fetching user_deny.db entry for ...
Hello, since my upgrade from cyrus-imapd 2.3.x to 2.4.x mail maillog gets cluttered by entries like this: Feb 2 14:18:07 g112 cyrus/imap[16836]: fetching user_deny.db entry for 'u...@mailbox.com' I have absoletely no use for this user_deny.db stuff. Before I created an empty user_deny.db I got IOERRORs with No such file or directory, now that it exists, now I get these useless logs. How can I disable this entirely? Or how can I disable logging of it? Kind regards Marten Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: _sasl_plugin_load failed on sasl_canonuser_init for plugin: ldapdb
Hello, I found out how to get rid of this annoying error messages, but not indeed to remove the cause of it. Typically, cyrus-imapd should just handle authentication as it is requested to do by the configuration in imapd.conf. Regarding sasl-authentication, it is the value of the option sasl_pwcheck_method. So as long as one doesn't configure cyrus-imapd to use the auxprop plugin and the ldap backup, cyrus-imapd shouldn't try to use or even load this plugin. Actually, I'm not the only one having this problem. I noticed a posting from a user that claimed, that in his configuration he got dozends of logs of canonuserfunc errors with _sasl_plugin_load failing like me, but with the sql plugin in his case. And his solution for this was to compile cyrus-imapd without the sql plugin. So while I'm using prebaked packages from Ubuntu I applied the same action by purging the libsasl2-modules-ldap package and voilà: The errors disappeared! IMHO this behaviour is not ok. There are other fails in the same league: - deliver.db gets created altough I turned duplicatesuppression off - I have to create an empty user_deny.db although I have no need for this functionality - tls_sessions.db is created, although no SSL processes are configured (this is all offloaded to an POP3S/IMAPS proxy in front of our backends). Who is responsible for this part of the code? I cannot understand how this bogus behaviour could stay for so long in the production code of cyrus-imapd. Kind regards Marten On 08.01.2012 05:58, Marten Lehmann wrote: Hello, I configured cyrus to use saslauthd for authentication. The related lines in /etc/imapd.conf are as follows: sasl_mech_list: PLAIN allowapop: no sasl_pwcheck_method: saslauthd sasl_auto_transition: no Now, everything works fine, SASL-Authentication, LMTP, POP3, IMAP, with just one problem: /var/log/auth.log is filling up with lines like this: cyrus/lmtp[6233]: canonuserfunc error -7 cyrus/lmtp[6233]: _sasl_plugin_load failed on sasl_canonuser_init for plugin: ldapdb cyrus/lmtp[6233]: auxpropfunc error invalid parameter supplied cyrus/lmtp[6233]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb cyrus/lmtp[6233]: canonuserfunc error -7 cyrus/lmtp[6233]: _sasl_plugin_load failed on sasl_canonuser_init for plugin: ldapdb But I nowhere configured cyrus to use auxprop authentication or the ldapdb plugin. Also, openldap is running on a different server so all that cyrus should use is saslauthd which indeed works. But I cannot live with that mass of errors in the logfile, even though they don't seem to harm anything. What is causing them? Kind regards Marten Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
_sasl_plugin_load failed on sasl_canonuser_init for plugin: ldapdb
Hello, I configured cyrus to use saslauthd for authentication. The related lines in /etc/imapd.conf are as follows: sasl_mech_list: PLAIN allowapop: no sasl_pwcheck_method: saslauthd sasl_auto_transition: no Now, everything works fine, SASL-Authentication, LMTP, POP3, IMAP, with just one problem: /var/log/auth.log is filling up with lines like this: cyrus/lmtp[6233]: canonuserfunc error -7 cyrus/lmtp[6233]: _sasl_plugin_load failed on sasl_canonuser_init for plugin: ldapdb cyrus/lmtp[6233]: auxpropfunc error invalid parameter supplied cyrus/lmtp[6233]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb cyrus/lmtp[6233]: canonuserfunc error -7 cyrus/lmtp[6233]: _sasl_plugin_load failed on sasl_canonuser_init for plugin: ldapdb But I nowhere configured cyrus to use auxprop authentication or the ldapdb plugin. Also, openldap is running on a different server so all that cyrus should use is saslauthd which indeed works. But I cannot live with that mass of errors in the logfile, even though they don't seem to harm anything. What is causing them? Kind regards Marten Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: anysievefolder and autosievefolders gone in 2.4?
Ok, I didn't notice that it is a separate patch, because the cyrus-imapd package of RHEL/CentOS was compiled with that patch, in Ubuntu it isn't. The patch works fine for several years now and I don't think that any new features will be added. Why hasn't it been incorporated and merged into the main tree of cyrus? Kind regards Marten Lehmann Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: anysievefolder and autosievefolders gone in 2.4?
Hello, Sorry - I've been planning to do it for ages, and it just hasn't happened due to other things always being more pressing. It's on the MUST HAVE list for 2.5. ok, but where can I find a patch for the current 2.4.9 release of Ubuntu 11.10? The latest release I can find at http://email.uoa.gr/projects/cyrus/autosievefolder/ is from 2009 for the 2.3.16 release. Kind regards Marten Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
anysievefolder and autosievefolders gone in 2.4?
Hello, in my 2.3 setup I'm using anysievefolder: yes because if a message es detected as spam, a special mail header is added to the message and if the sieve filter sees it, it automatically stores the message into the subfolder Junk of the users mailbox. Since users might accidentally delete the Junk folder, I want Cyrus to automatically create it in case it doesn't already exist. Since I control the sieve filters, I simply set anysievefolder to yes, but I could also have set autosievefolders to Junk. But now in the man page of 2.4 both options don't exist any longer. Are they actually removed? Or just replaced? Or is anysievefolder now true by default (was no before)? Kind regards Marten Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
ldap auth through saslauthd through cyrus
Hello, I have a working installation of cyrus-imapd-2.3.7 on CentOS 5 and now I'm trying to apply the configuration to 2.4.9 on Ubuntu 11.10. I have a setup with virtualdomains, ie. I'm using userp...@domain.com to login. Tests with testsaslauthd like testsaslauthd -u userp...@domain.com -p 123456 work fine: 0: OK Success. But logging in through POP3 results in this line in syslog: cyrus/pop3[20085]: badlogin: [10.0.1.71] plaintext userp...@domain.com SASL(-13): authentication failure: checkpass failed I'm using cleartext logins and the important parts of imapd.conf look like this: allowapop: no sasl_mech_list: PLAIN virtdomains: userid sasl_pwcheck_method: saslauthd How can I get more verbose output? Is there a separate saslauthd logfile so I can see what cyrus is actually sending to it? I'm afraid cyrus doesn't use the full email address to login but just userpart. But how can I check or fix that? I can under now circumstances specify thousands of domains als allowed realms. Kind regards Marten Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: ldap auth through saslauthd through cyrus
Hello, i am assuming that you are running saslauthd with the -r argument -- something like: saslauthd -a ldap -O/etc/saslauthd.conf -r actually I did not, but thanks for pointing me on that! I noticed before in /var/log/auth, that username and realm have been splitted, so that the username didn't contain the full email address and thus the LDAP lookup failed: saslauthd[19326]: Entry not found ((cn=userpart)). saslauthd[19326]: Authentication failed for userpart/domain.com: User not found (-6) saslauthd[19326]: do_auth : auth failure: [user=userpart] [service=imap] [realm=domain.com] [mech=ldap] [reason=Unknown] But I thought that it is an issue how cyrus passes the values to saslauthd but actually it depends on how saslauthd treats the values it receives. So the -r parameter was just right: Combine the realm with the login (with an '@' sign in between). e.g. login: foo realm: bar will get passed as login: foo@bar. Note that the realm will still be passed, which may lead to unexpected behaviour. Thanks! Kind regards Marten Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Auto-deletion of messages in Junk-folder after a certain time
Hi, Being the filty perl programmer that I am, I would just make an admin IMAP connection to the server, LIST all mailboxes, regex match the ones I wanted, select them and process them. I used to do the same , But I found a client connection script too slow too heavy for my server with 40k mailboxes we have more than 40.000 mailboxes, too. But I'm not very enthusiastic to use ipurge. I'm afraid ipurge does something wrong (due to bugs or misconfiguration) and some unexpected messages are deleted. I wouldn't have a good feeling to tell customers ipurge is always right without having logs. My preferred solution would be to log each mailbox I'm deleting messages from and the From, Date and Subject-header of each, so in case of accidents, the customers could restore the messages somehow. I wouldn't mind a slow perl script that does its job one by one as long as I get logs. @Bron: I don't want to delete all messages, but all messages older than 60 days. Instead of flagging messages, I thing UIDEXPUNGE might be an option. Kind regards Marten Lehmann Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Auto-deletion of messages in Junk-folder after a certain time
Hello, we have a virtual domain configuration and I want to remove all messages within the folder user/any-userpart@any-domain/Junk/* I don't want to mark old messages as deleted and expunge them, because then maybe I'm expunging messages, that haven't been flagged as deleted by me but the owner of the mailbox and aren't ment to be expunged at this moment. I have heard of cyr_expire and ipurge, but that information is several years old. What is the currently recommended way to auto-delete messages after a certain time (e.g. 60 days)? Which date is typically used for the deletion? The date of the delivery to Cyrus? Is a verbose output available (e.g. with the log of sender-address and subject of the deleted messages)? Btw.: We are using an older version of cyrus, 2.2.12 (as it comes with RHEL4) and we have no chance to update it at the moment. Thanks for any help. Kind regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus and PHP imap_mail_move
Hello, I noticed, that imap_mail_move() does not move the message(s) on our cyrus-imapd-2.2.12-8.1.RHEL4, while imap_mail_copy() works fine. When I'm requesting the capabilities, then cyrusd announces NO_ATOMIC_RENAME. Does this mean, that it is not possible to move a message from one folder to another directly? Of course one could copy and delete+expunge later, but thats annoying and error-prone. Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
after crash: new messages are marked as \Seen
Hello, at this moment we have the problem, that new messages for the INBOX are marked as \Seen, while messages that are moved to the Junk-folder by a sieve script are correctly marked as \Unseen. And at the same time, UIDs seem to be reused, so POP3 clients are deleting messages on the server because they think they have already downloaded a certain message. I was running recontruct on all mailboxes, but the problem still exists. We are using cyrus 2.2.12 (redhat rpm). Any ideas? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: after crash: new messages are marked as \Seen
By the way: The maillog doesn't show any errors on the seen db. Is there only one seen-db for all folders of one mailbox? How does cyrus decide how to flag new messages? Is there any possibility to reset the seen db (besides of deleting it)? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
what is the stage. directory for?
Hello, in my setup with cyrus 2.2.12 I have a directory named partition-default/stage.. It includes files like 8801-1161887510-0 8802-1161887656-0 8807-1161887123-0 8808-1161887204-0 8809-1161887238-0 8810-1161887139-0 8811-1161887596-0 8812-1161887667-0 8838-1173199589-0 8852-1161887124-0 8925-1161898745-0 9073-1161684396-0 9078-1161684092-0 9086-1161684072-0 909-1162808438-0 9097-1161684063-0 9104-1161684064-0 9109-1161685066-0 9120-1161685680-0 913-1162810100-0 9372-1161685682-1 945-1164642075-0 946-116281075966-1164642072-0 which contain complete messages including headers. Most of them are several months old, but there are also files from today. What are they used for? Is it safe to delete them (shutting down cyrus first)? Regards Marten Lehmann Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
cyrus cuts away the realm on the admin user
Hello, I want to authenticate the admin user against ldap as all other users in our setup. Our admin user is something like [EMAIL PROTECTED] whereby server is set as defaultdomain in imapd.conf. When I login with a usual account it looks like this: Mar 5 22:09:58 vmx saslauthd[27772]: do_auth : auth failure: [user=test] [service=imap] [realm=test.com] [mech=ldap] [reason=Unknown] But when I'm using the admin-account (which I need to do with cyradm), then the realm disappears, not matter if I'm using [EMAIL PROTECTED] as the login or just admin: Mar 5 22:09:43 vmx saslauthd[27771]: do_auth : auth failure: [user=admin] [service=imap] [realm=] [mech=ldap] [reason=Unknown] But without the realm the verification against ldap fails. How can I tell cyrus to pass the realm? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: load balancing at fastmail.fm
Hello, what do you think about moving the mailspool to a central SAN storage shared via NFS and having several blades to manage the mmapped files like seen state, quota etc.? So still only one server is responsible for a certain set of mailboxes, but these SAN boxes have nice backup and redundancy features which are hard to get with common servers and there shouldn't be mmap problems as long as all indices remain on the blade on a separate metadata-partition. Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: load balancing at fastmail.fm
Hello, Why do you need NFS? because NFS is the only standard network file protocol. I don't want to load a proprietary driver into the kernel to access a SAN device. The whole point of a SAN is distributed access to storage after all :). So where's the point? SANs usually have redundant network devices to access the redudant disk array behind it. It depends how much you trust your SAN. Sure, but at some level you always have to trust to something. A SAN doesn't protect you if your filesystem decides to explode: Well, there are inode based SANs and file based SANs. If I'm just splitting an inode based SAN, I could also use internal disks which give me more control. But with file based SANs I can actually store files (through NFS). And a lot of SANs offer the possibility to do snapshots or replicate their data filebased to another SAN. So you have a very high redundancy and availability. Me idea was, that Cyrus does lock and mmap indices and databases, but not the actual message-files. So these message files could be stored in the SAN with very high redundancy, whereas the metadata which needs to be mmaped remains on the blade with internal disks so in case of problems you could at least restore the messages from the SAN (and its snapshots if you accidentally deleted something) and rebuild the indices. I've heard horror stories about all the common Linux filesystems and I've personally watched fsck.ext3 (supposedly the safest option) unravel a filesystem, with thousands of entries left in lost+found. ext3 with journal? I have never experienced this. ZFS looks nice. Well, but you are on your own because this project for linux is pretty young. Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sieve autocreate
Hello, Perhaps this patch may be useful for you. http://email.uoa.gr/projects/cyrus/autosievefolder/ thanks! Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
load balancing at fastmail.fm
Hello, as fastmail.fm seems to be a very big setup of cyrus nodes, I would be interested to know how you organized load balancing and managing disk space. Did you setup servers for a maximum of lets say 1000 mailboxes and then you use a new server? Or do you use a murder installation so you can move mailboxes to another server once a certain gets too much load? Or do you have a big SAN storage with good mmap support behind an arbitrary amount of cyrus nodes? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: [ Re: why does salspasswd2 always append a realm?]
Hello, I'm sorry, but this statement parses as nonsense. You have saslauthd running but it isn't used, and you have auxprop listed even though you don't have an auxprop. How exactly are you being authenticated? there seems to be a default auxprop, because saslauthd was configured to use pam, not sasldb2. And have you tried reading the logs? There is nothing mystical here -- everything is logged, including how your login and realm are parsed for authentication. There is a lot of mystical in Cyrus, especially because it lacks sufficient documentation. I know that programmers don't like to document what they worked on, but for new users it is very hard and cumbersome to get the information and examples that are required to understand Cyrus at least partially from widespread mailinglist posts, some outdated howtos in the web and some cyrus manpages. Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: [ Re: why does salspasswd2 always append a realm?]
Hello, I think I have the _exactly_ same problem as Mr. Gruber. This is my setup: hey, originally it was _my_ problem :-) (important part of) imapd.conf: virtdomains: userid defaultdomain: mail.internal.ejibe.net servername: mail.internal.ejibe.net admins: cyrus sasl_pwcheck_method: auxprop sasl_auxprop_plugin: sasldb I don't know the reason for this error, but authentication with sasldb2 only works in my setup when I'm writing sasl_pwcheck_method: saslauthd auxprop into imapd.conf (no auxpro_plugin option) and have saslauthd running, even when it isn't used. Where can I find all sasl-options with a description and maybe example configurations? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: why does salspasswd2 always append a realm?
Hello, So I really need to login without a realm. Wrong. You need a login where the realm matches the hostname of the machine, which will solve the problem for you. Even while using virtdomains: userid? If you check the sasl debug, you'll see that no realm becomes the result of gethostbyname () during the sasl query. Well, would it also be possible to set this in imapd.conf: admins: cyrus defaultdomain: imap.localhost and add a user [EMAIL PROTECTED] in sasldb? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: ldap lookup with different search_base' s? [auf Viren überprüft]
Hello, What do I have to enter at admins in /etc/imapd.conf? Something that matches your special regexp. In my following example it is cyrus. I.e. snip authz-regexp uid=cyrus,cn=[^,]*,cn=auth dn:cn=admin,dc=mailservices authz-regexp uid=([^,]*),cn=[^,]*,cn=auth dn.regex:cn=$1,ou=users,dc=mailservices snap where can I find more examples of this? My saslauthd.conf looks like this: /etc/saslauthd.conf ldap_servers: ldap://1.2.3.4/ ldap_timeout: 10 ldap_time_limit: 10 ldap_search_base: ou=users,dc=mailservices ldap_auth_method: bind ldap_filter: (cn=%u) ldap_debug: 0 ldap_verbose: off ldap_ssl: no ldap_start_tls: no ldap_referrals: no And this is my imapd.conf: /etc/imapd.conf configdirectory: /var/cyrus/config partition-default: /var/cyrus/spool admins: cyrus sievedir: /var/cyrus/config/sieve sendmail: /usr/sbin/sendmail altnamespace: true hashimapspool: true unixhierarchysep: true virtdomains: userid allowusermoves: true sasl_pwcheck_method: saslauthd servername: imap.localhost munge8bit: true username_tolower: true From what I can see, the user cyrus would never be passed to LDAP, since the saslauthd.conf defines which searchbase to use. And sasl would never simply pass cyrus but attach the hostname on an empty realm, so LDAP would get something like [EMAIL PROTECTED] Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
example for ldap options in imapd.conf?
Hello, the manpage for imapd.conf shows a lot of options for ldap but I cannot find an example configuration using these in the Cyrus documentation or wiki. Is anyone aware of such examples and can point me to related websites? Thanks in advance. Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
why does salspasswd2 always append a realm?
Hello, I would like to insert an admin-user without a domain/realm into an sasldb2. But saslpasswd2 always appends the hostname to the userid I provide. Example: echo test | saslpasswd2 -c admin sasldblistusers2 [EMAIL PROTECTED]: userPassword How can I avoid this? I have virtdomains: userid in my /etc/imapd.conf, but I need an admin-user without realm so that I manage all accounts with it, not just accounts within the same realm. Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
ldap lookup with different search_base's?
Hello, for common email users, I have a path like this: [EMAIL PROTECTED],ou=users,dc=mailservices so the search base is ou=users,dc=mailservices. Using this, authentication works fine. But I would like to include the admin user into the ldap lookup as well. How can I manage this? I planned to have the admin user at cn=admin,dc=mailservices. How do I manage that saslauthd checks in both paths? What do I have to enter at admins in /etc/imapd.conf? Does anyone have a similar setup and can provide some config files or examples? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: why does salspasswd2 always append a realm?
Hello, Use a defaultdomain (man imapd.conf). that doesn't solve the problem. As soon as an admin-user contains a realm (e.g. not just admin but [EMAIL PROTECTED]) this admin-user can only manage accounts for mydomain.com. But I need an admin-user that can create and manage users for arbitrary domains/realms on a virtual domain environment. So I really need to login without a realm. Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: user and realm splitting in cyrus/ldap
Hello, Did you check the -r switch of saslauthd? no. I used a filter like (|([EMAIL PROTECTED])(cn=%u)) instead but using -r is the better way which I'm using now. Thanks! Regards Marten Lehmann Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: user and realm splitting in cyrus/ldap
Hello, In my case it is: ldap_filter: ((umMailObjectStatus=enabled)(umCyrusStatus=enabled)(umLogin=%u%R)) So that it looks for [EMAIL PROTECTED] thanks. I'm using saslauthd with the -r option now as Simon adviced but your combination with the enabled status is interesting. I also planned to include this because we want to be able to disabled certain accounts but there is one catch with it: The user just sees authentication failure. So he might think something is wrong with our servers although we blocked his account intentionally. Is there a way to include an own, special error message? I would like to distinguish between 1) Login ok 2) Account doesn't exist 3) Account temporarily disabled Where does Cyrus get the error message from? With testsaslauthd I get: 0: NO authentication failed Cyrus IMAP says: x NO Login failed: authentication failure On successful logins testsaslauthd gives: 0: OK Success. While Cyrus IMAP responds with: x OK User logged in Is there any way to change this? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: IMAP sync tool (rsync for IMAP)
Hello, Downside: If you have very large messages on the source IMAP servers, you better run the script on a machine with lots of RAM. On my system it died repeatedly with out of memory when it was hitting a 32MB message (on-disk size), and the system has 1GB RAM. strange, I didn't experience this while running a sync for 15.000 mailboxes some weeks ago with even larger messages partially. It's probably best to run it on a 3rd system, one that's separate from both the source and the destination IMAP servers, otherwise unpleasant things might happen if the script starts to gobble up RAM on the IMAP server. Again, this 3rd system is best if it has lots of RAM if you allow large messages on your source IMAP server. Thats surely a good advice, but I don't think it is primarily because of the memory usage, but because of the CPU usage. While syncing and checking for differences on source and target server imapsync will use _much_ CPU ressources, especially if you are running several instances of imapsync at the same time to speed up the sync (on different mailboxes of course). The source and target IMAP servers have been pretty idle while the 3rd server running imasync had a load average of 50. Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
user and realm splitting in cyrus/ldap
Hello, I'm using Cyrus with saslauthd using ldap. When I am testing the setup with testsaslauthd it works fine. But when I am authenticating through cyrus (imap login) then I notice in the saslauthd logs, that cyrus seems to split the credentials. I'm using virtual domains, so a login looks like [EMAIL PROTECTED] Through cyrus saslauthd receives [user=test] [service=imap] [realm=test.com] [mech=ldap] but with testsaslauthd it receives [EMAIL PROTECTED] [service=imap] [realm=] [mech=ldap] as I expected it. How can I tell cyrus not to split it up to realms? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus::IMAP::Admin with SSL?
Hello, how can I connect to the Cyrus-Server with Cyrus::IMAP::Admin through SSL? Currently I am using Cyrus::IMAP::Admin-new($server, $port); Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
flags on backuped mails
Hello, to backup a mailbox, I would simply have to tar and gzip it. Mails are stored in the numbered files and flags are stored in the cyrus-files. But restoring these mails including flags is very complicated. I would have to renumber them so they don't conflict with existing messages and as there is no way to merge the old cyrus files with the existing ones, all flags would be gone. This leads to two points: 1. Why are message files names numbered and not randomized? Is it because of the IMAP UID of each message? 2. Why aren't flags stored in the file name, too? I used to see that with Maildirs and it is very clever: Flags are permanent and aren't lost if the index is broken. Anyway, the index speeds up access to the flags and the index can be rebuild from the flags in the filename. The flag-structure might be adopted from the Maildir-specification. Has this been suggested before and was refused for a certain reason? Or should I contact the devel-list so they may include support for it? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: problems on folders containing @
Hello, Escape the @ sign: create [EMAIL PROTECTED] this doesn't work either: x create [EMAIL PROTECTED] x NO Invalid mailbox name Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: performance on large inboxes
Hello, I did play with ext2 dir_hash, but didn't find it helping me much (it would help lookups sometimes, but slowed file creation significantly on my tests). I've also heard people praise reiserfs for it's performance under these conditions (personally I don't trust it, but some of that is historical baggage) I'm using ext3 with dir_hash. I considered using XFS, but there are a lot of benchmarks that show that XFS is not faster in general, also the XFS development seems to be stucked at the moment and from my own experience as well as from other people in a recent thread on this mailinglist there are some really strange errors appearing from time to time with XFS that are making it a bad choice for production systems, especially when it happens, that the server crashs unexpectedly (i.e. a memory module fails). I tried to trust ReiserFS several times and I had so much problems with it, that I don't intend to use it ever again. Even Novell/SuSE which praised ReiserFS for a long time turned away from it. Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
performance on large inboxes
Hello, from time to time we have users with a very large inbox, which means it contains 20.000 messages or even more. My quite general question is: What is cyrus doing once a user logs in through imap or pop3? It seems, that it is parsing the directory, which takes very long. But what does it have the indices for? Of course I know that cyrus stores flags and headers in it, but why does cyrus parse the directory if all parts that are fetched through the session are the Date, To, From and Subject-header? Shouldn't that be in the index so cyrus doesn't have to touch the directory except the cyrus-files? Is there an option so that cyrus splits up big inboxes into several folders so they can be read faster? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
limit of connections and auto-logout?
Hello, is it possible to set a limit of connections per user and an auto-logout? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
descriptive process titles
Hello, is it possible to let cyrus set descriptive process titles? Currently I'm only seeing dozends of imapd or pop3d processes, but it is very cumbersome to extract what a process is doing from the logs in the cyrus proc-directory. It would be nice to have fancy titles like imapd [test.de] status: logged, last command: subscribe or similar. Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: performance on large inboxes
Hello, What is fetched depends upon the client software and what it asks for. yes, but that may very extremely. If Cyrus only caches lets say X-Spam and there is no such header in the email and thus not in the cache, will Cyrus look into the file then? Or will the cache contain an empty header? Some software asks for rather more, so you need to modify the server to cache more. Some software just asks for _all_ headers, eg MS Outlook. For those, you have problems but I believe there are patches around to cache all headers. I think it would be a really great performance boost if cyrus would cache all headers (I think that is what dovecot does and is very fast with it) so it doesn't have to touch the files. Where have you seen such patches? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: performance on large inboxes
Hello, That was merged a long time back. doc/text/changes: is it enabled by default? Or do I have to specify which headers in particular shall be cached? We are using 2.2.12, so then the patch be already included. Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: SQUAT failed
or change the cyrus loglevel to disable the No such file. How? I looked through the manpages, but there is no loglevel or syslog-threshold in cyrus. Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: SQUAT failed
Hello, Everytime you open a folder it looks for SQUAT index file. If the SQUATTER isn't running with master (cyrus.conf) you will get No such file. I would first like to try this with a view mailboxes. In the squatter manpage I found this: -a Only create indexes for mailboxes which have the shared /vendor/cmu/cyrus-imapd/squat annotation set to true. How can I set this annotation? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
SQUAT failed
Hello, what is SQUAT? I have several lines like this in my logfile: Nov 2 15:03:39 vm27 imap[14376]: SQUAT failed to open index file Nov 2 15:03:41 vm27 imap[14376]: SQUAT failed And for some reason there has been a process that repeated these lines at least 30 times. Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: SQUAT failed
Hello,
There will also be an entry in your cyrus.conf, EVENTS section, which is
starting these processes.
I cannot see such an entry in cyrus.conf:
EVENTS {
# this is required
checkpointcmd=ctl_cyrusdb -c period=30
# this is only necessary if using duplicate delivery suppression,
# Sieve or NNTP
delprune cmd=cyr_expire -E 2 at=0400
# this is only necessary if caching TLS sessions
tlsprune cmd=tls_prune at=0400
}
Does this index all messages in the mailboxes automatically (we have
more than 13.000 mailboxes) or just the first time a SEARCH is requested?
Regards
Marten
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: SQUAT failed
Hello, Decrease your logging level from debug to info where do I change it? It seems that this is the default level in Redhat Enterprise Linux 4. Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Message contains invalid header
Hello, But your Cyrus IMAPd has to work with these headers! It has to be able to sort by date, search for message ID, index the body, search for any header field! So you cannot just ignore errors in Cyrus. yes, I understand. But I don't know which characters are problematic for Cyrus. I just see the message Message containes invalid headers. So what? Is it an empty Message-ID? Is it a NUL-character? Is it 8bit in header where usually only 7bit is allowed (munge8bit is false in our setup)? There is now documentation on this. Do I have to be a programmer in watch through thousand lines of source code to find it out? Actually, I just want to use Cyrus, not change it. Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Message contains invalid header
Hello, case IMAP_MESSAGE_CONTAINSNULL: prot_printf(pout, 554 5.6.0 Message contains NUL characters\r\n); break; especially this appears very often. Does Cyrus actually mean the whole message, or message body or header? What can I do with existing messages? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Message contains invalid header
Hi, case IMAP_MESSAGE_BADHEADER: prot_printf(pout, 554 5.6.0 Message contains invalid header\r\n); break; what can I do to fix these headers? I have one message (which appears to be spam, but that is not the point), where I cannot find any problem. No 8bit characters, no empty message-id header, what else could be wrong with it? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus, clusters, GFS - HA yet again
Hello, maybe I have understood GFS wrong, but isn't it ment to stripe data of several servers instead of mirroring them but make it accessable from several servers? If one server goes down, then you can only access the metadata from the GFS metadata server, but not the file itself from the server. Even with a cyrus murder cluster you cannot have shared mailboxes with different domain names (department.university.xx). With Cyrus each mailbox belongs to a certain backend-server. To be completly independed you need a big SAN (or maybe GFS) with Maildirs and then you can add an arbitrary amount of servers for deliveries, spamfilters, virus scan, imap and pop3 and make snapshots and backups of the complete storage. However, that way you will get into trouble with the calculation of quota at each delivery of a new messages, because it takes very long to sum all sizes of the messages within a mailbox as it cannot to be done locally on the harddisk but has to be done over the network (through the GFS or SAN) and if a maildir contains several hundrets or thousand messages it takes really long and will slow down the whole system because of i/o waits. Look for an smtp-server and imap/pop3 server that can handle maildirsizefile (Maildir++), then this problem would be solved. But as far as I know there are no imap/pop3 servers available that have the same feature set as Cyrus (indices, quota system, shared folders, etc.) so you have to make a choice. Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
LMTP timeout?
Hello, right now I'm receiving a lot of lines like this in my exim log: 2006-10-26 20:08:09 1Gd9YI-0004rv-FN == [EMAIL PROTECTED] R=mailbox_cyrus T=mailbox_lmtpunix defer (-1): LMTP timeout after end of data (20671 bytes written) 2006-10-26 20:08:09 1Gd9Xx-0004lb-1g == [EMAIL PROTECTED] R=mailbox_cyrus T=mailbox_lmtpunix defer (-1): LMTP timeout after end of data (20561 bytes written) 2006-10-26 20:08:09 1Gd9Xx-0004lk-Cf == [EMAIL PROTECTED] R=mailbox_cyrus T=mailbox_lmtpunix defer (-1): LMTP timeout after end of data (20804 bytes written) 2006-10-26 20:08:09 1Gd9YO-0004v8-GM == [EMAIL PROTECTED] R=mailbox_cyrus T=mailbox_lmtpunix defer (-1): LMTP timeout after end of data (20884 bytes written) Why does LMTP time out? Is it after a certain load? Or after a certain time? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: LMTP timeout?
Hello, That's an Exim complaint. The receiver didn't respond within Exim's time limit. The default is 5 minutes, you can change it with the timeout option on the transport (the one you've called mailbox_lmtpunix). is there a timeout at lmtpd or will it deliver a message no matter how much time it takes? Does lmtpd have an upper limit of concurrent connections besides the limits from the operation system or maxchild-options in cyrus.conf? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Message contains invalid header
Hello, If it's mails from the broken Lotus Notes client that's the problem (and they're the only ones we saw here), it's caused by a null Message-ID header; just have your SMTP server remove those. no, it is not just at mails from Notes clients. I also get this error on messages with correct Message-ID. We cannot simply refuse mails because some clients don't implement the standards 100% correctly. Our users still need the mails and every mailclient can handle it even with errors. And even Cyrus does handle it if I'm putting such a message in the mailbox and do a reconstruct! So why is it refused at lmtp time? How can I disable this? It is really important for me! Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Message contains invalid header
Hello, What MTA do you use? exim. It can handle even emails with NUL characters and 8bit headers, but I guess all up2date MTAs (like postfix or sendmail) are capable of this. Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Message contains invalid header
Hello, from time to time we are getting this message in our exim logs: LMTP error after end of data: 554 5.6.0 Message contains invalid header I have also experienced this error while I'm syncing emails from an old server to our new cyrus mailserver. I have munge8bit: false in my imapd.conf and reject8bit is set to false by default. Which headers is cyrus complaining about? I cannot change this world where clients like Notus Notes are sending invalid emails, but simply refusing these mails is a bad choice. And we also have a lot of emails we received in the old setup and I wouldn't know how to explain to our users, that they cannot access these messages any more. How can I make cyrus less strict? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Message contains invalid header
Hello, sorry, but I'm not looking for a way to change anything in an email, I am looking for a way so that Cyrus doesn't check for such errors and simply ignores them. Even if I would remove the according message ids in new messages, I still have to migrate the old mailboxes and IMAP is giving me the same error on APPEND. So what should I do with all those existing messages? Why does cyrus have a problem with an empty message-id header? Or there other cases in which cyrus throws this error (like 8bit in headers)? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
question on poptimeout
Hello, some of our users are grumping that they get the pop3 error: -ERR [IN-USE] Unable to lock maildrop: Mailbox is locked by POP server I know where it comes from and I understand that there must be a sort of locking for pop3. But sometimes users seem to get an authentication error and are asked by their mail clients to enter the password again. Then, when they retype they get the error. I don't know what makes the login failing in the first try (it only happens every now and then). We are using sasldb2 which doesn't do more than looking up a user in a file. I don't know what can go wrong with that, but obviously it happens from time to time. It set poptimeout: 1 but it didn't solve the problem. Is it possible to set a lower timeout? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Too slow
Hello, I turned the mail partition now to xfs and it's terribly fast. WOW!!! did you use an ext3 partition with dir_index before? I'm just asking because we are at a similar point and need to make a decision. All benchmarks I know of don't show that XFS actually performs faster than a modern ext3. Actually, with many concurrent reads and writes, ext3 seem to perform better, but only according to benchmarks. I cannot tell from an own installation. A switch from ext3 to XFS would be a big step for us, because we have to take care for about 13,000 mailboxes. So I want to be really sure if it is the right step. Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: CREATE INBOX/attention: NO Invalid mailbox name
Hello, Why? If the problem is that Dovecot uses the folders below inbox, then do the migration and *THEN* enable altnamespace. Simple! :-) the problem is, that dovecot allows both: at the same level of INBOX and subfolders of INBOX. Cyrus only supports on of both at the same time. So I choosed to rename folders and it worked fine. I guess users will find their folders without problems. Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: STARTTLS available?
Hello, So, as Andreas indicated, configuring TLS should be enough to offer STARTTLS. The only configuration I needed to do was to add something like this to imapd.conf (Cyrus-IMAPD 2.3.7): again: TLS/SSL works! But Cyrus doesn't offer STARTTLS (using cyrus-imapd-2.2.12-3.RHEL4.1). $ telnet imap 143 Trying 1.2.3.4... Connected to imap (1.2.3.4). Escape character is '^]'. * OK imap Cyrus IMAP4 v2.2.12-Invoca-RPM-2.2.12-3.RHEL4.1 server ready x capability * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE x OK Completed x logout * BYE LOGOUT received x OK Completed Connection closed by foreign host. $ telnet pop3 110 Trying 1.2.3.4... Connected to pop3 (1.2.3.4). Escape character is '^]'. +OK imap Cyrus POP3 v2.2.12-Invoca-RPM-2.2.12-3.RHEL4.1 server ready [EMAIL PROTECTED] capa +OK List of capabilities follows EXPIRE NEVER LOGIN-DELAY 0 TOP UIDL PIPELINING RESP-CODES AUTH-RESP-CODE USER IMPLEMENTATION Cyrus POP3 server v2.2.12-Invoca-RPM-2.2.12-3.RHEL4.1 . quit +OK Connection closed by foreign host. Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: STARTTLS available?
Hello, Good, now show us your imapd.conf and any tls errors that appear in your log. configdirectory: /cyrus/config partition-default: /cyrus/spool admins: cyrus sievedir: /cyrus/config/sieve sendmail: /usr/sbin/sendmail altnamespace: true hashimapspool: true unixhierarchysep: true virtdomains: userid allowusermoves: true sasl_pwcheck_method: getpwent auxprop saslauthd sasl_mech_list: PLAIN servername: test imaps_tls_cert_file: /cyrus/certs/imap.crt imaps_tls_key_file: /cyrus/certs/imap.key pop3s_tls_cert_file: /cyrus/certs/pop3.crt pop3s_tls_key_file: /cyrus/certs/pop3.key lmtp_over_quota_perm_failure: true munge8bit: true username_tolower: true There are no tls errors as TLS is working fine. Remember: pop3s is running with ssl on port 995 all the time, same with imaps on port 993. Whereas pop3 on port 110 and imap on port 143 are usually not encrypted. But with STARTTLS you can encrypt the session while still connecting to port 110/143, while you usually have to connect to the special ports to get encrypted connections. However, the server must show that he supports STARTTLS by mentioning it on the CAPABILITIES list, otherwise clients aren't trying to use it. Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: STARTTLS available?
Hello, Configure TLS. man imapd.conf, ./doc/(text/)install-configure(.html), ... I already have TLS resp. SSL (on separate ports)! But STARTTLS is an extension so you can use SSL through the common pop3 or imap port (not the special SSL one), because with STARTTLS you can open a SSL connection within the common pop3 or imap session. I haven't found an option how to enable the STARTTSL extension. Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
STARTTLS available?
Hello, I have some users that are used to use POP3 and IMAP with STARTTLS. It was available in dovecot but it doesn't seem to be available in Cyrus by default. Can it be enabled somehow? Or isn't it implemented for certain reasons? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: very slow syncing, any ideas?
Hello, i had much better performance with mailutil from UW-Imapd. It uses the IMAP-protocol like imapscyn but is not a scipt but a binary program and uses the imap APPEND command and does noe checks to see wich E-Mails are on the new server. and I hope it only deletes messages from the old server if they are transfered succesfully to the new server? Does it keep the flags of the messages, too? Does it also create required folders and subscribe them (if they have been subscribed on the old server)? If you can answer everything with yes, then I definetely should have a look at it, because while imapsync works well in general, it is really slow. Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: CREATE INBOX/attention: NO Invalid mailbox name
Hello, ok, then I have to rename them manually. Rename what manually? Seriously, are you considering the problem correctly? I mean that I have to rename the INBOX/* folders before the migration. Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
defer (110): Connection timed out
Hello, in my exim logs I can see a lot of lines like R=mailbox_cyrus T=mailbox_lmtp defer (110): Connection timed out I have set a maximum of 30 concurrent deliveries using lmtp over tcp. What is the limit for lmtpd? How can I increase it? What else could have caused this message? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: renaming a mailbox fails
Hello, Set 'allowusermoves' to '1' in imapd.conf? However, I still get renamemailbox: Operation is not supported on mailbox as soon as I try to rename out of the user/ prefix. Is there Did you restart cyrus after changing the config? yes. Renaming users works, but only within user/, e.g. from user/[EMAIL PROTECTED] to user/[EMAIL PROTECTED] But what doesn't work is to rename it completely like from user/[EMAIL PROTECTED] to backup/[EMAIL PROTECTED] Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
very slow syncing, any ideas?
Hello, I'm about to migrate several thousand mailboxes from Maildir to Cyrus using the tool imapsync. It does its job very well and when I tested the migration on a small development server it was very fast. But now on the production system the synchronisation is very slow with a maximum of one message per second (and we have gigabytes of messages in the storage, partically 10,000 messages per mailbox!). The general load of the system isn't very high, maybe a load average of 30. I disabled the duplicate message suppression. The mailboxes.db is about 8 megabytes big with approx. 13,000 mailboxes and 4 default folders each (Drafts, Junk, Sent, Trash). I have the following entries in my configuration which should provide a better hierarchie and balance of directories than if they were all in one main directory: altnamespace: true hashimapspool: true unixhierarchysep: true virtdomains: userid I also tried to move the old Maildirs to a different server, so that getting messages from the old mailbox and putting it to the new mailbox through IMAP doesn't come up with reads and writes on the same server. But the performance benefit was minimal. But in the end, syncing is still really slow. It would take weeks to sync all mailboxes that way. How else could we move them to the new storage if doing it through IMAP is too slow? On the other hand we would like to keep all flags so I guess syncing it with IMAP is the only choice? What could be the reason to be that slow? Is it the big mailboxes.db? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: very slow syncing, any ideas?
Hi, What is I/O load on the new server? on the old server? Was your test set representative of your production system? the test system has much older hardware than the pretty new production server (Xeon 3.4 with RAID5 and SCSI HDs). Old and new server are the same from the hardware side, we have just changed the software. You could be running into any number of bottlenecks that you've not described: 1) disk I/O 2) network I/O Even syncing from an IMAP server in the internet to my local server was faster. 3) message size 4) file system format I guess its none of them. uptime shows 21:04:59 up 1 day, 5:46, 7 users, load average: 29.10, 43.29, 41.94 I can easily copy large amounts of files within the system, so it is definetely not a problem of the filesystem. Syncing is always slow, of course large mails take a bit longer, but that isn't the bottleneck. The question is: What is Cyrus doing in the background when doing an APPEND in IMAP (I guess thats the way new messages are added)? When I can copy 20 files within a second in the filesystem, but only 1 in three seconds through IMAP, whats wrong then? So both the maildir server and the Cyrus server are on the same box? We tried both: syncing from the same box or from one to another. It was slow in both cases. Do their spools share the disks? Controllers? How many users? How many connections? How much mail? At this moment it is evening here, so there aren't many deliveries (about 90 per minute). I guess that the bottleneck is somewhere in Cyrus. We are using cyrus-imapd-2.2.12 from RHEL4. Is there a problem with berkeley db with large mailboxes.db? What is Cyrus doing during an IMAP APPEND? Is it always looking for the folder in mailboxes.db? Is it sync'ing the harddisk after each APPEND? You need to better understand the limits of your system. Yes your development system was fast, but it sounds like you didn't try to replicate the load of doing everything at once on it, so your expectations have been set artifically. Our old way to deliver mails sort of broke down, so we urgently needed a replacement. We worked on Cyrus for some weeks so we knew enough to build the right configuration, but we didn't had the time to do a stresstest. Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
migrating mailboxes by copying files?
Hello, since imapsync sessions take to long for our several thousand mailbox setup (although it's still running in the background while I'm writing this) I'm asking myself, if there isn't another way to migrate the messages. Maildir does store each message in a separate file and same does cyrus. The accounts in cyrus are all created. Couldn't I just copy all messages from a Maildir to the according cyrus-folder and run a rebuild-tool for the mailbox after I moved and renamed the message-files? Which scheme does the numbering of the files follow in cyrus? Is it always increasing (1., 2., 3., and so on)? If there is such a tool, what is the name and how can I use it? I guess cyrus is rebuilding the cyrus.* files and updating the quota-usage? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: very slow syncing, any ideas?
Hello, Uhm... LA of 30 is very high. What OS? I assume Linux, vmstat 5 will tell you where you're hitting the wall, but unless you've got an 8 CPU machine LA 30 is rather quite high. Linux LA is a measurement of processes blocked on I/O, processes running and processes waiting to run on a CPU. yes, Linux (2.6.9, RHEL4): procs ---memory-- ---swap-- -io --system-- cpu r b swpd free buff cache si sobibo incs us sy id wa 15 1 34896 800696 11788 4399685 595 670 2763 34 6 14 46 32 2 34896 792796 11332 4627200 1138 1124 1851 1427 83 8 1 9 11 3 34852 794696 9264 4392470 1194 1087 1896 1546 81 8 1 9 33 1 34852 791752 8660 4478800 902 1059 1933 1672 81 9 1 9 13 2 34852 792652 7004 4150400 1220 1037 1863 1476 81 8 2 9 30 2 34852 795584 7572 4093600 423 1222 1876 1484 82 7 2 9 16 3 34852 796836 8816 4411200 817 1268 1927 1613 83 8 1 8 12 1 34852 794000 9888 4434000 249 1135 1821 1458 82 8 3 8 9 2 34852 793328 9876 4617200 1098 976 1816 1091 86 7 2 6 7 5 34852 790188 10332 4831600 1100 1274 1785 959 85 7 2 6 26 1 34852 789504 7656 5255200 1837 1087 1991 1444 81 8 2 9 20 0 34852 794252 6900 4706800 440 1246 1932 1461 83 8 2 7 Does this tell you anything? I have two imapsync processes which cause some load. Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: very slow syncing, any ideas?
Hello, Looking at taht i'd say you're VERY badly CPU bound. a simple dd/cp doesn't do anything to the mail but IMAP ops will require some CPU workCyrus also will probably be forcing syncs but your I/O load doesn't look that high (my mfe's run more I/O and they're not storing any mail, just logs and temporary files for virus/spam scanning heh, and they only have a little IDE HDD each) I found the option berkeley_cachesize which is way too low by default. Transactions just reading or writing db-entries (i.e. changes of flags) are much faster now. Indead, the imapsync processes are causing much load: PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 20461 root 25 0 79988 36m 2488 R 63 3.6 13:24.10 imapsync 20925 root 25 0 14908 8196 2664 R 57 0.8 0:31.49 imapsync But what does them make so cpu-expensive? I'd guess you're being CPU bound What would you do if you would need to migrate from Maildir to cyrus? It is not important for me to keep the flags. I would be happy if I could move all message files to the appropriate cyrus folder. But will cyrus detect them automatically? Or is there any rebuild-command required? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
CREATE INBOX/attention: NO Invalid mailbox name
Hello, I have the combination of the following in my imapd.conf: altnamespace: true unixhierarchysep: true That way folders can be created on the same level as INBOX. But I didn't understood this the way, that one cannot have folders below INBOX then. 173 CREATE INBOX/attention 173 NO Invalid mailbox name Thats a bit tricky because we are migrating from dovecot, and dovecot allowed INBOX.attention as well as attention. Is there any option to still allow this? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: CREATE INBOX/attention: NO Invalid mailbox name
Hello, I think it's one way or the other, not both. With altnamespace: 0, all folders are under INBOX. With altnamespace: 1, no folders are under INBOX. ok, then I have to rename them manually. Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
renaming a mailbox fails
Hello, within cyradm I'm trying to rename a folder. My goal would be to rename a mailbox from user/[EMAIL PROTECTED] to backup/2006-10-17/[EMAIL PROTECTED] or backup/2006-10-17/[EMAIL PROTECTED] But renaming always fails, even with really simple renames: rename user/[EMAIL PROTECTED] user/[EMAIL PROTECTED] renamemailbox: Operation is not supported on mailbox What am I doing wrong? lam user/[EMAIL PROTECTED] [EMAIL PROTECTED] lrswipcda Is any right missing? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: different certs for pop3 and imap
Hello, imap_tls_cert_file: /etc/ssl/certs/cyrus-imap.pem imap_tls_key_file: /etc/ssl/private/cyrus-imap.key pop3_tls_cert_file: /etc/ssl/certs/cyrus-pop3.pem pop3_tls_key_file: /etc/ssl/private/cyrus-pop3.key thanks for your help. I just want to add that you have to write pop3s_ and imaps_, otherwise I get errors like this: imaps[12998]: imaps: required OpenSSL options not present imaps[12998]: Fatal error: imaps: required OpenSSL options not present master[12920]: process 12998 exited, status 75 master[12920]: service imaps pid 12998 in READY state: terminated abnormally master[13000]: about to exec /usr/lib/cyrus-imapd/imapd Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: renaming a mailbox fails
Hello, Set 'allowusermoves' to '1' in imapd.conf? thanks. However, I still get renamemailbox: Operation is not supported on mailbox as soon as I try to rename out of the user/ prefix. Is there any possibility to rename a mailbox to something like backup/[EMAIL PROTECTED]? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: lmtp through tcp doesn't find the mailbox
Hello, unixhierarchysep: true so you need to use slashes instead of .s. e.g cm user/test thanks. I was treating user. as a fixed prefix until now, not as a folder. I now successfully created a mailbox: lm user/[EMAIL PROTECTED] (\HasNoChildren) lam user/[EMAIL PROTECTED] [EMAIL PROTECTED] lrswipcda Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: lmtp through tcp doesn't find the mailbox
a sub folder cm user/[EMAIL PROTECTED]/Sent Btw.: I found out that subfolders are appended before the domain part, thus cm user/test/[EMAIL PROTECTED]. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
changed delivery to subfolder?
Hello, the documentation says, that one should use an address like [EMAIL PROTECTED] to delivery a message directly into the Junk-folder of [EMAIL PROTECTED] I noticed that this doesn't work and the mail is delivered to INBOX instead. However, I found out that I have to deliver messages to test/[EMAIL PROTECTED] instead and then it will be delivered to the Junk folder correctly. But this behaviour isn't described anywhere, so is cyrus actually expected to behave like that? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: no mailbox associated?
Hello, Did you create it with cm [EMAIL PROTECTED] no, just with cm [EMAIL PROTECTED] What is the user. for? I thought this is just a relict from non-virtualdomain setups? What can I use an account for if I'm not creating it with user.? Can I rename the account or do I have to create a new one (is user. evaluated at the creation time to create a special typ of account?)? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: no mailbox associated?
Hello, It's a common mistake to forget the 'user.' prefix, but it is required in a conventional setup. I tried this now, but it didn't get me any further. I created [EMAIL PROTECTED], but all LMTP deliveries (not authenticated, lmtpd running with -a) are failing: rcpt to:[EMAIL PROTECTED] 550-Mailbox unknown. Either there is no mailbox associated with this 550-name or you do not have authorization to see it. 550 5.1.1 User unknown rcpt to:[EMAIL PROTECTED] 550-Mailbox unknown. Either there is no mailbox associated with this 550-name or you do not have authorization to see it. 550 5.1.1 User unknown rcpt to:user.test 550-Mailbox unknown. Either there is no mailbox associated with this 550-name or you do not have authorization to see it. 550 5.1.1 User unknown rcpt to:test 550-Mailbox unknown. Either there is no mailbox associated with this 550-name or you do not have authorization to see it. 550 5.1.1 User unknown Isn't there anyone doing deliveries via TCP to cyrus setups with virtual domains? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: how to specify trusted hosts for lmtp
I believe you must setup hosts.allow with rules to allow the trusted host to connect. And you have to start lmtpd with -a then (in cyrus.conf). Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: no mailbox associated?
Hello, I tried this now, but it didn't get me any further. I created [EMAIL PROTECTED], but all LMTP deliveries (not authenticated, lmtpd running with -a) are failing: rcpt to:[EMAIL PROTECTED] no, mail to [EMAIL PROTECTED], not to [EMAIL PROTECTED] I tried all combinations, with and without user.. It didn't work out. How can I turn on some logging to see what is going on? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
user. in mailbox names
Hello, we are currently using dovecot for IMAP and POP3 and we would like to migrate to Cyrus. The email-address is the login, e.g. [EMAIL PROTECTED] When I'm creating accounts in cyrus, I have to prepend user. to the mailbox names (thus [EMAIL PROTECTED]). But when a user logs in with [EMAIL PROTECTED] as before, he doesn't see his folders. Doesn't do cyrus the mapping to [EMAIL PROTECTED] If not, why do I have to create mailboxes with user. then? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
folder confusion
Hello, I have created the user [EMAIL PROTECTED]. Why isn't there a INBOX? Where does the shared folder come from and why does it appear twice? There is no other mailbox created in this setup. x list * * LIST (\HasNoChildren) / Shared Folders/user.test * LIST (\HasNoChildren) / Shared Folders/user.test x OK Completed (0.000 secs 3 calls) How can I create subfolders like Sent or Trash from within cyradm? Creating [EMAIL PROTECTED]/Sent gives a wrong result. Very sparse documentation on this... Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
lmtp through tcp doesn't find the mailbox
Hello,
I tried to create mailboxes with cyradm ([EMAIL PROTECTED] and
[EMAIL PROTECTED]). But when I'm doing a lmtp-session to deliver a message to
[EMAIL PROTECTED] and come to the rcpt-to point, I always get:
550-Mailbox unknown. Either there is no mailbox associated with this
550-name or you do not have authorization to see it.
550 5.1.1 User unknown
What is lmtp doing at this point to check if a mailbox exists? I'm
running completely out of ideas what to try next to get it working.
This is my imapd.conf:
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus cyrusd
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
altnamespace: true
hashimapspool: true
unixhierarchysep: true
virtdomains: userid
defaultdomain: test.de
My shortened cyrus.conf:
SERVICES {
imap cmd=imapd listen=imap prefork=5
lmtp cmd=lmtpd -a listen=x.x.x.x:lmtp prefork=0
}
Regards
Marten
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
no mailbox associated?
Hello, I have created a mailbox within cyrus which works fine (in concerns of IMAP sessions). But when I'm trying to deliver messages into this mailbox using LMTP I always get: SMTP error from remote mail server after RCPT TO:[EMAIL PROTECTED]: host x.x.x.x [x.x.x.x]: 550-Mailbox unknown. Either there is no mailbox associated with this\n550-name or you do not have authorization to see it.\n550 5.1.1 User unknown What does this mean? lm [EMAIL PROTECTED] (\HasNoChildren) I also granted too much rights, but it still didn't work: lam [EMAIL PROTECTED] all a anyone lrs Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Authentication required at lmtp transport
Hello, I have configured one mailserver to send messages through lmtp by tcp to another server. But I always get host x.x.x.x [x.x.x.x]: 430 Authentication required Where can I tell cyrus to allow lmtp-messages from certain IP-addresses or ranges? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: only cleartext in sasldb?
Hello, it seems that sasldb stores all password in cleartext. Is it possible to use md5 or crypt as in /etc/passwd? Not without breaking non-plaintext mechanisms like CRAM-MD5 and DIGEST-MD5. that would be a problem, we currently support PLAIN only and don't intent to allow anything else (we support SSL). Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: only cleartext in sasldb?
Hello, that would be a problem I ment: would _not_ be a problem Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Authentication required at lmtp transport
Thanks! Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
confusing authentication
Hello, I'm using getpwent for admin authentication and salsdb for commoon mailbox users. I noticed a strange behaviour: I'm not using salsauthd. But when I'm just writing sasl_pwcheck_method: getpwent auxprop I always get NO Login failed: user not found (only admin users not found) When I have sasl_pwcheck_method: getpwent auxprop saslauthd and salsauthd isn't running I get NO Login failed: generic failure Why do I have to include salsauthd and even need to have it running, while it is not being used? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: admin authentication
Hello, I found out the problem: It was a permission problem of /etc/sasldb2. Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
only cleartext in sasldb?
Hello, it seems that sasldb stores all password in cleartext. Is it possible to use md5 or crypt as in /etc/passwd? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: admin authentication
Hello, I use both LDAP and sasldb with these config lines: * sasl_pwcheck_method: auxprop saslauthd * sasl_auxprop_plugin: sasldb I tried, but I couldn't get it work. I have the following /etc/imapd.conf: sasl_pwcheck_method: auxprop sasl_auxprop_plugin: sasldb2 sasldb_path: /etc/sasldb2 sasl_mech_list: LOGIN PLAIN I also tried to with sasldb instead of sasldb2. sasldbdbusers2 shows the right entry, but IMAP always gives: NO Login failed: user not found and /var/log/maillog says: imap[3353]: badlogin: localhost.localdomain [127.0.0.1] plaintext cyrusd SASL(-13): user not found: checkpass failed How can I debug this? Or can I test sasldb2 without cyrus somehow? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
admin authentication
Hello, we will use LDAP through saslauthd to authenticate our users. Is there a way to authenticate admin-users a different way at the same time? Best would be to hardcode a md5-password within the imapd.conf or to use /etc/passwd for that. But I don't want to pass everything through PAM just to authenticate the admin user. Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: admin authentication
Hello, You can use saslauthd/LDAP for your users and a local sasldb2 file for your admins. You don't need PAM at all. unfortunately neither sasldb nor auxprop is compiled in at redhat enterprise linux 4 and I wouldn't like to compile everything from scratch: # saslauthd -v saslauthd 2.1.19 authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap * sasl_pwcheck_method: auxprop saslauthd * sasl_auxprop_plugin: sasldb Could I just write sasl_pwcheck_method: getpwent saslauthd instead so /etc/passwd will be used whereas a linux-user with the same name as the admin-user of cyrus would have to be created? Regards Marten Lehmann Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: hardware recommendations for MURDER?
Hello, I have the same considerations for an upcoming cyrus murder setup. I would like to continue to use RHEL on HP ProLiant hardware as most of our services are running on it and it works perfectly. While I understand that MUPDATE and the frontends will be idling around most of the time (I think I will use DL360 with Opteron DC or so) and I'm just not sure how much memory I should give them, I'm not sure about the backend hardware. I'm a bit afraid of large systems, because if I have a server with 2 TB of storage, but it can't handle enough concurrent connections, then I won't be able to use the storage available and I have to setup an additional backend server with a lot of storage left unused. How can I calculate how much CPU and memory I need for an average user with a maximum of 100 MB per mailbox and some larger mailboxes like 2 or 5 GB? Would you prefer a really fat system with 16 GB of RAM, 1 TB storage and two dual core Opterons or two separate systems with 500 GB storage, 2-4 GB RAM and one dual core Opteron? I would tend to the latter one (two small systems should be more failsafe than one large, aren't they?). So for the hardware I'm tending between a small DL360 with two big SCSI discs or a big DL385 with 6 drive bays. Regards Marten Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
howot backup a mailbox locally
Hello, we are currently using dovecot with maildirs. When a user decides to delete a mailbox, we aren't actually deleting it, but we are moving the maildir to a certain directory with the date of the deletion. So if he deleted the mailbox accidentally we can restore the maildir very easily. How could we do this with cyrus? Regards Marten Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Mailstore filesystem
Hello Really? Nice. But you would have to re-create the ext3 filesystem with this newer 2.6 kernel, right? Or would tune2fs do the job given the right options? I once enabled the index-option with tune2fs on an old ext3 filesystem at 2.4 kernel which didn't give much performance boost. But partitions I created on new 2.6 kernel systems worked well. Regards Marten Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
