Duplicate mailboxes
Hi. I seem to have a lot of mailboxes with the same name, for instance: cyradm> lm user/svei% [..] user/svein (\HasNoChildren) user/svein (\Noselect \HasChildren) [..] Is something amiss or do I worry groundlessly? -- Tore Anderson --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Usernames without alpha characters
* Simon Matter > I have no idea why this restriction exists but there is a patch > somewhere to make all numeric mailboxes possible. You're right. See <https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/cyrus/lib/auth_unix.c.diff?r1=1.37&r2=1.38>. That was committed 12 hours ago. I guess it's safe to back port that patch to 2.2.6, then - which makes me one happy chappy. :-) Apologies for the noise, -- Tore Anderson --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Usernames without alpha characters
* Tore Anderson > Hi. I've run into problems with usernames like "123" or "1_1". > What seems to be the common thing is that that none of them > contains alphabetic characters. Cyradm creates them just fine > (although they for some reason is created under the "q" directory > when using a hashed spool), and lmtpd delivers to them just fine. * Rob MacGregor > AFAIK a trawl of the archives of this list should give you more > info. I have a vague memory of a patch, but as you don't say what > version of Cyrus you're using I can't be any more help... Well, I did search the archives before posting, and did so again right now without much luck. The closest I get is a patch from 1998 which deals with a similar problem (usernames -starting- with digits). Do you remember the subject of the thread you're referring to? The version I'm using is 2.2.6. -- Tore Anderson --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Usernames without alpha characters
* Tore Anderson > Hi. I've run into problems with usernames like "123" or "1_1". > What seems to be the common thing is that that none of them > contains alphabetic characters. Cyradm creates them just fine > (although they for some reason is created under the "q" directory > when using a hashed spool), and lmtpd delivers to them just fine. > > However, logging into those accounts with POP3 or IMAP fails in > mysterious ways. After some more digging, I found the following in lib/auth_unix.c, function auth_canonifyid(): if (!sawalpha) return NULL; /* has to be one alpha char */ Certainly looks like the "bug" isn't there by mistake. :-) It is tempting to simply comment out that check. On the other hand, I assume there's a reason for that check to be there. But what that reason is I don't know. Could anyone enlighten me? Thanks, -- Tore Anderson --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Usernames without alpha characters
Hi. I've run into problems with usernames like "123" or "1_1". What seems to be the common thing is that that none of them contains alphabetic characters. Cyradm creates them just fine (although they for some reason is created under the "q" directory when using a hashed spool), and lmtpd delivers to them just fine. However, logging into those accounts with POP3 or IMAP fails in mysterious ways. pop3d says USER 1234 -ERR [AUTH] Invalid user and imapd says A0001 LOGIN 1234 foo A0001 NO Invalid user * BAD Invalid tag I don't really understand what's going on here. Have anyone else had this problem and found a solution they'd be willing to share? Thanks, -- Tore Anderson --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Disabling fallback between the sasl_pwcheck_methods
Hi. I have sasl_pwcheck_method: auxprop saslauthd in my imapd.conf. I intend to keep the admin user in a local sasldb2 file, while the regular users are kept in LDAP. I do not control the contents of the LDAP tree, but I want to make it impossible for someone to add an account with an admin name to the LDAP tree and be able to use it. From reading my logs, however, it seems that saslauthd is consulted if I enter an incorrect password for an user that does exist in sasldb2. Is it possible to disable this behaviour, and only fall back on saslauthd if the user does not exist in sasldb2 at all? Thanks, -- Tore Anderson --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: High availability ... again
* Etienne Goyer > Well, I did not consider that option since the SAN become a single > point-of-failure, and that is a big no-no according to the > specifications I have at the moment. > > If it would have been possible, it would have been my first choice > though. Most decent storage equipment meant for SANs has redundancy everywhere. Double powersupplies, double storage processors with mirrored memory/cache, and naturally the possibility to configure the disks in a fully redundant manner. It's easy to make the connection from the hosts to the storage redundant, too - just use two HBAs and two switches, and make sure both of the switches are connected to all the other end points (both SP's on the storage and both servers). In my opinion using a SAN is perfectly adequate for HA needs (it has not failed me, at least!), but it's your call of course. :-) Kind regards, -- Tore Anderson --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: High availability ... again
* Etienne Goyer > I have been asked to consider how to build an high-availability > Cyrus installation. This is a small installation (~200 accounts ... > peanuts), so scalability is not really a concern. In this regard, a > Murder is not really appropriate. > > The platform would be Linux. We already have the fail-over stuff > figured out with heartbeat and friends, so that part is covered. > > From what I can see, I would have two possibilities to make a hot > spare Cyrus IMAP daemon : replication, or cluster filesystem/block > device (drdb, GFS, etc). There's a third option, which is the one I prefer the most: shared block device. Connect your two servers to a SAN, and store all of Cyrus' data on one LUN, which both servers have access to. Then, set your cluster software to automatically mount the file system before starting Cyrus. You'll need STONITH or IO-fencing to protect against file system corruption in a split-brain scenario, but other than that it's a fairly simple solution that's unlikely to break in spectacular ways. You could share a SCSI cabinet between the servers instead of using a SAN, though I can't say I reccomend it - too failure-prone. I'm working on building such a system with Cyrus+Exim these days, and I tend to use the same setup for all other HA stuff I set up as well. I can't remember that any of those systems have ever misbehaved, either. So based on that experience I'd reccomend doing it this way. -- Tore Anderson --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: System-wide sieve filter
* Edward Rudd > amavisd-new => http://www.ijs.si/software/amavisd/ > amavisd is a perl daemon that runs as a filter for an MTA. In my > setup I have postfix configured to use amavisd as a content filter > and amavisd then runs all the messages through spamassassin and > through clamav (or any number of about 20 antivirus programs it > supports) Ah, yes - I am aware of what Amavis -is-. I was merely curious -how- it was telling Cyrus what folder to save the incoming message into. :-) > What are you currently using to have spamassassin tag messages? Well, SpamAssassin. To be more precise: Exim pipes the message through the "spamc" binary as a "transport_filter" just before it sends it on to the Cyrus using LMTP. "spamc" classifies the message arriving on stdin, adds some headers, then finally dumps the result on stdout. > Cyrus currently does not support any global sieve filter rule sets.. With my patch applied, does too! ;-) > So the options you have it to have the filter add an "address > extension" to the e-mail.. ([EMAIL PROTECTED]). and make sure that > the folder has the anonymous p ACLs on it. the +folder is case > sensitive. Aha! That is the answer I was looking for. Thanks (applies to you too, Earl R Shannon)! I will see if I can make use of this functionality. -- Tore Anderson --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: System-wide sieve filter
* Tore Anderson > Hi. I need to make SpamAssassin-tagged messages to be by > default filtered into a spam-folder. I figured I could do this > either by a global sieve script, or some default script that was > copied in place whenever a new user mailbox was created. * Luca Olivetti > in /etc/amavisd.conf > > $addr_extension_spam = 'spam'; > > then when I create an user, I create a "spam" folder and give it an > "anonymous p" acl. Hm, amavis, did I post to the wrong list? :-) I don't use amavis, so I'm don't really know what this does.. Does it mean you can tell Cyrus to filter a message into a folder, by adding a extension to the RCPT TO address? Like <[EMAIL PROTECTED]>? I use the autocreate patch, so a folder named "Spam" is automatically created when the user is. But I didn't figure out how I could make the suspected spam messages be automatically filed into that folder, without patching Cyrus. Could you elaborate on how your method works? -- Tore Anderson --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
System-wide sieve filter
Hi. I need to make SpamAssassin-tagged messages to be by default
filtered into a spam-folder. I figured I could do this either by
a global sieve script, or some default script that was copied in place
whenever a new user mailbox was created.
I couldn't find a way to do either, so here's a patch that does the
makes sieve_find_script() check to see if the script it finds actually
exist, and if not, falls back on "defaultbc" directly in the sieve dir.
Works for me, at least - perhaps someone else will find it useful.
Perhaps this patch (or another which achieves the same thing) be added
to the Cyrus sources in a future version? (hint, hint. :-)
Kind regards,
--
Tore Anderson
diff -ruN cyrus-imapd-2.2.5/imap/lmtp_sieve.c cyrus-imapd-2.2.5-globalsieve/imap/lmtp_sieve.c
--- cyrus-imapd-2.2.5/imap/lmtp_sieve.c 2004-05-22 05:45:51.0 +0200
+++ cyrus-imapd-2.2.5-globalsieve/imap/lmtp_sieve.c 2004-06-18 15:41:56.0 +0200
@@ -55,6 +55,7 @@
#include
#include
#include
+#include
#include "append.h"
#include "auth.h"
@@ -806,6 +807,7 @@
/* check ~USERNAME/.sieve */
snprintf(fname, size, "%s/%s", pent->pw_dir, ".sieve");
} else { /* look in sieve_dir */
+ struct stat sbuf;
char hash = (char) dir_hash_c(user);
if (domain) {
@@ -815,6 +817,12 @@
} else {
snprintf(fname, size, "%s/%c/%s/defaultbc", sieve_dir, hash, user);
}
+ /* does this file exist at all? if not, fall back on a global one */
+ if (stat(fname, &sbuf) == -1) {
+ syslog(LOG_DEBUG, "IOERROR: fstating sieve script %s (falling"
+ "back on system wide default): %m", fname);
+ snprintf(fname, size, "%s/defaultbc", sieve_dir);
+ }
}
return 0;
Re: Allowing the default domain to be virtual
* Tore Anderson > Hi. I want to set up a Cyrus IMAPd so that every domain is virtual, > yet still allowing unqualified usernames to log in - in that case, > they should be mapped into some default virtual domain. * Denis V. Suhanov > H, correct me if I'm wrong, but doesn't 'defaultdomain' option > do that? No, the defaultdomain option maps the user outside of the virtual domain setup altogether, instead of mapping him into the specified domain (if unqualified). That makes Cyrus strip off the domain part of the username before passing it on to saslauthd for authentication. That's my problem - I need to have the entire qualified username available in saslauthd for an LDAP lookup, while still allowing the users in the primary domain to log in with unqualified users. That's necessary as the current system I'm replacing with this Exim+Cyrus setup allows exactly that and there's quite some thousands of end users in the primary domain who've set up their MUA's to use unqualified addresses. Changing that behaviour would be a support nightmare. So in other words my patch does "user" -> "[EMAIL PROTECTED]" qualification, while the "defaultdomain" setting does "[EMAIL PROTECTED]" -> "user" un-qualification. At least that's how I understood it. -- Tore Anderson --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Allowing the default domain to be virtual
Hi. I want to set up a Cyrus IMAPd so that every domain is virtual,
yet still allowing unqualified usernames to log in - in that case, they
should be mapped into some default virtual domain.
This isn't currently possible, is it? I couldn't figure out how,
anyway.. So I thought I'd implement a little something to make it
possible. Being lazy and all, I'd like to do it in a way that you'd be
inclined to commit to the main distribution, so that I can simply use
vendor-provided binaries from the next version on.
So I've hacked together an example patch which seems to work for me,
at least. Comments solicited..
--
Tore Anderson
diff -ruN cyrus-imapd-2.2.5/imap/global.c cyrus-imapd-2.2.5-hack/imap/global.c
--- cyrus-imapd-2.2.5/imap/global.c 2004-05-22 05:45:49.0 +0200
+++ cyrus-imapd-2.2.5-hack/imap/global.c 2004-06-15 23:18:36.0 +0200
@@ -367,6 +367,12 @@
}
if (config_virtdomains) {
+ if (!domain && config_virt_defdomain) {
+ snprintf(buf, sizeof(buf), "[EMAIL PROTECTED]", user, config_virt_defdomain);
+ user = buf;
+ domain = user + len;
+ len = strlen(user);
+ }
if (domain) {
if (config_defdomain && !strcasecmp(config_defdomain, domain+1)) {
*domain = '\0'; /* trim the default domain */
diff -ruN cyrus-imapd-2.2.5/lib/imapoptions cyrus-imapd-2.2.5-hack/lib/imapoptions
--- cyrus-imapd-2.2.5/lib/imapoptions 2004-05-25 02:03:05.0 +0200
+++ cyrus-imapd-2.2.5-hack/lib/imapoptions 2004-06-15 22:47:17.0 +0200
@@ -180,7 +180,10 @@
mailbox that does not have a parent mailbox. */
{ "defaultdomain", NULL, STRING }
-/* The default domain for virtual domain support */
+/* The default domain for virtual domain support. Messages to users in this
+ domain will be mapped outside of the virtual domain hierarchy, just as if
+ virtual domain support was turned off. Unqualified users are also mapped
+ into the default domain, unless "virtual_defaultdomain" is set. */
{ "defaultpartition", "default", STRING }
/* The partition name used by default for new mailboxes. */
@@ -832,6 +835,14 @@
interface, otherwise the user is assumed to be in the default
domain (if set). */
+{ "virtual_defaultdomain", NULL, STRING }
+/* Automatically map unqualified users into this virtual domain. This happens
+ before the user is mapped according to the setting of "defaultdomain", so
+ if they are both set to the same value, the user will in the end be mapped
+ into the (non-virtual) "defaultdomain", effectively making
+ "virtual_defaultdomain" a no-op. In other words, it makes no sense to do
+ so. */
+
/*
.SH SEE ALSO
.PP
diff -ruN cyrus-imapd-2.2.5/lib/libconfig.c cyrus-imapd-2.2.5-hack/lib/libconfig.c
--- cyrus-imapd-2.2.5/lib/libconfig.c 2004-05-22 05:45:54.0 +0200
+++ cyrus-imapd-2.2.5-hack/lib/libconfig.c 2004-06-15 22:30:58.0 +0200
@@ -71,6 +71,7 @@
const char *config_servername= NULL; /* gethostname() */
const char *config_mupdate_server = NULL;/* NULL */
const char *config_defdomain = NULL; /* NULL */
+const char *config_virt_defdomain = NULL;/* NULL */
const char *config_ident = NULL; /* the service name */
int config_hashimapspool; /* f */
enum enum_value config_virtdomains; /* f */
@@ -238,6 +239,7 @@
/* are we supporting virtual domains? */
config_virtdomains = config_getenum(IMAPOPT_VIRTDOMAINS);
config_defdomain = config_getstring(IMAPOPT_DEFAULTDOMAIN);
+config_virt_defdomain = config_getstring(IMAPOPT_VIRTUAL_DEFAULTDOMAIN);
/* look up the hostname we should present to the user */
config_servername = config_getstring(IMAPOPT_SERVERNAME);
diff -ruN cyrus-imapd-2.2.5/lib/libconfig.h cyrus-imapd-2.2.5-hack/lib/libconfig.h
--- cyrus-imapd-2.2.5/lib/libconfig.h 2003-12-29 21:22:55.0 +0100
+++ cyrus-imapd-2.2.5-hack/lib/libconfig.h 2004-06-15 23:09:28.0 +0200
@@ -66,6 +66,7 @@
extern const char *config_servername;
extern const char *config_mupdate_server;
extern const char *config_defdomain;
+extern const char *config_virt_defdomain;
extern const char *config_ident;
extern int config_hashimapspool;
extern int config_implicitrights;
