apple.mail and shared folders
Hello, I think the problem with apple mail client not displaying shared folders in the subscription list is well known ... My question is: can something be done on the cyrus side to work around its problems? Google seems to have implemented something ... -- Jure Pečar http://jure.pecar.org Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
shared folders permissions from ldap
Hello, I find myself playing with cyrus again after a few years, this time in a bit different role. I'm setting up a company internal mail system with a central point of management. I chose ldap for auth, mail routing and antispam info. Now I'm looking at shared folders and find them very useful for what I want to do. My only problem is that their permissions need to be set within cyrus (as they are basically imap permissions), which means another admin interface for that. So I'm looking for ideas on how to integrate the two. Does anyone know a web ui of some sort that would integrate editing ldap and imap flags? Before we start writing our own ... -- Jure Pečar http://jure.pecar.org Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: 2.3.11 STARTTLS broken if tls_ca_file is defined
On Sun, 16 Dec 2007 15:08:46 +0100 Wolfgang Breyha [EMAIL PROTECTED] wrote: Hi! I always had tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt defined in my imapd.conf. Since I updated to 2.3.11 yesterday STARTTLS didn't work anymore because negotiation failed and timed out. Interesting ... works for me with 2.3.11rc1 and sylpheed. Using imaps on port 993 only. -- Jure Pečar http://jure.pecar.org/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: LARGE single-system Cyrus installs?
On Fri, 09 Nov 2007 09:40:25 -0800 Vincent Fox [EMAIL PROTECTED] wrote: If there's something that 3 admins could do to alleviate load we did it. The bigger problem I am seeing is that Cyrus doesn't in our usage seem to ramp load smoothly or even predictably. It goes fine up to a certain point, and then you hit a brick wall without very much in the way of warning. You add that small chunk of extra users or load and suddenly everything goes to hell. Keeping the user-count per instance appropriate was the only thing we did over multiple days of desperate try this that did the job. A generous engineering cushion of capacity seems more critical than usual. In my expirience the brick wall you describe is what happens when disks reach a certain point of random IO that they cannot keep up with. In cases such as yours, the only reasonable thing is announce some kind of extended maintenance to users so they dont bog you down with whining and then go metodologicaly through the system, testing and eliminating possible causes one by one until you zero-in to the root cause. If this is some solaris feature as you suspect, then I think a Dtrace expert is a man you're looking for. I'm still on linux and was thinking a lot about trying out solaris 10, but stories like yours will make me think again about that ... -- Jure Pečar http://jure.pecar.org/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: reoccuring DBERRORs
On Sat, 25 Feb 2006 09:59:31 +1100 Rob Mueller [EMAIL PROTECTED] wrote: We have seen many strange problems with BDB over the years. It's taken quite a bit of fiddling of /var/imap/db/DB_CONFIG values to get a BDB environment that will run stably over extended periods and loads and on large servers with growing user bases. Would you be so kind to post it here? -- Jure Pečar http://jure.pecar.org/ Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: (re)partitioning advise
On Fri, 06 Jan 2006 12:47:49 +0100 Paul Dekkers [EMAIL PROTECTED] wrote: Does it (filesystem / safety / recovery / performance-wise) make sense to use different partitions Not so much different partitions as different disks. You have to think here about the disk heads as the limited resource you have for the seeks, which cost you the most in the random i/o scenario, such as mail serving. With cyrus 2.3, you can split mailbox indexes and mails to separate partitions (that are on different disks), which is a nice feature if you're concerned for the above. If you have some kind of SAN/NAS for your storage with lots of memory for write caching, all that does not matter so much. I think about not enabling dir_index on ext3 after discovering that this dramatically _decreases_ read-performance It does? The only case of that that I remember was a case of application trying to be smart and doing its own direntry sorting or something like that. Anyway, I'm mostly happy (happy as long as your ram is 100% ok) reiserfs user and I don't care much about RH support :) -- Jure Pečar http://jure.pecar.org/ Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: LDAP problem
On Fri, 16 Dec 2005 00:59:48 +
Alain Williams [EMAIL PROTECTED] wrote:
Summary: passwords with openldap 2.0 don't seem to work with openldap 2.2
userPassword:: cGFzc3dvcmQ=
/etc/slapd.conf contains (on both machines)
password-hash {smd5}
Well the string above is definitely NOT md5. It looks a lot more like the
old fashioned crypt() thing.
I remember coming across something similiar a few years back when I was
trying to add some old solaris boxen to linux environment and hitting this
same problem. You, however, are moving to a more modern system, so it looks
like a stupid idea for a modern system to use older password hashing.
Anyway, check what the sles manuals say, maybe someone got enlightened and
configured defaluts to be more 'the old unix way'.
--
Jure Pečar
http://jure.pecar.org/
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Design for a largish Cyrus server
On Wed, 14 Dec 2005 10:22:37 -0600 Gary Mills [EMAIL PROTECTED] wrote: I'd like to leave SMTP on the V480 and add a 2-node load-balancing cluster for IMAP. Each of the two servers would be a Sun V440 with 4 CPUs and 16 GB of memory. They would run Solaris 10. Sun's QFS would provide shared storage from an iSCSI SAN. There would be 3 TB of storage on the SAN. Daily backup and restore would be from snapshots on the storage device. We'd use Legato Networker for longer-term backup and restore. I doubt there's a real need for the additional CPUs. You mostly want two machines for redundancy. But I do see the need for all the additional IO you can get, especially when you move to the Tb sized spools. I don't know much about Sun gear and QFS, but there's a mention on the qfs web site mentioning metadata separation ... that sounds like an interesting toy to play with on mail spools. Also, Solaris 10 gives you dtrace ... I'd love to poke a large live mail server with it :) About iSCSI ... any expirience with it? I know throughput is good enough, but what about latencies? Are they comparable with local disks or fibrechannel? Please post about your progress and if you expirience anything interesting. -- Jure Pečar http://jure.pecar.org Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus postfix, message being corrupted when viewed by the client
On Sun, 4 Dec 2005 15:05:18 +0800 cyrus [EMAIL PROTECTED] wrote: my other SLES9, setup appears to be exactly the same , and it does not do it!! You haven't said if you performed any network tests. Both postfix cyrus should not mangle mail bodies in any way, so the corruption can either appear on the sending side (how were you sending those test mails?) or on the receiving side. If you have two machines, they must surely be connected with different network cables to different switches (or at least different ports on the switch), so try to replace some parts of the nic-cable-switch chain and see if it helps. Also, I've seen on-disk corruptions with certain combinations of motherboard chipset and ide controllers, so be sure the system you've moved those disks to is different enough to count that out. -- Jure Pečar http://jure.pecar.org/ Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus WebMail
On Tue, 29 Nov 2005 23:45:32 +0100 Andrzej Kwiatkowski [EMAIL PROTECTED] wrote: Using IMAP connection for Webmail are not this, what i want for today. Is there some documentation about Cyrus internal databases, or maybe API about this stuff ? Cyrus is a blackbox by design. Its interfaces are lmtp, pop, imap and sieve. So use any of the miriad webmails around. If you insist on direct access to mails, check Courier and its webmail that directly accesses the maildirs. -- Jure Pečar http://jure.pecar.org/ Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: IMAP/POP3 last login time
On Mon, 21 Nov 2005 10:46:28 +0100 Marc-Christian Petersen [EMAIL PROTECTED] wrote: Hi all, how do I find out the last login time from a user accessing his/her mailbox via imap or pop3? Two ways: 1) grep the logs :) 2) I use a sasl/mysql auth with a trivial patch that updates a mysql field with now() on each auth attempt. -- Jure Pečar http://jure.pecar.org Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: improving concurrency/performance
On Tue, 8 Nov 2005 09:25:54 -0500 (EST)
John Madden [EMAIL PROTECTED] wrote:
The delays I was seeing ocurred when multiple imapd's were writing to the
spool at
the same time. I do see a lot of this though:
fcntl(6, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
It looks like the lock to open a file in the target mailbox. But again, very
low
actual throughput and still little or no iowait. However, adding a -c to the
strace, the top three syscalls are:
% time seconds usecs/call callserrors syscall
-- --- --- - -
52.680.5147201243 414 fdatasync
29.870.291830 846 345 fsync
4.190.040898 27 1519 fcntl
Makes me wonder why the fsync's are taking so long since the disk is
performing so
well. Anyone know if that's actually typical?
Hm. I'd definitely take a second look at your ds6800 configuration ... How is
your write cache configured there?
I can't really measure the percentage of fdatasync, since on live system most
is time spent in select() and read() ...
Also interesting is the errors column for the open() call on this strace:
% time seconds usecs/call callserrors syscall
-- --- --- - -
1.070.019902 17 622130 open
Why 130 errors? I assume if there's an error that the call is re-tried...
Probably many ENOENT when trying to open msg/motd and msg/shutdown files.
--
Jure Pečar
http://jure.pecar.org
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: improving concurrency/performance
On Mon, 7 Nov 2005 09:00:08 -0500 (EST) John Madden [EMAIL PROTECTED] wrote: The disks are quite fast. bonnie++, for example, shows writes at over 300MB/s. What I'm finding though is that the processes aren't ever pegging them out -- nothing ever goes into iowait. The bottleneck is elsewhere... It's situations like this Dtrace was made for. But on linux we still have to use some 'gut feeling' to figure it out ... So you say you have fast disks for bonnie, but still see slow imap copy operations? What kind of SAN exactly do you have attached? Because fsync() calls would still be my primary suspect here ... You say you're copying mail spool from one box to another via imap. Is the source box able to provide mails at a fast enough rate? -- Jure Pečar http://jure.pecar.org/ Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: improving concurrency/performance
On Mon, 7 Nov 2005 12:41:03 -0500 (EST) John Madden [EMAIL PROTECTED] wrote: Perhaps it's worth repeating: With a single imapcopy process, the whole thing goes along pretty quickly, but drops off significantly with a second process and comes to basically a crawl with just 5 processes running concurrently. I gambled that I could shorten my migration by running more than one at a time since one only seems to raise the load on the box to 0.80. With 5, I'm only able to get it to around 2.5 and only briefly as the throughput starts to drop off. That is a start. Try to strace -tt all of imapd processes running concurrently and examine in which syscalls most time is spent. I hope that would give you at least a lead ... For example, on my production system I see some suspicious long pauses at fcntl64(0x8, 0x7, 0xsomeaddr, 0xsomeotheraddr) calls ... lets dig what this is. -- Jure Pečar http://jure.pecar.org/ Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: improving concurrency/performance
On Mon, 7 Nov 2005 22:31:42 +0100 Jure Pečar [EMAIL PROTECTED] wrote: For example, on my production system I see some suspicious long pauses at fcntl64(0x8, 0x7, 0xsomeaddr, 0xsomeotheraddr) calls ... lets dig what this is. As expected, these are from locking operations. 0x8 is file descriptor, which, if I read lsof output correctly, points to config/socket/imap-0.lock (what would that be?) and 0x7 is F_SETLKW which reads as set lock or wait for it to be released in the manual page. I'm sure some cyrus expert (Ken? :) can explain immediately the role of imap-0.lock and all the locking going on around it ... And if there's anything we can do to speed it up ... -- Jure Pečar http://jure.pecar.org/ Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: improving concurrency/performance
On Sun, 6 Nov 2005 14:20:03 -0800 (PST) Andrew Morgan [EMAIL PROTECTED] wrote: mkfs -t ext3 -j -m 1 -O dir_index /dev/sdb1 tune2fs -c 0 -i 0 /dev/sdb1 What about 1k blocks? I think they'd be more useful than 4k on mail spools ... -- Jure Pečar http://jure.pecar.org/ Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Mailbox is locked by POP server
Hello all, Recently I have more and more users complaining about errors accesing their mailboxes via pop. I woundn't (couldn't) really care about them, but one of them is now my boss :) So I started looking into it and we came up with the following procedure to recreate the problem: open outlook let it connect to the mail account let it start download new msgs kill it via end task Cyrus keeps the connection open and all following attempts to log in fail. I'm not really interested in who's to blame here (impatient users, of course), but how to fix / work around the problem. Decreasing tcp timeout values is my first guess. Do any of you have better suggestions? Cyrus 2.2.12 on linux 2.4.21 (rhel 3). -- Jure Pečar http://jure.pecar.org Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
