Re: mailboxes.db problem cont.
Many thanks to Scott Adkins and Joe Hrbek for all of their help.
Here are a couple of scripts that I wrote to rebuild the mailboxes.db.
The scripts do not take into account default domain, basic or no
directory hashing, multiple partitions, and possibly other things, but I
figured they might give someone a head start if they run into this
problem.
shell script repairMBoxDB
#!/bin/sh
#stop Cyrus imapd before running this script
#get the directories
ls -R /var/spool/imap/* | grep / /bin/scripts/mboxRepair/directories
#run perl repair script (this doesn't actually do any repairing)
/bin/scripts/mboxRepair/mboxRepair.pl
#cp the file to Cyrus' home directory and change the ownership
cp /bin/scripts/mboxRepair/newMBoxList /home/cyrus/
chown cyrus:mail /home/cyrus/newMBoxList
#save off the current mailboxes.db
mv /var/imap/mailboxes.db /var/imap/mailboxes.db.backup
#import the new mailbox list
su - cyrus -c umask 077 ; /usr/cyrus/bin/ctl_mboxlist -u
/home/cyrus/newMBoxList
#EOF
perl script mboxRepair.pl
#!/usr/bin/perl
openDirectoriesFile;
rewriteFormat;
scriptExit;
sub openDirectoriesFile {
my ($lSuccess, $lName);
$lName = directories;
$lSuccess = open (fhDirectories, /bin/scripts/mboxRepair/$lName);
if (!$lSuccess) {
print Didn't open . $lName . : $!\n;
scriptExit ();
}
}
sub scriptExit {
close (fhDirectories);
close (fhNewMBoxList);
exit();
}
sub rewriteFormat {
my ($lSuccess, $lNewLine, $lCount, $lArrayCount, $lSortedCount);
my (@lArray, @lUnsortedArray, @lSortedArray);
$lName = newMBoxList;
$lSuccess = open (fhNewMBoxList, /bin/scripts/mboxRepair/$lName);
if (!$lSuccess) {
print Didn't open . $lName . : $!\n;
scriptExit ();
}
$lArrayCount = 0;
while(fhDirectories){
chomp; # no newline
s/#.*//; # no comments
s/^\s+//; # no leading white
s/\s+$//; # no trailing white
next if ($_ =~ m/\/mail:$/); # no lines ending with
/mail:
s/:$//;# no ending colons
s/^\/var\/spool\/imap\///; # no /var/spool/imap/
next if ($_ !~ m/\//); # get rid of any line that
doesn't
have a /
s/domain\/[A-Z]//; # get rid of domain/A, domain/B,
domain/C, etc.
s/^\///; # no / at the beginning of
a line
next if ($_ !~ m/\//); # get rid of any line that
doesn't
have a /
next if ($_ !~ m/\/user\//); # get rid of any line that
doesn't
have /user
next unless length;# anything left?
@lArray = split (/, $_);
$lNewLine = sprintf (%s!%s.%s, $lArray[0], $lArray[2],
$lArray[3]);
$lCount = 4;
while ($lArray[$lCount]) {
$lNewLine = sprintf (%s.%s, $lNewLine, $lArray[$lCount]);
$lCount++;
}
#now we are going to put it into an array so we can sort it
$lUnsortedArray[$lArrayCount] = $lNewLine;
$lArrayCount++;
}
@lSortedArray = sort { $a cmp $b } @lUnsortedArray;
#now take the sorted array and put it in the proper format and
#write it to a file
while ($lSortedArray[$lSortedCount]) {
@lArray = split (/\./, $lSortedArray[$lSortedCount]);
$lArray[2] =~ s/\^/\./;
my @lDomain = split (/!/, $lSortedArray[$lSortedCount]);
$lNewLine = sprintf ([EMAIL PROTECTED],
$lSortedArray[$lSortedCount], $lArray[2], $lDomain[0]);
print fhNewMBoxList . $lNewLine . \n;# write to a new
file
$lSortedCount++;
}
}
On Mon, 2003-09-29 at 08:52, Hank Beatty wrote:
It was indeed the tab at the end of each line that caused the problem. I
added the tab to the end of each line and implemented it about 3 PM
Saturday afternoon and brought the server back on line.
On Sun, 2003-09-28 at 12:14, Rob Siemborski wrote:
On Sat, 27 Sep 2003, Hank Beatty wrote:
Took dir.txt and converted it to the format of mboxlist file (except for
the tab on the end of each line. Not sure if this caused a problem)
This will likely cause a problem with the ACLs.
The above steps got POP working, but IMAP gives ???Mailbox does not
exist??? when trying to select the ???INBOX??? using squirrelmail.
I suspect this can be caused by a munged ACL.
I also tried using the reconstruct command before and after moving the
mailboxes.db to no avail. At this point I???m thinking of writing the
???m option of reconstruct unless anyone has some better ideas or has
already written something that might
mailboxes.db problem cont.
Just wanted to post an update and see if anyone had a better solution. I'm running a Red Hat 9 server with Cyrus imapd 2.2.1 BETA. Thursday at about 17:20 we started seeing alarms on our POP monitor for this server. We investigated and found that everyone after the letter 'c' had been removed from the DB. After looking through the logs we found that ctl_cyrusdb ran at 17:15. We're thinking that this somehow caused the problem. UnfortunatJust wanted to post an update and see if anyone had a better solution. I'm running a Red Hat 9 server with Cyrus imapd 2.2.1 BETA. Thursday at about 17:20 we started seeing alarms on our POP monitor for this server. We investigated and found that everyone after the letter 'c' had been removed from the DB. After looking through the logs we found that ctl_cyrusdb ran at 17:15. We're thinking that this somehow caused the problem. Unfortunately, we can???t say for sure. This is what we have done so far: Stopped cyrus Ran ???ctl_mboxlist ???d mboxlist??? Moved the mailboxes.db to another location Moved the db directory to another location Moved deliver.db to another location Did an ls on the directory structure and sent it to dir.txt Took dir.txt and converted it to the format of mboxlist file (except for the tab on the end of each line. Not sure if this caused a problem) Then did an undump of dir.txt back into mailboxes.db Started cyrus The above steps got POP working, but IMAP gives ???Mailbox does not exist??? when trying to select the ???INBOX??? using squirrelmail. I also tried using the reconstruct command before and after moving the mailboxes.db to no avail. At this point I???m thinking of writing the ???m option of reconstruct unless anyone has some better ideas or has already written something that might help. While writing the ???m option I might try to figure out why the ???f and ???r options of reconstruct didn???t appear to work in my case. I???m wondering if the ???f and ???r options don???t work because I???m using the fulldirhash option. Please help. Thanks, Hank
mailbox.db problem?
Hello, I'm running Cyrus imapd 2.2.1 BETA and around 5:20 yesterday some accounts started having problems logging into cyrus. It doesn't appear to be affecting everyone on the server. When I try to pop one of the accounts the error is [SYS/PERM] Unable to locate mail drop. This is on a Red Hat 9 box. I'm wondering if going into cyradm and add the mbox back would fix the problem? Or is there a better course of action. -- Hank Beatty [EMAIL PROTECTED]
Re: mailbox.db problem?
OK. It appears that all the mailboxes after the letter c do not appear in the mailboxes.db file anymore. Any new accounts are still being added properly. Any ideas on where to look to figure out what caused this? Any ideas on a way to fix it? I was thinking of running the reconstruct -m. I also did a test of one mailbox with reconstruct -f mailbox, but that did not seem to help. The mailbox still isn't in the mailboxes.db file. Thanks, Hank On Fri, 2003-09-26 at 10:21, Hank Beatty wrote: Hello, I'm running Cyrus imapd 2.2.1 BETA and around 5:20 yesterday some accounts started having problems logging into cyrus. It doesn't appear to be affecting everyone on the server. When I try to pop one of the accounts the error is [SYS/PERM] Unable to locate mail drop. This is on a Red Hat 9 box. I'm wondering if going into cyradm and add the mbox back would fix the problem? Or is there a better course of action. -- Hank Beatty [EMAIL PROTECTED]
Re: mailbox.db problem?
No. Bummer. :( I would really appreciate it if you could send me (or let me know where I could find) the scripts that are doing the backups that you mention. Hank On Fri, 2003-09-26 at 12:09, Simon Matter wrote: Do you happen to run my RPMs? If yes, then you should find a mailbox dump of last night in /var/lib/imap/backup/mboxlist.gz. There are also copies of the last week in mboxlist.1.gz, mboxlist.2.gz... HTH Simon OK. It appears that all the mailboxes after the letter c do not appear in the mailboxes.db file anymore. Any new accounts are still being added properly. Any ideas on where to look to figure out what caused this? Any ideas on a way to fix it? I was thinking of running the reconstruct -m. I also did a test of one mailbox with reconstruct -f mailbox, but that did not seem to help. The mailbox still isn't in the mailboxes.db file. Thanks, Hank On Fri, 2003-09-26 at 10:21, Hank Beatty wrote: Hello, I'm running Cyrus imapd 2.2.1 BETA and around 5:20 yesterday some accounts started having problems logging into cyrus. It doesn't appear to be affecting everyone on the server. When I try to pop one of the accounts the error is [SYS/PERM] Unable to locate mail drop. This is on a Red Hat 9 box. I'm wondering if going into cyradm and add the mbox back would fix the problem? Or is there a better course of action. -- Hank Beatty [EMAIL PROTECTED] -- Hank Beatty [EMAIL PROTECTED]
Fatal Error from chk_cyrus
I'm getting a fatal error when trying to check a mailbox. /usr/cyrus/bin/chk_cyrus -M [EMAIL PROTECTED] Examining mailbox: [EMAIL PROTECTED] bad mailbox [EMAIL PROTECTED] in chkmbox fatal error: fatal error I don't think this problem is isolated to the one mailbox though. I also cannot add new mailboxes to this server. When using cyradm to create the mailbox it doesn't error and acts like it creates the mailbox. It also appears to create the directory: find /var/spool/imap -name user /var/spool/imap/domain/R/starband.net/A/user/user In addition when I try to give permissions to cyrus to delete the [EMAIL PROTECTED] mailbox cyradm gives me a System I/O Error Thanks for any help. Please let me know if you need more information. -- Hank Beatty hbeatty.lists at earthlink.net
Re: sieve script not running?
On Tue, 2003-07-08 at 16:11, Ken Murchison wrote: Hank Beatty wrote: Ken, Thanks for all of your help. I still haven't gotten this to work and would like to insert some debugging stuff to go to syslog. Could you tell me where in the code I should start? I'd add some stuff to lmtpd.c:sieve_find_script() to make sure that the path to the script is correct and lmtpd.c:sieve_fileinto() which would print out the userid and mailbox and the result of deliver_mailbox(). I'm pretty certain that this is some kind of config/usage problem, since I've been using Sieve with 2.2 since the day I started working on the 2.2 branch. Are you using the 2.2.0 tarball or the latest 2.2 from CVS? Its entirely possible that there have been some Sieve related fixes sinve the 2.2.0 release. Thank you Ken. Once I pulled the CVS version, installed it, and placed my scripts they started working. Regards, -- Hank Beatty [EMAIL PROTECTED]
Re: sieve script not running?
On Mon, 2003-07-07 at 15:56, Ken Murchison wrote: Test your script/message combo by running the them through the sieve/test.c program in the distro. Once it works there, then you can work on lmtpd/timsieved problems. This seems to work: [EMAIL PROTECTED] scriptTestDir]# ./test 216. test.bc filing message '216.' into 'Junk Mail' but the script still doesn't work when the mail comes into the INBOX. Is there a way to turn on more logging to syslog? -- Hank Beatty [EMAIL PROTECTED]
Re: sieve script not running?
On Tue, 2003-07-08 at 08:26, Ken Murchison wrote: Not really, there isn't a lot of logging for sieve. Is your script activated? There shgould be a link from default.bc to your active script. Are the permissions on the script correct? It should be at least readable byt the cyrus user. It appears that both of those are true: [EMAIL PROTECTED] scriptTestDir]# ll /usr/sieve/domain/R/domain.net/W/user/ total 16 lrwxrwxrwx1 cyrusmail7 Jul 7 11:32 default.bc - test.bc -rw---1 cyrusmail 232 Jul 7 11:02 phpscript.bc -rw---1 cyrusmail 202 Jul 7 11:02 phpscript.script -rw---1 cyrusmail 116 Jul 8 07:57 test.bc -rw---1 cyrusmail 95 Jul 8 07:57 test.script Is it normal for the user created folders to be created under the mail directory? user/user/mail/Junk Mail@domain.net (\HasNoChildren) and does that change how the script should be written? -- Hank Beatty [EMAIL PROTECTED]
Re: sieve script not running?
On Tue, 2003-07-08 at 10:15, Ken Murchison wrote: Yes, in this case your script must read: fileinto INBOX/mail/Junk Mail; /* altnamespace: no */ OR fileinto mail/Junk Mail; /* altnamespace: yes */ Hmm. That didn't work either. I really appreciate your help. I just know it is something small missing somewhere. -- Hank Beatty [EMAIL PROTECTED]
Re: SMTP/IMAP Realm Problems
On Tue, 2003-07-08 at 10:56, Andrew Brink wrote: Hello I have finally figured out why my SMTP authentication is not working, because of a real problem, now I just need to know the best way to fix this. The problem is that sendmail is trying to send the FQDN as the realm (lets say neo.matrix.com) but my users are listed in sasl2 as [EMAIL PROTECTED] Now, I can add another user specifying the realm with -u as neo.matrix.com so the user is [EMAIL PROTECTED] and SMTP auth works like a charm, however, when I do this, I can no longer login with POP nor IMAP. This poses a problem. I suppose one workaround is to have two username for each user one at the shortdomain realm and one at the FQDN realm. This seams like a faulty workaround, and I bet there is a better way to make the two play nice with each other. Any advice would be appreciated. Andrew It appears that you can control what sendmail sends for auth info: http://www.sendmail.org/m4/smtp_auth.html toward the bottom of the page it tells how you can specify a map. Regards, -- Hank Beatty [EMAIL PROTECTED]
sieve script not running?
I'm working with the 2.2 version and have this sieve script:
require [fileinto];
if header :contains X-Spam-Flag YES {
fileinto Junk Mail;
}
The Junk Mail folder does exist:
user/username/INBOX.Drafts@domain.net (\HasNoChildren)
user/username/INBOX.Sent@domain.net (\HasNoChildren)
user/username/INBOX.Trash@domain.net (\HasNoChildren)
user/username/mail/Drafts@domain.net (\HasNoChildren)
user/username/mail/Family@domain.net (\HasNoChildren)
user/username/mail/Junk Mail@domain.net (\HasNoChildren)
user/username/mail/Sent@domain.net (\HasNoChildren)
user/username/mail/Trash@domain.net (\HasNoChildren)
user/username@domain.net (\HasChildren)
I can use sieveshell to upload and activate the script.
list
phpscript
test - active script
imapd.conf
##
# Global info's
##
configdirectory: /var/imap
partition-default: /var/spool/imap
unixhierarchysep: yes
altnamespace: yes
imapidresponse: no
##
# Autentification User rights
##
admins: cyrus murderbackend murderproxy
sasl_pwcheck_method: saslauthd
allowanonymouslogin: no
##
# Quota Message size limit
##
quotawarn: 90
autocreatequota: 10240
lmtp_overquota_perm_failure: yes
defaultacl: anyone lrs
##
# Virtual Domain Support
##
virtdomains: yes
singleinstancestore: yes
duplicatesuppression: yes
foolstupidclients: yes
hashimapspool: yes
sievedir: /usr/sieve
sieveusehomedir: no
The sieve script was created in:
ls /usr/sieve/domain/R/domain.net/W/username/
default.bc phpscript.bc phpscript.script test.bc test.script
The script isn't moving any of the mail that has the spam flag set. Does
anyone have any ideas?
--
Hank Beatty username[EMAIL PROTECTED]
Re: IMAP.so Perl problem
On Thu, 2003-06-19 at 18:00, Jim Norton wrote: Hello all: I have Cyrus 2.2.0 installed from sources. I appear to have a problem with some Perl scripts that try to load the IMAP.so ( perl install tree ). Though I built from sources and installed everything and even when into to the Perl directory and rebuilt and installed the perl stuff I still get this error when trying to run certain Perl scripts that work with Cyrus ( imap ): == Can't load '/usr/lib/perl5/site_perl/5.8.0/i586-linux-thread-multi/auto/Cyrus/IMAP/IMAP.so' for module Cyrus::IMAP: /usr/lib/perl5/site_perl/5.8.0/i586-linux-thread-multi/auto/Cyrus/IMAP/IMAP.so: undefined symbol: db_version at /usr/lib/perl5/5.8.0/i586-linux-thread-multi/DynaLoader.pm line 229. at /usr/lib/perl5/site_perl/5.8.0/i586-linux-thread-multi/Cyrus/IMAP/Admin.pm line 44 Compilation failed in require at /usr/lib/perl5/site_perl/5.8.0/i586-linux-thread-multi/Cyrus/IMAP/Admin.pm line 44. BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.0/i586-linux-thread-multi/Cyrus/IMAP/Admin.pm line 44. Compilation failed in require at ./add-cyrus-user.pl line 33. BEGIN failed--compilation aborted at ./add-cyrus-user.pl line 33. === So now it looks like db_version is undefined and is the cause of the problem. How do I go about fixing this? Thanks much. -Jim This is what I did on my system to fix the problem: mkdir /usr/lib/perl5/5.8.0/Cyrus mkdir /usr/lib/perl5/5.8.0/Cyrus/IMAP ln /usr/local/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/auto/Cyrus/IMAP/IMAP.so /usr/lib/perl5/5.8.0/IMAP.so ln /usr/local/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/Cyrus/IMAP.pm /usr/lib/perl5/5.8.0/Cyrus/IMAP.pm ln /usr/local/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/Cyrus/IMAP/Admin.pm /usr/lib/perl5/5.8.0/Cyrus/IMAP/Admin.pm ln /usr/local/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/Cyrus/IMAP/Shell.pm /usr/lib/perl5/5.8.0/Cyrus/IMAP/Shell.pm note that mine is i386 and yours is i586 hope this helps. Regards, -- Hank Beatty [EMAIL PROTECTED]
Re: Fwd: Problem with cyrus and virtdomains option
On Mon, 2003-06-16 at 06:44, Marco Pizzi wrote: Hello again, It looks like that sendmail strips away the domain of the receiver when it is recognized as local. Have you ever encountered this problem? Here is a portion of my sendmail.mc file that will leave the domain portion attached for local delivery: OSTYPE(linux)dnl define(`confBIND_OPTS',`-DNSRCH -DEFNAMES')dnl define(`confLOCAL_MAILER', `cyrusv2')dnl FEATURE(`nocanonify')dnl FEATURE(`always_add_domain')dnl FEATURE(`use_cw_file')dnl MAILER(`local')dnl MAILER(`smtp')dnl MAILER(`cyrusv2')dnl LOCAL_RULE_0 R$=L @ $=w . $: @ $1`@'$2special local names R$+ @ $j . $: $1 leave untouched if @$j R$+ @ $=w . $: $1`@'$2 regular local name') Rbb + $+ @ $=w . $#cyrusbb $: $1 --- Please note that this server is not an Internet facing mail server. Which means that any mail that makes it to this server should be for a mailbox that is actually on this server. Regards, -- Hank Beatty [EMAIL PROTECTED]
Re: Compiling Cyrus-Imap/Kerberos problems
On Thu, 2003-06-12 at 03:41, Christian Schlaefcke wrote: In file included from /usr/include/openssl/ssl.h:179, openssl is looking for it. You could use: --without-openssl If you need or want pop3s and imaps (and/or kerberos) support see the thread RH 9.0 ssl compiler error started on Friday, June 6th. Regards, -- Hank Beatty [EMAIL PROTECTED]
Re: Cyrus-Imap-2.2 with postfix
On Fri, 2003-06-06 at 09:43, Vernon A. Fort wrote: Has or does anyone use the 2.2 version with postfix. I cannot get any mail delivered to cyrus. the ususal statement (unknown user). I have created a user like cm [EMAIL PROTECTED] Set the imapd.conf file per the docs use the standard LMTP config within postfix Still no mail can be delivered outside of the default domain name. What should the master.cf file look like? Any help would be great Andy Vernon A. Fort (Andy) Provident Solutions, LLC (615) 427-4016 http://www.provident-solutions.com Is it possible that you have unixhierarchysep set to yes? If so, the command to create a mailbox would be: cm user/[EMAIL PROTECTED] Regards, -- Hank Beatty [EMAIL PROTECTED]
Re: Murder and Backend Authentication
Ken,
Thanks. This is exactly what I did. I was just getting ready to post a
follow-up to let everyone know.
Hank
- Original Message -
From: Ken Murchison [EMAIL PROTECTED]
To: Hank Beatty [EMAIL PROTECTED]
Cc: Rob Siemborski [EMAIL PROTECTED]; Cyrus-Info
[EMAIL PROTECTED]
Sent: Friday, January 31, 2003 4:34 PM
Subject: Re: Murder and Backend Authentication
Hank Beatty wrote:
OK. That makes sense. Are there any SASL mechs that can use PAM?
Like Rob said, just PLAIN, which will require you to use STARTTLS, which
is only in 2.2. That being said, since you will likely only have one or
two proxy admins, you could just put them in sasldb2 and use DIGEST-MD5.
- Original Message -
From: Rob Siemborski [EMAIL PROTECTED]
To: Hank Beatty [EMAIL PROTECTED]
Cc: Cyrus-Info [EMAIL PROTECTED]
Sent: Friday, January 31, 2003 3:18 PM
Subject: Re: Murder and Backend Authentication
You aren't offering any SASL mechanisms. I believe the 2.2 code even
supports STARTTLS (and therefore PLAIN).
You need to support a SASL mechanism that allows proxy authentication.
The regular IMAP login command isn't good enough.
-Rob
On Fri, 31 Jan 2003, Hank Beatty wrote:
And when I use imtest:
[root@draco root]# imtest -u hbeatty -a hbeatty localhost
S: * OK draco Cyrus IMAP4 v2.2.prealpha server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
SORT
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE
MUPDATE=mupdate://zeus.email.starband.net/
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN hbeatty {4}
S: + go ahead
C: omitted
S: L01 OK User logged in
Authenticated.
Security strength factor: 0
- Original Message -
From: Rob Siemborski [EMAIL PROTECTED]
To: Hank Beatty [EMAIL PROTECTED]
Cc: Cyrus-Info [EMAIL PROTECTED]
Sent: Friday, January 31, 2003 2:29 PM
Subject: Re: Murder and Backend Authentication
What SASL mechanism are you using between your frontend and
backends?
Or rather, what mechanisms are your backends advertising?
-Rob
On Fri, 31 Jan 2003, Hank Beatty wrote:
I'm working on getting a Murder setup and I can authenticate and
pull
mail
directly from the backend server.
However, when I try to proxy the connection I get this in
/var/log/messages
on the proxy/master:
Jan 31 13:40:35 zeus pop3[5437]: login: SERVER[192.168.247.241]
hbeatty
plaintext
Jan 31 13:40:35 zeus pop3[5437]: couldn't authenticate to
backend
server: no
mechanism available
Jan 31 13:40:35 zeus pop3[5437]: couldn't authenticate to
backend
server
I get this in /var/log/imapd.log on the backend server:
Jan 31 13:45:01 draco pop3[32718]: accepted connection
Jan 31 13:45:01 draco master[32724]: about to exec
/usr/cyrus/bin/pop3d
Jan 31 13:45:01 draco master[32688]: process 32718 exited,
status 0
Jan 31 13:45:01 draco pop3[32724]: executed
With this in mind it would seem that when using the proxy the
authentication
method is different somehow. Is this correct?
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 *
412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Murder and Backend Authentication
I'm thinking that in my case this isn't necessarily a problem because the clients will not be able to reach the back end servers so all communication will have to be proxied. Hank - Original Message - From: Rob Siemborski [EMAIL PROTECTED] To: Ken Murchison [EMAIL PROTECTED] Cc: Hank Beatty [EMAIL PROTECTED]; Cyrus-Info [EMAIL PROTECTED] Sent: Friday, January 31, 2003 4:35 PM Subject: Re: Murder and Backend Authentication On Fri, 31 Jan 2003, Ken Murchison wrote: Like Rob said, just PLAIN, which will require you to use STARTTLS, which is only in 2.2. That being said, since you will likely only have one or two proxy admins, you could just put them in sasldb2 and use DIGEST-MD5. This may break some clients, since they may then try to authenticate using DIGEST-MD5 to the backend (Say, via a referral), and then get upset when they can't. You really want a uniform authentication enviornment for the aggregator. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Murder Front End running as Slave
I'm trying to get a front end slave server working and this is what I'm seeing. When starting the services on the front end slave this is logged to /var/log/imapd.log: Feb 1 16:05:19 cepheus master[9045]: setrlimit: Unable to set file descriptors limit to -1: Operation not permitted Feb 1 16:05:19 cepheus master[9045]: retrying with 1024 (current max) Feb 1 16:05:19 cepheus master[9045]: process started Feb 1 16:05:20 cepheus master[9046]: about to exec /usr/cyrus/bin/ctl_cyrusdb Feb 1 16:05:20 cepheus ctl_cyrusdb[9046]: recovering cyrus databases Feb 1 16:05:20 cepheus ctl_cyrusdb[9046]: skiplist: recovered /var/imap/mailboxes.db (9 records, 880 bytes) in 0 seconds Feb 1 16:05:20 cepheus ctl_cyrusdb[9046]: done recovering cyrus databases Feb 1 16:05:20 cepheus master[9045]: ready for work Feb 1 16:05:20 cepheus master[9047]: about to exec /usr/cyrus/bin/ctl_cyrusdb Feb 1 16:05:20 cepheus master[9048]: about to exec /usr/cyrus/bin/proxyd Feb 1 16:05:20 cepheus ctl_cyrusdb[9047]: checkpointing cyrus databases Feb 1 16:05:20 cepheus imap[9048]: executed Feb 1 16:05:20 cepheus ctl_cyrusdb[9047]: archiving log file: /var/imap/db/log.01 Feb 1 16:05:20 cepheus ctl_cyrusdb[9047]: archiving database file: /var/imap/mailboxes.db Feb 1 16:05:20 cepheus ctl_cyrusdb[9047]: archiving log file: /var/imap/db/log.01 Feb 1 16:05:20 cepheus ctl_cyrusdb[9047]: done checkpointing cyrus databases Feb 1 16:05:20 cepheus master[9049]: about to exec /usr/cyrus/bin/proxyd Feb 1 16:05:20 cepheus master[9050]: about to exec /usr/cyrus/bin/pop3proxyd Feb 1 16:05:20 cepheus imaps[9049]: executed Feb 1 16:05:20 cepheus pop3[9050]: executed Feb 1 16:05:20 cepheus master[9051]: about to exec /usr/cyrus/bin/pop3proxyd Feb 1 16:05:20 cepheus master[9052]: about to exec /usr/cyrus/bin/mupdate Feb 1 16:05:20 cepheus master[9053]: about to exec /usr/cyrus/bin/lmtpproxyd Feb 1 16:05:20 cepheus imaps[9049]: imaps: required OpenSSL options not present Feb 1 16:05:20 cepheus pop3s[9051]: executed Feb 1 16:05:20 cepheus mupdate[9052]: executed Feb 1 16:05:20 cepheus master[9045]: process 9049 exited, status 75 Feb 1 16:05:20 cepheus lmtpunix[9053]: executed Feb 1 16:05:20 cepheus master[9045]: process 9047 exited, status 0 Feb 1 16:05:20 cepheus master[9056]: about to exec /usr/cyrus/bin/proxyd Feb 1 16:05:20 cepheus master[9057]: about to exec /usr/cyrus/bin/pop3proxyd Feb 1 16:05:20 cepheus imap[9056]: executed Feb 1 16:05:20 cepheus pop3[9057]: executed This on the front end slave in auth.log: Feb 1 16:05:20 cepheus mupdate[9055]: DIGEST-MD5 client step 2 This on the master in imapd.log: Feb 1 16:14:22 zeus mupdate[7313]: accepted connection This on the master in auth.log: Feb 1 16:14:22 zeus mupdate[7317]: DIGEST-MD5 server step 1 So, this indicates to me that the slave is communicating with the master and the databases are being synced. Now when I telnet localhost 110 on the front end slave I don't get a banner: [root@cepheus root]# telnet localhost 110 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Which would indicate to me that the pop3proxyd is still waiting on something, but I don't know what. Am I wrong about the databases being synced? Is there a way to tell?
Re: Murder and Backend Authentication
On Sat, Feb 1, 2003, Rob Siemborski wrote: On Sat, 1 Feb 2003, Hank Beatty wrote: I'm thinking that in my case this isn't necessarily a problem because the clients will not be able to reach the back end servers so all communication will have to be proxied. This is not the way the aggregator works. It is always possible (and sometimes required, especailly for administrative operations) for a frontend to refer a client to the backend for particular operations. This sounds like that when a connection is referred it no longer passes thru the front end server. Rather there is a direct connection made from the client to the back end. Is this correct? If so, I'm assuming that this would only be the case for IMAP operations and not POP. This is a large performace win for clients which susport referrals (and as I said above, is necessary for some administrative operations). -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: Murder Front End running as Slave
I answered my own question. Had to do with entropy. - Original Message - From: Hank Beatty [EMAIL PROTECTED] To: Cyrus-Info [EMAIL PROTECTED] Sent: Saturday, February 01, 2003 4:33 PM Subject: Murder Front End running as Slave I'm trying to get a front end slave server working and this is what I'm seeing. When starting the services on the front end slave this is logged to /var/log/imapd.log: Feb 1 16:05:19 cepheus master[9045]: setrlimit: Unable to set file descriptors limit to -1: Operation not permitted Feb 1 16:05:19 cepheus master[9045]: retrying with 1024 (current max) Feb 1 16:05:19 cepheus master[9045]: process started Feb 1 16:05:20 cepheus master[9046]: about to exec /usr/cyrus/bin/ctl_cyrusdb Feb 1 16:05:20 cepheus ctl_cyrusdb[9046]: recovering cyrus databases Feb 1 16:05:20 cepheus ctl_cyrusdb[9046]: skiplist: recovered /var/imap/mailboxes.db (9 records, 880 bytes) in 0 seconds Feb 1 16:05:20 cepheus ctl_cyrusdb[9046]: done recovering cyrus databases Feb 1 16:05:20 cepheus master[9045]: ready for work Feb 1 16:05:20 cepheus master[9047]: about to exec /usr/cyrus/bin/ctl_cyrusdb Feb 1 16:05:20 cepheus master[9048]: about to exec /usr/cyrus/bin/proxyd Feb 1 16:05:20 cepheus ctl_cyrusdb[9047]: checkpointing cyrus databases Feb 1 16:05:20 cepheus imap[9048]: executed Feb 1 16:05:20 cepheus ctl_cyrusdb[9047]: archiving log file: /var/imap/db/log.01 Feb 1 16:05:20 cepheus ctl_cyrusdb[9047]: archiving database file: /var/imap/mailboxes.db Feb 1 16:05:20 cepheus ctl_cyrusdb[9047]: archiving log file: /var/imap/db/log.01 Feb 1 16:05:20 cepheus ctl_cyrusdb[9047]: done checkpointing cyrus databases Feb 1 16:05:20 cepheus master[9049]: about to exec /usr/cyrus/bin/proxyd Feb 1 16:05:20 cepheus master[9050]: about to exec /usr/cyrus/bin/pop3proxyd Feb 1 16:05:20 cepheus imaps[9049]: executed Feb 1 16:05:20 cepheus pop3[9050]: executed Feb 1 16:05:20 cepheus master[9051]: about to exec /usr/cyrus/bin/pop3proxyd Feb 1 16:05:20 cepheus master[9052]: about to exec /usr/cyrus/bin/mupdate Feb 1 16:05:20 cepheus master[9053]: about to exec /usr/cyrus/bin/lmtpproxyd Feb 1 16:05:20 cepheus imaps[9049]: imaps: required OpenSSL options not present Feb 1 16:05:20 cepheus pop3s[9051]: executed Feb 1 16:05:20 cepheus mupdate[9052]: executed Feb 1 16:05:20 cepheus master[9045]: process 9049 exited, status 75 Feb 1 16:05:20 cepheus lmtpunix[9053]: executed Feb 1 16:05:20 cepheus master[9045]: process 9047 exited, status 0 Feb 1 16:05:20 cepheus master[9056]: about to exec /usr/cyrus/bin/proxyd Feb 1 16:05:20 cepheus master[9057]: about to exec /usr/cyrus/bin/pop3proxyd Feb 1 16:05:20 cepheus imap[9056]: executed Feb 1 16:05:20 cepheus pop3[9057]: executed This on the front end slave in auth.log: Feb 1 16:05:20 cepheus mupdate[9055]: DIGEST-MD5 client step 2 This on the master in imapd.log: Feb 1 16:14:22 zeus mupdate[7313]: accepted connection This on the master in auth.log: Feb 1 16:14:22 zeus mupdate[7317]: DIGEST-MD5 server step 1 So, this indicates to me that the slave is communicating with the master and the databases are being synced. Now when I telnet localhost 110 on the front end slave I don't get a banner: [root@cepheus root]# telnet localhost 110 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Which would indicate to me that the pop3proxyd is still waiting on something, but I don't know what. Am I wrong about the databases being synced? Is there a way to tell?
Murder and Backend Authentication
I'm working on getting a Murder setup and I can authenticate and pull mail directly from the backend server. However, when I try to proxy the connection I get this in /var/log/messages on the proxy/master: Jan 31 13:40:35 zeus pop3[5437]: login: SERVER[192.168.247.241] hbeatty plaintext Jan 31 13:40:35 zeus pop3[5437]: couldn't authenticate to backend server: no mechanism available Jan 31 13:40:35 zeus pop3[5437]: couldn't authenticate to backend server I get this in /var/log/imapd.log on the backend server: Jan 31 13:45:01 draco pop3[32718]: accepted connection Jan 31 13:45:01 draco master[32724]: about to exec /usr/cyrus/bin/pop3d Jan 31 13:45:01 draco master[32688]: process 32718 exited, status 0 Jan 31 13:45:01 draco pop3[32724]: executed With this in mind it would seem that when using the proxy the authentication method is different somehow. Is this correct?
Re: Murder and Backend Authentication
My conf file looks like this:
##
# Global info's
##
configdirectory: /var/imap
partition-default: /var/spool/imap
unixhierarchysep: yes
altnamespace: yes
imapidresponse: no
##
# Authentification User rights
##
admins: cyrus murderbackend murderproxy
sasl_pwcheck_method: saslauthd
allowanonymouslogin: no
sasl_mech_list: PLAIN LOGIN
# sasl_auto_transition: yes
##
# Quota Message size limit
##
quotawarn: 90
autocreatequota: 10240
# maxmessagesize: 10485760
lmtp_overquota_perm_failure: no
##
# ACL
##
defaultacl: anyone lrs
##
# Virtual Domain Support
##
virtdomains: yes
defaultdomain: starburn.net
##
# mupdate parameters
##
mupdate_authname: cyrus
mupdate_password: SuperSecretPassword :)
mupdate_port: 2004
#mupdate_realm:
mupdate_retry_delay: 20
mupdate_server: zeus.email.starband.net
mupdate_workers_start: 5
mupdate_workers_minspare: 2
mupdate_workers_maxspare: 10
mupdate_workers_max: 50
mupdate_username: cyrus
proxyservers: murderproxy
And when I use imtest:
[root@draco root]# imtest -u hbeatty -a hbeatty localhost
S: * OK draco Cyrus IMAP4 v2.2.prealpha server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE
MUPDATE=mupdate://zeus.email.starband.net/
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN hbeatty {4}
S: + go ahead
C: omitted
S: L01 OK User logged in
Authenticated.
Security strength factor: 0
- Original Message -
From: Rob Siemborski [EMAIL PROTECTED]
To: Hank Beatty [EMAIL PROTECTED]
Cc: Cyrus-Info [EMAIL PROTECTED]
Sent: Friday, January 31, 2003 2:29 PM
Subject: Re: Murder and Backend Authentication
What SASL mechanism are you using between your frontend and backends?
Or rather, what mechanisms are your backends advertising?
-Rob
On Fri, 31 Jan 2003, Hank Beatty wrote:
I'm working on getting a Murder setup and I can authenticate and pull
mail
directly from the backend server.
However, when I try to proxy the connection I get this in
/var/log/messages
on the proxy/master:
Jan 31 13:40:35 zeus pop3[5437]: login: SERVER[192.168.247.241] hbeatty
plaintext
Jan 31 13:40:35 zeus pop3[5437]: couldn't authenticate to backend
server: no
mechanism available
Jan 31 13:40:35 zeus pop3[5437]: couldn't authenticate to backend server
I get this in /var/log/imapd.log on the backend server:
Jan 31 13:45:01 draco pop3[32718]: accepted connection
Jan 31 13:45:01 draco master[32724]: about to exec /usr/cyrus/bin/pop3d
Jan 31 13:45:01 draco master[32688]: process 32718 exited, status 0
Jan 31 13:45:01 draco pop3[32724]: executed
With this in mind it would seem that when using the proxy the
authentication
method is different somehow. Is this correct?
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper
Re: Murder and Backend Authentication
OK. That makes sense. Are there any SASL mechs that can use PAM?
- Original Message -
From: Rob Siemborski [EMAIL PROTECTED]
To: Hank Beatty [EMAIL PROTECTED]
Cc: Cyrus-Info [EMAIL PROTECTED]
Sent: Friday, January 31, 2003 3:18 PM
Subject: Re: Murder and Backend Authentication
You aren't offering any SASL mechanisms. I believe the 2.2 code even
supports STARTTLS (and therefore PLAIN).
You need to support a SASL mechanism that allows proxy authentication.
The regular IMAP login command isn't good enough.
-Rob
On Fri, 31 Jan 2003, Hank Beatty wrote:
And when I use imtest:
[root@draco root]# imtest -u hbeatty -a hbeatty localhost
S: * OK draco Cyrus IMAP4 v2.2.prealpha server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE
MUPDATE=mupdate://zeus.email.starband.net/
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN hbeatty {4}
S: + go ahead
C: omitted
S: L01 OK User logged in
Authenticated.
Security strength factor: 0
- Original Message -
From: Rob Siemborski [EMAIL PROTECTED]
To: Hank Beatty [EMAIL PROTECTED]
Cc: Cyrus-Info [EMAIL PROTECTED]
Sent: Friday, January 31, 2003 2:29 PM
Subject: Re: Murder and Backend Authentication
What SASL mechanism are you using between your frontend and backends?
Or rather, what mechanisms are your backends advertising?
-Rob
On Fri, 31 Jan 2003, Hank Beatty wrote:
I'm working on getting a Murder setup and I can authenticate and
pull
mail
directly from the backend server.
However, when I try to proxy the connection I get this in
/var/log/messages
on the proxy/master:
Jan 31 13:40:35 zeus pop3[5437]: login: SERVER[192.168.247.241]
hbeatty
plaintext
Jan 31 13:40:35 zeus pop3[5437]: couldn't authenticate to backend
server: no
mechanism available
Jan 31 13:40:35 zeus pop3[5437]: couldn't authenticate to backend
server
I get this in /var/log/imapd.log on the backend server:
Jan 31 13:45:01 draco pop3[32718]: accepted connection
Jan 31 13:45:01 draco master[32724]: about to exec
/usr/cyrus/bin/pop3d
Jan 31 13:45:01 draco master[32688]: process 32718 exited, status 0
Jan 31 13:45:01 draco pop3[32724]: executed
With this in mind it would seem that when using the proxy the
authentication
method is different somehow. Is this correct?
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper
Re: SASL Docs
David, I have a setup where I have Cyrus is using saslauthd. Saslauthd is setup to use PAM. Pam is using PAM_LDAP and PAM_LDAP is authenticating against a MS AD domain controller. That was probably the long way around, but it made sense at the time. If you (or anyone else) is interested in how I did this let me know.
Fw: pop3d unstable
Patrick, I seem to be having the same problem, but don't understand your solution. What do you mean running out of entophy and do you know how to fix it? - Original Message - From: Patrick Boutilier [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, October 30, 2002 12:00 PM Subject: Re: pop3d unstable You might be running out of entrophy. What happens when you: cat /dev/random ? Felix Cuello wrote: Hello, i'm using cyrus-2.1.9 and sasl 2.1.9, and pop3d sometimes doesn't respond. That means, when I do this: [root@sinclair tmp]# telnet localhost 110 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. pop3d does't respond... but [root@sinclair tmp]# telnet localhost 143 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * OK sinclair Cyrus IMAP4 v2.1.9 server ready quickly show me OK. --- This problem only occurs into my production server, in fact in my desktop computer all works fine... with exactly the same configuration and packages Do you know where can I start? Thanks a lot, Sorry for my poor english, Felix ___ http://www.palermo.edu ___
Re: configure --without-krb fails, looking for Kerberos
Actually no. I read it as --with-auth=AnythingButKerberos :-) There are many ways to configure unix auth. I'm using the saslauthd which points to PAM which then points to a MS Active Directory server. - Original Message - From: Ian McDonald [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 29, 2002 7:40 AM Subject: Re: configure --without-krb fails, looking for Kerberos - Original Message - From: Lists [EMAIL PROTECTED] To: Cyrus-Info [EMAIL PROTECTED] Sent: Monday, October 28, 2002 6:34 PM Subject: Re: configure --without-krb fails, looking for Kerberos Ian, Try using --with-auth=unix instead of --without-des Does this bit of the manual mean that if I do not want to store authorization information in /etc/passwd, because the mailbox users have nothing to do with the unix users, I need to use Kerberos? From install-compile.html: --with-auth=METHOD Specifies the authorization (group membership) module to use. Currently implemented authorization modules are: unix Unix /etc/passwd and /etc/group file krb Kerberos principals (requires Kerberos libraries). Optionally, specify where to find Kerberos v4 with --with-krb=DIR IMPORTANT: The Kerberos v4 support requires the DES library. Some vendor distributions of Kerberos, including the one with Solaris, do not have this support and cannot be used. krb_pts Kerberos principals with AFS PTserver groups (requires Kerberos and AFS libraries). Optionally, specify where the AFS libraries are found with --with-afs=PATH. Also requires krb support as above. Any method of authenticating with SASL can be used with any authorization module.
IOERROR
Title: IOERROR Hello, I'm working with the version 2.2 code from cvs. Whenever I create a new user via cyradm it seems to take a while for the mailbox to become available. Is this normal? In addition, whenever a created user logs in this is logged: Oct 25 08:59:18 draco ctl_cyrusdb[9098]: archiving database file: /var/imap/mailboxes.db Oct 25 08:42:03 draco imap[9023]: IOERROR: opening /var/imap/user/W/hbeatty.sub: No such file or directory This was also logged when I clicked on the Inbox: Oct 25 09:03:31 draco imap[9099]: login: [10.78.249.24] hbeatty plaintext Oct 25 09:03:31 draco pop3[9123]: executed Oct 25 09:03:36 draco imap[9099]: IOERROR: opening /var/imap/user/W/hbeatty.seen: No such file or directory Oct 25 09:03:36 draco imap[9099]: DBERROR: opening /var/imap/user/W/hbeatty.seen: cyrusdb error Oct 25 09:03:36 draco imap[9099]: Could not open seen state for hbeatty (System I/O error) Oct 25 09:03:36 draco imap[9099]: open: user hbeatty opened INBOX What did I miss? Did I not create something right? Here is a copy of my imapd.conf: configdirectory: /var/imap partition-default: /var/spool/imap unixhierarchysep: yes altnamespace: yes imapidresponse: no admins: cyrus sasl_pwcheck_method: saslauthd allowanonymouslogin: no quotawarn: 90 autocreatequota: 10240 lmtp_overquota_perm_failure: no defaultacl: anyone lrs virtdomains: yes defaultdomain: starburn.net singleinstancestore: yes duplicatesuppression: yes foolstupidclients: yes hashimapspool: yes
Creating users with Cyradm
I downloaded the v2.2 code from cvs because I want the virtual domain support. When I try to run this: cyradm localhost it just hangs and this shows up in my log: Oct 23 08:19:40 draco perl: unable to dlopen /usr/lib/sasl2/libkerberos4.so.2: /usr/lib/sasl2/libkerberos4.so.2: undefined symbol: krb_err_txt Oct 23 08:19:40 draco imap[9992]: unable to dlopen /usr/lib/sasl2/libkerberos4.so.2: /usr/lib/sasl2/libkerberos4.so.2: undefined symbol: krb_err_txt Oct 23 08:19:40 draco imap[7246]: DIGEST-MD5 server step 1 Oct 23 08:19:40 draco imap[9992]: unable to dlopen /usr/lib/sasl2/libkerberos4.so.2: /usr/lib/sasl2/libkerberos4.so.2: undefined symbol: krb_err_txt It looks like it is trying to use kerberos to auth, but I compiled with out kerberos. I know I'm probably not giving enough information. Any ideas? Thanks
