Re: Outlook 2013 IDLE broken?
On 2013-04-25 07:37, Kevin Kobb wrote: Hello, I'm currently using 2.4.17, and have run earlier versions for years without any major problems. Now, I have a few users who are getting Outlook 2013 and I am running into problems. Outlook 2010 and earlier versions work fine, but in Outlook 2013 IDLE seems broken. Users can have messages in the Inbox for hours, but if they have another folder selected in Outlook they never get a notification unless they click back in to the Inbox. Then, everything updates in Outlook. Like I said, with Outlook 2010 and earlier message notifications pop up instantly. I have looked through earlier posts regarding Outlook 2013 and checked XLIST config, deleted and recreated Outlook profiles, checked account settings, etc. It seems like IDLE support in Outlook 2013 has some issues, but I thought I would ask if anybody is seeing this or has an answer? Thanks. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Nobody else seeing this? Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Outlook 2013 IDLE broken?
Hello, I'm currently using 2.4.17, and have run earlier versions for years without any major problems. Now, I have a few users who are getting Outlook 2013 and I am running into problems. Outlook 2010 and earlier versions work fine, but in Outlook 2013 IDLE seems broken. Users can have messages in the Inbox for hours, but if they have another folder selected in Outlook they never get a notification unless they click back in to the Inbox. Then, everything updates in Outlook. Like I said, with Outlook 2010 and earlier message notifications pop up instantly. I have looked through earlier posts regarding Outlook 2013 and checked XLIST config, deleted and recreated Outlook profiles, checked account settings, etc. It seems like IDLE support in Outlook 2013 has some issues, but I thought I would ask if anybody is seeing this or has an answer? Thanks. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
cvt_cyrusdb before upgrade
Hello All, I am looking at upgrading from Cyrus 2.3.16 to 2.4.8. If I convert all the dbs from berkeley to skiplist before hand, is there any need to even build 2.4.8 with berkeley db support? (Using FreeBSD ports) I know 2.4.8 will automatically update the dbs, but I figure if I did it before hand, I could remove one more dependency from my system. If so, is there any special trick to running cvt_cyrusdb, or do I just shut things down and run it as the cyrus user? Thanks Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: cvt_cyrusdb before upgrade
On 4/22/2011 12:05 PM, Simon Matter wrote: Hello All, I am looking at upgrading from Cyrus 2.3.16 to 2.4.8. If I convert all the dbs from berkeley to skiplist before hand, is there any need to even build 2.4.8 with berkeley db support? (Using FreeBSD ports) I know 2.4.8 will automatically update the dbs, but I figure if I did it before hand, I could remove one more dependency from my system. If so, is there any special trick to running cvt_cyrusdb, or do I just shut things down and run it as the cyrus user? There is no special trick, at least not one I remember. Just to be sure I suggest to backup the whole configdirectory firtst. Simon OK, I will give it a try this weekend. Thanks. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: SSL certificates
On 2/28/2011 9:44 AM, Anthony Tibbs wrote: Good morning, I've been running Cyrus at a couple of small sites since 2001 or so. I've run into a snag trying to setup SSL using something other than the self-signed, auto-generated certificate. The domain has a GoDaddy 2048-bit SSL certificate. From the SSL manager, one downloads a bundle that contains a certificate chain bundle, and a separate file with the certificate for the domain itself. The key and CSR was generated with: openssl genrsa -des3 -out xxx.key 2048 openssl req -new -key xxx.key -out xxx.csr I've seen a few different methodologies posted about how to install this. One is to conctenate the domain certificate, the certificate chain, and the private key into one .pem file and set tls_cert_file, tls_ca_file, and tls_key_file to point to the same '.pem' file. Another is to keep the files completely separate. No matter what I have tried, I've been unsuccessful. Thunderbird reports that it received an SSL record that is too long, and/or the imapd process becomes stuck at 100% CPU utilization until it is killed forcibly. Is there something I'm missing on this? - Anthony Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ Couple of things you might look at. First, I think you need to drop the -des3 option when you create the private key. Do something like: openssl genrsa -out xxx.key 2048 instead. Otherwise, you wind up with an encrypted private key that needs a pass phrase every time you start the server. I didn't think Cyrus would even start with a key like this. Apache is about the only thing I've used that would prompt you for a pass phrase on start up. To remove the key pass phrase you can do something like: openssl rsa -in xxx.key -out xxx.key.nopass I haven't used GoDaddy certs for a while because you had the extra hassle of dealing with intermediate certificates, and I can get single-root certs cheaper. That being said, I believe all you should need to do is cat the signed cert and the intermediate cert together, and use this for the tls_cert_file: value in imapd.conf. Point the tls_key_file: value to your private key, and that should do it. This is all off the top of my head and a sick child meant I only got about 3 hours of sleep last night, so please make copies of everything before trying any of this! Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Patch: add new lmtptarget annotation
On 5/18/2010 12:38 PM, Stephen Grier wrote: All, Just submitting a patch I'm supporting locally for consideration. We use shared mailboxes quite extensively for role-based communication. For quite some time we've had a problem with users deleting or renaming mailboxes into which we deliver mail. We can, and do, use IMAP ACLs to dissallow users from deleting the delivery target mailbox. But when a user creates a child mailbox it inherits the ACLs of the parent, and the user is then not able to delete or rename the sub folder. As a fix, I have written a patch against 2.3.16 to add a new lmtptarget mailbox annotation. When enabled, Cyrus won't allow the mailbox to be deleted or renamed. We can then set whatever ACLs we want inherited by child mailboxes, happy in the knowledge the user won't blat the mailbox and cause mail to bounce. The rationale here is that Cyrus treats user.foo with special significance as a delivery target, but does not do the same for shared mailboxes because there is no way for Cyrus to know which shared mailboxes we intend to deliver mail into. Using a mailbox annotation seems a nice way of flagging this. Patch attached. Comments welcome. Cheers, Stephen Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html I have not tried the patch yet, but if this works OK, I think this would be great to have in the official release. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Using xfer to migrate mailboxes to a new server
On 2/15/2010 8:25 AM, Elver Loho wrote: Hi, We've got Cyrus running fine on our old server since 2006. Now we're setting up a new server and would like to migrate all the mailboxes over to the new one before replacing the old server. For this task the xfer command seems relevant. I've coerced Cyrus on the old server to a point where cyradm gives the following error when I try the xfer command: localhost.localdomain xfer user.elver 192.168.0.180 xfermailbox: Server(s) unavailable to complete operation I'm sure I'm doing something wrong here. I might even be doing everything wrong here. I've googled and it seems like xfer is a common headache for Cyrus admins with no easy solution. However, it also seems to be a particularly bad headache -- most old e-mails I've found about this topic seem to have gone unanswered. So I'm wondering if anyone here has any experience with getting xfer to work in a migration scenario that they'd be willing to share. Anyone? Best, Elver elver.l...@gmail.com +372 5661 6933 http://elver.wordpress.com/ skype: elver.loho Sent from Tartu, Estonia Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html The last time we moved to new hardware, I used imapsync to migrate all the mailboxes to the new hardware. We moved from a different IMAP server to Cyrus, and this worked great. I don't know if this work as well now moving from Cyrus to Cyrus, as I don't think it would pick up quotas and believe xfer will. When it comes time to move to new hardware, (probably in a another year or two) I was thinking about temporarily enabling replication on both boxes and getting things in sync that way. I am not sure if this is the way to go, and I haven't actually tried it, but perhaps it is worth looking at. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Can Sieve Do This?
Greetings, I'd like to create a sieve rule that copies all received messages to a folder named INBOX/BACKUP-username. This would be set to a limit such as size or number of messages in which the first in would be deleted. Is it possible to do this with the current implementation of sieve? I'm using cyrus-imapd-utils-2.2.12-3.RHEL4.1 Cheers, -kkruzich Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: problem eith db4 delivery database
I had this same issue a couple of weeks ago. The awful symptom was a failure of full delivery (lmtp handoff). The most immediate fix is just restarting Cyrus. The cause seemed to be from a directory harvest attack --many SMTP connects within a short period of time which never completed sequence. Google keywords DBERROR Cannot allocate memory One of the more specific, in-depth items I found was: http://www.cjc.org/blog/archives/2006/08/22/cyrus-imap-log-and-cache-settings --kkruzich RJ45 wrote: Yes I have 9GB of free space and the permission on the files are: -rw--- 1 cyrus mail 143876096 Dec 29 15:14 deliver.db any hints ? thanks Rick On Mon, 18 Dec 2006, Wolfgang Hennerbichler wrote: On 18.12.2006, at 15:53, RJ45 wrote: Dec 13 10:11:18 iris lmtpunix[15690]: DBERROR: opening /var/lib/ imap/deliver.db: Cannot allocate memory Do you have enough free space and user rights on this file? -- [EMAIL PROTECTED] http://www.wogri.com http://www.einradfilm.at Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: listusers failed
I recently had to migrate a sasl auth db from GNU DBM to Berkeley DB. I used this: http://dcs.nac.uci.edu/~strombrg/convert-database --I know that's 404 so search around for it (hint: it's a python script). If not, email me directly and I can send it to you. Also, there's a very clear and simple toolkit with python that can be used to break open these dbs. That is, if you're a programmer with a little python experience. Then there's this: http://www.irbs.net/internet/cyrus-sasl/0405/0046.html This changes the realm of the db. Although you may not need to do that it may help in breaking down the sasl db. Good luck, --kkruzich Craig White wrote: On Thu, 2006-11-30 at 16:58 +0100, Arnau Bria wrote: Hi, today, after a power cut (I'm not sure if this is correct), I had to startup my home mail server. After that, I found that I was not able to get my mail, so I logged into box and found and error in sasldblistusers2 : # sasldblistusers2 listusers failed So, I thought I was some kind of error in my sasldb2 file... I don't know how to dump that db, and check integrity of the file, so I deleted it and created a new one with saslpasswd (i have couple of users) Now it works fine, but I was winder if is there a way for recovering original file... I don't use sasldb but I would presume that it uses berkeley db4 and if that was the case, with their utilities, something like cd /whatever/directory/sasldb is stored and then something like db_recover should suffice. More importantly, why not back it up once in a while? Craig Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Folders containing messages and subfolders
Hi, Does Cyrus IMAP support the ability to have folders that may contain both messages and subfolders? The tdlp.org 'MS Outlook to Unix Mailbox Conversion' MINI-HOWTO suggests that no Linux IMAP server using the Mailbox format supports this feature. Does Cyrus IMAP use the Mailbox format and, if so, does it therefore NOT support folders containing both messages and subfolders? Many thanks, Kevin Clark Connection Software Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Large SubFolders --No Longer Visible to Client
Greetings, I recently moved a large number of users (with tons of mail) to Cyrus 2.2 on RHEL4 (latest updates) from Cyrus 2.1 The *only* issue reported thus far from only 3 of 150 users is, top-level folder containing many subfolders with lots of mail is NO LONGER VISIBLE to their mail client. This means a folder 1Gb. I can see the folder and the contents on the filesystem but a reconstruct doesn't show it (reconstruct -rf user.xyz). When I run reconstruct on V2.1 on these same users I DO see the folders being reconstructed. Looks like this is the difference between reconstruct built against libdb-4.0 v. libdb-4.2 Anyone aware of this being a known issue, is there a workaround, fix, anything? Thank you, --kkruzich -- Kevin Kruzich UNIX Systems Administrator Linkshare Corporation Tel 646-654-6000 x344 Fax 646-602-0160 [EMAIL PROTECTED] Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
*any* user's folder structure
With the imapd.conf as show below in use I can see *any* user's folder structure (cannot see the contents) when I do subscribe - query (showing those that I'm not explicity subscribed to). This is with Thunderbird or Outlook. I see a user top level folder, all users below that, and have the ability to expand any/everything from there. Yeah, I thought foolstupidclients would work but it did not. This may be just bad ACL assignment (which are assigned by default), here's mine and a few other random ones: kkruzich lrswipcda magosto lrswipcda dcollins lrswipcda rcotto lrswipcda Another behavior, most likely related to this issue, is I can *create* folders outside of my own tree --where they appear as /imap/THISFOLDER but I cannot delete these. I don't want to be able to do this. Any comments would be greatly appreciated. --- imapd.conf --- configdirectory: /var/lib/imap foolstupidclients: true partition-default: /imap3 partition-imap2: /imap2 partition-imap3: /imap3 partition-imap: /imap sasl_mech_list: PLAIN sasl_pwcheck_method: auxprop seenstate_db: flat sendmail: /usr/sbin/sendmail sievedir: /var/lib/imap/sieve --- -- Kevin Kruzich UNIX Systems Administrator Linkshare Corporation Tel 646-654-6000 x344 Fax 646-602-0160 [EMAIL PROTECTED] Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
List Archives/Info is 404
These links, which go out with every email sent to this list, are 404. Maybe somebody can fix it. Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Migrating a former /etc/sasldb2 (GNU dbm 1.x or ndbm database, little endian)
I have an /etc/sasldb2 containing around 600 accounts, in GNU dbm format. In running sasldblistusers2 I can see entries like so: [EMAIL PROTECTED]: cmusaslsecretPLAIN [EMAIL PROTECTED]: userPassword [EMAIL PROTECTED]: userPassword When I try to authenticate against (using imtest) this on a host other than greenwich I get the following: S: L01 NO Login failed: user not found Authentication failed. generic failure Security strength factor: 0 I CAN add another account [EMAIL PROTECTED] using saslpasswd2 --but what I really want to do is change the domain (or realm) in this existing sasldb2. I've searched hi and lo and can't find anything on this. I really don't want to ask 600 people to change their email password. Any suggestions? Thank you, --kkruzich Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Migrating a former /etc/sasldb2 (GNU dbm 1.x or ndbm database, little endian)
Clarification below... Kevin Kruzich wrote: I have an /etc/sasldb2 containing around 600 accounts, in GNU dbm format. In running sasldblistusers2 I can see entries like so: [EMAIL PROTECTED]: cmusaslsecretPLAIN [EMAIL PROTECTED]: userPassword [EMAIL PROTECTED]: userPassword When I try to authenticate against (using imtest) this on a host other than greenwich I get the following: When I move the sasldb2 file to another host (eg, mbox), the system we're planning to migrate to, I get the following: S: L01 NO Login failed: user not found Authentication failed. generic failure Security strength factor: 0 I CAN add another account [EMAIL PROTECTED] using saslpasswd2 --but what I really want to do is change the domain (or realm) in this existing sasldb2. I've moved the sasldb2 file to another host --and I can add an additional account there. So there's [EMAIL PROTECTED] and [EMAIL PROTECTED] But what I'd rather do is just change the name of the realm for joe, leaving his former password intact. I've searched hi and lo and can't find anything on this. I really don't want to ask 600 people to change their email password. Any suggestions? Thank you, --kkruzich Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -- Kevin Kruzich UNIX Systems Administrator Linkshare Corporation Tel 646-654-6000 x344 Fax 646-602-0160 [EMAIL PROTECTED] Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Migrating a former /etc/sasldb2 (GNU dbm 1.x or ndbm database, little endian)
The realm does matter. It took awhile to realize this but moving an /etc/sasldb2 from one machine to another --irregardless of db format, gdbm or db, I couldn't authenticate against it. And that's using 'imtest -a user -u user hostname' I found a solution to this (as illustrated below and my former emails to this list): 1. Convert from gdbm to berkeley: - http://dcs.nac.uci.edu/~strombrg/convert-database 2. Use this to change the realm from oldrealm to newrealm - http://www.irbs.net/internet/cyrus-sasl/0405/0046.html --kkruzich Alexander Dalloz wrote: Kevin Kruzich schrieb: Clarification below... Kevin Kruzich wrote: I have an /etc/sasldb2 containing around 600 accounts, in GNU dbm format. In running sasldblistusers2 I can see entries like so: [EMAIL PROTECTED]: cmusaslsecretPLAIN [EMAIL PROTECTED]: userPassword [EMAIL PROTECTED]: userPassword When I try to authenticate against (using imtest) this on a host other than greenwich I get the following: When I move the sasldb2 file to another host (eg, mbox), the system we're planning to migrate to, I get the following: S: L01 NO Login failed: user not found Authentication failed. generic failure Security strength factor: 0 How exactly do you try to auth? The username is [EMAIL PROTECTED]. I CAN add another account [EMAIL PROTECTED] using saslpasswd2 --but what I really want to do is change the domain (or realm) in this existing sasldb2. Did you read man saslpasswd2? You would see to use -u domain, which sets the realm. By default the domain / realm is the hostname where you run saslpasswd2. I've moved the sasldb2 file to another host --and I can add an additional account there. So there's [EMAIL PROTECTED] and [EMAIL PROTECTED] But what I'd rather do is just change the name of the realm for joe, leaving his former password intact. Why does the realm matter if you seem to haven't it used for auth previously? Alexander Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -- Kevin Kruzich UNIX Systems Administrator Linkshare Corporation Tel 646-654-6000 x344 Fax 646-602-0160 [EMAIL PROTECTED] Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Compiling cyrus-imapd
I've found I can/cannot authenticate with imtest depending on the following combination of configure options (below). Does cyrus-imapd have a sense of Berkeley DB v. GNU DBM? Using --with-cyrus-prefix=/usr/local/cyrus --without-bdb --with-dblib=gdbm doesn't seem to have any effect. authenticates: IMAPCONF=--with-cyrus-prefix=/usr/local/cyrus SASLCONF=--disable-cram --disable-digest --disable-otp --disable-krb4 --disable-gssapi --disable-anon --enable-plain DOES NOT authenticate: IMAPCONF=--with-cyrus-prefix=/usr/local/cyrus SASLCONF=--disable-cram --disable-digest --disable-otp --disable-krb4 --disable-gssapi --disable-anon --enable-plain --with-dblib=gdbm Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Move old sasldb2 to new
Greetings, I have an old sasldb2 authentication database that looks so: #/usr/sbin/sasldblistusers2 [...] [EMAIL PROTECTED]: cmusaslsecretPLAIN [EMAIL PROTECTED]: userPassword [...] Many lines like this, a mix of cmusaslsecretPLAIN and userPassword Here's what 'file' says about it: /etc/sasldb2: GNU dbm 1.x or ndbm database, little endian Here's what I see with 'imtest' imtest -a kkruzich -u kkruzich localhost S: * OK mbox Cyrus IMAP4 v2.1.15 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE S: C01 OK Completed Please enter your password: ON ANOTHER SYSTEM I REBUILT cyrus-imapd-2.2.12 and cyrus-sasl-2.1.22 with the following: sasl: ./configure --enable-plain --disable-cram --disable-digest --disable-gssapi --enable-login --disable-otp --with-dblib=gdbm imapd: ./configure --with-cyrus-prefix=/usr/local/cyrus THEN I MOVED THAT /etc/sasldb2 MENTIONED ABOVE to this new machine (we'll call it newmbox) and here's what I see with imtest: /usr/local/bin/imtest -a kkruzich -u kkruzich localhost S: * OK newmbox Cyrus IMAP4 v2.2.12 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=NTLM AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR S: C01 OK Completed C: A01 AUTHENTICATE DIGEST-MD5 S: + bm9uY2U9IjNldGlVRHdYV1g1bjUxOFUwTWh5TDAvRUsvWE56VHhnVUxQK29YMHROanM9IixyZWFsbT0iemVlayIscW9wPSJhdXRoLGF1dGgtaW50LGF1dGgtY29uZiIsY2lwaGVyPSJyYzQtNDAscmM0LTU2LHJjNCxkZXMsM2RlcyIsbWF4YnVmPTQwOTYsY2hhcnNldD11dGYtOCxhbGdvcml0aG09bWQ1LXNlc3M= Please enter your password: OR EVEN: /usr/local/bin/imtest -mPLAIN -a kkruzich -u kkruzich localhost S: * OK newmbox Cyrus IMAP4 v2.2.12 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=NTLM AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR S: C01 OK Completed Please enter your password: C: A01 AUTHENTICATE PLAIN a2tydXppY2gAa2tydXppY2gAYXNkZg== S: A01 NO encryption needed to use mechanism Authentication failed. generic failure Security strength factor: 0 The logs say: Aug 10 15:56:55 newmbox imap[4684]: badlogin: localhost.localdomain [127.0.0.1] DIGEST-MD5 [SASL(-13): user not found: no secret in database] Aug 10 15:57:07 newmbox imap[4684]: accepted connection Aug 10 15:57:10 newmbox imap[4684]: badlogin: localhost.localdomain [127.0.0.1] PLAIN [SASL(-16): encryption needed to use mechanism: security flags do not match required] I'm still pretty sure this sasldb2 I'm trying to use is plaintext --but the question is how do I conform to it? I've tried so many combinations of configure switches with sasl. I wish I could rid of this old sasldb2 --and I may have to --but it contains 580 accounts and passwords that I don't want to have the user community reset. Any comments would be greatly appreciated. Thank you, --kkruzich Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve Vacation Filters not working...
--- Simon Matter [EMAIL PROTECTED] wrote: The Sieve Vacation Filters are not working on our system. All filters *other* than Sieve Vacation *are* working. I have been able to create filters to move messages into a folder based on header information with no problems. I have tried using: - Squirrelmail AvelSieve - eGroupware Sieve filters All enable me to set any kind of filter other than vacation. Can some one point me in the right direction for fixing this? I think your vacation filters are working fine, how did you test? The most So I just got it working. I was using Kolab... I had a contet_filter problem with one of the Kolab php filters. So yes it was working. common mistake with vacation is that people try it out, and they miss the point that a vacation mail is only sent to them once in a week or so. Without purging the duplucate db, that's expected. Install a vacation rule, send a mail from an new account from which you have not sent mail before, and see how it works. Simon Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Sieve Vacation Filters not working...
The Sieve Vacation Filters are not working on our system. All filters *other* than Sieve Vacation *are* working. I have been able to create filters to move messages into a folder based on header information with no problems. I have tried using: - Squirrelmail AvelSieve - eGroupware Sieve filters All enable me to set any kind of filter other than vacation. Can some one point me in the right direction for fixing this? Should I be posting to cyrus-dev list? Thank you, Kevin __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus admin user that can read messge on all accounts?
Is there an admin user that has permissions to access all other accounts? I am running IMAPSync between two servers, a couple times a day for backups. The newest version of IMAPSync allows for a seperate admin auth user to be specified so that you do not need to know the password for all users you are syncing. If there is no user like this, how would I go about creating it in Cyrus? I realize there are security risks to this, but this seems to be the best solution for us right now. Thanks, Kevin __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: pop3 connection timeout lock problem
Is there a reason I can't change the timeout to be less than 10 minutes @ pop3d.c:407? Say 3-5 minutes? The reason you perhaps *shouldn't* do that is that it would violate RFC 1939: A POP3 server MAY have an inactivity autologout timer. Such a timer MUST be of at least 10 minutes' duration. OK, that makes sense. I still don't understand why the timer is reset after each attempt to login. Anybody have an idea as to why this would be? Kevin McWilliams Open LabNet Lawrence Livermore National Laboratory P: 925-422-0505 F: 925-422-2425 Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
pop3 connection timeout lock problem
I have a question about the timeouts on pop3 connections. It looks like the code doesn't allow for a timeout less than 10 minutes. This causes a problem with some of my users who are connecting via dial-up or some other slow network connection. If they login and then lose their connection to the server the mailbox remains locked. However from what I can tell the timeout is reset after each attempt to login, which keeps the mailbox perpetually locked if you attempt within 10 minutes. So when they get their connection backup and try again they get the Mailbox is locked error. So my questions are: Is there a reason I can't change the timeout to be less than 10 minutes @ pop3d.c:407? Say 3-5 minutes? Why is the timeout reset on each connection? Here I am refering to prot.c:1026 1032. As best I can tell this where the timeouts are reset to now + this_timeout. I am running cyrus-2.2.12 on RedHat AS4 x86_64. Any help would be appreciated. Kevin McWilliams Open LabNet Lawrence Livermore National Laboratory P: 925-422-0505 F: 925-422-2425 Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
imapd.conf parameter: sasl_minimum_layer not working as advertised
Hi Folks- I'm using Cyrus IMAPd v2.2.12. I'd like to allow clients to authenticate using the plaintext mechanism, but only if those connections are secured with TLS. Is there a way to do so? I have the following settings in imapd.conf: sasl_minimum_layer: 56 allowplaintext: yes But I can still connect to the server with unencrypted connections and do plaintext authentication. According to man imapd.conf: sasl_minimum_layer: 0 The minimum SSF that the server will allow a client to negotiate. A value of 1 requires integrity protection; any higher value requires some amount of encryption. Before using the sasl_minimum_layer parameter at all, the server was allowing plaintext logins that were encrypted with TLS and those that were not. I figured that by setting this parameter to 2, I would accomplish my goal of allowing plaintext logins but only if encrypted with TLS and denying unencrypted plaintext logins. When the setting of 2 failed, I tried 56, but it too allows unencrypted plaintext authentication. Is this a bug or am I missing something? TIA. -Kevin Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Implementing shared folders and bulletin boards ala O'Reilly's Managing IMAP
if these concepts have changed a little bit in that time in the imapd implementation. And if it is only the seen state that is per-user unique, how are people using that? In a Helpdesk group as the book writes about? Other uses too? I have the same questions about bulletin boards. Exactly which message states are global and which are unique per user? Is every message state unique per user with bulletin boards? That seems to be what O'Reilly is saying but again, that's very old information. And how are people using bulletin boards? Also, do I need to make sure my imapd.conf has some specific parameters present in it for this to work or is simply creating the mailboxes and adjusting ACLs enough? And then, just to make sure I understand, what are all of the ways that one can get a message into such a folder? Is copying and/or moving a message from one mailbox (in a MUA) to this public folder going to work? (I would expect that it would using the IMAP command set)? Can one also do so using a MTA such as sendmail or postfix? If so, what address should be in the To: field for this to work? Say the mailbox created was: bb.MyBulletinBoard What address would I use to post to that using an MTA like postfix? Sorry for the length. Many thanks in advance for any replies. -Kevin Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
How to fully enable those last mulberry binaries
Hi All- I just noticed that Cyrusoft went bankrupt. I saw the last copies of Mulberry on their website and noticed that they were up to version 4. I've been running version 3 for a long time and am not sure if I would need new licenses and serial numbers for enabling the software in v4 or if my s/n for version 3 will work with the v4 software. Can anyone comment on this or does anyone know how to reach the folks at Cyrusoft now given their financial filings? I'd really like to have fully functional version 4 of that MUA. Very nice. What a shame that they're going away... TIA. -Kevin Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrmaster not starting
On Sep 13, 2005, at 2:13 PM, Robert Van Horn wrote: Hi all, I'm trying to run cyrus on debian. Actually had it working for a while. Now it won't start. No error messages - no daemon. Have you tried stracing the start up? -- Kevin Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: imap transfer
A solution to this is a script setup like this: - external file with username_src,known_password_src,username_dest,known_password_dest - cycle through file - login to ldap on src account - save current encrypted password - change password to SHA or MD5 enc version of password_src above - migrate mail with imapsync for account -login to ldap on dest account - change password to saved current(original) encyrpted password. No need to reencrypt I ended up just changing everyones password to "password" and had them change it back after... but was heading to ward the above. Hope this helps... Sounds funky but the above is actually not that complex. I'm not a shell guy so was going ot write it in PHP to be run at commandline. Kevin Baker Sujit Choudhury wrote: After getting advice from various people I tried imapsync, as I was moving one mailbox to another within cyrus environment on the same machine. So far everything went ok; however only one problem I encountered - I required the passwords of both set of accounts. As I will be dealing with 400+ accounts, this might be the biggest challenge. To make the matter worse, the accounts are authenticated via ldap. Anyway I have done two so far and one person was overjoyed. Thanks to everybody who came up with various suggestions. Sujit Choudhury Sujit Choudhury wrote: We have two users. We would like to copy all the mail from one user to another. What is the best way to do it? Copying file by file will not work as it would clash with existing names like 300. etc. Renaming is out of question as we would like to preserve both the accounts. Any idea will be appreciated. Regards Sujit Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: imap transfer
Exactly... I guess your version is a bit more clear.. when I say store, I meant in memory ;) I am pretty temped to put this together. As you say it would be ge great for reducing downtime to users... only currently migrated users would have any interuption. Another addition might be to have an ongoing log as to migration status.. The way you could just tail the file for status... Raymond Sundland wrote: Ah yeah this is good, too. I didnt think of that in my response. This way you dont need to distribute new passwords. But a small modification to this flow, because I dont think you need to go so far with storing passwords. This is assuming, of course, you have full access to LDAP in the first place: Generate file with usernames (source and dest if they are different) Cycle through File: Save userPassword entry from LDAP1 Reset userPassword entry on LDAP1 to something generic Reset userPassword entry on LDAP2 to the same generic Use imapsync to perform the synchronization of the mailbox (using the generic password for both IMAP boxes) Set the userPassword entry on LDAP2 with the hashed value obtained from LDAP1 Email is transferred, password doesnt change. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kevin Baker Sent: Thursday, September 01, 2005 3:15 PM To: Sujit Choudhury Cc: info-cyrus@lists.andrew.cmu.edu Subject: Re: imap transfer A solution to this is a script setup like this: - external file with username_src,known_password_src,username_dest,known_password_dest - cycle through file - login to ldap on src account - save current encrypted password - change password to SHA or MD5 enc version of password_src above - migrate mail with imapsync for account -login to ldap on dest account - change password to saved current(original) encyrpted password. No need to reencrypt I ended up just changing everyones password to "password" and had them change it back after... but was heading to ward the above. Hope this helps... Sounds funky but the above is actually not that complex. I'm not a shell guy so was going ot write it in PHP to be run at commandline. Kevin Baker Sujit Choudhury wrote: After getting advice from various people I tried imapsync, as I was moving one mailbox to another within cyrus environment on the same machine. So far everything went ok; however only one problem I encountered - I required the passwords of both set of accounts. As I will be dealing with 400+ accounts, this might be the biggest challenge. To make the matter worse, the accounts are authenticated via ldap. Anyway I have done two so far and one person was overjoyed. Thanks to everybody who came up with various suggestions. Sujit Choudhury Sujit Choudhury wrote: We have two users. We would like to copy all the mail from one user to another. What is the best way to do it? Copying file by file will not work as it would clash with existing names like 300. etc. Renaming is out of question as we would like to preserve both the accounts. Any idea will be appreciated. Regards Sujit Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Misc question about LDAP and admin stuff
Hi Igor, On Jul 27, 2005, at 6:59 AM, Igor Brezac wrote: Hmmm. I do know understand your LDAP performance comment Why should you write often to LDAP in a scenario like this??? You configure the attributes rarely and then read them often. I can only see writes during user password change or any other admin changes of user attributes. *One* of the golden rules to use LDAP is to have *many* more reads for each write (example 1000:1). I work with LDAP in my daily work. But I maybe missunderstood you... You said you wanted quotas stored in ldap, this will require frequent writes to ldap I'm going to chime in here if you don't mind, since several years ago I began work on LDAP quota look-ups. Unfortunately, I never completed the work, although the design discussions between Larry and me should still be in the archives. Back then we felt, and I still feel now, that you would only want to store the actual quota threshold in LDAP. There is no reason to store how much of the mailbox is actually being used in LDAP, since this is in information that is practically useless outside of Cyrus. This would result in read-only operations from the LDAP backend, unless a user's quota is to be changed (which should be an infrequent operation). -- Kevin --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Sieve LMTP
Hello all, It's been a few years since I've posted here, so I hope everyone is doing well. I'm running into a bit of a configuration issue that I hope someone might be able to help out with. I decided it was time to try letting sieve manage my filters and got avelsieve set up with squirrelmail this morning. I had to fight with timsieve for a bit in order to get it to use the correct SASL auth mechanisms, but that part is working fine now. So, I have the sieve server set up and a script on there, but nothing's getting processed. I normally use LMTP to deliver mail from Postfix to Cyrus. I tried to use deliver, since googling seemed to indicate this was the best way to do sieve filtering, but using deliver broke my virtdomain config (it strips the domain when delivering). So, what's the best way to get sieve working with LMTP? Is it even possible? Or is it possible to use deliver and preserve the full mailbox name? Thanks, Kevin --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve LMTP
Hi Ken,On Jul 16, 2005, at 8:01 PM, Ken Murchison wrote:Did you activate the script? If you look in your sieve directory (sievedir option in imapd.conf hashed by userid), you should see a 'defaultbc. link pointing to 'scriptname.bc'Well, it was activated, but there was some end user error. I had a wrong condition on my test script, but my MUA still had a rule set that was causing it to filter weirdly. So, I have that all taken care of. However, my test script also used the "notify" command, which doesn't seem to be working -- not a big deal, I don't really need it, but I was expecting it to do something *shrug*You definitely do NOT want to use deliver unless you absolutely have to. Deliver is just an LMTP client anyways, and adds an extra (possibly expensive) process (fork() + exec()) to the pipeline.That's what I thought. I just incorrectly thought it might be the only way to get sieve filtering working.Anyway, thanks for the help Ken. It's nice to see your still active here as your contributions have always been great.-- Kevin
Re: Shared Mailboxes and Postfix
Josh Whitver wrote: As I understand it, this should allow us to send mail to Conference+shared mailbox name@domain and have the message delivered to the shared mailbox. This isn't what's happening, however. Initially, there was no mail-capable user named Conference, so I created one, but now all mail sent to the address above gets delivered to the Conference user Inbox, not the shared mailbox. I just went through this myself last week :-) The Postfix 'local' process won't accept mail for users it can't identify, so it does not think there is a valid local recipient for 'Conference' unless you add it as a user, which doesn't accomplish what you want. Instead, you need to make two changes in your Postfix main.cf: First, add recipient_delimiter = +, so that Postfix will ignore the suffix after the username when looking for a match. Second, if you don't already have a 'local_recipient_maps line, add one using the default contents (which are shown in the local(8) man page). Third, create a file in your Postfix config directory called 'shared_folders', with contents like this: Conference yes (the second token can be anything, it just has to be present). In the Postfix config directory, run postmap hash:shared_folders to create a hash db from this file. Finally, add 'hash:shared_folders to the end of the local_recipient_maps line in main.cf and restart Postfix. There is one downside to this configuration: Postfix will accept mail addressed to Conference+anything, then Cyrus will reject it if there is no matching folder. If you wish, you can list each valid shared folder in the shared_folders file, and don't add the 'recipient_delimiter' option to main.cf, which will avoid this problem but require more maintenance as you add/remove folders. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Shared Mailboxes and Postfix
Josh Whitver wrote: Thanks for the help thus far, but now when I start the mail service, I get this in /var/log/mail.log: May 9 11:37:59 testldap postfix/master[12863]: daemon started -- version 2.1.5 May 9 11:38:40 testldap postfix/smtpd[12887]: fatal: open database shared_folders.db: No such file or directory May 9 11:38:41 testldap postfix/master[12863]: warning: process /usr/libexec/postfix/smtpd pid 12887 exit status 1 May 9 11:38:41 testldap postfix/master[12863]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling I'm no Postfix expert, so I'll just suggest that you confirm that the file(s) have adequate permissions for the user running Postfix to be able to read them... other than that, your installation may be expecting the files in a different place. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Invalid Header
Vernon A. Fort wrote: so I could see what part of the header was invalid. There was/is a line: Message-ID: with nothing after the line. I removed the line and re-sent the message successfully. Why would single line called Message-ID: cause lmtpd message header errors? Because it's invalid syntax according to the RFCs. A header name must be followed by a value, otherwise it cannot be present. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
autoconf help with net-snmp and cyrus 2.1.18
Hello, I backported from the 2.2.X branch what I think are most, if not all, the changes needed to make cyrus 2.1.18 compatible with net-snmp, and allow for statistics generation (I miss them on the mail server I have that is running on a newer OS :) Changes are all in the C code I believe, with maybe one m4 macro change in cmulocal/ucdsnmp.m4. However, I'm ignorant of how to make the necessary changes to get autoconf to generate a proper configure script. Is it just a matter of running autoconf? I'd like to understand what I'm doing with the GNU build tools before I potentially put a piece of software into test and then production, that I did the backport on :) Thanks, Kevin -- Kevin M. Myer Senior Systems Administrator Lancaster-Lebanon Intermediate Unit 13 http://www.iu13.org (717) 560-6140 --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: confusion about setting up certificates
Jim Miller wrote: I'm still having trouble will Outlook and connecting with IMAPS to cyrus-imap 2.2.10. when I set 'tls_reqire_cert: true'. However I don't have the problem when I set tls_imap_reqire_cert: true' That's because this second setting is ignored. For settings to apply to specific services, they are _prefixed_ with the service name, so this would be imap_tls_require_cert. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: [RFC] EXTERNAL auth choosing between CN and email address?
Marco Colombo wrote: So it seems its usage is deprecated. If you are to code a patch, you may look into the alternative name(s). Those are standard v3 extensions. As I understand it, comforming applications should look there in order to find email addresses (of type rfc822Name). Of course, since you're using your own CA, you could use whatever field/attribute, but keeping an eye on standards won't hurt, IMHO. And after all your own mail was an RFC. :-) Yes, thanks for that. I'll keep that in mind when I get back to working on this in a few days, and check both places for addresses. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: --with-auth only for group memberships?
Igor Brezac wrote: --auth-auth specifies an authorization (not authentication) mechanism. The unix module is mostly useful for group. OK, yeah, authorization vs. authentication, right. Since SASL cannot provide authorization details, Cyrus IMAP has to get them from somewhere else, so that's understandable. This is not correct. unix_group_enable is used only when you compile the unix authorization mechanism, otherwise it has not effect. Understood. I'll continue using the combination of --with-auth=unix and unix_group_enable turned off, which will keep Cyrus IMAP from caring about group memberships (and looking at my passwd/group files). --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: [RFC] EXTERNAL auth choosing between CN and email address?
Marco Colombo wrote: What field is that, exaclty? v3 extension? I'm not sure... it's in the OpenSSL headers files as NID_pkcs9_emailAddress. Anyway, the goal of authentication is to identify users not email addresses. The whole idea of using certs is broken, unless you use the cert itself. No CA makes any attempt to provide _unique_ information. And the uniqueness of an email address it pretty weak. The only unique info you can extract from a cert is the public key, which is what you're actually using to identify the remote party. I agree, but in this case the email address _is_ the user name. Of course, if your server trust only _one_ CA, and you have control on how that CA works, you can use certs safely. You can make sure CN data (or any data) is unique. Exactly, that's the only scenario where this is viable. When I document this for people to use, I'll make that perfectly clear: if you configure your system to accept _any_ client certificate, you are not doing yourself any good. This method _only_ works when you are administering the CA yourself and have complete control over the contents of the certs and who has access to them. Granted, I could also just make the CN in the cert be the user's email address, but I'd rather leave it as their full name (it's much nicer in Horde that way, plus we also use it for Trac). --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Horde/IMP authentication to Cyrus via client certificates?
Igor Brezac wrote: Your bigger issue is to find a client that supports SASL/EXTERNAL. I do not believe c-client library (this is what drives IMP/Horde via PHP) supports SASL/EXTERNAL, so this is what you need to start hacking. OK, I've successfully connected using imtest and SASL/EXTERNAL and it works fine (other than using the CN as the authentication identity, but I'll post about that in another thread). Thanks! --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
--with-auth only for group memberships?
I've just reworked my Cyrus IMAP installation, and I'm beginning to get the impression that --with-auth (which defaults to unix) is only for group memberships, and really has no other effect. It certainly doesn't seem to affect SASL in any way, which is what actually handles authentication. Since I have unix_group_enable: 0 in my imapd.conf file, does that mean that it no longer matters what I specify for --with-auth? If so, the documentation could use an update to make that abundantly clear, and ideally the option could be renamed so people don't think it has anything to do with actually authenticating users :-) --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Basic FAQs and HOWTOs
Craig White wrote: My goal was to be my own CA - generate per user certificates and have revocation rights. I haven't had many issues with creating certs for various applications such as ldap/apache etc. I was looking for some granular control for individual users. I do this manually using OpenSSL commands directly; it's really not that difficult. The biggest issue is ensuring that all your SSL/TLS-enabled services are aware of your CRL (revocation list). As best I can tell, Cyrus IMAP does not currently support a CRL, so you wouldn't be able to stop users from accessing your IMAP/POP servers using a cert you supplied. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
[RFC] EXTERNAL auth choosing between CN and email address?
I'm working on a webmail system using client certificates for authentication. I have Cyrus IMAP working fine with Cyrus SASL and AUTH=EXTERNAL after negotiating TLS... the IMAP daemon authenticate the user properly. However, it chooses the CN from the client cert as the authentication identity. With a bit of hacking to imap/tls.c I was able to convince it to use the email address instead, but I'd rather not keep it this way... I'll be happy to post a patch that allows for imapd.conf selection of whether to use the CN or email address as the identity when AUTH=EXTERNAL is used, but I'd like some input on what the configuration option should be called, and whether it should be a boolean or a multiple-choice option. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Basic FAQs and HOWTOs
Wil Cooley wrote: Lately I've been trying to migrate my self-signed certs to certs generated with TinyCA from a self-signed root cert; that way once I import my root CA I can bypass all of the prompts. Yes, that is a much better plan. I do that for my clients who have private webmail/intranet sites, just generate a cert for each client who will be connecting (from the same CA that generated the server's cert), and when they install it into their browser/mail client they automatically trust the private CA. No prompts when they connect to the server :-) --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Hardware RAID Level Performance
Andrew Morgan wrote: You may want to look into Dell's AX100 SAN (a rebranded version of the EMC Clariion AX100). These use SATA drives with a FC front end. They are relatively inexpensive for the amount of storage you can get, if your I/O needs match. You can also go a little more upscale with the CX300/500/700 models which support a mix of FC and SATA hard drives and offer greater expandability. Even better, they just released the AX100i, which uses iSCSI for the host interface. The array units are about the same price, but connectivity for 6-8 hosts is far, far cheaper than FC. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Horde/IMP authentication to Cyrus via client certificates?
Edward Rudd wrote: This is really a Cyrus-SASL topic. as Cyrus IMAP doesn't really care how the user gets authenticated, only that the SASL layer authenticates the users. So client certificate authentication would have to be added as a SASL authentication module. It's never been clear to me where IMAP stops and SASL starts as it relates to this... but it's my impression that Cyrus SASL has nothing at all to do with SSL/TLS, and only handles the authentication details after Cyrus IMAP has collected them. I guess that means that what I want to do will actually require changes in both Cyrus IMAP and SASL... time for more research :-) --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Horde/IMP authentication to Cyrus via client certificates?
Igor Brezac wrote: SASL/EXTERNAL is what you want although I have to not tried it. OpenLDAP works great. In theory, the CN part of the client certitificate subject needs to be a valid mailbox. You can test this with imtest -t client_cert_file -m EXTERNAL I assume that you have SSL/TLS working. Yes, I do have that working. I'll test with SASL/EXTERNAL, it sounds like exactly what I need. I don't really want the CN to be the mailbox name, though, I'd rather have SASL/EXTERNAL work off the email address embedded in the certificate. Your bigger issue is to find a client that supports SASL/EXTERNAL. I do not believe c-client library (this is what drives IMP/Horde via PHP) supports SASL/EXTERNAL, so this is what you need to start hacking. That's been my plan; c-client is very simple, and I've already hacked Horde to get the PEM-encoded client cert from Apache and store it in a session variable, so I can extract it out in IMP and pass it to c-client. If I get it working I'll post the results :-) --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Horde/IMP authentication to Cyrus via client certificates?
[EMAIL PROTECTED] wrote: cyrus/imapd[15511]: starttls: TLSv1 with cipher AES256-SHA (256/256 bits new) no authentication cyrus/imapd[15511]: login: localhost[127.0.0.1] pascal plaintext+TLS The no authentication at the end of the first line is due to client certicats are not allowed with webmail (c-client library doesn't support it) But the connection has well been crypted like passwd and login. Yes, I'm aware of that; what I'm proposing is to enhance c-client to support client certificates so that after the TLS negotiation is complete, the client will already be authenticated as well. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Horde/IMP authentication to Cyrus via client certificates?
I'm trying to come up with a configuration of Horde/IMP and Cyrus 2.2.x that will be easy to use and easy to manage :-) (I've got a number of these systems to set up). So far, I have been successful using client certificates to identify users to Apache 2.0.x, and using a custom Horde auth module I can pass that identity information into Horde (and all its apps except IMP) without trouble. This is nice, it keeps the users from having to log in to Horde, as long as they are using a browser where they have installed the certificate that I supply them they are all set. However, IMP needs to be able to log in to Cyrus IMAP, and that's where things break down. Even though Cyrus IMAP supports IMAP-over-TLS, which uses a certificate to identify the server, it does not appear that it knows anything about client certificates (to say nothing of the fact that I'd have to hack c-client to allow it to send the client certificate to Cyrus, but I can do that). Ideally I'd like to be able to connect to the IMAP port, issue STARTTLS, supply a client certificate and have it validated the same way that Apache does, and once that is done I have both a TLS encrypted session _and_ I'm already logged into IMAP with the email address embedded in my certificate being my authenticated/authorized name. I will also need to support password-based authentication for cases where the user is not using a browser with their custom certificate installed, but since they will be doing so 99% of the time I'd like to avoid them having to enter a username/password to get into Horde/IMP. Any thoughts on how difficult it would be to get Cyrus IMAP to accept a client certificate, validate it and automatically log in the user once that is done? I'll happily contribute the code back to CMU if I get it working, but I though I'd ask the gurus for their opinions before I tried to tackle it :-) --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Inconsistent sieve parse errors
I had posted about a week ago about Debugging Sieve scripts. Unfortunately, I didn't get any response and unfortunately, I'm still having problems with Sieve behaving erratically. For reference, my Cyrus-IMAP install is version 2.1.16 on Red Hat Linux. We use two packages to generate Sieve scripts - websieve and the Ingo module from the Horde project. I'm seeing oddities with scripts produced by both packages. Example: a user goes on vacation and uses websieve to turn on their vacation notice. They come back and turn off the notice. Some commented out Pseudo-Code from websieve is left in the default script file and this causes parse errors Sieve script: # Mail rules for user user_name # Created by Websieve version 0.61i ##PSEUDO script start #vacation1[EMAIL PROTECTED], [EMAIL PROTECTED]I will be out of the office from date, returning date. If there is an emergency, email User Name [EMAIL PROTECTED] or call phone numberoff #modebasic The essense of this script is five commented out lines (the one that starts with vacation wraps), and two blank lines with only CR/LF. Yet this file generates the following error: sieve parse error for user_name: line 6: parse error, unexpected STRING So sieve appears to be ignoring hash marks that should serve as comments. Second oddity is my own script, which I mentioned in my previous message. Periodically (and it appears to be message load related), Sieve will just stop filtering and messages that should be filtered into mailboxes drop into my INBOX. This appears to be triggered by turning on the vacation messages, as I start to see the messages appear during the time I'm out of the office and in this case, at least two weeks after I'm back and the vacation message is off. I use Ingo to generate my script and thinking it was something in that module causing the problem, I restored my script that was working fine prior to being out of the office. A diff revealed absolutely no changes, except the timestamp in the comment, created by Ingo. The following error message appears in the log: sieve parse error for kevin_myer: line 3: parse error, unexpected STRING and lines 1,2, and 3 are: # sieve filter generated by Ingo (February 7, 2005, 2:04 pm) require fileinto; So I'm puzzled what's wrong here. And why it only happens sporadically. And why, before I turn on the vacation message, it doesn't happen at all. And yet another oddity from my script: # sieve filter generated by Ingo (February 7, 2005, 2:04 pm) require fileinto; # Dell OMSA problems if anyof ( header :comparator i;ascii-casemap :contains Subject Dell problems, header :comparator i;ascii-casemap :contains Subject Alert from ERA ) { redirect [EMAIL PROTECTED]; keep; stop; } The error generated: sieve parse error for kevin_myer: line 7: address '[EMAIL PROTECTED]': parse error, unexpected '@', expecting $ So do I have a whole bunch of buggy user scripts? Or is sieve acting up? Cyrus-imapd has been restarted since I first had these problems, to update an SSL certificate. The problems persist. Thanks for any input or feedback or suggestions. Kevin -- Kevin M. Myer Senior Systems Administrator Lancaster-Lebanon Intermediate Unit 13 (717) 560-6140 --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: HowTo-ish question
Rich West wrote: We did manage to get the cyrus-imap server up and running in a Fedora Core 2 environment authenticating against PAM (which in turn talks to our LDAP servers), but we could not get users in to the system. Essentially, with our test environment, the mail client (in this case, Mozilla Thunderbird) kept erroring out stating that the mailbox did not exist (the inbox) when, in fact, users.username did exist in the user's home directory. You are missing some very basic knowledge here: Cyrus IMAP is a closed system. It manages the message store on its own, entirely outside the user's home directories, and the message store is never touched by any non-Cyrus process. Messages come in via SMTP, LMTP or IMAP (or NNTP, in recent versions), and they go out via POP3, IMAP (or NNTP). The remainder of the workings are a black box. So, any solution that we would come up with would have to satisfy the same requirements: sendmail MTA, global mail tagging, server side local user delivery filtering, and finally POP/IMAP access with user authentication passed off through PAM to our LDAP servers. Of course, we would need a way to convert from UW's mbox style to maildir format. All of this is possible; many people use sendmail to feed mail to Cyrus IMAP (and default configs for doing so are included with Cyrus IMAP), mail tagging can continue to be done by your MTA or some other process that sits in between the MTA and Cyrus IMAP, server side filtering is done via Sieve filters (which do not have all the flexibility of procmail, but are pretty useful nonetheless). I don't know why you think maildir format is relevant (see above); there is no direct filesystem conversion into Cyrus IMAP message store, it is always done via IMAP. Most people use a tool that's distributed with uw-imap to do this; you basically log in to your existing IMAP system and extract the messages, feeding them into Cyrus IMAP via IMAP as well. Can Cyrus work with procmail? It would be a lot more pain on our part to re-invent that portion of the entire process (the scripts, the customized web interface, etc). Not in the way you have been using it, no. You can certainly have global procmail filters that happen before sendmail sends the mail to Cyrus IMAP, but not per-user procmail filtering. Most people that implement Cyrus IMAP use some other form of web-based Sieve filter management (there are a few out there: websieve, Horde Ingo, avelsieve add-on for Squirrelmail, etc). --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Debugging Sieve scripts
Hello, I have a problem that periodically crops up, then usually goes away and I never get around to diagnosing the root cause of it. It seems to be triggered whenever I set a vacation/out of office message. When I enable a vacation message, messages that would normally be filed into folders start appearing in my INBOX. It becomes annoying quickly when you come back and have to sort through 300+ messages to find the things you want to see (other mail is list mail and system log messages). Normally, disabling the vacation notification solves the problem but this time it didn't. What I find even stranger is there appears to be no rhyme or reason for letting one message be filtered and another not. I'm getting a lot of virus notifications for the latest version of the Bagle worm. The majority of these are filed into my virus folder. A few end up in my INBOX. All should be caught by the same sieve script but aren't. Same with list mail and system log messages. The bulk are filtered properly but a few sneak through into my INBOX. The messages that come through appear to be identical in nature to the messages that are filed. It appears as if Sieve gets periodicaly overwhelmed, and just gives up on filtering for short periods of time. I haven't been able to rule out that there's a bug in the program that I use to generate the scripts (Ingo 1.0.1 from the Horde project). So I'm wondering if there is a way I can take a message that made it by Sieve, and somehow run Sieve in test mode, in much the same manner you can test ClamAV or SpammAssassin on a message and have it report back what the results are for a single message. I'd like to have it run through my sieve script, show me the matches and then tell me what it would have done with the message. Short of there being a bug in the script itself, does anyone else have any ideas why Sieve behaves erratically, apparently triggered by turning vacation notices on, and then will eventually clear itself up? Thanks, Kevin -- Kevin M. Myer Senior Systems Administrator Lancaster-Lebanon Intermediate Unit 13 (717) 560-6140 --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
sieve client with ssl/tls support?
Hi List- I'm looking for a sieve client like sieveshell but one that supports starttls for wrapping the entire data transfer session in ssl/tls encryption. Does anyone know of such a client (either CLI or other)? I've searched through the archives and found some discussions on patching timsieved itself to allow a sieves port but the conclusion was that this was a bad idea; better to patch some of the web-based sieve clients like websieve, smartsieve, and PEAR-Net_Sieve. Looking over these clients, it seems that PEAR-Net_Sieve supports some safe authentication mechanisms like CRAM-MD5 and DIGEST-MD5, but it does not seem to support ssl/tls. So again, does anyone know of such client software? Pointers? TIA. -Kevin http://www.gnosys.us --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
SEARCH with UW-IMAP and Cyrus-IMAP
Hi I have copied a folder full of messages from a UW-IMAP server to a Cyrus IMAP server. If I use search from my client (Thunderbird on Linux), I get different results for the same search against the folder on the 2 servers. I show the log of both sessiosn, (I checked by telnet bla 143 to verify it wasn't a client issue) What I am misunderstanding about the IMAP protocol here, or the Cyrus implementation, if anything? RFC 2060 + 3501 say: 6.4.4. SEARCH Command In all search keys that use strings, a message matches the key if the string is a substring of the field. The matching is case- insensitive. Note that my search string was oneforall and, as I see it, should only match one message (#215, returned by both servers). However the closely related string one for all appears in the other messages returned from cyrus-imap but not from uw-imap. Is it helpfully doing a fuzzy search for me? Is it allowed to do that without me asking? Cheers, Kevin telnet uw-imaphost 143 Trying 134.171.7.20... Connected to xxx.xxx.xxx.xxx (x.x.x.x). Escape character is '^]' 001 LOGIN me password 001 OK [CAPABILITY IMAP4REV1 LITERAL+ IDLE NAMESPACE MAILBOX-REFERRALS BINARY UNSELECT SCAN SORT THREAD=REFERENCES THREAD=ORDEREDSUBJECT MULTIAPPEND] User me authenticated 002 SELECT some_folder * 1153 EXISTS * 0 RECENT * OK [UIDVALIDITY 1059734472] UID validity status * OK [UIDNEXT 1589] Predicted next UID * FLAGS (\Answered \Flagged \Deleted \Draft \Seen) * OK [PERMANENTFLAGS (\* \Answered \Flagged \Deleted \Draft \Seen)] Permanent flags 002 OK [READ-WRITE] SELECT completed 003 SEARCH 1:* TEXT oneforall * SEARCH 215 003 OK SEARCH completed 004 LOGOUT * BYE xxx.xxx.xxx.xxx IMAP4rev1 server terminating connection 004 OK LOGOUT completed Connection closed by foreign host. telnet cyrus-imaphost 143 Trying x.x.x.x... Connected to xxx.xxx.xxx.xxx (x.x.x.x). Escape character is '^]'. * OK xxx.xxx.xxx Cyrus IMAP4 v2.2.10-Invoca-RPM-2.2.10-3.fc3 server ready 001 LOGIN me password 001 OK User logged in 002 SELECT some_folder * FLAGS (\Answered \Flagged \Draft \Deleted \Seen) * OK [PERMANENTFLAGS (\Answered \Flagged \Draft \Deleted \Seen \*)] * 1153 EXISTS * 0 RECENT * OK [UIDVALIDITY 1104914260] * OK [UIDNEXT 1154] 003 SEARCH 1:* TEXT oneforall * SEARCH 61 62 189 215 003 OK Completed (4 msgs in 0.110 secs) 004 LOGOUT * BYE LOGOUT received 004 OK Completed Connection closed by foreign host. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
quota strangeness
Hi My Crus IMAP server is running on Fedoar Core 3. rpm -q cyrus-imapd cyrus-imapd-2.2.10-3.fc3 I setup the accounts as follows using cyradm createmailbox user/kevin setquota user/kevin 999 listquota user/kevin quit And everything works well. Until it gets to a point where I get quota problems when attempting delivery (sendmail) RCPT To:kevin DATA 452 4.2.2 Over quota [EMAIL PROTECTED]... Deferred: 452 4.2.2 Over quota However at that point /usr/lib/cyrus-imapd/quota -f Quota % UsedUsed Root 999 18 1875665 user/kevin which seems to show I have lots of quota left. I changed the quota using cyradm setquota user/kevin and the error goes way, and quota now reports /usr/lib/cyrus-imapd/quota Quota % UsedUsed Root 1 1878084 user/kevin And I see df -lk /var/spool/imap/ Filesystem 1K-blocks Used Available Use% Mounted on /dev/hdb1 19550500 2231488 17319012 12% /var/spool/imap (basically there is only one user of mail in /var/spool/imap for now). Suggestions as to what might be wrong, and what I can do to fix it? Incidentally /var/spool/imap/ is a reiserfs filesystem, is there any special tuning or mount options that are highly recommended for IMAP performance reasons? Is there any reason to choose ext3 (or xfs/jfs/...) over reiserfs (with which I have always had good experiences with though YMMV). Cheers, Kevin --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: quota strangeness
Hi Jason Have you tried doing an lqr (listquotaroot) on user or user/kevin. You might have another quota defined higher up in the tree. I'm not sure if this would cause you problems, but it's a good place to look. Well, -- myhost listquotaroot user/kmaguire user/kmaguire STORAGE 2286186/ (2.28618602286186%) myhost listquotaroot user myhost listquotaroot user/* -- Note this is *after* I dumped up the quota considerably, by a factor of 10. Kevin --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: encoded packet size too big
On Wed, 2004-07-07 at 12:46 +0200, Jukka Salmi wrote: Rob Siemborski -- cyrus-sasl (2004-07-06 17:57:23 -0400): After talking with Sam Hartman, it became apparent that MIT gets the implementation of gss_wrap_size_limit right and Heimdal gets it oh...so...wrong. I've committed a patch that should make this work in both cases, however. I'm using Heimdal and the patch seems to work fine, at least it solved my original problem. Thanks a lot! Hi List- I just found this thread in the archive because I'm seeing the same problem (encoded packet size too big). I'm using MIT Kerberos 5 version 1.3.1 (I know that's a bit out of date, but it's a non-production environment), Cyrus SASL 2.1.19 and Cyrus IMAPd 2.2.7. My gssapi.c file in the sasl package is version 1.90. From the file head: 1 /* GSSAPI SASL plugin 2 * Leif Johansson 3 * Rob Siemborski (SASL v2 Conversion) 4 * $Id: gssapi.c,v 1.90 2004/07/06 21:55:47 rjs3 Exp $ I'm guessing that the patch mentioned at the top of this thread is already in this file (I don't see anything in my file remotely resembling what I see in bugzilla line 1419), as well as the one that apparently caused the broken behavior again, but Jukka Salmi reports his problem is solved (he's using Heimdal), but I still see this problem. Any advice? Should I upgrade MIT Kerberos or will that even have any effect on this? TIA. -- Kevin http://www.gnosys.us --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
IMAP works, POP doesn't. Why?
Hi List- First, thanks to whomever fixed anonymous access to the info-cyrus IMAP archive folder. I can now access the archive in my imap client (whereas I counldn't just a couple of days ago) and it's So much more convenient to review the archives this way than by a web page. Many thanks for that. My question is pretty much what I've written in the subject line. I'm using all the latest software (cyrus-imapd, cyrus-sasl, openldap) and I've used ldapdb.c distributed with OpenLDAP to implement a LDAP auxprop plugin for use with Cyrus. When I make a new account in the LDAP directory, then make a new cyrus imap account with cyradm, then use an IMAP client to authenticate (using DIGEST-MD5) to the LDAP directory and check mail in the cyrus imap account, everything works just fine---as expected. I can watch the authentication process taking place in the logs (with lots of LDAP activity), and authentication succeeds and I'm granted access to the imap folder (this is a virtual domain account created with cyradm cm [EMAIL PROTECTED]). However, when I remove the account parameters from the client configuration (I'm using Ximian Evolution) list (iow, delete the account from Evolution, leaving the server side untouched), then recreate the account (again in Evolution) with all the same settings except for using the POP protocol vice IMAP as the receive mail server type, I don't seem to be able to access the account. As with the Evolution IMAP account (which worked), I can watch the authentication process taking place in the LDAP logs, and apparently, according to slapd log entries, authentication succeeds, but then there is a final log entry: Oct 27 14:40:05 tombstone pop3[5760]: badlogin: localhost [127.0.0.1] DIGEST-MD5 authentication failure I also tried (and failed with same log entry) accessing the pop3 port using the other network interfaces, but ultimately, I'd like to have the pop3d listen only on the loopback interface. Thanks to Henrique's suggestion on Monday, I'm trying to use otrs (http://www.otrs.org) and all I'm really trying to do is be able to POP messages out of the account's imap folder into the otrs ticket queue using otrs's PostMasterPOP3.pl, but maybe I'm being silly thinking that one can POP any mail out of an IMAP account. It seems otrs is most well-suited to getting incoming mail into the ticket queue via the pop protocol. Does the pop3d in Cyrus look for a mbox style mail folder in /var/spool/mail or something (as opposed to the /var/spool/imap location)? Or is this not possible with virtual IMAP mailboxes? Perhaps I need to create a unix alias account (from postfix docs on virtual accounts) to use here? I've tried testing with pop3test and get the same results as with Evolution, except the output on the command line is simply: S: -ERR [AUTH] authenticating: authentication failure Authentication failed. generic failure Security strength factor: 128 Any tips would be most welcome. TIA. -- Kevin http://www.gnosys.us --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: IMAP works, POP doesn't. Why?
Nevermind... I was doing something really silly... -- Kevin http://www.gnosys.us --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Best way to implement helpdesk functionality?
Hi List- I'm running cyrus-imapd-2.2.8 and cyrus-sasl-2.1.19-r1 on an x86 Gentoo Linux box and trying to figure out the best way to implement some sort of helpdesk functionality. I have O'Reilly's book _Managing IMAP_ and it discusses both shared mailboxes and the bulletin board mailbox (owned by system but with access rights by several), but I'm not sure that either will do everything that I'd like. In particular, I'd like the following functionality: 1) email sent to [EMAIL PROTECTED] gets sent directly to some list of maybe 4-8 helpdesk users (cyrus mailboxes) for action by any one of them; 2) replies to any of those messages (the ones that were written To: [EMAIL PROTECTED]) from any of this list of 4-8 helpdesk users get sent to all of the helpdesk users (so that all of them know when a message has been replied to and needs no other action); 3) state of the mailbox preserved between access by different users (again, so that all of them can see what's been done already by someone else); 4) any of these replies (written by [EMAIL PROTECTED] or [EMAIL PROTECTED]) actually have (as From: fields) the original address [EMAIL PROTECTED] and no trace of the actual user's email address. Any suggestions on the best way to implement this sort of functionality? I'm sure that (1) could be done with the MTA (postfix-2.1.5). I'm not sure about (2)... would sieve accomplish that? Would that be the best way to do it? I know that (3) should be easy enough with a shared mailbox (not a bulletin board). But (4) looks like it's non-trivial---would sieve do this? Best choice to do it? Also, the ORA book (4 years old) mentions that group functionality is implemented with the authentication system (for unix authentication, the /etc/group file). Still true? I'm using a LDAP directory for authentication. Anything special I need to do with Cyrus to make it aware of group memberships in this case? I'm thinking the helpdesk functionality must be relatively common and so perhaps there is some feature that's been added in the last 4 years and is not mentioned in the book that would implement this in a very slick way. Also, I'm sure there must be several different ways to implement this functionality, say by allowing users who authenticate to be in the group helpdesk to be authorized to become the user helpdesk and handle it that way, without a shared mailbox per se. But I'm not sure how well certain clients (MS Outlook Express for example) support that sort of thing, and I'm trying to keep this solution as portable across IMAP clients as possible. I'd appreciate hearing thoughts on alternative methods to accomplish this functionality. Any ideas? What have other folks done? Is there a good reference for this subject? I've read my book, looked through the archives, and googled around, but haven't found anything really useful. Also, how do I configure my IMAP client to subscribe to the anonymous IMAP folder imap://cyrus.andrew.cmu.edu/archive.info-cyrus? Should I use a username of anonymous and no password? When I do, I get an IMAP folder, but it's not the list archive. When I use a username of archive.info-cyrus, I'm prompted for a password. I tried anonymous here, but no luck. Any hints? -- Kevin http://www.gnosys.us --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
deleting subfolders
I have a user that has several thousand subfolders. The structure looks something like this: localhost lm user/g/u-home-files/oops/* user/g/u-home-files/oops/user-aa1 (\HasNoChildren) . . . user/g/u-home-files/oops/user-zz9 (\HasNoChildren) BUT when I do an lm on the oops folder I get: localhost lm user/g/u-home-files/oops user/g/u-home-files/oops (\NonExistent \Noselect \HasChildren) Similarly doing an lm on u-home-files: localhost lm user/g/u-home-files user/g/u-home-files (\NonExistent \Noselect \HasChildren) I am able to delete folders using dm at tle lowest level of the tree (I've already set the acl permissions accordingly). However, when I try to delete the u-home-files folder I get: localhost dm user/g/u-home-files deletemailbox: Mailbox does not exist What am I doing wrong? How can I nuke this subtree? Thanks Kevin --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: OT: Cyrus-imap openssl and Outlook
Jim, On Tue, 2004-09-21 at 12:12, James Miller wrote: I'm having a tuff time with Outlook 2000 and openssl. Here's my situation: I have cyrus-imapd 2.2.8 w/TLS enabled. Basically I create my CA: openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 3650 -config ./openssl.cnf snip When I start Outlook and open up the imap mailbox I get the following message: The server you are connected to is using a security certificate that could not be verified. 0x800b010f Do you want to continue using this server? Y/N The 0x800b010f error seems to indicate that the common name in the server cert is not identical to the hostname but I'm sure that it is (commonName_default = mailbox.simutronics.com -- which is the FQDN of the server) Anyway, I choose yes and the imap mailbox opens fine, but, I would like to get rid of the annoying message and have Outlook trust the cert. I have no problems importing both the RootCA cert and the server cert as trusted root certificates but Outlook still complains: How did you import the cert for trust purposes? openssl x509 -in cacert.pem -out cacert.crt openssl x509 -in cyrus.pem -out cyrus.crt I've even tried creating the RootCA and Server certs with the same CN values ( mailbox.simutronics.com) and with different CN values (RootCA CN Mailbox Certificate Authority -- Server cert CN mailbox.simutronics.com). If there's any other info I can provide to help figure this out please let me know -- I've attached my openssl.cnf, RootCA and server cert as zip attachment if anyone cares to take a look. I might be guessing at the wrong problem here, but I'm pretty sure your issue has nothing to do with signing the certificate. When creating your own certificate (or CA), you will always get this pop up from Outlook (or Evolution). This is because you created it. I believe it's complaining that you (as a company) aren't trusted. There are two ways around this: 1. Buy a certificate from a TRUSTED authority, typically from Verisign or Thawte (Thawte is offering one at $159 I believe). 2. (haven't tried this but am told it works) Go into Internet Explorer, and in the properties for certificates you can add your company as trusted. Hope this helps, Kevin Williams --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: INBOX issue
On Thu, 2004-08-26 at 17:25, Chris wrote: Hi all, I'm sure this is been asked a bazillion times in various forms but I've tried everything and this is my last resort. ERROR: ERROR : Could not complete request. Query: SELECT INBOX Reason Given: Mailbox does not exist I've gone through all Squirrelmail configs over and over and am sure that is OK, so I'm left with IMAP. I've checked and triple checked permissions to the best that I understand they are to be. I just don't know what to do anymore, I've spent days on this and am fried. :) Here are my configs: Anyone have any suggestions, or see anything lame? I'm so frustrated I don't even know what to ask! :) Thanks for any assistance What was in your imap log file? There would be an entry in there if it made it that far. Also...shooting in the dark... How did you create your users in cyradm? Did you put the user. in front of the username? Kevin Williams Tarity www.tarity.com --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
RE: Newbie Cyrus IMAP on Fedora Core 2
On Tue, 2004-08-17 at 06:30, Sren Neigaard wrote: Hmmm I wonder if Im in over my head here... I found some RPM's for Fedora Core 2 (as the install from src seemed not to work) and installed those, now I have a imapd running as a cyrus user which I guess is good, and I also have cyradm tool installed, but still I have no idea what to do now, and worse I have no idea how to figure it out :( What I would like to do, is to get OpenGroupware to use Cyrus and sendmail, so I can use OpenGroupware to send/receive internal and external mail. So I wonder if OpenGroupware can manage the mailboxes for me, so all I now need is to setup OpenGroupware to work with Cyrus, and create users via OpenGroupware, or? Or do I need to manually create something, and how do I do it, and also how do I even test if my Cyrus installation is actually working? Soren, I'm in the process of implemented OpenGroupware now. OGO uses cyrus imap server (preferred, but another will work), along with an smtp server to integrate with their groupware server. You have to install and configure cyrus and your smtp server to get OGO to work. I'd strongly recommend against trying to skip the cyrus imap learning curve. It can be tough, but this list rocks--they've answered all my questions so far! As far as installing cyrus, if you have an imapd daemon running then I would say it's intalled. I would still read the cyrus imap documents regardless though--they cover a LOT of useful information including how to test and set up an installed application (imtest, etc) regardless of whether it's rpm or source. If you can't find it on your computer, just go to the website (http://asg.web.cmu.edu/cyrus/download/imapd/). Hope this Helps, Kevin Williams Tarity Technology Corp. http://www.tarity.com --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
email in spam folder
All, From monitoring the list I *thought* I could send an email in the following format [EMAIL PROTECTED] and it would go into the spam folder for testuser1. I just tried this though, and it didn't work. I'm still in the learning phase here, so is my assumption that the email should appear in the spam folder for testuser1 correct? If this assumption is correct, then why do I still receive email in my inbox instead of the spam folder? Thanks in advance! Kevin Williams --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: email in spam folder
On Mon, 2004-08-16 at 16:29, Ken Murchison wrote: Kevin Williams wrote: All, From monitoring the list I *thought* I could send an email in the following format [EMAIL PROTECTED] and it would go into the spam folder for testuser1. I just tried this though, and it didn't work. I'm still in the learning phase here, so is my assumption that the email should appear in the spam folder for testuser1 correct? If this assumption is correct, then why do I still receive email in my inbox instead of the spam folder? Give the 'anonymous' user the 'p' (post) right on the mailbox. Gee...that sure was an easy fix. Thanks! --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
can't see subfolder created in cyradm
All, I think I'm missing something REALLY obvious here. For some reason I can't see a subfolder (spam) I created using cyradm. I've set up cyrus imap and am accessing it via Evolution. I've created an account user.testuser1 and a subfolder user.testuser1.spam. When I logged into my email via evolution I only had access to the main folder though. I was able to create a subfolder in evolution called spam2 which showed up as user.testuser1.spam2 in cyradm. Here are some results from cryadm: server01.tarity.comlam user.testuser1* user.testuser1: testuser1 lrswipcda user.testuser1.spam: cyrus cd testuser1 lrswipcda user.testuser1.spam2: testuser1 lrswipcda AND server01.tarity.com lm user.testuser1 (\HasChildren) user.testuser1.spam (\HasNoChildren) user.testuser1.spam2 (\HasNoChildren) So why can't I see the spam folder in evolution? Thanks in advance, Kevin Williams --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: can't see subfolder created in cyradm
On Wed, 2004-08-11 at 11:57, Michael Loftis wrote: MAke sure you've subscribed that user to it. Evo only displays folders you've subscribed to. THANK YOU! I knew I was missing something obvious (didn't think it would be that though). I'll have to remember that little configuration item so I don't pound my head looking at the acl's in the future:) --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
[no subject]
Mathias, Hi, I'm just a beginner with cyrus-imap, working with Suse 9.1 in a small network with W2K and OL 2002 and OE 6. Using Google as much as I can the last few days, but there is not really much docu or HOWTO explaining the work together cyrus-IMAP - Outlook. (What is a INBOX, where and how can I store Sent Items on the server and so forth...) Has anybody a better link collection? Thank you Matthias Don't think of it as integrating Cyrus with Outlook. You're integrating a protocol (IMAP OR POP) with Outlook. All you do when adding the account (which you have to do for all email accounts) is specify the correct protocol and point it to your server (i.e. mail.domain.com). Outlook's help will inform you on how to connect to an IMAP or POP server. Now if you've done that, but are having issues with authentication, then that's a different issue. Additionally, you can configure where to store sent items (outlook defaults to local sent mail folders). I changed the default and stored them in my account's sent folder. HTH, Kevin Williams --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Newbie sieve problem w/sieveshell
On Tue, 2004-08-10 at 10:41, Rob Tanner wrote: --On Tuesday, August 10, 2004 10:23:16 AM -0700 Joakim Ryden [EMAIL PROTECTED] wrote: What do your logs say when you try it? --Jo Duh! I didn't even think to check there. Here are two examples, the sieveshell that fails followed by a smartsieve login that worked. In bothe cases I logged in (or tried to login in) as the same user. The one difference I note is that the failed login does not list the user name while the successful login does. Is that significant? Aug 10 10:33:11 belgarath sieve[6690]: badlogin: belgarath.linfield.edu[10.171.255.14] PLAIN authentication failure Aug 10 10:35:14 belgarath sieve[6737]: login: socrates.linfield.edu[10.171.255.11] rtanner PLAIN User logged in Looks to me like your underlying authentication layer is what's failing. What are you authenticating against? Can you provide the log file for that? --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
sasl/pam/ldap authentication process
All, I'm installing my first cyrus imap server that uses LDAP for authentication. I understand the sasldb2/auxprop mechanism all right, but am confused when it comes to saslauthd/PAM/LDAP. I'm want to use PLAIN over TLS against an LDAP server. Seems like there's a LOT of ways to do that (auxprop, sasl-ldap, and sasl-pam-ldap). All the different ways confuse me, and I want to clarify my options. Would someone please verify what I THINK is supposed to happen? 1. --imapd.conf file has NO sasl parameters. --imapd file in sasl2 folder has one paramter pwcheck_method:pam This option does NOT run against the saslauthd daemon. IMAP knows to use SASL, and checks for the sasl config file which says don't use SASL, forward to PAM directly. I have my PAM imap file configured to use LDAP (/etc/ldap.conf). 2. --imapd.conf file has sasl_pwcheck_method:pam This is the same as #1 3. --imapd.conf file has no sasl parameter. --imapd file is sasl2 folder has one parameter pwcheck_method:saslauthd This option tells the imapd to forward the parameters to the saslauthd daemon. When the sasl daemon is started, the desired login mechanism is passed as a parameter (saslauthd -a pam). I have my PAM imap file configured to use LDAP (/etc/ldap.conf) 4. --imapd.conf file has sasl_pwcheck_method:saslauthd Same as #3. 5. --imapd.conf file has no sasl parameter. --imapd file in sasl2 folder has one parameter pwcheck_method:ldap This is similar to PAM process (#1) imap looks up imapd file and determines it's pam and uses sasl to configure against pam. The saslauthd.conf file stores the ldap config information. 6. --imapd.conf file has sasl_pwcheck_method:ldap Same as 5. The saslauthd.conf file stores the ldap config information. 7. --imapd.conf file has no sasl parameter. --imapd file is sasl2 folder has one parameter pwcheck_method:saslauthd This option tells the imapd to forward the parameters to the saslauthd daemon. When the sasl daemon is started, the desired login mechanism is passed as a parameter (saslauthd -a ldap). The saslauthd daemon uses the /saslauthd.conf file to store it's ldap config information. 8. --imapd.conf file has sasl_pwcheck_method:saslauthd Same as #7. Another question: 1. Does cyradm authenticate against the imapd.conf authentication process, or do I have to use the sasldb2 database regardless? I'd like to keep all authentication in LDAP, but one user in the sasldb2 database wouldn't be too bad... Thanks in advance for clarifying this for me. Hopefully this can help others down the road as well! Kevin Williams --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Plus addressing with exim and lmtp socket
Hi, I use cyrus-imapd with exim. I deliver the mail from exim using the lmtpd unix socket. All mails arrive fine but even when i try to send a mail to a sub folder directly it ends in the users INBOX. I set the ACLs to the users mailboxes to cyrus all and anyone p. But the mails do end in the users INBOX. Here is my config: imapd.conf # $Header: /var/cvsroot/gentoo-x86/net-mail/cyrus-imapd/files/imapd.conf,v 1.4 2004/07/18 04:02:23 dragonheart Exp $ # Don't forget to use chattr +S (if you are using ext[23]) # when you change these directories (read the docs). configdirectory:/var/imap partition-default: /var/spool/imap sievedir: /var/imap/sieve tls_ca_path:/etc/ssl/certs tls_cert_file: /etc/ssl/cyrus/server.crt tls_key_file: /etc/ssl/cyrus/server.key # Don't use an everyday user as admin. admins: admin cyrus sasl_pwcheck_method:auxprop sasl_auxprop_plugin:sql sasl_sql_engine:mysql sasl_password_format: crypt sasl_mech_list: PLAIN sasl_auto_transition: no sasl_sql_hostnames: 127.0.0.1 sasl_sql_user: sasl_sql_passwd: sasl_sql_database: mail sasl_sql_statement: select password from users where username='%u' AND domainname='%r' hashimapspool: yes allowanonymouslogin:no allowplaintext: yes # Allow renaming of top-level mailboxes. #allowusermoves: yes # Use this if sieve-scripts could be in ~user/.sieve. #sieveusehomedir: yes virtdomains: yes defaultdomain: keine.de altnamespace: yes and the part from the exim config: local_delivery: driver = lmtp socket = /var/imap/socket/lmtp user = cyrus Maybe anyone has an idea why it does not work. Thanks for help in advance Greets Kevin Moschallski --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Convert from altnamespace and unixhierachy to normal format
Hi, i want to copy my mailboxes from a cyrus imapd 2.2.3 with altnamespace and unixhierachysep turned on to a cyrus imapd 2.2.3 with only virtdomains turned on and altnamespace and unixhierachysep both turned off. My question now is how to do this or if theres even a way to do it maybe a script or something, because i don't know how to copy the mailboxes by hand. Thanks for help in advance. Greets Kevin Moschallski --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: High availability ... again
Fair enough ;) So what would it cost to have this feature implemented? Specifically adding the application level redundancy patch that was submitted. I think it is certainly worth discussion if nothing else to see if it is something we, people interested, might collectively be able to pay for. Actually a pretty interesting topic... maybe more suited for a general Slashdot thread. Paying for open source dev.. I think there was something on that recently. Kevin On Tue, 6 Jul 2004, Kevin Baker wrote: How would we indicate our interest to the development team? How are updates and future development project priorities decided? Several methods.. Supplied patches often get a high priority (though not in this case, since we have a patch that is very complicated and not easy to apply since it is based off of different implementations of the expunge code that is in the 2.3 CVS). Quite honestly, development priorities are most often (Though not always) set around what CMU needs most at the time. Sort of selfish, but very true. Things like virtual domains got implemented because Ken was bored though. Another way to indicate your interest is with a hefty donation to CMU, of course :) -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: High availability ... again
The cyrus/replication would be amazing. Application level replication seems to be the best option if the setup is straight forward. How would we indicate our interest to the development team? How are updates and future development project priorities decided? Kevin Hi, Etienne Goyer wrote: Regarding IMAP replication, I have not found much but the work of David Carter at http://www-uxsup.csx.cam.ac.uk/~dpc22/cyrus/replication.html seem interesting. As far as I can tell, source to this implementation and current status are not available. Does somebody on the list use this solution or a similar one and could comment and the practicality of it ? Perhap M. Carter (if you read the list) could give us a status update for his particuliar project ? Interesting: this seems to do exacly what I was looking for earlier, and what many people do now with rsync or unison kind of things. I see that The code has however been submitted back to the Cyrus maintainers. - as far as I'm concerned it would be a valuable addition to cyrus! (Or any other good (uni or bidirectional) software spool replication ;-)) Paul --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: High availability ... again
Etienne Goyer wrote: On a similar note, RedHat have apparently bought Sistina, and GPLed GFS. This is great news for HA under Linux, IMHO. I will be testing it soon. Well, on their site is it listed as open source, but it is not on sources.redhat.com (where LVM2 and device-mapper landed when they bought Sistina). In addition, it appears to only be available as part of RHEL, which is quite expensive. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: High availability ... again
Norman Zhang wrote: I think you can get it here, http://sources.redhat.com/cluster/gfs/ Yes, thanks. When I looked at the sources page I was looking for GFS directly, not a cluster subproject. This page appears to have everything needed to use GFS. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: High availability ... again
David, This is exactly what I had in mind. Could you maybe give a quick overview of how you have the replication and failover setup; specifically application level replication vs block While the idea of a standby server that uses block level replication seems very great, if possible I'd like to have the reliability while still being able to use both machines. Is it something like this: - Server A - active accounts 1-100 - replicate accounts 101-200 from Server B - Server B - active accounts 101-200 - replicate accounts 1-100 from Server A If B goes down, A takes over the accounts it had replicated from B. Thanks, On Tue, 22 Jun 2004, Etienne Goyer wrote: Does somebody on the list use this solution or a similar one and could comment and the practicality of it ? Perhap M. Carter (if you read the list) could give us a status update for his particuliar project ? There's really not a whole lot to say. We've been using the code on our main 32k user mail system since about this time last year for data migration, fast incremental backup to a tape spooling system, and rolling replication for live updates. We also used the replication system to migrate from a UW based system to Cyrus. We have 16 small Linux servers running as 8 pairs. All the systems are live Cyrus servers, half the accounts on each system are replica versions. One of the 16 had a hardware fault a couple of weeks back and noone has moaned at me after we switched to the replica which is always a good sign. From my perspective the advantage of application level replication over block level replication like DRDB is flexibility. Read/write access to both master and replica systems can be useful: we maintain databases of MD5 checksums for all the messages and cache entries on each server. Its also rather cute to run PINE against both master and replica version of a given mailbox and watch the replica play follow my leader :). -- David Carter Email: [EMAIL PROTECTED] University Computing Service,Phone: (01223) 334502 New Museums Site, Pembroke Street, Fax: (01223) 334679 Cambridge UK. CB2 3QH. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: High availability ... again
Thanks... I'm familiar with what it is... I'm not familiar with how to setup application level replication with Cyrus. MySQL/LDAP NP... I've looked through the docs/archives and haven't found anything... Murder seems more focused on partitioning. --On Wednesday, June 23, 2004 11:48 -0700 Kevin Baker [EMAIL PROTECTED] wrote: David, This is exactly what I had in mind. Could you maybe give a quick overview of how you have the replication and failover setup; specifically application level replication vs block application lvel means exactly that. The actual program/server software involved does it's own replication. Like Oracle RAC or MySQL replication. block level means soemthing at the disk I/O layer does it all, without the app's knowledge. While the idea of a standby server that uses block level replication seems very great, if possible I'd like to have the reliability while still being able to use both machines. Is it something like this: - Server A - active accounts 1-100 - replicate accounts 101-200 from Server B - Server B - active accounts 101-200 - replicate accounts 1-100 from Server A If B goes down, A takes over the accounts it had replicated from B. Thanks, On Tue, 22 Jun 2004, Etienne Goyer wrote: Does somebody on the list use this solution or a similar one and could comment and the practicality of it ? Perhap M. Carter (if you read the list) could give us a status update for his particuliar project ? There's really not a whole lot to say. We've been using the code on our main 32k user mail system since about this time last year for data migration, fast incremental backup to a tape spooling system, and rolling replication for live updates. We also used the replication system to migrate from a UW based system to Cyrus. We have 16 small Linux servers running as 8 pairs. All the systems are live Cyrus servers, half the accounts on each system are replica versions. One of the 16 had a hardware fault a couple of weeks back and noone has moaned at me after we switched to the replica which is always a good sign. From my perspective the advantage of application level replication over block level replication like DRDB is flexibility. Read/write access to both master and replica systems can be useful: we maintain databases of MD5 checksums for all the messages and cache entries on each server. Its also rather cute to run PINE against both master and replica version of a given mailbox and watch the replica play follow my leader :). -- David Carter Email: [EMAIL PROTECTED] University Computing Service,Phone: (01223) 334502 New Museums Site, Pembroke Street, Fax: (01223) 334679 Cambridge UK. CB2 3QH. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -- Undocumented Features quote of the moment... It's not the one bullet with your name on it that you have to worry about; it's the twenty thousand-odd rounds labeled `occupant.' --Murphy's Laws of Combat --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus backup procedure?
I need to setup a backup process for our Cyrus install. Searched the archives and googled, but can't seem to find a list of the specific files to backup. I'm assuming, but wasn't sure: - entire /var/cyrus dir, /var/imap in my case - all of my conf files Also I am to restore, I'm assuming I would copy these files to a restored system, and run reconstruct -m. Is this right? Thanks, Kevin --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus-imapd 2.1.15 and DB 4.1.25 problems
We have a similiar configuration: - cyrus-imapd-2.1.15 - db-4.0.14 - 500+ users We were having very similiar issues. For us it turned out to be issues with the Cryus deliver program. Our configuration set the mail transport as cyrus. We changed to use lmtp and all our problems went away, completely. Lmtp is is a message transport service. It is much more efficient than the deliver program. I would suggest making the same change if you are currently using deliver. Are you using postfix? If your are, check /etc/postfix/main.cf for the mailbox_transport setting. If it is cyrus you are using the deliver program not the lmtpd service. -Kevin Hi We run a 100 user imapd server (cyrus 2.1.15 and db 4.1.25) which is having a huge amount of problems with the delivery and tls databases (both in Berkeley DB) becoming corrupted and killing the mail server. I have searched the mail list and it appears that this is not an uncommon problem with solutions being down grade DB version to some thing prior to 4.1.25 or use skiplist. Anyway we have had so much fun we are building a new server with cyrus-imapd 4.2.5. At the moment I am trying to figure out if I just give up on Berkeley and use skiplist for delivery and tls databases or try Berkeley DB 4.2.52. With 100 users we are not talking a heavy load so the performance advantages of BDB over skiplist would not be massive. I guess I would be interested if anyone has had problems with cyrus-imapd and BDB 4.2.52. Also if anyone has done any bench marking on the effect of skiplist vs bdb in real world mail serving. Cheers Matt Cocker --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Unable to get SASL working correctly
I feel like I am going around in circles with LDAP and SASL! This stuff is not as much fun as the travel brochure said it would be :-) Here is what I have: - Fedora Core 2 - OpenLDAP (from rpm) - openldap-servers-2.1.29-1 - openldap-devel-2.1.29-1 - openldap-clients-2.1.29-1 - openldap-2.1.29-1 - SASL (from rpm) - cyrus-sasl-devel-2.1.18-2 - cyrus-sasl-plain-2.1.18-2 - cyrus-sasl-2.1.18-2 - cyrus-sasl-md5-2.1.18-2 - Other Software (from rpm) - postfix-2.0.18-4 - courier-imap-3.0.4.20040524-1.2 - squirrelmail-1.4.2-3 - nss_ldap-217-1 What I am doing now: I have postfix operating on two servers, one as local delivery, and the other in a backup MX role. The PADL tools are being used to pull accounts from my LDAP server, and present them as local accounts # getent passwd kevin kevin:x:999:999:Kevin Fries:/home/kevin:/bin/bash No problem. Postfix, Courier, vsFTP, Squirrelmail, SAMBA, etc pick up the local accounts and authenticate everyone via PAM. Here is what I am trying to do: I would prefer to remove the PADL libraries and have each of these programs authenticate directly against the LDAP information in a sealed system (no system accounts). I figured the first step towards this was to work over my mail and IMAP servers. Courier is causing me all kinds of headaches, and I would love to dump it for Cyrus IMAP. But in order to do that, I need to have Cyrus-SASL authenticating to my user accounts in LDAP first. However, I can not even get saslauthd to work correctly! when I use testsaslauthd to validate an account, here is the results: # testsaslauthd -u kevin -p sanitized 0: NO authentication failed A check of the error logs, displays: do_auth : auth failure: [user=kevin] [service=imap] [realm=] [mech=ldap] [reason=Unknown] reason=Unknown, well at least the error message is clear, lol Needless to say, the basic ldap tools don't work right without the -x (send in plain text) which I am trying to avoid. # ldapsearch uid=kevin ldap_sasl_interactive_bind_s: No such object (32) I am not trying to get cute here. I just want OpenLDAP to store all my user data, and SASL to authenticate against it. Once that is in place, it open a new set of options such as SMTP-AUTH for the Postfix server (hopefully against CRAM-MD5 or some other highly encrypted mechanism) and Cyrus IMAP. But, until I can get the simple working, the more complex is simply out of the question. Can anyone point me in the right direction. Some documentation, or How-to that does not include Kerberos (yeah found lots of those) and is discussing the direction I am trying to go? Here are my conf files: # cat /etc/sysconfig/saslauthd SOCKETDIR=/var/run/saslauthd MECH=ldap FLAGS= # cat /etc/saslauthd.conf ldap_servers: ldap://127.0.0.1 ldap_bind_dn: cn=manager,dc=example,dc=com ldap_bind_ps: privledged # cat /etc/openldap/slapd.conf include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema include /etc/openldap/schema/pureftpd.schema include /etc/openldap/schema/postfix.schema include /etc/openldap/schema/mozillaAbPersonObsolete.schema include /etc/openldap/schema/qmail.schema defaultsearchbase dc=example,dc=com access to dn=.*,dc=example,dc=com attr=userPassword by dn=cn=Manager,dc=example,dc=com write by self write by * auth access to dn=.*,dc=example,dc=com attr=mail by dn=cn=Manager,dc=example,dc=com write by self write by * read access to dn=.*,ou=People,dc=example,dc=com by * read access to dn=.*,dc=example,dc=com by self write by * read databaseldbm dbcachesize 200 suffix dc=example,dc=com rootdn cn=Manager,dc=example,dc=com rootpw privledged directory /var/lib/ldap index objectClass eq index cn pres,sub,eq index sn pres,sub,eq index uid pres,sub,eq index displayName pres,sub,eq index uidNumbereq index gidNumbereq index memberUideq index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq index default sub index mailAlternateAddress eq index mail sub,eq index givenNamesub,eq # cat /etc/ldap.conf host 127.0.0.1 base dc=example,dc=com rootbinddn cn=manager,dc=example,dc=com scope sub pam_filter objectclass=posixaccount ssl no pam_password md5 -- Kevin Fries Network Administrator Hydrologic Consultants, Inc of Colorado (303) 969-8033FAX: (303) 969-8357 --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
Re: global seive script
Do you have the global figured out this would be great! Is there a way I can patch that extension from the cvs into the stable that I am currently using? Thanks, Jason Jacobsen Desktop Support Analyst Great Plains Locating Service Office: (402) 778-3025 Cell: (402) 960-3656 - Original Message - From: Ken Murchison [EMAIL PROTECTED] To: Jason Jacobsen [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, June 09, 2004 3:08 PM Subject: Re: global seive script Jason Jacobsen wrote: I was wondering what the status is on the feature mentioned in this thread. http://www.mail-archive.com/[EMAIL PROTECTED]/msg17588.html Nothing had changed since the cited thread. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: global seive script
Do you have the global figured out this would be great! Is there a way I can patch that extension from the cvs into the stable that I am currently using? Thanks, Jason Jacobsen Desktop Support Analyst Great Plains Locating Service Office: (402) 778-3025 Cell: (402) 960-3656 - Original Message - From: Ken Murchison [EMAIL PROTECTED] To: Jason Jacobsen [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, June 09, 2004 3:08 PM Subject: Re: global seive script Jason Jacobsen wrote: I was wondering what the status is on the feature mentioned in this thread. http://www.mail-archive.com/[EMAIL PROTECTED]/msg17588.html Nothing had changed since the cited thread. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: global seive script
NP... that would be great. It would be pretty easy to modify some existing utils to handle the script upload. Or just do it by hand. So... is the patch available or should I wait for the CVS commit? Thanks, Kevin Kevin Baker wrote: Do you have the global figured out this would be great! https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=1147 This patch will look up global scripts, but you have to install them by hand. Neither the MANAGESIEVE protocol nor timsieved have been modified to handle global scripts. Is there a way I can patch that extension from the cvs into the stable that I am currently using? Thanks, Jason Jacobsen Desktop Support Analyst Great Plains Locating Service Office: (402) 778-3025 Cell: (402) 960-3656 - Original Message - From: Ken Murchison [EMAIL PROTECTED] To: Jason Jacobsen [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, June 09, 2004 3:08 PM Subject: Re: global seive script Jason Jacobsen wrote: I was wondering what the status is on the feature mentioned in this thread. http://www.mail-archive.com/[EMAIL PROTECTED]/msg17588.html Nothing had changed since the cited thread. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus Lmtp vs Deliver
Just posting this for a heads up. Not a question, just info. We just switched from Cyrus deliver to LMTP transport. from: mail_transport=cyrus to: mail_transport=lmtp Once we reached about 600 user we were having problems with: - corrupt mailboxes (needed to be reconstructed) - cyrus deliver program freezing (no new messages) We switched to use LMTP for the Postfix transport. All of our problems went away and the system performance has improved noticeably. Unfortunately, I never located the specific issues that were causing our problems. This did fix it though. I thought this might be helpful for others searching the archives. Just use lmtp -Kevin --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus HA Scalable Solution? Rsync
Thanks for you reply Jason. Have you had any instances where you have needed the failover? Are you using IP takeover to the synced mailstore or just using the rsync as a backup solution? Rsync makes sense to me, but when I posted a few people seems to say DRBD was a better way to go. I think I'm going to look into this too. Thanks again. -Kevin On 4:39:45 pm 05/25/04 Kevin Baker [EMAIL PROTECTED] wrote: We are testing a number of email configurations for a 10,000+ user-base. Was hoping to get some thoughts on below: - Postfix - Cyrus-SASL - Mysql Auth We will likely start with 3 frontend servers and 3 backend servers. Replicate MySQL across all servers auth, maildrop routing. We were thinking of doing some sort of rysync of the imap mailstore across the backend servers. Then Heartbeat on the backend servers with IP takeover to handle failover. The hope is that if a server goes down the mailstore will be sync'ed up on the server that takes over. Thought? This is obviously just a sketch... but I haven't seen a this done before as far as the failover solution with rsync and thought it might work pretty well. I have been doing this with an 18 gig mailstore that uses maildirs. After the first sync I can run rsync every 5 minutes and it only takes 35-40 seconds to complete, even if I move/delete a few thousand messages at a time. \__ Jason Munro \__ [EMAIL PROTECTED] \__ http://hastymail.sourceforge.net/ --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: efficiency drops when user exceed 5000+?
I am a newby to, but learning. Couple things. what partition? file system.. This was likely referring to user partitioning. As your user base increases an alternative to beefing up your server, is to add addition machines to handle the load and partition the users. Basically setting up maildrops so each mail server handles a set of users. In your case maybe two machine split the alphabet in two. -Kevin Zitat von Zhang Weiwu [EMAIL PROTECTED]: Hello. I have cyrus imapd runing now on my server. Today I heard people say when the user number exceed 5000+ the cyrus proformance drops in the way that unless many partitions ware made (what partition? file system partition?) to share the load. I'm pretty newbie on mail server administration, should I start to do something in case my user number grow over 5000+? I'm running a dual-processor Xeon server with IDE soft RAID10 discs. Get real discs. IDE is bad for small random accessed files and soft RAID don't make them better. Be sure to use a filesystem capable of managing a lot of files or hash the imapspool. Have a look at your memory stats. Swapping will kill all performance. This said there is no drop in efficiency but some point at which your hardware is not able to keep up. But it depends on what your users are doing and not only on the user-count. Regards Andreas --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus Lmtp vs Deliver
On the real scsi hard RAID, I agree but... For those of us currently using Managed hosting, IDE drives might be the only option up front. While hardware RAID and SCSI are with out a doubt *much* better... the following makes sense to me: - IDE soft RAID server handles 3000 users NP - it slows at 5000 users - why not partition to a second server to keep load down? - if it was fine with 3000 users it stands to reason that this would be fine partitioned. - Aren't 2 cheap serv's w/ HA better than one better server as a single point of failure? Again I'm new at this... as the user base and budget grows I'm all about zippy'r servers. However up front we could grab a couple 80GB sRAID 1.5GB RAM machines for only $300 a month. While a single 73SCSI RAID w/ less ram is around $500/m. With 2 cheaper machines I can have HA/Failover. So, I'm sure there's holes in it... I just want to get this out there. I'm guessing there are alot of people in a similiar situation, using *cheap* managed hosting due to budget constraints. -Kevin Just posting this for a heads up. Not a question, just info. We just switched from Cyrus deliver to LMTP transport. from: mail_transport=cyrus to: mail_transport=lmtp Once we reached about 600 user we were having problems with: - corrupt mailboxes (needed to be reconstructed) - cyrus deliver program freezing (no new messages) We switched to use LMTP for the Postfix transport. All of our problems went away and the system performance has improved noticeably. Unfortunately, I never located the specific issues that were causing our problems. This did fix it though. I thought this might be helpful for others searching the archives. Just use lmtp -Kevin --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: global seive script
What about procmail? Doesn't it have a global script feature? We've been using sieve, and have some funky scripts to keep add our global rules to all the accounts. I'd much rather have the global script though. -Kevin Jason Jacobsen wrote: I was wondering what the status is on the feature mentioned in this thread. http://www.mail-archive.com/[EMAIL PROTECTED]/msg17588.html Nothing had changed since the cited thread. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Moving to a sealed system - Looking for a How-To
My current configuration is as follows: - RedHat 7.2 - OpenLDAP 2.0.27 - Qmail 1.0.3 - Currier IMAP 1.7.3 - PureFTPD 1.0.15 - Apache 1.3.27 While this setup works fairly well, I have had more than just a few non-trivial problems with it. With RedHat's support ending as of the first of the year, I have been forced to use alternative repositories (the ones from Fedora Legacy) to keep my system up to date. I am now planning on making a major update, and placing everything under RPM and package management. At the same time, I would like to seal this system, and stop using system accounts for the end users. My current setup pulls system accounts from LDAP via nssldap and pamldap. I would like to have my email upgraded, my IMAP upgraded, add a few services like smtp-auth via CRAM-MD5, while at the same time stopping the use of system accounts. Instead, I would like the server software to pull the account and AAA information directly from LDAP. My new desired configuration: - Fedora Core 2 w/2.6.5 kernel - OpenLDAP 2.1.29 - Postfix 2.0.18 - Cyrus SASL 2.1.18 - Cyrus IMAP 2.2.3 - ProFTPd 1.2.9 - Apache 2.0.49 Needless to say, this is not a trivial upgrade, so I need to make sure that I have all my documentation lined up, read twice, and fully understood before I even start. I have searched the CMU website and the documentation is way old. There seems to be patches for Cyrus IMAP 1.x to handle LDAP, but no mention of 2.x. Is it built in, or can 2.x handle LDAP? Is there any documentation or HOWTOs that will assist me in this migration? Especially (thus the message to this mail group) with the Currier = Cyrus SASL/IMAP translation and the adding of CRAM-MD5 for SMTP-AUTH using Postfix? Thanks in advance for any help. -- Kevin Fries Network Administrator Hydrologic Consultants, Inc of Colorado (303) 969-8033FAX: (303) 969-8357 --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
/var/imap/socket/lmtp set back to root?
I finally got postfix+cyrus working through lmtpd!! However, now whenever I restart cyrus the /var/imap/socket/lmtp gets set back to root:root Which causes the Permission Denied problems. I can set it back to cyrus:mail each time, but would like to correct this issue. Any ideas? Thanks, Kevin --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus not accepting message. lmtpd?
I have been having recurring problems with our email system. I am almost certain that it is an issue with Cyrus. Sorry for the long message, just thought it would be good to get it all in at once. We are using the below configuration. CONFIGURATION: Red Hat 9 cyrus-imapd-2.1.15 cyrus-sasl-2.1.15 postfix-2.0.16 openldap-2.0.27 FACTS: ASSUMPTIONS - Users are able to send: postfix is ok - Users are able to login: openldap and cyrus-sasl ok - Users can view existing messages: cyrus sort of working - Users do not receive email : something with cyrus or possibly the lmtpd service - When I restart cyrus and postfix flush message everything is fine. : postfix was not able to talk to cyrus but the : restart corrected it. : Also the flush does push all deferred email through so postfix had it. - If I postfix flush before a Cryus restart nothing happens. Its only after the Cyrus restart that a flush works and email starts coming through. - This seems to be happpening everyday. - It seem strange that they can login and read existing mail but not receive new mail. QUESTIONS - Has anyone seen this before? - Is this a known issue with my conf? - What should I look for in the maillog to troubleshoot this? Thanks tons, - Kevin --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Corrupt inbox, related to size?
I had to reconstruct my first cyrus user inbox today. I have to say it makes me a bit nervous. We are running Postfix+Cyrus+LDAP with about 500 user, pretty good traffic, on 512Ram Raid1. This particular user had about 1000 messages in her inbox. It was fine after I ran reconstruct, but this is very inconvient as I need to take down cyrus during the process. Does anyone have ideas as to what would cause this. Could it be related to the number of messages in her inbox? Thanks, Kevin --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Corrupt inbox, related to size?
How about this. I found out that the previous administrator was restarting Cyrus and Flushing Postfix every couple hours as Cyrus seemed to be having problems with hanging. A sneaky hidden cron... So I will look into this... but If the user happened to be accessing Cyrus when the server was bounced could this corrupt the mailbox. That is great to know about not restarting Cyrus.. I was just following a man of mine. I guess I'm curious how it would handle receiving a message while reconstructing. Configuration (previous request) - RH9 - Cyrus 2.1.15 - Postfix 2.0.16 - OpenLDAP 2.0.27 On Wed, 2004-05-26 at 12:23, Kevin Baker wrote: I had to reconstruct my first cyrus user inbox today. I have to say it makes me a bit nervous. We are running Postfix+Cyrus+LDAP with about 500 user, pretty good traffic, on 512Ram Raid1. This particular user had about 1000 messages in her inbox. It was fine after I ran reconstruct, but this is very inconvient as I need to take down cyrus during the process. Does anyone have ideas as to what would cause this. Could it be related to the number of messages in her inbox? Not likely... I've seen this from time to time with ever version of Cyrus that I've used. The only common thread that I've observed has been that the mailboxes that need a reconstruct always seem to be accessed via POP. And in most cases a check with the user has revealed that his/her client aborted, was killed or they rebooted the system because something was hung, misbehaving, etc. Oh yeah, so far it has always been a windows user. Go figure... In the general case it isn't necessary to take the Cyrus server down just to reconstruct a single mailbox, I don't and nothing bad has ever happened. -- The instructions said to use Windows 98 or better, so I installed RedHat. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Corrupt inbox, related to size?
Thank yeah.. I'm taking down this cron. --On Wednesday, May 26, 2004 18:13 -0700 Kevin Baker [EMAIL PROTECTED] wrote: How about this. I found out that the previous administrator was restarting Cyrus and Flushing Postfix every couple hours as Cyrus seemed to be having problems with hanging. A sneaky hidden cron... God that'd cause corruption heh. No need to restart it like that. And oyu said there were no crons! ;) Need to check your logs :) So I will look into this... but If the user happened to be accessing Cyrus when the server was bounced could this corrupt the mailbox. That is great to know about not restarting Cyrus.. I was just following a man of mine. I guess I'm curious how it would handle receiving a message while reconstructing. E_TEMPFAIL/RC=75/4xx depending on what layer you're talking about. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus HA Scalable Solution? Rsync
We are testing a number of email configurations for a 10,000+ user-base. Was hoping to get some thoughts on below: - Postfix - Cyrus-SASL - Mysql Auth We will likely start with 3 frontend servers and 3 backend servers. Replicate MySQL across all servers auth, maildrop routing. We were thinking of doing some sort of rysync of the imap mailstore across the backend servers. Then Heartbeat on the backend servers with IP takeover to handle failover. The hope is that if a server goes down the mailstore will be sync'ed up on the server that takes over. Thought? This is obviously just a sketch... but I haven't seen a this done before as far as the failover solution with rsync and thought it might work pretty well. Kevin --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus HA Scalable Solution? Rsync
So I'm guessing I should look into the DRBD then. http://www.drbd.org) It's in the archive: http://www.mail-archive.com/[EMAIL PROTECTED]/msg18820.html Other than that I can't think of how to handle the fail-over. --On Tuesday, May 25, 2004 14:39 -0700 Kevin Baker [EMAIL PROTECTED] wrote: Thought? This is obviously just a sketch... but I haven't seen a this done before as far as the failover solution with rsync and thought it might work pretty well. rsync sucks for large numbers of files/directories. It has to build an in-memory tree before it even starts syncing. what would be 'nice' to see is something built inside of cyrus to handle multiple backends but that's a pretty complicated bit of beast. (no i'm not volunteering ;) ) -- GPG/PGP -- 0xE736BD7E 5144 6A2D 977A 6651 DFBE 1462 E351 88B9 E736 BD7E --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html