUTHENTICATE line, which seem redundant to me. Is this a known problem ? If not, I am willing to make more test to isolate the cause, if somebody can point me in the right direction. Thanks all ! -- :wq --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
signaled to death by 6
Hi fellows, I am installing Cyrus imapd 2.2.6 on RHEL. It's compiled with the distribution-provided Cyrus SASL 2.1.15 rpm. It was configured with /configure --enable-murder --with-auth=unix \ --with-openssl=/usr/include/openssl --enable-gssapi=/usr/kerberos \ --without-snmp I have various compiling errors unless I use --enable-gssapi and --without-snmp. I ran mkimap as the cyrus users, no problem here. When I start Cyrus-imapd, I have the following error in the log : Jul 20 16:42:32 mupdate-dev master[18239]: about to exec /usr/cyrus/bin/ctl_cyrusdb Jul 20 16:42:32 mupdate-dev master[18240]: about to exec /usr/cyrus/bin/mupdate Jul 20 16:42:32 mupdate-dev master[18234]: process 18239 exited, signaled to death by 6 Jul 20 16:42:32 mupdate-dev master[18234]: process 18240 exited, signaled to death by 6 Jul 20 16:42:32 mupdate-dev master[18234]: service mupdate pid 18240 in READY state: terminated abnormally Jul 20 16:42:32 mupdate-dev master[18241]: about to exec /usr/cyrus/bin/mupdate Jul 20 16:42:32 mupdate-dev master[18234]: process 18241 exited, signaled to death by 6 Jul 20 16:42:32 mupdate-dev master[18234]: service mupdate pid 18241 in READY state: terminated abnormally Jul 20 16:42:32 mupdate-dev master[18242]: about to exec /usr/cyrus/bin/mupdate Jul 20 16:42:32 mupdate-dev master[18234]: process 18242 exited, signaled to death by 6 It continue like that forever until I stop the service. Any idea what could be causing the signal 6 ? From what I can gather, this is caused by abort(), but how can I figure out what is making an assertion fail ? Thanks for your insights ! signature.asc Description: OpenPGP digital signature
Re: MURDER or IMAP proxy solution ?
Greg Pulfer wrote: That's true 200 mailboxes is nothing but it will grow rapidly and I was thinking if I already configure my site with a MURDER configuration I will have less work after adding extra backend server or frontend servers. I would like to start with one frontend server (also running the MUPDATE server) and one backend server. And pretty soon I should be adding a second backend server. Don't you think it's less work for the future if I already start with a mini MURDER configration ? The administrative overhead of running a Murder versus a standalone IMAP is pretty high. Also, it multiply the number of things that can go wrong (connectivity issue between frontend and backend, MUPDATE, etc). This will have to be confirmed by people more experienced than me, but I think you could start with a standalone Cyrus server, and when you want to switch to a Murder setup, recompile this server with --enable-murder and make it a backend. As I said, verify this claim before you go ahead as I never did that myself. Regarding the volume, I would not bother with Murder and other scalabilty technique below 5K accounts. We run a 5 machine Murder (2x backends, 2x frontends and a standalone MUPDATE master) for 85K accounts, and the load barely ever get over 1. Most of these account are for pretty light users of IMAP, but even then. This is using relatively high-end Compaq Proliant servers and hardware RAID. I really would like to be able to scale rapidly when needed. Also when we will have two backend servers then if one crashes there is still the other where we could quickly restore the mail dbs while reinstalling a new backend server and also only half off the mailboxes will be down for example, that's also another great advantage... Well for us that MURDER/Aggregation architecture looks very promising that's also why we want to use it. For this scenario, I would rather investigate building a cold-spare and storing your mailspool on a SAN. It would make recovery much, much easier. Just my 0,02$ anyway. signature.asc Description: OpenPGP digital signature
Re: MURDER or IMAP proxy solution ?
Greg Pulfer wrote: I'm interrupting you here to ask you what do you mean here with This allos the MURDER to be referred by one hostname, do you mean here the frontend server(s) or the backend server(s) ? Frontends. You could, for example, have a single frontend (imap.yourcompany.com) to access be accessed by all your client to get to their mailbox that reside on multiple backends. signature.asc Description: OpenPGP digital signature
Re: Cyrus MURDER - Frontend server configuration options
Greg Pulfer wrote: Hmm now I was wondering what about all the --with-duplcate-db, --with-mboxlist-db, --with-seen-db, --with-subs-db and such which are recommended on the following Wiki page http://acs-wiki.andrew.cmu.edu/twiki/bin/view/Cyrus/WhatDatabaseBackend ? Maybe the WiKi have not been updated, but with 2.2.x the various database backends are configurable at run-time in the config file so you do not need to specify --with-xyz-db at compile time. The default should be fine for most installation, too. Is the standard configure withtout specifying any of these options ok for me ? Or should I add all these options to each configure (for backends, frontends and MUPDATE master) ? Yes to the former, and no to the latter. IMHO, AFAIK, YMMV, etc... The only configure options you will need is --enable-murder, and possibly some library location directive (ie. --with-openssl=/blah) specific to your setup. signature.asc Description: OpenPGP digital signature
Re: Cyrus MURDER - Frontend server configuration options
Greg Pulfer wrote: Now I think I don't need the full blown with all options Cyrus IMAP on the frontend server, so does anyone know what parameters I should use with the ./configure script before compiling for a frontend server need ? Use the same ./configure options for all the node in your Murder (backends, frontends and MUPDATE master). The only option that you require is --enable-murder. The other options default in 2.2.x are quite sensible; unless you know what you are doing, I suggest you do not change them. For the record, my ./configure line is : ./configure --with-openssl=/usr/include/openssl --with-auth=unix \ --with-sasl=/usr/local/ --enable-murder signature.asc Description: OpenPGP digital signature
Re: Cyrus MURDER - Frontend server configuration options
Michael Halligan wrote: I'm interested in the aggregator too.. What I'd really like to know is if I can use Courier as a back-end.. I have several thousand mail boxes, and converting from Maildir just isn't an option, but I'm finding a strong lack of imap proxy software out there. You can't. First, the backend must register their mailbox list with the MUPDATE master server via the MUPDATE protocol, which only Cyrus support. Second, mailbox operations (creation, deletion, rename, etc) on backend must first be reserved via the MUPDATE protocol too. Third, your backend servers must support proxy authentication (ie SASL DIGEST-MD5 mechanism) to receive connection from the frontends, which Courier does not support AFAIK. Theorically, it is possible to have a Murder with various IMAP implementation as long as every node support the MUPDATE protocol. At this point though, only Cyrus implement it. signature.asc Description: OpenPGP digital signature
Re: High availability ... again
Ben Carter wrote: Etienne Goyer wrote: Tore Anderson word of wisdom where : There's a third option, which is the one I prefer the most: shared block device. Well, I did not consider that option since the SAN become a single point-of-failure, and that is a big no-no according to the specifications I have at the moment. If it would have been possible, it would have been my first choice though. Do you consider the SAN a SPOF even if you have multiple paths to it from each server and it has no internal SPOF? If so, isn't your cluster or your single physical location a SPOF? Two location, a single path (20 Mb/s) between the two. Thinking about it, the SPOF is actually the link between the two location. The situation is pretty much toasted as there cannot be a fully redundant setup. Case closed ! On a similar note, RedHat have apparently bought Sistina, and GPLed GFS. This is great news for HA under Linux, IMHO. I will be testing it soon. signature.asc Description: OpenPGP digital signature
Re: High availability ... again
Kevin P. Fleming wrote: Etienne Goyer wrote: On a similar note, RedHat have apparently bought Sistina, and GPLed GFS. This is great news for HA under Linux, IMHO. I will be testing it soon. Well, on their site is it listed as open source, but it is not on sources.redhat.com (where LVM2 and device-mapper landed when they bought Sistina). In addition, it appears to only be available as part of RHEL, which is quite expensive. Err ... http://sources.redhat.com/cluster/gfs/ They are looking for integration in the mailine kernel, so eventually it will find it's way in other distro. In the meantime, a determined individual could patch and compile the source himself. signature.asc Description: OpenPGP digital signature
Re: Need help to install a Cyrus Server on a FC2
Simon Matter wrote: My rpms have been included by RedHat into Fedora Core 2. They immediately made some changes which broke compatibility with everything before Fedora Core 2. I will continue my own packages. Did'nt noticed, sorry. What where these unbackward-compatible changes that they made, if I may ask ? signature.asc Description: OpenPGP digital signature
High availability ... again
Greeting fellows, I know this discussion crop up regularly, but I have checked the list archive and the WiKi already and did not really found the answer I am looking for. Also, an update once in a while might be a good thing. I have been asked to consider how to build an high-availability Cyrus installation. This is a small installation (~200 accounts ... peanuts), so scalability is not really a concern. In this regard, a Murder is not really appropriate. The platform would be Linux. We already have the fail-over stuff figured out with heartbeat and friends, so that part is covered. From what I can see, I would have two possibilities to make a hot spare Cyrus IMAP daemon : replication, or cluster filesystem/block device (drdb, GFS, etc). Regarding IMAP replication, I have not found much but the work of David Carter at http://www-uxsup.csx.cam.ac.uk/~dpc22/cyrus/replication.html seem interesting. As far as I can tell, source to this implementation and current status are not available. Does somebody on the list use this solution or a similar one and could comment and the practicality of it ? Perhap M. Carter (if you read the list) could give us a status update for his particuliar project ? Regarding cluster filesystem, I am just starting to look around and would like to know about success story. So far, drdb and GFS look somewhat promising. The WiKi mention that the filesystem need to support file locking and mmap(), so I guess this is something to be on the lookout for. Does anybody use clustered filesystem for their Cyrus mailstore ? I am particularly interested to know if you use drdb or GFS, and your overall feeling about their suitability for this task. Thanks for your insight. I know my questions are somewhat vague, but I would welcome your experience with HA and Cyrus or any pointer you may have on the subject. signature.asc Description: OpenPGP digital signature
Re: High availability ... again
Tore Anderson word of wisdom where : There's a third option, which is the one I prefer the most: shared block device. Well, I did not consider that option since the SAN become a single point-of-failure, and that is a big no-no according to the specifications I have at the moment. If it would have been possible, it would have been my first choice though. signature.asc Description: OpenPGP digital signature
Re: Various error messages
Rob Siemborski wrote: On Mon, 21 Jun 2004, Etienne Goyer wrote: Jun 21 14:26:54 frontend1 master[12195]: process 2270 exited, status 75 Jun 21 14:26:54 frontend1 master[12195]: service pop3s pid 2270 in BUSY state: terminated abnormally This happen with both pop3s and imaps. This is more of a concern. It indicates the process is exiting with an abnormal error code. EX_TEMPFAIL, which isn't tremendouly useful. Is it always the same user, same mailbox, etc? We don't get to see the user/mailbox. Here is more context : Jun 22 14:42:28 frontend1 imaps[8300]: accepted connection Jun 22 14:42:28 frontend1 imaps[8300]: imaps failed: somehost [1.2.3.4] Jun 22 14:42:28 frontend1 master[12195]: process 8300 exited, status 75 Jun 22 14:42:28 frontend1 master[12195]: service imaps pid 8300 in BUSY state: terminated abnormally Same, with pop3s : Jun 22 14:41:58 frontend1 pop3s[8705]: pop3s failed: somehost [1.2.3.4] Jun 22 14:41:58 frontend1 pop3s[8705]: Fatal error: tls_start_servertls() failed Jun 22 14:41:58 frontend1 master[12195]: process 8705 exited, status 75 Jun 22 14:41:58 frontend1 master[12195]: service pop3s pid 8705 in BUSY state: terminated abnormally It happen only with imaps/pop3s, could it be related to TLS or somesuch? signature.asc Description: OpenPGP digital signature
Various error messages
Hello all, I have upgraded a Murder of 5 boxes, ~80K accounts from 2.1.16 to 2.2.6 this week-end. I was used to some error messages as warning (unable to set file descriptor to 1024, etc), but now I have new one to worry about. I would like to know if they are symptomatic of a problem, and if yes where I should start looking. First : Jun 21 14:10:11 frontend1 imaps[31561]: accepted connection Jun 21 14:10:11 frontend1 imaps[31561]: starttls: TLSv1 with cipher RC4-MD5 (128/128 bits reused) no authentication Jun 21 14:10:11 frontend1 imaps[31561]: login: somehost.somewhere [1.2.3.4] someusername plaintext+TLS Jun 21 14:10:11 frontend1 imaps[31561]: open: user someusername opened INBOX on backend2 Jun 21 14:10:11 frontend1 imaps[31561]: PROTERR: end of file reached Annoyingly, I can't succeed to reproduce this when I connect using Mozilla Mail. So far, I have not heard about any user complaining thus I can't tell which MUA provoke this error (or even if it is MUA-related). Another error I have regularly in my log is : Jun 21 14:26:54 frontend1 master[12195]: process 2270 exited, status 75 Jun 21 14:26:54 frontend1 master[12195]: service pop3s pid 2270 in BUSY state: terminated abnormally This happen with both pop3s and imaps. I know just pasting from the log is not enough to pinpoint the exact problems, but I would appreciate to know if they harmless messages or if I should try to investigate the source. Thanks all for your insight ! signature.asc Description: OpenPGP digital signature
Re: Need help to install a Cyrus Server on a FC2
UNIT-ISO wrote: Right now, I use the default IMAP server that comes with Fedora 1, but some messages boxes weight more than 100mb, and is really painfull try to read this accounts periodically. The default IMAP daemon in RedHat/Fedora is UW-imapd. It store mail in mbox format. Cyrus imapd use a different mailbox format. You need to understand that, if you use Cyrus imapd, you will have to migrate your mail from the mbox format to the Cyrus format. This is non-trivial, but the Cyrus WiKi have info about how to that. Resume: I wanna know if someone can tell me about what packages I need to install, and if a I need RPMs or install from sources, and if you can send me the right configuration files, etc, etc For a standalone server, Simon Matter rpm for Cyrus work quite well out of the box. See http://www.invoca.ch/pub/packages/cyrus-imapd/ === Side question for Simon : do you plan to have your Cyrus rpm integrate in some official or quasi-official Fedora repository, like fedora.us or Freshrpms ? signature.asc Description: OpenPGP digital signature
munge8bit patch for 2.2.x ?
Hi, Does anybody know where to get the munge8bit patch for 2.2.x ? Thanks ! signature.asc Description: OpenPGP digital signature
Re: which version of cyrus support virtual domains
Matt Cocker wrote: Hi Which versions of cyrus-imapd support virtual domains (i.e is it only 2.2.x)? Yes, only 2.2.x signature.asc Description: OpenPGP digital signature
Re: email server concept: what's mail delivery agent
Zhang Weiwu wrote: I'm a newbie but I don't know why I need to use lmtp at all. I was told by the comment in main.cf and master.cf that I can use mailbox_transport = cyrus and deliver(8) will be called to do mail delivery. Since I'm runing a single server, is there any obvious reason I should use lmtp at all? The reference to the 'cyrus' mailbox_transport is outdated. You should now use lmtp instead. Anyway, deliver(8) use LMTP to actually deliver the mail, so you may cut the command invocation and have Postfix deliver via LMTP in the first place. signature.asc Description: OpenPGP digital signature
Re: email server concept: what's mail delivery agent
Zhang Weiwu wrote: Sorry but I think my question is still not answered so far: if I am going to use the cyrus' delivery agent (now I realize I should use lmtp(8) from postfix and lmtpd(8) from cyrus), I don't have to go through virtual(8) and local(8) any more? Right? Yes for local(8), but I am not sure about virtual(8). signature.asc Description: OpenPGP digital signature
Re: accents in mailbox names
Antoine Jacoutot wrote: On Friday 14 May 2004 19:13, Paul Wagland wrote: I can't comment to outlook (though it should support it) but Apples iMail and Horde both do the right thing I hadn't patch cyrus for utf7 yet, but without the patch, I can tell you Horde/Imp cannot create directory with accentuated characters. Which Horde/IMP version ? I don't know about the stable branch, but HEAD and the latest ALPHA can with no problem. signature.asc Description: OpenPGP digital signature
Re: accents in mailbox names
Antoine Jacoutot wrote: On Friday 14 May 2004 20:10, Etienne Goyer wrote: Which Horde/IMP version ? I don't know about the stable branch, but HEAD and the latest ALPHA can with no problem. horde-2.2.4 imp-3.2.2 Then it has been fixed in the CVS. signature.asc Description: OpenPGP digital signature
Re: Quota
Tarjei Huse wrote: Imapd cannot be started from inetd. You must start cyrus as a standalone server , preferably using a initscript or : /usr/sbin/master master -d is actually best. signature.asc Description: OpenPGP digital signature
Re: Skel for imap and sieve?
Robin M. wrote: On Wed, 14 Apr 2004, Denny Schierz wrote: You can try some of these settings in your /etc/imapd.conf createonpost: yes autocreatequota: 2 autocreateinboxfolders: Sent | Drafts | Trash | Spam autosubscribeinboxfolders: Sent | Drafts | Trash | Spam Except for autocreatequota, these settings are specific to 2.2.x, right? signature.asc Description: OpenPGP digital signature
Re: Stupid passwd question
On Fri, Apr 02, 2004 at 09:07:57AM -0500, Mauricio wrote: If we use NIS so users can access their account from any machine within our domain, would cyrus be able to snatch the password from NIS? If configured to authenticate against PAM via saslauthd. -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: BIG PROBLEM: Need help with production box
On Fri, Apr 02, 2004 at 10:53:58AM -0300, Henrique de Moraes Holschuh wrote: On Fri, 02 Apr 2004, Curtis Robinson wrote: 4. Upgrade to BDB 4.2.something, **recompile cyrus against it** 5. db_upgrade 6. Configure the berkeley DB environment, it has precedence over anything Cyrus tries to set up. Search the list archives for more hints. 7. db_recover (to reset the environment to your new DBCONFIG parameters). Or one could do away with DBD entirely and switch to skiplist. -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Murder question
On Fri, Apr 02, 2004 at 02:06:17PM -0500, Rob Siemborski wrote: On Thu, 1 Apr 2004, Etienne Goyer wrote: In a Murder, if I understand correctly, it is the frontend who initiate the connection with the mupdate master. I suppose when the mupdate master is shutted down and restarted, this connection is lost. How/when does the frontend reconnect to the mupdate master to receive update? Does the frontend try reconnecting to the mupdate master at fixed interval, or on a specific event ? Is this configurable ? It is a random interval, the base value of which is specified by mupdate_retry_delay. The reason it is random is so that when all the frontends lose connections at the same time, they don't all crush the mupdate master with requests when they come back. Ok. We have only two frontend so I don't think we can crush the mupdate master when it come back up :D If I understand correctly, some strangeness may happen between the time the connection is lost and reestablished, like user creating folders but not seeing them right away. Considering that, would'nt it be a good idea to have that value very low (like 1) to minimize the loss of service ? Thanks ! -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Signal 11 with mupdate master and other funny things
On Fri, Apr 02, 2004 at 02:08:32PM -0500, Rob Siemborski wrote: If you use cyrus 2.2, mupdate should restart automatically almost immediately. In the short term, upgrading to 2.2.x is out of the question, but I would curious as to why/how it would restart almost automatically. Is master managing it, or something else ? I think the only times I ever saw our 2.1 mupdate master crash is when it ran out of file descriptors... (This is also fixed with some configurable limits in 2.2) But would a file descriptor starvation cause a signal 11 ? I have the usual setrlimit: Unable to set file descriptors limit to -1: Operation not permitted ... retrying with 1024 (current max) error on mupdate startup in my log, could it be related to that ? Thank you very much for your answers ! -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Murder question
On Fri, Apr 02, 2004 at 02:22:36PM -0500, Rob Siemborski wrote: On Fri, 2 Apr 2004, Etienne Goyer wrote: If I understand correctly, some strangeness may happen between the time the connection is lost and reestablished, like user creating folders but not seeing them right away. Considering that, would'nt it be a good idea to have that value very low (like 1) to minimize the loss of service ? Only if you want your mupdate process spinning trying to reconnect. In all likelihood, if the mupdate server crashes, then no one is doing any database updates *and* it won't be up again immediately. Well, what I mean is that there is a time window where mailbox operation front the frontend would succeed, but the outcome not received by the frontend. Example : 1. MUPDATE master down, frontend loose connection 2. MUPDATE master up again 3. frontend issue CREATE 4. backend RESERVE then CREATE succeed 5. MUA (or whatever) look for new folder, can't see it. 6. frontend reconnected to MUPDATE master 7. frontend receive update and now see new folders I am interested in minimizing the time between 2 and 6, to avoid 5. Thanks for your insights! -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Murder question
Hi, In a Murder, if I understand correctly, it is the frontend who initiate the connection with the mupdate master. I suppose when the mupdate master is shutted down and restarted, this connection is lost. How/when does the frontend reconnect to the mupdate master to receive update? Does the frontend try reconnecting to the mupdate master at fixed interval, or on a specific event ? Is this configurable ? -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
IMAP client that support ACL ... again !
Hi folks, I clearly remember that there was a discussion recently about ACL support in various client. I have tried searching the archive of this to no avail, and Google was not helpful either. Sorry to resubmit the question. Basically, which IMAP client support displaying and/or editing ACL ? Pointer to previous discussion on the subject welcomed. Thanks ! -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: IMAP client that support ACL ... again !
On Thu, Mar 25, 2004 at 06:14:48PM +, mb/[EMAIL PROTECTED] wrote: At 08:56 -0500 Etienne Goyer wrote: Basically, which IMAP client support displaying and/or editing ACL ? SquirrelMail with the useracl plugin IMP too, at least the CVS version does (not sure about the latest stable version). -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Authenticate to IMAP server via Active Directory
I answered M Wong off-list, but for the benefit of all ... On Thu, Mar 18, 2004 at 05:44:40PM -0500, Wong, G. MR EECS wrote: We have not had success with AD authentication. When a valid AD user tries to login via the imap client( we are using microsoft outlook) we get a cryptic size read failed. When we use imtest we get a No credentials cache found error. We are indeed clueless would appreciate any help with this. This is the key. The size read failed error mean saslauthd segfaulted. I had that problem too. For me, the problem was Kerberos-related. There are two possible cause that I know of : the keytab must be for service host or imap (I use host) ie host/[EMAIL PROTECTED], and the server name in your keytab must be the fully qualified hostname of your machine ie the output of hostname -f. At least, that is what I can remember on the top of my head. The first thing is to make saslauthd work. As somebody else pointed, testsaslauthd may be of help there. -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
MySQL authentication options
Hi, I had been doing some research about authenticating user against a MySQL database, and from what I can see the only option is via PAM through saslauthd. Is this correct, or there are other way to do it ? Thanks ! -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Remote User's SMTP relay authorization
Sorry, I don't have any useful insight about SMTP AUTH, but this in particuliar struck me : On Mon, Mar 15, 2004 at 11:39:54AM -0800, John Gibson wrote: 2. Remote/Roaming POP I am not sure what you mean, but I believe your users will be better served by IMAP. Especially people who happen to work from multiple location (if that is what you mean by roaming). It will also let you use a webmail package for remote access to mail, something that is much trickier with POP. Just my 0,02$. -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus IMAP Aggregator
On Fri, Mar 12, 2004 at 02:33:33PM +0100, Christoph Nagelreiter wrote: has anyone experience with the Cyrus IMAP Aggregator (http://asg.web.cmu.edu/cyrus/ag.html) in an production enviroment (50.000 Mailboxes)? Yes. 70K accounts, last time I checked, in a University environment. Which hardware do you use? 5 machines : - 2 x frontends: Quad Xeon 2.8, 4GB RAM. These machine also run an MTA and a PHP webmail package (Horde/IMP). - 1 x MUPDATE master server: Dual Xeon, 1 or 2 GB or RAM (don't remember). This machine is also running a highly sollicated MySQL database (Horde preference backend). - 2 x backends: Dual Xeon, 1 or 2 GB or RAM (don't remember) and a 700GB SCSI RAID 5 array locally attached (standard HPaq controller). Of all these machines, only the frontends are right-sized. The rest is *way* overkill. Load avg rarely goes over 5 on the frontend machines and never over 1 on the MUPDATE master or the backend. But hardware is so cheap these day, I see no reason not to be prevoyant and buy good hardware. Any problems? Yes, a few. We had database corruption problems on the MUPDATE master that caused a lot of downtime recently. We are currently experiencing intermittent segfault on the MUPDATE master that I am investigating. Configuration is a pain. SASL is a complicated beast. The databse backend you choose have very important impact on the stability and performance and they need to be researched in depth before commiting to a choice. If there is one thing I wished I did better with my deployement of Cyrus imapd, it would have been researching database issue and recovery procedure beforehand. The documentation is scattered and lacking on certain aspect (like, for example, database maintenance and recovery) and sometime out-of-date. The developper seem to favor ad-hoc documentation on a WiKi, which I personnally can't wrap my mind around but YMMV. I do not want to sound too negative, though. This deployement have been a rough ride in the past three months, but overall I am relatively satisfied. If it had to be done again, I would stay with Cyrus, but make sure I am prepared better. If I where you, I'll start small. If you have the opportunity to test drive it in production on a smaller scale first (ie, a department with = 10K accounts), you could start there. This would leave you time to familiarize yourself with the software before commiting fully. On the plus side, you should note that : - It's very flexible - Performance is excellent (beat my expectation by a *large* margin) - Full of features few others IMAP daemon have : ACL, single-instance store, duplicate delivery suppression, folder annotation, etc. - Strict adherence to RFC. - The price is right :) At this point, if you need a high-performance scalable IMAP daemon, Cyrus is the best choice within OSS. You mentionned 50K accounts. I do not know if you are planning a lot of growth, but if you don't you may want to consider not going with a Murder in the first place and opt for a standalone server instead. This would simplify your setup immmensely. You may believe 50K accounts is a lot, but it's really not that big (IIRC, some participant on this list host 250K accounts). Unless the usage pattern of your users is very hard, you could probably host all your accounts on a single relatively decent machine (quad CPU, = 4GB RAM and fast disk) if it's being dedicated entirely to Cyrus (no MTA, no webmail, etc). This is, of course, a very rough and uneducated estimate so YMMV. Good luck ! -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Webmail?
I run Horde/IMP with Cyrus-imapd successfully, but I would not dare call it fairly simple. Config is actually quite complicated, but it support most of Cyrus features (Sieve, ACL, quota, etc). Feel free to ask any question you might have about my setup. On Fri, Mar 12, 2004 at 09:58:06PM +0100, Anders Norrbring wrote: Is there a good and fairly simple web mail application to run with Cyrus-IMAP, Postfix, MySQL and Web-Cyradm? I looked very briefly at squirrelmail, but it doesn't seem to support the default setup designed by Luc. Anders Norrbring --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Are there large installation of Cyrus who use db3 for mailboxes.db on SMP Linux ?
Hi, Recently, we have suffered problem with mailboxes.db in a Murder of 70K accounts. There have been hint (not confirmed) that some Berkeley db suffer problem on SMP systems. For the sake of comparison and help me pinpoint my problems, I would like to know if anybody with a large Cyrus installation use Berkeley db for mailboxes.db on SMP Linux system, just like us. Note that db3 is the default, so if you did not change it, you probably use it. Thanks for your imput ! -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
What does ctl_cyrusdb -r do ?
Hi, I have a few question about database recovery, aka ctl_cyrusdb -r. What exactly is the purpose of database recovery ? On which database does it operate ? If the database is corrupted, can it fix it ? The way I understand it is that, in case imapd stop abruptely, it will recover the database from the last checkpoint. Is this exact ? I suppose how long it take to recover a database is dependant on many factor, but what would b the longest it should take usually ? I am asking because we had it running for two hours once, and I am not entirely sure it was working at all. It was using 100% of the CPU but it did not seem to write to the mailboxes.db. Since we had no way of telling if it was working or not, we decided to stop and rebuild the database from scratch instead. Also, is there any way to get progress information out of it ? I can see in the man page that there is no verbose option, but is there any other way to see what it is doing ? Thanks very much ! -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Information about the skiplist database format
Hi, I am digging deeper in various Cyrus database issue, and would like to learn a little more about the skiplist format. Is the format documented somewhere outside the source code ? Are there tools to check the validity of a skiplist db, similar to db3_verify and the rest of the db3_* command family ? Thanks! -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Performance question...
On Wed, Feb 25, 2004 at 01:11:30AM -0300, Henrique de Moraes Holschuh wrote: 3. A proper filesystem (ext2 and ext3 in default non-btree mode, aren't. I doubt UFS is any better). I hear that often but don't give it much credence. We use ext3 in a Murder with 70K accounts and two backends. We have no performance problem. Actually, the performance is better than I envisionned at first. I don't pretend to have done extensive file system comparison, but I guess if the default fs of your OS is fast *enough*, there is no reasons to go with non-standard filesystem. Actually, from a practical sysadmin point of view, you would be better sticking with well-known and well-tested default that have well-known and well-tested tools (fsck, debugfs, etc). If I where to build a mailsystem with many hundreds of thousands or millions account, that would be another story of course. -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Performance question...
On Wed, Feb 25, 2004 at 02:59:01PM -0400, Cesar Lagarrigue wrote: 1. noatime how configure this ? In /etc/fstab, specify the noatime option for the partition on which your mailspool reside. 2. no sync mounts or sync attributes anywhere. Use a proper fs instead. i use ext3, how make this ? This is a mount option too that you can specify in /etc/fstab. The sync attribute could also be set with chattr(1). Point 3 I know nothing about. 4. A properly configured Berkeley DB environment (although for some reason, Cyrus seems to actually survive well without any config, maybe the CMU crew override the defaults with something sane in the bdb backend code. If you try the same with OpenLDAP, your server will die an horrible death). how configure this ? is a conf or compile something ? i have a default cyrus with virtual users, and ldap with a backend This is something I would *love* to hear about because I am suffering from database corruption myself. I guess the Sleepy Cat documentation could be a good place to look, but where does a total db3 newbie start ? 5. Use skiplist as the backend for the mailboxes and seen dbs. how configure this ? is in the imapd.conf ? With the 2.1.x serie, this is a ./configure option : --with-mboxlist-db=skiplist (do ./configure --help for the full list of configure option). I * think* this is configurable in /etc/imapd.conf int he 2.2.x serie. Am I right ? BTW, would skiplist be the best mailboxes db on an mupdate master in a 2.1.x Murder ? -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Getting started
On Thu, Feb 26, 2004 at 01:07:58AM +0800, Craig Ringer wrote: I've found some MTAs _awful_ when it comes to getting them to look up users in an LDAP directory. I suspect they're much the same with other user lookup methods, though. Maybe that's the case for SMTP-AUTH, but as far as retrieving aliases is concerned, Postfix work just fine with LDAP. The only two complains I have concerning Postfix LDAP aliases dictionnary is the lack of SSL support in the (admittedly quite old) version of Postfix I am using, and the fact that smtpd block (plain hang) when the LDAP servers are not available (I would prefer it return some 4xx temporary error). But maybe you where talking about the users repository for SMTP AUTH, which is an entirely different story. Sorry for going that much off-topic. -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Performance question...
On Wed, Feb 25, 2004 at 04:22:48PM -0300, Henrique de Moraes Holschuh wrote: On Wed, 25 Feb 2004, Etienne Goyer wrote: 4. A properly configured Berkeley DB environment (although for some reason, Cyrus seems to actually survive well without any config, maybe the CMU crew override the defaults with something sane in the bdb backend code. If you try the same with OpenLDAP, your server will die an horrible death). how configure this ? is a conf or compile something ? i have a default cyrus with virtual users, and ldap with a backend This is something I would *love* to hear about because I am suffering from database corruption myself. I guess the Sleepy Cat documentation could be a good place to look, but where does a total db3 newbie start ? First, you need DB4.2 if you have anything SMP or multithreaded :) Ok, this is getting interesting. Are there known with db3 on SMP system? We use the stock db3 rpm from RedHat 7.3 (3.3.11) on an SMP machine, and we seem to have database corruption problem on mailboxes.db. I'll be searching Google, but in the meantime if you have pointer to this problem or can confirm that db3 + SMP == corruption, I'd like to hear about it. Thanks! -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Getting started
On Tue, Feb 24, 2004 at 05:07:31PM +0100, Fredrik Petersson wrote: I have struggled hard to get a postfix-cyrus-mysql system run on a SuSE 8.2 dist. I have just reinstalled SuSE and gonna give it a new try tonight. Cant find any suitable howto on internet so thats why I ask here. I seem to recall an HOWTO on that very subject had been discussed in the list. If you would search the mailing list archive or the Wiki, I am pretty sure you will find it. First, I would prefer the use of a rpm installation, I guess all the rpms are included in SuSE 8.2 exept pam_mysql i also guess i have to compile postfix by my self to get the mysql support, is this a good way to do this? There are a very good set of third-party RPM for Cyrus imapd you can get at http://www.invoca.ch/pub/packages/cyrus-imapd/. Simon Matter, the maintainer of these RPMs is very helpful and very active on this list. I am surprised he have not yet answered your question, actually. I highly recommend you use these RPM. I have them successfully on one installtion and I am very satisfied about them. Or shall I build everything by my self? How do I do with preinstalled rpms list? I don't speak authoritatively, but IMHO this is exactly what this list is for. What kind of questions are welcome here? advanced? beginners? Developing ? Installation? I have seen all of these discussed here. Ask away, at worst you won't get an answer ! Good luck with your installation and be sure to have a look at the Wiki! I wish it had been there when I made my first step with Cyrus : http://acs-wiki.andrew.cmu.edu/twiki/bin/view/Cyrus/WebHome -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Outlook problems with long UIDL's
On Mon, Feb 16, 2004 at 12:13:29PM +0100, Gregor Bruhin wrote: I don't know, I am just unable to reproduce the problem with some test mailboxes and different recent outlooks... In the case I am aware of, you need to have UIDL of varying length. Since POP3 UIDl are made by combining the mailbox's UIDVALIDITY and the UID of a specific messages, you need to have message with UID that do not have the same length in the same mailbox, ie UID 1 .. 9, 10, 11 .. 100, etc. +OK frontend Cyrus POP3 Murder v2.1.16 server ready [EMAIL PROTECTED] USER testuser +OK Name is a valid mailbox PASS +OK Maildrop locked and ready UIDL +OK unique-id listing follows 1 1075496837.1 2 1075496837.2 3 1075496837.3 4 1075496837.4 5 1075496837.5 6 1075496837.6 7 1075496837.7 8 1075496837.8 9 1075496837.9 10 1075496837.10 This mailbox would break Outlook 2002, according to the report I received. -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Question about MUPDATE master mailboxes list
Hi, I was under the impression that the mailbox list kept on the MUPDATE master was volatile, that is it was recreated from scratch at each start-up with the mailbox list coming from the backends. I think I found out the hard way that this is *not* the case. Is this correct ? -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Question about MUPDATE master mailboxes list
On Tue, Feb 17, 2004 at 12:18:05PM -0500, Rob Siemborski wrote: On Tue, 17 Feb 2004, Etienne Goyer wrote: I was under the impression that the mailbox list kept on the MUPDATE master was volatile, that is it was recreated from scratch at each start-up with the mailbox list coming from the backends. It should be able to be reconstructed at startup of the backends. That said, I'd advise against *relying* on this behavior. Why do you recommend *against* relying on this behavior ? For about 500K mailboxes (mailboxes, not accounts), how long should ctl_mboxlist -m from two backends run ? I know it's impossible to give exact as it rely on many factors (hardware, network speed, etc), but I would be satisfied with a rough estimation. I am asking because, starting with a clean (just did mkimap) configdir on the mupdate master, it took 8 hours for us with fairly powerful and otherwise idle machines. I think I found out the hard way that this is *not* the case. Is this correct ? It shouldn't be, provided you are running ctl_mboxlist -m at startup of the backends. Well, we do. On the mupdate master, is it advisable to : 1. have master run ctl_cyrusdb -r at START ? 2. have master checkpoint the database with ctl_cyrusdb -c as a regular EVENTS ? (I know I am going to hate myself when you answer this one ...) Two more questions. How long should ctl_cyrusdb -r take to recover a mailboxes.db that was not checkpointed ? What tool can I use to diagnose a bad mailboxes.db ? I would love to do forensic on the mailboxes.db I think is corrupted to figure out was the problem really was. Thank you very much for your answer! -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Question about MUPDATE master mailboxes list
Thanks, that answered most of my questions. One last thing : On Tue, Feb 17, 2004 at 03:43:09PM -0500, Rob Siemborski wrote: It mostly should depend on how much of the database is already populated in the mupdate master. If there's nothing there, and the database is syncing on every write, then I would expect 500,000 entries to take a VERY long time to run. Is it possible to disable the syncing on every write ? I don't mean to use that in production, but when rebuilding database from scratch I guess it would speed up thing significantly. Any idea about how to find what have caused database corruption ? I kept a copy of the malfunctionning mailboxes.db before I rebuilt it. I'd really like to understand what went wrong in case I might do something to prevent this kind of situation in the future. Again, thanks very much for your insight! -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Trying to troubleshoot Murder problem
Hi, I am currently trying to troubleshoot a Murder problem. Any suggestion welcomed. Basically, it seem like the frontend don't have their mailbox list updated. We tried restarting just the frontends, it did not worked. then we tried restarting the whole Murder and the problem is still here. Here are the symptom : [EMAIL PROTECTED] root]# telnet localhost 143 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. * OK frontend Cyrus IMAP4 Murder v2.1.16 server ready . login testuser *** . OK User logged in . delete test-eg3 . NO Mailbox does not exist . create test-eg3 . NO Mailbox already exists . logout * BYE LOGOUT received . OK Completed Thanks ! -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
SOLVED Re: Trying to troubleshoot Murder problem
Hi, I solved my problem. On the MUPDATE master, in /etc/cyrus.conf we had : mupdate cmd=/usr/cyrus/bin/mupdate -m listen=2004 prefork=10 Setting prefork=1, then restarting the Murder solved it. This beg an entry in the Wiki, if only I could figure out how to use it ... On Fri, Feb 13, 2004 at 11:30:02AM -0500, Etienne Goyer wrote: Hi, I am currently trying to troubleshoot a Murder problem. Any suggestion welcomed. Basically, it seem like the frontend don't have their mailbox list updated. We tried restarting just the frontends, it did not worked. then we tried restarting the whole Murder and the problem is still here. Here are the symptom : [EMAIL PROTECTED] root]# telnet localhost 143 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. * OK frontend Cyrus IMAP4 Murder v2.1.16 server ready . login testuser *** . OK User logged in . delete test-eg3 . NO Mailbox does not exist . create test-eg3 . NO Mailbox already exists . logout * BYE LOGOUT received . OK Completed Thanks ! -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Backup e-mail messages HOW ?
On Thu, Feb 12, 2004 at 09:43:04AM -0300, Bartosz Jozwiak wrote: Could somebody tell me how to backup all e-mail messages from Cyrus-IMAP 2.1.14 ? There's an entry on that subject in the Wiki : http://cyruswiki.andrew.cmu.edu -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: rename problems with murder
On Wed, Feb 11, 2004 at 05:19:36PM -0700, Mike Smith wrote: rename user.dragon user.dragon mailbackend2.{mydomain}.com I get the error on the frontend: renamemailbox: Server(s) unavailable to complete operation this happens if I try to move the mailbox between backends or partitions on the same backend the log that I get from the backend is: Feb 11 16:53:53 mailbackend1 imap[15992]: login: mailfront1.bhfc.net [10.4.9.3] cyrus PLAIN+TLS User logged in Feb 11 16:53:53 mailbackend1 imap[15992]: getaddrinfo(2) failed: Name or service not known Feb 11 16:53:53 mailbackend1 imap[15992]: Could not move mailbox: user.dragon, Initial backend connect failed Can mailbackend1 resolve the adress of mailbackend2, ie ping it ? If your backends do not have DNS entry, you might want to add them to each other /etc/hosts files. -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: ldap/cyrus server
On Mon, Feb 09, 2004 at 10:05:43PM -0500, Robin M. wrote: Hope this does not insult anyone here... Is there a site that anyone knows of with good examples of schemas for use with an ldap email server that resemble all the fields a user would find in an outlook address book, or that work well with a netscape email client. Here is exactly the schema you are looking for : http://yolinux.com/TUTORIALS/LinuxTutorialLDAP-GILSchemaExtension.html Something explaining how to simulate an Exchange-like server. My ldap/cyrus server is now looking fairly complete but this is my first time and I have not really seen much recent documentation in this vein. IMAP + LDAP cover only a fraction of Exchange functionnality. Mail with shared folder and LDAP address book cover, IMHO, the most important one but there will be many thing missing : shareable calendar, shareable private address book (twiddling ACL in OpenLDAP config might do it, but this won't be user-configurable), schedule conflict resolution and many, many more. -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: PERL IMAP client module
In the same vein, I have an IMAP::MUPDATE module I wrote. The code is not exactly pretty , but it work. I also have a modified Net::Sieve that work with STARTTLS and proxy auth, and a Net::FUD module I wrote from scratch. For those interested, I can share them. On Wed, Feb 04, 2004 at 03:06:32PM +1100, Rob Mueller wrote: A while ago I wrote an IMAP client interface in PERL for a project I was working on. At the time I looked at Net::IMAP, Mail::IMAPClient and Mail::Cclient, but they all had problems that made them annoying in some way (broken literals in envelopes, non-structured bodystructure responses, etc). Most of those modules have now improved to deal with the issues I had at the time, so this module is now a bit redundant. Anyway, the result of my work was Mail::IMAPTalk (yes, silly name), which basically did everything I wanted. I'm not sure if other people will find it useful, but I decided it was about time I released it to CPAN, so feel free to take a look and compare it to the other modules to see if it fits your needs. http://search.cpan.org/~robm/Mail-IMAPTalk-1.00/ Rob -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] Kernel Preemption is a bad idea. Who are the users to think their trivial tasks are more important than the kernel's ?
Re: PERL IMAP client module
On Wed, Feb 04, 2004 at 11:16:59AM -0500, Rob Siemborski wrote: On Wed, 4 Feb 2004, Etienne Goyer wrote: In the same vein, I have an IMAP::MUPDATE module I wrote. The code is not exactly pretty , but it work. I also have a modified Net::Sieve that work with STARTTLS and proxy auth, and a Net::FUD module I wrote from scratch. For those interested, I can share them. It probably makes sense to link these (along with Rob's module) from the wiki. The IMAP::MUPDATE module, while serviceable, is currently quite a hack job. It is derived from the CPAN IMAP::Admin module. This is not the same as the one shipped with Cyrus imapd, it is the one found at http://search.cpan.org/~eestabroo/IMAP-Admin-1.6.1/Admin.pm. My IMAP::MUPDATE module depend on local modification I made to IMAP::Admin (to add SASL auth support among other) and I got out-of-sync with the main IMAP::Admin module. In this state, I don't feel like releasing it at large; however, if it can be of use to somebody, I'll gladly share. I made an error about the Sieve module; it is called IMAP::Sieve. This is the one shipped with Websieve. I tried to contact the maintainer a while ago, but he never answered my email. If I can get a hold on him, I may ask him maintainership of the module, in which case I would post it on CPAN. For the moment, I do not have a web presence for it. The Net::FUD I wrote from scratch. It is very simple, actually. If I was not so overworked, I'll package it for CPAN. It does not have a web presence either. I will still add a note about these last two in the Wiki. Out of curiosity, what do you use IMAP::MUPDATE for? Retrieve complete list of mailbox, resolve backend a mailbox reside on, etc. A client of mine have a policy of making a backup of mailbox before deleting them; it is done at the file system level so I have to know where a mailbox reside. Also, we load-balance mailboxes creation on backend so at any time we have to know how many mailboxes there are per partition, per backend. We could have retrieved this info from IMAP or from the filesystem, but it is much faster to query the MUPDATE master. -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED]
Re: PERL IMAP client module
On Wed, Feb 04, 2004 at 03:42:47PM +0100, Sebastian Hagedorn wrote: In the same vein, I have an IMAP::MUPDATE module I wrote. The code is not exactly pretty , but it work. I also have a modified Net::Sieve that work with STARTTLS and proxy auth, and a Net::FUD module I wrote from scratch. For those interested, I can share them. I'd be interested in the last two. Here they are. Note that the Sieve.pm does not have a copyright notice, a disclaimer and a license inlined; I included the license.txt that was shipped with websieve (GPL2). I also recall that I had problem getting STARTTLS to work; I am not sure if it currently broken or not. The only SASL mechnism supported is PLAIN, but it does support proxy auth. It does follow REFERRAL too, if you are in a Murder environnement. Notice that one big feature missing is documentation; sorry, but you will have to read the code until I write the POD :) In a nutshell, the constructor look like : my $sieve = new IMAP::Sieve(Server = $server, Proxy = $user, # user to act upon Login = $mailadmin, Password = $password); Net::FUD is much simpler. Just read the POD : perldoc Net::FUD. In both case, you just have to drop the .pm somewhere in @INC where it make sense; under RedHat, I would suggest /usr/lib/perl/site_perl/5.x.x/ under either Net or IMAP. I welcome any question you may have. -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] IMAP::Sieve = This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. A copy of the GNU General Public License can be found in the file GPL2.txt. Alain Turbide # Net::FUD.pm # $Id: FUD.pm,v 1.3 2003/07/24 20:38:49 egoyer Exp $ # # Copyright (c) 2003 Etienne Goyer, Linux Québec Technologies # [EMAIL PROTECTED]. All rights reserved. # This program is free software; you can redistribute it and/or # modify it under the same terms as Perl itself. # # This package retrieve information on mailbox from a FUD daemon, # such as bundled by Cyrus imapd. # package Net::FUD; use strict; use vars qw($VERSION); use IO::Socket::INET; $VERSION = 0.01; sub new { my $class = shift; my %self = @_; unless ($self{'server'}) { return undef; } unless ($self{'port'}) { $self{'port'} = 4201 } # Connect to server $self{'socket'} = IO::Socket::INET-new( PeerAddr = $self{'server'}, PeerPort = $self{'port'}, Proto= udp ); if ($self{'socket'}-error) { $self{'error'} = Error connecting to $self{'server'}:$self{'port'}.; } my $ret = \%self; bless ($ret, $class); return $ret; } sub retr_info { my $self = shift; my $user = shift; my $mbox = shift; my $fh = $self-{'socket'}; my ($resp, @ret); unless ($user) { return } # FIXME : this make the assumption that the mailboxes separator is '.' unless ($mbox) { $mbox = user. . $user } print $fh $user|$mbox; sysread($fh, $resp, 511); if ($resp eq PERMDENY) { $self-{'error'} = Permission denied; } elsif($resp eq UNKNOWN) { $self-{'error'} = User or mailbox unknown; } else { # Parse response @ret = split /\|/, $resp; } return @ret; } sub error { my $self = shift; return $self-{'error'}; } # Not sure if these two are necessary sub close { my $self = shift; $self-{'socket'}-close; } sub DESTROY { my $self = shift; $self-close; } 1; __END__ =head1 NAME Net::FUD - FUD Client class =head1 SYNOPSIS use Net::FUD; $fud = Net::FUD-new( server = some.host.name, port = 4201); @info = $fud(johndoe, user.johndoe.folder) $err = $fud-error =head1 DESCRIPTION CNet::FUD is a class implementing a simple client in Perl to the FUD daemon as shipped with ICyrus imapd. =head1 CONSTRUCTOR =over 4 =item new ( server = HOST [, port = PORT ]) Create a new CNet::FUD object where HOST is the host to connect to. Optionnally, you can specify the port PORT (default udp/4201). =back =head1 METHODS =over 4 =item retr_info ( USER [, MAILBOX ]) Retrieve
Re: PERL IMAP client module
On Wed, Feb 04, 2004 at 11:16:59AM -0500, Rob Siemborski wrote: It probably makes sense to link these (along with Rob's module) from the wiki. Ok, I tried to make sense of that Wiki thingy but can't figure it out. I created a user, but nowhere did it ask for a password and I can't find how to login with my newly created user. Also, in which section would you like us to post these links ? -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Migrating from UW imap to Cyrus
One thing that bite me when migrating from mbox to Cyrus was POP3 UIDL. Are you currently serving mail thru POP3, and do you plan to use POP3 with Cyrus ? If yes, it is important to note that the way other POP3 daemon calculate and store the UIDL values is different that Cyrus. If you have any POP3 client that rely on consistent UIDL (ie they use Leave mail on server feature of their client), they will break and there is nothing you can do about it. Just sharing experiences ... On Mon, Feb 02, 2004 at 08:17:45AM -0700, Dwight Tovey wrote: Andrew J Caird said: Dwight, I'm starting a similar project, and have looked at several of the tools that are out there - if you check the archives for this list for that last two or three weeks in January 04, you'll see a discussion of this. Based on my very limited testing, mailutil from the UW IMAP/Pine distribution is the best tool. It can migrate IMAP-to-IMAP, or from mboxfile-to-IMAP (and in the other direction). Since, as far as I know, UW-IMAP doesn't have an authuser option, I've successfully migrated mailboxes from the UW-IMAP server to the Cyrus IMAP server with a command like: mailutil copy /imapfolders/loginid/foldername {cyrus/novalidate-cert/authuser=cyrusadmin/user=loginid}user.loginid.foldername run as root on the UW-IMAP server. On my servers/network I can transfer about 5 messages per second. It is interesting to run mailutil with the -verbose and -debug flags to see what it's doing, but after a while it just clutters the screen. Hope this helps. Perfect. That's what I was looking for. I knew I had seen it somewhere, but for some reason I couldn't find it again, even in the archives. Guess I just didn't enter the search string correctly. Thanks to Andrew and Ken for the pointer to mailutil. /dwight -- Dwight N. Tovey email: [EMAIL PROTECTED] web: http://www.dtovey.net/~dwight --- If NT is the answer, then you didn't understand the question. -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] Kernel Preemption is a bad idea. Who are the users to think their trivial tasks are more important than the kernel's ?
Re: Recommended webmail clients to use with cyrus..
On Tue, Jan 27, 2004 at 03:17:40PM -0800, Jason Williams wrote: In the last of my final pieces to my mail server, im looking for a webmail package. Obviously, it needs to work with Cyrus. The ones I know off the top of my head are: Squirrelmail Horde Openwebmail There may be others, but not sure. Anyone have any suggestions on a webmail to use, that works well with Cyrus? Anyone that stands out better than the rest or is a better choice overall? I like Horde, but I have to admit it is a complex of software. Have alot of features, though. If you use the CVS version, IMP support ACL, shared folder, etc and you can get a Sieve script manager (Ingo). Personnally, I am very satisfied but learning and setting up Horde is certainly not an afternoon project :) -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] Kernel Preemption is a bad idea. Who are the users to think their trivial tasks are more important than the kernel's ?
Re: ReiserFS on a Linux mail server
This is really just my personnal opinion. I have never used ReiserFS myself (neither XFS, actually). I am an happy user of ext3 since it became mainstream. ReiserFS is a (relatively) new design. It have a very small user base compared to ext3. Ext3 is well-known and well-tested design. FS recovery tools for ext3 are mature and well-known by Linux sysadmin. It is backward-compatible with ext2. It is the default on most Linux distribution. Personnally, unless I am experiencing a bottleneck I can trace back to the FS, I would go for the conservative choice and opt for ext3. Unless you have a very large userbase (I would say 10K users, but it depend on many factors), performance will probably not be an issue in your setup. I can see no gain for you by going with ReiserFS. If, for some reason, you really can't use ext3, I would go with the second safest choice and use XFS (or JFS). It's another proven design that's been in use for many years, althought the Linux implementation is relatively recent. Just my 0,02$. Nothing scientific here; it's just that when talking about a service as critical as email, I prefer to stay on the safe side. On Tue, Jan 20, 2004 at 04:01:01AM -0500, Jeff Gray wrote: Greetings all. I am an experienced Windows NT administrator (go ahead and let it out now) making the transition to Linux. I have been assigned to a team who are going to be migrating Exchange servers to Linux servers running Postfix, Cyrus and Amavisd-new for spam and virus filtering. Currently all options are being evaluated right now so I would like to take the initiative and set up my own test server so I can start learning the concepts inside out. I already have the hardware ready. 1 Ghz P3, 1 gig ram, 4 ATA133 drives, 3ware RAID adapter. I have been doing a lot of reading regarding the journaling filesystems available for Linux. Here is the conclusion that I have reached: ext3 is basically ext2 with journaling added on top. XFS is well suited for environments where very large files are going to be served. ReiserFS has been optimized to handle small files in a very efficient manner and thus is a great candidate for an all around general mail, apache and samba server. I was mainly deciding between ReiserFS and XFS but so far I'm leaning towards the former. My question is to other mail administrators either running Postfix, Cyrus or both... from your experiences what have you learned about dealing with ReiserFS version 3? Are there some special filesystem optimizations that you would like to share with the list? I forgot to mention that I will be utilizing LVM on my test server as well. Any comments or suggestions? Thank you for taking the time to read this! _ Find high-speed net deals comparison-shop your local providers here. https://broadband.msn.com -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED]
Re: Using singleinstancestore on a large scale (thousands of recipients)
On Tue, Jan 13, 2004 at 03:29:43PM +0100, Kjetil Torgrim Homme wrote: - can I invoke deliver with such a long argument list? If not, is there an alternative? don't use deliver(8), use LMTP. it's much more reliable. In this case, the MTA must accept a recipient list that long (in his case, 30K). With Postfix, the directive would be (I think) : lmtp_destination_recipient_limit = 3 I don't know if Cyrus have a similar, corresponding config directive or if lmtpd just accept as many recipient as there is. -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED]
Re: Cyrus and Postfix question
On Fri, Jan 09, 2004 at 01:12:04PM -0800, Jason Williams wrote: Wanted to get some feedback from people running cyrus and postfix. If you are running RedHat Linux, one thing to keep in mind is that RedHat run Postfix in a chroot jail. So in yout cyrus.conf you need something along the line of : lmtpunix cmd=lmtpproxyd listen=/var/spool/postfix/etc/lmtpproxy prefork=3 where in /etc/postfix/main.cf you would need something like : mailbox_transport = lmtp:unix:/etc/lmtpproxy Just my 0,02$, in case. -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED]
Impact of duplicatesuppression in mail delivery performance.
Hi, I am currently investigating performance and scalability issue on a Murder. Right now, everything is working smoothly but I am trying to be proactive as I expect a spike in usage in the coming week. My question concern potential bottleneck in mail delivery. The way I understand it, duplicatesuppression may constitute a bottleneck as every incoming message have to be checked for in deliver.db and, if delivered, written to it. I suppose only a single process at a time can write to deliver.db, so does this constitute a bottleneck ? Is there any gain in performance in setting duplicatesuppression to no ? What are the implication of doing so, outside of performance ? Thank you for your insight. -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED]
Re: Can't SELECT mailbox as admin on frontend (Murder)
Ok, I found the source of my problem. I am using altnamespace, and it is setted on every machine in the Murder. I found out by syslog()ing variable inimpad.c that mailbox_open_header() try to open user.admin.user.test123. If don't set altnamespace in the backend, it work. Next question : are there implication to having altnamespace set to yes on frontend, and to no on backend ? Thank you very for your insight. On Wed, Dec 17, 2003 at 05:16:55PM -0500, Etienne Goyer wrote: Since nobody answered yet, I guess this one is a little thorny. I'll resume the symptom to make the big picture clearer : SELECTing INBOX as a user on frontend: work SELECTing user/user as a user on frontend: _don't_ work SELECTing user/user as an admin on frontend: _don't_ work SELECTing user/user as an admin on backend: work ! Cyrus imapd and sasl 2.1.15, altnamespace and unixhierarchysep == yes. Any idea about what could cause such a situation ? Even if it is just hypothesis, I am willing to investigate. I am also willing to read code, if one can point me toward the file that may contain the possible source of my problem. The strange thing is that I have another Murder that does not show these behavior. The configuration are pretty much similar, except for the version (2.1.13), and altnamespace and unixhierarchysep being set to no. All your insights welcome ... On Wed, Dec 17, 2003 at 03:24:17PM -0500, Etienne Goyer wrote: If you mean a telemetry log on the backend, here it is : -- admin Wed Dec 17 15:13:41 2003 1071692021C2 Capability 1071692021* CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE LOGINDISABLED MUPDATE=mupdate://xxx.xxx.xxx.xxx/ C2 OK Completed 1071692021. Select {12+} user/test123 1071692021. NO Mailbox does not exist 1071692025L01 LOGOUT 1071692025* BYE LOGOUT received L01 OK Completed On Wed, Dec 17, 2003 at 03:00:29PM -0500, Ken Murchison wrote: Etienne Goyer wrote: Hi, I can't SELECT mailbox on a frontend in a Murder when logged in as an admin account. Example : * OK frontend1 Cyrus IMAP4 Murder v2.1.15 server ready . login admin *** . OK User logged in . select user/test123 . NO Mailbox does not exist . logout * BYE LOGOUT received . OK Completed Obviously, I have check user/test123 exist. Actually, when I connect directly to the backend where it reside, I can SELECT it no problem. Also, as user test123, I can't SELECT user/test123 (NO Mailbox does not exist too), but I succeed when I SELECT INBOX. Could this be related to altnamespace ? If not, what else could cause this problem ? I *believe* that these issues have been resolved in 2.2. If you can grab a protocol dump of what is being sent to the backend, it might shed some light. My guess is that the mailbox name is being sent in the internal format, rather than the external one. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED]
Re: Can't SELECT mailbox as admin on frontend (Murder)
On Wed, Dec 17, 2003 at 05:43:26PM -0500, Rob Siemborski wrote: On Wed, 17 Dec 2003, Etienne Goyer wrote: You lose many of the privs of being an 'admin' when you are being proxied. (namely, the ones that don't come directly from an ACL). This behavior originated from the belief that proxy users shouldn't be able to become admins. It becomes less clear that this is actually the desired behavior to me all the time (and, indeed, the security benefits are marginal at best). I can confirm that this is the case. With imtest, I logged in as proxy auth, admin user and can't SELECT user/mailbox. When I log in with the admin credentials, I can. What I need to do is merging user's account. For that, I wanted to : 1. login on a frontend as mailadmin; 2. SELECT source mailbox 3. LIST submailbox 4. CREATE submailbox in destination mailbox 5. SEARCH messages 6. COPY messages to destination mailbox Could you suggest a workaround, or some other way to achieve similar result ? But this is likely the source of your problem. If you want to do this, you can either patch cyrus to not make the isadmin/isproxyadmin distinction, or act like a referrals-capable client and follow the referral (e.g. issue an 'RLIST ' before you issue the SELECT). I am running 2.1.13. in another Murder, and it work there (proxy authcid, admin authzid, SELECT user/mailbox). So I suppose that this change somewhere in 2.1.14 or 2.1.15 ? Thanks for your nsights, I'll be looking at the source. -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED]
Can't SELECT mailbox as admin on frontend (Murder)
Hi, I can't SELECT mailbox on a frontend in a Murder when logged in as an admin account. Example : * OK frontend1 Cyrus IMAP4 Murder v2.1.15 server ready . login admin *** . OK User logged in . select user/test123 . NO Mailbox does not exist . logout * BYE LOGOUT received . OK Completed Obviously, I have check user/test123 exist. Actually, when I connect directly to the backend where it reside, I can SELECT it no problem. Also, as user test123, I can't SELECT user/test123 (NO Mailbox does not exist too), but I succeed when I SELECT INBOX. Could this be related to altnamespace ? If not, what else could cause this problem ? Every comments welcome. I have been looking for the source of this problem for a few hours already, and I am getting desperate for a solution ... -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED]
Re: Can't SELECT mailbox as admin on frontend (Murder)
If you mean a telemetry log on the backend, here it is : -- admin Wed Dec 17 15:13:41 2003 1071692021C2 Capability 1071692021* CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE LOGINDISABLED MUPDATE=mupdate://xxx.xxx.xxx.xxx/ C2 OK Completed 1071692021. Select {12+} user/test123 1071692021. NO Mailbox does not exist 1071692025L01 LOGOUT 1071692025* BYE LOGOUT received L01 OK Completed On Wed, Dec 17, 2003 at 03:00:29PM -0500, Ken Murchison wrote: Etienne Goyer wrote: Hi, I can't SELECT mailbox on a frontend in a Murder when logged in as an admin account. Example : * OK frontend1 Cyrus IMAP4 Murder v2.1.15 server ready . login admin *** . OK User logged in . select user/test123 . NO Mailbox does not exist . logout * BYE LOGOUT received . OK Completed Obviously, I have check user/test123 exist. Actually, when I connect directly to the backend where it reside, I can SELECT it no problem. Also, as user test123, I can't SELECT user/test123 (NO Mailbox does not exist too), but I succeed when I SELECT INBOX. Could this be related to altnamespace ? If not, what else could cause this problem ? I *believe* that these issues have been resolved in 2.2. If you can grab a protocol dump of what is being sent to the backend, it might shed some light. My guess is that the mailbox name is being sent in the internal format, rather than the external one. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED]
Re: Can't SELECT mailbox as admin on frontend (Murder)
Since nobody answered yet, I guess this one is a little thorny. I'll resume the symptom to make the big picture clearer : SELECTing INBOX as a user on frontend: work SELECTing user/user as a user on frontend: _don't_ work SELECTing user/user as an admin on frontend: _don't_ work SELECTing user/user as an admin on backend: work ! Cyrus imapd and sasl 2.1.15, altnamespace and unixhierarchysep == yes. Any idea about what could cause such a situation ? Even if it is just hypothesis, I am willing to investigate. I am also willing to read code, if one can point me toward the file that may contain the possible source of my problem. The strange thing is that I have another Murder that does not show these behavior. The configuration are pretty much similar, except for the version (2.1.13), and altnamespace and unixhierarchysep being set to no. All your insights welcome ... On Wed, Dec 17, 2003 at 03:24:17PM -0500, Etienne Goyer wrote: If you mean a telemetry log on the backend, here it is : -- admin Wed Dec 17 15:13:41 2003 1071692021C2 Capability 1071692021* CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE LOGINDISABLED MUPDATE=mupdate://xxx.xxx.xxx.xxx/ C2 OK Completed 1071692021. Select {12+} user/test123 1071692021. NO Mailbox does not exist 1071692025L01 LOGOUT 1071692025* BYE LOGOUT received L01 OK Completed On Wed, Dec 17, 2003 at 03:00:29PM -0500, Ken Murchison wrote: Etienne Goyer wrote: Hi, I can't SELECT mailbox on a frontend in a Murder when logged in as an admin account. Example : * OK frontend1 Cyrus IMAP4 Murder v2.1.15 server ready . login admin *** . OK User logged in . select user/test123 . NO Mailbox does not exist . logout * BYE LOGOUT received . OK Completed Obviously, I have check user/test123 exist. Actually, when I connect directly to the backend where it reside, I can SELECT it no problem. Also, as user test123, I can't SELECT user/test123 (NO Mailbox does not exist too), but I succeed when I SELECT INBOX. Could this be related to altnamespace ? If not, what else could cause this problem ? I *believe* that these issues have been resolved in 2.2. If you can grab a protocol dump of what is being sent to the backend, it might shed some light. My guess is that the mailbox name is being sent in the internal format, rather than the external one. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED]
Re: Authenticating and authorizing as different users w/an MUA?
On Mon, Dec 15, 2003 at 03:18:19PM -0500, Igor Brezac wrote: pine can do it. Any c-client based client is capable of proxy authorization. php unfortunately does not export plain mech; a small patch fixes this problem. This php patch allows IMP to do proxy auth. Me want! Me want! Seriously, I have been banging my head for two complete days wondering why PHP was not using the authuser mailbox spec parameter. If I could make it work with IMP, I'll be the happiest man around ... -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED]
Sieve vacation question : does :addresses match case-insensitively ?
Hi, Given the following script : require vacation; vacation :days 1 :addresses [EMAIL PROTECTED] :subject Some subject Just testing vacation, folks. ; Does the :addresses parameter will be matched case insentively, meaning that the vacation will also trigger for mail addressed to [EMAIL PROTECTED] ? Thanks ! -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED]
Re: Sieve vacation question : does :addresses match case-insensitively ?
On Mon, Dec 15, 2003 at 12:59:22PM -0500, Ken Murchison wrote: Cyrus Daboo wrote: Further to this I see that newer versions of CMU SIEVE do case-insensitive comparisons, but older versions did not - perhaps Ken/Rob can confirm when that change was made so you can decide whether you need to upgrade/patch. AFAICT it was changed prior to 2.1.2. So 2.1.15 should do the comparison case-insensitively ? -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED]
Re: imap and ldap
Hi, Did you compiled your own cyrus-sasl or used a third-party package ? If you compiled, did you used the --with-ldap switch to configure ? Do you have OpenLDAP and assorted libs installed ? On Thu, Dec 11, 2003 at 03:07:11PM +0100, Geert Reijnders wrote: Hi all Again I have a question. I want to setup a mail-server and the users must be retrieved from the ldap-server. I have heard from several people and read in several guides that it is possible with saslauthd -a ldap and put the following option in the imapd.conf: sasl_pwcheck_method: saslauthd But of course when I try to do that I get error messages. The first one is when I execute the command saslauthd -a ldap: saslauthd[285] :set_auth_mech : unknown authentication mechanism: ldap the solution is not by using pam because that is not an option in saslauthd. The second one is when I try to open a mailbox in outlook express. Then I get the messages that on line (the line where sasl_pwcheck_method is located) that the command is unknown. What am I missing or doing wrong? I hope anyone could help me. Thanks in advance Geert Reijnders -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED]
Telemetry log before authentication ?
Hi, I am troubleshooting a problem where the client negociate STARTTLS with success, then fail. I guess the authentication did not work because the server does not write telemetry log. I have local6 and auth log facility set to debug, and I see nothing after the successful starttls negociation message. I was trying to figure out if the client tried to AUTHENTICATE (and, if yes, wich mechanism he tried), or just dropped it after CAPABILITY. I guess I would need telemetry of session before the authentication succeed, unless somebody could tell me for sure no AUTHENTICATE have been tried because it would have blah in (local6|auth) facility. On a somewhat related note, did anybody on this list ever used the PHP imap_open() function with authuser, such as opening {localhost/authuser=admin}INBOX ? If yes, which version of PHP where you using, and what does your mailbox name looked like ? Thanks everybody for your answers. -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED]
Request: patch to mailutil to get the password from an environment variable
Hi, I know mailtuil is a software not related to Cyrus, but a little while back I seem to remember that somebody posted a patch on this mailing list that enable mailutil to get the password from an environment variable. I have been digging my mailbox, but can't find it anymore. If you know about it, I would appreciate greatly if you could repost the patch (or contact me off-list if you think it would be more appropriate). Thanks ! -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED]
Re: Authenticate Cyrus off active directory
On Thu, Dec 04, 2003 at 07:41:54AM +0100, Nikola Milutinovic wrote: Why don't you user kerberized IMAP clients? Because our 60K+ users base use a hodgepodge of IMAP client over which we have no control. I am not quit sure our webmail (IMP) could be made to authenticate via Kerberos either. Also, the IMAP server are accessible from the Net, while the AD controller (KDC) are not. This setup effectively defeats the idea of Kerberos, since SASLAuthD is used for PLAIN-text authentication. Unless it is running over SSL channel (mechanism EXTERNAL), you're sending USER/PASS in cleartext over the net. Only IMAPS is exposed to the outside. -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED]
Re: Authenticate Cyrus off active directory
Hi, We are doing it using Kerberos. It's (relatively speaking) easy. First, read and follow the step described in http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp to make your Linux server interoperate with the AD KDC. Then set saslauthd to use Kerberos instead of PAM : saslauthd -n0 -a kerberos5 The -n0 is required as saslauthd with the kerberos5 plugin seriously leak memory on RedHat 7.3. That's about it ... if you have questions, feel free to ask ! On Wed, Dec 03, 2003 at 02:36:51PM +, Alain Williams wrote: Hi, I am seeking advice on how to authenticate Cyrus off a Microsoft Active directory server. The users will not have Linux accounts, I don't want to modify AD at all - the only Linux is the web mail, so I don't want to insert the extra (unix) fields into the database. I have saslauthd currently working off pam. I don't mind if I authenticate using kerberos or ldap - whatever works. I am running Cyrus and Sasl 2.1.15 on top of SuSE Linux (enterprise server 8). Uses will (mainly) access cyrus via horde/imp webmail. Can anyone give a simple HOWTO for this ? Many thanks. -- Alain Williams #include std_disclaimer.h FATHERS-4-JUSTICE - Campaigning for equal rights for parents and the best interests of our children. See http://www.fathers-4-justice.org -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED]
Mailbox hierarchy separator for MUPDATE ?
Hi, I have unixhierarchysep: yes setted on my mupdate master server. When I try : 1070309509try FIND user/test123 1070309509try OK Search completed But it work with '.' as the separator : 1070309494try FIND user.test123 1070309494try MAILBOX {12+} user.test123 {15+} backend1!part01 {18+} test123 lrswipcda try OK Search completed 1070309494* BYE Connection reset by peer What I conclude is that the '.' is always the hierarchy separator, whatever the value of unixhierarchysep is. If this is true, does that mean that it is not legal to have mailbox name with '.' in them in Cyrus Murder ? Thank you very much, -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED]
Re: Admin CGI
We cooked up our own, but Webcyradm may be what you want. On Tue, Nov 25, 2003 at 02:28:47PM -0800, Joakim Ryden wrote: Hey folks - does anyone have any nice perl/php/python/whatever CGI scripts that they use to administer their Cyrus installation(s) and feel like sharing? I suppose I could just write my own but no need to re-invent the wheel. --Jo -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED]