Re: Future Ideas wiki page
Bron Gondwana wrote: By which time, why not just define a brand new protocol not called IMAP which includes the good bits of what IMAP currently does, and discards anything that doesn't fit the multi-folder worldview. So long as you made the storage and meta-data requirements compatible with already existing Cyrus and other IMAP servers, you could just write a whole new daemon that talked your new protocol and be happy with that. Bron ( yes, I have been tempted to write something that talks sync_client protocol, why do you ask ;) ISTR some talk a while ago about optimizing for webmail somehow; I think the proposal was to build-in an httpd that would work directly with the message store instead of having to go over IMAP. Along the lines of a custom protocol, I have been wondering if it wouldn't be more optimal to return JSON-encoded lists, instead of the usual IMAP response structure. With a webmail application that uses Ajax for folder and message lists and such, I would expect this could remove a considerable amount of processing on the web server itself. Wil signature.asc Description: OpenPGP digital signature Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Quotas and disk usage
Adam Tauno Williams wrote:
Some earlier versions of Cyrus had quota calculation issues with big
quotas (2GB? 4GB?) or big mailboxes. I think there is a blurb in WMOGAG
about that, and what version fixed it.
It happens with 2.2 crossing the 4GiB range, but not related to what he's
seeing.
bash-3.00$ /opt/cyrus-imap/bin/quota -f user.user1
Quota % Used Used Root
5242880 63 3303494 user.user1
bash-3.00$ /opt/cyrus-imap/bin/quota -f user.user2
Quota % Used Used Root
41943040 93 39410366 user.user2
bash-3.00$ du -sh user1
7.6G user1
bash-3.00$ du -sh user2
6.4G user2
Do you have delayed expunge enabled? If so actual disk size may very
well exceed quota values - because the expunged-but-not-yet-expired
messages are still on the disk.
Other possible contributors:
o Squatter indexes (my estimation is that they add 50%)
o Directory sizes themselves
o Other cyrus.* metadata
You can use something like this to calculate just the total (sorry, you need GNU
du, find and xargs):
find `mbpath user.user1` -type f -name \*. -print0 \
|xargs -0 du -cm|awk '/total/ { tot=tot+$1 } END { print tot MiB }'
You need the awk if there are more files than possible for a single invocation
of du. And you can calculate the metadata overhead by negating the -name
parameter:
find `mbpath user.user1` -type f \! -name \*. -print0 \
|xargs -0 du -cm|awk '/total/ { tot=tot+$1 } END { print tot MiB }'
Wil
signature.asc
Description: OpenPGP digital signature
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Future Ideas wiki page
Bron Gondwana wrote: 1. It would be nice from a provisioning standpoint to be able to enumerate available partitions and their capacities within the IMAP protocol itself. This way, provisioning scripts could decide intelligently which backend and partition to use without resorting to SNMP or SSH or other. Is this something that could be delivered in an annotation or ID response perhaps? Some of the work Ken did with this (auto-choose-partition) would probably be extendable. I like the idea. Was this the discussion about the autocreate patch in the last few months? Do you have any more info about this? How about setting a server shutdown or motd message that applies only to a particular partition? We've had cases where we had to restore a whole partition after some SAN buggery. It would have been nice if we could have locked out or at least provided a message directly to the affected users. Hmm... interesting. Would you do this via the user's INBOX partition? That's what I was thinking. Shared folders on an affected partition are a case I haven't considered. Managing it with cyradm would be something like: setinfo --partition XX shutdown Server having problems. Check back later. Now, you see - this is why we just run separate instances on the same machine rather than using partitions at Fastmail - you get all this for free, and besides you can have the replicas go different places. That sounds like a work-around for inadequacies in what can be done with partitions :) Somewhat orthogonally, what about being able to configure separate metapartitions per metadata type for a partition? For example, as you mention on #5 on your list, one metapartition to put the cyrus.index files on a fast SSD and another to put the large squatter files on cheaper, slower storage? Yeah, this and database file locations even more so. It would be great to have the statuscache and deliver dbs on tmpfs or similar to avoid the disk IO. Yes, that would be nice. 4. If you're going to be computing SHA1s for messages anyway, would there be any value in hashing the message files across sub-directories, so that directories wouldn't get to be so large? ... Ick. You could hash by UID just as easily really, least-significant bit(s). I saw the response to this - anything that doesn't let you open by explicit filename quickly will suck. See, our backup software reads the cyrus.index to choose which files to back up as well - so we never[tm] enumerate the directory. Except for reconstruct of course. My biggest complaint is having to wait for 'ls' when I am looking at a directory. I realized after sending this that my problem is really that GNU ls is sorting the results by default and if I change it to unsorted than it responds much more quickly. 5. What about toggling whatever CYRUS_VERBOSE enables by sending a signal or something like that? On my test systems I have gotten some good info from that which I would not have otherwise gotten but it is not feasible to enable it on my production systems. Hey, that's a cool idea. Pretty easy too. Great to hear it! Maybe I should try it... 6. sieveshell: Command to report supported extensions (a little more intuitive than 'nc localhost sieve'). Sounds great. Yeah, also probably pretty trivial, I'd guess. 7. Doc additions: (I could do some of these, if I'd make the time...) There are some cyradm commands that, in a Murder setup, need to be run from a front-end or back-end (sometimes a particular back-end). For example, it took me a while to figure out that 'xfer' needs to be run from the source back-end and not from a front-end. (Maybe that is a feature request itself?) For some of the maintenance utilities that check and modify the spools or config data, it's not always clear if they can be run with the server live or if it should be shut down, such as 'ctl_cyrusdb -r' or 'quota -f'. Yeah, it would be fantastic if you can do some of these - particularly the ones that I don't use myself or understand particularly well. Good docs are very important for a polished product :) Yeah, another area should I should probably put-up or shut up ;) 8. Last one, I promise: lmtpproxyd to use local mupdate instead of having to hit the master. Maybe this has changed? I don't see it mentioned in the change log. Don't have a clue sorry. It would be fantastic if you could put these ideas on the wiki. I'd be tempted to say put items in Bugzilla, but honestly it's a bit of a jungle in there at the moment! Maybe both, and cross link to the bug IDs from the wiki. Sure, I can put them in both and perhaps expand on them a little more (use-cases for example). Thanks! Wil signature.asc Description: OpenPGP digital signature Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info:
Re: Future Ideas wiki page
Bron Gondwana wrote:
Anyway, I'd love feedback on any or all of it, and if there
are other things that you feel are really important for the
future viability of Cyrus I'd love to hear about them as well.
I haven't yet had a chance to look at the QRESYNC stuff that
Ken's already done for 2.4, and we might wind up releasing
a 2.4 without a lot of these changes just because there's a
lot of work in there!
Thanks for asking! I'll just mention a few of mine here and if you like them or
see them as useful, I will add them to the wiki. I think I kinda got carried
away when I started trying to remember things I've wished for; sorry this is so
long.
1. It would be nice from a provisioning standpoint to be able to enumerate
available partitions and their capacities within the IMAP protocol itself. This
way, provisioning scripts could decide intelligently which backend and partition
to use without resorting to SNMP or SSH or other. Is this something that could
be delivered in an annotation or ID response perhaps?
2. Being able to run (cyr)quota -f on individual partitions easily would be
nice. 'squatter' too. There may be other maintenance utilities that could
benefit from being easily isolated to a particular partition, like the
consistency checker in item #4 on your list.
How about setting a server shutdown or motd message that applies only to a
particular partition? We've had cases where we had to restore a whole partition
after some SAN buggery. It would have been nice if we could have locked out or
at least provided a message directly to the affected users.
3. Another idea related to partitioning: Would there be any value in
partitioning the user config data parallel to the mailbox spools? By that I mean
that a user foo's mailbox in /var/spool/imap/01/**/foo has sub/seen data in
/var/lib/imap/user/01/**/foo.{seen,sub} and likewise for the sieve data. With
this, you could move/restore/recover partitions on different hosts. I can think
of a few cases where that would make sense, but maybe they're unlikely cases.
Somewhat orthogonally, what about being able to configure separate
metapartitions per metadata type for a partition? For example, as you mention on
#5 on your list, one metapartition to put the cyrus.index files on a fast SSD
and another to put the large squatter files on cheaper, slower storage?
4. If you're going to be computing SHA1s for messages anyway, would there be any
value in hashing the message files across sub-directories, so that directories
wouldn't get to be so large? Are there cases where imapd would do a directory
listing or is all of that done through the index and cache files? Otherwise, I
guess only local admins and backup software would benefit. And anyway, would it
be faster to open and list 1,000 files in 23 directories than to open one
directory and list 23,000 files? Would that be overshadowed by the cost of
opening all 23,000 files (which I presume it would need to if it were resorting
to listing them).
5. What about toggling whatever CYRUS_VERBOSE enables by sending a signal or
something like that? On my test systems I have gotten some good info from that
which I would not have otherwise gotten but it is not feasible to enable it on
my production systems.
6. sieveshell: Command to report supported extensions (a little more intuitive
than 'nc localhost sieve').
7. Doc additions: (I could do some of these, if I'd make the time...) There are
some cyradm commands that, in a Murder setup, need to be run from a front-end or
back-end (sometimes a particular back-end). For example, it took me a while to
figure out that 'xfer' needs to be run from the source back-end and not from a
front-end. (Maybe that is a feature request itself?) For some of the maintenance
utilities that check and modify the spools or config data, it's not always clear
if they can be run with the server live or if it should be shut down, such as
'ctl_cyrusdb -r' or 'quota -f'.
8. Last one, I promise: lmtpproxyd to use local mupdate instead of having to hit
the master. Maybe this has changed? I don't see it mentioned in the change log.
Wil
signature.asc
Description: OpenPGP digital signature
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Question about reconstruct
Bron Gondwana wrote: Perhaps it would be a good idea, then, to make the '-k' behavior the default and use another option to invert the logic? Absolutely... it will probably happen in 2.4 or 2.5... it's on my list of incompatible changes! Great, glad to hear it! Wil signature.asc Description: OpenPGP digital signature Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Resources for MUA support of IMAP features?
Does anyone know of a mailing list or a web site with information about MUA support of various IMAP features? For example, for IMAP IDLE the Wikipedia entry is good: http://en.wikipedia.org/wiki/IMAP_IDLE (Although it is lacking in some details about what to expect from a server supporting it, especially server-specific information such as using idled vs not.) Or something like this (probably dated) reference about server features: http://www.melnikov.ca/mel/devel/ServerReference.html The UW lists at http://www.washington.edu/imap/ seem (imap-use@ especially) like they would be an appropriate place, but they seem kinda... dead. Wil signature.asc Description: OpenPGP digital signature Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Ptloader configuration in Cyrus IMAP
On Wed, 2009-08-19 at 15:33 +0300, Evgeniy Arbatov wrote: Dear list, I want to ask your advice on the use of ptloader for LDAP-based authorization in Cyrus IMAP. Do I understand correctly from this discussion and the sparse mention of this in the documentation that the LDAP ptloader module can be used to manage group ACLs with auth_mech=pts/pts_module=ldap, instead of auth_mech=unix/unix_group_enable=1? Does this solve the slowness caused by UNIX groups in LDAP? Does auth_mech affect anything else? I have heretofore ignored mention of the pts/ptloader stuff because I was under the impression that it was entirely AFS-related, which I have no infrastructure for, but if this is the way to enable groups in LDAP without the slowness, then I need to look more closely at this. Wil -- Wil Cooley wcoo...@nakedape.cc signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Removing the Web Changes Notification Service from the wiki
Having long been annoyed by the monstrous block of text called the Web
Changes Notification Service on the wiki, I finally decided to try to
edit a page and see if it could be easily removed. Turns out it's just
this line:
%INCLUDE{_default.WebNotify}%
Does anyone mind if this is removed from the Cyrus/WebHome page on the
wiki (and possibly any other pages where I find it)?
Wil
--
Wil Cooley wcoo...@nakedape.cc
signature.asc
Description: This is a digitally signed message part
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Is user lock-out required for backend xfers?
Somewhere I read (or thought I read) that it was important to ensure that a user was not logged in when his mailbox was transferred between backends in a Murder setup, otherwise there was a risk of mailbox corruption. Is this true or have I been reading the tabloids again? Context: I have several shiny new backends with 2.3 that I have ready to replace our old 2.2 backends. We have something like 70,000 mailboxes to move, which will obviously be something done in nightly batches over a period of weeks. Our current obstacle is having to ensure that the mailbox is not open, because that requires: notifying the user that his e-mail will be unavailable for a period of time, locking the user's account (which locks him out of everything else unless we work up some Cyrus-specific solution, like some PAM magic), checking all the front-ends to verify that he's not logged in (this is iffy, because the proc/username files are all we've got and some of those are left-overs from crashes and lack of housekeeping), doing the transfer, and then undoing all of this. Alternately, if there is only a small risk of mailbox corruption, it may be better to just do the transfers late at night and accept having to do a handful of mailbox reconstructs. Is this what other people have done? Wil signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: UTF-8 in Subject field? (зжѨѷѽ)
On Mon, 2006-10-02 at 19:51 +0300, Georgy Goshin wrote: Does it means that it's inpossible to do? I understand, that unicode should not be used, but many of email clients do this, some webmail clients too and users asks me why my server can't do that other can and I will not point the to these RFCs of course, they just want to see russian text in subjects of their mails. Sure it can, the header just has to be encoded correctly, which I think too few mail clients do. Evolution seems to do it correctly; if the list manager doesn't barf on the encoding, you should see some UTF-8 characters in the subject now. Wil -- Wil Cooley [EMAIL PROTECTED] http://nakedape.cc signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: only cleartext in sasldb?
On Fri, 2006-09-29 at 16:24 +0200, Marten Lehmann wrote: Hello, that would be a problem I ment: would _not_ be a problem Then you shouldn't use sasldb. If you don't want regular system accounts, you can use saslauthd w/PAM, and with PAM use modules such as pam_userdb[1] or pam_pwdfile[2]. 1. Included with stock PAM on Linux 2. http://cpbotha.net/pam_pwdfile.html Wil -- Wil Cooley [EMAIL PROTECTED] http://nakedape.cc signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
RE: Two questions
On Thu, 2006-09-28 at 02:12 -0500, [EMAIL PROTECTED] wrote: Thanks a lot everyone for the answers!!! -Original Message- On Wed, 2006-09-27 at 19:26 -0500, [EMAIL PROTECTED] wrote: su - cyrus -c ctl_mboxlist -d /var/lib/imap/mboxlist.txt but how can I recover my mailboxes from mboxlist.txt? cvt_cyrusdb will build a database from the dump. This will only rebuild the mailbox database. You also need to back up all the files in the cyrus directories. Do you mean I have to backup also /var/lib/imap? Yes and /var/spool/imap, if you're wanting to know about performing a full backup. If so, then visit http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/Backup (Although, there isn't actually information about /restoring/ the backup.) Just another question ;-) Working with ACLs I was able to assign rights to Cyrus users on different mailboxes. Now I try to explain with an example. Let's say I have a mailbox user.A and a mailbox user.B and that user A can access (read) user.B. Is it possible to connect Cyrus from Evolution as user A and access, with that connection, also user.B? Yes, sometimes. Evolution can be odd strange sometimes with shared folders. Cyrus 2.2 used to work with older versions of Evolution, but I can't get it to work with the latest Evo 2.6.3, although it seems to work with Cyrus 2.3. Wil -- Wil Cooley [EMAIL PROTECTED] http://nakedape.cc signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: confusing authentication
On Fri, 2006-09-29 at 00:02 +0200, Marten Lehmann wrote: Why do I have to include salsauthd and even need to have it running, while it is not being used? Unless you're not actually using shadow passwords or have devised some means of allowing Cyrus to actually read /etc/shadow, you need to use saslauthd. Wil -- Wil Cooley [EMAIL PROTECTED] http://nakedape.cc signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Two questions
On Wed, 2006-09-27 at 19:26 -0500, [EMAIL PROTECTED] wrote: Hello everyone! I have two problems, maybe very simple but I cannot find out a solution. 1) How can I backup and recover Cyrus mailboxes? I've found something like this to backup: su - cyrus -c ctl_mboxlist -d /var/lib/imap/mboxlist.txt but how can I recover my mailboxes from mboxlist.txt? cvt_cyrusdb will build a database from the dump. 2) How can I delete messages inside my IMAP mailboxes from Evolution? I try to cancel them but I cannot completely remove from IMAP mailbox. Thanks a lot for attention and any help you could give me! You have to expunge them after deleting them. CTRL-E or Folder-Expunge. Wil -- Wil Cooley [EMAIL PROTECTED] http://nakedape.cc/wiki/ signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: slow populating a mailbox
On Sun, 2006-09-24 at 23:17 -0700, Ross Boylan wrote: First, is this performance to be expected, or might there be something here I can improve? I have quite a bit of mail I'd like to migrate, so if there's an easy way to speed this up I'd like to do so. Second, where should I look to diagnose or solve this problem? Depending on the number of messages, it could be the constant fsync() that slows it down. Try my fakesync library with LD_PRELOAD and perform a test migration; I'd like to know if it makes a difference, because I haven't had chance to test it much. Obviously, you really only want to run this during testing or migration, because it would make normal operation considerably less reliable. http://haus.nakedape.cc/svn/public/trunk/small-projects/fakesync/ Wil -- Wil Cooley [EMAIL PROTECTED] http://nakedape.cc signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: admin authentication
On Mon, 2006-09-25 at 16:17 +0200, Marten Lehmann wrote: Hello, You can use saslauthd/LDAP for your users and a local sasldb2 file for your admins. You don't need PAM at all. unfortunately neither sasldb nor auxprop is compiled in at redhat enterprise linux 4 and I wouldn't like to compile everything from scratch: # saslauthd -v saslauthd 2.1.19 authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap auxprop is part of the Cyrus IMAP itself, not saslauthd; it won't be listed there. * sasl_pwcheck_method: auxprop saslauthd * sasl_auxprop_plugin: sasldb Could I just write sasl_pwcheck_method: getpwent saslauthd instead so /etc/passwd will be used whereas a linux-user with the same name as the admin-user of cyrus would have to be created? Try it? Wil -- Wil Cooley [EMAIL PROTECTED] http://nakedape.cc signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: root mailbox/partition permission problem
On Thu, 2006-09-21 at 19:50 -0700, Josh M.Hurd wrote: In the effort to set up some Shared public mailboxes I somehow managed to give myself read permission on the root of my mail partition. i have no idea how this happened but would really like to fix it. Currently I see all my mailboxes in my client as well as the root, in this case 'user/' which lists all the other users on the system. I have no permissions to see in the other mailboxes but I can see the list of users. It sounds like you've put your account in 'admins:' in imapd.conf. Wil -- Wil Cooley [EMAIL PROTECTED] http://nakedape.cc signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Outlook 2003 still crashing
On Tue, 2006-08-15 at 09:32 -0700, Wil Cooley wrote: On Tue, 2006-08-15 at 14:16 +0200, Daniel Eckl wrote: I understand. No, we don't have this either. Curious; as the original initiator of the thread way back, I still see frequent stalls on Outlook 2003; they're definitely Outlook stalls too--the Cyrus server is not busy. In fact, it's an installation on my workstation, so I'm the only user. Ultimately, I gave up trying to stick with the organizational standard and installed Linux on my desktop (which I'd have preferred in the first place) and moved Windows into VMware. I am happy to report that I have resolved the hangs with Outlook I was having. I noticed (finally) that the Fedora Extras RPM was only 2.3.1; I downloaded the Simon's latest 2.3.7 SRPM and rebuilt and it seems to be working better. I'm not sure why it never occurred to me to compare versions... Wil -- Wil Cooley [EMAIL PROTECTED] http://nakedape.cc signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Howto migrate from postfix-cyrus to Exchange
On Wed, 2006-09-20 at 09:17 +0200, Rafael Alcalde wrote: Hi, we are going to migrate (most likely) to Exchange and the main reason are the shared calendars, resource booking, connections to pal, mobile devices...and JAVA APIS to integrate this system to our ERP. So, someone has another idea? A friend at another company of about 3,000 has recently deployed Zimbra and is quite happy with it so far. It uses its own IMAP/POP3 server, so you would still have the issue of migration, but at least wouldn't suck. Almost any of the open-source Exchange replacements should be able to integrate with your ERP, since they're largely based on standards--IMAP, POP, WebDAV/HTTP, etc--all of which have Java class libraries. It's been a while since I looked at it, but OpenGroupware.org showed promise too and it uses a separate IMAP server (in fact, Cyrus is or was the only one officially supported). can you tell me the procedure to migrate the postfix accounts and mailboxes to exchange? I would assume you could use some of the imapsync tools. Wil -- Wil Cooley [EMAIL PROTECTED] http://nakedape.cc signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: imap backup?
On Wed, 2006-09-20 at 21:13 -0400, Ben Adams wrote: I'm running cyrus imap on OS X 10.4 I'm looking to change the way I backup. Anyone have so ways they do it? Problem is it changes a lot and updates take a long to do. Perhaps it would help if you told us what you're doing now? Wil -- Wil Cooley [EMAIL PROTECTED] http://nakedape.cc/wiki/ signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Problem with Cyrus
On Thu, 2006-09-07 at 17:54 +0530, [EMAIL PROTECTED] wrote: Hi Sven, Thanks a lot for your reply. even this is not working. One thing more, when I do telnet to my machine (acting as a server), then also, I am not able to run any IMAP command such as login, logout etc. I am getting a blank prompt like this: [EMAIL PROTECTED] ~]$ telnet ps3151.persistent.co.in imap Trying 10.77.196.105... Connected to ps3151.persistent.co.in (10.77.196.105). Escape character is '^]'. Nothing more than that. If I type some command, that is not executed. Both the services cyrus-imapd and saslauthd are running. Please guide. Cyrus is either not actually listening on IMAP (something else may be) or it's failing to start for some reason. o Run 'netstat -lnp --inet --inet6|grep 143' to see if Cyrus master is actually what's listening. o If so, then consult /var/log/maillog (assuming you used Simon's RPMs or Fedora Extras) and see if they are any messages. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consulting, Ltd signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus server problem
Hello, You've posted your request to the Cyrus developers' list, not the general help list, which is [EMAIL PROTECTED] See https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus for list subscription. The directions in the URL you provided are ancient. Try this instead: http://nakedape.cc/info/Cyrus-IMAP-HOWTO/quickstart-fedora.html Wil On Mon, 2006-09-04 at 21:05 +0530, [EMAIL PROTECTED] wrote: Hi I have installed and configured cyrus-imapd-2.3.7 on my Linux Fedora Core 4 machine according to http://www.helsinki.fi/atk/viestin/mappi/cyrus/install.html. I have made all the necessary entries in difference files also. But I am not able to run my server using telnet myserveraddress imap. I get the error Connection refused. I am also not able to run the test /usr/local/bin/imtest -p myserveraddress imap. Here I get the error failure: Network initialization - can not connect to imap: What can be the problem? Can you please guide me what I could have missed out? Thanks, Neelu DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consulting, Ltd signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: mail lists and cyrus
On Tue, 2006-09-05 at 11:36 -0800, barsalou wrote: Thanks All. I guess that's why I didn't find anything with Google. :) I will look into those solutions. What you might be looking for instead of a proper mailing list is shared folders--where messages come in and can be accessed by multiple users. Cyrus does do that. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consulting, Ltd signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Mailbox does not exist
On Wed, 2006-08-30 at 13:18 +0200, Bart Van Loon wrote: Actually, that's how I think it should work - I'm not sure, though, as I never used deliver... so how do you have cyrus deliver your mails then? :-) Most people these days deliver with LMTP from their MTA; see lmtpd(8). And they use Sieve for filtering, instead of procmail. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consulting, Ltd signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: LMTP in Cyrus 2.1.15 Refuses connections
On Fri, 2006-09-01 at 14:36 -0500, Crockett Howard wrote: For the past two months we have been seeing intermittent problems in which LMTP suddenly begins to refuse connections. What appears to happen is that a condition occurs and lmtp becomes unresponsive. Subsequent lmtp processes are spawned until the maxchild limit is reached. At that point all the child processes are unresponsive and email is not delivered. Recycling master resolves the issue. *** lmtp configuration *** lmtpunix cmd=lmtpd listen=/usr/local/cyrus/socket/lmtp prefork=1 maxchild=100 We have been running Cyrus 2.1.15 for the past three years using LMTP with no problems. However, as noted above we began seeing this issue in the past two months. No changes have been made to the systems. Has anyone seen a problem similar to this? If memory serves, that was usually caused by database deadlocks or leaks of some sort in lmtpd. Some things to try: o If lmtpd in that version supports -U, decrease the maximum uses from 250 to, say, 50. o Increase the number of lockers with Berkely DB (you might configure your logging to include debug-priority messages) o Upgrade to a modern version :) Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consulting, Ltd signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: deliver.db conversion to skiplist
On Tue, 2006-08-29 at 11:58 -0400, Shelley Waltz wrote: my distro (cyrus-imapd-2.2.3-4) does not appear to have db_recover? It's from the Berkeley DB tools; db4-utils on RHEL. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consulting, Ltd signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: command line to move/delete email
On Tue, 2006-08-15 at 16:52 +0200, jf wrote: Do you know an easy way to do this, Yes. without having to establish an imap connection and having to login as admin to the imap server ? No; well, you have to connect with IMAP but you don't have to login as admin--use ACLs. It's fairly easy to script; here's a script I wrote to feed spam from a folder into SpamAssassin's sa-learn and delete it: http://haus.nakedape.cc/svn/public/trunk/small-projects/mail-utils/bayesuck/ You'll also need the simaplib.py from the parent directory. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consulting, Ltd signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Outlook 2003 still crashing
On Tue, 2006-08-15 at 14:16 +0200, Daniel Eckl wrote: I understand. No, we don't have this either. Curious; as the original initiator of the thread way back, I still see frequent stalls on Outlook 2003; they're definitely Outlook stalls too--the Cyrus server is not busy. In fact, it's an installation on my workstation, so I'm the only user. Ultimately, I gave up trying to stick with the organizational standard and installed Linux on my desktop (which I'd have preferred in the first place) and moved Windows into VMware. I set 'imapidlepoll: 0' in my imapd.conf, which is supposed to disable IDLE altogether, according to the man page, to no avail. I also disabled idled in cyrus.conf, likewise to no avail. I did not, however, recompile Cyrus to disable IMAP, which might be what Ken meant back then. I'm using the Fedora Extras RPMs, which are based on Simon Matter's; it's possible, I guess, that a patch is also causing a problem. Daniel, did you compile yours directly or is this a binary from SUSE? It seems like you have a few patches too, since some of that options aren't documented in my imapd.conf. I have attached cyrus.conf and imapd.conf. We are running Cyrus 2.2.12 on SuSE 10.0 on filesystem XFS (HW: Dual Xeon 2GB RAM, SCSI RAID-5 0,5 TB capacity) I had freezes up to 30 seconds with the same config running on filesystem ext3, but this error was clearly on server side, the ext3 flushing behavior was so bad that it caused incredible iowait and huge load and full server stalls. Not that it matters now since you've switched, but you were probably suffering from an undersized journal, see: http://nakedape.cc/wiki/PlatformNotes_2fLinuxNotes Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consulting, Ltd signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: [ProbableSpam]Re: Cyrus upgrade, need advice
On Mon, 2006-08-14 at 07:27 -0400, Scott Russell wrote: 2) Use ctl_mailbox to dump flatfile version of your mailbox.db file. This is critical. Keep a copy of it somewhere else. It is small. Put it on a USB thumb drive if you have to or just mail it to your home account. Doing a flat-file dump of the seen and (if not already flat-file) subscribed databases is also important. While not critical to the operation of the mail server itself, loosing one or both of these will generate endless helpdesk support requests--probably more so than if you had just lost all of the mail altogether. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consulting, Ltd signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus upgrade, need advice
On Sat, 2006-08-12 at 04:27 -0700, Nikola Milutinovic wrote: Watch out for Berkeley DB versions. Most likely, they will differ and all Cyrus SASL/IMAP DBs that use Berkeley will not be transferrable, just like that. There are things you can do. :-) I do not know what, if any, changes SUSE makes, but by default with 2.2, only the deliver and TLS sessions databases use Berkeley DB, the loss of which are not terribly consequential. If SUSE changes any of the default databases, they should be set in /etc/imapd.conf. In other words, you should not have any problems going between those two versions. One potential problem I see is whether or not your SLES 9 is 64-bit or 32 and if version 10 will match. I would not be surprised if a change like that would invalidate assumptions in the on-disk storage of the databases. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consulting, Ltd. http://nakedape.cc signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Deliver.db error: DBERROR db4:
On Wed, 2006-08-09 at 19:57 +0200, Rafael Alcalde wrote: I have found a lot of problems with all the databases from cyrus: deliver.db, etc. In /var/log/maillog we see: DBERROR db4: Logging region out of memory; you may need to increase its size Aug 6 11:18:42 mail1 lmtpunix[27875]: DBERROR: opening /var/lib/imap/deliver.db: Cannot allocate memory I'm working vaguely from memory, but I think it's something like this: o As root or cyrus, run 'db_stat -l -d /var/lib/imap/db' and look at the Log region size. Mine is set to 96K, which is higher than the documented default of 60K, so I assume it's increased automatically. o Create a /var/lib/imap/db/DB_CONFIG file o Put in it an entry like: set_lg_regionmax 262144 (this sets it to 256K) o I think you need to run 'db_recover' after this; at least, with the BDB backend for Subversion you have to run 'svnadmin recover' after changing it. I think Cyrus should be shutdown when you run db_recover. Unfortunately, the documentation for BDB is written for programmers, not sys admins, and unless you've spent much time looking at the rest of the docs, it can be pretty impenetrable. Oddly enough, the sample DB_CONFIG files that Subversion and OpenLDAP ship with and their docs seem to be the best resources I've found. http://www.openldap.org/faq/index.cgi?file=1072 (Search down to Write the DB_CONFIG file) http://svn.collab.net/viewvc/svn/trunk/subversion/libsvn_fs_base/fs.c?revision=19410view=markup Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consulting, Ltd signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: High availability email server...
On Fri, 2006-07-28 at 15:33 -0700, Andrew Morgan wrote: On Fri, 28 Jul 2006, Rich Graves wrote: My question: So is *anyone* here happy with Cyrus on ext3? We're a small site, only 3200 users, 246GB mail. I'd really rather not try anything more exotic for supportability reasons, but I'm getting worried that our planned move from Solaris 9/VxFS to RHEL4/ext3 on significantly newer and faster hardware is going to be a downgrade. We run Cyrus on ext3 under Debian Linux without complaints here. We have approximately 35000 mailboxes/users split between 2 backend servers. Each backend server is connected to an EMC Cx500 SAN (no shared access or anything fancy) with 800GB of mail spool each. The commands used to build the filesystems were: mkfs -t ext3 -j -m 1 -O dir_index /dev/sdb1 tune2fs -c 0 -i 0 /dev/sdb1 The filesystem is mounted like so: /dev/sdb1/private ext3defaults,data=ordered,noatime 0 2 If you want more information, just ask. :) How big is your journal? I have instructions for determining the size here, because it's non-obvious: http://nakedape.cc/wiki/PlatformNotes_2fLinuxNotes (BTW, you can drop the 'defaults' from the entry in your fstab; 'defaults' exists to fill the column in the table when nothing else is there.) Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consulting, Ltd signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: High availability email server...
On Mon, 2006-07-31 at 15:40 -0700, Andrew Morgan wrote: On Mon, 31 Jul 2006, Wil Cooley wrote: How big is your journal? I have instructions for determining the size here, because it's non-obvious: http://nakedape.cc/wiki/PlatformNotes_2fLinuxNotes (BTW, you can drop the 'defaults' from the entry in your fstab; 'defaults' exists to fill the column in the table when nothing else is there.) Those tools are a little scary, but here is what it reported: Yeah, but debugfs opens the filesystem read-only w/o '-w'. Inode: 8 Type: regularMode: 0600 Flags: 0x0 Generation: 0 User: 0 Group: 0 Size: 33554432 ... Performance has been okay for me so far. Do you have any feeling for whether it is worth changing the journal size? Well, 32MB is small for a write-heavy filesystem. But if you're not seeing any problems with kjournald stalling while it flushes, then it might not be worth the trouble of re-creating the journal as a larger size. It's unlikely to hurt anything, but I wouldn't make it huge priority. Did you also read the LOPSA post from Ted Ts'o that I linked to in the section above the instructions? Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consulting, Ltd signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Good book on Cyrus?
On Mon, 2006-07-17 at 17:50 +1000, James Brown wrote: Does anyone know of any good book on Cyrus and Cyrus-sasl? The only one I can find is Managing IMAP by Dianna Mullet Kevin Mullet, which seems very old. It is quite old and incorrect in a lot of cases. Here is my ever-incomplete attempt at rewriting the HOWTO: http://nakedape.cc/info/Cyrus-IMAP-HOWTO/ Here are also slides from a presentation I gave a couple years ago: http://nakedape.cc/info/Cyrus-IMAP-Intro/ Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consulting, Ltd signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Mailstore filesystem
On Wed, 2006-07-05 at 17:47 +0200, Marten Lehmann wrote: Hello Really? Nice. But you would have to re-create the ext3 filesystem with this newer 2.6 kernel, right? Or would tune2fs do the job given the right options? I once enabled the index-option with tune2fs on an old ext3 filesystem at 2.4 kernel which didn't give much performance boost. But partitions I created on new 2.6 kernel systems worked well. You have to actually use 'e2fsck -D -f /dev/XXX' to re-hash the directories when you change this. For anyone curious, RHEL3's 2.4 kernel also supports indexed directories, which you can enable with: tune2fs -O dir_index /dev/XXX For a write-intensive filesystem, one might also want to increase the journal size; I believe the perceived hangs are caused by the journal needing to be flushed too often. Here's a message where Ted Ts'o mentions it: http://lopsa.org/pipermail/discuss/2006-February/000810.html Adding 'noatime' probably helps too. Of course, if you can move the Journal Block Device elsewhere, like a faster region of the disk(s) or another spindle that will likely help considerably too. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consulting, Ltd signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: What is the dream book about Cyrus
Also Sprach Thomas Manson [EMAIL PROTECTED] on Sat, Dec 17, 2005 at 05:55:17PM PST: is there no good books about cyrus administration? I've been working on rewriting the HOWTO: http://nakedape.cc/info/Cyrus-IMAP-HOWTO/ Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * pgpGguJaRhsYS.pgp Description: PGP signature Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyradm problems
On Wed, 2005-11-23 at 10:38 -0600, Saltmarsh, Evan M wrote: I seen to be having issues with the cyradm command. I’m using sasl to talk to the ldap server and for regular users logging in to their mailboxes, things work fine. When I try to use the cyradm command I get cyradm: cannot authenticate to server with as cyrus How are you running cyradm; what's the full command-line? It is often the case the you have to manually specify '--auth authtype'; cyradm doesn't seem to be as intelligent as MTAs about selecting the right authentication mechanism or maybe MTAs try all of them until they find one that works; I haven't looked at the problem in detail. I find '--auth login' almost always works, unless you have disabled plain-text logins. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consulting, Ltd signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Memory footprint reduction possible ?
On Tue, 2005-11-22 at 00:06 -0300, Carlos Horowicz wrote: The process size of imapd, pop3d or lmtpd is between 60 and 100M , with resident size of only between 5 or 10M. I tried changing berkeley_cachesize , and the type of mailboxes.db (skiplist and berkeley) but nothing changed. DOes anybody have any suggestion on how to reduce the process size of imapd ? Understand that the mapped virtual memory represents files that are mmap()'d into memory (likely most are part of the database files), but the pages are not necessarily loaded into memory until they're read. I'd guess the bulk of the memory in your RSS (resident size set; the physical memory that's actually used) are the per-mailbox database header cache files (and possibly the squat indexes). Do you use squatter? Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consulting, Ltd. http://nakedape.cc signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: outlook 2003 crashing
On Mon, 2005-11-14 at 08:01 -0500, Ken Murchison wrote: Grabbing a protocol dump when you experience the crash might be helpful. I'm seeing it with Office 2003 SP2 installed (didn't test w/o SP2). I'm looking at the protocol logs but for the life of me I cannot see anything going wrong. It sends IDLE requests and then just hangs up trying to do who-knows-what. Since I don't really understand IDLE and idled (other than the general idea of staying connected), I tried restarting with idled not starting in cyrus.conf, to no avail. I *thought* I'd identified that it was trying to create the Junk E-mail folder at the top-level (as a sibling to INBOX), so I changed to altnamespace, also to no avail. I am, however, running XP under VMware and Cyrus on the host and running tcpdump I see a number of TCP checksum errors, which seems strange. This is cyrus-imapd-2.2.12-6.fc4, on Fedora Core 4 from Fedora Extras. (The beauty of it is that I've been commanded by my boss to use Outlook, which is rife with problems, instead of Evolution, which works fine for the most part. Anybody need a senior admin in Portland, OR?) Wil -- Wil Cooley [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: moving mail from uw to cyrus, damaged headers?
On Sat, 2005-11-12 at 15:37 -0500, Bill Kearney wrote: So I suppose what I'm after is a 'mailbox cleaner-upper' for those corrupted messages. What I'd probably do is use a little sed or perl to remove or transform those known-offenders. For example, \x13 is a control character, but \x42 is 'B'. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: refusing bad mail based on headers?
On Sat, 2005-11-12 at 22:32 -0500, Bill Kearney wrote: Is there a way to a) have cyrus clean up the headers or b) ignore then and perhaps somehow flag them for later clean up? If you've identified the offending header, you could delete it with: $ sed -i.bak -e '/^X-Message-Status/d' mailbox Run that on each of the failing mailboxes. First, however, you should grep for the header with a line or two of trailing context (grep -A 2 -E '^X-Message-Status') and verify that the none of them are longer than a line. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: improving concurrency/performance
On Tue, 2005-11-08 at 09:25 -0500, John Madden wrote: Makes me wonder why the fsync's are taking so long since the disk is performing so well. Anyone know if that's actually typical? Some time ago I wrote a little LD_PRELOAD libary that neutered fsync() and related calls, intended for use with migration; maybe it'll help, maybe it won't. At any rate, if you're doing practice migrations and aren't worried too much about trashing your test system, try it and let me know. http://haus.nakedape.cc/svn/public/trunk/small-projects/fakesync/ Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consulting, Ltd signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Where is imapd.conf option to direct postfix to /var/spool/imapd/user/mailbox?
On Mon, 2005-09-19 at 11:53 -0500, Flash Love wrote: Thanks. Under which conditions is mail_transport=cyrus correct? Sorry, I think I took your subject line too literally; are you using the 'cyrus' service from master.cf or LMTP for mailbox delivery, or are you using maildrop, local or other direct-delivery service service? The '/b/' directory is part of the mailbox hashing, which is normal if configured as such with Cyrus. The problem your pop3 client is having is (probably) not related to that. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consulting, Ltd. http://nakedape.cc signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: HOWTO: Mailbox Restore
On Fri, 2005-09-16 at 10:25 +0200, Dawid van Wyngaard wrote: Got it figured out. All my NNN. files lost the . at the end of the file for some or other reason. Simply rename the existing NNN to NNN. and then doing a reconstruct it works. That's bizarre. Which filesystem is this, ext3? Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consulting, Ltd. http://nakedape.cc signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Where is imapd.conf option to direct postfix to /var/spool/imapd/user/mailbox?
On Sat, 2005-09-17 at 12:21 -0500, Flash Love wrote: I am using postfix+cyrus+sasl+webcryadm. When logging to imap accounts the following complaint appears in maillog: pop3: login: [192.168.2.154] benu0001 plaintext User logged in pop3: IOERROR: opening /var/spool/imap/b/user/benu0001/cyrus.header: No such file or directory pop3: Unable to open maildrop for benu0001: System I/O error Pop is attempting to open the incorrect file /var/.../b/user/benu0001 when it should be just /var/.../user/benu0001. Which imap option is adding the /b/ to the mailbox file name? You're going about it all wrong. Postfix doesn't deliver directly to /var/spool/imap; it delivers to Cyrus through LMTP, which manages the backend spool itself. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consulting, Ltd. http://nakedape.cc signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: How to export data from mailboxes.db
On Thu, 2005-09-01 at 11:42 -0500, Saltmarsh, Evan M wrote: Does anyone know how to export the data in the mailboxes.db to a flat text file that can be used for importing? Use the 'cvt_cyrusdb' utility; there's a man page for it. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consulting, Ltd. http://nakedape.cc signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: multiple authentication methods?
On Wed, 2005-08-24 at 15:18 -0400, Tim Strobell (Contractor) wrote: Can Cyrus support multiple authentication methods? (Although SASL provides many options, it appears that IMAP/POP supports only one.) We would like to provide authentication via both Kerberos 5 (GSSAPI) and LDAP (via saslauthd); users may choose whichever method is most convenient for them. I do this myself using PAM and stacking pam_krb5 and pam_ldap. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consulting, Ltd. http://nakedape.cc signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Setup Instruction for NNTP on Cyrus
On Thu, 2005-08-18 at 21:15 +0200, Dawid Van Wyngaard wrote: Thankssq client = squirrel mail client / webmail interface. Yip, I know that cyrus has a built nntp component, but admittedly, have no idea to set it up.found more doc's on leafnodebut if you can point me in the right direction i'll definitely try cyrus's nntp side of things... Ah, okay, Squirrel Mail. (It always pays to spell out an unfamiliar acronym or abbreviation.) Now I'm even more confused because I don't think it does NNTP at all (possibly; I haven't checked in a while). I guess it'd help if you were more explicit about what exactly you're trying to do. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consulting, Ltd. http://nakedape.cc signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Setup Instruction for NNTP on Cyrus
On Thu, 2005-08-18 at 17:32 +0200, Dawid van Wyngaard wrote: Ken, SQ Client is 1.4.5, News Server is leafnode I think Ken meant What IS SQ Client? I JFGI and didn't find anything. It is also not clear why you're using leafnode; Cyrus has a built-in NNTP server. While you could use leafnode to proxy to Cyrus's nntpd, it doesn't sound like you've actually got Cyrus's nntpd working (assuming you even know it's there), so leafnode is a layer to eliminate until you've got Cyrus working without it. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consulting, Ltd. http://nakedape.cc signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Can't mark messages as read after server crash
On Sat, 2005-08-06 at 10:52 +0200, Simon Matter wrote: Hello, I have Cyrus 2.2.6 and recently had a power-outtage. Since that happened, I have been unable to mark my messages as read. That is, I can mark them as read in my mail client, but as soon as I restart the client, the messages go back to unread state. I suspect something got corrupted on the server during the server crash, but I don't know what. Maybe the seen database is corrupt. I guess /var/lib/imap/user/o/otis.seen is skiplist so I don't know what the correct way is to recover. At least you can try to convert it with cvt_cyrusdb to BDB and back to skiplist again. I posted a question about recovering skiplist DBs a few weeks ago and got a very informative answer about how to truncate the database to allow it to cleanly recover. You might lose some of the recent seen flags, but it's better than losing them all (especially if you have a lot of folders, as I do). http://article.gmane.org/gmane.mail.imap.cyrus/18840 Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * signature.asc Description: This is a digitally signed message part
Re: Cyrus Sieve filtering ignored
On Thu, 2005-08-04 at 14:53 +0200, Stefan Fricke wrote: I'm using Procmail with Cyrus Imapd ans Spamassassin under Suse 9.3. Everything works find, Spamassassin marks the mail and it get delivered to the Cyrus Mailboxes. Under Suse 9.3 the mailboxes are at /var/spool/imap/user/$USER. I set up a subfolder /var/spool/imap/user/stefan/Spam and want to get marked spam delivered there. When you say set up, did you create the /var/spool/imap/user/stefan/Spam directory by hand or did you create an IMAP folder with a client or cyradm? Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consulting, Ltd. http://nakedape.cc signature.asc Description: This is a digitally signed message part
Re: Using aliases in Cyrus IMAP
On Wed, 2005-07-27 at 23:54 +0200, Tammo Beishuizen wrote: The aliasing is done in /etc/aliases in the usual manner, and postalias'ed and reloaded afterwards. Are you sure it's /etc/aliases? What does 'postconf alias_maps' tell you? Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consulting, Ltd. http://nakedape.cc signature.asc Description: This is a digitally signed message part
Re: DBERROR
On Thu, 2005-07-14 at 15:29 +0200, Per-Olov Sjöholm wrote: Thank you VERY much Gary. You were right. It worked if I first did a change directory to /. Hope the bug will be fixed for next release. Simon, I haven't seen this on my RH systems, but it might be a good idea to put a 'cd /var/lib/imap' in the init script you include in your RPM. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * signature.asc Description: This is a digitally signed message part
Skiplist recovery?
I've had a couple of my users' seen DBs, which are skiplist, go south recently. Since ctl_cyrusdb in 2.2.12 doesn't actually check the seen databases, I looked around for a recovery utility, but found none. I tried to use cvt_cyrusdb to convert them from skiplist to skiplist and skiplist to text, but I got errors every time. I moved the defective DBs so they could be re-recreated (at least one person was unable to actually re-mark them messages read). From running 'strings' on the bad DBs and comparing a flat-file dump of a good DB, it looks like all or at least most of the data is there--enough that it would be less annoying than having all messages marked unread. So before I dig into this myself, has anyone tried to write a utility that recovers, brutally if necessary, skiplist databases? Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * signature.asc Description: This is a digitally signed message part
Re: Tunning for large number of files in INBOX
On Wed, 2005-06-29 at 14:52 -0700, Andrew Morgan wrote: In the interest of completeness, under 2.6 linux kernels you can format an ext3 partition using the dir_index option. This enables a hash tree index for directories that supposedly improves lookups with very large directories. Here is the command I use to build my mail spool filesystem: mkfs -t ext3 -j -m 1 -O dir_index /dev/sdb1 I have not used other filesystems such as Reiser or XFS, so I cannot offer Later 2.4 kernels have hashed directory support also; in fact, I've just enabled it on my main Cyrus server, which is running CentOS 3.5 and kernel 2.4.21-27.0.2.ELsmp. (My e2fsprogs man pages had not been updated to reflect the new options also.) You don't have to recreate your filesystem or unmount them for that matter--you can enable it with: tune2fs -O dir_index /dev/foo You can also optimize your directories (which is probably a good idea if you're enabling it on an existing filesystem) with e2fsck: e2fsck -f -D /dev/foo (you'll need the -f if the filesystem is clean) Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * signature.asc Description: This is a digitally signed message part
Re: cyrus imapd authentication problem
On Sun, 2005-06-26 at 21:38 -0400, Matt Schwartz wrote: Hi, I am tearing my hair out over this one. When I run an imtest -m login localhost, I keep getting an L01 NO Login failed error and a generic failure. What could this mean? I have configured imapd.conf's sasl_pwcheck_method: saslauthd. I have saslauthd set to pam and when I run a saslauthdtest, it works fine. My syslog give me an error like this: badlogin: localhost.localdomain [127.0.0.1] plaintext cyrus SASL(-1): generic failure: checkpass failed. In my auth.log, I get cannot connect to saslauthd server: Permission denied. Any ideas would be met with appreciation. Sounds like saslauthd and Cyrus IMAP are looking for the saslauthd socket at different places or the permissions on the path to the socket are preventing Cyrus IMAP from connecting. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * signature.asc Description: This is a digitally signed message part
Re: Cyrus import from Exchange
On Fri, 2005-06-10 at 17:03 +0200, Alexander Dalloz wrote: Am Fr, den 10.06.2005 schrieb Giovanni Mellini um 15:26: I need to import many mailboxes in Exchange pst format. I'm looking for a tool that can do this work. Did someone knows? Giovanni That will only cause you pain. Better use imapsync (IMAP - IMAP) to migrate the existing mails. http://freshmeat.net/projects/imapsync/ This brings to mind a question I've been thinking of... Does anyone know if Exchange supports proxy authentication of any form? I'm working with a company that is firmly embedded with Exchange but they'd like a way to archive messages. I was thinking a script that slurped old messages over into a Cyrus server via IMAP would fit the bill nicely, but I have not been able to ascertain whether or not Exchange (2003, I think) can handle proxy authentication. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * signature.asc Description: This is a digitally signed message part
Re: Autocreatequota and mailbox
On Thu, 2005-05-19 at 17:20 -0400, Greg A. Woods wrote: Does somebody know why this patch isn't included in Cyrus? http://email.uoa.gr/projects/cyrus/autocreate/ I've been asking myself the same question for several years now, ever since I created a very similar patch too. :-) Christos answered this very question a few weeks ago: http://article.gmane.org/gmane.mail.imap.cyrus/17735 Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * signature.asc Description: This is a digitally signed message part
Re: Spam coming from list server??
On Mon, 2005-05-16 at 09:05 +0100, Alain Williams wrote: On Sun, May 15, 2005 at 07:40:25PM -0400, Derrick J Brashear wrote: On Sun, 15 May 2005, Patrick Gibson wrote: Is there any particular reason why info-cyrus is not a closed list? It is unnecessary in my opinion to be receiving spam via a list that can easily restrict posting to subscribed members. The spam can be (and on other lists has been) forged as from members. Then what? Quite possible ... but more difficult for the spammer to do. Not very difficult. I've already seen one message come through with my address and another for Cyrus Daboo. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * signature.asc Description: This is a digitally signed message part
Re: Deleting IMAP mail from shell script
On Thu, 2005-05-12 at 16:35 -0600, Sun Advocate Webmaster wrote: I have a simple question concerning mail deletion in Cyrus mailboxes. I have spamassassin set up, with two mailboxes [EMAIL PROTECTED] and [EMAIL PROTECTED]. A shell script runs periodicly and parses these messages (sa-learn compiles training data from the messages). After that parsing is done, it needs to empty the mailboxes. I was going to add a rm command, but I'm thinking that will cause data corruption with cyrus. Is there a better way to do this? Fiddling directly with the Cyrus mail spool is a bad thing. Here's a script I wrote to do what you want, except for the 'notspam' part: http://haus.nakedape.cc/svn/public/trunk/small-projects/mail-utils/bayesuck/ You'll also need the simaplib.py from the parent directory. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * signature.asc Description: This is a digitally signed message part
Re: DBERROR - not enough space
On Tue, 2005-05-10 at 13:25 +0200, Didi Rieder wrote: I already tried to generate a DB_CONFIG file in /mail/imap/db, and added the following entries: set_mp_mmapsize 65536000 set_cachesize 0 16384000 2 set_lg_bsize 65536 This didn't change anything. I also searched the web but didn't find an solution for the problem. Hope someone on this list can give me a hint. I believe you need to run 'db_recover' before these settings are effective. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * signature.asc Description: This is a digitally signed message part
Re: Shared Mailboxes and Postfix
On Mon, 2005-05-09 at 09:26 -0500, Josh Whitver wrote: As I understand it, this should allow us to send mail to Conference+shared mailbox name@domain and have the message delivered to the shared mailbox. This isn't what's happening, however. Initially, there was no mail-capable user named Conference, so I created one, but now all mail sent to the address above gets delivered to the Conference user Inbox, not the shared mailbox. You shouldn't need an actual user mailbox for 'Conference'. What you do need, however, is to add an ACL for 'anonymous' to have 'p' (posting) access. One final complication: Apple, in their infinite wisdom, has slightly modified the default naming convention for mailboxes for their distribution of cyrus - user mailboxes are named with / as the separator (so user/username/mailbox name is the norm, instead of being named with periods). That's just 'unixheirarcysep'; it's not uncommon for people to enable this, because it lets them have names like 'firstname.surname' mailboxes. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * signature.asc Description: This is a digitally signed message part
Re: problems with cyrus
On Mon, 2005-05-09 at 12:52 +0200, juanjo rj wrote: i wrote in my postfix config (main.cf) the line: mailbox_transpor=cyrus...should i write something more? or should I start another specific daemon for postfix? The preferred setting is: mailbox_transport=lmtp:unix:/var/lib/imap/socket/lmtp (adjust the path for your installation, probably /var/imap instead of /var/lib/imap) The usual 'cyrus' definition in Postfix uses deliver, which is less efficient than delivering directly through LMTP. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * signature.asc Description: This is a digitally signed message part
Re: Question about cyrus quotas - how it behaves
On Wed, 2005-05-04 at 15:58 -0700, David R Bosso wrote: In addition to the IMAP ALERTs provided by the quotawarn settings, we do a weekly cron script that sends an email to users approaching quota. And in case the user is already over quota, 'deliver -q' will deliver the message regardless, which solves the problem of sending warning messages to users already over quota. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * signature.asc Description: This is a digitally signed message part
Re: Message contains NUL characters ...
On Thu, 2005-04-28 at 14:57 -0400, Igor Brezac wrote: that not every delivery agent/message store will reject NULs so there is no need for the MTA to strip them out. So cyrus should also be broken? I don't know if it's fair to say they're broken; conventional wisdom says be strict in what you send and flexible in what you receive; seems like this would definitely fall into that. (Of course, just passing the message with the NULLs in tact would be broken, because then the MUAs would have to deal with them.) That said, it shouldn't be too difficult to implement an LMTP proxy that sits between the MTA and Cyrus. An LMTP proxy could also plug-in to Postfix's content_filter mechanism. Could probably also be written as a SpamAssassin rule. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * signature.asc Description: This is a digitally signed message part
Re: Sieve
On Mon, 2005-04-25 at 09:22 -0400, Derrick J Brashear wrote: Here's another vote for a Sieve user mailing list, preferably linked to a Gmane newsgroup. Anyone can link a list to a gmane newsgroup though, or am i wrong? (I understand the value of this, though, so you'll get no argument here) Yes, anyone can submit the request to Gmane. (I wish there were some soft of mailing list description format like RDF, so you could submit mailing lists to external archivers like Gmane en masse.) Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * signature.asc Description: This is a digitally signed message part
Re: Basic FAQs and HOWTOs
Also Sprach Craig White [EMAIL PROTECTED] on Wed, Feb 23, 2005 at 10:43:28PM PST: When you say 'you have to go to get a cert from an established CA' - does that mean for purposes of being my own CA, tinyCA is of little use to me? No, that was an explaination of how half the process works. My goal was to be my own CA - generate per user certificates and have revocation rights. I haven't had many issues with creating certs for various applications such as ldap/apache etc. I was looking for some granular control for individual users. Yes, that's exactly what it's for. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * pgpGOghkVYWIH.pgp Description: PGP signature
Re: Authenticating to Active Directory
On 2005-02-23, Vernon A. Fort [EMAIL PROTECTED] wrote: Anyone I currently have samba3 joined to Active Directory and squid working as well, transparent authentication. I would like to find a simple way to get my cyrus accounts to authentcate to the Active Directory as well. Is there a way to get cyrus-imap + cyrus-sasl to auth to the AD server or even via the functioning samba setup? There are actually at least three ways: 1. Setup Kerberos on the Cyrus server to authenticate against the domain controller(s) 2. Use LDAP authentication, which can take one of several forms (pam_ldap, LDAP directly w/saslauthd, auxprop I guess?) 3. Use Samba w/pam_smb. Here's a MS doc on doing #1: http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp Although, with the right incantation of the 'net' command from Samba, you can manipulate your keytab much more easily than this method. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Basic FAQs and HOWTOs
On 2005-02-22, Craig White [EMAIL PROTECTED] wrote: now going a bit off topic - I installed tinyca and it seems to be the type of thing that I could really use - of course, I need to know how to use it. The web site doesn't show a mailing list and I would love to see traffic on how people use it - is there somewhere that the usage is discussed - besides the openssl list? Not that I've found. The lack of introductory material intimidated me at first too, but at some point I had one of those rare confluences of focus and lucidity... (Or, maybe I did find an introductory doc and have just forgotten.) Basically, think of the process you have to go to get a cert from an established CA--generate a key and CSR. You give the CSR to the root CA and the root CA gives you a cert back. So, you've got half of it. Now to play the root CA part, you've got to generate your root CA key and certificate, which I think TinyCA does when you first start it. Then, there's a place to import a CSR and generate a certificate from that. You put that certificate in the appropriate place on the web server (or whereever) and you've got it. Finally, you need to make the root certificate available to clients--they'll have to import it initially, so it may not be better than self-signed certs, depending on your usage patterns. All I've done it export the root certificate and put it on a publicly-accessible web server, naming it with a .crt extension, which should be configured with the right MIME type in Apache; if not, this should do it: AddType application/x-x509-ca-cert .crt Browsers will recognize this MIME type and prompt you to import and trust the cert. Then, any certificates signed with this certificate will be recognized. Well, this has all been off the top of my head, which is ill, so try to fill in anything that seems nonsensical. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Lutos-Notes to Cyrus
On 2005-02-21, Jukka Salmi [EMAIL PROTECTED] wrote: Lincoln Zuljewic Silva -- info-cyrus (2005-02-21 17:48:29 -0300): I have to migrate the Lotus Notes Mailboxes to Cyrus MailboxesAnybody already do this ? No, but I'll have to do this later this month. I'll probably use imapsync[1] and lots of patience. ;-) It's occurred to me that one of the reasons imapsync and similar in-protocol tools is so slow is that, like any server that cares about on-disk integrity, Cyrus fsync's after receiving every message. What's done with some servers, like OpenLDAP IIRC, is disabling the fsync after every write, with the assuption that in the brief period you're migrating, you're willing to risk a failure in return for speeding up the process considerably. It would probably take a good bit of hacking to not only make the fsync conditional, but also make the various database backends disable filesystem-flushes. You could probably implement a library loadable using LD_LIBRARY_PATH that overrode fsync to be a no-op, so you could easily enable it and then ignore it the rest of the time. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Basic FAQs and HOWTOs
On 2005-02-16, Craig White [EMAIL PROTECTED] wrote: I am also interested in knowing how to generate self-signed certificates for tls connections on pop3/imap This is what I used... # openssl req -new -x509 -nodes -out /etc/ssl/cyrus-global.pem \ -keyout /etc/ssl/cyrus-global.pem -days 3650 # openssl gendh 512 /etc/ssl/cyrus-global.pem and set /etc/imapd.conf tls_cert_file: /etc/ssl/cyrus-global.pem tls_key_file: /etc/ssl/cyrus-global.pem tls_ca_file: /etc/ssl/certs/ca.crt which seems to work - the ca.crt file I had create previously with commands to build certs for openldap... openssl genrsa -des3 -out ca.key 2048 openssl req -new -x509 -days 3650 -key ca.key -out ca.cert and while it works, it would be interesting to have someone knowledgable confirm that I am on the right track here since I certainly don't know what it is that I am doing. This is what I use, copped from the Stunnel FAQ: http://nakedape.cc/wiki/ApplicationNotes/SslNotes Lately I've been trying to migrate my self-signed certs to certs generated with TinyCA from a self-signed root cert; that way once I import my root CA I can bypass all of the prompts. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Basic FAQs and HOWTOs
On 2005-02-16, Craig White [EMAIL PROTECTED] wrote: Something in greater depth than Wil's site would be appreciated - he doesn't cover what to do if it ain't workin' and at the moment, that would seem to be a good topic for a couple of us. Yeah, I split the SASL stuff out to eventually be a separate HOWTO, but I haven't actually done anything with it--it's mainly just the sections from the old HOWTO converted from LinuxDoc to DocBook. A troubleshooting section is definitely called for, as is a section on integrating with the various clients. In terms of your actual problem, though, have you tried adding the 'debug' flag to the pam_unix configuration? Assuming you've got something like this in /etc/pam.d/system-auth: authsufficient/lib/security/$ISA/pam_unix.so likeauth nullok Just add the 'debug' at the end and your logs should show more verbose messages. (I also like to make a /var/log/debug that I turn on and off as necessary.) Since imtest works but IMP doesn't, you might want to run tcpdump to capture the actual IMAP traffic for the latter and see how it differs from the imtest IMAP conversation. I like to capture traffic to a file with tcpdump and then view it with Ethereal. Something like: tcpdump -w imp-imap.tcpdump -s 0 'port imap and host impclient' You really want the '-s 0' so you capture the whole packet and not just the header. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus IMAPd 2.2.12 Released
On 2005-02-14, Derrick J Brashear [EMAIL PROTECTED] wrote: I'm pleased to announce the release of Cyrus IMAPd 2.2.12. This release implement one bugfix, the removal of index handling code which appeared erroneously in 2.2.11. It contains no new features. A full list of changes is available in doc/changes.html in the distribution. Would it be possible to either put the unarchived current version on the FTP/HTTP server or just extract the changes.html? Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Managing IMAP book
On 2005-02-11, Amos [EMAIL PROTECTED] wrote: If folks are interested in seeing an update, I would recommend sending such requests to O'Reilly. They certainly won't approve an update if there's no indication of demand. FWIW, I've been (slowly) working on updating the Cyrus-IMAP-HOWTO and am hoping to get in an OSCON talk. It's still very rough, but you can see the work in-progress here: http://nakedape.cc/info/Cyrus-IMAP-HOWTO Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: DB4 Locked
On 2005-02-10, Norman Zhang [EMAIL PROTECTED] wrote: Hi, I'm seeing lots of these in /var/log/mail/warnings lmtp[9563]: DBERROR db4: 82 lockers IIRC, this harmless? Can someone please ack/nack on this? This is informational and logged at the debug syslog priority; set your syslog priority to info or higher. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Performance Monitoring?
On 2005-02-04, Bill Earle [EMAIL PROTECTED] wrote: Performance Monitoring? - What are people using to monitor their Cyrus Imap Server performance? - things we would like to monitor: connect to imap port to banner response time imap login time mailbox selection time imap process time (maybe create a new folder, move a few messages, delete them and expung) - We would also prefer graphing / trending, like a MRTG add-on. I'm not doing it, but it sounds like a good job for SmokePing: http://people.ee.ethz.ch/~oetiker/webtools/smokeping/ Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: intergrate cyrus and postfix
On 2005-02-04, Andrzej Adam Filip [EMAIL PROTECTED] wrote: IMHO you should use LMTP over unix socket instead of deliver program. Sample LMTP configuration is provided in Postfix: The Definitive Guide published by O'Reilly (~2 pages). There's also a (still very rudimentary) example here: http://nakedape.cc/info/Cyrus-IMAP-HOWTO/quickstart.html#id2900018 and here: http://nakedape.cc/info/Cyrus-IMAP-HOWTO/quickstart-fedora.html#id2900732 Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: allow duplicate message
IOn Fri, 2004-11-19 at 10:58 -0500, Scott Adkins wrote: I don't believe this is the case... We set it to no on our site because we see a lot of lock contention on the duplicate delivery database. The problem is that setting it to no doesn't help if you have SIEVE enabled in your server. From what I could tell in the source code, SIEVE makes very active use of the duplicate delivery database, for vacationing, forwarding, redirections, etc. Are you saying that using Sieve makes it impossible to disable duplicate suppression or that Sieve just uses the duplicate delivery database regardless of the 'duplicatesuppression' setting? The former should be reported as a bug (http://bugzilla.andrew.cmu.edu/); the latter a point for discussion. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consulting, Ltd. http://naked-ape.com --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus + (insert Best MTA here) Suggestions
On Fri, 2004-11-19 at 04:50 +0100, Alexander Dalloz wrote: (though of course you can do more 'nasty' things than with Sieve - if always reasonlable?). I don't follow. I am not sure if we misunderstood, but with procmail you can do things which Sieve can't do. So for instance Sieve can not filter by mail body inspection and I think piping to other programs like spamc or clamassassin. Well, this can be realized at different place within the mail server setup. On the other side Sieve has the advantage that you can setup web administration for it using i.e. smartsieve or websieve which allows users to customize filtering themselves, just by using their browser. Except Sieve can't lose messages, but procmail can. When a Sieve filter breaks, the message just goes to your INBOX. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consulting, Ltd. http://naked-ape.com --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus + (insert Best MTA here) Suggestions
On Thu, 2004-11-18 at 17:26 +0800, Ow Mun Heng wrote: Fedora/redhat by default uses procmail as it's default lmtp. what do you use then? Is Cyrus considered a LMTP or..? You're confusing LMTP and LDA; the LDA is the Local Delivery Agent and is the name of a _role_ in the process of mail handling. LMTP is the Lightweight Mail Transfer Protocol and is a _protocol_ used for moving mail about, often (but not always) between the MTA and LDA. The LDA portion of Cyrus accepts mail as an LMTP server from a Sendmail or Postfix LMTP client. Procmail, unless it's changed substantially since I last used it (which, I admit, has been a few years now), just reads mail from stdin. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consulting, Ltd. http://naked-ape.com --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: frequency of running squatter
On Tue, 2004-10-26 at 15:28 +0800, Lem Tomas wrote: quick question what is a reasonable frequency to run the squatter? assume all mailboxes have the squatter flag set and squatter -a will be run. every hour ok? Probably not. I only run mine once a day. squatter uses a lot of CPU when it runs, so it's noticeable when it runs. Cyrus will use the messages directly that aren't indexed, and a day's worth is usually pretty quick. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc signature.asc Description: This is a digitally signed message part
Re: Quota question
On Fri, 2004-08-27 at 09:28 -0400, Daniel Chénard wrote: Just a little question about quota Can I cannot calculate the folder trash in my quota with cyrus?? No. Well, you can give very generous quotas to the trash folder, overriding the inbox quota. However, users would be able create sub- folders of trash and use more space than you have permitted. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc signature.asc Description: This is a digitally signed message part
Re: Setting up imaps with cyrus
On Thu, 2004-08-26 at 21:32 -0600, Eric Schwartz wrote: Summary: I'm trying to get cyrus working over ssl, but thunderbird is hanging on connecting over port 993. For what you want to do, creating CA certificate might be overkill. I just create self-signed certificates (the subject of that message says self-signed, but they're not). Try the instructions on my Wiki (copped from the stunnel FAQ): http://nakedape.cc/wiki/ApplicationNotes_2fSslNotes You just accept the self-signed cert permanently with Mozilla and you're done. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc signature.asc Description: This is a digitally signed message part
Re: Please explain: Creating the TLS/SSL Certificate
On Fri, 2004-08-13 at 18:42, Patrick Ben Koetter wrote: * Jacob Friis Larsen [EMAIL PROTECTED] [040811 23:23]: Could someone explain what this does? I found it at http://www.delouw.ch/linux/Postfix-Cyrus-Web-cyradm-HOWTO/html/cyrus-config.html Does it create a self signed certificate? yupp Is there an easier way on Debian? Probably not. Complicated as it may look it is as easy as it can get. *Creating the TLS/SSL Certificate* If you want to enable Cyrus' TLS/SSL facilities, you have to create a certificate first. This requires an OpenSSL installation openssl req -new -nodes -out req.pem -keyout key.pem This creates your private key. openssl rsa -in key.pem -out new.key.pem openssl x509 -in req.pem -out ca-cert -req \ -signkey new.key.pem -days 999 This is where you as private CA sign the private key and make it a public certificate (new.key.pem) Is there something to this process that isn't done here? http://nakedape.cc/wiki/ApplicationNotes/SslNotes Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc signature.asc Description: This is a digitally signed message part
Re: Cyrus IMAPd logging
On Tue, 2004-08-10 at 14:56, AJ wrote: Hi, Is there a way to control the loglevel that cyrus imapd uses? I want to get it to stop logging debug messages altogether. Usually this is done in /etc/syslog.conf. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc signature.asc Description: This is a digitally signed message part
Authentication diagram?
Someone on IRC (#cyrus on irc.freenode.net) was asking about authentication options and I recalled that someone had put together a nice PDF of the way the various layers operate. I can't find this PDF on the Wiki; could someone point me to it? Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc signature.asc Description: This is a digitally signed message part
Re: Authentication diagram?
On Wed, 2004-08-04 at 12:30, Ken Murchison wrote: Wil Cooley wrote: Someone on IRC (#cyrus on irc.freenode.net) was asking about authentication options and I recalled that someone had put together a nice PDF of the way the various layers operate. I can't find this PDF on the Wiki; could someone point me to it? I think the raw doc is here: http://www.postnewspapers.com.au/~craig/cyrus_authentication_map.sxd Thanks! But I have no idea what app creates .sxd files. OpenOffice.org/StarOffice Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc signature.asc Description: This is a digitally signed message part
Re: subscribing to folders
On Thu, 2004-07-22 at 06:01, Alexander Brill wrote: Is it possible to force subscribtion of a folder to another user by using the admin-user? I couldn't find any info about it in the docs and RFCs. If you're using files for subscription lists, you can just add the mailbox to the user's subscription file. Take note, though, that at least in 2.0, the subscription lists had to be sorted. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc signature.asc Description: This is a digitally signed message part
Re: Virtual Memory Consumption of Cyrus IMAPd
On Tue, 2004-07-20 at 10:58, Mohamed Magdi Abbas wrote: Rob Siemborski wrote: On Mon, 19 Jul 2004, Andrew Brink wrote: I have also seen this sasauthd memory leak on a Debian box. A simple restart always fixes the problem for me too. When we get reports like this it inevitably turns out to be the PAM module leaking memory, not saslauthd itself. But then why would a restart of saslauthd itself fix things, i.e. release the swap space (it or someother piece down the line) used up? Because the PAM modules are dynamically loaded, like libraries, which saslauthd calls into. These modules are part of the saslauthd process, so when they leak memory, the whole process space grows. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc signature.asc Description: This is a digitally signed message part
Re: cyrus IMAP4 v2.1.16 and TLS
On Wed, 2004-07-07 at 15:25, victor wrote: I try to use tls but I have some problems. The log error: Jul 7 15:14:03 mail68 imapd[17167]: accepted connection Jul 7 15:14:03 mail68 imaps[17168]: executed Jul 7 15:14:11 mail68 imapd[17167]: imaps TLS negotiation failed: dgfp.ambra.ro[80.97.24.235] Jul 7 15:14:11 mail68 imapd[17167]: Fatal error: tls_start_servertls() failed Jul 7 15:14:11 mail68 cyrus-master[17057]: process 17167 exited, status 75 But when I do telnet everything seems to be OK: Try using the 's_client' in OpenSSL: $ openssl s_client -connect localhost:imaps Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc signature.asc Description: This is a digitally signed message part
Re: unable to login
On Wed, 2004-07-07 at 08:44, Patrick Welche wrote: What about saslauthd? I don't actually use saslauthd, but assume that it too will become user cyrus.. No, saslauthd runs as root--it's role is to provide authentication services, often for PAM or shadow authentication, which requires root access. It's a much better solution than creating a 'shadow' group and making /etc/shadow readable by it and putting cyrus into that group. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc signature.asc Description: This is a digitally signed message part
Re: unable to login
On Wed, 2004-07-07 at 12:45, Mike Beattie wrote: And I hate to point out, but then, if a malicious user manages to find a flaw in cyrus they could hypothetically use that flaw to get a copy of /etc/shadow. (If I'm mistaken, *please* correct me) Only the second worst thing after actually getting a root shell, IMO. Well, I suppose it's possible, but it's better than giving all SASL applications read access to /etc/shadow, because there's far less code to review and audit in saslauthd than Cyrus IMAP, Postfix, OpenLDAP, etc. Not to mention that applications communicate with saslauthd over a socket protocol, which one hopes goes to great lengths sanitize input. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc signature.asc Description: This is a digitally signed message part
Re: Cyrus IMAP, sendmail and LDAP
On Wed, 2004-07-07 at 15:51, AJ wrote: Thanks. I have reviewed the sendmail page numerous times, but my question is what is the difference between the way I have things set up now, i.e just using cyrus as a local mailer, as opposed to ldap_routing. I am not sure why one would go one way or the other, just trying to clarify. If you use LDAP routing (or any other form of recipient verification) you can reject bogus messages during the SMTP conversation. Puts less work on your server and your postmaster, because he doesn't have to deal with the double-bounces caused by viruses and spammers sending mail to a non-existent address from a non-existent address. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc signature.asc Description: This is a digitally signed message part
Re: Cyrus Imapd Experiences
On Thu, 2004-05-20 at 08:37, Simon Matter wrote: Thanks. How can I determine what the current database types are for the various functions? I am running 2.2.4 w/ no changes to the defaults. Okay, that's fine. From what I know you can only look up the defaults in the sources. However, until you configure pther db's in imapd.conf, you are always using the defaults which should be fine. IIRC the mailboxes db is skiplist that way, which is the most import db. With later 2.1.14 and probably 2.2 you can use the 'version' command with cyradm to find that stuff out. Wil -- Wil Cooley mailto:[EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * * Portland's Premier Open Source Consultancy * * * * * signature.asc Description: This is a digitally signed message part
Re: Does a Cyrus GUI exist?
On Wed, 2004-05-12 at 13:30, Eric B. wrote: Hi, I searched the web to find an answer to this question, but the lack of hits makes me think that no one has yet bothered to develop a GUI for cyrus-imap. Is this true? While working with cyradm does the job, I can only imagine how much easier it would be to administer if there was a nice GUI developed to allow you to manage the system. Is asking about something like this a complete pipe dream? I know there is web-cyradm which is a great interface for basic administration, but from what i can tell, I haven't been able to actually find any true cyradm GUI tool (that allows you to administer individual user mailboxes, assign group boxes, etc...). There's a Webmin module that's not too bad. Wil -- Wil Cooley mailto:[EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * * Portland's Premier Open Source Consultancy * * * * * signature.asc Description: This is a digitally signed message part
Re: Getting IMSP segfaults when accessing LDAP
On Wed, 2004-04-21 at 20:54, Rob Tanner wrote: Craig, I did a bit of googling, and I found a lot of complaints about RH not dumping core, but no one seems to know had to turn that limitation off. Have you any ideas? If nothing else, at least I've paid my bucks to RedHat so I should be able to ask them. Check /etc/profile: # No core files by default ulimit -S -c 0 /dev/null 2 Wil -- Wil Cooley mailto:[EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * * Portland's Premier Open Source Consultancy * * * * * signature.asc Description: This is a digitally signed message part
Re: Where is Simmon's RPMs
On Sat, 2004-03-27 at 13:30, Patrick Nelson wrote: I'm getting ready to move my cyrus mail process to a FC1 system and I went looking for Simmons RPMs and couldn't find the site. Anyone know if this is still around? Right here: http://www.invoca.ch/pub/packages/cyrus-imapd/ Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * * * * Good, fast and cheap: Pick all 3! * * * * * * * * Naked Ape Consulting http://nakedape.cc * * Naked Ape Business Server http://nakedape.cc/r/smb * signature.asc Description: This is a digitally signed message part
Re: (Postfix/Cyrus)+SpamAssassin ?
On Tue, 2004-03-16 at 15:41, Ian Beyer wrote: Has anyone implemented this successfully? If so,how? Everything I've found from Google uses the old cyrdeliver methods. Postfix main.cf: mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp For SpamAssassin, I use amavisd-new (http://www.ijs.si/software/amavisd/). It doesn't give you all of the per-user config you can have using SA w/in procmail or other pipeline, but it's pretty fast and works pretty well. If you need all the per-user settings possible with SA, then you do have to use 'deliver'. Again in main.cf: content_filter = smtp-amavis:[127.0.0.1]:10024 And master.cf: smtp-amavis unix - - y - 6 smtp -o smtp_data_done_timeout=1200 -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - y - - smtpd -o content_filter= -o local_recipient_maps= -o myhostname=localhost.nakedape.priv -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 These settings are explained in detail in the amavisd-new docs. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * * Naked Ape Consulting http://nakedape.cc * * Contract Sys Admin http://nakedape.cc/r/csa * signature.asc Description: This is a digitally signed message part
Re: (Postfix/Cyrus)+SpamAssassin ?
On Tue, 2004-03-16 at 17:12, Scott Russell wrote: I was pretty sure I read somewhere on the amavisd mailing list that you would get it to work with per user settings out of MySQL. Maybe it was just a fantasy of mine :) You are correct, however, the granularity of control is much coarser with amavisd-new. Basically you can control tag, tag2 and kill levels per-user/domain/sub-domain. Using SA through procmail each user can control nearly every aspect. Of course, you also cannot use site-wide Bayesian filtering with the procmail approach. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * * * Linux Consulting in Portland, Oregon * * * * * * * Naked Ape Consultinghttp://nakedape.cc * signature.asc Description: This is a digitally signed message part
Re: Remote User's SMTP relay authorization
On Mon, 2004-03-15 at 11:39, John Gibson wrote: I would appreciate any recommendations or success stories which utilize Cyrus IMAP as the standalone mail server and also ways to allow SMTP relaying to *only* our valid, authenticated users. Postfix supports SMTP AUTH with SASL just like Cyrus (it might only be a patch; not sure). The biggest problem for me is that I have to use LOGIN or PLAIN authentication, which means I really want to wrap the connections in SSL, but Outlook doesn't generally handle self-signed certs well. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * * Naked Ape Consulting http://nakedape.cc * * AIX Support Servicehttp://nakedape.cc/r/aix * signature.asc Description: This is a digitally signed message part
