IOERROR: conversations_audit on store
I am using Cyrus 3.2.2 on Debian Buster 10 (package from buster-
backports).
I am having lots of errors similar to these in the logs:
cyrus/imaps[24052]: IOERROR: conversations_audit on store:
/var/lib/cyrus/user/e/example.conversations Bff62cd0852db22e1 0 (1452110 1 0 0
() ((1 1452109 1 1 0)) () foobar. 0 () 1452109)
The same problem happend with Cyrus 3.0.x and seems to happen often for
specific users, usually with big mailboxes (one of them 40GB+). When
upgrading to 3.2.2, I ran
reconstruct -V max
ctl_conversationsdb -b -r
quota -f
dav_reconstruct -a
as per the instructions given in the documentation.
/var/lib/cyrus and /var/spool/cyrus are on ext4, Linux kernel at this
moment is 5.4.48 (also happend with different kernels).
imapd.conf:
configdirectory: /var/lib/cyrus
proc_path: /run/cyrus/proc
mboxname_lockpath: /run/cyrus/lock
defaultpartition: default
partition-default: /var/spool/cyrus/mail
partition-news: /var/spool/cyrus/news
altnamespace: yes
unixhierarchysep: yes
lmtp_downcase_rcpt: yes
admins: cyradm
allowanonymouslogin: no
popminpoll: 1
autocreate_quota: 500
umask: 077
sieveusehomedir: false
sievedir: /var/spool/sieve
httpmodules: caldav carddav
hashimapspool: true
allowplaintext: yes
sasl_mech_list: PLAIN
sasl_saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux
sasl_minimum_layer: 128
sasl_pwcheck_method: saslauthd
sasl_auto_transition: no
tls_server_cert: /etc/letsencrypt/live/ai.vub.ac.be/fullchain.pem
tls_server_key: /etc/letsencrypt/live/ai.vub.ac.be/privkey.pem
tls_client_ca_dir: /etc/ssl/certs
tls_session_timeout: 1440
tls_ciphers: TLSv1.2:+TLSv1:+HIGH:!aNULL:@STRENGTH
tls_versions: tls1_0 tls1_1 tls1_2
lmtpsocket: /run/cyrus/socket/lmtp
idlesocket: /run/cyrus/socket/idle
notifysocket: /run/cyrus/socket/notify
syslog_prefix: cyrus
delete_mode: delayed
expunge_mode: delayed
sync_log: on
sync_log_channels: squatter
conversations: 1
cyrus.conf:
START {
recover cmd="/usr/sbin/cyrus ctl_cyrusdb -r"
idled cmd="idled"
}
SERVICES {
imapcmd="imapd -U 30" listen="imap" prefork=0 maxchild=100
imaps cmd="imapd -s -U 30" listen="imaps" prefork=0
maxchild=100
pop3cmd="pop3d -U 30" listen="pop3" prefork=0 maxchild=50
pop3s cmd="pop3d -s -U 30" listen="pop3s" prefork=0
maxchild=50
httpcmd="httpd -U 30 -p 256" listen="localhost:8008"
prefork=0 maxchild=100
lmtpunixcmd="lmtpd"
listen="/var/spool/postfix/var/run/cyrus/socket/lmtp" prefork=0 maxchild=20
sieve cmd="timsieved" listen="sieve" prefork=0 maxchild=100
notify cmd="notifyd" listen="/run/cyrus/socket/notify"
proto="udp" prefork=1
}
EVENTS {
checkpoint cmd="/usr/sbin/cyrus ctl_cyrusdb -c" period=30
delprunecmd="/usr/sbin/cyrus expire -E 3" at=0401
tlsprunecmd="/usr/sbin/cyrus tls_prune" at=0415
deleteprune cmd="/usr/sbin/cyrus expire -E 4 -D 28" at=0430
expungeprunecmd="/usr/sbin/cyrus expire -E 4 -X 28" at=0445
squatter1 cmd="/usr/bin/nice -n 19 /usr/sbin/cyrus squatter -i"
period=120
squattera cmd="/usr/bin/nice -n 19 /usr/sbin/cyrus squatter -i"
at=0517
}
Any idea what is going wrong?
--
Frederik Himpe
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: UID THREAD REFS US-ASCII ALL slow / stalls forever on one folder.
Hi Thanks for the debugging hints! client_timeout sat to 30M and the UID THREAD REFS US-ASCII ALL actually completes. But first after ~10 mins on a CPU: Intel(R) Celeron(R) CPU N2930 @ 1.83GHz (1833.38-MHz K8-class CPU) and after 69.484 secs on a CPU: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz (The same jail, moved to faster hardware) 63994 messages in around 40k threads. What could cause the much spent time building the thread data? version is still 3.2.2, but 3.0.13 shows the same behavior. The thread output of the slow folder is here FWIW https://pastebin.com/PpiJ8X2E Regards /Jesper On 03.07.2020 01.52, ellie timoney wrote: Hi, I think I would do something like: 0) set client_timeout to a big value (see below) 1) let the imapd start normally 2) connect to it with a minimal imap client (like imtest or telnet) 3) check logs to see which imapd process id your client is connected to (if there's more than one) 4) use the "gdb /path/to/binary pid" invocation to attach gdb to the running imap process 5) repeat #4 in a few different ways if it's unable to find symbols 6) set a breakpoint on the cmd_thread function (since that's what handles the THREAD command) and then continue 7) back in your imap client, send the UID THREAD REFS US-ASCII ALL" command and step through to see what happens Note that these are not exhaustive steps, more of a "get started, and then react accordingly, depending on what you see" I would also try variations of that THREAD command -- if you add/remove options, does it start working? Can you isolate the problem to a specific combination of options? Does it only happen for some mailboxes? You probably want to set client_timeout to a big value. The default is 10 seconds, so the server will probably throw your client off while you're reading output from gdb, and then you'll wind up debugging the "disconnect an unresponsive client code" instead. I usually set this to be 30 minutes or so for debugging. For 3.2 and newer, you can spell this as "30m". For older versions, the value is in seconds, so you want "1800". Permissions may be awkward. You will need to be the cyrus user (or root) to connect gdb to the running imapd, but you will also need permission to read the source that it was built from, which is probably not owned by the cyrus user. In my case it's under my user account's home directory, so I add the cyrus user to my user account's group, and make sure the path to the source directory is g+rx (because I don't like running gdb as root). Cheers, ellie On Fri, Jul 3, 2020, at 5:23 AM, Jesper Schmitz Mouridsen via Info-cyrus wrote: Hi. I recently upgraded Cyrus to 3.2.2 from 3.0.13. Now threading "UID THREAD REFS US-ASCII ALL" on one specific folder with >50K mails, makes imapd process use 100 CPU% without any progress. truss[1] or dtrace shows no output. The process seems totally stuck. I installed in a FreeBSD 12.1 jail. Any hints beside the online docs of how to use gdb to see what is going one. I could not make imapd run under gdb even with the -D option and debug_command setting or reading https://www.cyrusimap.org/imap/developer/developer-testing.html?highlight=debug It is fast enough on other folders also with ~50k mails < 3 secs. Any hints, highly appreciated :-) [1] https://www.freebsd.org/cgi/man.cgi?truss Regards Jesper Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
UID THREAD REFS US-ASCII ALL slow / stalls forever on one folder.
Hi. I recently upgraded Cyrus to 3.2.2 from 3.0.13. Now threading "UID THREAD REFS US-ASCII ALL" on one specific folder with >50K mails, makes imapd process use 100 CPU% without any progress. truss[1] or dtrace shows no output. The process seems totally stuck. I installed in a FreeBSD 12.1 jail. Any hints beside the online docs of how to use gdb to see what is going one. I could not make imapd run under gdb even with the -D option and debug_command setting or reading https://www.cyrusimap.org/imap/developer/developer-testing.html?highlight=debug It is fast enough on other folders also with ~50k mails < 3 secs. Any hints, highly appreciated :-) [1] https://www.freebsd.org/cgi/man.cgi?truss Regards Jesper Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyrus-imapd exporting databases failed on shutdown - deliver.db.skiplist 2048M
> 2020. 06. 20, szombat keltezéssel 21.31-kor Simon Matter ezt írta: >> Hi, >> >> The question is why is the deliver db > 2GB in skiplist format? Is it >> normal or do you have a corrupt BDB db or does your db pruning not work >> for deliverdb. I think that should be something like 'delprune >> cmd="cyr_expire -D 7 -E 3 -X 7" at=0400' in cyrus.conf. >> >> I think the easiest way would be to make sure you have pruning >> configured >> correctly, then change config of deliver db to skiplist, and start >> without >> a db so a new, empty deliver db is created. >> >> Then have an eye on the db file to see if it grows again to almost 2GB. >> If >> it doesn't grow so much, you should be fine. >> >> Regards, >> Simon > > Hi, > > Something definitely not seems fine: > > -bash-3.2$ /usr/lib/cyrus-imapd/cyr_expire -E 3 -D 7 -X 7 -v Please make sure the options here are also valid for your cyrus version. However, I also guess your deliver.db is corrupted somehow. From my own experience skiplist dbs are easier to handle than bdb and using skiplist only has not shown any issues. Regards, Simon > > expunged 0 out of 0 messages from 0 mailboxes > > The deliver.db still about 48MB. > > Tomorrow I will continue. > > Thanks, > István > Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyrus-imapd exporting databases failed on shutdown - deliver.db.skiplist 2048M
> Hi, > > I run into a problem on an old clearos server, where the cyrus shutdown > always failed at step exporting databases. > As I checked the situation using ps ax on an other console, I found > that, it was exporting deliver.db.skiplist file, which failed after a > lng time (some minutes). > I checked that file on the filesystem, I saw the file size is 2048MB, > which seems a limit for me and I suspect the problem should be that, > the 32 bit cyrus cannot write more data to that file and caused the > problem. > As I read the db_export.log, that confirmed my theory, file size limit > exceeded. Hi, The question is why is the deliver db > 2GB in skiplist format? Is it normal or do you have a corrupt BDB db or does your db pruning not work for deliverdb. I think that should be something like 'delprune cmd="cyr_expire -D 7 -E 3 -X 7" at=0400' in cyrus.conf. I think the easiest way would be to make sure you have pruning configured correctly, then change config of deliver db to skiplist, and start without a db so a new, empty deliver db is created. Then have an eye on the db file to see if it grows again to almost 2GB. If it doesn't grow so much, you should be fine. Regards, Simon Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: CalDav CardDav webmail client ?
Am Mittwoch, 17. Juni 2020, 14:39:36 CEST schrieb ego...@sarenet.es:
> Although we at present, are not running Cyrus Caldav/Carddav, Davical
> instead (it comes from long time ago), we are running Roundcube. I adapted
> the Caldav Kolab plugin in order to even support Free/Busy and for fixing
> some bug… I should have uploaded it to Github or wherever, but I have not
> have time for getting it ready for that. By the way, it’s not done for
> Roundcube 1.4. It’s for Roundcube 1.3. We even use Caldavzap (with a lot
> of js work too) with Roundcube as tasks plugin too.
Thanks for that tip,
but it seems requiring PHP5 (which is obsolete today) and don't get any
secuity updates anymore.
It seems that even many other famous open source projects for CalDAV/CardDAV
servers stacks are still more maintained - including i.e. Apples Darwin
Calendar Servers (DCS):
https://www.calendarserver.org/
We use Cyrus IMAP with Horde5 to provide CalDAV/CardDAV as "MS Exchange Sync"
emulation ("newer ActiveSync") "out of one box" plus a "nice" (responsive)
Groupware web GUI, but the Calendar / Adressbook server stack is still used
from Horde (on SQL) while Cyrus serves the Emails for Horde only. Horde5 now
works on PHP7.x and is still maintained.
It would be nice to get that Horde5 stack completely run with Cyrus as this
would offer even more compatibility / protocols as the very known "Cyrus
robustness"...ß) ...and on the longer run Horde out of the path for
compatible clients / users.
just my .02$
niels.
--
---
Niels Dettenbach
Syndicat IT & Internet
http://www.syndicat.com
PGP: https://syndicat.com/pub_key.asc
---
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Correct use of cyr_expire on replicas when expire annotations are in use
What flags should I supply to cyr_expire in a replication configuration when I have expire annotations in use? I have a replication relationship from a 2.5.12 machine (in the process of being replaced, but currently the master) to a 3.0.8-6+deb10u4 (as replica). I have had problems with old messages not being deleted on the replica, and found I was not running cyr_expire on the replica. I have configured it, so I have: master: cmd="cyr_expire -E 7 -X 3 -D 3" at=0100 slave: cmd="cyr_expire -E 7 -X 3 -D 3" at=0300 Since I installed this, I have had periodic replication failures. What seems to happen is this: MAILBOX received NO response: IMAP_SYNC_CHECKSUM Checksum Failure CRC failure on sync for user.igb.routine, trying full update SYNCNOTICE: highestmodseq higher on replica user.igb.routine, updating 49317 => 49321 SYNCERROR: guid mismatch user.igb.routine 46708 (890a6db331aaccd8c423bbff598bb81bc3c19146 87fb316dea9c9dbbed691d11759b7b1e000d5487) FETCH received NO response: IMAP_PROTOCOL_BAD_PARAMETERS SYNCNOTICE: failed to prepare update for user.igb.routine: The remote Server(s) denied the operation do_folders(): update failed: user.igb.routine 'The remote Server(s) denied the operation' MAILBOX received NO response: IMAP_SYNC_CHECKSUM Checksum Failure CRC failure on sync for user.igb.routine, trying full update SYNCERROR: guid mismatch user.igb.routine 46708 (890a6db331aaccd8c423bbff598bb81bc3c19146 87fb316dea9c9dbbed691d11759b7b1e000d5487) FETCH received NO response: IMAP_PROTOCOL_BAD_PARAMETERS SYNCNOTICE: failed to prepare update for user.igb.routine: The remote Server(s) denied the operation do_folders(): update failed: user.igb.routine 'The remote Server(s) denied the operation' IOERROR: The remote Server(s) denied the operation Error in do_sync(): bailing out! The remote Server(s) denied the operation The synchronisation continues to do this, making no progress. The clean-up is straightforward: I delete all the files in user.igb.routine on the replica, reconstruct -G -U user.igb.routine on replica, sync_client -m user.igb.routine on the master. It then runs for a few days, and then goes bang again: suggestively, always in the early but not too early hours of the morning. What’s going wrong, and what’s needed to fix it properly? user.igb.routine is the only mailbox I have which both (a) is relatively high traffic and (b) has the expire annotation. My hypothesis (I only have 8 days of searchable logs, so this is n=small) is that the failure happens as we replicate the first message to be delivered to user.igb.routine after 0300. My supposition is that a trap is set by the delivery of a message into user.igb.routine between 0100 and 0300. 3 (the value of the “expire” annotation) days later at 0300, that message is deleted on the replica (as it is >(86400*3) seconds old) but was not deleted on the master (because when expire ran on the master, at 0100, the message was _not_ >(86400*3) seconds old). Something bad happens during the replication run, and bad things then continue to ensue. To test this theory my original thought was to run expire on the slave at the same time it runs on the master, making the race condition much smaller. But I see that in 3.0.8 there is a “-a” flag to cyr_expire which suppresses processing of the expire annotation, which I assume deals with this case. Am I thinking along the right lines? ian Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: CalDav CardDav webmail client ?
Am Freitag, 12. Juni 2020, 09:35:30 CEST schrieb Marco: from my last experiences / knowledge: > Roundcube, is not able to use "external" CardDav/CalDav server But there seem to exist external (commercial?) plugins which allow "manual configurable" client mode (see bottom): https://roundcubeplus.com/tutorials/caldav/creating-caldav-connection some third party developments: https://github.com/christian-putzke/Roundcube-CardDAV https://packagist.org/packages/roundcube/carddav > or Horde Webmail. Horde 4 has it's own CardDAV/CalDAV server implementation wwhich is default. However, it provides usage / connectivity to "special" external IMAP based CardDAV/CalDAV within the Kolab project which is developed on/with cyrus, but still does not provide the new HTTP standards mechs.. "manual client mode": = But Horde is able to "use" CalDAV" als client by "external calendars" over HTTP ressources, but must be manually added / configured to a users account (with ugly manual auth). So this is probably not what you looking for. Would be cool if Horde 4 get Cyrus HTTP support too in the future. cheers, niels. -- --- Niels Dettenbach Syndicat IT & Internet http://www.syndicat.com PGP: https://syndicat.com/pub_key.asc --- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Replication and Deleted Files
On Thu 04 Jun 2020 at 18:57:37, Michael Menge (michael.me...@zdv.uni-tuebingen.de) wrote: > you also need to run cyr_expire on the "new_server" to remove the old expunged mails and deleted folders. Obvious when you try it! Thanks so much. Expired 23 and expunged 7617 out of 289060 messages from 268 mailboxes For some reason I had decided that you only ran cyr_expire on the master, and I was quite emphatic about it some years ago: # expire old stuff: dups 7 days, keep deletions for 3 days # XXX XXX XXX expire does not run on replica, does run on master XXX XXX XXX # expire cmd="cyr_expire -E 7 -X 3 -D 3" at=0100 Thank you again,.,.I shall be back in another 25 years with another query :-) ian Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Replication and Deleted Files
Hi, long-time Cyrus user (25 years, I think), but stumped on this one… I have an ancient Cyrus 2.5.11 on Solaris 11 installation I am trying to migrate off. The strategy is to run rolling replication onto the new server (3.0.8-6+deb10u4 on Debian 10.4), and then point the DNS record at the new server. With Covid, this has become more protracted than I would like, as I don’t want to accidentally mess up users who are isolating, so the replication has been running for some weeks. The replication structure is old-server -> new-server -> (backup1, backup2) where backup1 and backup2 are configured as separate channels on new-server. This has been running seemingly correctly for about three months now. Today I decided to check all was well by using rsync -an to confirm that the replicas have everything that is on the master. They do, in that using rsync -anvO --size-only --exclude='cyrus.*' root@mail:/var/imap/partition1/user/ /var/imap/partition1/user where “mail” is the old server shows that there are no messages missing (—size-only because there’s some time slew in a few places, usually only of a few seconds, but up to a day in others). However, reversing it: rsync -anvO --size-only --exclude='cyrus.*' /var/imap/partition1/user/ root@mail:/var/imap/partition1/user Shows that there are a _lot_ of files on the replicas which are not on the master, some of them relating to recent deletions, but some of them seemingly quite old. I am using: delete_mode: delayed expunge_mode: delayed everywhere, running cyr_expire on the master but not on the replicas. I have enough bandwidth that sync_reset and re-sync is realistic, but I’d rather not have to do that immediately prior to a cut-over. These old files are a worry because if I ever had to reconstruct one of the mailboxes, presumably the deleted (I think) messages would all reappear. Does anyone have any suggestions? Thanks ian Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: imap clients say i have 4K messages but spool has 12894 files
> On Tue, 2020-05-26 at 08:47 -0500, Nic Bernstein wrote: >> >> |expunge_mode:| delayed >> >> The mode in which messages (and their corresponding cache >> entries) are expunged. “semidelayed” mode is the old behavior >> in >> which the message files are purged at the time of the >> EXPUNGE, >> but index and cache records are retained to facilitate >> QRESYNC. >> In “delayed” mode, which is the default since Cyrus 2.5.0, > > So this doesn't apply to my 2.4.17 then does it? How did you install your 2.4.17 server? Because you don't run the latest of the 2.4 series I guess you have installed it from packages? If so it's possible that you distribution uses different configuration than the default, at build time. You should check this. Regards, Simon Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Xapian index not being used for message search in Roundcube
Hi,
Please try disabling the threads or conversación view in Roundcube and repleta
the search,
Cheers!
Egoitz,
> El 24 feb 2020, a las 11:04, "ego...@sarenet.es" escribió:
>
> Hi Simon,
>
> Try selecting the non conversation view before doing the search. It seems
> Roundcube has something weird there… but I could assure you it uses it when
> you set the non-conversation (non thread view). I think really it does even
> there, but perhaps it enter in a non-controlled loop with all the messages of
> the conversations or something similar… I think this is an issue in Roundcube
> rather than in Cyrus… We had this same doubt some time ago,
>
> Cheers,
>
>
>> El 23 feb 2020, a las 23:54, ellie timoney escribió:
>>
>> I don't really understand search in any depth, but it's interesting to
>> observe that, in addition to the different command (SEARCH vs THREAD), those
>> two searches are also using different search criteria ("BODY linux" vs "TEXT
>> linux").
>>
>> It might be informative to try do the SEARCH search with "TEXT linux"
>> instead of "BODY linux", to narrow down whether the difference is due to the
>> use of the SEARCH vs THREAD command, or the use of the "BODY" vs "TEXT"
>> search key?
>>
>> Looking at the source on master, SEARCH and THREAD both seem to be using the
>> same search API, so at a glance it seems like they should both be using
>> Xapian if either is. And looking at the commit dates on those functions, it
>> doesn't look like it's changed substantially since 3.0, at least not at a
>> level I can easily see.
>>
>> I had a quick look at the RFC, and "BODY" searches just the message body,
>> whereas "TEXT" searches both body and headers. So I wonder if the
>> difference is that TEXT needs to open all the message files to read the
>> headers, whereas BODY can just return results straight from the Xapian index?
>>
>> I'm not sure if there's been changes to header searching (like, maybe we
>> index more of the header content?) since 3.0, but this is getting beyond
>> what I know off the cuff or can just casually look up.
>>
>> Anyway, if you could try "UID SEARCH TEXT linux" and see if that's similarly
>> slow to the THREAD version, that would give us a definite pointer in the
>> right direction.
>>
>> Cheers,
>>
>> ellie
>>
>>> On Sun, Feb 23, 2020, at 10:11 PM, Frederik Himpe via Info-cyrus wrote:
>>> I have configured Cyrus 3.0.13 with the Xapian search engine and
>>> enabled search_fuzzy_always. This appears to work fine when I search in
>>> the message body using the Evolution mail client, as I get a response
>>> quickly:
>>>
>>> <1582453709>>> 1582453713>* SEARCH 226927
>>> 226929 226964 226974 226999 227215 227238 [...]
>>> L03163 OK Completed (643
>>> msgs in 0.970 secs)
>>>
>>> However when I search messages using the Roundcube webmail client,
>>> Roundcube does not get a response in time and shows no results. An
>>> strace of the imapd proceess indicates it is STATing, OPENing and
>>> MMAPing all files in the mailbox.
>>>
>>> This is the log:
>>> <1582455581>>> 1582455723>* THREAD
>>> (229566)(229570)(229574)(229599)(229618)(229639)[...]
>>> A0004 OK Completed (157 msgs in 11.340 secs)
>>>
>>> So it appears Roundcube is using a different command to search. Is it
>>> expected that this command does not use the Xapian search engine? Is
>>> there a way to make it use it?
>>>
>>> Some relevant snippets from imapd.conf:
>>> sync_log: on
>>> sync_log_channels: squatter
>>>
>>> conversations: 1
>>> search_engine: xapian
>>> search_index_headers: no
>>> search_batchsize: 8192
>>> search_fuzzy_always: 1
>>> defaultsearchtier: temp
>>> tempsearchpartition-default: /var/lib/cyrus/search.temp
>>> datasearchpartition-default: /var/lib/cyrus/search.data
>>>
>>> cyrus.conf:
>>>
>>> EVENTS {
>>>squatter1 cmd="/usr/bin/nice -n 19 /usr/sbin/cyrus
>>> squatter -z data -t temp,data" at=0517
>>>
>>> }
>>> DAEMON {
>>> squatter cmd="squatter -R"
>>> }
>>>
>>>
>>> Regards,
>>>
>>> --
>>> Frederik Himpe
>>>
>>>
>>> Cyrus Home Page: http://www.cyrusimap.org/
>>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>>> To Unsubscribe:
>>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>>>
>>
>> Cyrus Home Page: http://www.cyrusimap.org/
>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>> To Unsubscribe:
>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>
>
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Xapian index not being used for message search in Roundcube
I have configured Cyrus 3.0.13 with the Xapian search engine and
enabled search_fuzzy_always. This appears to work fine when I search in
the message body using the Evolution mail client, as I get a response
quickly:
<15824537091582453713>* SEARCH 226927
226929 226964 226974 226999 227215 227238 [...]
L03163 OK Completed (643
msgs in 0.970 secs)
However when I search messages using the Roundcube webmail client,
Roundcube does not get a response in time and shows no results. An
strace of the imapd proceess indicates it is STATing, OPENing and
MMAPing all files in the mailbox.
This is the log:
<15824555811582455723>* THREAD
(229566)(229570)(229574)(229599)(229618)(229639)[...]
A0004 OK Completed (157 msgs in 11.340 secs)
So it appears Roundcube is using a different command to search. Is it
expected that this command does not use the Xapian search engine? Is
there a way to make it use it?
Some relevant snippets from imapd.conf:
sync_log: on
sync_log_channels: squatter
conversations: 1
search_engine: xapian
search_index_headers: no
search_batchsize: 8192
search_fuzzy_always: 1
defaultsearchtier: temp
tempsearchpartition-default: /var/lib/cyrus/search.temp
datasearchpartition-default: /var/lib/cyrus/search.data
cyrus.conf:
EVENTS {
squatter1 cmd="/usr/bin/nice -n 19 /usr/sbin/cyrus squatter -z
data -t temp,data" at=0517
}
DAEMON {
squatter cmd="squatter -R"
}
Regards,
--
Frederik Himpe
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyrus murder environment and http proxy?
Thanks for the help, I'll give it another try in a couple of days, and if it didn't workout, I might go for the same solution or try nginx. Regards. KMK On Tuesday, February 18, 2020, 6:09:28 PM GMT+5, Jean-Christophe Delaye wrote: On 2020-02-17 12:17, Khalid Mehmood Khan via Info-cyrus wrote: > Hi! > > Does http proxy work in a cyrus murder environment? I keep getting ""PUT > /dav/addressbooks/user/testuser/6ecc0a66-74a1412-1581679269354-210887/ef37977290d43113e709f68848aa9a8a5ff8a24f.vcf > HTTP/1.1" (if-none-match=*) => "HTTP/1.1 403 Forbidden"" on the frontend > while trying to add an entry into addressbook/calendar. The log on backend > gives the the follwoing error. > "Cyrus-SASL/2.1.27 OpenSSL/1.1 Nghttp2/1.33.0 Zlib/1.2.11 LibXML/2.9.7 > SQLite/3.26.0 LibiCal/3.0 ICU4C/60.3 Jansson/2.11"; "OPTIONS * HTTP/1.1" => > "HTTP/1.1 401 Unauthorized" (error=Authentication failed)" > In a discrete murder setup the frontend and backend both use > "http_sasl_mech_list: PLAIN" in imapd.conf. > > I'm running the latest stable version of cyrus-imapd 3.0.13. I had the same issue and posted it to the list (last April 2019) but can't solve the problem. I removed http services from cyrus murder and put them on a standalone server. Regards. > > Thanks. > > Regards. > > KMK > > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
cyrus murder environment and http proxy?
Hi! Does http proxy work in a cyrus murder environment? I keep getting ""PUT /dav/addressbooks/user/testuser/6ecc0a66-74a1412-1581679269354-210887/ef37977290d43113e709f68848aa9a8a5ff8a24f.vcf HTTP/1.1" (if-none-match=*) => "HTTP/1.1 403 Forbidden"" on the frontend while trying to add an entry into addressbook/calendar. The log on backend gives the the follwoing error. "Cyrus-SASL/2.1.27 OpenSSL/1.1 Nghttp2/1.33.0 Zlib/1.2.11 LibXML/2.9.7 SQLite/3.26.0 LibiCal/3.0 ICU4C/60.3 Jansson/2.11"; "OPTIONS * HTTP/1.1" => "HTTP/1.1 401 Unauthorized" (error=Authentication failed)" In a discrete murder setup the frontend and backend both use "http_sasl_mech_list: PLAIN" in imapd.conf. I'm running the latest stable version of cyrus-imapd 3.0.13. Thanks. Regards. KMK Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Database upgrade and Xapian version dependency
Hi Robert :) Thanks a lot for your answer mate :) :) Very thankful :) :) I think for the moment we’ll stay in the 1.4…. this is not going to be a big problem… And about versions… it would be fine if Ellie could told… but I assume there’s no problem with that due to not having database upgrades of mailboxes at least… so I assume quota and reconstruct won’t be needed… the conversations… I’ll take a look at them… to see if some important changes have happen… but I suppose there have not really existed… Bye !! :) > El 28 ene 2020, a las 10:37, Robert Stepanek escribió: > > On Mon, Jan 27, 2020, at 9:51 AM, Egoitz Aurrekoetxea via Info-cyrus wrote: >> Just for having it slightly clearer… When you upgrade the Cyrus version and >> the version you are upgrading to is a too close one… for instance from 3.0.8 >> to 3.0.13 and you see the Cyrus version is the same for users mail folders, >> 13 in both… is it needed to launch (or recommended for some reason) the >> final upgrade commands : >> >> reconstruct -V max >> ctl_conversationsdb -b -r >> quota -f > > I'm not sure. Perhaps @ellie could answer that? > >> By the way, does exist any kind of Xapian needed version for the last 3.0.13 >> version?. I’m running Xapian 1.4.9, it’s pretty new… > > One feature that's missing in Xapian 1.4 is improved support for Chinese and > Japanese snippet generation. If you don't need that, you should be fine with > 1.4. Otherwise I suggest to use either Xapian upstream master, or our > cyruslibs copy at https://github.com/cyrusimap/cyruslibs > <https://github.com/cyrusimap/cyruslibs> > > Cheers, > Robert > > > Cyrus Home Page: http://www.cyrusimap.org/ <http://www.cyrusimap.org/> > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > <http://lists.andrew.cmu.edu/pipermail/info-cyrus/> > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > <https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus> Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Database upgrade and Xapian version dependency
Hi!, Just for having it slightly clearer… When you upgrade the Cyrus version and the version you are upgrading to is a too close one… for instance from 3.0.8 to 3.0.13 and you see the Cyrus version is the same for users mail folders, 13 in both… is it needed to launch (or recommended for some reason) the final upgrade commands : reconstruct -V max ctl_conversationsdb -b -r quota -f Or perhaps in the release notes should be seen they are needed due to a database upgrade possibility?. By the way, does exist any kind of Xapian needed version for the last 3.0.13 version?. I’m running Xapian 1.4.9, it’s pretty new… Thanks a lot mates! Bye! Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Question about squatter for Xapian
Hi!! Thank you so much Rob!! I will launch it this weekend :) :) Cheers! > El 23 ene 2020, a las 23:04, Rob N ★ escribió: > > On Fri, 24 Jan 2020, at 4:38 AM, ego...@sarenet.es <mailto:ego...@sarenet.es> > wrote: >> - Does it regenerate all mailboxes indexes?. Just the non-indexed emails?. I >> assume it should be extremely slow… so could this be launched?. Could you >> advise me please, if another way is preferred? > > Normally, just the non-indexed emails. > > squatter -i (incremental) should be all you need to fill the gaps in your > index. > > Obviously how long it takes depends on how much mail has arrived and how good > your disks are, but for 12 hours worth I wouldn't expect more than a couple > of hours to fill the gaps. > >> - I assume not, but as we move records between Xapian tiers nightly… if the >> Squatter launched by me, by hand (for those non indexed emails), runs at the >> same time as this between tiers movement of records or at the same time too >> as the rolling mode squatter (-R) could one squatter process interfere in >> the job of the other instance of squatter?. > > It's ok to run them all at the same time. Cyrus has appropriate locks to make > sure that Xapian updates and repacks don't get in each others' way. > > Rob N. > > Cyrus Home Page: http://www.cyrusimap.org/ <http://www.cyrusimap.org/> > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > <http://lists.andrew.cmu.edu/pipermail/info-cyrus/> > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > <https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus> Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Fwd: Help putting cyrus on Docker
Am Dienstag, 14. Januar 2020, 16:47:52 CET schrieb Fabio Montefuscolo: > I'm trying to build a simple docker image based on CentOS 8, which brings > cyrus-imapd 3.0.7. I'm having troubles to authenticate on cyrus imap > service for unknown reasons. There is no syslog facility working inside > the centos image, so I don't have logs. The final idea is deploy this > image in a kubernetes cluster. The Dockerfile I'm using is > https://github.com/fabiomontefuscolo/docker-cyrusimapd > > When I jump into console and try to use cyradm, I get 2 password fields to > fulfill and at the ent, that doesn't work as far as i can read in that dockerfile on a first view, it does only install dependencies and "activating" SSL/TLS, but lacks any kind of further required configuration for cyrus auth etc. the flexibility and complexity of cyrus installations are not easy to "capsule" into a docker file or reciept for a "common usage". depending on what kind of authentication subsystem (i.e. mysql, pam, ldap, pam_mysql, sasl, saslauthd (with pam or other "backend") you want to use or even active AD or others you have to configure that by hand (or extend that docker file). a typical "easy" way is using saslauthd with -s pam to "simply" use pam authentication. hth, niels. -- --- Niels Dettenbach Syndicat IT & Internet http://www.syndicat.com PGP: https://syndicat.com/pub_key.asc --- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Transfer existing quotas to new cyrus imap service
We are transferring an existing cyrus-imapd 3.0.11 mailstore to another host also running cyrus-imapd 3.0.11. I cannot find any documentation on how one transfers user quotas. Can someone provide me with the link to the documentation or explain how it is done? Thanks, -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: django-cyradm
On 12.12.2019 21.26, Niels Dettenbach wrote: Am Donnerstag, 12. Dezember 2019, 21:06:46 CET schrieb Jesper Schmitz Mouridsen via Info-cyrus: It has self service support. The system has 3 roles "admin","domain admin" and "account user". If you are interested take a look at sounds very interesting - i planned to write a similiar open source product (after the very flexible web-cyradm was very outdated) - but with exim / pam_mysql (should be similiar) and reserved some spare time over christmas and january for it... After planning with django years ago, my current plan was to use flask or similiar more light, because installation of django (compared to the old LAMP based web-cyradm) is more difficult for many users / impossible in some typical mass hosting environments and easier to maintain in regards of security over longer timespan (django typically needs security updates several times a year from what i experienced with it in other projects). And with flask it is (at least by my intention so far...) more easy to use it on i.e. embedded hardware or "small email servers" with a DevOps like software / "firmware" management. I very like the very intelligent (because it allows very flexible email configs as MTA integrations) database design of web_cyradm. While i've not found a way to easily "reuse" that existing database structure (or "rebuilt" it with the django DB subsystem) in flask is has to be done by hand - so "no prob" at this edge for me. But will definitely check it - and (if interested) contribute (where it may makes sense). it may possibly still is a nice base or working solution for what i'm looking for (saving me time to write something complete byself) and if flask or so is still an option, the similiar concept should allow to "reuse" at least the more fiddely python code from a django project. is there any public "main" repo of the project? https://github.com/jsm222/django-cyradm/ many thanks for your time and posting, niels. ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: django-cyradm
Am Donnerstag, 12. Dezember 2019, 21:06:46 CET schrieb Jesper Schmitz Mouridsen via Info-cyrus: > It has self service support. The system has 3 roles "admin","domain > admin" and "account user". > > If you are interested take a look at sounds very interesting - i planned to write a similiar open source product (after the very flexible web-cyradm was very outdated) - but with exim / pam_mysql (should be similiar) and reserved some spare time over christmas and january for it... After planning with django years ago, my current plan was to use flask or similiar more light, because installation of django (compared to the old LAMP based web-cyradm) is more difficult for many users / impossible in some typical mass hosting environments and easier to maintain in regards of security over longer timespan (django typically needs security updates several times a year from what i experienced with it in other projects). And with flask it is (at least by my intention so far...) more easy to use it on i.e. embedded hardware or "small email servers" with a DevOps like software / "firmware" management. I very like the very intelligent (because it allows very flexible email configs as MTA integrations) database design of web_cyradm. While i've not found a way to easily "reuse" that existing database structure (or "rebuilt" it with the django DB subsystem) in flask is has to be done by hand - so "no prob" at this edge for me. But will definitely check it - and (if interested) contribute (where it may makes sense). it may possibly still is a nice base or working solution for what i'm looking for (saving me time to write something complete byself) and if flask or so is still an option, the similiar concept should allow to "reuse" at least the more fiddely python code from a django project. is there any public "main" repo of the project? many thanks for your time and posting, niels. -- --- Niels Dettenbach Syndicat IT & Internet http://www.syndicat.com PGP: https://syndicat.com/pub_key.asc --- signature.asc Description: This is a digitally signed message part. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
django-cyradm
Hi cyrus list. (This email contains self promotion of a cyrus/imap related piece of software..) I wrote some years ago (and recently updated) a small django application for cyrus and postfix, with database lookup tables. It has self service support. The system has 3 roles "admin","domain admin" and "account user". If you are interested take a look at https://djcyradm.schmitz.computer Kind regards Jesper Schmitz Mouridsen Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: IMAP over SSL (only) handshake hangs
On 03/12/19 14:13, Raphaël Halimi wrote: Le 11/11/2019 à 13:53, Helder Guerreiro via Info-cyrus a écrit : It happened again, the entropy available never got bellow 3600 (logged it every minute or so). Is Cyrus installed in a VM ? It's not. I had the same problem after upgrading Debian from 9 to 10, on some virtual servers, with OpenSSH and OpenVPN. I solved the problem by adding a virtual random number generator on those virtual machines. Here's the XML to add for libvirt/QEMU: I've installed haveged, same results. However if I use STARTTLS everything runs fine... As a workaround I did just that. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Cyrus 3, automation and master-master replication and mailbox movement
Good morning, I have been checking how could we manage for automating master -> slave and slave->master transition. I though one possibility could be having both servers configured in master mode with each being replicating to the other one. I know this was some time ago unsupported and have tried if it worked now in a testing env but it seems it fails too… Could any Cyrus guru confirm that really this does not work (just for avoiding driving myself crazy trying to find the config issue)?. By the way, I’m in progress too of automating mailbox movements… from partition, from server… I had a question about renaming mailboxes for moving from cyrus partition… as a safety measure, prior to launch a renm operation (renm user/a...@bb.es <mailto:user/a...@bb.es> user/a...@bb.es <mailto:user/a...@bb.es> different-partition) we block any kind of access to that mailbox (even mail delivering)… and I was wondering if that is really necessary nowadays…. or does Cyrus hold that locks by it’s own?. I mean does Cyrus take care by it’s own, of avoiding mailbox corruption due to a renm mailbox to a different partition?. Just one more question… when we move a mailbox from a partition (a renm to different partition) to another one… we usually do : - stop replication between master/slave (as a safety measure for having a very last “fall back” if the renm goes wrong). You know, promoting the slave to master would have the mailbox of the failed renaming operation properly... - renm in the master - after successful rename, delete from the slave the mailboxes - sync each of the master mailboxes to the slave… this way among other things, the removed mailboxes in the slave (the dm is done in the slave for causing mailboxes to be resynced again from the master to the slave to it’s new location in the slave) - start replication again… Are all this steps really necessary?. What do you think about it?. Best regards, Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: [Help] Cyrus 2.4.17 segfault
> Hello, > > we are experiencing a strange problem on cyrus-imapd 2.4.17. > > An user user/a has full ACL to another mailbox user/b. When the user/a > SELECT a folder on user/b where he has access the imap process crashes. > > $ telnet cyrus.example.com 143 > Trying 10.10.10.10 ... > Connected to cyrus.example.com. > Escape character is '^]'. > * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE AUTH=PLAIN SASL-IR] > cyrus.example.com Cyrus IMAP v2.4.17-Invoca-RPM-2.4.17-6.el6 server ready > a authenticate plain dsfrrFwaWNlQGNzaS5pdABveGN5cnVzAENdfsdfMx > a OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA > MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN > MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ > SORT=DISPLAY THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE > LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY > X-NETSCAPE LOGINDISABLED COMPRESS=DEFLATE IDLE] Success (no protection) > SESSIONID= > a SELECT "user/b/SOME THINGS/WATER" > Connection closed by foreign host. > > > Could you suggest me some way to resolve this problem? I don't know but if it's a bug then it's probably solved in current version 2.4.20. Simon ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: IMAP over SSL (only) handshake hangs
On 10/11/19 00:19, Helder Guerreiro via Info-cyrus wrote: On 09/11/2019 23.34, Patrick Boutilier wrote: Almost sounds like you are running out of entropy. What does this show? cat /proc/sys/kernel/random/entropy_avail Right now it's at 3769 bytes. I'll monitor this. It happened again, the entropy available never got bellow 3600 (logged it every minute or so). Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: IMAP over SSL (only) handshake hangs
On 09/11/2019 23.34, Patrick Boutilier wrote: Almost sounds like you are running out of entropy. What does this show? cat /proc/sys/kernel/random/entropy_avail Right now it's at 3769 bytes. I'll monitor this. Note that STARTTLS works fine. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: IMAP over SSL (only) handshake hangs
ade4 ctl_cyrusdb[25699]: recovering cyrus databases Jan 13 11:07:55 blade4 ctl_cyrusdb[25699]: skiplist: checkpointed /email/lib/cyrus/mailboxes.db (477 records, 60868 bytes) in 0 seconds Jan 13 11:07:55 blade4 ctl_cyrusdb[25699]: skiplist: checkpointed /email/lib/cyrus/annotations.db (0 records, 144 bytes) in 0 seconds Jan 13 11:07:55 blade4 ctl_cyrusdb[25699]: done recovering cyrus databases Jan 13 11:07:55 blade4 master[26043]: about to exec /usr/lib64/cyrus/idled Jan 13 11:07:55 blade4 master[25695]: unable to setsocketopt(IP_TOS): Operation not supported Jan 13 11:07:55 blade4 master[25695]: ready for work Jan 13 11:07:55 blade4 master[26046]: about to exec /usr/lib64/cyrus/ctl_deliver Jan 13 11:07:55 blade4 master[26047]: about to exec /usr/lib64/cyrus/ctl_cyrusdb Jan 13 11:07:55 blade4 master[26045]: about to exec /usr/lib64/cyrus/tls_prune Jan 13 11:07:56 blade4 cyr_expire[26046]: SQL backend defaulting to engine 'sqlite' Jan 13 11:07:56 blade4 ctl_cyrusdb[26047]: SQL backend defaulting to engine 'sqlite' Jan 13 11:07:56 blade4 ctl_cyrusdb[26047]: checkpointing cyrus databases Jan 13 11:07:56 blade4 ctl_cyrusdb[26047]: archiving database file: /email/lib/cyrus/mailboxes.db Jan 13 11:07:56 blade4 tls_prune[26045]: SQL backend defaulting to engine 'sqlite' Jan 13 11:07:56 blade4 idled[26044]: SQL backend defaulting to engine 'sqlite' Jan 13 11:07:56 blade4 ctl_cyrusdb[26047]: archiving database file: /email/lib/cyrus/annotations.db Jan 13 11:07:56 blade4 ctl_cyrusdb[26047]: done checkpointing cyrus databases Jan 13 11:07:56 blade4 master[25695]: process 26047 exited, status 0 Jan 13 11:07:56 blade4 tls_prune[26045]: skiplist: checkpointed /email/lib/cyrus/tls_sessions.db (1 record, 324 bytes) in 0 seconds Jan 13 11:07:56 blade4 tls_prune[26045]: tls_prune: purged 0 out of 1 entries Jan 13 11:07:56 blade4 master[25695]: process 26045 exited, status 0 Jan 13 11:07:56 blade4 cyr_expire[26046]: skiplist: checkpointed /email/lib/cyrus/deliver.db (800 records, 120752 bytes) in 0 seconds Jan 13 11:07:59 blade4 cyr_expire[26046]: Expunged 0 out of 475379 messages from 477 mailboxes Jan 13 11:07:59 blade4 cyr_expire[26046]: duplicate_prune: pruning back 3.00 days Jan 13 11:07:59 blade4 cyr_expire[26046]: duplicate_prune: purged 0 out of 800 entries Jan 13 11:07:59 blade4 cyr_expire[26046]: DIGEST-MD5 common mech free Jan 13 11:07:59 blade4 master[25695]: process 26046 exited, status 0 Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Cyrus-3.0 getting rid of old message files
What does one do to permanently remove from the file system old
messages. In cyrus.conf I have this:
postmastercmd="ipurge -X -f -d 8 user/postmaster/delivery" at=0420
delprune cmd="cyr_expire -D 180d -E 3d -X 180d" at=0400
cyradm info shows this:
info
{Server Wide}
private:
admin: NIL
comment: NIL
expire: NIL
squat: NIL
usercounters: 0 0 0 0 0 0 0 0 0 0 0
usermodseq: 0
shared:
admin: NIL
comment: NIL
motd: NIL
expire: NIL
freespace: 68182048
most: 68182048;192015872
total: 68182048;192015872
shutdown: NIL
squat: NIL
When I go to the user mailbox
(/var/spool/imap/p/user/postmaster/delivery) I see messages from
December 2018 and earlier.
When I check the maillog I see this:
# grep cyr_expire /var/log/maillog | grep postmaster
Oct 9 05:46:14 inet17 CYRUS/cyr_expire[21667]: mailbox: longlock
user.postmaster.investigate for 2.3 seconds
Oct 9 05:46:16 inet17 CYRUS/cyr_expire[21667]: mailbox: longlock
user.postmaster.mailinglists for 1.2 seconds
Oct 9 05:46:19 inet17 CYRUS/cyr_expire[21667]: mailbox: longlock
user.postmaster.spamno for 1.3 seconds
What I do not see is anything being expunged for the postmaster.
cyr_expire is running as I see this in the maillog:
inet17 CYRUS/cyr_expire[21667]: Expired 0 and expunged 2055 out of
744420 messages from 2500 mailboxes
I want messages that are deleted and that are older than 180 days gone
from the file system entirely. I would like to know why is this not
happening? And, I would like to know how do I make it happen? What
setting or settings am I missing?
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrnemailto:byrn...@harte-lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: strange sort order of these emails
Hi Gabriele, I suggest you send the actual headers of both emails here as plain text in the body of the email, as people may not want to open attachments from unknown sources. Also it's easier to analyze and reply this way. Regards, Anatoli On 26/9/19 11:52, Gabriele Bulfon wrote: > Hello, > someone received these two emails in the inbox, but strangely sorting by > date descending was showing them swapped (they have same date but > different hour). > I did not beleive my eyes, so I downloaded the two eml files and > uploaded them into a cyrus folder of mine, on another server. > Same effect: the SORT command with descending DATE, will always returns > indexes in swapped order, so the one at 3am is before the one at 9am. > > I looked at all the headers but didn't find anything strange. > Cyrus is version 2.5.11. > Any idea?! > Thanks! > Gabriele > > > *Sonicle S.r.l. *: http://www.sonicle.com <http://www.sonicle.com/> > *Music: *http://www.gabrielebulfon.com <http://www.gabrielebulfon.com/> > *Quantum Mechanics : *http://www.cdbaby.com/cd/gabrielebulfon > > > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: sieve filter based on utf-8 encoded text part of address
Hi Pete,
I guess the 'address' test command matches only the actual address, not
the description. In your example it would match "my@address".
I suggest you check
https://www.cyrusimap.org/imap/reference/admin/sieve.html and
https://thsmi.github.io/sieve-reference/en/index.html.
Regards,
Anatoli
On 30/9/19 08:12, Hans-Peter Jansen wrote:
> Hi,
>
> I try to filter based on the text part of an utf-8 encoded address, but the
> string matches neither decoded nor encoded.
>
> This is a periodic mail from one of a couple of different routers, where only
> the text part defines a useful origin:
>
> From: "=?UTF-8?B?RlJJVFohQm94IDc0OTAgU0ZK?="
>
> which decodes to:
>
> FRITZ!Box 7490 SFJ
>
> sieve filter script except:
>
> ; my requirements
> require ["fileinto", "reject", "regex", "vacation"];
>
> ; the filter rule
> if address :contains "From" [
> "FRITZ!Box 7490 SFJ",
> "=?UTF-8?B?RlJJVFohQm94IDc0OTAgU0ZK?="
> ] {
> fileinto "INBOX.some.folder";
> stop;
> }
>
> How do I do this correctly?
>
> Thanks in advance,
> Pete
>
>
>
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Cyrus 2.5.11 default domain on auth
On 05.08.2019 10:26, Gabriele Bulfon wrote: Thanks. So this means that default domain is not treated as a virutal domain mailbox. What I want to achieve is: - if the user try to authenticate with name.lastn...@domain.com <mailto:name.lastn...@domain.com> , get into the specific user/name.lastn...@domain.com mailbox - if the user try to authenticate with name.lastname, authenticate against a default domain defdomain.com, and if it's correct, get into the specific user/name.lastn...@defdomain.com How can I do this? As far as I understand, this is impossible. You can try to transfer information about the boxes and the boxes themselves from the places where you have it now, to the place where the default domain should be. After that, run reconstruct. But I'm not completely sure. Gabriele *Sonicle S.r.l. *: http://www.sonicle.com <http://www.sonicle.com/> *Music: *http://www.gabrielebulfon.com <http://www.gabrielebulfon.com/> *Quantum Mechanics : *http://www.cdbaby.com/cd/gabrielebulfon *Da:* Eugene V. Boontseff *A:* Gabriele Bulfon *Data:* 3 agosto 2019 17.54.36 CEST *Oggetto:* Re: Cyrus 2.5.11 default domain on auth On 31.07.2019 11:42, Gabriele Bulfon wrote: If I try adding defaultdomain, what happens is that authentication works both with and without specifying domain, but then you're not on your normal inbox of user/name.lastn...@domain.com but somewhere else strange, a SELECT INBOX returns mailbox not found. What's wrong? How can I achieve my goal? Default domain mailboxes look like this: user/name.lastname Thanks! Gabriele -- Eugene Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus -- Eugene Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: is it safe to manually remove DELETED folders ?
good point ! thanks On 07/31/2019 12:57 PM, Sebastian Hagedorn wrote: To be honest, I'm not sure. But the output of "cyradm lm" depends on the user you're logged in as, whereas ctl_mboxlist always dumps all mailboxes. That's why I feel it is more reliable. Am 30.07.19 um 16:05 Uhr schrieb Chentao Credungtao: Out of curiosity : does your answer imply that in some cases some mailboxes will show with ctl_mboxlist, but not with cyradm lm ? In which case ? On 07/30/2019 02:32 PM, Sebastian Hagedorn wrote: You shpuld check the output of ctl_mboxlist -d Only if the DELETED mailbox(es) aren't included there is it safe to just remove them. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: is it safe to manually remove DELETED folders ?
Thanks. And done (they weren't included), Out of curiosity : does your answer imply that in some cases some mailboxes will show with ctl_mboxlist, but not with cyradm lm ? In which case ? On 07/30/2019 02:32 PM, Sebastian Hagedorn wrote: You shpuld check the output of ctl_mboxlist -d Only if the DELETED mailbox(es) aren't included there is it safe to just remove them. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
is it safe to manually remove DELETED folders ?
Hello My main question : is it safe to manually remove (rm -rf) a folder like?? /domain/e/example.net/*u/DELETED/user/someuser/Trash/INBOX/5BCA0EB9* ? The folder doesn't show with cyradm ??? listmailboxes. As a side question, and out of curiosity : any idea how come a DELETED folder doesn't show with cyradm ??? listmailboxes ? I know exactly what happened, October last year our webmail (SOGo) had a bug (fixed since) : when a user pressed on without selecting an e-mail, the whole INBOX ended up in trash. So I'm not surprise to have this /u/DELETED/user/someuser/Trash/INBOX/5BCA0EB9 folder, what surprises me is that it's not listed with cyradm (other DELETED folders _are_ listed with cyradm > lm DELETED*). Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
how to list all mailboxes having a specific annotation ?
Hi, For some mailboxes, I set the "squat" annotation to "false". But I can't remember on which mailboxes I did that... Is there a way to list all mailboxes having that annotation set to false ? Thanks Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Questions about user mode sync_client (move mailboxes from one server to another) and mailbox moving from partition (moving from partition in same server, renaming) lock
Hi Sebastian, Thanks a lot for your comments. But that, anyway, won't assure no mailbox access would exist in the middle of the rename... I think there should not be problems due that the function mboxlist_renamemailbox() does a mailbox_open_iwl() which finally checks if the mailbox is locked and then locks it. Anyway, if none of the gurus of Cyrus sais it... I would read more deeply the code (for ensuring) and will do some checks in testing env Thanks a lot Sebastian :) Cheers El 2019-05-23 19:28, Sebastian Hagedorn escribió: > Hi, > >> Our Cyrus machines (Cyrus 3.0.8), usually have 3 mailbox partitions. >> Sometimes, one of them becomes highly filled so we usually perform a >> mailbox rename to another partition of the same server. For that >> purpose, we normally lock at our proxy barrier any access to the mailbox >> (we do play with Nginx authentication, Postfix hold and so). Is it >> really needed to lock that way the mailbox, at some "external to Cyrus >> level," in order to avoid mailbox corruption?. Or does Cyrus handle that >> properly?. Does Cyrus exclusively lock and after done, unlock again?. > > I can only answer that part of the question. We have been doing it like that > (without blocking access from the outside) for years, but we're still on > Cyrus 2.4. We only make sure there are no active processes by the user before > starting the RENAME, and we do it at night. There haven't been any problems > with that approach. > -- > Sebastian Hagedorn - Weyertal 121, Zimmer 2.02 > Regionales Rechenzentrum (RRZK) > Universität zu Köln / Cologne University - Tel. +49-221-470-89578---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Questions about user mode sync_client (move mailboxes from one server to another) and mailbox moving from partition (moving from partition in same server, renaming) lock
Good afternoon, Our Cyrus machines (Cyrus 3.0.8), usually have 3 mailbox partitions. Sometimes, one of them becomes highly filled so we usually perform a mailbox rename to another partition of the same server. For that purpose, we normally lock at our proxy barrier any access to the mailbox (we do play with Nginx authentication, Postfix hold and so). Is it really needed to lock that way the mailbox, at some "external to Cyrus level," in order to avoid mailbox corruption?. Or does Cyrus handle that properly?. Does Cyrus exclusively lock and after done, unlock again?. Have been taking a look at mboxlist_renamemailbox() and seemed so. Have noticed too, that it seems that partition rename operation from and to the same server but different parition at least, is not being inserted in the rolling mode lock.. is this a new security measure for avoiding accidents with the rename?. Always I have done a mailbox rename previously (Cyrus 2.3.X), have stopped the master/slave replication, done the rename in the master and later if all ended fine... launched in the slave a dm of the "in the master renamed mailbox" and a sync_client -u from the master for the mailbox to be copied to the appropiate partition in the slave. My other question is.. with the new replication method (imap based and so...), can I do a user mode sync_client from a mailbox, to another server acting as a master?. I mean, in the following scenario : Server A (master) => Server B (slave) Server C (master) => Server D (slave) The a...@bbb.net mailbox is in A server. I want to move the mailbox from A=>B couple of master/slave server to C=>D couple of mater/slave. I launch a "sync_client -v -u a...@bbb.net -S C -p partition3" in server A. Server C, has sync_log_chain enabled. Would that mailbox be replicated in C=>D couple (to both from A to C and from C to D) and been able to be accesible in C?. If so, does any kind of drawback exist in having always sync_log_chain enabled?... else for this kind of movement seems to be useful.. But thinking about it... if C is master... is it really needed that sync_log_chain config statement in that case or it would just be necessary (as I think), for replicating in the following scenario only?. Server 1 (master) -> Server 2 (slave) -> Server 3 (slave) So, not needed when (there's a master in the middle) : Server 1 (master) -> Server 2 (master) -> Server 3 (slave) perhaps as in https://www.cyrusimap.org/imap/reference/admin/sop/replication.html can be read?. Thank you so much for your time, Best regards, Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Purging old email files from Cyrus-IMAPD v.3.0.9 on FreeBSD-12.0
On Thu, May 16, 2019 11:00, Savvas Karagiannidis wrote: > Hi James, > the command that performs the actual removal of the files from the > file system is cyr_expire > <https://www.cyrusimap.org/imap/reference/manpages/systemcommands/cyr_expire.html> > According to your cyrus.conf and the manual of cyr_expire, the > operation is performed daily at 04:00. The command is executed > by the main cyrus process, so you don't have to do anything > else manually... > The parameters -D 180d and -X 180d specify that only mailboxes and > messages that are at least 180 days old will be deleted. > > When cyr_expire is executed you should see a line in your log file > like these: > Thanks. I have a question though. If expunge == purge then why does the documentation distinguish between them? When is What ... Deleted, Expired, Expunged or Purged? https://www.cyrusimap.org/imap/reference/faqs/o-deleted-expired-expunged-purged.html Expunged The message (which has been flagged as \Deleted) is also expunged, meaning that the user can in no way retrieve the message autonomously. Purged The messages index record may still exist (until they are expired), but the message file is removed from the filesystem, or in the context of folders, the mail folder is removed from the filesystem. This is what has me confused. Regards, -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Vacation sieve scripts not working
Am Donnerstag, 16. Mai 2019, 11:49:55 CEST schrieb Sylvain: > For example, this one will never send vacation messages to sender : > require ["vacation"]; > vacation :days 1 :subject "OUTOFTHEOFFICE" "I AM OUT OF THE OFFICE"; ...if i remember correctly, Cyrus expects (at least in some setups) recipient addresses within SIEVE vacation scripts to "react". Could you try to set this for test? best regards, niels. -- --- Niels Dettenbach Syndicat IT & Internet http://www.syndicat.com PGP: https://syndicat.com/pub_key.asc --- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Purging old email files from Cyrus-IMAPD v.3.0.9 on FreeBSD-12.0
We converted from v.2.0.? to v.3.0.? last year. We accepted the
default settings for delete/expunge. Now we have suspicions that
deleted and expunged email is not actually being deleted from the file
system and the space recovered.
Looking at the man page for cyr_expire I see this:
The expiration of messages is controlled by the
/vendor/cmu/cyrus-imapd/expire mailbox annotation
which specifies the age (in days) of messages in
the given mailbox that should be deleted. A value
of 0 means that no expiration is to be performed
on that mailbox.
The value of the /vendor/cmu/cyrus-imapd/expire
annotation is inherited by all children of the mailbox
on which it is set, so an entire mailbox tree can be
configured by setting a single annotation on the root of
that tree. If a mailbox does not have a
/vendor/cmu/cyrus-imapd/expire annotation set on it
(or does not inherit one), then no messages are expired
from the mailbox.
The annotation can be examined using the info command
of cyradm(8), and modified using the mboxconfig and setinfo
commands of cyradm(8).
The following is a representative user mailbox on our server:
info user/usrname
{user/usrname}:
private:
check: NIL
checkperiod: NIL
comment: NIL
sort: NIL
specialuse: NIL
thread: NIL
expire: NIL
news2mail: NIL
sieve: NIL
squat: NIL
shared:
check: NIL
checkperiod: NIL
comment: NIL
sort: NIL
specialuse: NIL
thread: NIL
annotsize: 0
duplicatedeliver: false
expire: NIL
lastpop: NIL
lastupdate: 15-May-2019 04:16:08 -0400
news2mail: NIL
partition: default
pop3newuidl: true
pop3showafter: NIL
sharedseen: false
sieve: NIL
size: 2105288
squat: NIL
synccrcs: 1325519995 0
uniqueid: 6bcd81f457596d11
Our cyrus.conf file has this:
delprune cmd="cyr_expire -D 180d -E 3d -X 180d" at=0400
My question is: When are message files actually removed from our
server's the file system and the space recovered? Is there a setting
or utility option required to perform this action / accomplish this
result? How does one verify the removal?
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrnemailto:byrn...@harte-lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
ipurge seg fault and core dump
Cyrus Imapd 3.0.8 on FreeBSD-12.0p3 We are obtaining these error messages on a regular basis: Mar 25 04:20:00 inet17 kernel: pid 39793 (ipurge), uid 60: exited on signal 11 (core dumped) Mar 25 04:20:00 inet17 CYRUS/master[56223]: process type:EVENT name:postmaster path:/usr/local/cyrus/sbin/ipurge age:0.092s pid:39793 signaled to death by signal 11 (Segmentation fault, core dumped) Mar 25 04:20:01 inet17 kernel: pid 39724 (ipurge), uid 60: exited on signal 11 (core dumped) Mar 25 04:20:01 inet17 CYRUS/master[56223]: process type:EVENT name:sysadmin path:/usr/local/cyrus/sbin/ipurge age:1.091s pid:39724 signaled to death by signal 11 (Segmentation fault, core dumped) Mar 25 04:20:02 inet17 kernel: pid 39619 (ipurge), uid 60: exited on signal 11 (core dumped) Mar 25 04:20:02 inet17 CYRUS/master[56223]: process type:EVENT name:sysadminroot path:/usr/local/cyrus/sbin/ipurge age:2.135s pid:39619 signaled to death by signal 11 (Segmentation fault, core dumped) Does anyone know what would cause this behaviour? -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyrus-imapd build dependencies
Ken, Ellie, Thanks for the information. Ellie, I see that #2100 has everything to be merged, hasn't it? What's blocking it? Regards, Anatoli *From:* Ellie Timoney *Sent:* Tuesday, March 19, 2019 03:29 *To:* Info-cyrus *Subject:* Re: cyrus-imapd build dependencies On Tue, Mar 19, 2019, at 3:39 PM, Anatoli via Info-cyrus wrote: > The Cyrus httpd provides DAV services (which use the HTTP protocol). If you want the Cyrus httpd to support HTTP/2, you will need libnghttp2. Otherwise it will only support HTTP/1. Always wanted to ask what the nghttp2 dependency was for. From what you say I infer that it's only needed for HTTP/2. But what DAV service could benefit from this? Are there DAV clients that know HTTP/2? No idea, but it's there if you want it! Speculating wildly, it might be useful for JMAP? And speaking about the SNMP agent, are there any plans to complete the transfer of its code from the master process to an independent daemon, issue #1765 <https://github.com/cyrusimap/cyrus-imapd/issues/1765>? (It needs to be moved out to implement efficient chroot) It's more likely to disappear entirely (see https://github.com/cyrusimap/cyrus-imapd/pull/2100) in favour of Prometheus (which is more powerful, more flexible, more human-readable, and is actually used by Fastmail -- and therefore more tested). But it won't disappear from a stable branch, so it won't be a surprise when it does. Cheers, ellie Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyrus-imapd build dependencies
Hi Ellie, > The Cyrus httpd provides DAV services (which use the HTTP protocol). If you want the Cyrus httpd to support HTTP/2, you will need libnghttp2. Otherwise it will only support HTTP/1. Always wanted to ask what the nghttp2 dependency was for. From what you say I infer that it's only needed for HTTP/2. But what DAV service could benefit from this? Are there DAV clients that know HTTP/2? And speaking about the SNMP agent, are there any plans to complete the transfer of its code from the master process to an independent daemon, issue #1765 <https://github.com/cyrusimap/cyrus-imapd/issues/1765>? (It needs to be moved out to implement efficient chroot) Regards, Anatoli *From:* Ellie Timoney *Sent:* Monday, March 18, 2019 21:55 *To:* Info-cyrus *Subject:* Re: cyrus-imapd build dependencies Hi Patrick, On Mon, Mar 18, 2019, at 11:33 PM, Patrick Goetz wrote: This page on compiling cyrus-imapd: https://www.cyrusimap.org/imap/developer/compiling.html This page is in the developer section, so its context is for people who are Cyrus developers (especially for new contributors needing to get rolling quickly). Expect a certain amount of detail to be glossed over on the assumption that it's already known and/or reasonably documented elsewhere. shows a number of build dependencies; however I was just able to compile cyrus-imapd without these installed: gperf libbsd Are these actually necessary? Probably depends on which features you enable. If you run './configure' without arguments, a number of large features won't be enabled, so any libraries they depend on won't be used. Some of these features are important enough that we (developers) kind of think of them as being probably-always-included even if they default to not. Later in the page, under "Alternate database formats" it shows the configure flags to use in order to use mysql/mariadb as a backend for cyrus databases. I think this is needed if one plans to use virtual domains, but I couldn't get a confirmation on this. These are literally just "alternate database formats" -- maybe you already have extensive expertise in some other database and would rather use that than one of the builtin ones. It has nothing to do with virtual domains. Documentation about the databases used by Cyrus are here: https://www.cyrusimap.org/imap/concepts/deployment/databases.html In any case, the configure options are given as --with-mysql, --with-mysql-incdir, --with-mysql-libdir with no clear indication of what each of these does. For example, is the --with-mysql all inclusive, or does one need to set all 3? The canonical source of information on configure options is the output from './configure --help'. It's kind of assumed that a developer will look there to find this information. Finally a couple of items in the "Other" category are a real head scratcher. For example, what is the purpose of net-snmp? You can click on any of those package names to go to the website for that package and get a description of what it does. For example, Simple Network Management Protocol (SNMP) is a widely used protocol for monitoring the health and welfare of network equipment (eg. routers), computer equipment and even devices like UPSs. Net-SNMP is a suite of applications used to implement SNMP v1, SNMP v2c and SNMP v3 using both IPv4 and IPv6. libnghttp2 is listed as needed for "HTTP/2 support for httpd" -- what's using httpd? Is this to faciliate CalDAV/CardDAV? The Cyrus httpd provides DAV services (which use the HTTP protocol). If you want the Cyrus httpd to support HTTP/2, you will need libnghttp2. Otherwise it will only support HTTP/1. Hope this helps :) ellie ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: script to check quota failed
> Hi, > > seems that there is a problem with your cyrus quota tree > (/var/lib/cyrus/quota) or at least some of its files. In the case of RHEL6 this will be /var/lib/imap/quota/. I suggest to look at the quota files there, they have names like user. and are text files with two lines. Should be easy to find the broken file. Regards, Simon > > Maybe strace command may help you find which files are corrupt: > su - cyrus -c "strace /usr/lib/cyrus-imapd/quota user" > > Anthony Prades > > On 3/18/19 2:32 PM, Stephane Branchoux wrote: >> Hello, >> >> We run cyrus-imapd-2.3.16-6 on a Red Hat Enterprise Linux Server >> release 6.10. >> >> 2 days ago, a power crash occured in our Datacenter. >> >> After reboot of cyrus imap, all seems ok except our script to check >> quota : >> >> su - cyrus -c "/usr/lib/cyrus-imapd/quota user" >> failed building quota list for 'user': System I/O error: %m >> >> I tried : >> >> su - cyrus -c "/usr/lib/cyrus-imapd/quota -f" >> failed building quota list for '*': System I/O error: %m >> >> Any idea ? >> >> Many thanks in advance >> >> >> >> Cyrus Home Page: http://www.cyrusimap.org/ >> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >> To Unsubscribe: >> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: script to check quota failed
Hi, seems that there is a problem with your cyrus quota tree (/var/lib/cyrus/quota) or at least some of its files. Maybe strace command may help you find which files are corrupt: su - cyrus -c "strace /usr/lib/cyrus-imapd/quota user" Anthony Prades On 3/18/19 2:32 PM, Stephane Branchoux wrote: > Hello, > > We run cyrus-imapd-2.3.16-6 on a Red Hat Enterprise Linux Server > release 6.10. > > 2 days ago, a power crash occured in our Datacenter. > > After reboot of cyrus imap, all seems ok except our script to check > quota : > > su - cyrus -c "/usr/lib/cyrus-imapd/quota user" > failed building quota list for 'user': System I/O error: %m > > I tried : > > su - cyrus -c "/usr/lib/cyrus-imapd/quota -f" > failed building quota list for '*': System I/O error: %m > > Any idea ? > > Many thanks in advance > > > > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Which imap command to rename a root mailbox while maintaining its partition
> Hi, > > seems that there is a problem with your cyrus quota tree > (/var/lib/cyrus/quota) or at least some of its files. In the case of RHEL6 this will be /var/lib/imap/quota/. I suggest to look at the quota files there, they have names like user. and are text files with two lines. Should be easy to find the broken file. Regards, Simon > > Maybe strace command may help you find which files are corrupt: > su - cyrus -c "strace /usr/lib/cyrus-imapd/quota user" > > Anthony Prades > > > On 3/18/19 10:13 AM, Marco wrote: >> Il 18/03/2019 08:25, Thomas Cataldo ha scritto: >>> Hi, >>> >>> On cyrus 2.4.x we used to run >>> A1 RENAME mbox1 mbox2 our_partition >>> >>> When we run that on cyrus 3.0.8 we get : >>> A1 NO Cross-server or cross-partition move w/rename not supported >>> >>> Is there a way to do this rename with one command with cyrus3. >>> If we run A1 RENAME mbox1 mbox2 >>> the mailbox is renamed as expected but it moves from our_partition to >>> default which is not what we want. >>> >>> Any suggestion ? >> >> Hello, no suggestions, I verified too. :( But if you have a mailbox >> with: >> >> folder1 --> part1 >> folder2 --> part2 >> >> then you can do: >> >> A1 RENAME folder1 folder2/folder1 >> >> and folder1 is now on part2. So, under some circumstances, a cross >> partition rename seems to be still supported... >> >> Bye >> Marco >> >> Ps: on the above example unixhierarchysep: 1 >> >> Cyrus Home Page: http://www.cyrusimap.org/ >> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >> To Unsubscribe: >> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Which imap command to rename a root mailbox while maintaining its partition
Sorry, bad thread... On 3/18/19 4:49 PM, Anthony Prades via Info-cyrus wrote: > Hi, > > seems that there is a problem with your cyrus quota tree > (/var/lib/cyrus/quota) or at least some of its files. > > Maybe strace command may help you find which files are corrupt: > su - cyrus -c "strace /usr/lib/cyrus-imapd/quota user" > > Anthony Prades > > > On 3/18/19 10:13 AM, Marco wrote: >> Il 18/03/2019 08:25, Thomas Cataldo ha scritto: >>> Hi, >>> >>> On cyrus 2.4.x we used to run >>> A1 RENAME mbox1 mbox2 our_partition >>> >>> When we run that on cyrus 3.0.8 we get : >>> A1 NO Cross-server or cross-partition move w/rename not supported >>> >>> Is there a way to do this rename with one command with cyrus3. >>> If we run A1 RENAME mbox1 mbox2 >>> the mailbox is renamed as expected but it moves from our_partition to >>> default which is not what we want. >>> >>> Any suggestion ? >> Hello, no suggestions, I verified too. :( But if you have a mailbox with: >> >> folder1 --> part1 >> folder2 --> part2 >> >> then you can do: >> >> A1 RENAME folder1 folder2/folder1 >> >> and folder1 is now on part2. So, under some circumstances, a cross >> partition rename seems to be still supported... >> >> Bye >> Marco >> >> Ps: on the above example unixhierarchysep: 1 >> >> Cyrus Home Page: http://www.cyrusimap.org/ >> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >> To Unsubscribe: >> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > ---- > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Which imap command to rename a root mailbox while maintaining its partition
Hi, seems that there is a problem with your cyrus quota tree (/var/lib/cyrus/quota) or at least some of its files. Maybe strace command may help you find which files are corrupt: su - cyrus -c "strace /usr/lib/cyrus-imapd/quota user" Anthony Prades On 3/18/19 10:13 AM, Marco wrote: > Il 18/03/2019 08:25, Thomas Cataldo ha scritto: >> Hi, >> >> On cyrus 2.4.x we used to run >> A1 RENAME mbox1 mbox2 our_partition >> >> When we run that on cyrus 3.0.8 we get : >> A1 NO Cross-server or cross-partition move w/rename not supported >> >> Is there a way to do this rename with one command with cyrus3. >> If we run A1 RENAME mbox1 mbox2 >> the mailbox is renamed as expected but it moves from our_partition to >> default which is not what we want. >> >> Any suggestion ? > > Hello, no suggestions, I verified too. :( But if you have a mailbox with: > > folder1 --> part1 > folder2 --> part2 > > then you can do: > > A1 RENAME folder1 folder2/folder1 > > and folder1 is now on part2. So, under some circumstances, a cross > partition rename seems to be still supported... > > Bye > Marco > > Ps: on the above example unixhierarchysep: 1 > > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Mailbox hierarchy determination?
> On 3/14/19 9:46 AM, Simon Matter wrote: >> I guess you're missing the fact that these options have possibly changed >> between releases. Another thing is that distribution packages can also >> alter the defaults and if they don't do it correct, they may "forget" to >> also change the docs accordingly. >> > > Thank you for your help with this. I think what you're saying is that > for my configuration I should have > >fulldirhash: 1 >hashimapspool: 1 > > > I'm not 100% certain how the defaults are set for my installation -- is > there any way to check this? Our RPMs create two files at build time: /usr/share/cyrus-imapd/rpm/imapd.conf.dist This is what the source distribution uses. /usr/share/cyrus-imapd/rpm/imapd.conf.default This is what the patched build uses. Unfortunately I don't know of a way to get the same info at run time. Regards, Simon Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Mailbox hierarchy determination?
> On 3/14/19 3:50 AM, Simon Matter wrote: >> >> Dirhashing is controlled by "fulldirhash" and "hashimapspool". >> > > > Right. This is what it says in imapd.conf: > > > fulldirhash: 0 >If enabled, uses an improved directory hashing scheme which hashes on > the entire username instead of using just the first letter as the hash. > This changes hash algorithm used for quota and user directories and if > hashimapspool is enabled, the entire mail spool. > > Note that this option CANNOT be changed on a live system. The server > must be quiesced and then the directories moved with the rehash utility. > > hashimapspool: 0 > If enabled, the partitions will also be hashed, in addition to the > hashing done on configuration directories. This is recommended if one > partition has a very bushy mailbox tree. > > > I don't have these options enabled, and my interpretation of this > description is that enabling them would facilitate my configuration, not > the other way around. This is what confused me in the first place. > > What am I missing? I guess you're missing the fact that these options have possibly changed between releases. Another thing is that distribution packages can also alter the defaults and if they don't do it correct, they may "forget" to also change the docs accordingly. Regards, Simon Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Mailbox hierarchy determination?
> The first couple of times I set up cyrus-imapd I used Debian packages
> which separated mailboxes in the default partition into folders based on
> the starting letter of the mailbox; i.e. something like:
>
>/var/spool/cyrus/mail/{[A-Z,a-z,0-9]}/user
>
> Since I have fewer than 50 users and since I found myself frequently
> "going to the files" so to speak to definitely determine the presence or
> absence of some message a user was concerned about, this hierarchy was
> something of a annoyance, so during the last major upgrade I switched
> this to:
>
> /srv/imap/{user1,user2,...,userN}
>
> i.e. flattening the folder structure and moving the default partition to
> a large non-system disk unaffected by /var volatility.
>
> Now for the life of me I can't figure out what setting in imapd.conf (if
> any) facilitated this structure (not the location of the default
> partition, but rather not using the [A-Z,a-z,0-9] subfolders.
>
> Last time I left the sieve folders divided by letter; in the next
> iteration I'd like to flatten that folder structure to.
>
> Looking at the Arch package post_install script, it pre-creates a ton of
> folders:
>
> --
> # all kinds of directories needed for the IMAP spool
> for subdir in imap/{,db,log,msg,proc,socket,sieve}
> spool/imap/{,stage.}; do
> if [ ! -d /var/${subdir} ]; then
> mkdir -m 0750 -p "/var/${subdir}"
> fi
> done
> for subdir in imap/{user,quota,sieve} spool/imap; do
> for i in a b c d e f g h i j k l m n o p q r s t v u w x y z \
> A B C D E F G H I J K L M N O P Q R S T U V W X Y Z \
> 0 1 2 3 4 5 6 7 8 9; do
> if [ ! -d /var/${subdir}/${i} ]; then
> mkdir -m 0750 -p "/var/${subdir}/${i}"
> fi
> done
> --
>
> I'm wondering how much or if any of this is really necessary. Will cyrus
> autocreate the necessary folders if missing?
Dirhashing is controlled by "fulldirhash" and "hashimapspool".
IIRC creating the dirs like above is not needed, they are created on demand.
Regards,
Simon
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyrus 2.5 imap idle/stuck connections (DOS like)
My "man imapd.conf" doesn't list this option at all. I think my Cyrus 2.5.10 is older than it.. But I've added it to the .conf anyway. Won't hurt if it doesn't exist yet, right? lol Atenciosamente, Heiler Bemerguy - CINBESA Analista de Redes, Wi-Fi, Virtualização e Serviços Internet (55) 91 98151-4894 Em 07/03/2019 11:58, Wolfgang Breyha escreveu: Heiler Bemerguy via Info-cyrus wrote on 07/03/2019 15:39: Yes I've read imapd.conf and cyrus.conf and found no options to limit connections per source IP or "idleness".. It means anyone can open a lot of connections to any port (143, 25, 110 etc) and render the server unusable?? You can try to set imapidletimeout: as documented in "man imapd.conf". To keep your server "RFC friendly" this value should not be lower than 30 minutes, because RFC 2177:3. recommends that clients show activity at least every 29 minutes. Greetings, Wolfgang Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyrus 2.5 imap idle/stuck connections (DOS like)
Thank you very much, it worked perfectly.
Best Regards,
Heiler Bemerguy - CINBESA
Analista de Redes, Wi-Fi,
Virtualização e Serviços Internet
(55) 91 98151-4894
Em 07/03/2019 11:55, Ivan Kuznetsov escreveu:
Hello
iptables -A INPUT -p tcp --syn --dport 143 -m connlimit
--connlimit-above 8 -j REJECT
This will limit established imap connections to 8 per ip
07.03.2019 17:39, Heiler Bemerguy via Info-cyrus пишет:
Yes I've read imapd.conf and cyrus.conf and found no options to limit
connections per source IP or "idleness"..
It means anyone can open a lot of connections to any port (143, 25,
110 etc) and render the server unusable??
I'm using Debian, so I'll try to figure out how to do that with
iptables.. Thanks!
Best Regards,
Heiler Bensimon Bemerguy - CINBESA
Analista de Redes, Wi-Fi,
Virtualização e Serviços Internet
(55) 91 98151-4894
Em 07/03/2019 11:25, Willem Offermans escreveu:
Dear Cyrus friends and Heiler Bensimon Bemerguy,
You could use your firewall to achieve this.
For ipfw:
${fwcmd} add pass tcp from any to ${ip_me} imap setup limit src-addr 10
You have to lookup the right syntax for your firewall.
Dit you check man imapd or man cyrus, maybe there is also an option
for the daemon itself, but I would prefer the firewall.
Wiel Offermans
wil...@offermans.rompen.nl <mailto:wil...@offermans.rompen.nl>
On 7 Mar 2019, at 14:53, Heiler Bemerguy via Info-cyrus
<mailto:info-cyrus@lists.andrew.cmu.edu>> wrote:
Hail,
I've noticed an user with ~200 open connections to cyrus imap port
(143) and, because of him, no one else could login to the server.
I've noticed even with a single "telnet ip 143", the connection is
accepted and never ever dropped, even while still unauthenticated.
How to stop that from happening?
cyrus.conf:
imap cmd="imapd -U 30" listen="imap" prefork=6 maxchild=200
--
Atenciosamente,
Heiler Bensimon Bemerguy - CINBESA
Analista de Redes, Wi-Fi,
Virtualização e Serviços Internet
(55) 91 98151-4894
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyrus 2.5 imap idle/stuck connections (DOS like)
Yes I've read imapd.conf and cyrus.conf and found no options to
limit connections per source IP or "idleness"..
It means anyone can open a lot of connections to any port (143,
25, 110 etc) and render the server unusable??
I'm using Debian, so I'll try to figure out how to do that with
iptables.. Thanks!
Best Regards,
Heiler Bensimon Bemerguy - CINBESA
Analista de Redes, Wi-Fi,
Virtualização e Serviços Internet
(55) 91 98151-4894
Em 07/03/2019 11:25, Willem Offermans
escreveu:
Dear Cyrus friends and Heiler Bensimon Bemerguy,
You could use your firewall to achieve this.
For ipfw:
${fwcmd} add pass tcp from any to ${ip_me} imap
setup limit src-addr 10
You have to lookup the right syntax for your
firewall.
Dit you check man imapd or man cyrus, maybe there is
also an option for the daemon itself, but I would prefer the
firewall.
Wiel
Offermans
wil...@offermans.rompen.nl
On 7 Mar 2019, at 14:53, Heiler Bemerguy via
Info-cyrus <info-cyrus@lists.andrew.cmu.edu>
wrote:
Hail,
I've noticed an user with ~200 open connections to cyrus
imap port (143) and, because of him, no one else could
login to the server.
I've noticed even with a single "telnet ip 143", the
connection is accepted and never ever dropped, even while
still unauthenticated.
How to stop that from happening?
cyrus.conf:
imap cmd="imapd -U 30" listen="imap" prefork=6
maxchild=200
--
Atenciosamente,
Heiler Bensimon Bemerguy - CINBESA
Analista de Redes, Wi-Fi,
Virtualização e Serviços Internet
(55) 91 98151-4894
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
cyrus 2.5 imap idle/stuck connections (DOS like)
Hail, I've noticed an user with ~200 open connections to cyrus imap port (143) and, because of him, no one else could login to the server. I've noticed even with a single "telnet ip 143", the connection is accepted and never ever dropped, even while still unauthenticated. How to stop that from happening? cyrus.conf: imap cmd="imapd -U 30" listen="imap" prefork=6 maxchild=200 -- Atenciosamente, Heiler Bensimon Bemerguy - CINBESA Analista de Redes, Wi-Fi, Virtualização e Serviços Internet (55) 91 98151-4894 Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Cyrus-imapd 2.4.17: processes stick on mailbox locking resulting in total mailsystem failure
> Hi Ellie > > Thanks a lot, I will try to build and test 2.4.20 Maybe try this: http://www.invoca.ch/pub/packages/cyrus-imapd/RPMS/ils-7/SRPMS/cyrus-imapd-2.4.20-2.el7.src.rpm Regards, Simon Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Upgrade to cyrus-imapd and connection drops when searching mailboxes
On Fri, January 11, 2019 17:51, Michael Menge wrote: Thank you for your assistance. > > have you configured a search engine? and have you enabled the > conversation db. > Xapian and Squatter seam to require enabled conversation db to use the > search index. At least for squatter there is even a performance > regression for TEXT search even if conversation db is enabled > (https://github.com/cyrusimap/cyrus-imapd/issues/2598) I do not believe that I have configured a search engine. > > >> Are the longlock reports and the imap connection drop related? >> > An cyrus processes tires to gain access to the mailbox while an > other process is still accessing it. If this takes to long the client > might disconnect. You can try telemetry logging to discover what is > happening. >> If imap drops a connection is the reason for that event logged? Can >> it be logged? >> > The question is which side drops the connection the cyrus-imapd > process or the imap client (squirrelmail)? tcpdum and telemetry > logging might reveal the answer. Squirrelmail reports that the IMAP server dropped the connection as part of the error message. In any case, even if it is the squrrelmail client that is dropping the connection one would expect that imap service could report this event. So the question remains, how does one log the cause of cyrus_imapd dropping a connection? As to the cause of the problem. It was an excessive load on the imap daemon from a persistent brute force attack. A recent reconfiguration and change of server host resulted in port 993 being opened to unrestricted public access. This attracted the usual assortment of script kiddies, security 'researchers' of various ilk, and so forth. Closing that port down immediately resolved the issue. Thanks for the suggestions. I will look into these now that the crisis has passed. Regards, -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Upgrade to cyrus-imapd and connection drops when searching mailboxes
cyrus-imapd30-3.0.8_2 Name : cyrus-imapd30 Version: 3.0.8_2 Installed on : Tue Jan 8 11:07:34 2019 EST Origin : mail/cyrus-imapd30 Architecture : FreeBSD:11:amd64 Prefix : /usr/local Categories : ipv6 mail Licenses : BSD4CLAUSE Maintainer : u...@freebsd.org Since upgrading to this version from 3.0.8_1 on January 8 we have seen a considerable increase of messages in the maillog that look similar to this: CYRUS/lmtpunix[79768]: mailbox: longlock user.name.delivery for 1.4 seconds Where the number of seconds varies between 1.x and 11.x. When I say considerably I mean from between 10 and 30 per log rollover to over 800 today and it is not yet noon. Perhaps coincidently, users are reporting imap connections dropping when they are performing text searches on their mailboxes. The user mail client being squirrelmail. Are the longlock reports and the imap connection drop related? If imap drops a connection is the reason for that event logged? Can it be logged? -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: sieve runtime error
> Thanks, this got me looking into sendmail a little closer. I've never used
> the program and didn't realize a dummy sendmail binary was installed on my
> system. Actually installed sendmail and it works now, messages are being
> filtered.
You don't have to install sendmail, also postfix has a compatible sendmail
binary. Only the sendmail config in imapd.conf may not point to it.
Regards,
Simon
>
> On Tue, Dec 18, 2018 at 4:32 AM Simon Matter
> wrote:
>
>> > I'm trying to setup sieve and getting the following error in my logs:
>> >
>> > Dec 17 10:36:07 bllmail01 cyrus/lmtp[14530]: sieve runtime error for
>> > jschaef...@harmonywave.net id
>> > :
>> > Reject: Sendmail process terminated normally, exit status 255
>> >
>> >
>> > I'm following the documentation here:
>> >
>> https://www.cyrusimap.org/imap/reference/admin/sieve.html?highlight=sieve#testing-the-sieve-server
>> >
>> > I'm trying to get sieve working on my IMAP server. Using Ubuntu 16.04
>> with
>> > the cyrus-imapd 2.4.18-3 package. I'm using the test sieve script
>> shown
>> in
>> > the documentation to reject everything from my personal email:
>> >
>> > require ["reject","fileinto"];
>> > if address :is :all "From" "jschaeffer0...@gmail.com"
>> > {
>> > reject "testing";
>> > }
>> >
>> > I then connect using sieveshell, upload the file, and activate it:
>> >
>> > root@bllmail01:~# sieveshell -u jschaef...@harmonywave.net -a
>> > jschaef...@harmonywave.net mail.harmonywave.cloud
>> > connecting to mail.harmonywave.cloud
>> > Please enter your password:
>> >> put /tmp/testing.sieve testing
>> >> activate testing
>> >> list
>> > testing <- active script
>> >> quit
>> >
>> > However when I send a test email from my personal account to the email
>> > I have setup on the IMAP server it always comes through and I get this
>> > in mail.log:
>> >
>> > Dec 17 10:36:07 bllmail01 cyrus/lmtp[14530]: sieve runtime error for
>> > jschaef...@harmonywave.net id
>> > :
>> > Reject: Sendmail process terminated normally, exit status 255
>>
>> I think sieve tries to send mail using the configured sendmail binary
>> and
>> that doesn't work for some reason. You may check the sendmail config in
>> your imapd.conf and also consult the mail logs to learn more.
>>
>> Regards,
>> Simon
>>
>>
>
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Question for upgrading
On Thu, December 13, 2018 13:25, Egoitz Aurrekoetxea wrote: > Hi again! > > > Else as a simplication way can you replicate any manner a 2.3 with some > newer version?. At least in manual mode (not rolling)?. The replication protocol in 2.4 is not compatible wit 2.3. There is no easy way. I'm rsync'ing one account at a time between 2.3 and 2.4 with IMAP/POP and LMTP access disabled, followed by a reconstruct, and then enabling IMAP/POP and LMTP access. Many terrabytes to go. You could also look at imapsync but its slow. > > Cheers. > > > --- > > > EGOITZ AURREKOETXEA > Departamento de sistemas > 944 209 470 > Parque Tecnológico. Edificio 103 > 48170 Zamudio (Bizkaia) > ego...@sarenet.es www.sarenet.es [1] Antes de imprimir este correo > electrónico piense si es > necesario hacerlo. > > El 13-12-2018 16:52, Egoitz Aurrekoetxea escribió: > > >> Good afternoon, >> >> >> I was trying to upgrade part of our Cyrus imap installation, concretely that >> one consisting in >> still 2.3. I was planning to set up Cyrus 3.0. I have seen all works >> properly except for the >> unexpunge command because as someone stated here, a reconstruct -V max was >> needed.The problem >> is that this reconstruct command, takes ages and I'm not able to keep the >> service offline so >> many time. So I have been thinking in the following scenario : >> >> - Cyrus 2.3 master -> Cyrus 2.4 slave >> >> >> Get this 2.4 slave ready and set it as master. But here comes my first >> doubt. Does the 2.4 >> replication work with the 2.3 replication?. Can in this pair, both (the 2.3 >> and the 2.4) be >> both master and slave?. I mean to switch roles in the pair. Make one become >> master and the >> other slave and vice versa?. >> >> Let's think now Cyrus 2.4 is ready and working. >> >> >> - Now, I would set up a new 3.0 slave. I know 2.4 could replicate with 3.0. >> So I would get the >> 3.0 ready and then set 3.0 as master. Can in this pair both the 2.4 and 3.0 >> be master and >> slave?. Meaning again to the same role switching commented before... to make >> one to be master >> and the other slave or vice versa >> >> I'l will end up with 2 3.0 master and slave... but I need to trace the >> path... >> >> >> Does anyone see any other way?. >> >> >> Best regards, >> >> >> - >> >> >> -- >> >> >> EGOITZ AURREKOETXEA >> Departamento de sistemas >> 944 209 470 >> Parque Tecnológico. Edificio 103 >> 48170 Zamudio (Bizkaia) >> ego...@sarenet.es www.sarenet.es [1] Antes de imprimir este correo >> electrónico piense si es >> necesario hacerlo. >> Cyrus Home Page: http://www.cyrusimap.org/ >> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >> To Unsubscribe: >> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus >> > > > Links: > -- > [1] http://www.sarenet.es Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
HELP: Can't fix quota, it seems renamed-back mailbox doesn't exists at all
Hail, this is a Cyrus 2.5.10-3 on Debian 9 A mailbox was accidentaly deleted, as the log shows: Dec 4 11:56:42 localhost cyrus/imap[27354]: Rename: user.planejamento^funbosque -> DELETED.user.planejamento^funbosque.5C0695AA Dec 4 11:56:42 localhost cyrus/imap[27354]: Deleted mailbox user.planejamento^funbosque Dec 4 11:56:42 localhost cyrus/imap[27354]: Rename: user.planejamento^funbosque.Drafts -> DELETED.user.planejamento^funbosque.Drafts.5C0695AA Dec 4 11:56:42 localhost cyrus/imap[27354]: Deleted mailbox user.planejamento^funbosque.Drafts Dec 4 11:56:42 localhost cyrus/imap[27354]: Rename: user.planejamento^funbosque.Junk -> DELETED.user.planejamento^funbosque.Junk.5C0695AA Dec 4 11:56:42 localhost cyrus/imap[27354]: Deleted mailbox user.planejamento^funbosque.Junk Dec 4 11:56:42 localhost cyrus/imap[27354]: Rename: user.planejamento^funbosque.Sent -> DELETED.user.planejamento^funbosque.Sent.5C0695AA Dec 4 11:56:42 localhost cyrus/imap[27354]: Deleted mailbox user.planejamento^funbosque.Sent Dec 4 11:56:42 localhost cyrus/imap[27354]: Rename: user.planejamento^funbosque.Spam -> DELETED.user.planejamento^funbosque.Spam.5C0695AA Dec 4 11:56:42 localhost cyrus/imap[27354]: Deleted mailbox user.planejamento^funbosque.Spam Dec 4 11:56:42 localhost cyrus/imap[27354]: Rename: user.planejamento^funbosque.Trash -> DELETED.user.planejamento^funbosque.Trash.5C0695AA Dec 4 11:56:42 localhost cyrus/imap[27354]: Deleted mailbox user.planejamento^funbosque.Trash I renamed it back to try to recover it, manually with cyradm: Dec 4 12:59:38 localhost cyrus/imap[39601]: Rename: DELETED.user.planejamento^funbosque.5C0695AA -> user.planejamento^funbosque Dec 4 12:59:38 localhost cyrus/imap[39601]: Deleted mailbox DELETED.user.planejamento^funbosque.5C0695AA Dec 4 13:02:03 localhost cyrus/imap[39601]: Rename: DELETED.user.planejamento^funbosque.Drafts.5C0695AA -> user.planejamento^funbosque.Drafts Dec 4 13:02:03 localhost cyrus/imap[39601]: Deleted mailbox DELETED.user.planejamento^funbosque.Drafts.5C0695AA Dec 4 13:02:27 localhost cyrus/imap[39601]: Rename: DELETED.user.planejamento^funbosque.Junk.5C0695AA -> user.planejamento^funbosque.Junk Dec 4 13:02:27 localhost cyrus/imap[39601]: Deleted mailbox DELETED.user.planejamento^funbosque.Junk.5C0695AA Dec 4 13:02:54 localhost cyrus/imap[39601]: Rename: DELETED.user.planejamento^funbosque.Sent.5C0695AA -> user.planejamento^funbosque.Sent Dec 4 13:02:54 localhost cyrus/imap[39601]: Deleted mailbox DELETED.user.planejamento^funbosque.Sent.5C0695AA Dec 4 13:03:20 localhost cyrus/imap[39601]: Rename: DELETED.user.planejamento^funbosque.Spam.5C0695AA -> user.planejamento^funbosque.Spam Dec 4 13:03:20 localhost cyrus/imap[39601]: Deleted mailbox DELETED.user.planejamento^funbosque.Spam.5C0695AA Dec 4 13:04:18 localhost cyrus/imap[39601]: Rename: DELETED.user.planejamento^funbosque.Trash.5C0695AA -> user.planejamento^funbosque.Trash Dec 4 13:04:18 localhost cyrus/imap[39601]: Deleted mailbox DELETED.user.planejamento^funbosque.Trash.5C0695AA All the files are there on the filesystem, but the quota usage isn't right. I've already tried cyrus reconstruct -r -f user/planejamento^funbosque cyrus quota -f user/planejamento^funbosque cyrus quota -f user/planejamento.funbosque And a full "cyrus check" with no luck.. The command LQ simply shows nothing. Like this: 127.0.0.1> lq user/planejamento.funbosque Any ideas?! root@mailer:/var/spool/cyrus/mail/p/user/planejamento^funbosque# cat cyrus.header Cyrus mailbox header "The best thing about this system was that it had lots of goals." --Jim Morris on Andrew 3e5650f459303706 $MDNSent $Forwarded planejamento.funbosque lrswipkxtecdan root@mailer:/var/spool/cyrus/mail/p/user/planejamento^funbosque# du -hs 570M . -- Atenciosamente, Heiler Bensimon Bemerguy - CINBESA Analista de Redes, Wi-Fi, Virtualização e Serviços Internet (55) 91 98151-4894 Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyrus 2.4 and DBERROR
Hi, Try db_recover tool in /var/lib/cyrus, somithing like (depends of your install): -- stop cyrus -- cd /var/lib/cyrus && db_recover -v -h /var/lib/cyrus/db -- start cyrus -- or herder version: -- stop cyrus -- cd /var/lib/cyrus && db_recover -c -v -h /var/lib/cyrus/db -- start cyrus -- If problem persists, you may convert your db file to flat, then flat to db using cvt_cyrusdb tool - something like: -- stop cyrus -- cvt_cyrusdb /var/lib/cyrus/mailboxes.db skiplist /tmp/mailboxes flat mv /var/lib/cyrus/mailboxes.db /var/lib/cyrus/mailboxes.db.orig cvt_cyrusdb /tmp/mailboxes flat /var/lib/cyrus/mailboxes.db skiplist chown cyrus:mail /var/lib/cyrus/mailboxes.db -- start cyrus -- Note: do backup before... Anthony On 12/1/18 8:20 AM, chose wrote: Good morning, what caused this and how to recover. All files in db/ directory were deleted and cyrus restarted, still no progress. Dec 1 07:57:44 email11 imap[4498]: DBERROR db4: PANIC: fatal region error detected; run recovery Dec 1 07:57:44 email11 imap[4498]: DBERROR: critical database situation Dec 1 07:57:44 email11 idled[4422]: DBERROR db4: PANIC: fatal region error detected; run recovery Dec 1 07:57:44 email11 idled[4422]: DBERROR: critical database situation Dec 1 07:57:44 email11 imap[4428]: DBERROR db4: PANIC: fatal region error detected; run recovery Dec 1 07:57:44 email11 imap[4428]: DBERROR: critical database situation Dec 1 07:57:44 email11 imap[4482]: DBERROR db4: PANIC: fatal region error detected; run recovery Cyrus imap is working, but it si slow. Thanks and best regards J.Karliak Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: suddenly 'User unknown'?
Ha.. SOLVED IT :-))
/etc/host REQUIRES the entry:
192.168.0.3 dell2600-1.bradcan.homelinux.com dell2600-1
Then:
[root@dell2600-1 brad]# sendmail -C /etc/mail/sendmail.cf -bt
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter
> $=w
dell2600-1.bradcan.homelinux.com
dell2600-1
localhost.localdomain
localhost
bradcan.co.uk
[192.168.0.3]
> /quit
Don't ask me what changed...
Thanks for the 'help'
On 02/12/2018 14:19, Charles Bradshaw via Info-cyrus wrote:
> Edda,
>
> I think there might be some clues, but I'm struggling to understand the
> below results.
>
> On 30/11/2018 17:36, Edda wrote:
>> Am 30.11.18 um 17:34 schrieb Charles Bradshaw:
>>> Edda,
>>>
>>> On 30/11/2018 15:48, Edda wrote:
>>>> Not a cyrus issue. Apparently sendmail strips the domain as you see in
>>>> lines like "RCPT To:"
>>>>
>>>> Your cyrusv2 Mailer in sendmail.mc seems correct to me.
>>>>
>>>> What do you get from (you can skip all the line for user root)
>>>>
>>>> sendmail -d21.1 -bv b...@bradcan.homelinux.com
>>> as brad:
>>>
>>> [brad@dell2600-1 ~]$ sendmail -d21.1 -bv b...@bradcan.homelinux.com
>>> Notice: -bv may give misleading output for non-privileged user
>>> can not chdir(/var/spool/mqueue/): Permission denied
>>> Program mode requires special privileges, e.g., root or TrustedUser.
>>>
>>> How do I setup TrustUser?
>> The message is a bit missleading. You can't just add a TrustedUser to
>> sendmail and run this test. You would have to change all
>> privileges It's absolutely ok to check the daemon as root.
>>
>>> but as root:
>>>
>>> [root@dell2600-1 brad]# sendmail -d21.1 -bv b...@bradcan.homelinux.com
>>>
>>> [...]
>>> . com . >
>>> rewrite: ruleset Parse1 input: brad < @ bradcan . homelinux
>>> . com . >
>>> rewrite: ruleset Parse1 returns: $# cyrusv2 $: brad
>>> rewrite: ruleset parse returns: $# cyrusv2 $: brad
>>> rewrite: ruleset 2 input: brad
>>> rewrite: ruleset 2 returns: brad
>>> rewrite: ruleset EnvToSMT input: brad
>>> rewrite: ruleset EnvToSMT returns: brad
>>> rewrite: ruleset final input: brad
>>> rewrite: ruleset final returns: brad
>>> b...@bradcan.homelinux.com... deliverable: mailer cyrusv2, user brad
>> The Parse1 ruleset considers b...@bradcan.homeliniux.com as a local
>> machine's user (Class $=w in sendmail). Therefore it strips the domain.
>>
>> You can check $=w like this:
>>
>> sendmail -C sendmail.cf -bt
>>> $=w
>> localhost
>> [127.0.0.1]
>> dell2600-1.bradcan.homelinux.com
>> [...]
>>> /quit
>> Look for bradcan.homelinux.com
>>
>> Do you have an entry for bradcan.homelinux.com in /etc/hosts? Then you
>> can simply delete it.
> No bradcan.homelinux.com is not in /etc/hosts or /etc/resolv.conf - But
> this:
>
> [brad@dell2600-1 ~]$ sendmail -C /etc/mail/sendmail.cf -bt
> ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
> Enter
>> $=w
> dell2600-1.bradcan.homelinux.com
> [213.106.111.18]
> localhost.localdomain
> localhost
> bradcan.co.uk
> bradcan.homelinux.com
>> /quit
> And this:
>
> [root@dell2600-1 mail]# hostname --fqdn
> bradcan.homelinux.com
>
> Whereas other hosts on the network show: host.bradcan.homelinux.com
>
> ~o~
>
> And after removing some comments and ignoring binary file matches # grep
> bradcan.homelinyx.com /etc/mail/* produces:
>
> access:bradcan.homelinux.com RELAY
>
> mailertable:bradcan.homelinux.com cyrusv2:/var/lib/imap/socket/lmtp
>
> sendmail.cf:C{M}bradcan.homelinux.com
>
> sendmail.mc:MASQUERADE_DOMAIN(bradcan.homelinux.com)
> sendmail.mc~:MASQUERADE_DOMAIN(bradcan.homelinux.com)
>
> virtusertable:@bradcan.co.uk %1...@bradcan.homelinux.com
>
> ??? are any of the above now somehow incorrect ???
>
> ??? Should I have the following line in virtusertable, The comments seem
> to suggest that I should. ???:
>
> @bradcan.homelinux.com %1%3
>
>> Edda
>>
>>
>> Cyrus Home Page: http://www.cyrusimap.org/
>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>> To Unsubscribe:
>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: suddenly 'User unknown'?
Edda,
I think there might be some clues, but I'm struggling to understand the
below results.
On 30/11/2018 17:36, Edda wrote:
> Am 30.11.18 um 17:34 schrieb Charles Bradshaw:
>> Edda,
>>
>> On 30/11/2018 15:48, Edda wrote:
>>> Not a cyrus issue. Apparently sendmail strips the domain as you see in
>>> lines like "RCPT To:"
>>>
>>> Your cyrusv2 Mailer in sendmail.mc seems correct to me.
>>>
>>> What do you get from (you can skip all the line for user root)
>>>
>>> sendmail -d21.1 -bv b...@bradcan.homelinux.com
>> as brad:
>>
>> [brad@dell2600-1 ~]$ sendmail -d21.1 -bv b...@bradcan.homelinux.com
>> Notice: -bv may give misleading output for non-privileged user
>> can not chdir(/var/spool/mqueue/): Permission denied
>> Program mode requires special privileges, e.g., root or TrustedUser.
>>
>> How do I setup TrustUser?
>
> The message is a bit missleading. You can't just add a TrustedUser to
> sendmail and run this test. You would have to change all
> privileges It's absolutely ok to check the daemon as root.
>
>>
>> but as root:
>>
>> [root@dell2600-1 brad]# sendmail -d21.1 -bv b...@bradcan.homelinux.com
>>
>> [...]
>> . com . >
>> rewrite: ruleset Parse1 input: brad < @ bradcan . homelinux
>> . com . >
>> rewrite: ruleset Parse1 returns: $# cyrusv2 $: brad
>> rewrite: ruleset parse returns: $# cyrusv2 $: brad
>> rewrite: ruleset 2 input: brad
>> rewrite: ruleset 2 returns: brad
>> rewrite: ruleset EnvToSMT input: brad
>> rewrite: ruleset EnvToSMT returns: brad
>> rewrite: ruleset final input: brad
>> rewrite: ruleset final returns: brad
>> b...@bradcan.homelinux.com... deliverable: mailer cyrusv2, user brad
>
> The Parse1 ruleset considers b...@bradcan.homeliniux.com as a local
> machine's user (Class $=w in sendmail). Therefore it strips the domain.
>
> You can check $=w like this:
>
> sendmail -C sendmail.cf -bt
> > $=w
> localhost
> [127.0.0.1]
> dell2600-1.bradcan.homelinux.com
> [...]
> >/quit
>
> Look for bradcan.homelinux.com
>
> Do you have an entry for bradcan.homelinux.com in /etc/hosts? Then you
> can simply delete it.
No bradcan.homelinux.com is not in /etc/hosts or /etc/resolv.conf - But
this:
[brad@dell2600-1 ~]$ sendmail -C /etc/mail/sendmail.cf -bt
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter
> $=w
dell2600-1.bradcan.homelinux.com
[213.106.111.18]
localhost.localdomain
localhost
bradcan.co.uk
bradcan.homelinux.com
> /quit
And this:
[root@dell2600-1 mail]# hostname --fqdn
bradcan.homelinux.com
Whereas other hosts on the network show: host.bradcan.homelinux.com
~o~
And after removing some comments and ignoring binary file matches # grep
bradcan.homelinyx.com /etc/mail/* produces:
access:bradcan.homelinux.com RELAY
mailertable:bradcan.homelinux.com cyrusv2:/var/lib/imap/socket/lmtp
sendmail.cf:C{M}bradcan.homelinux.com
sendmail.mc:MASQUERADE_DOMAIN(bradcan.homelinux.com)
sendmail.mc~:MASQUERADE_DOMAIN(bradcan.homelinux.com)
virtusertable:@bradcan.co.uk %1...@bradcan.homelinux.com
??? are any of the above now somehow incorrect ???
??? Should I have the following line in virtusertable, The comments seem
to suggest that I should. ???:
@bradcan.homelinux.com %1%3
> Edda
>
> ----
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: IMAPD-3.0.8 on FreeBSD-11.2 unindexed messages in inbox
On Fri, November 30, 2018 12:35, Patrick Boutilier wrote: > > > Most likely delayed expunge. Does this show 209? > > unexpunge -l user.realuserid |grep UID|wc -l > Yes it does. Thanks. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: suddenly 'User unknown'?
: brad < @ bradcan . homelinux
. com . >
rewrite: ruleset parse input: brad < @ bradcan . homelinux
. com . >
rewrite: ruleset Parse0 input: brad < @ bradcan . homelinux
. com . >
rewrite: ruleset Parse0 returns: brad < @ bradcan . homelinux
. com . >
rewrite: ruleset ParseLocal input: brad < @ bradcan . homelinux
. com . >
rewrite: ruleset ParseLocal returns: brad < @ bradcan . homelinux
. com . >
rewrite: ruleset Parse1 input: brad < @ bradcan . homelinux
. com . >
rewrite: ruleset Parse1 returns: $# cyrusv2 $: brad
rewrite: ruleset parse returns: $# cyrusv2 $: brad
rewrite: ruleset 2 input: brad
rewrite: ruleset 2 returns: brad
rewrite: ruleset EnvToSMT input: brad
rewrite: ruleset EnvToSMT returns: brad
rewrite: ruleset final input: brad
rewrite: ruleset final returns: brad
b...@bradcan.homelinux.com... deliverable: mailer cyrusv2, user brad
But as root:
[root@dell2600-1 brad]# sendmail b...@bradcan.homelinux.com < email.txt
Still reports 'User unknown' in /etc/maillog
>
> Greets,
> Edda
>
> Am 30.11.18 um 16:34 schrieb Charles Bradshaw via Info-cyrus:
>>
>> Patrick, Javier, at last progress. Brilliant. :-) See below.
>>
>> [root@dell2600-1 brad]# strace -p 10146
>>
>>
> [...]
>> read(0, "RCPT To:\r\nDATA\r\n", 4096) = 22
>>
> [...]
>> +++ exited with 0 +++
>>
>> I don't understand the above! Except there are a number of lines like:
>>
>> open("/var/lib/imap/log/postman/lmtpunix-10146",
>> O_WRONLY|O_CREAT|O_APPEND, 0644) = -1 ENOENT (No such file or directory)
>>
>> Does any of the above explain 'User unknown', apart from fact that
>> lmtp quit with SIGALRM
>>
>> I created /var/lib/imap/log/postman then when the test email is sent
>> /var/lib/imap/log/postman contains this message:
>>
>> -- postman Fri Nov 30 15:04:47 2018
>>
>> >1543590287>220 dell2600-1.bradcan.homelinux.com Cyrus LMTP
>> v2.4.17-Invoca-RPM-2.4.17-7.el6 server ready
>> <1543590287> >1543590287>250-dell2600-1.bradcan.homelinux.com
>> 250-8BITMIME
>> 250-ENHANCEDSTATUSCODES
>> 250-PIPELINING
>> 250-SIZE
>> 250-AUTH EXTERNAL
>> 250 IGNOREQUOTA
>> <1543590287 SIZE=653
>> >1543590287>250 2.1.0 ok
>> <1543590287
>> DATA
>> >1543590287>550-Mailbox unknown. Either there is no mailbox
>> associated with this
>> 550-name or you do not have authorization to see it.
>> 550 5.1.1 User unknown
>> ...
>>
>> Now I'm guessing, since user b...@bradcan.homelinux.com does exist
>> and is working then it must be authorization.
>>
>> So why is authorization failing after years of working? How do I test
>> authorization?
>>
>>
>
>
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
IMAPD-3.0.8 on FreeBSD-11.2 unindexed messages in inbox
While investigating a problem I encountered a(nother) situation that I do not understand. I entered a user's root mailbox using cd and did 'ls -l *\.'. There are 245 files with names like '999\.' in this directory. My understanding is that this would up as 245 messages in the user's INBOX display. However, the user's INBOX only shows 36. There is is also a subfolder named 'INBOX^Trash' that is shown to contain 246 messages but which actually contains 14820. I am not familiar with IMAP3 and have only recently converted to it from imap2 running on a different host. It was during the conversion process that the existing .Trash/.Sent/.Drafts were replaced by INBOX^Trash/INBOX^Sent/INBOX^Drafts. So there may be something obvious that I do not know about. I speculate that this has something to do with the difference between delete and expunge but I would like to know for certain what is happening if someone would explain it to me. Thanks -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: suddenly 'User unknown'?
Is my TLS configuration correct? /etc/imapd.conf contains: tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt tls_cipher_list: TLSv1:SSLv3:!NULL:!EXPORT:!DES:!LOW:@STRENGTH Files exist: [root@dell2600-1 brad]# ls -l /etc/pki/cyrus-imapd/cyrus-imapd.pem -rw-r-. 1 root mail 3242 Apr 12 2014 /etc/pki/cyrus-imapd/cyrus-imapd.pem [root@dell2600-1 brad]# ls -l /etc/pki/tls/certs/ca-bundle.crt -rw-r--r--. 1 root root 754217 Feb 28 2018 /etc/pki/tls/certs/ca-bundle.crt Is the tls_cipher_list still valid?? CUT: Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: suddenly 'User unknown'?
Patrick, Javier, at last progress. Brilliant. :-) See below.
On 30/11/2018 14:16, Patrick Boutilier wrote:
> On 11/30/18 10:00 AM, Charles Bradshaw via Info-cyrus wrote:
>> Javier
>>
>> On 30/11/2018 11:49, Javier Angulo wrote:
>>> On 11/29/18 8:00 PM, Charles Bradshaw via Info-cyrus wrote:
>>>> Now you tell me is cyrus syslog being sent to /var/log/maillog? Or
>>>> should it be going to /var/imapd.log as the configuration files, man
>>>> pages and cyrus installation guides ( found here:
>>>> https://www.cyrusimap.org/imap/installing.html ) say it should?
>>> I believe there is no "syslog_facility:" option in cyrus 2.4 (at
>>> least I
>>> was unable to find it). You can configure it in cyrus3 and maybe in
>>> cyrus 2.5.
>> I removed syslog_facility from imapd.conf
>>> So in /etc/imapd.conf I would remove the syslog_facility line and set:
>>> syslog_prefix: cyrus
>> Has no effect: present or not, or changed to test.
>>> And in /etc/rsyslog.conf:
>>> mail.* -/var/log/maillog
>> Has always been in my rsyslog.conf
>>>
>>> Restart rsyslog and check logs for cyrus/something ...
>>
>> # /etc/init.d/rsyslog restart
>>
>> # service sendmail restart
>>
>> Now when I connect (from another host) using Thunderbird Mail I see in
>> /etc/maillog:
>>
>> Nov 30 13:01:02 dell2600-1 sendmail[9865]: NOQUEUE: stopping daemon,
>> reason=signal
>> Nov 30 13:01:02 dell2600-1 sendmail[9950]: starting daemon (8.14.4):
>> SMTP+queueing@01:00:00
>> Nov 30 13:01:02 dell2600-1 sendmail[9950]: STARTTLS: CRLFile missing
>> Nov 30 13:01:03 dell2600-1 sendmail[9950]: STARTTLS=server,
>> Diffie-Hellman init, key=1024 bit (1)
>> Nov 30 13:01:03 dell2600-1 sendmail[9950]: STARTTLS=server, init=1
>> Nov 30 13:01:03 dell2600-1 sendmail[9950]: started as:
>> /usr/sbin/sendmail -bd -q1h
>> Nov 30 13:01:03 dell2600-1 sm-msp-queue[9960]: starting daemon (8.14.4):
>> queueing@01:00:00
>> Nov 30 13:01:26 dell2600-1 cyrus/imaps[8645]: USAGE
>> b...@bradcan.homelinux.com user: 0.141978 sys: 0.087986
>> Nov 30 13:05:59 dell2600-1 cyrus/imaps[8743]: starttls: TLSv1.2 with
>> cipher AES128-SHA (128/128 bits new) no authentication
>> Nov 30 13:05:59 dell2600-1 cyrus/imaps[8743]: login: [192.168.0.6]
>> b...@bradcan.homelinux.com CRAM-MD5+TLS User logged in
>> SESSIONID=
>> Nov 30 13:05:59 dell2600-1 cyrus/imaps[8743]: client id: "name"
>> "Thunderbird" "version" "60.2.1"
>>
>> Hum.. cyrus/imaps sends logging to /etc/maillog
>>
>> I think it is absolutely clear:
>>
>> 1 - where cyrus syslog goes to is a red herring. It goes to, and has
>> always gone to /var/maillog. It is simply that the prefix 'cyrus' only
>> appears for cyrus imap transactions and other sendmail is labeled
>> 'sendmail'
>>
>> 2 - imapd is working fine: allows brad.bradcan.homelinux.com to connect
>> an email client. Also to move email from one mailbox to another. The
>> proof is that since enabling telemetry logging
>> /var/lib/imap/log/b...@bradcan.homelinux.com/ reflects imap
>> transactions.
>>
>> 3 - A problem remains with LMTP. as is clearly evident from 'User
>> unknown' appearing in maillog.
>>
>> My original question remains: How do I diagnose this when a test email
>> is sent to b...@bradcan.homelinux.com :
>>
>> Nov 30 12:59:48 dell2600-1 sendmail[9882]: wAUCxmBS009882:
>> to=b...@bradcan.homelinux.com, delay=00:00:00, xdelay=00:00:00,
>> mailer=cyrusv2, pri=32701, relay=localhost [[UNIX:
>> /var/lib/imap/socket/lmtp]], dsn=5.1.1, stat=User unknown
>
>
> I think why people are concentrating on the logging is that there
> should be lmtp entries in your logs to indicate what the issue is. Are
> there any lmtp entries in either /etc/maillog or /var/log/maillog ?
The only lmtp entries are the one shown above.
I do # cat /var/log/maillog | grep lmtp
Nov 30 12:59:48 dell2600-1 sendmail[9882]: wAUCxmBR009882:
to=, delay=00:00:00, xdelay=00:00:00,
mailer=cyrusv2, pri=31677, relay=localhost [[UNIX:
/var/lib/imap/socket/lmtp]], dsn=5.1.1, stat=User unknown
>
>
> Another option is to limit lmtpd to one process and strace it.
If I do:
[root@dell2600-1 brad]# ps -A | grep lmtp
10146 ? 00:00:00 lmtpd
[root@dell2600-1 brad]# strace -p 10146
Process 10146 attached
accept(4, 0, NULL) = 11
fcntl64(10, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 0
write(3, "\2\0\0\0\242'\
Re: suddenly 'User unknown'?
Javier On 30/11/2018 11:49, Javier Angulo wrote: > On 11/29/18 8:00 PM, Charles Bradshaw via Info-cyrus wrote: >> Now you tell me is cyrus syslog being sent to /var/log/maillog? Or >> should it be going to /var/imapd.log as the configuration files, man >> pages and cyrus installation guides ( found here: >> https://www.cyrusimap.org/imap/installing.html ) say it should? > I believe there is no "syslog_facility:" option in cyrus 2.4 (at least I > was unable to find it). You can configure it in cyrus3 and maybe in > cyrus 2.5. I removed syslog_facility from imapd.conf > So in /etc/imapd.conf I would remove the syslog_facility line and set: > syslog_prefix: cyrus Has no effect: present or not, or changed to test. > And in /etc/rsyslog.conf: > mail.* -/var/log/maillog Has always been in my rsyslog.conf > > Restart rsyslog and check logs for cyrus/something ... # /etc/init.d/rsyslog restart # service sendmail restart Now when I connect (from another host) using Thunderbird Mail I see in /etc/maillog: Nov 30 13:01:02 dell2600-1 sendmail[9865]: NOQUEUE: stopping daemon, reason=signal Nov 30 13:01:02 dell2600-1 sendmail[9950]: starting daemon (8.14.4): SMTP+queueing@01:00:00 Nov 30 13:01:02 dell2600-1 sendmail[9950]: STARTTLS: CRLFile missing Nov 30 13:01:03 dell2600-1 sendmail[9950]: STARTTLS=server, Diffie-Hellman init, key=1024 bit (1) Nov 30 13:01:03 dell2600-1 sendmail[9950]: STARTTLS=server, init=1 Nov 30 13:01:03 dell2600-1 sendmail[9950]: started as: /usr/sbin/sendmail -bd -q1h Nov 30 13:01:03 dell2600-1 sm-msp-queue[9960]: starting daemon (8.14.4): queueing@01:00:00 Nov 30 13:01:26 dell2600-1 cyrus/imaps[8645]: USAGE b...@bradcan.homelinux.com user: 0.141978 sys: 0.087986 Nov 30 13:05:59 dell2600-1 cyrus/imaps[8743]: starttls: TLSv1.2 with cipher AES128-SHA (128/128 bits new) no authentication Nov 30 13:05:59 dell2600-1 cyrus/imaps[8743]: login: [192.168.0.6] b...@bradcan.homelinux.com CRAM-MD5+TLS User logged in SESSIONID= Nov 30 13:05:59 dell2600-1 cyrus/imaps[8743]: client id: "name" "Thunderbird" "version" "60.2.1" Hum.. cyrus/imaps sends logging to /etc/maillog I think it is absolutely clear: 1 - where cyrus syslog goes to is a red herring. It goes to, and has always gone to /var/maillog. It is simply that the prefix 'cyrus' only appears for cyrus imap transactions and other sendmail is labeled 'sendmail' 2 - imapd is working fine: allows brad.bradcan.homelinux.com to connect an email client. Also to move email from one mailbox to another. The proof is that since enabling telemetry logging /var/lib/imap/log/b...@bradcan.homelinux.com/ reflects imap transactions. 3 - A problem remains with LMTP. as is clearly evident from 'User unknown' appearing in maillog. My original question remains: How do I diagnose this when a test email is sent to b...@bradcan.homelinux.com : Nov 30 12:59:48 dell2600-1 sendmail[9882]: wAUCxmBS009882: to=b...@bradcan.homelinux.com, delay=00:00:00, xdelay=00:00:00, mailer=cyrusv2, pri=32701, relay=localhost [[UNIX: /var/lib/imap/socket/lmtp]], dsn=5.1.1, stat=User unknown Thanks for your patience. > > Cheers > > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: suddenly 'User unknown'?
Brian On 29/11/2018 19:34, Shaw, Brian wrote: > It looks like you may have some type of disk permissions issue. > > Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070: Losing > ./qfwATIapgq005070: savemail panic > Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070: SYSERR(root): > savemail: cannot save rejected email anywhere > > This may be the cause of your "user unknown" error. Either way, you > shouldn't have errors like this. Nice idea but not true. The above lines follow from 'User unknown' because /etc/aliases contains: postmaster: root root: b...@bradcan.homelinux.com So in event that b...@bradcan.homelinux.com is unknown then so is root and postmaster. Therefore: 'savemail: cannot save rejected email anywhere' is to be expected. > > Brian > > On 2018-11-29 2:00 pm, Charles Bradshaw via Info-cyrus wrote: >> Simon >> >> My original post contained a dump of /var/log/maillog, butwas asked by >> Dan "what does cyrus syslog say" so assumed there should be some more >> log messages somewhere. >> >> For the record I do: Clear /var/log/maillog then send a test email from >> the command line. Then /var/log/maillog contains: >> >> Nov 29 18:36:51 dell2600-1 sendmail[5067]: wATIapoE005067: from=brad, >> size=44, class=0, nrcpts=1, >> msgid=<201811291836.watiapoe005...@bradcan.homelinux.com>, >> relay=brad@localhost >> Nov 29 18:36:51 dell2600-1 sendmail[5068]: NOQUEUE: connect from >> localhost.localdomain [127.0.0.1] >> Nov 29 18:36:51 dell2600-1 sendmail[5068]: AUTH: available mech=CRAM-MD5 >> DIGEST-MD5, allowed mech=EXTERNAL DIGEST-MD5 CRAM-MD5 >> Nov 29 18:36:51 dell2600-1 sendmail[5068]: wATIapgq005068: Milter: no >> active filter >> Nov 29 18:36:51 dell2600-1 sendmail[5068]: STARTTLS=server, >> relay=localhost.localdomain [127.0.0.1], version=TLSv1/SSLv3, verify=NO, >> cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256 >> Nov 29 18:36:51 dell2600-1 sendmail[5068]: STARTTLS=server, >> cert-subject=, cert-issuer=, verifymsg=ok >> Nov 29 18:36:51 dell2600-1 sendmail[5068]: AUTH: available mech=CRAM-MD5 >> DIGEST-MD5, allowed mech=EXTERNAL DIGEST-MD5 CRAM-MD5 >> Nov 29 18:36:51 dell2600-1 sendmail[5067]: STARTTLS=client, >> relay=[127.0.0.1], version=TLSv1/SSLv3, verify=FAIL, >> cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256 >> Nov 29 18:36:51 dell2600-1 sendmail[5068]: ruleset=trust_auth, >> arg1=b...@bradcan.homelinux.com, relay=localhost.localdomain >> [127.0.0.1], reject=550 5.7.1 ... not >> authenticated >> Nov 29 18:36:51 dell2600-1 sendmail[5068]: wATIapgr005068: >> from=, size=358, class=0, nrcpts=1, >> msgid=<201811291836.watiapoe005...@bradcan.homelinux.com>, proto=ESMTP, >> daemon=MTA, relay=localhost.localdomain [127.0.0.1] >> Nov 29 18:36:51 dell2600-1 sendmail[5070]: AUTH=client, relay=localhost, >> mech=, bits=0 >> Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgr005068: >> to=, delay=00:00:00, xdelay=00:00:00, >> mailer=cyrusv2, pri=120358, relay=localhost, dsn=5.1.1, stat=User >> unknown >> Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgr005068: >> wATIapgq005070: DSN: User unknown >> Nov 29 18:36:51 dell2600-1 sendmail[5067]: wATIapoE005067: >> to=b...@bradcan.homelinux.com, ctladdr=brad (500/500), delay=00:00:00, >> xdelay=00:00:00, mailer=relay, pri=30044, relay=[127.0.0.1] [127.0.0.1], >> dsn=2.0.0, stat=Sent (wATIapgr005068 Message accepted for delivery) >> Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070: >> to=, delay=00:00:00, xdelay=00:00:00, >> mailer=cyrusv2, pri=31677, relay=localhost [[UNIX: >> /var/lib/imap/socket/lmtp]], dsn=5.1.1, stat=User unknown >> >> NOTE: The following is to be expected because both root and postmaster >> are aliased to b...@bradcan.homelinux.com >> >> Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070: alias >> MAILER-DAEMON => postmaster >> Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070: alias >> postmaster => root >> Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070: alias root => >> b...@bradcan.homelinux.com >> Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070: alias >> postmaster => root >> Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070: alias root => >> b...@bradcan.homelinux.com >> Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070: >> wATIapgr005070: return to sender: User unknown >> Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgr005070: >> to=b...@bradcan.homelinux.com, delay=00:00:00, xdelay=00:00:00, >> mai
suddenly 'User unknown'?
On 29/11/2018 15:32, Dan White wrote: > Do you otherwise see log entries for an imap connection? Where would I find these? Other than in /etc/imapd.log > > Is there a permissions problem on the lmtpunix mux > (/var/lib/imap/socket/lmtp)? Your syslog entry seems to indicate it is > communicating with cyrus, but perhaps I'm misreading it. # ls -lA /var/lib/imap/socket/lmtp srwxrwxrwx. 1 root root 0 Nov 29 14:38 /var/lib/imap/socket/lmtp > > Look up telemetry logging, and lmtptest for other ways to verify your > cyrus > config. You may need to temporarily enable lmtp on a TCP port to test. I did: [root@dell2600-1 brad]# ls -l /var/lib/imap/log total 0 [root@dell2600-1 brad]# mkdir /var/lib/imap/log/b...@bradcan.homelinux.com [root@dell2600-1 brad]# chown cyrus /var/lib/imap/log/b...@bradcan.homelinux.com [root@dell2600-1 brad]# ls -l /var/lib/imap/log/ total 4 drwxr-xr-x. 2 cyrus root 4096 Nov 29 16:51 b...@bradcan.homelinux.com then re-connect from another client on the network using Thunderbird Mail. I then see: [root@dell2600-1 brad]# ls -l /var/lib/imap/log/b...@bradcan.homelinux.com total 52 -rw---. 1 cyrus mail 25990 Nov 29 16:59 imaps-4288 -rw---. 1 cyrus mail 21539 Nov 29 17:07 imaps-4646 I think that's as expected? I looked at # man lmtptest, but I don't begin to understand! Not surprising since lmtptest seems to be a debugging tool for developers, which I definitely ain't :-( Perhaps you would be kind enough to post the specific lmtptest command I should use and the expected result. > > On 11/29/18 15:25 +, Charles Bradshaw wrote: >> I have, and have always had, an empty /var/log/imapd.log so I'm not >> going to make progress until I fix that. >> >> In n /etc/rsyslog.conf >> >> # cyrus imapd >> #local6.* /var/log/imapd.log - tried this >> first. >> local6.debug /var/log/imapd.log >> auth.debug /var/log/auth.log >> >> and in /etc/imapd.conf >> >> syslog_prefix: cyrus >> syslog_facility: LOCAL6 >> >> If I remove the file /etc/imapd.log then >> >> # /etc/init.d/rsyslog restart >> >> # logger local6.debug 'test log message' >> >> # cat /var/log/imapd.log >> >> Nov 29 15:06:42 dell2600-1 brad: test log message >> >> Obviously syslog is working local6. But still no messages from cyrus! >> Therefor I'm now stuck with this secondary problem. >> >> I have followed the cyrus instructions as best I can, but no go. I say >> again this has all worked for years, albeit with an always empty >> imapd.log >> >> There must be some missing cyrus syslog configuration. > >> On 29/11/2018 14:39, Dan White wrote: >>> On 11/29/18 00:46 +, Charles Bradshaw wrote: >>>>>> Nov 27 15:18:36 dell2600-1 sendmail[4801]: wARFIavg004801: >>>>>> to=, delay=00:00:00, xdelay=00:00:00, >>>>>> mailer=cyrusv2, pri=31677, relay=localhost [[UNIX: >>>>>> /var/lib/imap/socket/lmtp]], dsn=5.1.1, stat=User unknown Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: suddenly 'User unknown'?
going to make progress until I fix that. >> >> In n /etc/rsyslog.conf >> >> # cyrus imapd >> #local6.* /var/log/imapd.log - tried this >> first. >> local6.debug /var/log/imapd.log >> auth.debug /var/log/auth.log >> >> and in /etc/imapd.conf >> >> syslog_prefix: cyrus >> syslog_facility: LOCAL6 >> >> If I remove the file /etc/imapd.log then >> >> # /etc/init.d/rsyslog restart >> >> # logger local6.debug 'test log message' >> >> # cat /var/log/imapd.log >> >> Nov 29 15:06:42 dell2600-1 brad: test log message >> >> Obviously syslog is working local6. But still no messages from cyrus! >> Therefor I'm now stuck with this secondary problem. >> >> I have followed the cyrus instructions as best I can, but no go. I say >> again this has all worked for years, albeit with an always empty imapd.log >> >> There must be some missing cyrus syslog configuration. > From README.RPM in the cyrus-imapd package: > 12) Check your syslog configuration. This RPM uses the mail facility to log > messages. On busy sites you may want to limit the mail facility to the > info priority with something like 'mail.info/var/log/maillog' in > /etc/syslog.conf. > > So, I guess your cyrus-imapd messages go to /var/log/maillog then, not? > > Regards, > Simon > Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: suddenly 'User unknown'?
Dan I have, and have always had, an empty /var/log/imapd.log so I'm not going to make progress until I fix that. In n /etc/rsyslog.conf # cyrus imapd #local6.* /var/log/imapd.log - tried this first. local6.debug /var/log/imapd.log auth.debug /var/log/auth.log and in /etc/imapd.conf syslog_prefix: cyrus syslog_facility: LOCAL6 If I remove the file /etc/imapd.log then # /etc/init.d/rsyslog restart # logger local6.debug 'test log message' # cat /var/log/imapd.log Nov 29 15:06:42 dell2600-1 brad: test log message Obviously syslog is working local6. But still no messages from cyrus! Therefor I'm now stuck with this secondary problem. I have followed the cyrus instructions as best I can, but no go. I say again this has all worked for years, albeit with an always empty imapd.log There must be some missing cyrus syslog configuration. On 29/11/2018 14:39, Dan White wrote: > On 11/29/18 00:46 +, Charles Bradshaw wrote: >> >> lm user/b...@bradcan.homelinux.com >> user/b...@bradcan.homelinux.com (\HasChildren) >> >> and the directory >> /var/spool/imap/domain/b/bradcan.homelinux.com/b/user/brad exists and is >> intact. > >> Perhaps I should change my rsyslog configuration. >> https://cyrusimap.org/imap/installing.html has some alternative >> instructions. >> >> Will the following be more helpful? >> >> |local6.* /var/log/imapd.log| >> >> |auth.debug /var/log/auth.log| > > Yes that should hopefully get you something useful from Cyrus to work > with. > Some OS packages, like Debian, modifiy the syslog facility, so you may > need > to consult your system documentation if that doesn't give appropriate > output. > >> On 28/11/2018 16:12, Dan White wrote: >>> On 11/28/18 15:21 +, Charles Bradshaw via Info-cyrus wrote: >>>> My tests while logged in to the server as brad: >>>> >>>> Nov 27 15:18:36 dell2600-1 sendmail[4801]: wARFIavg004801: >>>> to=, delay=00:00:00, xdelay=00:00:00, >>>> mailer=cyrusv2, pri=31677, relay=localhost [[UNIX: >>>> /var/lib/imap/socket/lmtp]], dsn=5.1.1, stat=User unknown >>> >>> What do your cyrus syslog entries say? >>> >>> Does the output of 'lm' look correct? >>> >>>> and /etc/imapd.conf >>>> [root@dell2600-1 brad]# cat /etc/imapd.conf >>>> configdirectory: /var/lib/imap >>>> partition-default: /var/spool/imap >>>> admins: cyrus >>>> sievedir: /var/lib/imap/sieve >>>> sendmail: /usr/sbin/sendmail >>>> hashimapspool: true >>>> sasl_pwcheck_method: auxprop >>>> # >>>> sasl_auxprop_plugin:sql >>>> # >>>> allowplaintext: no >>>> unixhierarchysep: yes >>>> virtdomains: userid Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: suddenly 'User unknown'?
Hi Dan, thanks for the prompt reply. Not sure if I should reply to the list or direct to you. lm user/b...@bradcan.homelinux.com user/b...@bradcan.homelinux.com (\HasChildren) and the directory /var/spool/imap/domain/b/bradcan.homelinux.com/b/user/brad exists and is intact. Sorry I don't I'm not sure about cyrus syslog configuration: I have this in rsyslog.conf: # cyrus imapd auth.* /var/log/auth.log So I assume auth.log has the log entries you ask for. Here it is: Nov 25 11:40:07 dell2600-1 sendmail[4274]: sql auxprop plugin using mysql engine Nov 25 11:42:23 dell2600-1 sendmail[4296]: sql freeing memory Nov 25 11:43:17 dell2600-1 sendmail[4340]: sql auxprop plugin using mysql engine Nov 25 11:49:28 dell2600-1 sendmail[4372]: sql freeing memory Nov 25 11:58:25 dell2600-1 sendmail[3760]: sql auxprop plugin using mysql engine Nov 25 11:58:36 dell2600-1 sendmail[4073]: sql freeing memory Nov 25 12:00:31 dell2600-1 sendmail[4145]: sql freeing memory Nov 25 12:05:43 dell2600-1 sendmail[4200]: sql freeing memory Nov 25 12:10:54 dell2600-1 sendmail[4250]: sql freeing memory Nov 25 14:33:32 dell2600-1 seahorse-daemon[4850]: DNS-SD initialization failed: Daemon not running Nov 25 14:33:32 dell2600-1 seahorse-daemon[4850]: init gpgme version 1.1.8 Nov 25 14:45:04 dell2600-1 gnome-keyring-daemon[4848]: dbus failure unregistering from session: Connection is closed Nov 26 11:39:21 dell2600-1 seahorse-daemon[10052]: DNS-SD initialization failed: Daemon not running Nov 26 11:39:21 dell2600-1 seahorse-daemon[10052]: init gpgme version 1.1.8 Nov 26 13:23:09 dell2600-1 sendmail[10809]: sql auxprop plugin using mysql engine Nov 26 13:31:51 dell2600-1 gnome-keyring-daemon[10049]: GVFS-RemoteVolumeMonitor: Owner :1.31 of volume monitor org.gtk.Private.GduVolumeMonitor disconnected from the bus; removing drives/volumes/mounts Nov 26 13:34:27 dell2600-1 sendmail[3741]: sql auxprop plugin using mysql engine Nov 26 13:34:40 dell2600-1 sendmail[4049]: sql freeing memory Nov 26 15:12:20 dell2600-1 sendmail[4601]: sql auxprop plugin using mysql engine Nov 27 12:18:06 dell2600-1 sendmail[4602]: sql auxprop plugin using mysql engine Nov 27 13:12:15 dell2600-1 sendmail[3750]: sql auxprop plugin using mysql engine Nov 27 13:12:22 dell2600-1 sendmail[3837]: sql freeing memory Nov 27 13:12:30 dell2600-1 sendmail[3986]: sql freeing memory Nov 27 13:32:41 dell2600-1 sendmail[4240]: sql freeing memory Nov 27 13:47:29 dell2600-1 sendmail[4292]: sql freeing memory Nov 27 13:50:19 dell2600-1 sendmail[4307]: sql freeing memory Nov 27 13:51:06 dell2600-1 sendmail[4315]: sql freeing memory Nov 27 15:50:03 dell2600-1 sendmail[4971]: sql freeing memory Nov 27 18:28:08 dell2600-1 sendmail[5493]: sql freeing memory Nov 27 22:55:05 dell2600-1 sendmail[6234]: sql freeing memory Nov 27 22:58:00 dell2600-1 sendmail[6244]: sql freeing memory Nov 27 23:34:53 dell2600-1 sendmail[6352]: sql freeing memory Nov 28 00:01:47 dell2600-1 sendmail[6446]: sql freeing memory Nov 28 01:05:00 dell2600-1 sendmail[6612]: sql freeing memory Nov 28 03:09:05 dell2600-1 sendmail[6943]: sql freeing memory Nov 28 13:10:49 dell2600-1 perl: DIGEST-MD5 client step 2 Nov 28 13:12:44 dell2600-1 perl: DIGEST-MD5 client step 3 Nov 28 14:45:18 dell2600-1 perl: DIGEST-MD5 client step 2 Nov 28 14:45:48 dell2600-1 perl: DIGEST-MD5 client step 3 Nov 28 15:03:30 dell2600-1 perl: DIGEST-MD5 client step 2 Nov 28 15:03:58 dell2600-1 perl: DIGEST-MD5 client step 3 Nov 28 15:16:15 dell2600-1 sendmail[9878]: sql freeing memory Nov 28 23:38:15 dell2600-1 perl: DIGEST-MD5 client step 2 Nov 28 23:38:35 dell2600-1 perl: DIGEST-MD5 client step 3 Perhaps I should change my rsyslog configuration. https://cyrusimap.org/imap/installing.html has some alternative instructions. Will the following be more helpful? |local6.* /var/log/imapd.log| |auth.debug /var/log/auth.log| On 28/11/2018 16:12, Dan White wrote: > On 11/28/18 15:21 +, Charles Bradshaw via Info-cyrus wrote: >> My tests while logged in to the server as brad: >> >> [root@dell2600-1 brad]# cat /var/log/maillog >> Nov 27 15:18:35 dell2600-1 sendmail[4798]: wARFIZXZ004798: from=brad, >> size=44, class=0, nrcpts=1, >> msgid=<201811271518.warfizxz004...@bradcan.homelinux.com>, >> relay=brad@localhost >> Nov 27 15:18:35 dell2600-1 sendmail[4799]: wARFIZvh004799: >> from=, size=358, class=0, nrcpts=1, >> msgid=<201811271518.warfizxz004...@bradcan.homelinux.com>, >> proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1] >> Nov 27 15:18:36 dell2600-1 sendmail[4798]: wARFIZXZ004798: >> to=b...@bradcan.homelinux.com, ctladdr=brad (500/500), >> delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30044, >> relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (wARFIZvh004799 >> Message accepted for delivery) >> >> Nov 27 15:18:36 d
suddenly 'User unknown'?
# do not delete this entry!
recover cmd="ctl_cyrusdb -r"
# this is only necessary if using idled for IMAP IDLE
idled cmd="idled"
}
# UNIX sockets start with a slash and are put into /var/lib/imap/sockets
SERVICES {
# add or remove based on preferences
imap cmd="imapd" listen="imap" prefork=5
imaps cmd="imapd -s" listen="imaps" prefork=1
pop3 cmd="pop3d" listen="pop3" prefork=3
pop3s cmd="pop3d -s" listen="pop3s" prefork=1
sieve cmd="timsieved" listen="sieve" prefork=0
# these are only necessary if receiving/exporting usenet via NNTP
# nntp cmd="nntpd" listen="nntp" prefork=3
# nntpscmd="nntpd -s" listen="nntps" prefork=1
# at least one LMTP is required for delivery
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1
# this is only necessary if using notifications
# notify cmd="notifyd" listen="/var/lib/imap/socket/notify" proto="udp"
prefork=1
}
EVENTS {
# this is required
checkpointcmd="ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery suppression,
# Sieve or NNTP
delprune cmd="cyr_expire -D 7 -E 3 -X 7" at=0400
# this is only necessary if caching TLS sessions
tlsprune cmd="tls_prune" at=0400
}
and /etc/imapd.conf
[root@dell2600-1 brad]# cat /etc/imapd.conf
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: auxprop
sasl_mech_list: DIGEST-MD5 CRAM-MD5
#
sasl_auxprop_plugin:sql
sasl_sql_engine:mysql
sasl_sql_hostnames:127.0.0.1:3306
sasl_sql_user:mail
sasl_sql_passwd:qy19pbV63
sasl_sql_database:mail
sasl_sql_select:SELECT pwd('%u','%r');
#
allowplaintext: no
unixhierarchysep: yes
virtdomains: userid
#
tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
tls_cipher_list: TLSv1:SSLv3:!NULL:!EXPORT:!DES:!LOW:@STRENGTH
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: tls-1.0 and cyrus-imaps-3.0.8
On Mon, November 26, 2018 10:28, Ken Murchison wrote: > I can't reproduce your issue and I don't see where the sslscan output > states that TLS1.0 is being advertised. Can you actually connect > using TLS1.0 protocol? > No, we cannot. I will pass the results of our test to the powers thast be and see what their reply is. Thank you, that was most helpful advice. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
tls-1.0 and cyrus-imaps-3.0.8
We have this setting in imapd.conf: tls_versions: tls1_1 tls1_2 tls1_3 tls_prefer_server_ciphers: 1 tls_ciphers:HIGH:!aNULL:!MD5:!RC4 We have received notice that port 993 on our IMAP service supports TLS-1.0. When we run sslscan we get this result: # sslscan 216.185.71.17:993 Version: 1.11.11 OpenSSL 1.0.2-chacha (1.0.2k-dev) Connected to 216.185.71.17 Testing SSL server 216.185.71.17 on port 993 using SNI name 216.185.71.17 TLS Fallback SCSV: Server supports TLS Fallback SCSV TLS renegotiation: Session renegotiation not supported TLS Compression: Compression disabled Heartbleed: TLS 1.2 not vulnerable to heartbleed TLS 1.1 not vulnerable to heartbleed TLS 1.0 not vulnerable to heartbleed Supported Server Cipher(s): Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256 Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256 Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256 Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHADHE 2048 bits Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits Accepted TLSv1.2 256 bits AES256-GCM-SHA384 Accepted TLSv1.2 256 bits AES256-SHA256 Accepted TLSv1.2 256 bits AES256-SHA Accepted TLSv1.2 256 bits CAMELLIA256-SHA Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256 Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256 Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256 Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHADHE 2048 bits Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits Accepted TLSv1.2 128 bits AES128-GCM-SHA256 Accepted TLSv1.2 128 bits AES128-SHA256 Accepted TLSv1.2 128 bits AES128-SHA Accepted TLSv1.2 128 bits CAMELLIA128-SHA Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256 Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHADHE 2048 bits Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits Accepted TLSv1.1 256 bits AES256-SHA Accepted TLSv1.1 256 bits CAMELLIA256-SHA Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256 Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHADHE 2048 bits Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits Accepted TLSv1.1 128 bits AES128-SHA Accepted TLSv1.1 128 bits CAMELLIA128-SHA SSL Certificate: Signature Algorithm: sha512WithRSAEncryption RSA Key Strength:4096 Subject: imap.harte-lyne.ca Yes, I realise that the ciphers we use are all TLS-1.1 and above. Nonetheless cyrus-imapd seems to be telling connections that TLS-1.0 is available and this is causing us a headache with PCI. How do we turn off tls-1.0 in cyrus-imapd-3.0.8? -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
TLSv1.0
We have been informed that our mail server may no longer employ TLSv1.0. Only TLSv1.1 and higher are now approved. I attempted to implement this with the following change to imapd.conf: tls_versions: tls1_2 tls1_3 However restarting imapd does not seem to eliminate TLSv1.0. # sslscan 216.185.71.17:993 Version: 1.11.11 OpenSSL 1.0.2-chacha (1.0.2k-dev) Connected to 216.185.71.17 Testing SSL server 216.185.71.17 on port 993 using SNI name 216.185.71.17 TLS Fallback SCSV: Server supports TLS Fallback SCSV TLS renegotiation: Session renegotiation not supported TLS Compression: Compression disabled Heartbleed: TLS 1.2 not vulnerable to heartbleed TLS 1.1 not vulnerable to heartbleed TLS 1.0 not vulnerable to heartbleed <<=== Supported Server Cipher(s): How do I eliminate TLSv1.0? -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
IMAP-3.0.8 and Diffie-Hellman
I would like someone to explain to me how the diffie-hellman parameters are adjusted for cyrus-imap. Unlike Postfix, there does not seem to be a separate setting in imapd.conf for a DH parameter file. At least, I cannot find documentation respecting such a thing. The only information I have gleaned is that it may be necessary to append the DHParm file to the private key of the imap server. That seems to be a rather inelegant way of doings but, if that is the only way to do so then I need that confirmed. If not, then I would very much appreciate being told how else to accomplish it. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: [SOLVED] Re: ipurge difficulties
On Wed, November 21, 2018 10:20, James B. Byrne via Info-cyrus wrote: > > We had previously used the '.' as the separator. Our current settings > are: > > > /usr/local/etc/imapd.conf:unixhierarchysep: true > /usr/local/etc/imapd.conf:altnamespace: true > Change altnamespace/no to false or Options -> Folder Preferences and choose the Trash, Drafts, and Sent folders again. Changing the IMAP name space mid-stream confuses some/many IMAP clients. Mail on Apple thinghies will not recover without deleting the account on the device and creating it again. Don't ask how I know this. :( John Capo Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: [SOLVED] Re: ipurge difficulties
On Wed, November 21, 2018 09:33, Javier Angulo wrote: > > > On 11/21/18 2:38 PM, James B. Byrne via Info-cyrus wrote: >> >> >> On Wed, November 21, 2018 03:25, Javier Angulo wrote: >>> >>> Probably you have to use a '.' instead of '^' >>> >>> try: >>> # sudo -u cyrus /usr/local/cyrus/sbin/ipurge -v -f -d 35 >>> 'user/*/INBOX.Trash' >>> >> >> Thank you. That was it exactly. >> >> My next question is: Why did the conversion to imap3 ignore users' >> existing Trash folder and create a new folder named INBOX^Trash for >> everyone; and likewise with Drafts and Sent? >> > > > mmm we have upgraded quite a few mailboxes and never had that thing. > Just speculating but could be related to new defaults > > unixhierarchysep: on > altnamespace: on > > We had both on before upgrading. > We had previously used the '.' as the separator. Our current settings are: /usr/local/etc/imapd.conf:unixhierarchysep: true /usr/local/etc/imapd.conf:altnamespace: true Before the purge this mailbox folder was displayed in my webmail application (Squirrelmail) as INBOX^Trash, which is why I choose that construction for the ipurge command. However, following the successful purge run of ipurge INBOX.Trash the mailbox now displays as INBOX.Trash. What is equally curious is that there exists a folder simply named Trash, which was used as the trash folder by the previous version of IMAP and which was replaced by INBOX^Trash by some part of the upgrade process. It is certain that these changes (Trash -> INBOX^Trash, Sent -> INBOX^Sent, Drafts -> INBOX^Drafts) were not consciously made and they affected all users. And, yes, I did follow the published upgrade procedures to the best of my understanding. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
[SOLVED] Re: ipurge difficulties
On Wed, November 21, 2018 03:25, Javier Angulo wrote: > > On 11/20/18 3:29 PM, James B. Byrne via Info-cyrus wrote: >> # sudo -u cyrus /usr/local/cyrus/sbin/ipurge -v -f -d 35 >> 'user/x/INBOX^Trash' >> # echo $? >> 0 >> >> What is happening here? > > Probably you have to use a '.' instead of '^' > > try: > # sudo -u cyrus /usr/local/cyrus/sbin/ipurge -v -f -d 35 > 'user/*/INBOX.Trash' > Thank you. That was it exactly. My next question is: Why did the conversion to imap3 ignore users' existing Trash folder and create a new folder named INBOX^Trash for everyone; and likewise with Drafts and Sent? -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
ipurge difficulties
Having recently switched our mail service over to IMAPv3 I have a nagging doubt that the ipurge commands in our cyrus.conf file are not working as I anticipate. For example, my Trash folder does not seem to have been emptied since the conversion: find '/var/spool/imap/x/user/x/INBOX^Trash' -mtime +36d | wc -l 11367 # sudo -u cyrus /usr/local/cyrus/sbin/ipurge -v -f -d 35 'user/*/INBOX^Trash' # echo $? 0 # sudo -u cyrus /usr/local/cyrus/sbin/ipurge -v -f -d 35 'user/x/INBOX^Trash' # echo $? 0 What is happening here? -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Quotas
Cyrus-IMAPD-3.0.7 on FreeBSD-11.2p4 We have users who, having deleted email, evidently do not recover the quota allocated to those messages. We do not believe that we have enabled delayed deletion. All the user mailboxes previous had been upgraded using: sudo -u cyrus /usr/local/cyrus/sbin/reconstruct -f -r -G -V max user We have also run reconstruct. None-the-less some users show that they have exceeded their quota even when most of their email has been deleted. Why? -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: mac mail and murder configuration
Hi all, we have a set-up with 3 backend servers and one frontend in a murder cluster. When I move a message to a folder on another backend than the one my inbox is residing on, I get the following error : > 1 messages could not be moved to the mailbox “Shared > Folders.RunningProjects.BLAH.Archive” > > An error occurred while moving messages to mailbox “”. Although the file has been moved In the Mail.app log files I see everything should be ok : > WROTE(encrypted) Oct 04 17:12:19.852 [kCFStreamSocketSecurityLevelNone] -- > host:imap.icsense.biz <http://imap.icsense.biz/> -- port:143 -- > socket:0x608a17a0 -- thread:0x6266c280 > 6840.148 UID COPY 382909 "Shared Folders.RunningProjects.BLAH.Archive" > > READ(encrypted) Oct 04 17:12:19.870 [kCFStreamSocketSecurityLevelNone] -- > host:imap.icsense.biz <http://imap.icsense.biz/> -- port:143 -- > socket:0x608a17a0 -- thread:0x6266c280 > 6840.148 OK [COPYUID 1403621845 1301] Completed > > WROTE(encrypted) Oct 04 17:12:20.004 [kCFStreamSocketSecurityLevelNone] -- > host:imap.icsense.biz <http://imap.icsense.biz/> -- port:143 -- > socket:0x608a17a0 -- thread:0x604005072580 > 6841.148 UID STORE 382909 +FLAGS.SILENT (\Deleted) > > READ(encrypted) Oct 04 17:12:20.010 [kCFStreamSocketSecurityLevelNone] -- > host:imap.icsense.biz <http://imap.icsense.biz/> -- port:143 -- > socket:0x608a17a0 -- thread:0x604005072580 > * 105 FETCH (FLAGS (\Deleted \Seen NotJunk $NotJunk) UID 382909 MODSEQ > (447695)) > 6841.148 OK Completed When doing this on a folder which resides on the same backend as my inbox. There is no error. The log files on my Mac look the same though ( at first sight ) > WROTE(encrypted) Oct 04 17:17:54.411 [kCFStreamSocketSecurityLevelNone] -- > host:imap.icsense.biz <http://imap.icsense.biz/> -- port:143 -- > socket:0x608a17a0 -- thread:0x604003c6a380 > 6980.148 UID COPY 382594 IT > > READ(encrypted) Oct 04 17:17:54.439 [kCFStreamSocketSecurityLevelNone] -- > host:imap.icsense.biz <http://imap.icsense.biz/> -- port:143 -- > socket:0x608a17a0 -- thread:0x604003c6a380 > 6980.148 OK [COPYUID 1391422263 382594 65664] Completed > > WROTE(encrypted) Oct 04 17:17:54.457 [kCFStreamSocketSecurityLevelNone] -- > host:imap.icsense.biz <http://imap.icsense.biz/> -- port:143 -- > socket:0x608a17a0 -- thread:0x604003c6a380 > 6981.148 UID STORE 382594 +FLAGS.SILENT (\Deleted) > > READ(encrypted) Oct 04 17:17:54.470 [kCFStreamSocketSecurityLevelNone] -- > host:imap.icsense.biz <http://imap.icsense.biz/> -- port:143 -- > socket:0x608a17a0 -- thread:0x604003c6a380 > * 59 FETCH (FLAGS (\Answered \Deleted \Seen NotJunk $NotJunk) UID 382594 > MODSEQ (447708)) > 6981.148 OK Completed What can be wrong ? I have the impression that this has to do with referrals. Does anyone experience the same issues ? Which settings should resolve this ? Thanks, Tim Dr. Ir. Tim Piessens CTO and Co-Founder Gaston Geenslaan 14, 3001 Leuven, Belgium Tel. +32 16 589 705 | Fax. +32 16 589 720 www.icsense.com <http://www.icsense.com/> |piess...@icsense.com <mailto:piess...@icsense.com> "The information contained in this e-mail may be confidential." <http://www.icsense.com/> Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
got it
Okay, I got it now. cyradm doesn't connect at all to imaps. no need to reply, will figure the rest myself. tnx Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
cyradm problem
Day,
I totally dislike it but I need help here.
I have postfix installed, up and running as a MTA.
I have saslauthd installed up and running and an authentication server.
I use the auxprop-sasldb2 alternative as a user/password database (and thought
this were the easiest way to get it all up before turning to the mysql option,
automating procedures, php-scripting etc)
I can do remote-logins into my server via sasl authentication.
I can do remote-logings into my (imaps) server with the aid of TLS Certificates
only.
I do not use the POP3 protocol at all.
I do not use unsecured connections at all.
Everything goes over TLS/sasl authentication/authorization.
However...
If it comes to testsaslauthd, imtest or cyradm I can't connect to
localhost.localdomain (via SSH) on my remote server or get a 'can't connect to
server' (cyradm) reply.
I'm pretty sure it's a simple configuration problem or misunderstanding of the
stack at all but I am stuck finding the needle in the haystack.
It's probably a SSH problem but I am not sure.
Inside SSH I use a certificate-based authentication too with root-logins not
allowed ('without password')
Any help is very appreciated.
Greets
Gee
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
master-master replication
n="/srv/cyrus-@@TYPE@@/socket/lmtp" prefork=1 maxfds=1024
>}
>
>EVENTS {
>@@TYPE@@checkpointcmd="ctl_cyrusdb -c -C
>/etc/imapd_@@TYPE@@.conf" period=30
>@@TYPE@@delprune cmd="cyr_expire -E 3 -X 60 -D 60 -C
>/etc/imapd_@@TYPE@@.conf" at=0100
>@@TYPE@@tlsprune cmd="tls_prune -C /etc/imapd_@@TYPE@@.conf" at=0430
>@@TYPE@@squatter cmd="squatter -C /etc/imapd_@@TYPE@@.conf -i" at=2200
>}
>
>=== Cyrus Replic ==
># cyrus_@@TYPE@@.conf
># Template MD5SUM: @@MD5SUM@@
>
>START {
>@@TYPE@@recover cmd="ctl_cyrusdb -r -C /etc/imapd_@@TYPE@@.conf"
>}
>
>SERVICES {
>@@TYPE@@syncserver cmd="sync_server -C /etc/imapd_@@TYPE@@.conf"
>listen="@@HOSTNAME@@:csync" prefork=1 maxfds=1024
>@@TYPE@@imapcmd="imapd -U 50 -C /etc/imapd_@@TYPE@@.conf"
>listen="@@HOSTNAME@@:imap" prefork=1 maxfds=1024
>}
>
>EVENTS {
>@@TYPE@@checkpointcmd="ctl_cyrusdb -c -C
>/etc/imapd_@@TYPE@@.conf" period=30
>@@TYPE@@delprune cmd="cyr_expire -E 3 -X 60 -D 60 -C
>/etc/imapd_@@TYPE@@.conf" at=0100
>}
>
>===
>
>
> Configuration for Backend/Failover Instance
># Template MD5SUM: @@MD5SUM@@
>servername: @@HOSTNAME@@
>configdirectory: /srv/cyrus-@@TYPE@@
>partition-default: /srv/cyrus-@@TYPE@@
>partition-ssd: /srv/cyrus-@@TYPE@@/ssd-part
>metapartition-ssd: /srv/cyrus-ssd-@@TYPE@@/meta/ssd-part
>metapartition_files: header index cache expunge squat annotations lock
>dav archivecache
>archivepartition-ssd: /srv/cyrus-hdd-@@TYPE@@/archive/ssd-part
>archive_enabled: 1
>proc_path: /srv/tmpfs/proc-@@TYPE@@
>mboxname_lockpath: /srv/tmpfs/lock-@@TYPE@@
>defaultpartition: ssd
>admins: XXX
>
>mupdate_server: @@MUPDATEHOSTNAME@@
>mupdate_port: 3905
>mupdate_authname: XXX
>mupdate_password: XXX
>proxy_authname: XXX
>proxy_password: XXX
>proxyservers: XXX
>
>allowallsubscribe: 1
>
>sync_host: @@SYNCHOST@@
>sync_authname: XXX
>sync_password: XXX
>sync_port: 2005
>guid_mode: sha1
>sync_log: 1
>sync_shutdown_file: /srv/cyrus-@@TYPE@@/sync/shutdown
>
>sievedir: /srv/cyrus-@@TYPE@@/sieve
>sieve_extensions: fileinto reject vacation imapflags notify include
>envelope body relational regex subaddress copy
>sieve_maxscriptsize: 150
>
>syslog_prefix: @@TYPE@@
>
>== Imapd Replic ===
># Configuration for Slave (Replica) Instance
># Template MD5SUM: @@MD5SUM@@
>servername: @@HOSTNAME@@
>configdirectory: /srv/cyrus-@@TYPE@@
>partition-default: /srv/cyrus-@@TYPE@@
>partition-ssd: /srv/cyrus-@@TYPE@@/ssd-part
>metapartition-ssd: /srv/cyrus-ssd-@@TYPE@@/meta/ssd-part
>metapartition_files: header index cache expunge squat annotations lock
>dav archivecache
>archivepartition-ssd: /srv/cyrus-hdd-@@TYPE@@/archive/ssd-part
>archive_enabled: 1
>
>proc_path: /srv/tmpfs/proc-@@TYPE@@
>mboxname_lockpath: /srv/tmpfs/lock-@@TYPE@@
>defaultpartition: ssd
>admins: XXX
>
>allowusermoves: 1
>allowallsubscribe: 1
>
>proxy_authname: XXX
>proxy_password: XXX
>proxyservers: XXX
>
>sievedir: /srv/cyrus-@@TYPE@@/sieve
>sieve_extensions: fileinto reject vacation imapflags notify include
>envelope body relational regex subaddress copy
>sieve_maxscriptsize: 150
>
>sasl_pwcheck_method: saslauthd
>sasl_mech_list: plain login
>allowanonymouslogin: no
>syslog_prefix: @@TYPE@@
>=
>
>The sync client is started as own service
>
>I hope it helps
>
>Regards
>
>Michael
>
>> Best regards.
>>
>>> Четверг, 13 сентября 2018, 13:22 +05:00 от Michael Menge
>>> < michael.me...@zdv.uni-tuebingen.de >:
>>>
>>> Hi,
>>>
>>> This setup is NOT SUPPORTED and WILL BREAK if the replication process
>>> is triggered
>>> from the wrong server (user is active on both servers, user switched
>>> from one server
>>> to the other while the sync-log file is still processed, after split
>>> brain) and
>>> some mailboxes have been subscribed, renamed created deleted.
>>>
>>> Also there is the risk of a race condition with subscriptions, if a
>>> user subscribes
>>> to multiple folders, the first will trigger a sync from A to B, but as
>>> the folder
>>> is subscribed on B it will trigger a sync from B to A, witch can
>>> undo the next
>>> folder subscription.
>>>
>>> These are only some cases that came to my mind. There will be more
>>> cases and it
>>> will be hard to debug. So DON'T DO IT!
>>>
>>> What we do is, that we have distributed our users between multiple
>>> instances, and each server is running one instance as master and one other
>>> as replic. In case of failure or maintenance we stop the master
>>> instance, and
>>> promote the corresponding replic and configure them so that they will sync
>>> them back. If the old master is up to date we switch them back.
>>>
>>> We use cyrus aggregator aka cyrus murder, and AFAIK fastmail also uses
>>> multiple
>>> instances on one server with nginx frontends
>>>
>>> Regards,
>>>
>>> Michael
>>>
>
>
>
>M.MengeTel.: (49) 7071/29-70316
>Universität Tübingen Fax.: (49) 7071/29-5912
>Zentrum für Datenverarbeitung mail:
>michael.me...@zdv.uni-tuebingen.de
>Wächterstraße 76
>72074 Tübingen
>
--
Evgeniy Kononov
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: master-master replication
Hi!
Thank you for reply.
Users can connect to only one server at a time. I move the master server to
another hardware and at this time it is necessary for users to use the mail.
If this is not a secure configuration, then can I just run "sync_client -A"
from the master server, and then switch users to a replica?
After that, swap the roles of master-replica between the servers? I'm right ?
>We use cyrus aggregator aka cyrus murder, and AFAIK fastmail also uses
>multiple
>instances on one server with nginx frontends
Can you give an example of the configuration?
Best regards.
>Четверг, 13 сентября 2018, 13:22 +05:00 от Michael Menge
>:
>
>Hi,
>
>This setup is NOT SUPPORTED and WILL BREAK if the replication process
>is triggered
>from the wrong server (user is active on both servers, user switched
>from one server
>to the other while the sync-log file is still processed, after split
>brain) and
>some mailboxes have been subscribed, renamed created deleted.
>
>Also there is the risk of a race condition with subscriptions, if a
>user subscribes
>to multiple folders, the first will trigger a sync from A to B, but as
>the folder
>is subscribed on B it will trigger a sync from B to A, witch can undo the next
>folder subscription.
>
>These are only some cases that came to my mind. There will be more
>cases and it
>will be hard to debug. So DON'T DO IT!
>
>What we do is, that we have distributed our users between multiple
>instances, and each server is running one instance as master and one other
>as replic. In case of failure or maintenance we stop the master instance, and
>promote the corresponding replic and configure them so that they will sync
>them back. If the old master is up to date we switch them back.
>
>We use cyrus aggregator aka cyrus murder, and AFAIK fastmail also uses
>multiple
>instances on one server with nginx frontends
>
>Regards,
>
>Michael
>
>
>
>
>
>Quoting Evgeniy Kononov via Info-cyrus < info-cyrus@lists.andrew.cmu.edu >:
>
>> Sorry! Previous message was sent by mistake.
>>
>> For example, I can configure both servers as follows.
>>
>> Server A.
>> -
>> /etc/cyrus.conf
>> START {
>> ...
>> syncclient cmd="sync_client -r"
>> ...
>> }
>> SERVICES {
>> ...
>> syncserver cmd="sync_server" listen="csync"
>> ...
>> }
>>
>> /etc/imapd.conf
>> ...
>> sync_host: SERVER-B
>> sync_authname: admin
>> sync_password: password
>> sync_log: 1
>> sync_repeat_interval: 30
>> sync_timeout: 600
>> sync_shutdown_file: /var/lib/imap/syncstop And the same on server B.
>> -
>> /etc/cyrus.conf
>> START {
>> ...
>> syncclient cmd="sync_client -r"
>> ...
>> }
>> SERVICES {
>> ...
>> syncserver cmd="sync_server" listen="csync"
>> ...
>> }
>>
>> /etc/imapd.conf
>> ...
>> sync_host: SERVER-A
>> sync_authname: admin
>> sync_password: password
>> sync_log: 1
>> sync_repeat_interval: 30
>> sync_timeout: 600
>> sync_shutdown_file: /var/lib/imap/syncstop
>> Both server will be as master and as slave in one time.
>>
>> Will there be any problems with this configuration?
>> Thank you. --
>> Evgeniy Kononov
>
>
>
>
>M.Menge Tel.: (49) 7071/29-70316
>Universität Tübingen Fax.: (49) 7071/29-5912
>Zentrum für Datenverarbeitung mail:
>michael.me...@zdv.uni-tuebingen.de
>Wächterstraße 76
>72074 Tübingen
>
>
>Cyrus Home Page: http://www.cyrusimap.org/
>List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>To Unsubscribe:
>https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
--
Evgeniy Kononov
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re[3]: master-master replication
Sorry! Previous message was sent by mistake.
For example, I can configure both servers as follows.
Server A.
-
/etc/cyrus.conf
START {
...
syncclient cmd="sync_client -r"
...
}
SERVICES {
...
syncserver cmd="sync_server" listen="csync"
...
}
/etc/imapd.conf
...
sync_host: SERVER-B
sync_authname: admin
sync_password: password
sync_log: 1
sync_repeat_interval: 30
sync_timeout: 600
sync_shutdown_file: /var/lib/imap/syncstop And the same on server B.
-
/etc/cyrus.conf
START {
...
syncclient cmd="sync_client -r"
...
}
SERVICES {
...
syncserver cmd="sync_server" listen="csync"
...
}
/etc/imapd.conf
...
sync_host: SERVER-A
sync_authname: admin
sync_password: password
sync_log: 1
sync_repeat_interval: 30
sync_timeout: 600
sync_shutdown_file: /var/lib/imap/syncstop
Both server will be as master and as slave in one time.
Will there be any problems with this configuration?
Thank you. --
Evgeniy Kononov
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re[2]: master-master replication
For example, on server A -- Evgeniy Kononov Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re[2]: master-master replication
wait, but if I create a folder on the master, it perfectly syncs to the replica. Also when I delete the folder on the master, it is also deleted on the replica. It means that information about subscriptions to folders is transmitted when synchronizing. but it works only if the client is the server where folder was created. then this should work in the opposite direction. I have nothing to prevent both servers from configuring syncmaster and syncclient at the same time. The only question is whether there will be a loop under such a scheme? Среда, 12 сентября 2018, 16:56 +05:00 от Bron Gondwana : >Yes! This is on our roadmap, and I really hope to land it before we release >3.2. > >The subscriptions are a particularly tricky part of it, because there's >currently no change information in the subscriptions database, but I'll make >sure that gets added so we can tell if it's a subscription add or subscription >remove! > >I'm really looking forward to proper master/master safety too :) > >Cheers, > >Bron. > >On Wed, Sep 12, 2018, at 20:10, Evgeniy Kononov via Info-cyrus wrote: >>Hello! >> >>I have two servers with cyrus-imapd >>cyrus-imapd-2.5.8-13.3.el7.centos.kolab_16.x86_64 >>One server as master and second as replica. >>All worked fine when users login on master server, but when I temporary move >>users on replica I found some trouble >>Messages synchronisation from replica to master goes fine if sync_client sees >>a mismatch on the master, but if user create folder on replica it isn't sync >>on master. >>Instead of it folder is unsubscribes from the master server and removed from >>both server >> >>grep UNSUB maillog >>Sep 10 13:31:41 master sync_client[1456]: UNSUB u...@example.com >>example.com!user.user.foldername >> >>Why is it happend ? >>When I tried manual sync from replica to master server, folder was subscribed. >>Is it possible that both servers will be master and replica in same time. >> >>Thank you. >> >>-- >>Evgeniy Kononov >> >>Cyrus Home Page: http://www.cyrusimap.org/ >>List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >>To Unsubscribe: >>https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > >-- > Bron Gondwana, CEO, FastMail Pty Ltd > br...@fastmailteam.com > > > >Cyrus Home Page: http://www.cyrusimap.org/ >List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >To Unsubscribe: >https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus -- Evgeniy Kononov Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
master-master replication
Hello! I have two servers with cyrus-imapd cyrus-imapd-2.5.8-13.3.el7.centos.kolab_16.x86_64 One server as master and second as replica. All worked fine when users login on master server, but when I temporary move users on replica I found some trouble Messages synchronisation from replica to master goes fine if sync_client sees a mismatch on the master, but if user create folder on replica it isn't sync on master. Instead of it folder is unsubscribes from the master server and removed from both server grep UNSUB maillog Sep 10 13:31:41 master sync_client[1456]: UNSUB u...@example.com example.com!user.user.foldername Why is it happend ? When I tried manual sync from replica to master server, folder was subscribed. Is it possible that both servers will be master and replica in same time. Thank you. -- Evgeniy Kononov Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Moving from single to multi-domain. Mailboxes from default domain not being the same as before
Cyrus from a distribution, your distribution may have done
this for you.
If you don't want to recompile to remove the feature, you
can control it using the autocreate_* options in imapd.conf
(see man imapd.conf.5). For example you should be able to
use "autocreate_users" to limit it only to certain LDAP
groups rather than every valid login (if that is useful to
you).
But if you set up your LDAP directory and Cyrus such that
each user only has a single "primary" email address that
they can use in Cyrus, and map delivery to aliases outside
of Cyrus, then people won't be able to login with the
"wrong" alias, and therefore autocreate won't accidentally
make new accounts for them. :)
Right now I think they can login with the "uid" only OR
with the complete mail ("mail" field)
If you still have your ldap_filter
set to "(&(objectClass=inetOrgPerson)(mail=%U@%d))"
(per your original message), then they will currently be able to
login with just the "uid" if their full "mail" address contains
the defaultdomain. This is because of how Cyrus assumes the
defaultdomain if there's no domain. If you have users whose
"mail" is one of your other domains, they will be able to login
with their full "mail" address, but not with just the "uid"
part. :)
Yeah this worked for @cinbesa but created another mailbox when
anyone tried to login with domain aliases..
If you change your defaultdomain to some nonsense value like
I suggested earlier, then everyone will need to login with their
full "mail" address, but that address can be set to any of your
real domains. This might be confusing for users who used to
just log in with "uid", but depending on the size of your
organisation, might be less confusing overall if everyone's
login is their full mail address.
Cheers,
ellie
--
Atenciosamente,
Heiler Bensimon Bemerguy - CINBESA
Analista de Redes, Wi-Fi,
Virtualização e Serviços Internet
(55) 91 98151-4894
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
[SOLVED] Cyrus IMAP-3.0.7 - listmailbox user/* does not report all mailboxes
On Mon, July 16, 2018 22:23, ellie timoney wrote: > Starting with the obvious, but did the user you login to cyradm as > have admin privileges? Are they listed in "admins:" in your > imapd.conf? > > If you logged into cyradm as a regular user, you would only see > mailboxes that your user had been granted access to... ;) > I was logged on as the cyrus administrator via sudo. However, I discovered that the problem does not really exist. What happened is that the terminal manager I was using (tmux) was helpfully only showing the first few lines returned and the last few, leaving out the vast majority of the report. I had run into tmux's extraordinary behaviour previously with output from the cat utility. But I was not expecting it to be encountered in this case. Anyway, everything WRT IMAP is as it should be and my heart rate has returned to its normally elevated state. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Moving from single to multi-domain. Mailboxes from default domain not being the same as before
Em 06/07/2018 00:10, ellie timoney escreveu:
Hi,
The "defaultdomain" is the domain that's assumed by Cyrus for
users that are uid only. Any other domain needs to be
explicitly specified in the user (this applies to login,
delivery, etc). So, if you have:
defaultdomain: foo.com
then "user" and "u...@foo.com" are the same account
(and can login using either variation), but "u...@bar.com"
is some other account and can only login as "u...@bar.com".
It's not clear to me how you wish to use the extra domains.
Do you want your existing users to be able to send/receive from
multiple different domains? (e.g. user "anne" has both email
addresses "a...@foo.com",
"a...@bar.com").
We used to have some domains that represented the same mailbox. Like
@cinbesa.com.br being the same as @belem.pa.gov.br.. but now we want
to create some other domains (while *maintaining* those we already
had), which will point to totally different mailboxes, like
@semad.belem.pa.gov.br and @sesma.belem.pa.gov.br :)
Or do you want accounts in different domains to be not
related to each other? (e.g. "a...@foo.com" and "a...@bar.com"
are
two totally different accounts)
In either case, I would think about having one LDAP attribute
(single-value, unique) to represent a user's "primary" email
address, and a separate LDAP attribute (multi-value, unique) to
represent their "aliases". You would set up Cyrus to only
consider the "primary" attribute, and then set up your SMTP
server to deliver email destined for "alias" addresses to the
"primary" address for the matching account. I believe this is a
common enough configuration that it shouldn't be hard to find
information online. I have managed (non-Cyrus) systems that
worked like this in the past, but it was a long time ago so I
can't offer much specific help.
humm. so the existing "mail" field on ldap would always contain the
@defaultdomain (as setup on cyrus), but another field for aliases
where Postfix would look up?!
As for autocreate, it is not compiled in by default, it needs
to be turned on at build time with the --enable-autocreate
argument to configure. If you installed Cyrus from a
distribution, your distribution may have done this for you.
If you don't want to recompile to remove the feature, you can
control it using the autocreate_* options in imapd.conf (see man
imapd.conf.5). For example you should be able to use
"autocreate_users" to limit it only to certain LDAP groups
rather than every valid login (if that is useful to you).
But if you set up your LDAP directory and Cyrus such that
each user only has a single "primary" email address that they
can use in Cyrus, and map delivery to aliases outside of Cyrus,
then people won't be able to login with the "wrong" alias, and
therefore autocreate won't accidentally make new accounts for
them. :)
Right now I think they can login with the "uid" only OR with the
complete mail ("mail" field)
--
Atenciosamente,
Heiler Bensimon Bemerguy - CINBESA
Analista de Redes, Wi-Fi,
Virtualização e Serviços Internet
(55) 91 98151-4894
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Cyrus IMAP-3.0.7 - listmailbox user/* does not report all mailboxes
I We recently moved our imap service from CentOS and IMAP-2.11 to FreeBSD and IMAP 3.0.7. At the time we followed the upgrade path and at the same time updated our mailboxes to the latest version: sudo -u cyrus /usr/local/cyrus/sbin/reconstruct -f -r -G -V max user/* # Reconstruct and upgrade the mailbox folders Since the conversion everything has been running fine and we have no reported problems with mailbox administration, message receipt, or anything else having to do with IMAP. However, this morning I had cause to check for the existence of a particular mailbox folder. When I logged into cyradm and ran 'listmmailbox' I only received listings for three of our users, none of which showed the entire mailbox folder tree for any of those reported. This anomaly gives me great concern. Are there any known issues with cyrus-imapd that might cause this problem? Is it necessary to run reconstruct on a regular basis? -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
