Re: cyrus-imapd exporting databases failed on shutdown - deliver.db.skiplist 2048M
> 2020. 06. 20, szombat keltezéssel 21.31-kor Simon Matter ezt írta: >> Hi, >> >> The question is why is the deliver db > 2GB in skiplist format? Is it >> normal or do you have a corrupt BDB db or does your db pruning not work >> for deliverdb. I think that should be something like 'delprune >> cmd="cyr_expire -D 7 -E 3 -X 7" at=0400' in cyrus.conf. >> >> I think the easiest way would be to make sure you have pruning >> configured >> correctly, then change config of deliver db to skiplist, and start >> without >> a db so a new, empty deliver db is created. >> >> Then have an eye on the db file to see if it grows again to almost 2GB. >> If >> it doesn't grow so much, you should be fine. >> >> Regards, >> Simon > > Hi, > > Something definitely not seems fine: > > -bash-3.2$ /usr/lib/cyrus-imapd/cyr_expire -E 3 -D 7 -X 7 -v Please make sure the options here are also valid for your cyrus version. However, I also guess your deliver.db is corrupted somehow. From my own experience skiplist dbs are easier to handle than bdb and using skiplist only has not shown any issues. Regards, Simon > > expunged 0 out of 0 messages from 0 mailboxes > > The deliver.db still about 48MB. > > Tomorrow I will continue. > > Thanks, > István > Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyrus-imapd exporting databases failed on shutdown - deliver.db.skiplist 2048M
> Hi, > > I run into a problem on an old clearos server, where the cyrus shutdown > always failed at step exporting databases. > As I checked the situation using ps ax on an other console, I found > that, it was exporting deliver.db.skiplist file, which failed after a > lng time (some minutes). > I checked that file on the filesystem, I saw the file size is 2048MB, > which seems a limit for me and I suspect the problem should be that, > the 32 bit cyrus cannot write more data to that file and caused the > problem. > As I read the db_export.log, that confirmed my theory, file size limit > exceeded. Hi, The question is why is the deliver db > 2GB in skiplist format? Is it normal or do you have a corrupt BDB db or does your db pruning not work for deliverdb. I think that should be something like 'delprune cmd="cyr_expire -D 7 -E 3 -X 7" at=0400' in cyrus.conf. I think the easiest way would be to make sure you have pruning configured correctly, then change config of deliver db to skiplist, and start without a db so a new, empty deliver db is created. Then have an eye on the db file to see if it grows again to almost 2GB. If it doesn't grow so much, you should be fine. Regards, Simon Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: imap clients say i have 4K messages but spool has 12894 files
> On Tue, 2020-05-26 at 08:47 -0500, Nic Bernstein wrote: >> >> |expunge_mode:| delayed >> >> The mode in which messages (and their corresponding cache >> entries) are expunged. “semidelayed” mode is the old behavior >> in >> which the message files are purged at the time of the >> EXPUNGE, >> but index and cache records are retained to facilitate >> QRESYNC. >> In “delayed” mode, which is the default since Cyrus 2.5.0, > > So this doesn't apply to my 2.4.17 then does it? How did you install your 2.4.17 server? Because you don't run the latest of the 2.4 series I guess you have installed it from packages? If so it's possible that you distribution uses different configuration than the default, at build time. You should check this. Regards, Simon Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: [Help] Cyrus 2.4.17 segfault
> Hello, > > we are experiencing a strange problem on cyrus-imapd 2.4.17. > > An user user/a has full ACL to another mailbox user/b. When the user/a > SELECT a folder on user/b where he has access the imap process crashes. > > $ telnet cyrus.example.com 143 > Trying 10.10.10.10 ... > Connected to cyrus.example.com. > Escape character is '^]'. > * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE AUTH=PLAIN SASL-IR] > cyrus.example.com Cyrus IMAP v2.4.17-Invoca-RPM-2.4.17-6.el6 server ready > a authenticate plain dsfrrFwaWNlQGNzaS5pdABveGN5cnVzAENdfsdfMx > a OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA > MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN > MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ > SORT=DISPLAY THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE > LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY > X-NETSCAPE LOGINDISABLED COMPRESS=DEFLATE IDLE] Success (no protection) > SESSIONID= > a SELECT "user/b/SOME THINGS/WATER" > Connection closed by foreign host. > > > Could you suggest me some way to resolve this problem? I don't know but if it's a bug then it's probably solved in current version 2.4.20. Simon Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: script to check quota failed
> Hi, > > seems that there is a problem with your cyrus quota tree > (/var/lib/cyrus/quota) or at least some of its files. In the case of RHEL6 this will be /var/lib/imap/quota/. I suggest to look at the quota files there, they have names like user. and are text files with two lines. Should be easy to find the broken file. Regards, Simon > > Maybe strace command may help you find which files are corrupt: > su - cyrus -c "strace /usr/lib/cyrus-imapd/quota user" > > Anthony Prades > > On 3/18/19 2:32 PM, Stephane Branchoux wrote: >> Hello, >> >> We run cyrus-imapd-2.3.16-6 on a Red Hat Enterprise Linux Server >> release 6.10. >> >> 2 days ago, a power crash occured in our Datacenter. >> >> After reboot of cyrus imap, all seems ok except our script to check >> quota : >> >> su - cyrus -c "/usr/lib/cyrus-imapd/quota user" >> failed building quota list for 'user': System I/O error: %m >> >> I tried : >> >> su - cyrus -c "/usr/lib/cyrus-imapd/quota -f" >> failed building quota list for '*': System I/O error: %m >> >> Any idea ? >> >> Many thanks in advance >> >> >> >> Cyrus Home Page: http://www.cyrusimap.org/ >> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >> To Unsubscribe: >> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Which imap command to rename a root mailbox while maintaining its partition
> Hi, > > seems that there is a problem with your cyrus quota tree > (/var/lib/cyrus/quota) or at least some of its files. In the case of RHEL6 this will be /var/lib/imap/quota/. I suggest to look at the quota files there, they have names like user. and are text files with two lines. Should be easy to find the broken file. Regards, Simon > > Maybe strace command may help you find which files are corrupt: > su - cyrus -c "strace /usr/lib/cyrus-imapd/quota user" > > Anthony Prades > > > On 3/18/19 10:13 AM, Marco wrote: >> Il 18/03/2019 08:25, Thomas Cataldo ha scritto: >>> Hi, >>> >>> On cyrus 2.4.x we used to run >>> A1 RENAME mbox1 mbox2 our_partition >>> >>> When we run that on cyrus 3.0.8 we get : >>> A1 NO Cross-server or cross-partition move w/rename not supported >>> >>> Is there a way to do this rename with one command with cyrus3. >>> If we run A1 RENAME mbox1 mbox2 >>> the mailbox is renamed as expected but it moves from our_partition to >>> default which is not what we want. >>> >>> Any suggestion ? >> >> Hello, no suggestions, I verified too. :( But if you have a mailbox >> with: >> >> folder1 --> part1 >> folder2 --> part2 >> >> then you can do: >> >> A1 RENAME folder1 folder2/folder1 >> >> and folder1 is now on part2. So, under some circumstances, a cross >> partition rename seems to be still supported... >> >> Bye >> Marco >> >> Ps: on the above example unixhierarchysep: 1 >> >> Cyrus Home Page: http://www.cyrusimap.org/ >> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >> To Unsubscribe: >> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Mailbox hierarchy determination?
> On 3/14/19 9:46 AM, Simon Matter wrote: >> I guess you're missing the fact that these options have possibly changed >> between releases. Another thing is that distribution packages can also >> alter the defaults and if they don't do it correct, they may "forget" to >> also change the docs accordingly. >> > > Thank you for your help with this. I think what you're saying is that > for my configuration I should have > >fulldirhash: 1 >hashimapspool: 1 > > > I'm not 100% certain how the defaults are set for my installation -- is > there any way to check this? Our RPMs create two files at build time: /usr/share/cyrus-imapd/rpm/imapd.conf.dist This is what the source distribution uses. /usr/share/cyrus-imapd/rpm/imapd.conf.default This is what the patched build uses. Unfortunately I don't know of a way to get the same info at run time. Regards, Simon Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Mailbox hierarchy determination?
> On 3/14/19 3:50 AM, Simon Matter wrote: >> >> Dirhashing is controlled by "fulldirhash" and "hashimapspool". >> > > > Right. This is what it says in imapd.conf: > > > fulldirhash: 0 >If enabled, uses an improved directory hashing scheme which hashes on > the entire username instead of using just the first letter as the hash. > This changes hash algorithm used for quota and user directories and if > hashimapspool is enabled, the entire mail spool. > > Note that this option CANNOT be changed on a live system. The server > must be quiesced and then the directories moved with the rehash utility. > > hashimapspool: 0 > If enabled, the partitions will also be hashed, in addition to the > hashing done on configuration directories. This is recommended if one > partition has a very bushy mailbox tree. > > > I don't have these options enabled, and my interpretation of this > description is that enabling them would facilitate my configuration, not > the other way around. This is what confused me in the first place. > > What am I missing? I guess you're missing the fact that these options have possibly changed between releases. Another thing is that distribution packages can also alter the defaults and if they don't do it correct, they may "forget" to also change the docs accordingly. Regards, Simon Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Mailbox hierarchy determination?
> The first couple of times I set up cyrus-imapd I used Debian packages
> which separated mailboxes in the default partition into folders based on
> the starting letter of the mailbox; i.e. something like:
>
>/var/spool/cyrus/mail/{[A-Z,a-z,0-9]}/user
>
> Since I have fewer than 50 users and since I found myself frequently
> "going to the files" so to speak to definitely determine the presence or
> absence of some message a user was concerned about, this hierarchy was
> something of a annoyance, so during the last major upgrade I switched
> this to:
>
> /srv/imap/{user1,user2,...,userN}
>
> i.e. flattening the folder structure and moving the default partition to
> a large non-system disk unaffected by /var volatility.
>
> Now for the life of me I can't figure out what setting in imapd.conf (if
> any) facilitated this structure (not the location of the default
> partition, but rather not using the [A-Z,a-z,0-9] subfolders.
>
> Last time I left the sieve folders divided by letter; in the next
> iteration I'd like to flatten that folder structure to.
>
> Looking at the Arch package post_install script, it pre-creates a ton of
> folders:
>
> --
> # all kinds of directories needed for the IMAP spool
> for subdir in imap/{,db,log,msg,proc,socket,sieve}
> spool/imap/{,stage.}; do
> if [ ! -d /var/${subdir} ]; then
> mkdir -m 0750 -p "/var/${subdir}"
> fi
> done
> for subdir in imap/{user,quota,sieve} spool/imap; do
> for i in a b c d e f g h i j k l m n o p q r s t v u w x y z \
> A B C D E F G H I J K L M N O P Q R S T U V W X Y Z \
> 0 1 2 3 4 5 6 7 8 9; do
> if [ ! -d /var/${subdir}/${i} ]; then
> mkdir -m 0750 -p "/var/${subdir}/${i}"
> fi
> done
> --
>
> I'm wondering how much or if any of this is really necessary. Will cyrus
> autocreate the necessary folders if missing?
Dirhashing is controlled by "fulldirhash" and "hashimapspool".
IIRC creating the dirs like above is not needed, they are created on demand.
Regards,
Simon
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Cyrus-imapd 2.4.17: processes stick on mailbox locking resulting in total mailsystem failure
> Hi Ellie > > Thanks a lot, I will try to build and test 2.4.20 Maybe try this: http://www.invoca.ch/pub/packages/cyrus-imapd/RPMS/ils-7/SRPMS/cyrus-imapd-2.4.20-2.el7.src.rpm Regards, Simon Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: sieve runtime error
> Thanks, this got me looking into sendmail a little closer. I've never used
> the program and didn't realize a dummy sendmail binary was installed on my
> system. Actually installed sendmail and it works now, messages are being
> filtered.
You don't have to install sendmail, also postfix has a compatible sendmail
binary. Only the sendmail config in imapd.conf may not point to it.
Regards,
Simon
>
> On Tue, Dec 18, 2018 at 4:32 AM Simon Matter
> wrote:
>
>> > I'm trying to setup sieve and getting the following error in my logs:
>> >
>> > Dec 17 10:36:07 bllmail01 cyrus/lmtp[14530]: sieve runtime error for
>> > jschaef...@harmonywave.net id
>> > :
>> > Reject: Sendmail process terminated normally, exit status 255
>> >
>> >
>> > I'm following the documentation here:
>> >
>> https://www.cyrusimap.org/imap/reference/admin/sieve.html?highlight=sieve#testing-the-sieve-server
>> >
>> > I'm trying to get sieve working on my IMAP server. Using Ubuntu 16.04
>> with
>> > the cyrus-imapd 2.4.18-3 package. I'm using the test sieve script
>> shown
>> in
>> > the documentation to reject everything from my personal email:
>> >
>> > require ["reject","fileinto"];
>> > if address :is :all "From" "jschaeffer0...@gmail.com"
>> > {
>> > reject "testing";
>> > }
>> >
>> > I then connect using sieveshell, upload the file, and activate it:
>> >
>> > root@bllmail01:~# sieveshell -u jschaef...@harmonywave.net -a
>> > jschaef...@harmonywave.net mail.harmonywave.cloud
>> > connecting to mail.harmonywave.cloud
>> > Please enter your password:
>> >> put /tmp/testing.sieve testing
>> >> activate testing
>> >> list
>> > testing <- active script
>> >> quit
>> >
>> > However when I send a test email from my personal account to the email
>> > I have setup on the IMAP server it always comes through and I get this
>> > in mail.log:
>> >
>> > Dec 17 10:36:07 bllmail01 cyrus/lmtp[14530]: sieve runtime error for
>> > jschaef...@harmonywave.net id
>> > :
>> > Reject: Sendmail process terminated normally, exit status 255
>>
>> I think sieve tries to send mail using the configured sendmail binary
>> and
>> that doesn't work for some reason. You may check the sendmail config in
>> your imapd.conf and also consult the mail logs to learn more.
>>
>> Regards,
>> Simon
>>
>>
>
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: What happened to normalizeuid?
> Hi, > > I considered opening a Github issue, but the question seems too trivial > for > that. > > I'm playing around with cyrus-imapd-3.0.0-rc1. When I ran "cyr_info > conf-lint" on the conf files from our 2.4.x production server, I got a few > items I knew how to deal with, but also this: > > normalizeuid: 1 > tls_require_cert: off > > tls_require_cert was off by default anyway, and all the tls options were > reworked a lot, so I figured that one could just be dropped. > > But in 2.4 normalizeuid 1 was off by default. I couldn't find the string > normalizeuid anywhere in the source or the release notes. I'd say that's > bad. If you get rid of an option, that should be documented. What is the > new default? Hi, We and others had this as a patch in our RPMs but I think it has never been part of vanilla cyrus-imapd. Regards, Simon Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: imap impersonate
> Hi, > is there any mechanism with Cyrus imap to impersonate another user? > I've seen other imap servers scenarios where one may use plain > authentication and sending user as mailboxuser plus a separator plus > adminuser and use only adminpassword, to get access to the mailboxuser as > is (dovecot, exchange). > Anything like this in Cyrus? > Gabriele Hi Gabriele, Check the "proxyservers" directive in imapd.conf. Regards, Simon Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Could not connect to socket /var/imap/socket/lmtp: Connection refused by localhost
> Hi. > > On 17.01.2017 19:09, Andy Dorman via Info-cyrus wrote: >> >> I am not an expert by any means and I hope someone corrects me if I >> make a bad suggestion...but I have two questions: >> >> 1. It sounds like you have a heavily used server, so why do you have >> Cyrus listening on both "localhost:lmtp" AND a unix socket >> "/var/imap/socket/lmtp"? >> >> From the log entry it looks like your MTA uses a unix socket. Unless >> you have something else (mail clients or other MTAs running on your >> Cyrus server?) that need to communicate via the localhost:lmtp port, >> you could comment out the unneeded lmtp service line and save those >> resources. > Well, on one hand you are right, seems like noone uses network lmtp > connections, but on the other hand how can the idle processes save > resources ? They only can save the memory, which doesn't seem to be the > problem. However, I will try you advice. >> >> 2. You say "increasing this value can make the situation even worse". >> Which value? There are 5 values on those two lines that you could >> increase. And by "even worse" do you mean even more refused >> connections? > The maxchild number. >> >> While I am not a Cyrus guru, I have seen my share of overloaded mail >> servers and if you are running into a disk IO limit, adding more >> processes fighting over a limited resource is very likely to make >> things worse. So you should also confirm a hardware limitation is not >> at play here. > Yup, this is exaclty what happens when increasing the maxchild number: > more messages start to bounce. And yes, the disks iops seems to be the > limiting factor. So, are there any other approaches besides scaling out > the disks iops ? I remember a situation more than a decade ago where we had to tune this. The problem with LMTP deliveries was that a lot of mails with hundreds of recipients on the same server were sent. Our Postfix MTA has sent every mail by a single LMTP transfer which resulted in high LMTP load and prevented effective usage of single instance store. The problem was solved by setting "local_destination_recipient_limit = X00" on the Postfix MTA (I don't remember the exact number). Regards, Simon Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: FreeBSD 9.3 STABLE, cyrus-imapd 2.5.9, Listen queue overflow
Hi,
I'm not an expert in this but just a wild guess: Could it be that you have
an issue with /dev/random or /dev/urandom?
Maybe others on this list can tell more about it and you can search the
list archives to find some information on the topic.
Regards,
Simon
> Hello.
>
> I have strange problem with cyrus-imapd 2.5.9, after upgrade my server
> OS from FreeBSD 7 to FreeBSD 9.3 STABLE and cyrus-imapd from 2.3.x to
> 2.5.9. All packages reinstalled after upgrade OS.
> A problem that, after a 2 or 4 or 7 days (differently) of normal work of
> service cyrus-imapd, he freeze. Users can't connect to mailboxes.
> In the dmesg log i see it - sonewconn: pcb 0xfe0101da7c40: Listen
> queue overflow: 49 already in queue awaiting acceptance (12 occurrences).
> And netstat -LAan show me it - fe0081a747a0 tcp4 49/0/32
> *.993.
> Why queue overflow, i'm not understand. I think that a problem in the
> process idled, because after stoped cyrus-imapd process
> ("/usr/local/etc/rc.d/imapd stop"), several processes of idled are
> visible in the list of processes (ps -ax).
> I run command "kiilall -9 idled" and "/usr/local/etc/rc.d/imapd start" -
> service normal work.
>
> Sorry about my english, my english is hard.
> Maybe someone help me.
>
> i have provided below detailed information about system and from logs
> (service cyrus-imapd freeze).
>
> System information:
> # uname -a
> FreeBSD mail.spectrum.ru 9.3-STABLE FreeBSD 9.3-STABLE #0: Sat Jul 2
> 17:48:04 MSK 2016
> old...@mail.spectrum.ru:/usr/obj/usr/src/sys/SRVKERNEL amd64
>
> # pkg info | grep cyrus
> cyrus-imapd25-2.5.9The cyrus mail server, supporting POP3
> and IMAP4 protocols
> cyrus-sasl-2.1.26_12 RFC SASL (Simple Authentication and
> Security Layer)
> cyrus-sasl-saslauthd-2.1.26_3 SASL authentication server for cyrus-sasl2
>
>
> Conf files
> # cat /usr/local/etc/cyrus.conf
> START {
> idled cmd="idled"
> recover cmd="ctl_cyrusdb -r"
> # syncclient cmd="sync_client -r"
> }
>
> SERVICES {
> imapcmd="imapd" listen="imap" prefork=0
> imaps cmd="imapd -s" listen="imaps" prefork=0
> pop3cmd="pop3d" listen="pop3" prefork=0
> pop3s cmd="pop3d -s" listen="spop3" prefork=0
> sieve cmd="timsieved" listen="sieve" prefork=0
> lmtpunixcmd="lmtpd" listen="/data/imap/socket/lmtp"
> prefork=0
> smmap cmd="smmapd" listen="/data/imap/socket/smmap"
> prefork=1
> # syncclient cmd="sync_client -r" listen="csync" prefork=1
> }
>
> EVENTS {
> checkpoint cmd="ctl_cyrusdb -c" period=30
> delprunecmd="cyr_expire -v -E 3" at=0400
> tlsprunecmd="tls_prune" at=0400
> squattercmd="squatter -i" at=0100
> }
>
> # cat /usr/local/etc/imapd.conf
> admins: cyrus
> allowanonymouslogin: no
> allowplaintext: yes
> altnamespace: yes
> annotation_db: skiplist
> configdirectory: /data/imap
> defaultpartition: default
> duplicate_db: berkeley-nosync
> imapidresponse: yes
> imapmagicplus: 0
> lmtp_downcase_rcpt: 1
> lmtpsocket: /data/imap/socket/lmtp
> mboxlist_db: skiplist
> munge8bit: 0
> partition-default: /data/spool/imap
> postmaster: postmaster
> ptscache_db: berkeley
> rfc2046_strict: 0
> sasl_auxprop_plugin: sasldb
> sasl_log_level: 1
> sasl_mech_list: plain cram-md5 digest-md5 login
> sasl_pwcheck_method: auxprop
> seenstate_db: skiplist
> sendmail: /usr/sbin/sendmail
> sievedir: /data/imap/sieve
> subscription_db: flat
> # sync_authname: cyrus
> # sync_batch_size: 0
> # sync_host: support.spectrum.ru
> # sync_log: 1
> # sync_password: pDkazwok
> # sync_repeat_interval: 5
> # sync_shutdown_file: /data/imap/socket/syncshutdown
> tls_server_ca_file: /etc/ssl/imapserver.pem
> tls_server_cert: /etc/ssl/imapserver.pem
> tls_server_key: /etc/ssl/imapserver.pem
> tls_session_timeout: 1440
> unixhierarchysep: no
> virtdomains: userid
>
>
> Information from logs:
> # netstat -LAan
> Current listen queue sizes (qlen/incqlen/maxqlen)
> TcpcbProto Listen Local Address
> fe01257a33d0 tcp4 0/0/32 *.4190
> fe0125e45b70 tcp4 0/0/32 *.995
> fe00a4a38b70 tcp4 0/0/32 *.110
> fe0081a747a0 tcp4 49/0/32*.993
> fe00a434e000 tcp4 0/0/32 *.143
> fe00a4f453d0 tcp4 0/0/10 *.587
> fe0007ccd3d0 tcp4 0/0/10 *.465
> fe0125e453d0 tcp4 0/0/10 *.25
> fe0007ccd7a0 tcp4 0/0/512*.113
> fe0007ccdb70 tcp4 0/0/512*.79
> fe0007acc3d0 tcp4 0/0/128*.22
> fe00079947a0 tcp4 0/0/512127.0.0.1.8891
> fe00079943d0 tcp4 0/0/128*.888
> fe0007acd3d0 tcp4 0/0/128127.0.0.1.953
> fe0007994b70 tcp4 0/0/10 127.0.0.1.53
> unix 0/0/32 /data/imap/socket/smmap
> unix 0/0/32 /data/imap/socket/lmtp
> unix 0/0/32 /var/run/saslauthd/mux
> u
Re: stock centos 7 based Cyrus-imapd not working - troubleshooting suggestions?
> Trying to troubleshoot a centos 7/Cyrus-imap configuration. The process
> is not running correctly - the /var/log/maillog fills up with messages and
> once this grep string is executed this is what is seen:
>
> grep -v Fatal maillog | grep -v abnormally | grep -v "ptions not presen"
>
> Jun 18 12:23:42 mail master[20269]: setrlimit: Unable to set file
> descriptors limit to -1: Operation not permitted
> Jun 18 12:23:42 mail master[20269]: retrying with 4096 (current max)
> Jun 18 12:23:42 mail ctl_cyrusdb[20277]: recovering cyrus databases
> Jun 18 12:23:42 mail ctl_cyrusdb[20277]: done recovering cyrus databases
> Jun 18 12:23:42 mail master[20269]: unable to setsocketopt(IP_TOS):
> Operation not supported
> Jun 18 12:23:42 mail ctl_cyrusdb[20314]: checkpointing cyrus databases
> Jun 18 12:23:42 mail ctl_cyrusdb[20314]: done checkpointing cyrus
> databases
AFAIK those messages are normal and don't show any real problem. What
exactly does not work?
Regards,
Simon
>
>
>
> The firewall is off (to attempt to see if the setsocketopt would go away):
> # systemctl status firewalld
> firewalld.service - firewalld - dynamic firewall daemon
> Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled;
> vendor preset: enabled)
> Active: inactive (dead)
>
> And SELinux is set to not stop things.
> # getenforce
> Permissive
>
>
>
> strace /usr/lib/cyrus-imapd/cyrus-master isn't really being helpful either
>
> (lots snipped)
> access("/etc/system-fips", F_OK)= -1 ENOENT (No such file or
> directory)
> open("/etc/imapd.conf", O_RDONLY) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=692, ...}) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0x7f259e1b8000
> read(3, "configdirectory: /var/lib/imap\np"..., 4096) = 692
> read(3, "", 4096) = 0
> close(3)= 0
> munmap(0x7f259e1b8000, 4096)= 0
> uname({sys="Linux", node="mail.example.com", ...}) = 0
> close(0)= 0
> open("/dev/null", O_RDWR) = 0
> close(1)= 0
> open("/dev/null", O_RDWR) = 1
> close(2)= 0
> open("/dev/null", O_RDWR) = 2
> close(3)= -1 EBADF (Bad file descriptor)
> dup(0) = 3
> close(4)= -1 EBADF (Bad file descriptor)
> dup(0) = 4
> setrlimit(RLIMIT_NOFILE, {rlim_cur=RLIM64_INFINITY,
> rlim_max=RLIM64_INFINITY}) = -1 EPERM (Operation not permitted)
> open("/etc/localtime", O_RDONLY|O_CLOEXEC) = 5
> fstat(5, {st_mode=S_IFREG|0644, st_size=3559, ...}) = 0
> fstat(5, {st_mode=S_IFREG|0644, st_size=3559, ...}) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0x7f259e1b8000
> read(5, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\6\0\0\0\6\0\0\0\0"...,
> 4096) = 3559
> lseek(5, -2272, SEEK_CUR) = 1287
> read(5, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\7\0\0\0\7\0\0\0\0"...,
> 4096) = 2272
> close(5)= 0
> munmap(0x7f259e1b8000, 4096)= 0
> (lots more snipped)
>
> Nothing in the strace output for setsocketopt.
>
>
> Suggestions on what to do to figure out why on
> # cat /etc/redhat-release
> CentOS Linux release 7.2.1511 (Core)
>
> the installed packages
>
> # rpm -q -a | grep cyrus
> cyrus-imapd-2.4.17-8.el7_1.x86_64
> cyrus-sasl-devel-2.1.26-20.el7_2.x86_64
> cyrus-sasl-lib-2.1.26-20.el7_2.x86_64
> cyrus-imapd-utils-2.4.17-8.el7_1.x86_64
> cyrus-imapd-devel-2.4.17-8.el7_1.x86_64
> cyrus-sasl-plain-2.1.26-20.el7_2.x86_64
> cyrus-sasl-2.1.26-20.el7_2.x86_64
> cyrus-sasl-scram-2.1.26-20.el7_2.x86_64
> cyrus-sasl-md5-2.1.26-20.el7_2.x86_64
>
> are not working.
>
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: lmtpd triggering a delivery.db checkpointing (Cyrus 2.3.16)
> Hi, > > > Several times a month our server freezes up on deliveries and the system > load average shoots up into the hundreds. Things quickly return to normal > between one and two minutes later but this has always puzzled me. > > Today I was watching the system from up close when it happened. > > > May 17 10:59:14 lmtp[24980]: skiplist: checkpointed > /ssd/cyrs/imap/deliver.db (223062 records, 25295200 bytes) in 119 seconds > > > > I took a quick dive into the code but could not find where and when lmtpd > is supposed to trigger a delivery.db checkpointing action. Isn't it controlled by 'checkpointcmd="ctl_cyrusdb -c" period=30' in cyrus.conf? Simon Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Cannot connect with cyradm
> That did it, but why did I have to specify PLAIN? None of the docs mention > having to do that with a default install. I don't know, but you don't have a default install but a configuration tailored by fedora. Simon > > > On Fri, May 6, 2016 at 2:16 AM, Simon Matter > wrote: > >> > I am trying to set up a basic system with cyrus-imap and postfix on >> amazon >> > linux >> > >> > I can connect using imtest, but cannot connect with cyradm: >> > >> > Additionally, when I connect via a client with a user I know has mail, >> > it's >> > saying that no INBOX exists. Postfix's mail spool is /var/spool/mail, >> but >> > I >> > don't see anywhere to verify that imapd or lmtpd is looking there. >> > >> > Sorry if these are dumb questions. I'm completely new to cyrus-imap >> and >> > the >> > documentation at cyrusimap.org is extremely sketchy. >> > >> > Any advice appreciated. >> > >> > $ more /etc/imapd.conf >> > configdirectory: /var/lib/imap >> > partition-default: /var/spool/imap >> > admins: cyrus >> > sievedir: /var/lib/imap/sieve >> > sendmail: /usr/sbin/sendmail >> > hashimapspool: true >> > sasl_pwcheck_method: saslauthd >> > sasl_mech_list: PLAIN LOGIN >> > tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem >> > tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem >> > tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt >> > >> > $ grep MECH /etc/init.d/saslauthd >> > MECH=pam >> > >> > $ imtest -t "" -u cyrus -a cyrus localhost >> > S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS LOGINDISABLED >> > COMPRESS=DEFLATE] ip-172-31-1-214 Cyrus IMAP >> > v2.3.16-Fedora-RPM-2.3.16-6.9.amzn1 server ready >> > C: S01 STARTTLS >> > S: S01 OK Begin TLS negotiation now >> > verify error:num=18:self signed certificate >> > TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA >> (256/256 >> > bits) >> > C: C01 CAPABILITY >> > S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN AUTH=LOGIN >> SASL-IR >> > COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE >> UIDPLUS >> > NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ >> > THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE >> CONDSTORE >> > SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH >> > S: C01 OK Completed >> > Please enter your password: >> > C: A01 AUTHENTICATE PLAIN Y3lydXMAY3lydXMAaGVsbC1oYXRoLW5vLWZ1cnk= >> > S: A01 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED >> > COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE >> UIDPLUS >> > NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ >> > THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE >> CONDSTORE >> > SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH] Success (tls >> > protection) >> > Authenticated. >> > Security strength factor: 256 >> > . LIST "" "*" >> > . OK Completed (0.000 secs 1 calls) >> > . LOGOUT >> > * BYE LOGOUT received >> > . OK Completed >> > Connection closed. >> > >> > $ cyradm --user cyrus --authz cyrus localhost >> > Login disabled. >> > cyradm: cannot authenticate to server with as cyrus >> > $ cyradm --user cyrus --authz cyrus --auth pam localhost >> > verify error:num=18:self signed certificate >> > cyradm: cannot authenticate to server with pam as cyrus >> > $ cyradm --user cyrus --authz cyrus --auth shadow localhost >> > verify error:num=18:self signed certificate >> > cyradm: cannot authenticate to server with shadow as cyrus >> >> What does it do if you run with "--auch PLAIN" instead? >> >> Regards, >> Simon >> >> > Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Cannot connect with cyradm
> I am trying to set up a basic system with cyrus-imap and postfix on amazon > linux > > I can connect using imtest, but cannot connect with cyradm: > > Additionally, when I connect via a client with a user I know has mail, > it's > saying that no INBOX exists. Postfix's mail spool is /var/spool/mail, but > I > don't see anywhere to verify that imapd or lmtpd is looking there. > > Sorry if these are dumb questions. I'm completely new to cyrus-imap and > the > documentation at cyrusimap.org is extremely sketchy. > > Any advice appreciated. > > $ more /etc/imapd.conf > configdirectory: /var/lib/imap > partition-default: /var/spool/imap > admins: cyrus > sievedir: /var/lib/imap/sieve > sendmail: /usr/sbin/sendmail > hashimapspool: true > sasl_pwcheck_method: saslauthd > sasl_mech_list: PLAIN LOGIN > tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem > tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem > tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt > > $ grep MECH /etc/init.d/saslauthd > MECH=pam > > $ imtest -t "" -u cyrus -a cyrus localhost > S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS LOGINDISABLED > COMPRESS=DEFLATE] ip-172-31-1-214 Cyrus IMAP > v2.3.16-Fedora-RPM-2.3.16-6.9.amzn1 server ready > C: S01 STARTTLS > S: S01 OK Begin TLS negotiation now > verify error:num=18:self signed certificate > TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 > bits) > C: C01 CAPABILITY > S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN AUTH=LOGIN SASL-IR > COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS > NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ > THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE > SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH > S: C01 OK Completed > Please enter your password: > C: A01 AUTHENTICATE PLAIN Y3lydXMAY3lydXMAaGVsbC1oYXRoLW5vLWZ1cnk= > S: A01 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED > COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS > NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ > THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE > SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH] Success (tls > protection) > Authenticated. > Security strength factor: 256 > . LIST "" "*" > . OK Completed (0.000 secs 1 calls) > . LOGOUT > * BYE LOGOUT received > . OK Completed > Connection closed. > > $ cyradm --user cyrus --authz cyrus localhost > Login disabled. > cyradm: cannot authenticate to server with as cyrus > $ cyradm --user cyrus --authz cyrus --auth pam localhost > verify error:num=18:self signed certificate > cyradm: cannot authenticate to server with pam as cyrus > $ cyradm --user cyrus --authz cyrus --auth shadow localhost > verify error:num=18:self signed certificate > cyradm: cannot authenticate to server with shadow as cyrus What does it do if you run with "--auch PLAIN" instead? Regards, Simon Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
