Re: cyrus-imapd not starting after upgrade
Hi Daniel, Sorry for my late response. I was very busy and did not check the mailinglist. Op 12-02-19 om 14:29 schreef Daniel Bareiro: > > On 8/2/19 16:46, Paul van der Vlis wrote: > >>> After quite some time, today I decided to update the mail server from >>> Debian Jessie (cyrus-imapd 2.4.17) to Debian Stretch (cyrus-imapd 2.5.10-3). > >> Hello Daniel, > > Hello, Paul. > >> I use cyrus-imapd 2.5.10-3 from Debian stable on serveral machines and I >> can tell you that it gives much TLS problems. >> >> What I do is this using a cronjob every night, and after rebooting: >> >> service cyrus-imapd stop >> mv /var/lib/cyrus/tls_sessions.db /var/lib/cyrus/tls_sessions.db-weg >> touch /var/lib/cyrus/tls_sessions.db >> chown cyrus:mail /var/lib/cyrus/tls_sessions.db >> service cyrus-imapd start >> >> >> But it takes sometimes 30 minutes before I see "imapd" in "ps aux" again. >> >> It seems to be better to use the patches from upstream, to backport the >> version in testing, or to use 2.5.12 from the Debian salsa git repo. >> >> In a few days Cyrus 3.0.8 will be in unstable/testing it's autobuilding >> at the moment. > > Thank you for sharing this. I don't remember seeing errors with TLS in > the syslog. Could you share some syslog entries to check? From what I > see, for some reason you create a new tls_sessions.db file. The point is, that the processes are not closed correctly. So you get more and more processes. After some time the maxclient variabele in /etc/cyrus.conf is too low, and you will have a problem. > Have you opened a bug in Debian BTS about this? There is a bug about it when I remember well, but not from me. > The problem that I am observing after the update is the following at the > time of trying to deliver each mail: > > -- > [/var/run/cyrus/socket/lmtp]: Permission denied > -- > > The delivery is normalized after executing this command: > > -- > # dpkg-statoverride --force --update --add cyrus lmtp 750 > /var/run/cyrus/socket > -- This is what I do too, but only once. > But I have noticed that after doing a reboot I have this problem again. > Any idea what could be a definitive solution? I did not see this behaviour. What still saw was that Cyrus did not start after a reboot. What I had to do for systemd was this: update-rc.d cyrus-imapd enable Cyrus-imapd 3.0.8 is Debian testing now. I've tested it and I do not see problems anymore: https://packages.debian.org/cyrus-imapd With regards, Paul van der Vlis > Kind regards, > Daniel > > > > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Cyrus IMAP in the next Debian
Op 11-02-19 om 10:45 schreef Lars Schimmer: > On 2/8/19 6:39 PM, Paul van der Vlis wrote: >> In some time it will be in Debian unstable and a few days later in >> testing. https://packages.debian.org/search?keywords=cyrus-imapd > > Hip Hip Hooray! > Thanks to all involved. > Will test as soon as I got time. I have installed it, and my first impression is that everything works fine! With regards, Paul van der Vlis -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ signature.asc Description: OpenPGP digital signature Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Cyrus IMAP in the next Debian
Op 08-02-19 om 22:49 schreef Jason L Tibbitts III: >>>>>> "PV" == Paul van der Vlis writes: > > PV> Somebody has packaged Cyrus version 3.08, but there are problems > PV> with some of the Cassandane tests. > > It may be useful to see how Fedora handles Cassandane as part of its > build process. I did a lot of work to get things functioning and get > patches pushed back upstream to make it easier to run Cassandane as part > of our package build process. A fair bit of work to get things working > better on our less-common architectures is also in there. > > That said, we do still have to disable a few Cassandane tests for > various reasons. The Fedora specfile > (https://src.fedoraproject.org/rpms/cyrus-imapd/raw/master/f/cyrus-imapd.spec) > has explanations and information about each disabled test. Search for > "Run the Cassandane test suite". Thanks for your help. I have forwarded the information. > PV> I think it would be good if there would be more contact between the > PV> Cyrus Debian developers and the Cyrus IMAP community. > > I have always find the Cyrus developers to be helpful. Nobody had to > put me in contact with them; I just filed tickets and asked questions > here and on IRC. I meaned the other side around. If people from the list would like to help the Debian developpers to get a good working Cyrus in Debian. But it lookes-like there will come an 3.0.8 in Debian, it is in "unstable" now. Bye, Paul -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyrus-imapd not starting after upgrade
Op 15-01-19 om 17:33 schreef Daniel Bareiro: > Hi all! > > After quite some time, today I decided to update the mail server from > Debian Jessie (cyrus-imapd 2.4.17) to Debian Stretch (cyrus-imapd 2.5.10-3). Hello Daniel, I use cyrus-imapd 2.5.10-3 from Debian stable on serveral machines and I can tell you that it gives much TLS problems. What I do is this using a cronjob every night, and after rebooting: service cyrus-imapd stop mv /var/lib/cyrus/tls_sessions.db /var/lib/cyrus/tls_sessions.db-weg touch /var/lib/cyrus/tls_sessions.db chown cyrus:mail /var/lib/cyrus/tls_sessions.db service cyrus-imapd start But it takes sometimes 30 minutes before I see "imapd" in "ps aux" again. It seems to be better to use the patches from upstream, to backport the version in testing, or to use 2.5.12 from the Debian salsa git repo. In a few days Cyrus 3.0.8 will be in unstable/testing it's autobuilding at the moment. Bye, Paul van der Vlis -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Cyrus IMAP in the next Debian
Op 08-02-19 om 11:48 schreef Paul van der Vlis: > Hello, > > The freeze for the next version of Debian is in the next week. > > Somebody has packaged Cyrus version 3.08, but there are problems with > some of the Cassandane tests. > > When my information is up-to-date, Debian 10 will ship with Cyrus IMAP > 2.5.11, with security support for 5 years. Many other distro's like > Ubuntu are distributing this package too. I've heard Ondřej Surý has corrected and uploaded Cyrus Imap 3.0.8 to Debian unstable now, great! The packaging was done by Anthony Prade. It's in the Debian autobuilder system now: https://buildd.debian.org/status/package.php?p=cyrus-imapd&suite=sid In some time it will be in Debian unstable and a few days later in testing. https://packages.debian.org/search?keywords=cyrus-imapd Ondřej is still asking for testers. It is still possible to make changes after the freeze next week. The stable release will be in a few months. The git is here: https://salsa.debian.org/debian/cyrus-imapd With regards, Paul van der Vlis -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Cyrus IMAP in the next Debian
Hello, The freeze for the next version of Debian is in the next week. Somebody has packaged Cyrus version 3.08, but there are problems with some of the Cassandane tests. When my information is up-to-date, Debian 10 will ship with Cyrus IMAP 2.5.11, with security support for 5 years. Many other distro's like Ubuntu are distributing this package too. As a sysadmin, I don't like running programs from other sources then from my distro. I like the integration and the extra checks. I think it would be good if there would be more contact between the Cyrus Debian developers and the Cyrus IMAP community. If somebody here is interested, I would like to make contact. In Debian you have also "backports", it would be possible to make a backport with a newer version. But this never happened in the past for Cyrus IMAP. With regards, Paul van der Vlis -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Slow start of imap service
Op 01-10-18 om 10:32 schreef Paul van der Vlis: > Op 01-10-18 om 05:13 schreef ellie timoney: >> On Mon, Oct 1, 2018, at 12:32 PM, ellie timoney wrote: >>> You could use the tls_sessions_db_path imapd.conf(5) option to put this >>> database onto faster storage? >>> >>>> tls_sessions_db_path: >>>> The absolute path to the TLS sessions db file. If not >>>> specified, will be >>>> configdirectory/tls_sessions.db >>> >>> If you have the RAM for it, you should be able to put tls_sessions.db on >>> a tmpfs filesystem. This database is only a cache, so nothing valuable >>> will be lost if the machine is rebooted; and as a cache, it benefits >>> from being on the fastest storage you have available. :) >> >> Buuut, note that there's a bug in current releases of 2.5 where tls_prune >> will fail if the tls_sessions.db doesn't exist, preventing the server >> starting up. This will occur after ever reboot if you put this database on >> ephemeral storage! You can work around this by having your service init >> script touch the file before running master. > > When I understand you well, I could also remove the database and create > an empty file before starting. As a work-arround. I do this now, and restarting takes now 2-3 minutes. So much better. But I will also investigatie for faster storage or tmpfs. With regards, Paul van der Vlis -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Slow start of imap service
Op 01-10-18 om 05:13 schreef ellie timoney: > On Mon, Oct 1, 2018, at 12:32 PM, ellie timoney wrote: >> You could use the tls_sessions_db_path imapd.conf(5) option to put this >> database onto faster storage? >> >>> tls_sessions_db_path: >>> The absolute path to the TLS sessions db file. If not >>> specified, will be >>> configdirectory/tls_sessions.db >> >> If you have the RAM for it, you should be able to put tls_sessions.db on >> a tmpfs filesystem. This database is only a cache, so nothing valuable >> will be lost if the machine is rebooted; and as a cache, it benefits >> from being on the fastest storage you have available. :) > > Buuut, note that there's a bug in current releases of 2.5 where tls_prune > will fail if the tls_sessions.db doesn't exist, preventing the server > starting up. This will occur after ever reboot if you put this database on > ephemeral storage! You can work around this by having your service init > script touch the file before running master. When I understand you well, I could also remove the database and create an empty file before starting. As a work-arround. > The real fix for this is already in git, so it will be included in 2.5.12, > which will hopefully be out this week! My problem is that I use the version in Debian, what is not good maintained at the moment. Cyrus-imap is removed from Debian testing last year. This means that when nobody cares, Cyrus will not be in the next Debian version. And also not in many other Linux distro's like Ubuntu. The freeze is in Januar/Februar. https://tracker.debian.org/news/859151/cyrus-imapd-removed-from-testing/ https://tracker.debian.org/pkg/cyrus-imapd https://release.debian.org/#release-dates You will say: use the upstream version. But sorry, I have to worry about many programs. My choice at the moment is to use software what's in Debian. I am using Cyrus imap about 17 years now, but it's possible I even have to switch to something else for this reason. Much thanks for your support! With regards, Paul > Cheers, > > ellie > > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Slow start of imap service
Op 01-10-18 om 04:32 schreef ellie timoney: > > > On Sat, Sep 29, 2018, at 8:59 AM, Paul van der Vlis wrote: >> Op 28-09-18 om 15:34 schreef Michael Menge: >>> >>> Quoting Paul van der Vlis : >>> >>>> Hello, >>>> >>>> I am using Cyrus-imapd from Debian stable (2.5.10-3), and starting up >>>> takes very long. I see processes starting, but no imapd. >>>> >>>> In most cases I restart Cyrus more then ones before it works. Not sure I >>>> have to wait longer, or restarting after some time helps. >>>> >>>> This problem occurs on only one machine, on two other less busy machine >>>> with the same Cyrus I don't have problems. >>>> >>>> Maybe somebody here knows more about what could be wrong? Or how to >>>> debug this? >>>> >>> >>> >>> What is cyrus logging to your logfiles when you restart? >> >> In my crontab I have this line: >> 00 4 * * * root /usr/sbin/service cyrus-imapd restart >> >> First I see many of this lines in /var/log/mail.log: >> Sep 25 04:00:01 sigmund cyrus/imap[21598]: graceful shutdown >> >> Then I see this between those lines this: >> - >> Sep 25 04:00:02 sigmund cyrus/idled[5844]: graceful shutdown initiated >> by unexpected process 5838 (/usr/sbin/cyrmaster -l 32 -C /etc/imapd.conf >> -M /etc/cyrus.conf) >> Sep 25 04:00:02 sigmund cyrus/imaps[16434]: IDLE: error sending message >> DONE to idled for mailbox user.nospam.Junk: Connection refused. >> - >> >> This line: >> Sep 25 04:00:02 sigmund cyrus/master[5838]: process type:SERVICE >> name:notify path:/usr/lib/cyrus/bin/notifyd age:85080.426s pid:6024 >> exited, status 75 >> >> Many of these lines: >> Sep 25 04:00:02 sigmund cyrus/master[5838]: process type:SERVICE >> name:imap path:/usr/lib/cyrus/bin/imapd age:85073.234s pid:6027 exited, >> status 75 >> >> Then this: >> >> Sep 25 04:00:05 sigmund cyrus/ctl_cyrusdb[21829]: skiplist: clean >> shutdown file missing, updating recovery stamp >> Sep 25 04:00:05 sigmund cyrus/ctl_cyrusdb[21829]: recovering cyrus databases >> Sep 25 04:00:05 sigmund cyrus/ctl_cyrusdb[21829]: done recovering cyrus >> databases >> Sep 25 04:00:05 sigmund cyrus/cyr_expire[21834]: skiplist: recovered >> /var/lib/cyrus/deliver.db (9290 records, 1759220 bytes) in 0 seconds >> Sep 25 04:00:05 sigmund cyrus/cyr_expire[21834]: skiplist: checkpointed >> /var/lib/cyrus/deliver.db (9290 records, 1412288 bytes) in 0.227 sec >> Sep 25 04:00:19 sigmund cyrus/cyr_expire[21834]: Expired 0 and expunged >> 0 out of 1312483 messages from 2984 mailboxes >> Sep 25 04:00:19 sigmund cyrus/cyr_expire[21834]: duplicate_prune: >> pruning back 3.00 days >> Sep 25 04:00:30 sigmund cyrus/cyr_expire[21834]: skiplist: longlock >> /var/lib/cyrus/deliver.db for 1.8 seconds >> Sep 25 04:00:33 sigmund cyrus/cyr_expire[21834]: skiplist: longlock >> /var/lib/cyrus/deliver.db for 2.2 seconds >> Sep 25 04:00:39 sigmund cyrus/cyr_expire[21834]: skiplist: longlock >> /var/lib/cyrus/deliver.db for 1.3 seconds >> Sep 25 04:05:36 sigmund cyrus/cyr_expire[21834]: duplicate_prune: purged >> 2217 out of 9290 entries >> Sep 25 04:05:36 sigmund cyrus/tls_prune[21860]: skiplist: recovered >> /var/lib/cyrus/tls_sessions.db (10219 records, 2235748 bytes) in 0 seconds >> Sep 25 04:05:36 sigmund cyrus/tls_prune[21860]: skiplist: checkpointed >> /var/lib/cyrus/tls_sessions.db (10219 records, 2147768 bytes) in 0.308 sec >> Sep 25 04:09:47 sigmund cyrus/tls_prune[21860]: skiplist: longlock >> /var/lib/cyrus/tls_sessions.db for 1.4 seconds >> Sep 25 04:10:23 sigmund cyrus/tls_prune[21860]: skiplist: longlock >> /var/lib/cyrus/tls_sessions.db for 2.2 seconds >> Sep 25 04:10:45 sigmund cyrus/tls_prune[21860]: skiplist: longlock >> /var/lib/cyrus/tls_sessions.db for 2.2 seconds >> Sep 25 04:12:21 sigmund cyrus/tls_prune[21860]: skiplist: longlock >> /var/lib/cyrus/tls_sessions.db for 1.3 seconds >> Sep 25 04:12:47 sigmund cyrus/tls_prune[21860]: skiplist: longlock >> /var/lib/cyrus/tls_sessions.db for 1.0 seconds >> Sep 25 04:12:49 sigmund cyrus/tls_prune[21860]: skiplist: longlock >> /var/lib/cyrus/tls_sessions.db for 1.8 seconds >> Sep 25 04:17:33 sigmund cyrus/tls_prune[21860]: skiplist: longlock >> /var/lib/cyrus/tls_sessions.db for 1.0 seconds >> Sep 25 04:23:11 sigmund cyrus/tls_prune[21860]: skiplist: longlock >> /var/lib/cyrus/tls_sessions.db for 1.0 seconds >> Sep 25 04:25:31 sigmund cyrus/tls_pru
Re: cyradm problem
Op 15-09-18 om 08:25 schreef bluntroller via Info-cyrus:
> Day,
> I totally dislike it but I need help here.
> I have postfix installed, up and running as a MTA.
> I have saslauthd installed up and running and an authentication server.
> I use the auxprop-sasldb2 alternative as a user/password database (and
> thought this were the easiest way to get it all up before turning to the
> mysql option, automating procedures, php-scripting etc)
> I can do remote-logins into my server via sasl authentication.
> I can do remote-logings into my (imaps) server with the aid of TLS
> Certificates only.
> I do not use the POP3 protocol at all.
> I do not use unsecured connections at all.
> Everything goes over TLS/sasl authentication/authorization.
>
> However...
> If it comes to testsaslauthd, imtest or cyradm I can't connect to
> localhost.localdomain (via SSH) on my remote server or get a '*can't
> connect to server*' (cyradm) reply.
Not sure what you mean with "with ssh". What I do is log into the
machine with ssh, and then:
cyradm -u cyrus localhost
testsaslauthd -u paul -p xx -f /var/spool/postfix/var/run/saslauthd/mux
> I'm pretty sure it's a simple configuration problem or misunderstanding
> of the stack at all but I am stuck finding the needle in the haystack.
> It's probably a SSH problem but I am not sure.
> Inside SSH I use a certificate-based authentication too with root-logins
> not allowed ('without password')
>
> Any help is very appreciated.
Hope it helps!
With regards,
Paul
--
Paul van der Vlis Linux systeembeheer Groningen
https://www.vandervlis.nl/
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Slow start of imap service
Op 28-09-18 om 15:34 schreef Michael Menge: > > Quoting Paul van der Vlis : > >> Hello, >> >> I am using Cyrus-imapd from Debian stable (2.5.10-3), and starting up >> takes very long. I see processes starting, but no imapd. >> >> In most cases I restart Cyrus more then ones before it works. Not sure I >> have to wait longer, or restarting after some time helps. >> >> This problem occurs on only one machine, on two other less busy machine >> with the same Cyrus I don't have problems. >> >> Maybe somebody here knows more about what could be wrong? Or how to >> debug this? >> > > > What is cyrus logging to your logfiles when you restart? In my crontab I have this line: 00 4 * * * root /usr/sbin/service cyrus-imapd restart First I see many of this lines in /var/log/mail.log: Sep 25 04:00:01 sigmund cyrus/imap[21598]: graceful shutdown Then I see this between those lines this: - Sep 25 04:00:02 sigmund cyrus/idled[5844]: graceful shutdown initiated by unexpected process 5838 (/usr/sbin/cyrmaster -l 32 -C /etc/imapd.conf -M /etc/cyrus.conf) Sep 25 04:00:02 sigmund cyrus/imaps[16434]: IDLE: error sending message DONE to idled for mailbox user.nospam.Junk: Connection refused. - This line: Sep 25 04:00:02 sigmund cyrus/master[5838]: process type:SERVICE name:notify path:/usr/lib/cyrus/bin/notifyd age:85080.426s pid:6024 exited, status 75 Many of these lines: Sep 25 04:00:02 sigmund cyrus/master[5838]: process type:SERVICE name:imap path:/usr/lib/cyrus/bin/imapd age:85073.234s pid:6027 exited, status 75 Then this: Sep 25 04:00:05 sigmund cyrus/ctl_cyrusdb[21829]: skiplist: clean shutdown file missing, updating recovery stamp Sep 25 04:00:05 sigmund cyrus/ctl_cyrusdb[21829]: recovering cyrus databases Sep 25 04:00:05 sigmund cyrus/ctl_cyrusdb[21829]: done recovering cyrus databases Sep 25 04:00:05 sigmund cyrus/cyr_expire[21834]: skiplist: recovered /var/lib/cyrus/deliver.db (9290 records, 1759220 bytes) in 0 seconds Sep 25 04:00:05 sigmund cyrus/cyr_expire[21834]: skiplist: checkpointed /var/lib/cyrus/deliver.db (9290 records, 1412288 bytes) in 0.227 sec Sep 25 04:00:19 sigmund cyrus/cyr_expire[21834]: Expired 0 and expunged 0 out of 1312483 messages from 2984 mailboxes Sep 25 04:00:19 sigmund cyrus/cyr_expire[21834]: duplicate_prune: pruning back 3.00 days Sep 25 04:00:30 sigmund cyrus/cyr_expire[21834]: skiplist: longlock /var/lib/cyrus/deliver.db for 1.8 seconds Sep 25 04:00:33 sigmund cyrus/cyr_expire[21834]: skiplist: longlock /var/lib/cyrus/deliver.db for 2.2 seconds Sep 25 04:00:39 sigmund cyrus/cyr_expire[21834]: skiplist: longlock /var/lib/cyrus/deliver.db for 1.3 seconds Sep 25 04:05:36 sigmund cyrus/cyr_expire[21834]: duplicate_prune: purged 2217 out of 9290 entries Sep 25 04:05:36 sigmund cyrus/tls_prune[21860]: skiplist: recovered /var/lib/cyrus/tls_sessions.db (10219 records, 2235748 bytes) in 0 seconds Sep 25 04:05:36 sigmund cyrus/tls_prune[21860]: skiplist: checkpointed /var/lib/cyrus/tls_sessions.db (10219 records, 2147768 bytes) in 0.308 sec Sep 25 04:09:47 sigmund cyrus/tls_prune[21860]: skiplist: longlock /var/lib/cyrus/tls_sessions.db for 1.4 seconds Sep 25 04:10:23 sigmund cyrus/tls_prune[21860]: skiplist: longlock /var/lib/cyrus/tls_sessions.db for 2.2 seconds Sep 25 04:10:45 sigmund cyrus/tls_prune[21860]: skiplist: longlock /var/lib/cyrus/tls_sessions.db for 2.2 seconds Sep 25 04:12:21 sigmund cyrus/tls_prune[21860]: skiplist: longlock /var/lib/cyrus/tls_sessions.db for 1.3 seconds Sep 25 04:12:47 sigmund cyrus/tls_prune[21860]: skiplist: longlock /var/lib/cyrus/tls_sessions.db for 1.0 seconds Sep 25 04:12:49 sigmund cyrus/tls_prune[21860]: skiplist: longlock /var/lib/cyrus/tls_sessions.db for 1.8 seconds Sep 25 04:17:33 sigmund cyrus/tls_prune[21860]: skiplist: longlock /var/lib/cyrus/tls_sessions.db for 1.0 seconds Sep 25 04:23:11 sigmund cyrus/tls_prune[21860]: skiplist: longlock /var/lib/cyrus/tls_sessions.db for 1.0 seconds Sep 25 04:25:31 sigmund cyrus/tls_prune[21860]: tls_prune: purged 4463 out of 10219 entries Sep 25 04:25:31 sigmund cyrus/master[21826]: unable to setsocketopt(IP_TOS) service lmtpunix/unix: Operation not supported Sep 25 04:25:31 sigmund cyrus/master[21826]: unable to setsocketopt(IP_TOS) service notify/unix: Operation not supported Sep 25 04:25:31 sigmund cyrus/ctl_cyrusdb[22345]: checkpointing cyrus databases Sep 25 04:25:31 sigmund cyrus/ctl_cyrusdb[22345]: done checkpointing cyrus databases Sep 25 04:25:32 sigmund cyrus/imaps[22349]: inittls: Loading hard-coded DH parameters Sep 25 04:25:33 sigmund cyrus/imaps[22349]: starttls: TLSv1.2 with cipher ECDHE-RSA-AES128-SHA (128/128 bits new) no authentication Sep 25 04:26:20 sigmund cyrus/imap[22362]: inittls: Loading hard-coded DH parameters Sep 25 04:26:20 sigmund cyrus/imap[22363]: inittls: Loading hard-coded DH parameters - So you can see imap is active after 25 minutes.
Slow start of imap service
Hello, I am using Cyrus-imapd from Debian stable (2.5.10-3), and starting up takes very long. I see processes starting, but no imapd. In most cases I restart Cyrus more then ones before it works. Not sure I have to wait longer, or restarting after some time helps. This problem occurs on only one machine, on two other less busy machine with the same Cyrus I don't have problems. Maybe somebody here knows more about what could be wrong? Or how to debug this? (Cyrus-imapd from Debian has some problems, for this reason I restart the service every night using a crontab.) With regards, Paul van der Vlis -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: XLIST, special-use mailboxes
Op 15-06-18 om 06:44 schreef Anatoli: > Paul, > > To add on top of what Bron said, xlist was removed in 2.5 but added as a > (somewhat?) new implementation in 3.0, so you should install the newest > version of Cyrus to take advantage of this feature. I am using Cyrus 2.5.10, and I prefer using the Debian packages. There is no 3.0 version in Debian at the moment. So xlist is removed in 2.5, and the new implementation is not there? So no support in Cyrus 2.5.10. > In 3.0 xlist is part of autocreate functionality, i.e. an appropriate > flag is set on each newly created folder once a new mailbox is created > (AFAIK, it won't work on existing folders). When I understand it well, this is only used while autocreating and not for excisting folders. And customers can change this themselve in some clients. I am using Sogo webmail, and it lookslike it can change the special-use of a folder. >> What about client-support? Is it much used in clients? > > From my experience, it's rather well supported. Some clients from time > to time (depending on the vendors, versions, locales, etc.) fail to > apply these flags to some of the folders, but most of the time it's very > useful. Thanks for your help. With regards, Paul van der Vlis -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
XLIST, special-use mailboxes
Hello, Does Cyrus IMAP support RFC 6154 about special-use mailboxes? https://tools.ietf.org/html/rfc6154 I read that it only wass supported in Cyrus version 2.4 ? I am using version 2.5.10 (from Debian 9). Can I put this in imapd.conf for all users? xlist-archive: Archives xlist-drafts: Drafts xlist-sent: Sent xlist-spam: Spam xlist-trash: Trash Is it only used on new created folders or always? Do I need "specialusealways: 1" or something like that? What about client-support? Is it much used in clients? With regards, Paul van der Vlis -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Why Cyrus?
Op 17-01-18 om 12:33 schreef Sebastian Hagedorn: > Hi, > >> A new customer asks me to build a new mailserver environment with >> Dovecot. I normally use Cyrus. >> >> My question: What's better in Cyrus? > > I thought the plan was to answer that question on the website, but I > guess that hasn't happened yet – at least I couldn't find anything. > > I'd say it's the better choice for large-scale deployments with tens and > hundreds of thousands of users. I understand, but in my case it's less big. I guess 5000-7000 mailboxes. But, it's always nice if you can bring down machines without the whole service is down. Not sure Dovecot can do that, I will have to study that. With regards, Paul van der Vlis -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Why Cyrus?
Hello, A new customer asks me to build a new mailserver environment with Dovecot. I normally use Cyrus. My question: What's better in Cyrus? I use Cyrus because Dovecot did not excist at the time I wanted to go away from Washington IMAP. An important reason to stay with Cyrus is this mailing list with good support, and because I know Cyrus. With regards, Paul van der Vlis -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: install certificate how to
Op 30-11-17 om 13:42 schreef Nikos Gatsis - Qbit: > Hello list > I have a mailserver which serve about 40 virutal domains and many users > per domain using cyrus-imapd-2.4.17-13.el7.x86_64 and > sendmail-8.14.7-5.el7.x86_64. > How can I install a certificate per domain? Is that possible? > > Now I use what cyrus manual suggest: > > imapd.conf: > ... > tls_cert_file: /var/lib/imap/server.pem > tls_key_file: /var/lib/imap/server.pem > 3tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem > tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt > ... I think it's possible to use a Let's encrypt certificate with many names in one certificate. But I have not tried it. The maximum is 100 domains. With regards, Paul vand er Vlis -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Cyrus stopped logging!
Hello, I see that Cyrus-imapd stopped logging. In /var/log/mail.log.0 I see messages from Cyrus, but not in /var/log/mail.log . So maybe it has something to do with syslog? I've restarted Cyrus en rsyslog, but it does not help, strange! Any idea how to debug this? With regards, Paul van der Vlis -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Restart after new TLS certificate?
Op 27-10-17 om 13:03 schreef Patrick Boutilier: > On 10/27/2017 07:51 AM, Paul van der Vlis wrote: >> Hello, >> >> I use now a certificate from LetsEncrypt and it is automatically >> renewed. Needs Cyrus to be restarted before it sees the new certificate? >> >> There is nothing changed in the configfile. The configfile points to an >> symlink what changes to a new certificate. >> >> And maybe you know a way how to test which certifate Cyrus uses? > > Pretty sure Cyrus will just start using the new certificate. Yes, but I would prefer not to restart ;-) I know other applications like Postfix and Apache don't need a restart when the certificate is installed some days before they expire. Because they refresh the certicate. > Using openssl to test is one way. > > openssl s_client -connect : > > Look in the output for the issuer, etc... Hmm, this does not work. Maybe because I use STARTTLS? This works: openssl s_client -starttls -connect imap mail.vandervlis.nl:143 With regards, Paul van der Vlis > Another option is to use this script: > > https://matteocorti.github.io/check_ssl_cert/ > > > >> >> With regards, >> Paul van der Vlis >> >> > > > > > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Restart after new TLS certificate?
Hello, I use now a certificate from LetsEncrypt and it is automatically renewed. Needs Cyrus to be restarted before it sees the new certificate? There is nothing changed in the configfile. The configfile points to an symlink what changes to a new certificate. And maybe you know a way how to test which certifate Cyrus uses? With regards, Paul van der Vlis -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Migrate users
Op 26-07-17 om 12:34 schreef Simon Wilson: > > I've now completed my cutover to the new server, and have answered some > of my own questions > >> Following on from my question on enabling squatter on my new install... >> >> I have upgraded from Cyrus 2.3.7 on a CentOS 5 server to 2.4.17. on a >> new CentOS 7 server. I've not yet migrated the users (only 6 x users). >> They are both VMs on the same host, and at migration point I can >> simply bring up the new server with the drive from the old Cyrus VM >> that has the Cyrus partition on it, so new Cyrus will be able to 'see' >> the mailboxes without having to do rsync or anything like that. >> >> I've tested the new Cyrus server and it all appears to be functioning >> - listening on correct ports / sockets, delivering mail etc. >> >> So my questions: >> >> 1. Is 2.4.17 compatible with the mailboxes transferred from the old >> Cyrus 2.3.7 server? >> > > I rsync'ed the entire partition structure across from the 2.3.7 server > to the 2.4.17 server, along with the /var/lib/imap folder, and started > cyrus-imapd - to see if it would work. The service started, and > immediately started running through all of the mailboxes, updating > indexes, e.g.: > > squatter[10495]: Index upgrade: user.simon.Saved Emails (9 -> 12) > > I was then able to log in to IMAP and everything was there, so I'm > assuming we're all good. > >> 2. Assuming it is? Once the new Cyrus can see the mailboxes, will a >> reconstruct be needed to have new Cyrus able to see the full mailbox >> structure? If so with what flags to rebuild out all sub-mailboxes? >> Will it retain 'seen' / replied flags and ACLs? > > I ran a basic reconstruct, but it did not appear to have needed it. All > flags and ACLs appear to be fine. > >> >> 3. Do I need to do anything with the contents of /var/lib/imap/ on the >> old server for retention on the new server? > > I rsync'ed it across and started the new server with the old mailbox > databases, and it appears to be OK. > >> >> 4. Will I need to rebuild quotas once new Cyrus can see the mailboxes? > > I had to rebuild a couple of the quotas that were appearing wrong. > >> >> 5. What is the best way to migrate sieve scripts? These are NOT on the >> drive to be moved to the new server, so will need to be migrated >> manually from /var/lib/imap/sieve etc... As a test I did a manual copy >> to the new server of a sieve script, set permissions and soft links, >> and it appears to work - is that the best way? > > Sieve scripts came over with the /var/lib/imap folder, and apart from it > now listening on 4190 instead of 2000 (which had me for a few minutes) > all is not working fine with sieve. > >> >> Thanks in anticipation of assistance :) >> >> Simon. >> >> -- >> Simon Wilson > > > Only one issue that I am having with the new 2.4.17 install. > > I use unixhierarchysep: 1 and have a couple of users with a "." in their > name, e.g. deb.tony. The cyrus folder on the partition for them is > deb^tony, although they appear in cyradm etc as deb.tony. > > They auth OK to the system through Horde, which authenticates them to > LDAP and IMAP. Log entry showing the Horde server logging them in: > > imap[28530]: login: emp06.simonandkate.lan [192.168.1.230] deb.tony > PLAIN+TLS User logged in SESSIONID= > > Then I get a log entry with them as deb^tony: > > imap[28530]: USAGE deb^tony user: 0.006688 sys: 0.004995 > > But nslcd triggers errors every 10 to 15 minutes: > > Jul 26 13:11:53 emp07 nslcd[922]: [c5eb19] request > denied by validnames option > Jul 26 13:11:53 emp07 nslcd[922]: [fb6a0e] > request denied by validnames option > > IMAP is the only thing I know on the system that uses "deb^tony", so I > was wondering why I'm getting the errors? > > The user can logon ok (always through Horde's IMAP connection), use, > send emails ok... > > I changed the validnames regex in nslcd to accept a ^ but I assume > that's just hiding the problem, not fixing it. There is nothing in my > LDAP logs that indicates any failure. > > Any thoughts? So far I know is nslcd something from Samba: https://wiki.samba.org/index.php/Nslcd With regards, Paul van der Vlis -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: No cleaning-up processes?
Op 30-08-17 om 12:56 schreef Paul van der Vlis: > Hello, > > I am testing Cyrus Imapd 2.5.10 from Debian stable. What I see is that > the imapd processes become more and more overtime untill they reach the > maxchild value, and then there is a problem. I see this with "ps aux | > grep imapd". > > The server is only used by a few devices. > > Maybe I miss something in cleaning-up processes?? Ah, it seems to be a bug in Cyrus: https://github.com/cyrusimap/cyrus-imapd/issues/1599 With regards, Paul van der Vlis -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: No cleaning-up processes?
Op 30-08-17 om 21:08 schreef Paul Dekkers: > I stumbled upon this, with Jessie (Debian 8) and compiled 2.5.x (not > from a package). Processes didn't quit when sessions were long gone. I > "solved" it by putting nginx as imap-proxy in front of Cyrus. (My > suspicion was that it had something to do with SSL, but I had no time to > debug further.) Interesting, so it seems not to be Debian-specific. With regards, Paul van der Vlis -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: No cleaning-up processes?
Op 30-08-17 om 18:50 schreef Johan Hattne: > >> On Aug 30, 2017, at 06:56, Paul van der Vlis wrote: >> >> Hello, >> >> I am testing Cyrus Imapd 2.5.10 from Debian stable. What I see is that >> the imapd processes become more and more overtime untill they reach the >> maxchild value, and then there is a problem. I see this with "ps aux | >> grep imapd". >> >> The server is only used by a few devices. >> >> Maybe I miss something in cleaning-up processes?? > > I cannot reproduce this. I did > > # while true; do pgrep imapd | wc -l ; sleep 60; done > 7 > 7 > 4 > 4 > 4 > 4 > 4 > 6 > 6 > 6 > > and so on. I’d be happy to share my configuration files off-list, if you > think that might be of any help. Hmm, not sure. Sometimes it goes down with me too: --- server:~# while true; do pgrep imapd | wc -l ; sleep 60; done 125 126 126 125 125 125 126 --- There are only 5 devices connected, so this are too many processes. And it become more and more, this afternoon it where 73. Maybe somebody here knows more. Do you also use Cyrus Imapd 2.5.10 from Debian stable? I have many machines with an older version of Cyrus Imapd who are running without problems. With regards, Paul van der Vlis -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
No cleaning-up processes?
Hello, I am testing Cyrus Imapd 2.5.10 from Debian stable. What I see is that the imapd processes become more and more overtime untill they reach the maxchild value, and then there is a problem. I see this with "ps aux | grep imapd". The server is only used by a few devices. Maybe I miss something in cleaning-up processes?? With regards, Paul van der Vlis -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
IMAP readonly?
Hello, During a migration I would like to have Cyrus IMAP active, but in a read-only state. Is there an easy way to realize this on all mailboxes? With regards, Paul van der Vlis -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Negotiation failed with Ipad after upgrade
Op 14-06-17 om 00:49 schreef Johan Hattne: > >> On Jun 13, 2017, at 15:42, Paul van der Vlis wrote: >> >> Hello, >> >> I have upgraded a server from version 2.4.17 to 2.5.10 (Debian >> packages), and now an Ipad does not work anymore. The error is something >> like: >> >> Jun 13 21:18:18 hostname cyrus/imap[10664]: STARTTLS negotiation failed: >> host.domain.nl [1.2.3.4] >> >> No problem with Thunderbird and Android devices, they work fine. >> >> I've also tested imaps, but the same problem there. >> >> In imapd.conf I have this setting: >> tls_ciphers: TLSv1.2:+TLSv1:+HIGH:!aNULL:@STRENGTH >> >> In the old version I had this setting: >> tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH >> >> What will be wrong? > > Could it be this? > > https://github.com/cyrusimap/cyrus-imapd/issues/1872 > > I saw that predominately from Apple portable devices with the Debian testing > packages. It is possible, but not sure it's the same. What helps is using the old setting in imapd.conf: tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH With regards, Paul van der Vlis -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Negotiation failed with Ipad after upgrade
Hello, I have upgraded a server from version 2.4.17 to 2.5.10 (Debian packages), and now an Ipad does not work anymore. The error is something like: Jun 13 21:18:18 hostname cyrus/imap[10664]: STARTTLS negotiation failed: host.domain.nl [1.2.3.4] No problem with Thunderbird and Android devices, they work fine. I've also tested imaps, but the same problem there. In imapd.conf I have this setting: tls_ciphers: TLSv1.2:+TLSv1:+HIGH:!aNULL:@STRENGTH In the old version I had this setting: tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH What will be wrong? With regards, Paul van der Vlis -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Excisting idle connections and changing password
Op 23-02-17 om 00:34 schreef Jason Englander: > See the /var/imap/proc section in doc/install-perf.html under your > 2.4.17 source, if you have it. > > With default settings, you should be able to cat one of the files in > /var/imap/proc, find which user it is in there, and the filename the > user appears in is the pid of the process. Thanks! In Debian the default is /run/cyrus/proc/ You can find the proc_path in /etc/imapd.conf. With regards, Paul van der Vlis -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Excisting idle connections and changing password
Op 22-02-17 om 22:48 schreef Bron Gondwana: > Newer Cyrus can kill all connections for a single user with one command, > cyr_deny. It adds an entry to the deny database and kills current > connections. Hmm, I am still using version 2.4.17 and that does not have it. But maybe something for the future! With regards, Paul. -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Excisting idle connections and changing password
Op 22-02-17 om 14:04 schreef Marcus Schopen: > I would change the password and just kill the process the user is > hanging on. But I don't see the username in "ps aux", how do I know which user hangs on which process? With regards, Paul -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Excisting idle connections and changing password
Hello, When I change the password of a user what's logged in using an IMAP idle-connection, how long will the connection "stay"? My goal is that the user cannot access the mailbox anymore and does not get "new mail". What I did now is restarting Cyrus and I think all excisting idle connections will be lost and all users have to login again. So my question is "for the next time". With regards, Paul van der Vlis -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Restore backup of a mailbox
Op 10-11-16 om 14:02 schreef Vladislav Kurz via Info-cyrus: > On 11/10/16 12:17, Paul van der Vlis via Info-cyrus wrote: >> Hello, >> >> A user has removed an important mailbox with all the sent-messages. >> >> I've tried to restore the data from a backup, but then I don't see the >> mailbox with sent-messages. And I don't find the programm >> "cyrreconstruct" anymore (the Debian version of "reconstruct"). > > cyrreconstruct is the right way to do it. It is in the package > cyrus-common-2.4 (or similar). > > ~# which cyrreconstruct > /usr/sbin/cyrreconstruct > > As you have to run it as user cyrus, you have to specify the full path. It's not there anymore in Debian 8, but I found it here: /usr/lib/cyrus/bin/reconstruct This did work: /usr/lib/cyrus/bin/reconstruct -rf "user.username" Thanks for your hint about using the user "cyrus"! With regards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Restore backup of a mailbox
Hello, A user has removed an important mailbox with all the sent-messages. I've tried to restore the data from a backup, but then I don't see the mailbox with sent-messages. And I don't find the programm "cyrreconstruct" anymore (the Debian version of "reconstruct"). Then I've tried to restore everything from the user, everything from /var/spool/cyrus/mail/t/user/username and from /var/lib/cyrus/user/t/username*. Then I see the mailboxes, but nothing in it. Can somebody tell me what's the correct way to restore a backup of only one user? With regards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Invalid mailbox name
Op 23-09-16 om 06:14 schreef Bron Gondwana via Info-cyrus: >> But I think it's strange to have a dot in the list of GOODCHARS when >> it's used as a hierarchy seperator... > > The mailboxname used to be tested against GOODCHARS in its entirety, > including separator. Ah, I understand it now. Thanks for your help. With regards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Invalid mailbox name
Op 22-09-16 om 09:46 schreef Michael Menge via Info-cyrus: > > Quoting Paul van der Vlis via Info-cyrus : > >> Op 21-09-16 om 14:11 schreef Michael Menge via Info-cyrus: >>> Hi, >>> >>> Quoting Paul van der Vlis via Info-cyrus >>> : >>> >>>> Hello, >>>> >>>> I am syncing many mailboxes from one IMAP server to another. Now I get >>>> sometimes errors on mailbox names. I found out that Cyrus does not >>>> accept brackets in a mailbox name. Is there documentation about what >>>> characters are accepted in mailbox names?? >>> >>> The allowed ASCII-Chars are defined in the macro GOODCHARS in >>> imap/mboxname.c >>> (https://github.com/cyrusimap/cyrus-imapd/blob/master/imap/mboxname.c#L1495). >>> >>> >>> non-ASCII-Chars are handled by RFC 3501 5.1.3. >>> >>> This subject has been discussed a few years ago on this list, and >>> GOODCHARS >>> has been changed between cyrus versions. >>> >>> 2.2:#define GOODCHARS " >>> +,-.0123456789:=@ABCDEFGHIJKLMNOPQRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz~" >>> 2.3:#define GOODCHARS " >>> #$'+,-.0123456789:=@ABCDEFGHIJKLMNOPQRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz~" >>> >>> Master: #define GOODCHARS " >>> #$'()*+,-.0123456789:=?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_abcdefghijklmnopqrstuvwxyz~" >>> >> >> Thanks for your answer! >> >> I am wondering about the dot. So far I know I cannot use it in a mailbox >> name, but it is in the list. >> > > I suspect that your cyrus is configured to use the . as hierarchy > seperator. Correct. > see "unixhierarchysep:" in imapd.conf manpage for details. Ah, I know about that. But I think it's strange to have a dot in the list of GOODCHARS when it's used as a hierarchy seperator... >> And what's "master" exactly? So far I see, I cannot use e.g. brackets in >> a mailbox name. > > Master is the name of the main development branch in git. A new branch for > cyrus imapd 3.0 will be forked from the master branch with the release of > the new version. Ah sorry, now I understand. With regards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Invalid mailbox name
Op 22-09-16 om 14:11 schreef Eric Luyten via Info-cyrus: > Of course one can use a '.' as part of a Cyrus mailbox name, internally it > gets translated into a '^' (arrow/caret). When I create a mailbox "test.and.so", I get three maiboxes in each other. Maybe you are using unixhierarchysep? Is it normal these days to use that? > I modified our GOODCHARS definition heavily when we migrated to Cyrus 2.2, > ten years ago, and never had an issue with square brackets and such. Can you create a mailbox like "test (test)" or "test [test]" ? I get an "invalid mailbox name". With regards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Invalid mailbox name
Op 21-09-16 om 14:11 schreef Michael Menge via Info-cyrus: > Hi, > > Quoting Paul van der Vlis via Info-cyrus : > >> Hello, >> >> I am syncing many mailboxes from one IMAP server to another. Now I get >> sometimes errors on mailbox names. I found out that Cyrus does not >> accept brackets in a mailbox name. Is there documentation about what >> characters are accepted in mailbox names?? > > The allowed ASCII-Chars are defined in the macro GOODCHARS in > imap/mboxname.c > (https://github.com/cyrusimap/cyrus-imapd/blob/master/imap/mboxname.c#L1495). > > non-ASCII-Chars are handled by RFC 3501 5.1.3. > > This subject has been discussed a few years ago on this list, and GOODCHARS > has been changed between cyrus versions. > > 2.2:#define GOODCHARS " > +,-.0123456789:=@ABCDEFGHIJKLMNOPQRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz~" > 2.3:#define GOODCHARS " > #$'+,-.0123456789:=@ABCDEFGHIJKLMNOPQRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz~" > Master: #define GOODCHARS " > #$'()*+,-.0123456789:=?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_abcdefghijklmnopqrstuvwxyz~" Thanks for your answer! I am wondering about the dot. So far I know I cannot use it in a mailbox name, but it is in the list. And what's "master" exactly? So far I see, I cannot use e.g. brackets in a mailbox name. With regards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Invalid mailbox name
Hello, I am syncing many mailboxes from one IMAP server to another. Now I get sometimes errors on mailbox names. I found out that Cyrus does not accept brackets in a mailbox name. Is there documentation about what characters are accepted in mailbox names?? With regards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Problems with port 993 (SSL)
Hello Stefan,
Op 02-09-15 om 17:04 schreef Stefan Suurmeijer:
> On 2-9-2015 12:56, Paul van der Vlis wrote:
>> Op 02-09-15 om 01:36 schreef Stefan Suurmeijer:
>> From the OSX v10.11 release notes (released 15-8):
>>
>> * DHE_RSA cipher suites are now disabled by default in Secure
>> Transport for TLS clients. This may cause a failure to connect to
>> TLS servers that only support DHE_RSA cipher suites. Applications
>> that explicitly enable cipher suites using SSLSetEnabledCiphers()
>> are not affected. Safari may display a “Safari can’t establish a
>> secure connection to the server” error page. Safari and other
>> clients of CFNetwork API (NSURLSession, NSURLConnection,
>> CFHTTPStream, CFSocketStream and Cocoa equivalent) will show a
>> “CFNetwork SSLHandshake failed” error in Console.
>>
>>
>> Maybe you can use checktls.com to find out which cipher your site uses.
>> A very useful site.
>> Interesting site, but I need more time to understand the tests.
>>
>> When I use openssl, I get a long timeout after "CONNECTED", and then
>> something what looklikes there is no certificate available at all:
>> -
>> paul@server2:~$ openssl s_client -connect mail.vandervlis.nl:993
>> CONNECTED(0003)
>> write:errno=104
>> ---
>> no peer certificate available
>> ---
>> No client certificate CA names sent
>> ---
>> SSL handshake has read 0 bytes and written 295 bytes
>> ---
>> New, (NONE), Cipher is (NONE)
>> Secure Renegotiation IS NOT supported
>> Compression: NONE
>> Expansion: NONE
>> ---
>> paul@server2:~$
>> -
>>
>> Port 465 (postfix SSL/TLS) has the same problem.
>>
>> When I use openssl to port 443 what uses the same certificate,
>> everything is fine. But TLSv1 with DHE-RSA-AES256-SHA cipher is used.
>> I am using a SHA256 certificate with a 2048 bit public key.
>
> If that cipher is used on port 993 as well, then probably connecting
> from an Apple OSX machine won't work (I assume that is what you're
> testing?)
No, I test with:
openssl s_client -connect mail.vandervlis.nl:443
> , since Apple no longer allows DHE-RSA, as stated above. But
> connecting from an Apple machine to port 443 using the same cipher//does
> work?
I don't have a Mac, I will ask somebody.
But I think I would have heard it.
> Maybe because you're using the SSLCipherSuite option in your
> Apache config? From the release notes, that might not be affected
> ("Applications that explicitly enable cipher suites using
> SSLSetEnabledCiphers() are not affected")
Yes, I use SSLCipherSuite:
SSLCipherSuite HIGH:MEDIUM:!ADH
>> Realize that this has worked for a long time, and so far I know I did
>> not change anything.
>>
>> On my new mailserver port 993 (Cyrus 2.4.17) works fine with the same
>> certificate. (Only tested with openssl.)
>
> What cipher does that one use?
ECDHE-RSA-AES256-SHA
> The certificate isn't the problem I
> think, the cipher you use probably is.
But why isn't it a problem on port 143 with STARTTLS on the old machine?
>>> If your site uses a DHE-RSA cipher, you may need to change the
>>> tls_cipher_list in your imapd.conf
>> I only accept TLSv1 high-security ciphers:
>> tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH
>
> Hm, I don't know if that would allow DHE-RSA, maybe someone from Horde
> knows that
This is about Cyrus and imapd.conf, not about Horde.
I think the tls_cipher_list allows DHE-RSA, but the question is more if
there are alternatives offered. I think the machine should offer:
TLS_RSA_WITH_AES_256_CBC_SHA.
But it lookslike there is something else wrong on port 993, it says: "no
peer certificate available". I don't understand that.
I will not spend much time on this issue on the old machine, because
port 143 works fine. And save my energy for the migration to the new
machine...
With regards,
Paul van der Vlis.
--
Paul van der Vlis Linux systeembeheer Groningen
https://www.vandervlis.nl/
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Problems with port 993 (SSL)
Op 02-09-15 om 01:36 schreef Stefan Suurmeijer: > Hi Paul, > > a fellow Groninger? Then lets try to help ;-) Nice to know ;-) > From the OSX v10.11 release notes (released 15-8): > > * DHE_RSA cipher suites are now disabled by default in Secure > Transport for TLS clients. This may cause a failure to connect to > TLS servers that only support DHE_RSA cipher suites. Applications > that explicitly enable cipher suites using SSLSetEnabledCiphers() > are not affected. Safari may display a “Safari can’t establish a > secure connection to the server” error page. Safari and other > clients of CFNetwork API (NSURLSession, NSURLConnection, > CFHTTPStream, CFSocketStream and Cocoa equivalent) will show a > “CFNetwork SSLHandshake failed” error in Console. > > > Maybe you can use checktls.com to find out which cipher your site uses. > A very useful site. Interesting site, but I need more time to understand the tests. When I use openssl, I get a long timeout after "CONNECTED", and then something what looklikes there is no certificate available at all: - paul@server2:~$ openssl s_client -connect mail.vandervlis.nl:993 CONNECTED(0003) write:errno=104 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 295 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- paul@server2:~$ - Port 465 (postfix SSL/TLS) has the same problem. When I use openssl to port 443 what uses the same certificate, everything is fine. But TLSv1 with DHE-RSA-AES256-SHA cipher is used. I am using a SHA256 certificate with a 2048 bit public key. Realize that this has worked for a long time, and so far I know I did not change anything. On my new mailserver port 993 (Cyrus 2.4.17) works fine with the same certificate. (Only tested with openssl.) > If your site uses a DHE-RSA cipher, you may need to change the > tls_cipher_list in your imapd.conf I only accept TLSv1 high-security ciphers: tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH The problems are not very big, I can tell the people to change port 993 to port 143 in the client, this fixes the problem. Most people are already using port 143. With regards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Problems with port 993 (SSL)
Op 01-09-15 om 17:35 schreef Patrick Boutilier: > What version of Cyrus? Really old: 2.2.13 https://packages.debian.org/squeeze/cyrus-imapd-2.2 With regards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Problems with port 993 (SSL)
Hello, Since yesterday I get phone calls from Apple users about port 993 not working anymore. Some other users don't have problems using port 993. No problems on port 143 with starttls. I've tested it myself on Linux, same problem. Starttls works, but SSL/TLS does not. I think it has to do with security problems in the SSL-protocol, and updates in mailclients. Is here someone who knows more? My mail setup is a bit old (Debian Squeeze), I am testing a new setup at the moment with Debian Jessie. With regards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Outlook 2013
Op 28-02-14 12:14, Adam Tauno Williams schreef: > On Thu, 2014-02-27 at 21:58 +0100, Paul van der Vlis wrote: >> I would like to tell that I got some private mails telling that Outlook >> 2013 does not work well with imap. > > I have several users using Outlook with Cyrus IMAPd; it works without > issue. At least from 2003 and later. > > One tip is to disable Exchange extensions, but other than that no > hacking is required. I don't mean older versions, version 2007 and 2010 are OK. Do you really have positive experiences with Outlook version 2013? Other people wrote me information like this in private: - We have many clients working with Outlook 2013. In short: Drop Outlook 2013 with IMAP, MS did "improve" IMAP support, so that is almost unusable. They wish to push customers to use MS Exchange. -- With reagards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Outlook 2013
Op 24-02-14 23:57, Reko Turja schreef: > Greetings, > > -Original Message- > From: Paul van der Vlis > Op 20-02-14 19:25, Paul van der Vlis schreef: > >> > What's your experience with Outlook 2013 together with Cyrus? >> Please tell it too when it works fine. > > From my experience Outlook really works best with Exchange as mailstore > - as IMAP client it's more or less lacking. I have to admit I don't > really have experience on 2013. For IMAP there are better alternatives, > even from Microsoft, like Live mail. > > I tend to try it now and then, get frustrated in the end and just choose > another MUA. Thanks for your aswer. I would like to tell that I got some private mails telling that Outlook 2013 does not work well with imap. With regards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Outlook 2013
Op 20-02-14 19:25, Paul van der Vlis schreef: > What's your experience with Outlook 2013 together with Cyrus? Please tell it too when it works fine. With regards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Outlook 2013
Hello, One of my customers has bought a laptop with Outlook 2013. He says he can see his messages over IMAP, but it's a kind of read-only access. The mailserver is an old installation with Cyrus 2.2.13 (Debian Squeeze), so I need to update it to Debian Wheezy (Cyrus 2.4.16) to get e.g. the XLIST command I expect. Yesterday I spoke to someone who said Outlook 2013 gives many problems with IMAP (corruptions of the local cache). What's your experience with Outlook 2013 together with Cyrus? Is it stable and does it really need XLIST? With regards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Mailbox locked, not removed
On 07-05-13 18:24, Paul van der Vlis wrote: > Hello, > > I am doing some tests with a complex conversion to Cyrus. > > When I have the mail in Cyrus, I cannot remove the mailbox anymore. > After removing the mailbox is locked in stead of removed. Not sure > what's wrong. > > This is what I do in cyradm: > --- > sam user.john cyrus lrswipcda > dm user.john > --- Sorry, I see this has changed. With "x" everything works fine. With regards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Mailbox locked, not removed
Hello, I am doing some tests with a complex conversion to Cyrus. When I have the mail in Cyrus, I cannot remove the mailbox anymore. After removing the mailbox is locked in stead of removed. Not sure what's wrong. This is what I do in cyradm: --- sam user.john cyrus lrswipcda dm user.john --- When I remove the data by hand in /var/spool/cyrus, and I restart Cyrus, then the mailbox is removed. But that's not a normal way. Not sure what's wrong... With regards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Refuse IMAP without encryption
On 23-04-13 20:24, Andrew Morgan wrote: > On Tue, 23 Apr 2013, Paul van der Vlis wrote: > >> Hello, >> >> Is it possible to refuse IMAP-access without encryption like TLS or SSL? >> I think this would be a good idea for security. >> >> And I would like to make an exception for localhost for the webmail. The >> webmail (Sogo) can do TLS or SSL, but normally I don't do that for >> localhost. >> >> I am using Cyrus 2.4.16 from Debian 7 (Wheezy). > > You can create a second service entry for imapd in cyrus.conf. Have it > listen on localhost and on a different port, such as 1143. In > imapd.conf, set: > > _allowplaintext: 1 > > Where is the name of the localhost service in cyrus.conf. > For example: > > localimap cmd="/usr/local/cyrus/bin/imapd" listen="localhost:1143" > proto="tcp4" prefork=10 maxchild=100 > > Then in imapd.conf: > > localimap_allowplaintext: 1 Many thanks for your help! And the same for Ben and Sebastian. With regards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Refuse IMAP without encryption
Hello, Is it possible to refuse IMAP-access without encryption like TLS or SSL? I think this would be a good idea for security. And I would like to make an exception for localhost for the webmail. The webmail (Sogo) can do TLS or SSL, but normally I don't do that for localhost. I am using Cyrus 2.4.16 from Debian 7 (Wheezy). With regards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: saslauthd with openldap
On 19-04-13 14:06, Marc Patermann wrote: > Paul, > > Paul van der Vlis schrieb (19.04.2013 11:58 Uhr): > >> I am trying to get saslauthd working > While this is not IMAPd related, why don't your try a SASL list? I am not a member of it. I have tried to post to it via Gmane but my mail was refused... >> to authenticate on openLDAP with >> passwords stored with a MD5 hash (base64 encoded) in the field >> UserPassword. The passwords are created with smb-ldap so I think it's >> normal that they are base64 encoded. > Is SASL auxprop ldapdb not an option for you? I am a Cyrus user for about 10 years, and I have always used saslauthd. Most of the time using PAM, but sometimes LDAP to Microsoft AD and to Novell. But I have never authenticated to OpenLDAP before. >> "testsaslauthd -u mailtest -p secret" gives always "authentication >> failed". In auth.log I see always: "Bind failed". >> >> I've tried many options in saslauthd.conf, at the moment it's this: >> >> ldap_servers: ldap://192.168.28.240/ >> ldap_auth_method: custom >> ldap_bind_dn: uid=admin,dc=domain,dc=local >> ldap_bind_pw: secret >> ldap_search_base: ou=Users,dc=domain,dc=local >> ldap_filter: cn=%u >> > what does > # ldapsearch -H ldap://192.168.28.240/ -x -D > uid=admin,dc=domain,dc=local -w secret -B ou=Users,dc=domain,dc=local > cn=oneOfYourUsernames > for you? It first gave an error because -B has to be -b, after the changing it, it says "ldap_bind: Invalid credentials (49)". H. But because I had another working ldapsearch string, I looked at the differences and I found the solution! This was wrong: ldap_bind_dn: uid=admin,dc=domain,dc=local This is right: ldap_bind_dn: cn=admin,dc=domain,dc=local Many thanks for your help! >> I am using cyrus-sasl2 version 2.1.25.dfsg1-6 from Debian Wheezy. >> LDAP is on an old machine (Ubuntu 8.04, slapd version 2.4.7). > FYI: For a production use LDAP server it is best advice from the > openldap developers to use the lastest version, which is 2.4.35. This is an environment what should be replaced but what is in production for many years and for many people. I am only hired for the mailserver.. With regards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
saslauthd with openldap
Hello, I am trying to get saslauthd working to authenticate on openLDAP with passwords stored with a MD5 hash (base64 encoded) in the field UserPassword. The passwords are created with smb-ldap so I think it's normal that they are base64 encoded. "testsaslauthd -u mailtest -p secret" gives always "authentication failed". In auth.log I see always: "Bind failed". I've tried many options in saslauthd.conf, at the moment it's this: ldap_servers: ldap://192.168.28.240/ ldap_auth_method: custom ldap_bind_dn: uid=admin,dc=domain,dc=local ldap_bind_pw: secret ldap_search_base: ou=Users,dc=domain,dc=local ldap_filter: cn=%u I am using cyrus-sasl2 version 2.1.25.dfsg1-6 from Debian Wheezy. LDAP is on an old machine (Ubuntu 8.04, slapd version 2.4.7). With regards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Conversion from mbox to Cyrus
Hi Adam, First of all, there was a misunderstanding between me and my customer. The mail is in mbox format, not in maildir. Sorry. On 28-03-13 12:13, Adam Tauno Williams wrote: > On Wed, 2013-03-27 at 21:15 +0100, Paul van der Vlis wrote: >> A customer asks me to convert an excisting installation what uses >> Evolution, pop3 and maildir to Cyrus. >> When I would copy the files and run reconstruct or use deliver I expect >> to loose the flags like "read". > > Not necessarily, those can be explicitly applied via IMAP. > > I believe the imapcopy / imaputils project(s) have some maildir-to-imap > migration tool, maybe. I remember something like that. Imapcopy does only imap-to-imap so far I know. > For POP - there aren't really any flags, except maybe "seen", but that > depends on the provider. It's about the old mail what's stored in the home-dir of the user. This was transfered by POP. With regards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Conversion from maildir to Cyrus
Hello, A customer asks me to convert an excisting installation what uses Evolution, pop3 and maildir to Cyrus. When I would copy the files and run reconstruct or use deliver I expect to loose the flags like "read". What would be a good way to convert this? It's about 100+ users who are all on one server. Would it be an idea to install an imap server like Courier or Dovecot what can do maildir and then use imapsync to Cyrus? With regards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: OT: Thunderbird very slow synchronizing
Op 31-07-12 18:22, "Clément Hermann (nodens)" schreef: > Le 31/07/2012 14:46, Paul van der Vlis a écrit : >> Hello, >> >> At a customer Thunderbird works very slow synchronizing with Cyrus using >> the IMAP protocol. E.g. opening a folder takes many seconds. >> >> Other clients (Thunderbird and non-Thunderbird) are working fine with >> the same Cyrus IMAP server. >> r >> Do you know this problem? (I have seen it before). > This looks like an index problem on the client side. Maybe you could try > to ask your customer to do a right-click -> property -> repair on theses > folders. If that doesn't work, it will have to stop thunderbird.exe and > destroy the local folders to force thunderbird to start over. Good idea, thanks. I will talk with my customer. >> Do you know how to debug it at the server side? (Cyrus 2.2.13-19 from >> Debian stable). > > You can try to compare what happens with a working client using > telemetry logs : just create a directory with the same name as the > userid (say, t...@example.net if that is what your customer uses to log > in) in /var/lib/cyrus/log (it must belong to cyrus). You'll get all a > log containing all IMAP/POP3 commands for this account. This works very well. I will study the logs. Thanks! With regards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
OT: Thunderbird very slow synchronizing
Hello, At a customer Thunderbird works very slow synchronizing with Cyrus using the IMAP protocol. E.g. opening a folder takes many seconds. Other clients (Thunderbird and non-Thunderbird) are working fine with the same Cyrus IMAP server. Do you know this problem? (I have seen it before). Do you know how to debug it at the server side? (Cyrus 2.2.13-19 from Debian stable). With regards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Virtual domains with SSL on Cyrus 2.2.13 ?
Hello, I use Cyrus 2.2.13 (from Debian stable). Can I use virtualhosts with SSL on each host, or do I need Cyrus 2.3 for that? I want to migrate a Cyrus installation from a customer to my mailserver, using the hostname of the customer for IMAP. With regards, Paul. -- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Problems with dots in subboxes
Op 23-01-12 23:39, Bron Gondwana schreef: > On Mon, Jan 23, 2012 at 10:59:52PM +0100, Paul van der Vlis wrote: >> Op 23-01-12 22:49, Bron Gondwana schreef: >>> On Mon, Jan 23, 2012, at 10:46 PM, Paul van der Vlis wrote: >>>> Op 23-01-12 22:40, Bron Gondwana schreef: >>>>> On Mon, Jan 23, 2012, at 08:16 PM, Paul van der Vlis wrote: >>>>>> Hello, >>>>>> >>>>>> A user has a very complex IMAP box with many subboxes. He used subboxes >>>>>> with names with dots and spaces in it and I use a dot as IMAP >>>>>> seperation. But he did not have any problems, he said... >>>>>> >>>>>> But now there is a big problem. His box "overig e.d." has been renamed >>>>>> to "overig e" and in it is now a box "d", and in that it's empty, all >>>>>> messages are gone... >>>>>> >>>>>> Does somebody have an idea what can have happened? >>>>>> >>>>>> He is using Thunderbird a long time, but now he has Apple Mail and an >>>>>> Android Phone too, to access the mailbox. >>>>> >>>>> Have you changed versions or configurations in that time? >>>> >>>> Before there was no Android Phone and Apple Mail. And Thunderbird was >>>> updated (to a 3.1 version). I did not change Cyrus. >>>> >>>>> I'm surprised it ever worked! >>>> >>>> Me too, >>> >>> Have you looked on disk? Are there files in the spool at all? >> >> Yes, I have looked there. There are only this files in the folder: >> cyrus.cache cyrus.header cyrus.index cyrus.seen > > Backups? I can go back only 7 days. This is longer ago. >>> If you used >>> to have unixhierarchysep: on there may be a overig e^d^ folder. >> >> I don't have unixhierarchysep configured on this machine. > > I don't have a clue then sorry. Thanks for your thoughts With regards, Paul. -- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Problems with dots in subboxes
Op 23-01-12 22:49, Bron Gondwana schreef: > On Mon, Jan 23, 2012, at 10:46 PM, Paul van der Vlis wrote: >> Op 23-01-12 22:40, Bron Gondwana schreef: >>> On Mon, Jan 23, 2012, at 08:16 PM, Paul van der Vlis wrote: >>>> Hello, >>>> >>>> A user has a very complex IMAP box with many subboxes. He used subboxes >>>> with names with dots and spaces in it and I use a dot as IMAP >>>> seperation. But he did not have any problems, he said... >>>> >>>> But now there is a big problem. His box "overig e.d." has been renamed >>>> to "overig e" and in it is now a box "d", and in that it's empty, all >>>> messages are gone... >>>> >>>> Does somebody have an idea what can have happened? >>>> >>>> He is using Thunderbird a long time, but now he has Apple Mail and an >>>> Android Phone too, to access the mailbox. >>> >>> Have you changed versions or configurations in that time? >> >> Before there was no Android Phone and Apple Mail. And Thunderbird was >> updated (to a 3.1 version). I did not change Cyrus. >> >>> I'm surprised it ever worked! >> >> Me too, > > Have you looked on disk? Are there files in the spool at all? Yes, I have looked there. There are only this files in the folder: cyrus.cache cyrus.header cyrus.index cyrus.seen > If you used > to have unixhierarchysep: on there may be a overig e^d^ folder. I don't have unixhierarchysep configured on this machine. With regards, Paul. -- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Problems with dots in subboxes
Op 23-01-12 22:40, Bron Gondwana schreef: > On Mon, Jan 23, 2012, at 08:16 PM, Paul van der Vlis wrote: >> Hello, >> >> A user has a very complex IMAP box with many subboxes. He used subboxes >> with names with dots and spaces in it and I use a dot as IMAP >> seperation. But he did not have any problems, he said... >> >> But now there is a big problem. His box "overig e.d." has been renamed >> to "overig e" and in it is now a box "d", and in that it's empty, all >> messages are gone... >> >> Does somebody have an idea what can have happened? >> >> He is using Thunderbird a long time, but now he has Apple Mail and an >> Android Phone too, to access the mailbox. > > Have you changed versions or configurations in that time? Before there was no Android Phone and Apple Mail. And Thunderbird was updated (to a 3.1 version). I did not change Cyrus. > I'm surprised it ever worked! Me too, With regards, Paul. -- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Problems with dots in subboxes
Hello, A user has a very complex IMAP box with many subboxes. He used subboxes with names with dots and spaces in it and I use a dot as IMAP seperation. But he did not have any problems, he said... But now there is a big problem. His box "overig e.d." has been renamed to "overig e" and in it is now a box "d", and in that it's empty, all messages are gone... Does somebody have an idea what can have happened? He is using Thunderbird a long time, but now he has Apple Mail and an Android Phone too, to access the mailbox. With regards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Imapsync alternative?
Op 23-01-12 13:41, Michael Menge schreef: > Hi, > > Quoting Paul van der Vlis : > >> Hello, >> >> I've used in the past imapsync for mailbox migrations, but sometimes I >> found problems. For the latest version I have to pay. I can understand >> it from the view of the developer, maybe I will pay him for the latest >> version. But I will look for alternatives first, preferable those who >> are in Debian. >> >> I saw some other programs like mailsync and movemail (from the GNU >> mailutils), and I am interested if there is a good alternative for >> Imapsync. >> >> For me it's also an option to use something like rsync to copy all files >> of a mailbox from one Cyrus mailserver to another. Is that a good idea? >> >> With regards, >> Paul van der Vlis. >> >> http://packages.debian.org/squeeze/mailsync >> http://packages.debian.org/squeeze/mailutils > > > Years ago we used mailutils to migrate from UW-IMAPD to cyrus, which > was much faster than imapsync. AFAIR i had to patch mailutils to allow > "-merge append" for the copy option but I can't find the patch anymore. > > If you migrate from Cyrus to Cyrus you can use rsync IMHO, That's good news ;-) I expect I have to do this, when syncing the mailbox "paul": - create a mailbox with the same name on the new server - sync /var/spool/cyrus/mail/p/user/paul - sync /var/lib/cyrus/user/p/paul/paul.* - sync /var/spool/sieve/p/paul Is that everything? What when I have to change the name of the mailbox, because of a duplicate name on the new server? > you might > have to convert some databases if you change the archietecture or the > installed version of BDB. I am using skiplist, so I think I don't need that. Correct? In this case I go from a 64-bit AMD system to a 32-bit Intel system. > If your current version of cyrus is 2.3.x you can also use cyrussync, > which will take care of different archetektures and databese versions. No, it's still 2.2, but good to know for the future. With regards, Paul. -- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Imapsync alternative?
Hello, I've used in the past imapsync for mailbox migrations, but sometimes I found problems. For the latest version I have to pay. I can understand it from the view of the developer, maybe I will pay him for the latest version. But I will look for alternatives first, preferable those who are in Debian. I saw some other programs like mailsync and movemail (from the GNU mailutils), and I am interested if there is a good alternative for Imapsync. For me it's also an option to use something like rsync to copy all files of a mailbox from one Cyrus mailserver to another. Is that a good idea? With regards, Paul van der Vlis. http://packages.debian.org/squeeze/mailsync http://packages.debian.org/squeeze/mailutils -- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
List mailboxes
Hello, I would like to have a list with mailboxes, but I don't want all the submailboxes listed, and I don't want "hasNoChildren" etc. Is there a good way to do that? With regards, Paul. -- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Android, outgoing messages not saved on server
Hello, I've a customer with an Samsung Galaxy S2 phone (Android 2.3), and he has a Cyrus IMAP 2.2.13 server. Connecting works fine, but e.g. outgoing messages are not saved in the "Sent" folder on the server, but local on the phone. Another less important problem is: he sees mailboxes like INBOX.Sent, he would prefer to see "Sent". Is here somebody with Android experience? With regards, Paul van der Vlis. -- Linux systeembeheer Groningen http://www.vandervlis.nl Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
imapsync and starttls
Hello, My server can do starttls but it does not work with the new imapsync, what can do starttls. Imapsync says the server don't has the capability to do STARTTLS. What can be wrong? --- p...@server2:~$ telnet mail.vandervlis.nl 143 Trying 91.198.178.50... Connected to mail.vandervlis.nl. Escape character is '^]'. * OK sigmund Cyrus IMAP4 v2.2.13-Debian-2.2.13-14+lenny3 server ready abcd CAPABILITY * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE STARTTLS abcd OK Completed abcd STARTTLS abcd OK Begin TLS negotiation now ^] - With regards, Paul van der Vlis. -- http://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Tcpwrapper does not work?
Dave McMurtrie schreef: > On 10/08/2010 07:24 AM, Paul van der Vlis wrote: >> Dave McMurtrie schreef: >>> On 10/08/2010 06:09 AM, Paul van der Vlis wrote: >>>> Hello, >>>> >>>> When I put in my /etc/hosts.deny this: imapd: 192.168.0.41 >>>> And /etc/hosts.allow is empty. >>>> >>>> Then I still get my mail over IMAP from this IP with Cyrus. >>>> >>>> I use Cyrus 2.2.13 from Debian stable, so far I know this is compiled >>>> with tcpwrapper support. >>>> >>>> Does somebody understand this? >>> Hi Paul, >>> >>> The service you specify for tcpwrappers in /etc/hosts.deny must be the >>> same as the service name you put in /etc/cyrus.conf. Most likely you >>> want to use "imap" as the service and not "imapd" >> I've tried it, and you are right (and so is Hajimu). >> >> Strange, in the manual of tcp-wrappers they say you need to use the >> processname... > > It's difficult to document this correctly from the tcp-wrappers side > because libwrap doesn't determine the service name itself. Rather, > applications that link against libwrap have to tell libwrap the service > name they're using. > > Wrapping a service with tcpd in inetd.conf was more intuitive because > the service name was specified on the same line in inetd.conf. I am using now this because I found-out that "imap" did not help against pop3 access. imap pop3: 1.2.3.4 I have "idled" enabled. Not sure if I need to add that. I don't have imaps and pop3s (I only use TLS), but when I would have it, I think I have to add them too? And maybe "sieve" ? With regards, Paul van der Vlis. -- http://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Tcpwrapper does not work?
Dave McMurtrie schreef: > On 10/08/2010 06:09 AM, Paul van der Vlis wrote: >> Hello, >> >> When I put in my /etc/hosts.deny this: imapd: 192.168.0.41 >> And /etc/hosts.allow is empty. >> >> Then I still get my mail over IMAP from this IP with Cyrus. >> >> I use Cyrus 2.2.13 from Debian stable, so far I know this is compiled >> with tcpwrapper support. >> >> Does somebody understand this? > > Hi Paul, > > The service you specify for tcpwrappers in /etc/hosts.deny must be the > same as the service name you put in /etc/cyrus.conf. Most likely you > want to use "imap" as the service and not "imapd" I've tried it, and you are right (and so is Hajimu). Strange, in the manual of tcp-wrappers they say you need to use the processname... With regards, Paul van der Vlis. -- http://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Tcpwrapper does not work?
Hajimu UMEMOTO schreef: > Hi, > >>>>>> On Fri, 08 Oct 2010 12:09:37 +0200 >>>>>> Paul van der Vlis said: > > paul> When I put in my /etc/hosts.deny this: imapd: 192.168.0.41 > paul> And /etc/hosts.allow is empty. > > paul> Then I still get my mail over IMAP from this IP with Cyrus. > > Isn't the entry `imap: 192.168.0.41'? No, it's the process-name of the program used, see "man hosts_access". - server:/etc/fail2ban# ps aux | grep cyrus cyrus12934 0.0 0.2 106592 5756 ?S12:42 0:01 imapd -U 30 cyrus13288 0.0 0.1 28684 3832 ?S12:46 0:00 imapd -U 30 cyrus13341 0.0 0.2 87820 4740 ?S12:46 0:00 imapd -U 30 cyrus13496 0.0 0.1 29068 3800 ?S12:48 0:00 imapd -U 30 cyrus14039 0.0 0.3 149440 7212 ?S12:53 0:00 imapd -U 30 cyrus14678 0.0 0.1 29368 3856 ?S12:59 0:00 imapd -U 30 cyrus14863 0.0 0.1 28380 2864 ?S13:00 0:00 imapd -U 30 root 15657 0.0 0.0 3596 676 pts/0S+ 13:08 0:00 grep cyrus cyrus21017 0.0 0.1 12700 3176 ?Ss Oct06 0:08 /usr/sbin/cyrmaster -d cyrus21020 0.0 0.0 26428 540 ?SOct06 0:06 idled cyrus21024 0.0 0.1 27044 2088 ?SOct06 0:00 notifyd - I have also tried to blacklist "idled" and "cyrmaster" at the same time, but it does not help. With regards, Paul van der Vlis. -- http://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Tcpwrapper does not work?
Jeroen van Meeuwen (Kolab Systems) schreef: > Paul van der Vlis wrote: >> Hello, >> >> When I put in my /etc/hosts.deny this: imapd: 192.168.0.41 >> And /etc/hosts.allow is empty. >> >> Then I still get my mail over IMAP from this IP with Cyrus. >> >> I use Cyrus 2.2.13 from Debian stable, so far I know this is compiled >> with tcpwrapper support. >> >> Does somebody understand this? >> > > Does ldd on imapd show you a link against libwrap? Yes: - server:/etc/fail2ban# ldd /usr/lib/cyrus/bin/imapd linux-gate.so.1 => (0xb77b4000) libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7781000) libgssapi.so.2 => /usr/lib/libgssapi.so.2 (0xb7758000) libkrb5.so.25 => /usr/lib/libkrb5.so.25 (0xb7698000) libasn1.so.8 => /usr/lib/libasn1.so.8 (0xb761d000) libroken.so.18 => /usr/lib/libroken.so.18 (0xb760b000) libcrypt.so.1 => /lib/i686/cmov/libcrypt.so.1 (0xb75d9000) libcom_err.so.2 => /lib/libcom_err.so.2 (0xb75d5000) libresolv.so.2 => /lib/i686/cmov/libresolv.so.2 (0xb75c1000) libdb-4.2.so => /usr/lib/libdb-4.2.so (0xb74e6000) libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.so.0.9.8 (0xb74a) libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb734d000) libwrap.so.0 => /lib/libwrap.so.0 (0xb7345000) libnsl.so.1 => /lib/i686/cmov/libnsl.so.1 (0xb732b000) libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb71d) libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0xb71cc000) libheimntlm.so.0 => /usr/lib/libheimntlm.so.0 (0xb71c7000) libhx509.so.3 => /usr/lib/libhx509.so.3 (0xb718c000) libwind.so.0 => /usr/lib/libwind.so.0 (0xb7163000) libpthread.so.0 => /lib/i686/cmov/libpthread.so.0 (0xb714a000) /lib/ld-linux.so.2 (0xb77b5000) libz.so.1 => /usr/lib/libz.so.1 (0xb7135000) server:/etc/fail2ban# ls -l /lib/libwrap.so.0 lrwxrwxrwx 1 root root 16 2009-03-31 17:39 /lib/libwrap.so.0 -> libwrap.so.0.7.6 server:/etc/fail2ban# ls -l /lib/libwrap.so.0.7.6 -rw-r--r-- 1 root root 31168 2008-07-26 01:45 /lib/libwrap.so.0.7.6 - With regards, Paul van der Vlis. -- http://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Tcpwrapper does not work?
Hello, When I put in my /etc/hosts.deny this: imapd: 192.168.0.41 And /etc/hosts.allow is empty. Then I still get my mail over IMAP from this IP with Cyrus. I use Cyrus 2.2.13 from Debian stable, so far I know this is compiled with tcpwrapper support. Does somebody understand this? With regards, Paul van der Vlis. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Wildcard SSL cert gives "error initilizing TLS"
Paul van der Vlis schreef: > Paul van der Vlis schreef: >> Hello, >> >> I have a new wildcard SSL-certificate (Comodo positiveSSL), but I have >> problems when I use it in Cyrus. >> >> The client (Icedove 2.0.0.24 = Thunderbird 2.0.0.24) says that the >> server says: "error initializing TLS". I have tried the way I did it >> before (with also a Comodo positiveSSL cert, but without wildcard). >> >> Is it possible that Cyrus does not like wildcard-certs? >> I am using Cyrus from Debian stable (2.2.13). > > No, that's not the case. On another machine with the same Cyrus > everything works fine with the wildcard-cert. > > I still don't understand why it's a problem on the other machine, the > configuration is "very the same". I found the problem. Very stupid: the cert-file was not readable by the user Cyrus. Ahum, very stupid. With regards. Paul van der Vlis. -- http://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Wildcard SSL cert gives "error initilizing TLS"
Paul van der Vlis schreef: > Hello, > > I have a new wildcard SSL-certificate (Comodo positiveSSL), but I have > problems when I use it in Cyrus. > > The client (Icedove 2.0.0.24 = Thunderbird 2.0.0.24) says that the > server says: "error initializing TLS". I have tried the way I did it > before (with also a Comodo positiveSSL cert, but without wildcard). > > Is it possible that Cyrus does not like wildcard-certs? > I am using Cyrus from Debian stable (2.2.13). No, that's not the case. On another machine with the same Cyrus everything works fine with the wildcard-cert. I still don't understand why it's a problem on the other machine, the configuration is "very the same". With regards, Paul van der Vlis. -- http://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Wildcard SSL cert gives "error initilizing TLS"
Hello, I have a new wildcard SSL-certificate (Comodo positiveSSL), but I have problems when I use it in Cyrus. The client (Icedove 2.0.0.24 = Thunderbird 2.0.0.24) says that the server says: "error initializing TLS". I have tried the way I did it before (with also a Comodo positiveSSL cert, but without wildcard). Is it possible that Cyrus does not like wildcard-certs? I am using Cyrus from Debian stable (2.2.13). I have no problems with the certificate in Apache2, Postfix and vs_ftpd. With regards, Paul van der Vlis. -- http://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: TLS server engine: cannot load CA data
Patrick Boutilier schreef: > On 09/14/2010 07:51 AM, Paul van der Vlis wrote: >> Hello, >> >> Strange problem: >> - >> Sep 14 09:18:12 mail cyrus/imap[21928]: TLS server engine: cannot load >> CA data >> Sep 14 09:18:12 mail cyrus/imap[21928]: unable to get certificate from >> '/etc/apache2/ssl/mail_rcg_nl.crt' >> Sep 14 09:18:12 mail cyrus/imap[21928]: TLS server engine: cannot load >> cert/key data, may be a cert/key mismatch? >> Sep 14 09:18:12 mail cyrus/imap[21928]: error initializing TLS >> >> >> But this command gives the certificate: >> su cyrus -c "cat /etc/apache2/ssl/mail_rcg_nl.crt" >> >> Cyrus is running as user cyrus. >> >> What could be wrong? > > Can cyrus read the private key file (.key) ? Yes, it can. But I think I've found it, the "tls_ca_file" in imapd.conf was wrong. With regards, Paul van der Vlis. -- http://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
TLS server engine: cannot load CA data
Hello, Strange problem: - Sep 14 09:18:12 mail cyrus/imap[21928]: TLS server engine: cannot load CA data Sep 14 09:18:12 mail cyrus/imap[21928]: unable to get certificate from '/etc/apache2/ssl/mail_rcg_nl.crt' Sep 14 09:18:12 mail cyrus/imap[21928]: TLS server engine: cannot load cert/key data, may be a cert/key mismatch? Sep 14 09:18:12 mail cyrus/imap[21928]: error initializing TLS But this command gives the certificate: su cyrus -c "cat /etc/apache2/ssl/mail_rcg_nl.crt" Cyrus is running as user cyrus. What could be wrong? With regards, Paul van der Vlis. -- http://www.vandervlis.nl/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: How to test timsieved
Dan White schreef: > I just did some quick testing on my system and cannot authenticate to > timsieved as a user who's mailbox does not exist. > > I have a mailbox for dwh...@olp.net, but not dwhite. Here's the results of > a few tests: > > Works: > imtest -a dwhite -m PLAIN localhost > imtest -a dwh...@olp.net -m PLAIN localhost > sivtest -a dwh...@olp.net -m PLAIN localhost > > Doesn't work: > sivtest -a dwhite -m PLAIN localhost > > Based on that, I'm assuming that a mailbox for paul needs to exist to > authenticate. Is that that the case? Ah, that was the problem ;-) Mail for user paul on this machine is forwarded to somewhere else, so there is no mailbox for this user... When I did test it as another user, there was no problem. Only a wrong test. Many thanks for your help. With regards, Paul van der Vlis. -- http://www.vandervlis.nl/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: How to test timsieved
Dan White schreef:
> On 13/08/09 16:56 +0200, Paul van der Vlis wrote:
>>>> Aug 13 11:27:40 sigmund saslauthd[12960]: do_auth : auth
>>>> failure: [user=root] [service=sieve] [realm=] [mech=pam] [reason=PAM
>>>> auth error]
>>>>
>>>
>>> testsaslauthd -u username -p password
>>> testsaslauthd -u username -p password -s sieve
>>> testsaslauthd -u username -p password -s imap
>>>
>>> Do you get different answers?
>>
>> No, they give all: 0: OK "Success." when I do it as root or as user
>> cyrus.
>>
>> But when I execute "testsaslauthd" as another user, it fails with a
>> "connect() : Permission denied".
>> But this is also the case on the other machine what works correct.
>
> It looks like you're configured to allow members of the sasl group to
> access the saslauthd mux, so that error is to be expected.
>
>> sasl_mech_list: PLAIN
>> sasl_minimum_layer: 0
>> #sasl_maximum_layer: 256
>> sasl_pwcheck_method: saslauthd
>> #sasl_auxprop_plugin: sasldb
>> sasl_auto_transition: no
>>
>> /etc/default/saslauthd:
>> START=yes
>> MECHANISMS="pam"
>> MECH_OPTIONS=""
>> THREADS=5
>> OPTIONS="-c"
>>
>> Maybe this is important:
>> sigmund:~# ls -ld /var/run/saslauthd
>> lrwxrwxrwx 1 root root 37 2009-07-22 14:01 /var/run/saslauthd ->
>> /var/spool/postfix/var/run/saslauthd/
>> sigmund:~# ls -ld /var/spool/postfix/var/run/saslauthd/
>> drwx--x--- 2 root sasl 200 2009-07-22 14:02
>> /var/spool/postfix/var/run/saslauthd/
>> sigmund:~# ls -l /var/spool/postfix/var/run/saslauthd/
>> total 929
>> -rw--- 1 root root 0 2009-07-22 14:02 cache.flock
>> -rw--- 1 root root 945152 2009-07-22 14:02 cache.mmap
>> srwxrwxrwx 1 root root 0 2009-07-22 14:02 mux
>> -rw--- 1 root root 0 2009-07-22 14:02 mux.accept
>> -rw--- 1 root root 6 2009-07-22 14:02 saslauthd.pid
>
> Looks fine.
>
> I wonder if timsieved is calling saslauthd with different options,
> like with a realm.
>
> I'd be curious what you're seeing when saslauthd is in debug mode.
I used the "-d" option in /etc/default/saslauthd and restarted saslauthd.
In another terminal I tried sivtest, where the authentication was wrong.
But, in the debug I see that the authentication was OK for saslauthd.
-
p...@sigmund:/root$ sivtest -v localhost
S: "IMPLEMENTATION" "Cyrus timsieved v2.1.18-IPv6-Debian-2.1.18-5.1"
S: "SASL" "PLAIN"
S: "SIEVE" "fileinto reject envelope vacation imapflags notify
subaddress relational regex"
S: "STARTTLS"
S: OK
Please enter your password:
C: AUTHENTICATE "PLAIN" {20+}
AHBhdWwAZXJ1NGJjZw==
S: NO "Authentication Error"
Authentication failed. generic failure
Security strength factor: 0
-
--
sigmund:/etc/pam.d# /etc/init.d/saslauthd restart
Restarting SASL Authentication Daemon: saslauthdsaslauthd[29778] :main
: num_procs : 5
saslauthd[29778] :main: mech_option: NULL
saslauthd[29778] :main: run_path : /var/run/saslauthd
saslauthd[29778] :main: auth_mech : pam
saslauthd[29778] :cache_alloc_mm : mmaped shared memory segment on
file: /var/run/saslauthd/cache.mmap
saslauthd[29778] :cache_init : bucket size: 92 bytes
saslauthd[29778] :cache_init : stats size : 36 bytes
saslauthd[29778] :cache_init : timeout: 28800 seconds
saslauthd[29778] :cache_init : cache table: 944764 total bytes
saslauthd[29778] :cache_init : cache table: 1711 slots
saslauthd[29778] :cache_init : cache table: 10266 buckets
saslauthd[29778] :cache_init_lock : flock file opened at
/var/run/saslauthd/cache.flock
saslauthd[29778] :ipc_init: using accept lock file:
/var/run/saslauthd/mux.accept
saslauthd[29778] :detach_tty : master pid is: 0
saslauthd[29778] :ipc_init: listening on socket:
/var/run/saslauthd/mux
saslauthd[29778] :main: using process model
saslauthd[29779] :get_accept_lock : acquired accept lock
saslauthd[29778] :have_baby : forked child: 29779
saslauthd[29778] :have_baby : forked child: 29780
saslauthd[29778] :have_baby : forked child: 29781
saslauthd[29778] :have_baby : forked child: 29782
saslauthd[29779] :rel_accept_lock : released accept lock
saslauthd[29780] :get_accept_lock : acquired accept lock
saslauthd[29779] :cache_get_rlock : attempting a read lock on slot: 1682
saslauthd[29779] :cache_lookup: [login=paul] [service=]
[realm=sieve]: not found, update pending
saslauthd[29779] :cache_un_lock : attempting to release lock on slot: 1682
Re: How to test timsieved
Dan White schreef:
> On 13/08/09 12:01 +0200, Paul van der Vlis wrote:
>> Duncan Gibb schreef:
>>> Paul van der Vlis wrote:
>>>
>>>> C: AUTHENTICATE "PLAIN" {16+}
>>>> AHBhdWwAZXJ1NGJj
>>>
>>> I hope you changed your password after you posted that ;-)
>
> Let me echo that statement, since it looks like you're logging in as root!
> Your password is now publicly known.
I did change the password (and it was not the root-password).
>> Aug 13 11:27:40 sigmund cyrus/timsieved[16455]: badlogin:
>> localhost[127.0.0.1] PLAIN authentication failure
>>
>> Aug 13 11:27:40 sigmund saslauthd[12960]: do_auth : auth
>> failure: [user=root] [service=sieve] [realm=] [mech=pam] [reason=PAM
>> auth error]
>>
>
> Try:
>
> testsaslauthd -u username -p password
> testsaslauthd -u username -p password -s sieve
> testsaslauthd -u username -p password -s imap
>
> Do you get different answers?
No, they give all: 0: OK "Success." when I do it as root or as user cyrus.
But when I execute "testsaslauthd" as another user, it fails with a
"connect() : Permission denied".
But this is also the case on the other machine what works correct.
> If not, can you include the output of 'grep sasl /etc/imapd.conf'?
> (assuming there is no sensitive information), and the contents of your
> /etc/default/saslauthd?
sasl_mech_list: PLAIN
sasl_minimum_layer: 0
#sasl_maximum_layer: 256
sasl_pwcheck_method: saslauthd
#sasl_auxprop_plugin: sasldb
sasl_auto_transition: no
/etc/default/saslauthd:
START=yes
MECHANISMS="pam"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-c"
Maybe this is important:
sigmund:~# ls -ld /var/run/saslauthd
lrwxrwxrwx 1 root root 37 2009-07-22 14:01 /var/run/saslauthd ->
/var/spool/postfix/var/run/saslauthd/
sigmund:~# ls -ld /var/spool/postfix/var/run/saslauthd/
drwx--x--- 2 root sasl 200 2009-07-22 14:02
/var/spool/postfix/var/run/saslauthd/
sigmund:~# ls -l /var/spool/postfix/var/run/saslauthd/
total 929
-rw--- 1 root root 0 2009-07-22 14:02 cache.flock
-rw--- 1 root root 945152 2009-07-22 14:02 cache.mmap
srwxrwxrwx 1 root root 0 2009-07-22 14:02 mux
-rw--- 1 root root 0 2009-07-22 14:02 mux.accept
-rw--- 1 root root 6 2009-07-22 14:02 saslauthd.pid
Thanks for your help!
With regards,
Paul van der Vlis.
--
http://www.vandervlis.nl/
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: How to test timsieved
Duncan Gibb schreef:
> Paul van der Vlis wrote:
>
>> C: AUTHENTICATE "PLAIN" {16+}
>> AHBhdWwAZXJ1NGJj
>
> I hope you changed your password after you posted that ;-)
>
>> S: NO "Authentication Error"
>> Authentication failed. generic failure
>> Security strength factor: 0
>
> PvdV> Anybody here knows how to find-out why the
> PvdV> authentication does not work?
>
> Assuming the Debian default logging config, have a look in
> /var/log/mail.log for lines containing both "sieve" and "badlogin".
Aug 13 11:27:40 sigmund cyrus/timsieved[16455]: badlogin:
localhost[127.0.0.1] PLAIN authentication failure
> If
> that looks OK apart from "authentication failure", look at
> /var/log/auth.log.
Aug 13 11:27:40 sigmund saslauthd[12960]: do_auth : auth
failure: [user=root] [service=sieve] [realm=] [mech=pam] [reason=PAM
auth error]
> PvdV> On another machine (with Cyrus 2.2) everything works fine.
>
> Then you can use the two configurations to compare.
Yes, there is no big difference.
> Does IMAP authentication on the _same_ machine work?
Yes.
> What settings are you using for (sieve_)allowplaintext and tls_*?
I don't have a "sieve_allowplaintext", I have tried it with "yes", but
it did not help.
allowplaintext: yes
I have the same problems with "tls_sieve_cert_file: disabled" or not, so
I think the problem is not tls-related.
> What is your authentication backend?
saslauthd -> pam -> unix
In the pam modules for both imap and sieve I have:
@include common-auth
@include common-account
Thanks for your help.
With regards,
Paul van der Vlis.
--
http://www.vandervlis.nl/
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: How to test timsieved
Dave McMurtrie schreef:
> Paul van der Vlis wrote:
>> Hello,
>>
>> I am using a program called Ingo to manage my sieve-scripts.
>> http://www.horde.org/ingo/
>>
>> But it does not work anymore, when change a sieve script it says:
>>
>> Changes saved.
>> There was an error activating the script. The driver said:
>> "Authentication Error"
>>
>> The rest of the (web)mail server works fine.
>>
>> The driver is timsieved. How can I test timsieved directly, so without
>> Ingo? I will add some things at the end of the mail what I have
>> allready tried. I think sieve accepts plain passwords.
>
> Try sivtest. It still relies on you knowing enough about the protocol
> to know what you want to test, but it will take care of the connection
> and authentication parts for you.
Ah, looks-like the problem is in Sieve:
p...@sigmund:~$ sivtest -v localhost
S: "IMPLEMENTATION" "Cyrus timsieved v2.1.18-IPv6-Debian-2.1.18-5.1"
S: "SASL" "PLAIN"
S: "SIEVE" "fileinto reject envelope vacation imapflags notify
subaddress relational regex"
S: OK
Please enter your password:
C: AUTHENTICATE "PLAIN" {16+}
AHBhdWwAZXJ1NGJj
S: NO "Authentication Error"
Authentication failed. generic failure
Security strength factor: 0
Anybody here knows how to find-out why the authentication does not work?
On another machine (with Cyrus 2.2) everything works fine.
Thanks for you help!
With regards,
Paul van der Vlis.
--
http://www.vandervlis.nl/
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
How to test timsieved
Hello,
I am using a program called Ingo to manage my sieve-scripts.
http://www.horde.org/ingo/
But it does not work anymore, when change a sieve script it says:
Changes saved.
There was an error activating the script. The driver said:
"Authentication Error"
The rest of the (web)mail server works fine.
The driver is timsieved. How can I test timsieved directly, so without
Ingo? I will add some things at the end of the mail what I have
allready tried. I think sieve accepts plain passwords.
With regards,
Paul van der Vlis.
p...@sigmund:/usr/lib/sasl2$ telnet localhost sieve
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
"IMPLEMENTATION" "Cyrus timsieved v2.1.18-IPv6-Debian-2.1.18-5.1"
"SASL" "PLAIN"
"SIEVE" "fileinto reject envelope vacation imapflags notify subaddress
relational regex"
OK
p...@sigmund:/usr/lib/sasl2$ imtest -m login localhost
S: * OK sigmund Cyrus IMAP4 v2.1.18-IPv6-Debian-2.1.18-5.1 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS ANNOTATEMORE
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN paul {6}
S: + go ahead
C:
S: L01 OK User logged in
Authenticated.
Security strength factor: 0
--
http://www.vandervlis.nl/
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Db4 problems
Andrew Morgan schreef: > Here's what I recommend - get rid of Berkeley DB in Cyrus and use > skiplist instead. :) Thanks for your help. I tested it and it seemed to work. Now it's running in production for a few hours too, and I have seen no errors anymore ;-) With regards, Paul van der Vlis. -- http://www.vandervlis.nl/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Db4 problems
Hello! I have errors in my log, and sometimes Cyrus crashes and I have to reboot the server because restarting gives this error: mail:~# /etc/init.d/cyrus2.2 restart Stopping Cyrus IMAPd: cyrmaster. Waiting for complete shutdown fatal: incomplete shutdown detected, aborting. In the log I see all the time errors like: -- Jul 1 10:35:27 mail cyrus/imap[16841]: DBERROR db4: Database handles open during environment close Jul 1 10:35:27 mail cyrus/imap[16841]: DBERROR: error exiting application: Invalid argument -- When Cyrus stops working I see this in the logs: --- Jul 1 10:40:04 mail cyrus/imap[16920]: DBERROR db4: Logging region out of memory; you may need to increase its size Jul 1 10:40:04 mail cyrus/imap[16920]: DBERROR: opening /var/lib/cyrus/tls_sessions.db: Cannot allocate memory Jul 1 10:40:04 mail cyrus/imap[16920]: DBERROR: opening /var/lib/cyrus/tls_sessions.db: cyrusdb error - I am not sure what's the problem here. Do I need to increase the memory size of the Berkeley database? and where can I do that? Can I remove /var/lib/cyrus/tls_sessions.db? (I have the same problem with deliver.db.) What will be that "Databases handles open during environment close", can that give this problem? With regards, Paul van der Vlis. -- http://www.vandervlis.nl/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: delete specific mail in all folders
Gerald Nowitzky schreef: > Hello! > > I have been confronted with a request today: We are running cyrus as imap > server. We have currently about 3 million files and 150GB in our mail dir. > One user has accidently sent something confidential to all users via a list. > The request was, of course, to delete the mail from all mailboxes. Is there > any reasonable approach to do something like this? Maybe you could use 'find' with some characteristics of the message, like the size and the date. You could replace the found files with the same message, but where all what is confidential was removed. With regards, Paul van der Vlis. -- http://www.vandervlis.nl/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Disable pop for some users
Hello, Is it possible to disable POP for some users, so they can only use IMAP? This to avoid the risk that people configure POP by mistake in their client, and download all mail. But other users still need POP... With regards, Paul van der Vlis. -- http://www.vandervlis.nl/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
autocreatequota
Hello, I read in "The book of IMAP" the following about the autocreatequota option in imapd.conf: - If you enter a value other than 0, Cyrus will automatically create mailboxes for new users when they first log in, and then limit de memory available to these mailboxes to the quota value you specify here. (...) - I have tried that, but no mailbox was autocreated ;-( In de man-page of imapd.conf I see the following: - autocreatequota: 0 If nonzero, normal users may create their own IMAP accounts by creating the mailbox INBOX. The user's quota is set to the value if it is positive, otherwise the user has unlimited quota. -- Does autocreation of mailboxes only work with the autocreate-patch? I am using Cyrus 2.2.13. With regards, Paul van der Vlis. -- http://www.vandervlis.nl/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Some sub-mailboxes are gone
Hello, I have a customer where some important sub-mailboxes are gone. Other sub-mailboxes are still there. The customer is using Cyrus 2.1 and Thunderbird 1.5 as IMAP client. The backups are too old. In Cyrus 2.2 I see something like "Delete mailbox ..." in the logs when a mailbox is deleted, but in Cyrus 2.1 there is nothing in the logs when a mailbox is deleted, correct? When I delete a mailbox in Thunderbird I get many warnings, I don't think they have really deleted the mailbox. Maybe they moved it by accident to another location, but I cannot find it. What could be wrong? With regards? Paul van der Vlis. -- http://www.vandervlis.nl/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Rights question
Joseph Brennan schreef: > > --On Monday, December 15, 2008 17:30 +0100 Paul van der Vlis > wrote: > >> Hello, >> >> I gave "anyone" the right to list and post to the mailbox user.jan.Sent. >> But when I give that as the folder for sent-messages in Thunderbird, I >> get an error "refused". What do I wrong? >> >> localhost> lam user.jan.Sent >> jan lrswipcda >> anyone lp >> >> I don't want that anyone can read all the messages, only post messages. > I assume you are not the user 'jan'. No, the sysadmin. > Sent messages are not mailed, but written with imap, so you need the > 'i' right to save sent mail there. OK thanks, it works. With regards, Paul van der Vlis. -- http://www.vandervlis.nl/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Rights question
Hello, I gave "anyone" the right to list and post to the mailbox user.jan.Sent. But when I give that as the folder for sent-messages in Thunderbird, I get an error "refused". What do I wrong? localhost> lam user.jan.Sent jan lrswipcda anyone lp I don't want that anyone can read all the messages, only post messages. Met vriendelijke groet, Paul van der Vlis. -- http://www.vandervlis.nl/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Logging IP numbers for POP3 and IMAP
Hello, Is it possible to log the IP-numbers from people who access a server using POP3 or IMAP? Or is there maybe a way to block people who do a trying too many passwords? With regards, Paul van der Vlis. -- http://www.vandervlis.nl/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Conversion Debian Cyrus 2.1 to 2.2, experiences
Gabor Gombas schreef: > On Thu, Aug 07, 2008 at 10:51:21AM +0200, Paul van der Vlis wrote: > >> make backups: >> cp -a /var/lib/cyrus /var/lib/cyrus-backup >> cp -a /var/spool/sieve /var/spool/sieve-backup >> cp -a /usr/lib/cyrus/ /usr/lib/cyrus-backup >> cp -a /var/spool/cyrus /var/spool/cyrus-backup >> The last one takes long... > > Don't you have regular backups? If you don't, you should better start > doing them... I do have regular backups, but if I do something like this I like a way back to the old situation, without the loss of the mail since the last backup. > Anyway, you can use rsync to make an initial copy while > the old service is still running and a much quicker update when the old > service is stopped. Correct, that's better. >> remove packages: >> apt-get remove cyrus21-common cyrus21-admin cyrus21-clients >> libcyrus-imap-perl21 >> dpkg --get-selections | grep cyrus >> >> backup config-files: >> mv /etc/imapd.conf /etc/imapd.conf.backup >> mv /etc/cyrus.conf /etc/cyrus.conf.backup > > I'd do that _before_ removing the packages... Without --purge, the configfiles are not removed. But maybe your way is better. >> install packages: >> apt-get install cyrus-imapd-2.2 cyrus-admin-2.2 cyrus-clients-2.2 >> libcyrus-imap-perl22 db4.2-util cyrus-pop3d-2.2 >> >> choose to overwrite cyrus.conf and imapd.conf (I wonder why this files >> are still there). > > Because you've used "apt-get remove" instead of "apt-get purge". I did also a "mv /etc/imapd.conf /etc/imapd.conf.backup" etc. > This was my recipe for a 2.1 -> 2.3 (from experimental) migration: > > cd /var/lib/cyrus/db > db3_recover > cd /var/lib/cyrus > db4.X_upgrade deliver.db > rm tls*db > cd db > db4.X_checkpoint -1 > > (replace 'X' with the correct BDB version) Thanks for the information! With regards, Paul van der Vlis. -- http://www.vandervlis.nl/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Conversion Debian Cyrus 2.1 to 2.2, experiences
Gabor Gombas schreef: > On Thu, Aug 14, 2008 at 11:49:43AM +0200, Paul van der Vlis wrote: > >>> Just a side note: I am pretty sure your mailboxes.db is a skiplist >>> database which is AFAIK the default for mailboxes.db in Cyrus IMAP 2.1 >>> and 2.2. No conversion is necessary. >> I think that's correct, but I don't know for sure how to check the type. >> The conversed machines are working fine. > > # file mailboxes.db > mailboxes.db: Cyrus skiplist DB > > Gabor > On an old server: elo:/var/lib/cyrus# file mailboxes.db mailboxes.db: Apple QuickTime movie (modified) ??? When I use "strings mailboxes.db" the first line says: skiplist file So I think it's a skiplist file. Thanks for your help! It still gives an correct answer on some other databases. Met vriendelijke groet, Paul van der Vlis. -- http://www.vandervlis.nl/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Conversion Debian Cyrus 2.1 to 2.2, experiences
Pascal Gienger schreef:
> Paul van der Vlis <[EMAIL PROTECTED]> wrote:
>
>> then convert the databases (on one line):
>> find /var/lib/cyrus/ -name \*.db -print -exec /usr/bin/db4.2_upgrade
>> {} \;
>
>> db_upgrade: /var/lib/cyrus/mailboxes.db: unrecognized file type
>
>> So "mailboxes.db" did not work, but the other databases did.
>
> Just a side note: I am pretty sure your mailboxes.db is a skiplist
> database which is AFAIK the default for mailboxes.db in Cyrus IMAP 2.1
> and 2.2. No conversion is necessary.
I think that's correct, but I don't know for sure how to check the type.
The conversed machines are working fine.
The file /usr/lib/cyrus/cyrus-db-types.active of the old systems says:
DBENGINE BerkeleyDB3.2
DUPLICATE db3_nosync
MBOX skiplist
SEEN skiplist
SUBS flat
TLS db3_nosync
The file cyrus-db-types.txt is the same.
The new systems are working fine, and this is the cyrus-db-types.active:
ANNOTATION skiplist
DBENGINE BerkeleyDB4.2
DUPLICATE berkeley-nosync
MBOX skiplist
PTS berkeley
QUOTA quotalegacy
SEEN skiplist
SUBS flat
TLS berkeley-nosync
> Do you have any database type declarations in your imapd.conf?
No, I did nothing special, and I did not found anything like that in my
imapd.conf.
Some of the systems did use Cyrus 1.5 before. The conversion was
difficult I can remember. But the file cyrus-db-types.active is the same
as the other old systems.
And I used everywhere Debian-packages.
With regards,
Paul van der Vlis.
--
http://www.vandervlis.nl/
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Conversion Debian Cyrus 2.1 to 2.2, experiences
-r /usr/lib/cyrus-backup
rm -r /var/spool/cyrus-backup
rm /etc/imapd.conf.backup
rm /etc/cyrus.conf.backup
With regards,
Paul van der Vlis.
the script I did not use, at the end. But maybe useable in another
situation:
-
su cyrus
cd /
mv /var/lib/cyrus/mailboxes.db /var/lib/cyrus/mailboxes.db.old \
/usr/sbin/cvt_cyrusdb /var/lib/cyrus/mailboxes.db.old flat \
/var/lib/cyrus/mailboxes.db skiplist
chown cyrus:mail /var/lib/cyrus/mailboxes.db
rm -f /var/lib/cyrus/mailboxes.db.old
find /var/lib/cyrus/ -name \*.seen -print -exec mv {} {}.old \; \
-exec /usr/sbin/cvt_cyrusdb {}.old flat {} skiplist \; \
-exec chown cyrus:mail {} \;
find /var/lib/cyrus/ -name \*.seen.old -print -exec rm {} \;
--
http://www.vandervlis.nl/
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Refusing users without a mailbox?
Patrick Boutilier schreef: > Paul van der Vlis wrote: >> Hello, >> >> A customer is using a system with a mailserver and a FTP-server on one >> machine. >> >> Now a FTP-user found out, that he can login with his FTP-username and >> password into the webmail (Horde/IMP), and send mail. >> >> FTP-users do not have a mailbox. Is there a way to make the >> authentication "not OK" for users without a mailbox? >> Or only "OK" for users who are member of a group? > > You should be able to use pam_require > (http://www.splitbrain.org/projects/pam_require). Make a group for your > mail users and put the users in that group. Then configure > /etc/pam.d/imap (or wherever your pam config is located) to use > pam_require to require that users that want to log into Cyrus be in that > group. It's a good idea and I can do it. But my distribution (Debian) does not support this pam-module, so I have no security support. But I found pam_group, part of libpam-modules. This seems to do what I want. With regards, Paul van der Vlis. -- http://www.vandervlis.nl/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Refusing users without a mailbox?
Hello, A customer is using a system with a mailserver and a FTP-server on one machine. Now a FTP-user found out, that he can login with his FTP-username and password into the webmail (Horde/IMP), and send mail. FTP-users do not have a mailbox. Is there a way to make the authentication "not OK" for users without a mailbox? Or only "OK" for users who are member of a group? I am using Cyrus with saslauthd, PAM and the traditional Unix authentication mechanism (pam_unix.so). With regards, Paul van der Vlis. -- http://www.vandervlis.nl/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Move to new server/Upgrade question
Lars Schimmer schreef: > Paul van der Vlis wrote: >> Hello, > >> I want to move all mail to a new server. Old server has Cyrus 2.1.18 >> (Debian Sarge), new server has Cyrus 2.2.13 (Debian Etch). > >> In the past, I just copied all files in >> /var/spool/cyrus/ >> /var/lib/cyrus >> But, is this a good way? > >> Alternative is imapcopy. But I see you need a list of all users and >> passwords. That's a lot work to make (650 users). Isn't it possible to >> use the admin-user to copy everything? > > Which reminds me of my wish to upgrade from sarge to etch. > - From Cyrus 2.1.18 to Cyrus 2.2.13. Etch has both 2.1.18 and 2.2.13, so you can upgrade to Etch before you upgrade Cyrus to 2.2.13. > AFAIK there was a db change involved, or? > Has anyone done this with his server, any problems to expect? I did it without real problems. But I have seen that some (not all) clients are a lot slower when they switch to another folder (Thunderbird client is used). I am not sure what the reason is. It is not an authentication-issue because testsaslauthd works fast. With regards, Paul van der Vlis. -- http://www.vandervlis.nl/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Move to new server
Adam Tauno Williams schreef: >> I want to move all mail to a new server. Old server has Cyrus 2.1.18 >> (Debian Sarge), new server has Cyrus 2.2.13 (Debian Etch). >> In the past, I just copied all files in >> /var/spool/cyrus/ >> /var/lib/cyrus >> But, is this a good way? > > It probably works. That's true, but maybe I keep old database-formats ? >> Alternative is imapcopy. But I see you need a list of all users and >> passwords. That's a lot work to make (650 users). > > Or just connect as a user with administrative access. We did a > migration with imapcopy, no need to know all the user's passwords. > >> Isn't it possible to use the admin-user to copy everything? > > Yep. Nice to hear, thanks! Can I use something like this in ImapCopy.cfg ? # # List of users and passwords # # SourceUserSourcePassword DestinationUser DestinationPw Copy"cyrus" "cyruspw""cyrus" "cyruspw" And is it fast? Met vriendelijke groet, Paul van der Vlis. -- http://www.vandervlis.nl/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
